suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	ae5846b4de	detect: simplify content inspection types Instead of a type per buffer type, pass just 3 possible types: packet, stream, state. The individual types weren't used. State is just there to be not packet and not stream.	9 years ago
Mats Klepsland	4172c4c8ac	tls: add (mpm) keyword tls_cert_subject This keyword is a replacement for tls.subject.	9 years ago
Mats Klepsland	9b2717799c	tls: add (mpm) keyword tls_cert_issuer This keyword is a replacement for tls.issuerdn.	9 years ago
Mats Klepsland	a13df67864	detect: add (mpm) keyword for tls_sni Match on server name indication (SNI) extension in TLS using tls_sni keyword, e.g: alert tls any any -> any any (msg:"SNI test"; tls_sni; content:"example.com"; sid:12345;)	10 years ago
Jason Ish	6b15686fd1	base64_decode, base64_data: decode and match base64	10 years ago
Jason Ish	06beca62f5	app-layer: template for application layer content inspection	10 years ago
Giuseppe Longo	f0c54d4764	Detect engine for smtp file_data file_data: inspecting smtp attachments Create a buffer to store reassembled file chunks, and inspect the content.	11 years ago
Victor Julien	6723d03c7e	http: add inspection engine for http request line No MPM though.	11 years ago
Victor Julien	f10dd603ff	DNS: adding dns_request content modifier	13 years ago
Anoop Saldanha	ab4b15c2e7	fix for #788 . Now depth is kept in mind when we inspect chunks in client/server body. This takes care of FPs originating from inspecting subsequent chunks that match with depth, but shouldn't.	13 years ago
Victor Julien	6e18ed0489	luajit flowvar support This patch adds flowvar support to luajit. It does so by exposing two special C functions to the luajit scripts: ScFlowvarGet and ScFlowvarSet.	13 years ago
Anoop Saldanha	3511f91bba	Add support for the new keyword - http_raw_host header. The corresponding pcre modifier would be 'Z'.	13 years ago
Anoop Saldanha	c4ce19a1be	Add support for a new keyword to inspect http_host header. The corresponding content keyword would now be - http_host. The corresponding pcre modifier would be W.	13 years ago
Anoop Saldanha	988c92f71c	http user agent keyword + mpm + inspection + fast pattern support added	14 years ago
Anoop Saldanha	603d4a719a	remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine	14 years ago
Anoop Saldanha	35f1f7e8d9	unify payload detection engines + fix other bugs in pcre init	14 years ago

16 Commits (059b25b56474ffe3cc0f1811056a99ef321c75cb)