Commit Graph

14614 Commits (0dca8cc79696b44181821163873a001977bcbb5e)
 

Author SHA1 Message Date
Victor Julien d4e998e0b8 detect/file_data: remove obsolete tests 3 years ago
Victor Julien 5c8ff17186 detect/uricontent: remove obsolete tests 3 years ago
Victor Julien 233f663053 detect/replace: reduce sm_lists use 3 years ago
Victor Julien 67ef4b15bb detect/pkt_data: remove obsolete tests 3 years ago
Victor Julien 6b27087527 detect/pcre: remove obsolete tests 3 years ago
Victor Julien 243c285fe9 detect/isdataat: remove obsolete test; reduce sm_lists use 3 years ago
Victor Julien 343a7fd900 detect/ftpbounce: remove obsolete tests 3 years ago
Victor Julien 1b1a51efa6 detect/geoip: reduce use of sm_list macro 3 years ago
Victor Julien 8bab0f31b1 detect/dns_query: remove obsolete tests 3 years ago
Victor Julien a66890d60f detect/distance: reduce use of sm_list macro 3 years ago
Victor Julien 34735a54d8 detect/dce_stub_data: remove obsolete tests 3 years ago
Victor Julien 416c5d4bf6 detect/dce_stub_data: remove obsolete tests 3 years ago
Victor Julien 665851d064 detect/content: reduce sm_lists use; remove obsolete tests 3 years ago
Victor Julien 9090739ddb detect/byte_test: use list util in tests; cleanups 3 years ago
Victor Julien df1cf8bbda detect/byte_math: reduce use of sm_list macro 3 years ago
Victor Julien 454d13837e detect/byte_jump: use list util in tests; cleanups 3 years ago
Victor Julien 9a68284d2e detect/byte_extract: reduce use of sm_list macro 3 years ago
Victor Julien af87b105dd detect/base64_decode: remove obsolete test; test cleanups 3 years ago
Victor Julien 0eed8cefdf detect/base64_decode: remove obsolete debug code 3 years ago
Victor Julien 485e31d5fa detect/base64_data: remove obsolete tests 3 years ago
Victor Julien 0d3c551b83 detect/base64_data: remove use of sm_list macro 3 years ago
Victor Julien 501388c912 detect/pcre: use util funcs for buffer test 3 years ago
Victor Julien 0b6ebd13ee detect: add util funcs to get first and last sigmatch for buffer 3 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol
Ticket: #5962
3 years ago
Victor Julien a42c225117 detect/content: add negated endswith test 3 years ago
Jeff Lucovsky c083cbda33 detect/content: Negated endswith matches
Issue: 5541

This commit handles negated endswith matches.
3 years ago
Haleema Khan 3531a4abaa rfb: rustfmt rfb.rs 3 years ago
Haleema Khan 3eee311350 rfb: add rfb frames, update tests
Adds a PDU frame to the RFB parser.
Update function signature in tests to reflect frames

Ticket: 5717
3 years ago
Victor Julien d3ab33edce detect/app-layer-protocol: remove use of sm_list macro 3 years ago
Victor Julien 5753d95040 detect: reduce sm_lists macro use 3 years ago
Victor Julien 88700f2744 detect/parse: remove obsolete and commented out code 3 years ago
Victor Julien 4a8f269000 detect/pcre: add comment indicating rawbytes is a no-op 3 years ago
Victor Julien 7ea6637d6d detect/content: remove commented tests 3 years ago
Victor Julien 7ac623e0c5 detect/bytemath: fix newline in debug message 3 years ago
Victor Julien 0bbc411743 nfs: fix newline in debug messages 3 years ago
Victor Julien 92d8a712aa detect/content: cleanup content setup/check code
Pass SigMatch pointer instead of a list id to SigParseRequiredContentSize.
3 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion.
Issue: 5945
3 years ago
Jeff Lucovsky 38c5e89e29 detect/byte_math: fix bug in byte_math detection
Issue: 5945

Avoid division by zero when the byte_math operation is division and the
rvalue is 0.
3 years ago
Victor Julien 2ddd26446e pcap: fix return check
The check that meant to check if pcap_dispatch processed fewer packets
than the desired number was inaccurate. It would also include all errors
(negative return values).

This patch considers only positive values for this check.

Fixes: 9fe08f2374 ("pcap: improve pcap_breakloop support")
3 years ago
Shivani Bhardwaj 5f52b199ff smtp: enforce line limit even when LF is found
Before:
If LF character was found, so far, we won't enforce the line limit on
the line. We only enforced limits in case of LF character missing in a
long line.

After this patch:
Line limit is enforced on the line if it is bigger than 4096 Bytes
irrespective of whether LF was found or not.

Redmine Bug: 5819
3 years ago
Shivani Bhardwaj fd4e0fbafe util/mime: allow delim len 0 when line limit is hit 3 years ago
Shivani Bhardwaj c0bff5f921 smtp: move constant declaration to header 3 years ago
Justin Azoff aacb7dc291 detect/iponly: remove DetectEngineIPOnlyThreadCtx
This is unused.

Issue: 4578
3 years ago
Justin Azoff dfbc3da0eb detect/iponly: Reduce the size of the SigNumArray bitsets
Instead of tracking ip only rules by the internal signum, track them by
a separate counter that starts at zero.  This results in dense
SigNumArrays instead of sparse ones and a much smaller max_idx.

Issue: 4578
3 years ago
Victor Julien 9fe08f2374 pcap: improve pcap_breakloop support
When pcap_breakloop has been issued on a handle, the current pcap_dispatch
call may return -2 (PCAP_ERROR_BREAK), but it can also return the number
of processed packets if lower than the desired number. So add this condition
as a check.
3 years ago
Victor Julien 8a968faa04 detect: only breakloop threads that are lagging
Sleep after all threads have been checked.

Bug: #5969.
3 years ago
Victor Julien 5e4cf182ab flow/worker: refresh detect thread during housekeeping
During housekeeping multiple flows are processed. If a rule reload happens
at that time, we need to use the new detect thread as soon as possible.

Bug: #5969.
3 years ago
Victor Julien 4176c7df6a flow/worker: remove unused detect thread arg 3 years ago
Philippe Antoine 9adb59bcdb http2: faster when reducing dynamic headers size
avoid quadratic complexity from removing the first element
and copying all the contents a big number fo times.

Ticket: #5909
3 years ago
Philippe Antoine caf9940fd1 http: fix multipart completion
As brought by commit 578f328e06

Ticket: #5952
3 years ago