suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Victor Julien	7dc4b164a8	Fix a clang warning in unittest DetectUriSigTest12.	15 years ago
Anoop Saldanha	b140ed1c9c	modify detection engine to run hhd mpm before building the match array	15 years ago
Anoop Saldanha	4883efd0f6	unifying content structure - uricontent now uses DetectContentData	15 years ago
Anoop Saldanha	4a038511ff	Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes	15 years ago
Anoop Saldanha	e0476242c6	replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH]	15 years ago
Anoop Saldanha	e54358a9e1	replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH]	15 years ago
Anoop Saldanha	82fd581b64	replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH]	15 years ago
Anoop Saldanha	0c5b82d891	provide separate ids for content, uricontent, http_(client_body_data\|cookie\|header\|method\|uri), when they share the same pattern	15 years ago
Anoop Saldanha	b8f5a6a4fc	throw out contents/uricnotents with invalid hex assembly	15 years ago
Anoop Saldanha	850f44022f	invalidate sigs with content/uricontent strings ", "boo, boo" + fix parsing content strings of the format content: !\"boom\";"	15 years ago
Anoop Saldanha	a85fa6b792	support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis	15 years ago
Victor Julien	fc248ca7a1	Many small performance updates.	15 years ago
Victor Julien	1071a53210	Fix unittests after ip_proto keyword change.	15 years ago
Pablo Rincon	34bb107f2c	Fix for bug 207 (depth/offset not correctly updated on certain cases)	15 years ago
Victor Julien	f07997fd4a	Don't set negated uricontent signature flag twice.	16 years ago
Pablo Rincon	b7076a8ea0	Don't avoid inspecting uricontents if we get no match. It can be negated uricontents (and urilens/pcre..). But at least skip the search if we get no match	16 years ago
Victor Julien	393acd77d2	Detection improvements: uricontent escaping now working, better negated pattern (content) handling.	16 years ago
Victor Julien	a3ff0e7210	Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185 .	16 years ago
Pablo Rincon	eed0ef6e69	Adding tag keyword support	16 years ago
William Metcalf	0e4235cc94	FLOW_DESTROY added to clean-up UT's that init flow	16 years ago
Victor Julien	2f29b8a724	Improve detection of app layer, making sure we only handle app layer on 'established' packets. Should really fix #166 .	16 years ago
Anoop Saldanha	015385c6bd	changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not	16 years ago
Anoop Saldanha	45ea0d914e	dce stub content keywords support using dcepayload.c support for all dce related content keywords	16 years ago
Victor Julien	83b2c8abdb	Improve stateful uri detection code.	16 years ago
Victor Julien	9dd753b5f3	Scan uricontent mpm on demand.	16 years ago
Victor Julien	e8fce5f7fa	Convert uricontent scanning to use the detect engine state.	16 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	16 years ago
William Metcalf	cc76aa4bc6	properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks	16 years ago
Victor Julien	a24f288074	Moving the stream content scanning to have it's own mpm ctx.	16 years ago
Gurvinder Singh	cda664a8c4	memroy leaks fixes in detection module, app layer and counters	16 years ago
William Metcalf	2eef905c07	GPL and Copyright header updates.	16 years ago
Victor Julien	70b32f7380	First stab at creating a stateful detection engine. Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications: - Generalize transaction tracking, logging and inspection. - Adapt http and dcerpc to use the new transaction handling. - Stream engine now always notifies app layer of a stream eof. This commit fixes bug #124.	16 years ago
Gerardo Iglesias Galvan	9f4fae5b1a	Fix inconsistent use of dynamic memory allocation	16 years ago
Victor Julien	a8dd484aba	Fix small potential bug in debug mode found by clang.	16 years ago
William Metcalf	8d66323f62	clang fixes for null derefrences	16 years ago
Victor Julien	e27cefa6f7	Complete conversion of pattern id mpm storage vs sig id storage.	16 years ago
Victor Julien	7a427ec7f4	Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach.	16 years ago
Victor Julien	26ef58342d	Fix typo in uricontent within handling causing within to be wrong.	16 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	16 years ago
Victor Julien	294b39bb3a	Properly set content and uricontent depth. Fixes #134 .	16 years ago
Pablo Rincon	9209eaeaf6	Fix some error messages and coding style at uri/content modifiers	16 years ago
Gurvinder Singh	69a4fee757	fixed the API and logic error reported by clang tool	16 years ago
Victor Julien	78e15ea7fa	Explicitly test for ipv6 in the htp personalities code. Update all affected unittests to set addr family to the flow.	16 years ago
Pablo Rincon	86185ecd97	Enable spm inspection with precooked pattern contexts on content, uricontent and http_client_body (we will also add this to http_header when it gets commited)	16 years ago
Victor Julien	4129146a71	Because the HTP personalities code changes how the htp state's connp is initialized, we need to check for it in more places.	16 years ago
Victor Julien	08600df6b1	Small uri cleanups.	16 years ago
Pablo Rincon	c7350a8ac6	Fixing some naming convention issues and incorrect error messages	16 years ago
Pablo Rincon	b708d7f65d	Adding Uricontent inspection with spm. Modifiers for uricontent are now supported	16 years ago
Victor Julien	297001c6d9	Only process a app layer sig if it has the proper state. Make sure a sig can't have conflicting sigmatches, such as ftpbouce and uricontent.	16 years ago

1 2

93 Commits (396b750414590e66325b46dd59429483a80042c0)