The uint8_t *pkt in the Packet structure always points to the memory
immediately following the Packet structure. It is better to simply
calculate that value every time than store the 8 byte pointer.
Set event on overlapping data segments that have different data.
Add stream-events option stream-event:reassembly_overlap_different_data and
add an example rule.
Issue 603.
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.
This patch has been obtained via coccinelle. The transformation
is the following:
@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@
x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
This patch renames DECODER_SET_EVENT, DECODER_ISSET_EVENT and some
other structures to ENGINE equivalent to take into account the fact
the event list is now related to all engines and not only to decoder.
Decode signature are using the fact that no proto is set on packet
to increase the matching speed. This is not the case of stream and
other engine events. Thus a difference needs to be made.
This patch adds an alias to the 'engine-event' keyword. It is now
possible to access to the stream events via the 'stream-event'
keyword. A simple transformation is done:
stream-event:reassembly_segment_before_base_seq
is a shortcut for:
engine-event:stream.reassembly_segment_before_base_seq
This patch renames the 'decode-event' keyword to 'engine-event' and
keep it for backword compatibility of rulesets. All *DecodeEvent*
references in the code are replaced by EngineEvent version.
Ken Steele
Victor Julien
Eric Leblond
Anoop Saldanha