suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	56239690d0	prefilter: implement prefilter keyword Introduce prefilter keyword to force a keyword to be used as prefilter. e.g. alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;) alert tcp any any -> any any (content:"A"; flags:R; sid:2;) alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;) alert tcp any any -> any any (content:"A"; dsize:1; sid:4;) In sid 2 and 4 the content keyword is used in the MPM engine. In sid 1 and 3 the flags and dsize keywords will be used.	9 years ago
Victor Julien	85cb749e8b	detect cleanup: remove sgh mpm_ctx pointers	9 years ago
Victor Julien	82d3c0b520	sgh: remove unused flags	9 years ago
Victor Julien	08407b6d47	tls: mpm prefilter engines	9 years ago
Victor Julien	7acdc66061	smtp file_data: mpm prefilter engine	9 years ago
Victor Julien	0019a7bd9f	http_raw_header: mpm prefilter engine Register for both regular headers and trailer.	9 years ago
Victor Julien	cef12ed80f	http_server_body / file_data: mpm prefilter engine	9 years ago
Victor Julien	5646dd9ecf	http_client_body: mpm prefilter engine	9 years ago
Victor Julien	9b6fd6bb48	http_headers: mpm prefilter engines Register for both regular headers and trailers.	9 years ago
Victor Julien	9cab3ea2cd	http_stat_code: mpm prefilter engine	9 years ago
Victor Julien	4d57b2fc63	http_stat_msg: mpm prefilter engine	9 years ago
Victor Julien	86d303e32b	http_raw_host: mpm prefilter engine	9 years ago
Victor Julien	5218849213	http_host: mpm prefilter engine	9 years ago
Victor Julien	61c3748fc4	http_user_agent: mpm prefilter engine	9 years ago
Victor Julien	a43a69305d	http_cookie: mpm prefilter engine	9 years ago
Victor Julien	7a46364e42	http_raw_uri: mpm prefilter engine	9 years ago
Victor Julien	746a169127	dns_query: mpm prefilter engine	9 years ago
Victor Julien	9ff5703c49	packet/stream: mpm prefilter engine	9 years ago
Victor Julien	72f2a78b1f	http_method: mpm prefilter engine	9 years ago
Victor Julien	b62c4cc359	http_uri: mpm prefilter engine Inspect partial request line as well.	9 years ago
Victor Julien	5bcdbe3922	prefilter: introduce prefilter engines Introduce abstraction layer for prefilter engines.	9 years ago
Victor Julien	3dad824fb2	detect: rename SignatureNonMpmStore New name is SignatureNonPrefilterStore to reflect that it's not just about MPM anymore.	9 years ago
Victor Julien	17bc0299fe	detect: rename non_mpm lists/vars to non_pf Rename to non_pf: non prefilter.	9 years ago
Victor Julien	bb0cd0e883	prefilter: rename PatternMatcherQueue datatype In preparation of the introduction of more general purpose prefilter engines, rename PatternMatcherQueue to PrefilterRuleStore. The new engines will fill this structure a similar way to the current mpm prefilters.	9 years ago
Victor Julien	4c0ab681f2	mpm: remove Cleanup API call It's unused by all of the implementations.	9 years ago
Victor Julien	7c47016913	detect-fragoffset: minor cleanup	9 years ago
Victor Julien	a41695f29f	uricontent: remove left over func decl	9 years ago
Victor Julien	ff70e0cca0	mpm tls: remove unused function args	9 years ago
Victor Julien	ad3a55d938	mpm dns query: remove unused function args	9 years ago
Victor Julien	d647db1775	mpm stat code: remove unused function args	9 years ago
Victor Julien	bd03307921	mpm stat msg: remove unused function args	9 years ago
Victor Julien	6d54b70db4	mpm ua: remove unused function args	9 years ago
Victor Julien	704afeb078	mpm cookie: remove unused function args	9 years ago
Victor Julien	4229e603f0	mpm raw host: remove unused function args	9 years ago
Victor Julien	1380853ee8	mpm host: remove unused function args	9 years ago
Victor Julien	b40ecb7356	mpm method: remove unused function args	9 years ago
Victor Julien	3d5807ba44	mpm raw uri: remove unused function args	9 years ago
Victor Julien	d461c7888a	mpm uri: remove unused function args	9 years ago
Victor Julien	c4dcb20522	detect-parse: add new func to get last sigmatch Add SigMatchGetLastSM which simply returns the very last SM added to the signature. Minor cleanups.	9 years ago
Victor Julien	3ab405dc50	doc: reorganize hyperscan guide	9 years ago
Victor Julien	99d5bf4e68	doc: improve tuning/perf docs	9 years ago
Victor Julien	c7c8de7d59	doc: fix ET example URL	9 years ago
Victor Julien	485544d885	doc: improve commandline options	9 years ago
Eric Leblond	3ca663d7ff	output-json-flow: display bypass method In the case of a bypassed flow we add a 'bypass' key that can be 'local' or 'capture'. This will allow the user to know if capture bypass method is failing by looking at the 'bypass' key.	9 years ago
Giuseppe Longo	e6bac998d9	flow: add timeout for local bypass This adds a new timeout value for local bypassed state. For user simplication it is called only `bypassed`. The patch also adds a emergency value so we can clean bypassed flows a bit faster.	9 years ago
Eric Leblond	51bfe4960a	flow: discard packets belonging to bypassed flows	9 years ago
Eric Leblond	724069626d	flow: downgrade to local bypass if we see packets If we see packets for a capture bypassed flow after some times, it means that the capture method is not handling correctly the bypass so it is better to switch to local bypass method.	9 years ago
Eric Leblond	4cf887b4f7	flow: update lastts in FlowHandlePacketUpdate This allows to make it conditional to the state of packet and then trigger modified behavior.	9 years ago
Giuseppe Longo	5b71b5834f	filestore: avoid conflict with bypass keyword If a packet triggers a rule which contains both bypass and filestore keywords, it won't be stored since it's not inspected. To avoid that, when a rule containing filestore keyword we make sure that also bypass keyword is present.	9 years ago
Giuseppe Longo	07564c4e41	detect: add bypass keyword This adds a new keyword which permits to call the bypass callback when a sig is matched. The callback must be called when the match of the sig is complete.	9 years ago

... 3 4 5 6 7 ...

7427 Commits (8f56c234683551f9418377cd250c434938c08ddc) All Branches Search

7427 Commits (8f56c234683551f9418377cd250c434938c08ddc)

All Branches