suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	91695c81aa	http_client_body: register mpm from keyword	9 years ago
Victor Julien	644d4dc61b	http_stat_code: register mpm from keyword	9 years ago
Victor Julien	cf96db095a	http_stat_msg: register mpm from keyword	9 years ago
Victor Julien	43b281a510	file_data: register mpm from keyword	9 years ago
Victor Julien	6d0632a9c6	http_method: register mpm from keyword	9 years ago
Victor Julien	e4ea38a8de	http_raw_header: register mpm from keyword	9 years ago
Victor Julien	7813a834d0	http_user_agent: register mpm from keyword	9 years ago
Victor Julien	7b98c0073f	http_header: register mpm from keyword	9 years ago
Victor Julien	38e018e2d3	http_raw_uri: register mpm from keyword	9 years ago
Victor Julien	7289d12f1b	http_uri: register mpm from keyword	9 years ago
Victor Julien	5b2e36a1b0	mpm: add App Layer MPM registery Register keywords globally at start up. Create a map of the registery per detection engine. This we need because the sgh_mpm_context value is set per detect engine. Remove APP_MPMS_MAX.	9 years ago
Victor Julien	ae5846b4de	detect: simplify content inspection types Instead of a type per buffer type, pass just 3 possible types: packet, stream, state. The individual types weren't used. State is just there to be not packet and not stream.	9 years ago
Victor Julien	e1eb481647	prefilter: cleanup and optimization	9 years ago
Victor Julien	dba14b676c	profiling: more prefilter profiling	9 years ago
Victor Julien	125603871b	detect: config opt to enable keyword prefilters	9 years ago
Victor Julien	36f713c8d4	prefilter: in profiling print totals	9 years ago
Victor Julien	2e878c2024	prefilter: alloc CLS aligned memory	9 years ago
Victor Julien	732921922a	detect mpm: consider sgh direction when adding rules	9 years ago
Victor Julien	9bb12ccb27	prefilter: move payload engines into separate list	9 years ago
Victor Julien	e3b98d5bbf	detect-ack: extra match support	9 years ago
Victor Julien	a41bf2ae14	detect-seq: extra match support	9 years ago
Victor Julien	a1accbbaf0	detect-ttl: extra match support	9 years ago
Victor Julien	a270dfa008	detect-id: extra match support	9 years ago
Victor Julien	fbb0490c31	detect-dsize: extra match support	9 years ago
Victor Julien	34e3484dad	detect-flags: prefilter extra match support	9 years ago
Victor Julien	ace8f9f5df	detect-flow: prefilter extra match support	9 years ago
Victor Julien	e2eb9f8ede	prefilter: add 'extra match' logic to packet engines Many of the packet engines are very generic. Rules are generally more limited. A rule like 'alert tcp any any -> any 888 (flags:S; sid:1;)' would still be inspected against every SYN packet in most cases (it depends a bit on rule grouping though). This extra match logic adds an additional check to these packet engines. It can add a check based on alproto, source port and dest port. It uses only one of these 3. Priority order is src port > alproto > dst port. For the ports only 'single' ports are used at this time.	9 years ago
Victor Julien	9187c20782	detect mpm: negated setup fix	9 years ago
Victor Julien	5537e25f38	detect-icmp-id: prefilter	9 years ago
Victor Julien	fbe7e0aaeb	detect-icmp-seq: prefilter	9 years ago
Victor Julien	3a86aeac65	detect-icode: implement as u8 hash prefilter	9 years ago
Victor Julien	6a3917b375	detect-itype: implement as u8 hash prefilter	9 years ago
Victor Julien	f5d2166e23	detect-id: implement prefilter	9 years ago
Victor Julien	d5e5c11bd1	detect-icode: implement prefilter	9 years ago
Victor Julien	10f8e636d6	detect-itype: implement prefilter	9 years ago
Victor Julien	b88c0a56b9	detect-ttl: implement prefilter	9 years ago
Victor Julien	9ce300620e	detect-seq: implement prefilter	9 years ago
Victor Julien	822e034753	detect-flow: implement prefilter	9 years ago
Victor Julien	14b0537f95	prefilter: implement basic prefilter priority order	9 years ago
Victor Julien	4104f8c066	detect-fragoffset: implement prefilter	9 years ago
Victor Julien	9195708d58	detect analyzer: give minimal prefilter info	9 years ago
Victor Julien	065d9bceae	detect-dsize: enable prefilter support Enable prefilter support for the dsize keyword.	9 years ago
Victor Julien	9ccd0c0f90	prefilter: implement fragbits	9 years ago
Victor Julien	3b4aa06377	prefilter: engine for ack rules Rules for the 'ack' keyword are uncommon, but if used inspected against almost every packet.	9 years ago
Victor Julien	31ad0a133b	prefilter: engine for tcp flags keyword If there are many rules for TCP flags these rules would be inspected against each TCP packet. Even though the flags check is not expensive, the combined cost of inspecting multiple rules against each and every packet is high. This patch implements a prefilter engine for flags. If a rule group has rules looking for specific flags and engine for that flag or flags combination is set up. This way those rules are only inspected if the flag is actually present in the packet.	9 years ago
Victor Julien	8798bf48b2	profiling: support prefilter engines	9 years ago
Victor Julien	ea26ee906f	prefilter: intro common engine for u8 matches	9 years ago
Victor Julien	99b9896bd7	prefilter: common funcs for packet header prefilters	9 years ago
Victor Julien	f80623fd73	prefilter: show prefilter capability in --list-keywords	9 years ago
Victor Julien	56239690d0	prefilter: implement prefilter keyword Introduce prefilter keyword to force a keyword to be used as prefilter. e.g. alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;) alert tcp any any -> any any (content:"A"; flags:R; sid:2;) alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;) alert tcp any any -> any any (content:"A"; dsize:1; sid:4;) In sid 2 and 4 the content keyword is used in the MPM engine. In sid 1 and 3 the flags and dsize keywords will be used.	9 years ago

1 2 3 4 5 ...

7326 Commits (a2d8cfb5d39c979932b666a8090b9dc5be8201ec) All Branches Search

7326 Commits (a2d8cfb5d39c979932b666a8090b9dc5be8201ec)

All Branches