suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	d5e5c11bd1	detect-icode: implement prefilter	8 years ago
Victor Julien	10f8e636d6	detect-itype: implement prefilter	8 years ago
Victor Julien	b88c0a56b9	detect-ttl: implement prefilter	8 years ago
Victor Julien	9ce300620e	detect-seq: implement prefilter	8 years ago
Victor Julien	822e034753	detect-flow: implement prefilter	8 years ago
Victor Julien	14b0537f95	prefilter: implement basic prefilter priority order	8 years ago
Victor Julien	4104f8c066	detect-fragoffset: implement prefilter	8 years ago
Victor Julien	9195708d58	detect analyzer: give minimal prefilter info	8 years ago
Victor Julien	065d9bceae	detect-dsize: enable prefilter support Enable prefilter support for the dsize keyword.	8 years ago
Victor Julien	9ccd0c0f90	prefilter: implement fragbits	8 years ago
Victor Julien	3b4aa06377	prefilter: engine for ack rules Rules for the 'ack' keyword are uncommon, but if used inspected against almost every packet.	8 years ago
Victor Julien	31ad0a133b	prefilter: engine for tcp flags keyword If there are many rules for TCP flags these rules would be inspected against each TCP packet. Even though the flags check is not expensive, the combined cost of inspecting multiple rules against each and every packet is high. This patch implements a prefilter engine for flags. If a rule group has rules looking for specific flags and engine for that flag or flags combination is set up. This way those rules are only inspected if the flag is actually present in the packet.	8 years ago
Victor Julien	8798bf48b2	profiling: support prefilter engines	8 years ago
Victor Julien	ea26ee906f	prefilter: intro common engine for u8 matches	8 years ago
Victor Julien	99b9896bd7	prefilter: common funcs for packet header prefilters	8 years ago
Victor Julien	f80623fd73	prefilter: show prefilter capability in --list-keywords	8 years ago
Victor Julien	56239690d0	prefilter: implement prefilter keyword Introduce prefilter keyword to force a keyword to be used as prefilter. e.g. alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;) alert tcp any any -> any any (content:"A"; flags:R; sid:2;) alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;) alert tcp any any -> any any (content:"A"; dsize:1; sid:4;) In sid 2 and 4 the content keyword is used in the MPM engine. In sid 1 and 3 the flags and dsize keywords will be used.	8 years ago
Victor Julien	85cb749e8b	detect cleanup: remove sgh mpm_ctx pointers	8 years ago
Victor Julien	82d3c0b520	sgh: remove unused flags	8 years ago
Victor Julien	08407b6d47	tls: mpm prefilter engines	8 years ago
Victor Julien	7acdc66061	smtp file_data: mpm prefilter engine	8 years ago
Victor Julien	0019a7bd9f	http_raw_header: mpm prefilter engine Register for both regular headers and trailer.	8 years ago
Victor Julien	cef12ed80f	http_server_body / file_data: mpm prefilter engine	8 years ago
Victor Julien	5646dd9ecf	http_client_body: mpm prefilter engine	8 years ago
Victor Julien	9b6fd6bb48	http_headers: mpm prefilter engines Register for both regular headers and trailers.	8 years ago
Victor Julien	9cab3ea2cd	http_stat_code: mpm prefilter engine	8 years ago
Victor Julien	4d57b2fc63	http_stat_msg: mpm prefilter engine	8 years ago
Victor Julien	86d303e32b	http_raw_host: mpm prefilter engine	8 years ago
Victor Julien	5218849213	http_host: mpm prefilter engine	8 years ago
Victor Julien	61c3748fc4	http_user_agent: mpm prefilter engine	8 years ago
Victor Julien	a43a69305d	http_cookie: mpm prefilter engine	8 years ago
Victor Julien	7a46364e42	http_raw_uri: mpm prefilter engine	8 years ago
Victor Julien	746a169127	dns_query: mpm prefilter engine	8 years ago
Victor Julien	9ff5703c49	packet/stream: mpm prefilter engine	8 years ago
Victor Julien	72f2a78b1f	http_method: mpm prefilter engine	8 years ago
Victor Julien	b62c4cc359	http_uri: mpm prefilter engine Inspect partial request line as well.	8 years ago
Victor Julien	5bcdbe3922	prefilter: introduce prefilter engines Introduce abstraction layer for prefilter engines.	8 years ago
Victor Julien	3dad824fb2	detect: rename SignatureNonMpmStore New name is SignatureNonPrefilterStore to reflect that it's not just about MPM anymore.	8 years ago
Victor Julien	17bc0299fe	detect: rename non_mpm lists/vars to non_pf Rename to non_pf: non prefilter.	8 years ago
Victor Julien	bb0cd0e883	prefilter: rename PatternMatcherQueue datatype In preparation of the introduction of more general purpose prefilter engines, rename PatternMatcherQueue to PrefilterRuleStore. The new engines will fill this structure a similar way to the current mpm prefilters.	8 years ago
Victor Julien	4c0ab681f2	mpm: remove Cleanup API call It's unused by all of the implementations.	8 years ago
Victor Julien	7c47016913	detect-fragoffset: minor cleanup	8 years ago
Victor Julien	a41695f29f	uricontent: remove left over func decl	8 years ago
Victor Julien	ff70e0cca0	mpm tls: remove unused function args	8 years ago
Victor Julien	ad3a55d938	mpm dns query: remove unused function args	8 years ago
Victor Julien	d647db1775	mpm stat code: remove unused function args	8 years ago
Victor Julien	bd03307921	mpm stat msg: remove unused function args	8 years ago
Victor Julien	6d54b70db4	mpm ua: remove unused function args	8 years ago
Victor Julien	704afeb078	mpm cookie: remove unused function args	8 years ago
Victor Julien	4229e603f0	mpm raw host: remove unused function args	8 years ago

... 4 5 6 7 8 ...

7493 Commits (a67c31d4e164b04c1ec5766b692bf984790cdad5) All Branches Search

7493 Commits (a67c31d4e164b04c1ec5766b692bf984790cdad5)

All Branches