suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	93d121bf21	Update app layer events for HTTP now that libhtp has fixes for some response errors.	14 years ago
Victor Julien	f713b653ab	Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well.	14 years ago
Victor Julien	c2c539942b	Rework the way the http parser can tell the de_state to reset it's file section on arrival of new files in the same tx. Fixes a dead lock in the auto runmode.	14 years ago
Victor Julien	9878eca086	file handling: expand filestore keyword Filestore keyword by default (... filestore; ... ) marks only the file in the same direction as the rule match for storing. This makes sense when inspecting individual files (filemagic, filename, etc) but not so much when looking at suspicious file requests, where the actual file is in the response. The filestore keyword now takes 2 optional options: filestore:<direction>,<scope>; By default the direction is "same as rule match", and scope is "currently inspected file". For direction the following values are possible: "request" and "to_server", "response" and "to_client", "both". For scope the following values are possible: "tx" for all files in the current HTTP/1.1 transation, "ssn" and "flow" for all files in the session/flow. For the above case, where a suspious request should lead to a response file download, this would work: alert http ... content:"/suspicious/"; http_uri; filestore:response; ...	14 years ago
Victor Julien	d59ca75e46	file extract: split toserver and toclient tracking Split toserver and toclient file tracking for the http state.	14 years ago
Victor Julien	b402d97179	File carving -- enable reponse file extraction - Enable response body tracking - Enable file extraction for responses - File store meta file includes magic, close reason. - Option to force magic lookup for all stored files. - Fix libmagic calls thead safety.	14 years ago
Victor Julien	66a3cd96a8	Prepare HTTP response body tracking.	14 years ago
Victor Julien	e1022ee5ae	file-extraction: Disconnect file handling from flow and move into the app layer state.	14 years ago
Victor Julien	23e01d23d3	Implement filestore keyword, including a way for the stateful detection engine to conclude that a file will never have to be stored.	14 years ago
Victor Julien	403b2788d6	Add support for extracting PUT files.	14 years ago
Victor Julien	a0ee6ade3e	Improve HTTP multipart parsing, add streaming parsing for files.	14 years ago
Pablo Rincon	6d60b3a747	filename and fileext keywords	14 years ago
Eric Leblond	60a99915c1	doc: create http support group This patch create an httplayer group and adds related files to it. It also fixes some typo in documentation string and format.	14 years ago
Anoop Saldanha	4e44073c79	http logging module should log all txs in the list and not just the last complete tx available on EOF	14 years ago
Anoop Saldanha	41d71a6d70	fix http http transaction id update. Update transactions as soon as we receive a callback on new request	14 years ago
Victor Julien	6fca55e068	Add some debug output to app-layer-htp.	15 years ago
Victor Julien	39a5348d2b	Remove dead pcre code.	15 years ago
Victor Julien	6ebe7b7cd3	Change the way the request body limit is enforced.	15 years ago
Anoop Saldanha	5c6a65dc58	support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch]	15 years ago
Pablo Rincon	06a65cb460	moving http_client_body logic to use it per transactions. Adding unittests	15 years ago
Victor Julien	70b32f7380	First stab at creating a stateful detection engine. Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications: - Generalize transaction tracking, logging and inspection. - Adapt http and dcerpc to use the new transaction handling. - Stream engine now always notifies app layer of a stream eof. This commit fixes bug #124.	16 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	16 years ago
Brian Rectanus	a9cdd2bbae	Add htp personality configuration.	16 years ago
Anoop Saldanha	97d49d8f5e	support for http_client_body keyword	16 years ago
Victor Julien	7a8cd61fdf	Cleanups.	16 years ago
Pablo Rincon	25a3a5c6d8	Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.	16 years ago
Gurvinder Singh	50f7d0a887	app layer htp logging and better htp request handling. removed recent_in_tx.	16 years ago
Pablo Rincon	0165b3f0d8	pcre P modifier support (pcre match over http body requests)	16 years ago
Gurvinder Singh	356a8bf385	applayer uri match and modified http handling	16 years ago
Victor Julien	c3269dbcb4	Fix compiler warning in http method code	16 years ago
Victor Julien	4824868766	Application layer detection improvements - improve locking of application layer handling, making sure that the flow cannot be freed/cleared when the detection engine is still working with it. - add a check to the app layer detection to make sure that a match function will only inspect an app layer state if it's of the right type.	16 years ago
Gurvinder Singh	0a85fd6787	htp error fixed	16 years ago
Gurvinder Singh	fc2f7f29fa	app layer htp error handling and fixes for memory leaks and segv	16 years ago
Gurvinder Singh	2d6cf71d37	added htp unit test	16 years ago
Gurvinder Singh	07f7ba55b8	initial support for HTP module init	16 years ago

1 2

85 Commits (d6460392c51b2f6cbbfc6316eb96e0926ddc1d25)