[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.1.2-379-g5bd906a
OISF Git
noreply at openinfosecfoundation.org
Thu Sep 29 20:11:01 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 5bd906ae9f6cea9db02583786d26afcc6cfb86c1 (commit)
via d9811e58b6b4ef4fd5d4c96001ca4114a09813ab (commit)
via 358eacf14f4ccc7e5fb1633b7d4e284e92e69bb8 (commit)
via 44022743f263712e99ee06b151b2e70c0f91579f (commit)
via 798ba010ca956310fd17f2b6ecda3c6f383c3818 (commit)
via 8321f04ef32f12be82b8e2d4afd835a18da69ba2 (commit)
via d36c0c15eabfc4145affd66295738a4e1e9ce125 (commit)
via 58ac4027ef7c3dc6603b21ae1a6d85ee857f372a (commit)
via a24870f29f4d8d1677db8594c1d8fd1468a44851 (commit)
via 9e35fa7f417e68fc7a20d829900b83b77a961235 (commit)
via 8a0bea872c8d73e4fa2ae4bd3c7e123fbb15c5ef (commit)
via 6f253e1ea7d02469d471ee5a0bb37cc7c1a08e48 (commit)
via 08d0fe0916c5bdbbe973e816a032c6f29a5e1e44 (commit)
via 2db094ab7ae86787602f3a9723dbdb21642f6c8d (commit)
via c9bb762f643587996864e8d343a7847fdd4fe7f6 (commit)
via e28e98bcaaf42b50a4cf71584eb332c1d7ce1e88 (commit)
via a87c196b607779912ce9d89d2cfd90a392870c0f (commit)
via 200a4c159352bf8f20f4094671c82ede93a0ffe0 (commit)
via cd705752db5bb55c03db0f1af35c7dc139d94ffb (commit)
via 20e93ba419bafbbfa2a096199c766ffbba2b71a2 (commit)
via 0496b3f6a55a1f72c46c570737e871cc7ebf7289 (commit)
via a00629ab555ce666b4a0e08e0bc96b8523c8d6fd (commit)
via edb293699872d0180a1c447f9b84fe20d471efdf (commit)
via fc857c5455d097419adb758134486fe9eebafd8d (commit)
via b1adea6eee3a99a5eb1acb8e37a436a0825d007d (commit)
via cd8b1b0b4c448810a59dc2917352f765249e9ce0 (commit)
via b3148296142942d6ebed789d819c9010abce8b1e (commit)
via eb19eb3fe4f761ee876aff0b9a58a70844e73d17 (commit)
via 4096f76b1be228e9a1c8f6d94565aa84cbb9ff6a (commit)
via b96c2c5db566114d2ea2bad83e96441cf0164551 (commit)
via cc96fedb90eac286144f7efa6b3a2662d66d8301 (commit)
via 0feeb8d538c0c4515db48d787d2dd2ae18bb3acd (commit)
via 5bde86b0e865bea1acf7e5be6121cb5db877369a (commit)
via 9a0bbd623997305b505a59ca9bf3a18fa19e9d91 (commit)
via ad3c97f47077adee0a7cf2adcb9404e32e138f05 (commit)
via 5f994756e684457d81000530f57d7243b4e099c9 (commit)
via bac37fc9ae5e3469652fda2ef268de617de485dd (commit)
via f1e38405160d5d56c0f92354c17938ba5caa3fd5 (commit)
via 4c98b6cef3dc36e212d24efd335875888292f571 (commit)
via 960461f4db37fb3dcdc167933261c2d0222f98f7 (commit)
via 6dd4dff7b288f9446568c91c5ae5c70fa5ba5ba6 (commit)
via e68b2214e559327bc9bc2bfa9e223ec69f89e945 (commit)
via 57ae3c43e53d35a3b43ee61d4100b988804adacc (commit)
via a1a2187a0c8f7750ff4a2d5d911db0dd339689c9 (commit)
via 74661449e0b7019cabe851fed80759673fc083d9 (commit)
via b5cd4889aed4a126e92dd35d7cb8931a869a3f43 (commit)
via 91695c81aacca8db1b9035be73b3b7d0e4f5353b (commit)
via 644d4dc61b466e28319c53af177878b4175b5241 (commit)
via cf96db095aeb46b4652eb8b383f4bd46fb779329 (commit)
via 43b281a510afb3a6a304d05aa135dd2d4f497d2b (commit)
via 6d0632a9c64f0a11acc9ed62f42581eddfbef315 (commit)
via e4ea38a8deb22f7cfdacea4e335968dee22bc5c3 (commit)
via 7813a834d0eff25fbce58d11c8e6eb7f721f1175 (commit)
via 7b98c0073f9d29353674751891873188fd6595af (commit)
via 38e018e2d3530e33bb29f01ff6a5c7116d19e151 (commit)
via 7289d12f1bc3e122bb90a43ca0981da7ff472524 (commit)
via 5b2e36a1b00e9ef0144551c4318cbed5c957d42c (commit)
via ae5846b4deed24cd3150d87465f088503ead29b7 (commit)
via e1eb4816478ed27f05082c371136ec9035d95364 (commit)
via dba14b676cee6fe104fc7085409277b29774eb5a (commit)
via 125603871bf80149d593099741c8b695e316acb7 (commit)
via 36f713c8d4accc90aab5039f78a3929687fb9dab (commit)
via 2e878c202468ea7866de136048191d4d82771589 (commit)
via 732921922a7eed53bc929c4ecf022ad9861fd9ed (commit)
via 9bb12ccb270fdb54cd76ed4db1e794aa2812a161 (commit)
via e3b98d5bbf6f8677c0adf345cfe063c7f5ea6c98 (commit)
via a41bf2ae142428a6badfcbf3f6ded32706e2c82c (commit)
via a1accbbaf0465eabcd5743f9d20c631a79f8c09d (commit)
via a270dfa008f2d5c19f8c571fd4a4139ffc3df7ad (commit)
via fbb0490c31fc62b60240e3fde4a1462555105f9b (commit)
via 34e3484dad3af5be0ad916fa9130fc93b430b056 (commit)
via ace8f9f5df3ea7ca87d2fdae934dd29ca70c1a2c (commit)
via e2eb9f8ede2a8b6a5ebd34b8565a4ac5f2c519c3 (commit)
via 9187c20782884a1ac2f9ccc3ef5462f7b43738e4 (commit)
via 5537e25f384bd7e27f8fa871cd739dc65b1a29c4 (commit)
via fbe7e0aaebcb2b9d2503ba2f26702e4745e28138 (commit)
via 3a86aeac65bedb5a002fa929940dde2c55ba60ce (commit)
via 6a3917b375a8c4298a02105d6f52359770bc76b9 (commit)
via f5d2166e23e693b0133651e3f272ff58a804f3e3 (commit)
via d5e5c11bd1582704606ced7d95c168fd2a5b01ef (commit)
via 10f8e636d61e6aca87c5eac2749746f00ab43e72 (commit)
via b88c0a56b99644693b5bef8ce0d552ca5ae2b55c (commit)
via 9ce300620e899ec189bcd22d9736076002a334dc (commit)
via 822e034753130234b6713f28f355adc2d004d606 (commit)
via 14b0537f9502ecbbdbc36f9120a064ee0f25c322 (commit)
via 4104f8c066bd8bff3c6796746921ab0b4023ad66 (commit)
via 9195708d58cea902423f761d45ca070ec1d980e6 (commit)
via 065d9bceaebd7427cde8461ec0fcc58a62e08e17 (commit)
via 9ccd0c0f9081bad82921e50daad129705b91fda4 (commit)
via 3b4aa06377461773240ae5a3e68fbf1d3b100b21 (commit)
via 31ad0a133b9bb7d3e2384467fb3befd552ec803a (commit)
via 8798bf48b210123617a10c9b8046f2fe4ce701a5 (commit)
via ea26ee906f4c9b54fa1c4f6b974373a1a23f94e7 (commit)
via 99b9896bd75399993d2ece2bd1dc39629f5dd8b3 (commit)
via f80623fd73e7d6df56bbc33f19218b4bc1e1e581 (commit)
via 56239690d041a55ae9c74f6d925d1ae25d48b526 (commit)
via 85cb749e8b62f0a665aeec29d534f7727d4bfb20 (commit)
via 82d3c0b5209f85e5e5e63877cea8abb33345ee0e (commit)
via 08407b6d47606f625bf4f0c502df254659fa9843 (commit)
via 7acdc660613918e6279318f45e8d966beb35b0d3 (commit)
via 0019a7bd9f36916ccb699793d5af4893ee88dcda (commit)
via cef12ed80f8bf9db3c9a12d8f3bcbb031f27efd9 (commit)
via 5646dd9ecf8b0032c2389a8ef2bcdacf693e208d (commit)
via 9b6fd6bb48d1d8284e253e8bc44eb7d1c2834280 (commit)
via 9cab3ea2cdf78e815714febcf364317fb7072f60 (commit)
via 4d57b2fc6380d45b737c3adc619cef0fbc4c52ab (commit)
via 86d303e32ba1cc7a4dba4a989b74387ab30b3d03 (commit)
via 521884921300cedca9c8ba8034d47c4c4d104bba (commit)
via 61c3748fc479510cf525dbee090dcb2d3c622750 (commit)
via a43a69305ddaf543daeef8f86317f74506287465 (commit)
via 7a46364e429eb15c3420de8f5e1ec5c4e19c65b1 (commit)
via 746a169127b2939f05f92d62543a47d20a2d7b49 (commit)
via 9ff5703c4972effbb9a93dcbaefb18917c0a566b (commit)
via 72f2a78b1f5cf22766a26b5f9c1e41886284954c (commit)
via b62c4cc359c223eacceec3e095cd3172aca03564 (commit)
via 5bcdbe39221d5da8b63b9e44b834102c07cb49dd (commit)
via 3dad824fb2b5501bfac34513c6a9d26cf0265a49 (commit)
via 17bc0299fe1eb4305d0bcea05399eccaa5b13b6d (commit)
via bb0cd0e883c90e551110e79638b8bd017eac1a66 (commit)
via 4c0ab681f20b804d2eae174698579f7043a38974 (commit)
via 7c4701691309305ef294cde729542f22ebe9aaa2 (commit)
via a41695f29f06e7ed692e25851a9f5298de34c8c3 (commit)
via ff70e0cca0a57011d2073d3fe05a2006b7ffb868 (commit)
via ad3a55d9381c82ee7164fa89143fa77064654d9f (commit)
via d647db17751837fe15e157992b9b3890359403a5 (commit)
via bd03307921a76ac0df01b176fd24f20a9ba251c9 (commit)
via 6d54b70db4b14d4b55115fd1c5dde347029cac28 (commit)
via 704afeb078343baaa41abe66cc4bbeca1d2cf623 (commit)
via 4229e603f0b47469e1ada05248824dbed91928eb (commit)
via 1380853ee859e589e43ba5e2e2790d2b32785c0a (commit)
via b40ecb73563ca4acb034ae69aefeea08aa48b467 (commit)
via 3d5807ba448c874a69565e690f10718cdc2c1a7c (commit)
via d461c7888ad3c08e8ea0c5abca418ecdd46640cd (commit)
via c4dcb205225097dc7c672b4c8435506465ac8b44 (commit)
from 3ab405dc502222e4263234ccb5f0953293744b2a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5bd906ae9f6cea9db02583786d26afcc6cfb86c1
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 29 14:17:22 2016 +0200
doc: prefilter keyword and config
commit d9811e58b6b4ef4fd5d4c96001ca4114a09813ab
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 28 08:46:27 2016 +0200
http_header: don't separately inspect trailer yet
Currently the regular 'Header' inspection code will run each time
after the HTTP progress moved beyond 'headers'. This will include
the trailers if there are any.
Leave the code in place as this model will change in the not too
distant future.
commit 358eacf14f4ccc7e5fb1633b7d4e284e92e69bb8
Author: Victor Julien <victor at inliniac.net>
Date: Tue Sep 27 17:24:02 2016 +0200
http_header: only run trailer mpm if we have trailers
commit 44022743f263712e99ee06b151b2e70c0f91579f
Author: Victor Julien <victor at inliniac.net>
Date: Tue Sep 27 17:16:38 2016 +0200
http: track if request/response have trailers
commit 798ba010ca956310fd17f2b6ecda3c6f383c3818
Author: Victor Julien <victor at inliniac.net>
Date: Tue Sep 27 13:46:08 2016 +0200
prefilter: use array of engines per sgh
Instead of the linked list of engines setup an array
with the engines. This should provide better locality.
Also shrink the engine structure so that we can fit
2 on a cacheline.
Remove the FreeFunc from the runtime engines. Engines
now have a 'gid' (global id) that can be used to look
up the registered Free function.
commit 8321f04ef32f12be82b8e2d4afd835a18da69ba2
Author: Victor Julien <victor at inliniac.net>
Date: Tue Sep 27 11:56:58 2016 +0200
prefilter: clean up setup code
commit d36c0c15eabfc4145affd66295738a4e1e9ce125
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 11:25:38 2016 +0200
detect: reshuffle keyword registration order
The order of keyword registration currently affects inspect engine
registration order and ultimately the order of inspect engines per
rule. Which in turn affects state keeping.
This patch makes sure the ordering is the same as with older
releases.
commit 58ac4027ef7c3dc6603b21ae1a6d85ee857f372a
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 10:01:02 2016 +0200
detect: clean up inspect engine registration
commit a24870f29f4d8d1677db8594c1d8fd1468a44851
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 09:56:23 2016 +0200
detect app-layer-event: clean up registration
Move engine and registration into the keyword file.
Register as 'ALPROTO_UNKNOWN' instead of per alproto. The
registration will only apply it to those rules that have
events set.
commit 9e35fa7f417e68fc7a20d829900b83b77a961235
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 09:37:54 2016 +0200
detect: remove empty app registration table
commit 8a0bea872c8d73e4fa2ae4bd3c7e123fbb15c5ef
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 09:35:53 2016 +0200
template_buffer: register inspect engine from keyword
commit 6f253e1ea7d02469d471ee5a0bb37cc7c1a08e48
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 09:21:07 2016 +0200
file detect: register inspect engines from keyword
commit 08d0fe0916c5bdbbe973e816a032c6f29a5e1e44
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 09:11:33 2016 +0200
modbus detect: register inspect engine from keyword
commit 2db094ab7ae86787602f3a9723dbdb21642f6c8d
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 09:02:38 2016 +0200
dns detect: register inspect engine from keyword
commit c9bb762f643587996864e8d343a7847fdd4fe7f6
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 08:47:00 2016 +0200
tls_cert_issuer: register inspect engine from keyword
commit e28e98bcaaf42b50a4cf71584eb332c1d7ce1e88
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 08:45:29 2016 +0200
tls_cert_subject: register inspect engine from keyword
commit a87c196b607779912ce9d89d2cfd90a392870c0f
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 08:43:25 2016 +0200
tls_sni: register inspect engine from keyword
commit 200a4c159352bf8f20f4094671c82ede93a0ffe0
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 08:38:37 2016 +0200
http_stat_code: register inspect engine from keyword
commit cd705752db5bb55c03db0f1af35c7dc139d94ffb
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 08:30:57 2016 +0200
http_stat_msg: register inspect engine from keyword
commit 20e93ba419bafbbfa2a096199c766ffbba2b71a2
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 08:20:51 2016 +0200
file_data: register inspect engine from keyword
commit 0496b3f6a55a1f72c46c570737e871cc7ebf7289
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 18:05:52 2016 +0200
http_raw_host: register inspect engine from keyword
commit a00629ab555ce666b4a0e08e0bc96b8523c8d6fd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:51:25 2016 +0200
http_host: register inspect engine from keyword
commit edb293699872d0180a1c447f9b84fe20d471efdf
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:47:54 2016 +0200
http_user_agent: register inspect engine from keyword
commit fc857c5455d097419adb758134486fe9eebafd8d
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:39:06 2016 +0200
http_raw_uri: register inspect engine from keyword
commit b1adea6eee3a99a5eb1acb8e37a436a0825d007d
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:35:59 2016 +0200
http_cookie: register inspect engine from keyword
commit cd8b1b0b4c448810a59dc2917352f765249e9ce0
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:33:20 2016 +0200
http_method: register inspect engine from keyword
commit b3148296142942d6ebed789d819c9010abce8b1e
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:27:57 2016 +0200
http_raw_header: register inspect engine from keyword
commit eb19eb3fe4f761ee876aff0b9a58a70844e73d17
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:22:20 2016 +0200
http_header: register inspect engine from keyword
commit 4096f76b1be228e9a1c8f6d94565aa84cbb9ff6a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:19:05 2016 +0200
http_client_body: register inspect engine from keyword
commit b96c2c5db566114d2ea2bad83e96441cf0164551
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:13:03 2016 +0200
http_uri: register inspect engine from keyword
commit cc96fedb90eac286144f7efa6b3a2662d66d8301
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:06:43 2016 +0200
http_response_line: register inspect engine from keyword
commit 0feeb8d538c0c4515db48d787d2dd2ae18bb3acd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:02:39 2016 +0200
http_request_line: register inspect engine from keyword
commit 5bde86b0e865bea1acf7e5be6121cb5db877369a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 17:00:29 2016 +0200
detect-engine: new registration call
Make it more in line with MPM registration.
commit 9a0bbd623997305b505a59ca9bf3a18fa19e9d91
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 22 09:09:11 2016 +0200
detect mpm: small optimization
commit ad3c97f47077adee0a7cf2adcb9404e32e138f05
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 21 22:50:13 2016 +0200
detect-mpm: cleanup
commit 5f994756e684457d81000530f57d7243b4e099c9
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 21 17:43:41 2016 +0200
detect-engine: improved inspect engines
Inspect engines are called per signature per sigmatch list. Most
wrap around DetectEngineContentInspection, but it's more generic.
Until now, the inspect engines were setup in a large per ipproto,
per alproto, per direction table. For stateful inspection each
engine needed a global flag.
This approach had a number of issues:
1. inefficient: each inspection round walked the table and then
checked if the inspect engine was even needed for the current
rule.
2. clumsy registration with global flag registration.
3. global flag space was approaching the need for 64 bits
4. duplicate registration for alprotos supporting both TCP and
TCP (DNS).
This patch introduces a new approach.
First, it does away with the per ipproto engines. This wasn't used.
Second, it adds a per signature list of inspect engine containing
only those engines that actually apply to the rule.
Third, it gets rid of the global flags and replaces it with flags
assigned per rule per engine.
commit bac37fc9ae5e3469652fda2ef268de617de485dd
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 21 16:17:20 2016 +0200
detect state: reorganize flags
List the common non-buffer specific flags on top.
commit f1e38405160d5d56c0f92354c17938ba5caa3fd5
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 8 15:19:40 2016 +0200
http_response_body: implement keyword with mpm
Implemented as 'stickybuffer'.
commit 4c98b6cef3dc36e212d24efd335875888292f571
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 8 12:35:44 2016 +0200
http_request_line: implement keyword and mpm
Implemented as 'stickybuffer'.
Move all logic into the keyword file and remove bad tests that tested
URI instead of request line.
commit 960461f4db37fb3dcdc167933261c2d0222f98f7
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 14:44:09 2016 +0200
fast_pattern: register app layer mpms automatically
Allow for duplicate registrations for the same list. After the first
registration new calls will be ignored.
commit 6dd4dff7b288f9446568c91c5ae5c70fa5ba5ba6
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 13:08:16 2016 +0200
mpm: remove empty app_mpms table
commit e68b2214e559327bc9bc2bfa9e223ec69f89e945
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 13:06:32 2016 +0200
tls: register mpm from keywords
commit 57ae3c43e53d35a3b43ee61d4100b988804adacc
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 13:05:18 2016 +0200
dns_query: register mpm from keyword
commit a1a2187a0c8f7750ff4a2d5d911db0dd339689c9
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 13:03:39 2016 +0200
http_cookie: register mpm from keyword
commit 74661449e0b7019cabe851fed80759673fc083d9
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 13:01:32 2016 +0200
http_raw_host: register mpm from keyword
commit b5cd4889aed4a126e92dd35d7cb8931a869a3f43
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 12:26:17 2016 +0200
http_host: register mpm from keyword
commit 91695c81aacca8db1b9035be73b3b7d0e4f5353b
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 12:22:59 2016 +0200
http_client_body: register mpm from keyword
commit 644d4dc61b466e28319c53af177878b4175b5241
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 12:21:22 2016 +0200
http_stat_code: register mpm from keyword
commit cf96db095aeb46b4652eb8b383f4bd46fb779329
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:49:17 2016 +0200
http_stat_msg: register mpm from keyword
commit 43b281a510afb3a6a304d05aa135dd2d4f497d2b
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:47:29 2016 +0200
file_data: register mpm from keyword
commit 6d0632a9c64f0a11acc9ed62f42581eddfbef315
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:43:08 2016 +0200
http_method: register mpm from keyword
commit e4ea38a8deb22f7cfdacea4e335968dee22bc5c3
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:41:35 2016 +0200
http_raw_header: register mpm from keyword
commit 7813a834d0eff25fbce58d11c8e6eb7f721f1175
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:39:46 2016 +0200
http_user_agent: register mpm from keyword
commit 7b98c0073f9d29353674751891873188fd6595af
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:37:30 2016 +0200
http_header: register mpm from keyword
commit 38e018e2d3530e33bb29f01ff6a5c7116d19e151
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:33:16 2016 +0200
http_raw_uri: register mpm from keyword
commit 7289d12f1bc3e122bb90a43ca0981da7ff472524
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 17 11:28:25 2016 +0200
http_uri: register mpm from keyword
commit 5b2e36a1b00e9ef0144551c4318cbed5c957d42c
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 16 18:52:59 2016 +0200
mpm: add App Layer MPM registery
Register keywords globally at start up.
Create a map of the registery per detection engine. This we need because
the sgh_mpm_context value is set per detect engine.
Remove APP_MPMS_MAX.
commit ae5846b4deed24cd3150d87465f088503ead29b7
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 14 23:12:08 2016 +0200
detect: simplify content inspection types
Instead of a type per buffer type, pass just 3 possible types:
packet, stream, state.
The individual types weren't used. State is just there to be
not packet and not stream.
commit e1eb4816478ed27f05082c371136ec9035d95364
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 26 18:49:17 2016 +0200
prefilter: cleanup and optimization
commit dba14b676cee6fe104fc7085409277b29774eb5a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 18:36:26 2016 +0200
profiling: more prefilter profiling
commit 125603871bf80149d593099741c8b695e316acb7
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 26 16:10:59 2016 +0200
detect: config opt to enable keyword prefilters
commit 36f713c8d4accc90aab5039f78a3929687fb9dab
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 26 14:24:16 2016 +0200
prefilter: in profiling print totals
commit 2e878c202468ea7866de136048191d4d82771589
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 26 12:45:47 2016 +0200
prefilter: alloc CLS aligned memory
commit 732921922a7eed53bc929c4ecf022ad9861fd9ed
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 26 10:14:06 2016 +0200
detect mpm: consider sgh direction when adding rules
commit 9bb12ccb270fdb54cd76ed4db1e794aa2812a161
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 17:55:33 2016 +0200
prefilter: move payload engines into separate list
commit e3b98d5bbf6f8677c0adf345cfe063c7f5ea6c98
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 15:13:25 2016 +0200
detect-ack: extra match support
commit a41bf2ae142428a6badfcbf3f6ded32706e2c82c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 15:13:16 2016 +0200
detect-seq: extra match support
commit a1accbbaf0465eabcd5743f9d20c631a79f8c09d
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 15:12:59 2016 +0200
detect-ttl: extra match support
commit a270dfa008f2d5c19f8c571fd4a4139ffc3df7ad
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 15:12:51 2016 +0200
detect-id: extra match support
commit fbb0490c31fc62b60240e3fde4a1462555105f9b
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 15:12:39 2016 +0200
detect-dsize: extra match support
commit 34e3484dad3af5be0ad916fa9130fc93b430b056
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 13:04:25 2016 +0200
detect-flags: prefilter extra match support
commit ace8f9f5df3ea7ca87d2fdae934dd29ca70c1a2c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 13:04:15 2016 +0200
detect-flow: prefilter extra match support
commit e2eb9f8ede2a8b6a5ebd34b8565a4ac5f2c519c3
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 25 12:59:33 2016 +0200
prefilter: add 'extra match' logic to packet engines
Many of the packet engines are very generic. Rules are generally more
limited.
A rule like 'alert tcp any any -> any 888 (flags:S; sid:1;)' would still
be inspected against every SYN packet in most cases (it depends a bit on
rule grouping though).
This extra match logic adds an additional check to these packet engines.
It can add a check based on alproto, source port and dest port. It uses
only one of these 3. Priority order is src port > alproto > dst port.
For the ports only 'single' ports are used at this time.
commit 9187c20782884a1ac2f9ccc3ef5462f7b43738e4
Author: Victor Julien <victor at inliniac.net>
Date: Tue Aug 23 16:47:35 2016 +0200
detect mpm: negated setup fix
commit 5537e25f384bd7e27f8fa871cd739dc65b1a29c4
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 22 18:44:08 2016 +0200
detect-icmp-id: prefilter
commit fbe7e0aaebcb2b9d2503ba2f26702e4745e28138
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 22 18:44:00 2016 +0200
detect-icmp-seq: prefilter
commit 3a86aeac65bedb5a002fa929940dde2c55ba60ce
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 22 16:29:48 2016 +0200
detect-icode: implement as u8 hash prefilter
commit 6a3917b375a8c4298a02105d6f52359770bc76b9
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 22 15:21:55 2016 +0200
detect-itype: implement as u8 hash prefilter
commit f5d2166e23e693b0133651e3f272ff58a804f3e3
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 17:02:13 2016 +0200
detect-id: implement prefilter
commit d5e5c11bd1582704606ced7d95c168fd2a5b01ef
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 16:26:37 2016 +0200
detect-icode: implement prefilter
commit 10f8e636d61e6aca87c5eac2749746f00ab43e72
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 15:59:22 2016 +0200
detect-itype: implement prefilter
commit b88c0a56b99644693b5bef8ce0d552ca5ae2b55c
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 13:25:37 2016 +0200
detect-ttl: implement prefilter
commit 9ce300620e899ec189bcd22d9736076002a334dc
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 13:11:01 2016 +0200
detect-seq: implement prefilter
commit 822e034753130234b6713f28f355adc2d004d606
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 13:05:09 2016 +0200
detect-flow: implement prefilter
commit 14b0537f9502ecbbdbc36f9120a064ee0f25c322
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 13:04:22 2016 +0200
prefilter: implement basic prefilter priority order
commit 4104f8c066bd8bff3c6796746921ab0b4023ad66
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 11:00:43 2016 +0200
detect-fragoffset: implement prefilter
commit 9195708d58cea902423f761d45ca070ec1d980e6
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 19 17:04:51 2016 +0200
detect analyzer: give minimal prefilter info
commit 065d9bceaebd7427cde8461ec0fcc58a62e08e17
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 19 16:34:38 2016 +0200
detect-dsize: enable prefilter support
Enable prefilter support for the dsize keyword.
commit 9ccd0c0f9081bad82921e50daad129705b91fda4
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 18 14:20:41 2016 +0200
prefilter: implement fragbits
commit 3b4aa06377461773240ae5a3e68fbf1d3b100b21
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 15 15:34:06 2016 +0200
prefilter: engine for ack rules
Rules for the 'ack' keyword are uncommon, but if used inspected
against almost every packet.
commit 31ad0a133b9bb7d3e2384467fb3befd552ec803a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 14 17:17:31 2016 +0200
prefilter: engine for tcp flags keyword
If there are many rules for TCP flags these rules would be inspected
against each TCP packet. Even though the flags check is not expensive,
the combined cost of inspecting multiple rules against each and every
packet is high.
This patch implements a prefilter engine for flags. If a rule group
has rules looking for specific flags and engine for that flag or
flags combination is set up. This way those rules are only inspected
if the flag is actually present in the packet.
commit 8798bf48b210123617a10c9b8046f2fe4ce701a5
Author: Victor Julien <victor at inliniac.net>
Date: Sat Aug 20 14:54:37 2016 +0200
profiling: support prefilter engines
commit ea26ee906f4c9b54fa1c4f6b974373a1a23f94e7
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 22 15:21:19 2016 +0200
prefilter: intro common engine for u8 matches
commit 99b9896bd75399993d2ece2bd1dc39629f5dd8b3
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 19 10:03:21 2016 +0200
prefilter: common funcs for packet header prefilters
commit f80623fd73e7d6df56bbc33f19218b4bc1e1e581
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 1 15:07:31 2016 +0200
prefilter: show prefilter capability in --list-keywords
commit 56239690d041a55ae9c74f6d925d1ae25d48b526
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 14 17:10:00 2016 +0200
prefilter: implement prefilter keyword
Introduce prefilter keyword to force a keyword to be used as prefilter.
e.g.
alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;)
alert tcp any any -> any any (content:"A"; flags:R; sid:2;)
alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;)
alert tcp any any -> any any (content:"A"; dsize:1; sid:4;)
In sid 2 and 4 the content keyword is used in the MPM engine.
In sid 1 and 3 the flags and dsize keywords will be used.
commit 85cb749e8b62f0a665aeec29d534f7727d4bfb20
Author: Victor Julien <victor at inliniac.net>
Date: Sun Jul 10 11:33:27 2016 +0200
detect cleanup: remove sgh mpm_ctx pointers
commit 82d3c0b5209f85e5e5e63877cea8abb33345ee0e
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 09:16:24 2016 +0200
sgh: remove unused flags
commit 08407b6d47606f625bf4f0c502df254659fa9843
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 09:05:58 2016 +0200
tls: mpm prefilter engines
commit 7acdc660613918e6279318f45e8d966beb35b0d3
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 08:47:45 2016 +0200
smtp file_data: mpm prefilter engine
commit 0019a7bd9f36916ccb699793d5af4893ee88dcda
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 08:27:56 2016 +0200
http_raw_header: mpm prefilter engine
Register for both regular headers and trailer.
commit cef12ed80f8bf9db3c9a12d8f3bcbb031f27efd9
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 08:11:31 2016 +0200
http_server_body / file_data: mpm prefilter engine
commit 5646dd9ecf8b0032c2389a8ef2bcdacf693e208d
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 07:59:29 2016 +0200
http_client_body: mpm prefilter engine
commit 9b6fd6bb48d1d8284e253e8bc44eb7d1c2834280
Author: Victor Julien <victor at inliniac.net>
Date: Sat Jul 9 07:16:58 2016 +0200
http_headers: mpm prefilter engines
Register for both regular headers and trailers.
commit 9cab3ea2cdf78e815714febcf364317fb7072f60
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 19:35:13 2016 +0200
http_stat_code: mpm prefilter engine
commit 4d57b2fc6380d45b737c3adc619cef0fbc4c52ab
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 19:28:46 2016 +0200
http_stat_msg: mpm prefilter engine
commit 86d303e32ba1cc7a4dba4a989b74387ab30b3d03
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 18:48:54 2016 +0200
http_raw_host: mpm prefilter engine
commit 521884921300cedca9c8ba8034d47c4c4d104bba
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 18:38:33 2016 +0200
http_host: mpm prefilter engine
commit 61c3748fc479510cf525dbee090dcb2d3c622750
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 18:27:36 2016 +0200
http_user_agent: mpm prefilter engine
commit a43a69305ddaf543daeef8f86317f74506287465
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 17:01:48 2016 +0200
http_cookie: mpm prefilter engine
commit 7a46364e429eb15c3420de8f5e1ec5c4e19c65b1
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 13:07:52 2016 +0200
http_raw_uri: mpm prefilter engine
commit 746a169127b2939f05f92d62543a47d20a2d7b49
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 8 10:15:20 2016 +0200
dns_query: mpm prefilter engine
commit 9ff5703c4972effbb9a93dcbaefb18917c0a566b
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 19:25:10 2016 +0200
packet/stream: mpm prefilter engine
commit 72f2a78b1f5cf22766a26b5f9c1e41886284954c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 18:56:20 2016 +0200
http_method: mpm prefilter engine
commit b62c4cc359c223eacceec3e095cd3172aca03564
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 13:22:20 2016 +0200
http_uri: mpm prefilter engine
Inspect partial request line as well.
commit 5bcdbe39221d5da8b63b9e44b834102c07cb49dd
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jul 6 21:45:47 2016 +0200
prefilter: introduce prefilter engines
Introduce abstraction layer for prefilter engines.
commit 3dad824fb2b5501bfac34513c6a9d26cf0265a49
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 14 15:02:43 2016 +0200
detect: rename SignatureNonMpmStore
New name is SignatureNonPrefilterStore to reflect that it's not just
about MPM anymore.
commit 17bc0299fe1eb4305d0bcea05399eccaa5b13b6d
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 14 13:37:34 2016 +0200
detect: rename non_mpm lists/vars to non_pf
Rename to non_pf: non prefilter.
commit bb0cd0e883c90e551110e79638b8bd017eac1a66
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 14 13:15:31 2016 +0200
prefilter: rename PatternMatcherQueue datatype
In preparation of the introduction of more general purpose prefilter
engines, rename PatternMatcherQueue to PrefilterRuleStore. The new
engines will fill this structure a similar way to the current mpm
prefilters.
commit 4c0ab681f20b804d2eae174698579f7043a38974
Author: Victor Julien <victor at inliniac.net>
Date: Sun Jul 10 11:40:19 2016 +0200
mpm: remove Cleanup API call
It's unused by all of the implementations.
commit 7c4701691309305ef294cde729542f22ebe9aaa2
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 15 16:09:03 2016 +0200
detect-fragoffset: minor cleanup
commit a41695f29f06e7ed692e25851a9f5298de34c8c3
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 10:48:04 2016 +0200
uricontent: remove left over func decl
commit ff70e0cca0a57011d2073d3fe05a2006b7ffb868
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 10:33:28 2016 +0200
mpm tls: remove unused function args
commit ad3a55d9381c82ee7164fa89143fa77064654d9f
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 10:30:47 2016 +0200
mpm dns query: remove unused function args
commit d647db17751837fe15e157992b9b3890359403a5
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 10:25:52 2016 +0200
mpm stat code: remove unused function args
commit bd03307921a76ac0df01b176fd24f20a9ba251c9
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 10:24:19 2016 +0200
mpm stat msg: remove unused function args
commit 6d54b70db4b14d4b55115fd1c5dde347029cac28
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:45:19 2016 +0200
mpm ua: remove unused function args
commit 704afeb078343baaa41abe66cc4bbeca1d2cf623
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:42:52 2016 +0200
mpm cookie: remove unused function args
commit 4229e603f0b47469e1ada05248824dbed91928eb
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:37:30 2016 +0200
mpm raw host: remove unused function args
commit 1380853ee859e589e43ba5e2e2790d2b32785c0a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:34:43 2016 +0200
mpm host: remove unused function args
commit b40ecb73563ca4acb034ae69aefeea08aa48b467
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:29:36 2016 +0200
mpm method: remove unused function args
commit 3d5807ba448c874a69565e690f10718cdc2c1a7c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:25:48 2016 +0200
mpm raw uri: remove unused function args
commit d461c7888ad3c08e8ea0c5abca418ecdd46640cd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 7 09:24:00 2016 +0200
mpm uri: remove unused function args
commit c4dcb205225097dc7c672b4c8435506465ac8b44
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 18 09:59:22 2016 +0200
detect-parse: add new func to get last sigmatch
Add SigMatchGetLastSM which simply returns the very last SM added
to the signature.
Minor cleanups.
-----------------------------------------------------------------------
Summary of changes:
doc/userguide/configuration/suricata-yaml.rst | 88 +-
doc/userguide/rules/index.rst | 1 +
doc/userguide/rules/prefilter.rst | 13 +
src/Makefile.am | 8 +-
src/app-layer-detect-proto.c | 2 +-
src/app-layer-htp.c | 21 +
src/app-layer-htp.h | 3 +
src/app-layer-smtp.c | 2 +-
src/decode.h | 10 +
src/detect-ack.c | 64 +-
src/detect-app-layer-event.c | 60 +-
src/detect-base64-data.c | 2 +-
src/detect-dns-query.c | 19 +-
src/detect-dns-query.h | 2 -
src/detect-dsize.c | 93 +-
src/detect-engine-analyzer.c | 14 +-
src/detect-engine-apt-event.c | 79 -
src/detect-engine-apt-event.h | 34 -
src/detect-engine-content-inspection.h | 30 +-
src/detect-engine-dcepayload.c | 4 +-
src/detect-engine-dns.c | 81 +-
src/detect-engine-dns.h | 2 +
src/detect-engine-filedata-smtp.c | 79 +-
src/detect-engine-filedata-smtp.h | 7 +-
src/detect-engine-hcbd.c | 68 +-
src/detect-engine-hcbd.h | 6 +-
src/detect-engine-hcd.c | 131 +-
src/detect-engine-hcd.h | 7 +-
src/detect-engine-hhd.c | 337 +-
src/detect-engine-hhd.h | 6 +-
src/detect-engine-hhhd.c | 66 +-
src/detect-engine-hhhd.h | 8 +-
src/detect-engine-hmd.c | 60 +-
src/detect-engine-hmd.h | 6 +-
src/detect-engine-hrhd.c | 277 +-
src/detect-engine-hrhd.h | 6 +-
src/detect-engine-hrhhd.c | 87 +-
src/detect-engine-hrhhd.h | 6 +-
src/detect-engine-hrl.c | 4237 --------------------
src/detect-engine-hrl.h | 34 -
src/detect-engine-hrud.c | 362 +-
src/detect-engine-hrud.h | 5 +-
src/detect-engine-hsbd.c | 68 +-
src/detect-engine-hsbd.h | 6 +-
src/detect-engine-hscd.c | 68 +-
src/detect-engine-hscd.h | 7 +-
src/detect-engine-hsmd.c | 68 +-
src/detect-engine-hsmd.h | 7 +-
src/detect-engine-hua.c | 72 +-
src/detect-engine-hua.h | 6 +-
src/detect-engine-mpm.c | 361 +-
src/detect-engine-mpm.h | 16 +-
src/detect-engine-payload.c | 114 +-
src/detect-engine-payload.h | 3 +
src/detect-engine-prefilter-common.c | 412 ++
src/detect-engine-prefilter-common.h | 95 +
src/detect-engine-prefilter.c | 591 +++
src/detect-engine-prefilter.h | 55 +
src/detect-engine-siggroup.c | 149 +-
src/detect-engine-siggroup.h | 2 +-
src/detect-engine-state.c | 253 +-
src/detect-engine-state.h | 39 +-
src/detect-engine-template.c | 4 +-
src/detect-engine-tls.c | 218 +-
src/detect-engine-tls.h | 4 +
src/detect-engine-uri.c | 73 +-
src/detect-engine-uri.h | 4 +-
src/detect-engine.c | 792 +---
src/detect-engine.h | 56 +-
src/detect-fast-pattern.c | 559 +--
src/detect-fast-pattern.h | 2 +
src/detect-file-data.c | 17 +
src/detect-filename.c | 12 +
src/detect-flags.c | 141 +-
src/detect-flow.c | 120 +-
src/detect-fragbits.c | 133 +-
src/detect-fragbits.h | 2 +-
src/detect-fragoffset.c | 107 +-
src/detect-http-client-body.c | 9 +
src/detect-http-cookie.c | 15 +
src/detect-http-header.c | 15 +
src/detect-http-hh.c | 9 +
src/detect-http-hrh.c | 9 +
src/detect-http-method.c | 9 +
src/detect-http-raw-header.c | 14 +
src/detect-http-raw-uri.c | 9 +
src/detect-http-request-line.c | 325 ++
...etect-filesha1.h => detect-http-request-line.h} | 10 +-
src/detect-http-response-line.c | 342 ++
...tect-filesha1.h => detect-http-response-line.h} | 10 +-
src/detect-http-stat-code.c | 9 +
src/detect-http-stat-msg.c | 9 +
src/detect-http-ua.c | 9 +
src/detect-http-uri.c | 9 +
src/detect-icmp-id.c | 108 +-
src/detect-icmp-seq.c | 106 +-
src/detect-icode.c | 130 +-
src/detect-icode.h | 12 -
src/detect-id.c | 66 +-
src/detect-itype.c | 132 +-
src/detect-itype.h | 12 -
src/detect-lua.c | 2 +-
src/detect-modbus.c | 11 +-
src/detect-parse.c | 96 +-
src/detect-parse.h | 3 +-
src/detect-prefilter.c | 104 +
src/{detect-filesha1.h => detect-prefilter.h} | 9 +-
src/detect-seq.c | 63 +-
src/detect-template-buffer.c | 10 +
src/detect-tls-cert-issuer.c | 9 +
src/detect-tls-cert-issuer.h | 2 -
src/detect-tls-cert-subject.c | 10 +
src/detect-tls-cert-subject.h | 2 -
src/detect-tls-cert-validity.c | 5 +
src/detect-tls-sni.c | 9 +
src/detect-tls-sni.h | 3 +-
src/detect-ttl.c | 112 +-
src/detect-uricontent.h | 5 -
src/detect.c | 550 +--
src/detect.h | 266 +-
src/runmode-unittests.c | 2 -
src/suricata-common.h | 26 +-
src/suricata.c | 3 -
src/threadvars.h | 1 -
src/util-mpm-ac-bs.c | 75 +-
src/util-mpm-ac-tile-small.c | 2 +-
src/util-mpm-ac-tile.c | 93 +-
src/util-mpm-ac-tile.h | 4 +-
src/util-mpm-ac.c | 82 +-
src/util-mpm-ac.h | 2 +-
src/util-mpm-hs.c | 65 +-
src/util-mpm.c | 106 -
src/util-mpm.h | 64 +-
src/util-prefilter.c | 132 +
src/util-prefilter.h | 80 +
src/util-profiling-rulegroups.c | 4 +-
src/util-profiling.c | 126 +-
src/util-profiling.h | 33 +
suricata.yaml.in | 6 +
139 files changed, 5682 insertions(+), 8936 deletions(-)
create mode 100644 doc/userguide/rules/prefilter.rst
delete mode 100644 src/detect-engine-apt-event.c
delete mode 100644 src/detect-engine-apt-event.h
delete mode 100644 src/detect-engine-hrl.c
delete mode 100644 src/detect-engine-hrl.h
create mode 100644 src/detect-engine-prefilter-common.c
create mode 100644 src/detect-engine-prefilter-common.h
create mode 100644 src/detect-engine-prefilter.c
create mode 100644 src/detect-engine-prefilter.h
create mode 100644 src/detect-http-request-line.c
copy src/{detect-filesha1.h => detect-http-request-line.h} (79%)
create mode 100644 src/detect-http-response-line.c
copy src/{detect-filesha1.h => detect-http-response-line.h} (79%)
create mode 100644 src/detect-prefilter.c
copy src/{detect-filesha1.h => detect-prefilter.h} (81%)
create mode 100644 src/util-prefilter.c
create mode 100644 src/util-prefilter.h
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list