git.ipfire.org Git - people/ms/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Fri, 17 Aug 2018 08:41:51 +0000 (10:41 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 18 Sep 2018 06:11:42 +0000 (08:11 +0200)
commit	7186ce7b99887d5986ee611583b36837e164e021
tree	8b2f478d63167598b798e9944f509328cafc96ca	tree
parent	9b86c7c5c0babd73cfa02c7cebc51853e3194f62	commit \| diff

stream: introduce min inspect depth logic

Some rules need to inspect both raw stream data and higher level
buffers together. When this higher level buffer is a streaming
buffer itself, the risk of mismatch exists.

This patch allows an app-layer parser to set a 'min inspect depth'.
The value is used by the stream engine to keep at least this
depth worth of data, so that the detection engine can request
all of it for inspection.

For rules that have the SIG_FLAG_FLUSH flag set, data is inspected
not from offset raw_progress, but from raw_progress minus
min_inspect_depth.

At this time this is only used for sigs that have their fast_pattern
in a HTTP body and have raw stream match as well.

src/app-layer-htp.c		diff \| blob \| blame \| history
src/detect-engine-payload.c		diff \| blob \| blame \| history
src/stream-tcp-list.c		diff \| blob \| blame \| history
src/stream-tcp-private.h		diff \| blob \| blame \| history
src/stream-tcp-reassemble.c		diff \| blob \| blame \| history
src/stream-tcp-reassemble.h		diff \| blob \| blame \| history
src/stream-tcp.h		diff \| blob \| blame \| history
src/tests/stream-tcp-reassemble.c		diff \| blob \| blame \| history