Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect rule hook/v11 #12758

Closed
wants to merge 30 commits into from
+2,679 −908
Closed

Detect rule hook/v11 #12758

Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
626bd3b
detect: reorder struct
victorjulien Feb 27, 2025
b0b6e40
detect: move non-pf rules into special prefilter engines
victorjulien Dec 28, 2023
4239155
detect: allow longer buffer names
victorjulien Jan 20, 2025
79a1b9a
tls: introduce per direction progress tracking
victorjulien Jan 16, 2025
2c815c3
app-layer: API for mapping progress name vs id
victorjulien Jan 17, 2025
66dbabf
tls: expose progress by name
victorjulien Jan 17, 2025
93c9b3e
http1: register progress state names
victorjulien Jan 23, 2025
78b0213
WIP detect: introduce explicit hooks
victorjulien Jan 14, 2025
88b373d
detect/lua: use rule hook instead of init() 'needs' table
victorjulien Jan 19, 2025
fd63091
detect: reuse hook based generic lists
victorjulien Jan 20, 2025
145e8f0
tls/ja3: register keyword at client_hello_done hook
victorjulien Feb 28, 2025
833c525
detect/tls.version: allow using rule hook
victorjulien Feb 28, 2025
080d353
WIP start of pkt hook
victorjulien Jan 23, 2025
7a49c63
WIP start of firewall rules
victorjulien Feb 26, 2025
fe5750c
WIP fw rules
victorjulien Feb 26, 2025
b60ea56
WIP explicit actions
victorjulien Feb 27, 2025
da582b0
detect: require explicit action scope for firewall rules
victorjulien Feb 27, 2025
58587e0
firewall: add --firewall-rules-exclusive
victorjulien Feb 27, 2025
b3216ac
detect/loader: allow -S with --firewall-rules-exclusive
victorjulien Mar 11, 2025
4bc4015
WIP start of a 'all' pkt hook
victorjulien Feb 28, 2025
73e1032
detect: skip duplicate nopacket inspect check
victorjulien Mar 12, 2025
fee6352
WIP firewall: default drop, add accept action
victorjulien Feb 28, 2025
8ebcfe4
WIP remove FLOW_NOPACKET_INSPECTION - not separate from FLOW_ACTION_PASS
victorjulien Mar 13, 2025
8c577e0
detect: check for a flow drop first
victorjulien Mar 13, 2025
8eec6d4
firewall: split pass:flow and accept:flow
victorjulien Mar 13, 2025
62e3139
detect/prefilter: allow special engine for each app update
victorjulien Mar 14, 2025
7198472
detect: request_update/response_update rule hooks
victorjulien Mar 14, 2025
2ec9062
WIP detect/app-layer-state
victorjulien Mar 14, 2025
4c10cee
SQUASH fixup
victorjulien Mar 15, 2025
236eda2
SQUASH fixup
victorjulien Mar 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
detect: allow longer buffer names 
To support hook based buffer names.
@victorjulien
victorjulien committed Mar 13, 2025
commit 42391556f1651b02def3f81964c45766271c92bd
2 changes: 1 addition & 1 deletion src/detect-engine.c
View file
Original file line number Diff line number Diff line change
@@ -1023,7 +1023,7 @@ static void DetectBufferTypeFree(void)
#endif
static int DetectBufferTypeAdd(const char *string)
{
BUG_ON(string == NULL || strlen(string) >= 32);
BUG_ON(string == NULL || strlen(string) >= 64);

DetectBufferType *map = SCCalloc(1, sizeof(*map));
if (map == NULL)
2 changes: 1 addition & 1 deletion src/detect.h
View file
Original file line number Diff line number Diff line change
@@ -453,7 +453,7 @@ typedef struct DetectEngineAppInspectionEngine_ {
} DetectEngineAppInspectionEngine;

typedef struct DetectBufferType_ {
char name[32];
char name[64];
char description[128];
int id;
int parent_id;