[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta2-147-gb27d03e
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Mon Jan 27 15:52:48 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via b27d03e2f91864f7677fc5b29d28901b0410e699 (commit)
via 9ff6608668d31787e59fd7fc997c460bfb7b38e2 (commit)
via b31e0abffe936f4f04275ab195212d51d7407e9e (commit)
via 3e33ab4f835d0bdeab3f66f2f868c46b232c5ce4 (commit)
via 38249398a3d0b26bae8dc25fee7c91a9a65f444c (commit)
via 078ff0c0cc4a1101df21a0212262e96055a330ef (commit)
via 4c024f9658a3f5ca8b3454b36f8fc26176ee41ff (commit)
via 0e8ad126d72cc4c2c3029b72d1ef6498713b3531 (commit)
via ee2a8a9cdac41bb2316ce33628ab4dc6a0d5c663 (commit)
via cef2eb01c5dbe36b1324c71bc4bc8fada9832091 (commit)
via fb5b6dd019179a96623129d36a4e4c925cc3e786 (commit)
via 8623b8f941076c0e23462c2a7bea2292392069db (commit)
via b0a9d08267e04649d3f74682b5dc1e80c3f24eb3 (commit)
via ec20f45916aae883035771813bae9e44ff4b402d (commit)
via 6c36824d69d70aa6be8cb6c4c33f914477a8aa7a (commit)
via a536e736950a92cc75e5530fda9040795133264f (commit)
via 73377048fd29e01fbfcce39b387f3cb3e22faa2b (commit)
via cd4796f3caeb0d10c107bfa209e50771f7a45d56 (commit)
via 4b57d0272ca499602260e2a20abae4233294b761 (commit)
via 504f39adefa97bf79d9aff9d2f8bb54c608ef33d (commit)
via bcf5c1f2fbe36576730f272e6eedbe0b9f496c78 (commit)
via 28c40837008377d1fa6bb44015e41eceeadf9a71 (commit)
via 35aa6c1e6674e3438686b0da57c9de90d6661d30 (commit)
via 15eb4b292d304a5c155a3d7cdc9a69927d7652d2 (commit)
via ad70793f78b439922f35f954e404d2acbc4f8cac (commit)
via 4049c2f74c240b02e31495822ded4dab3a6ed7a4 (commit)
via d43ac9ae98e24b883a29f72782a9cbfa218f4f85 (commit)
from 3474c36b5433e12cf57b2753e4e3708d6dac6c28 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b27d03e2f91864f7677fc5b29d28901b0410e699
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 16 15:23:03 2014 +0100
log-filestore: convert to FiledataLog API
This patch converts the log-filestore module to use the new
FiledataLog API.
commit 9ff6608668d31787e59fd7fc997c460bfb7b38e2
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 16 15:20:09 2014 +0100
Introduce Filedata Logger API
A new logger API for registering file storage handlers. Where the
FileLog handler is called once per file, this handler will be called
for each data chunk so that storing the entire file is possible.
The logger call in the API is as follows:
typedef int (*FiledataLogger)(ThreadVars *, void *thread_data,
const Packet *, const File *, const FileData *, uint8_t flags);
All data is const, thus should be read only. The final flags field
is used to indicate to the caller that the file is new, or if it's
being closed.
Files use an internal unique id 'file_id' which can be used by the
loggers to create unique file names. This id can use the 'waldo'
feature of the log-filestore module. This patch moves that waldo
loading and storing logic to this API's implementation. A new
configuration directive 'file-store-waldo: <filename>' is added,
but the existing waldo settings will also continue to work.
commit b31e0abffe936f4f04275ab195212d51d7407e9e
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 16:24:25 2014 +0100
log-filestore: cleanups
Remove unused code.
Make functions static.
Move registration to the bottom.
commit 3e33ab4f835d0bdeab3f66f2f868c46b232c5ce4
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 16:17:15 2014 +0100
log-filestore: tag truncated files as such
Tag truncated files as truncated in the same way log-file does.
commit 38249398a3d0b26bae8dc25fee7c91a9a65f444c
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 14:25:32 2014 +0100
tx-logger: speed up
By bailing out early in case no logger is enabled for the protocol,
a significant speed up is reached.
commit 078ff0c0cc4a1101df21a0212262e96055a330ef
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 14:23:16 2014 +0100
app-layer: add logger check to API
The new API call:
int AppLayerParserProtocolHasLogger(uint8_t ipproto,
AppProto alproto)
Returns TRUE if a logger is registered on the ip/alproto pair, and
FALSE otherwise.
commit 4c024f9658a3f5ca8b3454b36f8fc26176ee41ff
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 14:14:01 2014 +0100
profiling: add logger api labels
commit 0e8ad126d72cc4c2c3029b72d1ef6498713b3531
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 13:28:43 2014 +0100
log-file: convert to file-logger API
Use file logger API.
Also, check if the protocol is HTTP before getting the HTTP
fields.
commit ee2a8a9cdac41bb2316ce33628ab4dc6a0d5c663
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 13:22:47 2014 +0100
Introduce 'file' logging API
This patch introduces a new logging API for logging extracted file info.
It allows for registration of a callback that is called once per file:
when it's considered 'closed'.
Users of this API register their Log Function through:
OutputRegisterFileModule()
The API uses a magic settings globally. This might be changed later.
commit cef2eb01c5dbe36b1324c71bc4bc8fada9832091
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 15 10:59:15 2014 +0100
log-file: cleanups
Make all functions static.
Move registration to the bottom.
commit fb5b6dd019179a96623129d36a4e4c925cc3e786
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 17:14:27 2014 +0100
prelude: convert to packet logger API
Convert prelude logger to use the packet logger API.
commit 8623b8f941076c0e23462c2a7bea2292392069db
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 17:02:33 2014 +0100
prelude: fix configure and cleanup
Fixes configure enabling of prelude. CFLAGS is reset, so the previous
adding of -DPRELUDE was nixed. Using AC_DEFINE now.
Cleanups:
- make functions static
- simplify handling of no prelude support
- move registration to the bottom
commit b0a9d08267e04649d3f74682b5dc1e80c3f24eb3
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 16:39:41 2014 +0100
alert-syslog: convert to packet logger API
Convert Syslog alert logger to packet logger API.
commit ec20f45916aae883035771813bae9e44ff4b402d
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 16:30:06 2014 +0100
alert-syslog: cleanup
Remove separate ipv4 and ipv6 registration functions.
Make all functions static.
Move registration function to the bottom.
Simplify OS_WIN32 wrappers usage.
commit 6c36824d69d70aa6be8cb6c4c33f914477a8aa7a
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 16:20:27 2014 +0100
alert-pcapinfo: convert to packet logger API
Convert pcap-info to use the packet logger API.
commit a536e736950a92cc75e5530fda9040795133264f
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 16:08:47 2014 +0100
alert-pcapinfo: clean up
Make functions static.
Move registration to the bottom.
commit 73377048fd29e01fbfcce39b387f3cb3e22faa2b
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 10:47:18 2014 +0100
alert-debuglog: minor cleanups
Clean up log functions after packet logger conversion. No more
PacketQueue arguments.
commit cd4796f3caeb0d10c107bfa209e50771f7a45d56
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 10:43:07 2014 +0100
alert-debuglog: port to packet logger api
Convert AlertDebugLog to Packet logger API. Convert packet args to
const.
commit 4b57d0272ca499602260e2a20abae4233294b761
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 14 10:07:27 2014 +0100
alert-debug log cleanups
Make all funcs but registration static.
Remove stale registation prototypes.
Move registation func to the bottom.
commit 504f39adefa97bf79d9aff9d2f8bb54c608ef33d
Author: Victor Julien <victor at inliniac.net>
Date: Mon Jan 13 16:13:27 2014 +0100
log-tls: convert to packet logger API
This patch converts log-tls to use the packet logger API. The packet
logger API was choosen as the TLS parser is not transaction aware.
To make sure the state is only logged once, the flag
SSL_AL_FLAG_STATE_LOGGED was added to the parser. This flag is checked
by the condition function, and set at the end of the Logger function.
commit bcf5c1f2fbe36576730f272e6eedbe0b9f496c78
Author: Victor Julien <victor at inliniac.net>
Date: Mon Jan 13 15:18:42 2014 +0100
log-tls: clean ups
Make all functions static. Remove separate ipv4 and ipv6 registration
functions. Move register function to the bottom so that we no longer
need function prototype declarations.
commit 28c40837008377d1fa6bb44015e41eceeadf9a71
Author: Victor Julien <victor at inliniac.net>
Date: Sat Dec 7 11:43:08 2013 +0100
dns: convert dns logger to TX logger API
Make sure to use the new logger TX API. For this the transaction
handling was improved as well.
commit 35aa6c1e6674e3438686b0da57c9de90d6661d30
Author: Victor Julien <victor at inliniac.net>
Date: Fri Dec 6 12:33:51 2013 +0100
Convert log-drop to packet logger api.
commit 15eb4b292d304a5c155a3d7cdc9a69927d7652d2
Author: Victor Julien <victor at inliniac.net>
Date: Thu Dec 5 18:35:27 2013 +0100
TX logging API: convert HTTP log
Convert the HTTP log to the new TX logging API.
commit ad70793f78b439922f35f954e404d2acbc4f8cac
Author: Victor Julien <victor at inliniac.net>
Date: Thu Dec 5 18:08:53 2013 +0100
Introduce TX logging API
This patch introduces a new API for logging transactions from
tx-aware app layer protocols. It runs all the registered loggers
from a single thread module. This thread module takes care of the
transaction handling and flow locking. The logger just gets a
transaction to log out.
All loggers for a protocol will be run at the same time, so there
will not be any timing differences.
Loggers will no longer act as Thread Modules in the strictest sense.
The Func is NULL, and SetupOuputs no longer attaches them to the
thread module chain individually. Instead, after registering through
OutputRegisterTxModule, the setup data is used in the single logging
module.
The logger (LogFunc) is called for each transaction once, at the end
of the transaction.
commit 4049c2f74c240b02e31495822ded4dab3a6ed7a4
Author: Victor Julien <victor at inliniac.net>
Date: Thu Dec 5 16:55:17 2013 +0100
Packet logging API: convert unified2
Convert unified2 alert to new logging API.
commit d43ac9ae98e24b883a29f72782a9cbfa218f4f85
Author: Victor Julien <victor at inliniac.net>
Date: Thu Dec 5 15:35:15 2013 +0100
Introduce packet logging output API
This patch introduces a new API for outputs that log based on the
packet, such as alert outputs. In converts fast-log to the new API.
The API gets rid of the concept of each logger being a thread module,
but instead there is one thread module that runs all packet loggers.
Through the registration function OutputRegisterPacketModule a log
module can register itself to be considered for each packet.
Each logger registers itself to this new API with 2 functions and the
OutputCtx object that was already used in the old implementation.
The function pointers are:
LogFunc: the log function
ConditionFunc: this function is called before the LogFunc and only
if this returns TRUE the LogFunc is called.
For a simple alert logger like fast-log, the condition function will
simply return TRUE if p->alerts.cnt > 0.
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 2 +-
src/Makefile.am | 4 +
src/alert-debuglog.c | 102 ++++----
src/alert-debuglog.h | 3 -
src/alert-fastlog.c | 187 +++-----------
src/alert-pcapinfo.c | 155 ++++++------
src/alert-pcapinfo.h | 1 -
src/alert-prelude.c | 347 ++++++++++++--------------
src/alert-prelude.h | 1 -
src/alert-syslog.c | 171 +++++---------
src/alert-syslog.h | 2 -
src/alert-unified2-alert.c | 64 +++---
src/app-layer-dns-common.c | 14 +-
src/app-layer-parser.c | 8 +
src/app-layer-parser.h | 1 +
src/app-layer-ssl.h | 3 +
src/log-dnslog.c | 141 +++---------
src/log-droplog.c | 177 +++++++-------
src/log-file.c | 202 +++++----------
src/log-filestore.c | 321 +++++-------------------
src/log-httplog.c | 200 +++++-----------
src/log-tlslog.c | 305 ++++++++++-------------
src/log-tlslog.h | 3 -
src/output-file.c | 273 ++++++++++++++++++++
src/{packet-queue.h => output-file.h} | 24 ++-
src/output-filedata.c | 440 +++++++++++++++++++++++++++++++++
src/output-filedata.h | 48 ++++
src/output-packet.c | 214 ++++++++++++++++
src/{util-time.h => output-packet.h} | 37 +--
src/output-tx.c | 280 +++++++++++++++++++++
src/{util-time.h => output-tx.h} | 36 +--
src/output.c | 156 ++++++++++++
src/output.h | 24 ++
src/runmodes.c | 107 ++++++++-
src/stream-tcp.c | 2 +-
src/stream-tcp.h | 2 +-
src/stream.c | 2 +-
src/stream.h | 4 +-
src/suricata.c | 18 +-
src/tm-modules.c | 4 +
src/tm-threads-common.h | 4 +
41 files changed, 2495 insertions(+), 1594 deletions(-)
create mode 100644 src/output-file.c
copy src/{packet-queue.h => output-file.h} (53%)
create mode 100644 src/output-filedata.c
create mode 100644 src/output-filedata.h
create mode 100644 src/output-packet.c
copy src/{util-time.h => output-packet.h} (56%)
create mode 100644 src/output-tx.c
copy src/{util-time.h => output-tx.h} (56%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list