[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0rc1-62-gf6bb867

OISF Git noreply at openinfosecfoundation.org
Mon Mar 3 16:50:55 UTC 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  f6bb867df8ee4ec0ac4a5379c645c78a12ef175b (commit)
       via  0967f0777c53db925279ecde6737b769d2d2fa3e (commit)
       via  669b351dad25f48e26ad9e90c7a0416fdb9bf425 (commit)
       via  b877cf6158f88efe024d154da2bd3cbc9d9f7fdf (commit)
       via  65b228ccfd9ff0166b1ed6670a98ed67605dad6e (commit)
       via  b4aeb43af11efa9d8d4b2d514bf401de4068d6de (commit)
       via  294ff49f6da9482481f0e71fc7076e50c2f8ae04 (commit)
       via  b792234dd008462e1027a554394aa420a47ff344 (commit)
       via  b5afe2b51f80081fd191cb7496961d50eeee6d30 (commit)
       via  6c0162bf26ea2787e21854b753aeaade8a6e2097 (commit)
       via  884cecd9af0c213e82e6f0d899fb6e668cea847c (commit)
       via  32fcdfe6eb854de65b4f77bbedff6dfd4e0ba8dc (commit)
       via  3648adb5333099f3ea4c8eafa6940c9cb49ec6a3 (commit)
       via  a3c9832b90de307cc0769c0cc178fecc7bd68a60 (commit)
       via  e00b5ca191dd798e2a298fec4af5c6edb03b3bc5 (commit)
       via  79de8c8f4bfeea721cf0c0fad684d00f2011b57c (commit)
      from  a6bb86a9e0b916947ba977cfe86c01c784419f8a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f6bb867df8ee4ec0ac4a5379c645c78a12ef175b
Author: Victor Julien <victor at inliniac.net>
Date:   Sun Mar 2 11:57:13 2014 +0100

    ssh: fix scan-build warnings
    
    app-layer-ssh.c:165:5: warning: Value stored to 'input_len' is never read
        input_len -= 1;
        ^            ~
    1 warning generated.
    
    app-layer-ssh.c:160:5: warning: Value stored to 'input_len' is never read
        input_len -= 4;
        ^            ~
    1 warning generated.

commit 0967f0777c53db925279ecde6737b769d2d2fa3e
Author: Victor Julien <victor at inliniac.net>
Date:   Sun Mar 2 11:08:49 2014 +0100

    ssh: improve banner checking
    
    Don't use input_len as banner length. Instead, look for banner end
    to calculate banner length.
    
    Add test for banner buffering corner case.

commit 669b351dad25f48e26ad9e90c7a0416fdb9bf425
Author: Victor Julien <victor at inliniac.net>
Date:   Sun Mar 2 10:27:43 2014 +0100

    ssh: fixes for minor scan-build warnings
    
    /usr/share/clang/scan-build/ccc-analyzer -DHAVE_CONFIG_H -I. -I..   -I./../libhtp/  -I/usr/include/nspr   -I/usr/include/nss -I/usr/include/nspr   -DLOCAL_STATE_DIR=\"/usr/local/var\" -g -O2 -Wall -Wno-unused-parameter -std=gnu99 -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_LIBNET_ICMPV6_UNREACH  -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -DREVISION="51e0dee" -MT app-layer-ssh.o -MD -MP -MF .deps/app-layer-ssh.Tpo -c -o app-layer-ssh.o app-layer-ssh.c
    app-layer-ssh.c:164:5: warning: Value stored to 'input' is never read
        input += 1;
        ^        ~
    app-layer-ssh.c:165:5: warning: Value stored to 'input_len' is never read
        input_len -= 1;
        ^            ~
    app-layer-ssh.c:212:13: warning: Value stored to 'ret' is never read
                ret = 0;
                ^     ~
    3 warnings generated.

commit b877cf6158f88efe024d154da2bd3cbc9d9f7fdf
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 23:12:29 2014 +0100

    ssh: add json logger
    
    Sub module of eve-log, but can also run separately as ssh-json-log. Only
    one at a time though.

commit 65b228ccfd9ff0166b1ed6670a98ed67605dad6e
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 22:23:18 2014 +0100

    ssh: improve large and fragmented banner handling
    
    Including tests.

commit b4aeb43af11efa9d8d4b2d514bf401de4068d6de
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 18:11:19 2014 +0100

    ssh: disable inspection in encrypted phase
    
    When both sides of the session have completed the encryption setup,
    flag the stream to disable detection.

commit 294ff49f6da9482481f0e71fc7076e50c2f8ae04
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 18:09:20 2014 +0100

    ssh: allow for space characters in the software version
    
    Previously the software version would only contain up to the first
    space.
    
    E.g. in SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu3
    
    It would contain "OpenSSH_4.7p1".
    
    This patch changes the behavior to:
    
    "OpenSSH_4.7p1 Debian-8ubuntu3"

commit b792234dd008462e1027a554394aa420a47ff344
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 17:32:27 2014 +0100

    ssh: clean up flags

commit b5afe2b51f80081fd191cb7496961d50eeee6d30
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 17:07:15 2014 +0100

    ssh: reenable ssh.protoversion keyword

commit 6c0162bf26ea2787e21854b753aeaade8a6e2097
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 16:59:26 2014 +0100

    ssh: reenable ssh.softwareversion keyword

commit 884cecd9af0c213e82e6f0d899fb6e668cea847c
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 16:50:07 2014 +0100

    ssh: handle fragmented banner
    
    Cleanups.

commit 32fcdfe6eb854de65b4f77bbedff6dfd4e0ba8dc
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 15:49:54 2014 +0100

    ssh: server support, cleanups

commit 3648adb5333099f3ea4c8eafa6940c9cb49ec6a3
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 15:37:50 2014 +0100

    ssh: record parser

commit a3c9832b90de307cc0769c0cc178fecc7bd68a60
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 1 10:12:00 2014 +0100

    ssh: reenable parser as stub
    
    Reenable the SSH parser. It now compiles, however the actual parsing
    code is still disabled (commented out).

commit e00b5ca191dd798e2a298fec4af5c6edb03b3bc5
Author: Eric Leblond <eric at regit.org>
Date:   Wed Jan 8 20:28:21 2014 +0100

    classification: add category to some stream rules
    
    All stream events signatures deserve a category.

commit 79de8c8f4bfeea721cf0c0fad684d00f2011b57c
Author: Eric Leblond <eric at regit.org>
Date:   Wed Jan 8 15:55:58 2014 +0100

    runmode: remove unused variable.
    
    default_mode_auto is not used anymore and can be removed.

-----------------------------------------------------------------------

Summary of changes:
 rules/stream-events.rules                   |  102 +-
 src/Makefile.am                             |    1 +
 src/app-layer-parser.c                      |    6 -
 src/app-layer-ssh.c                         | 2197 +++++++++++++++++----------
 src/app-layer-ssh.h                         |   56 +-
 src/detect-ssh-proto-version.c              |   64 +-
 src/detect-ssh-software-version.c           |   56 +-
 src/detect.c                                |    6 -
 src/output-json-ssh.c                       |  322 ++++
 src/{util-host-info.h => output-json-ssh.h} |   10 +-
 src/output.c                                |    8 +
 src/output.h                                |    1 +
 src/runmode-af-packet.c                     |    2 -
 src/runmode-pfring.c                        |    2 -
 src/suricata.c                              |    3 +
 src/tm-modules.c                            |    1 +
 src/tm-threads-common.h                     |    1 +
 17 files changed, 1880 insertions(+), 958 deletions(-)
 create mode 100644 src/output-json-ssh.c
 copy src/{util-host-info.h => output-json-ssh.h} (79%)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list