[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta1-66-g22272f6
OISF Git
noreply at openinfosecfoundation.org
Wed Aug 20 21:06:22 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 22272f6c5b73fdeea125aec7833938e493a75618 (commit)
via 5a86e57d415fd20d171e57e109d69ab532da73e4 (commit)
via 41523ede77f6675fae5f040e80abf28d65e23cb8 (commit)
via 3b98a1ce66b4820e8170dcf16bcf2c19fe461867 (commit)
via a11478715019b07fc2c46e0fd5956298efbca74d (commit)
via fdc73eeba67d41eefd25417b3c3f69e8b7f42736 (commit)
via e0d544fb86095f95083d20434e46bf35693cdd1c (commit)
via f23399d6724bbbe8c9f8d66a6241bc9ba118e09e (commit)
via adfe17280becb8f7f21958b329f054c2c2a9e733 (commit)
via 66019ba3251b86a79bf529b3633ccc16f27ea4ef (commit)
via 307ce40500c714d93124fcb922f58231083c8f05 (commit)
via 90b5aff02ec5e63cefcf693ac12e7617ed866469 (commit)
via 0e93a292744a2c9c3faa6e5c29be3882acd21393 (commit)
via 46ac85dea61ed680e0508f294099310efc44c194 (commit)
via f7d890fe00438e98f581d971e5737f2a5465cecf (commit)
via ca3be7700801bbe264364729a6368c0a83a17920 (commit)
via efb5c29698a4649f007809ef9a448599e4217ecd (commit)
via 08b0d9a5b45766ef6d42356dcb50cc62d069a435 (commit)
via 8360b707e88abca5dafaa8a571600a343fcbc48e (commit)
via a234a335ac0688d549097fcafbc2380d3cd5932a (commit)
via cb69cee4d8d81080519a932530c65f4bfcff6481 (commit)
via 19383fd428b5c226901556096892386a4bcd1410 (commit)
via 22dd14d5604c717a5296433ef19cdb953f156eb3 (commit)
via 8802ba3f67ea175a1b15d7e16aa4dea9d698f93e (commit)
via 07ff85a44e89b225982c9830a2d7fed4d8cb4f27 (commit)
via 3343060d85d96a2bd6cd7a481e153c1350bcbc40 (commit)
via b3dfd3cd8e2d209f316a555865fe6c146b1eaf2b (commit)
via d9efa7048ab7fbbf208309cb97935d25a024b066 (commit)
via f2da5dbbad2d5d41b12291fcef0b41f3d54ec1d7 (commit)
via affbd697ed8c30b474045e045fd206847dcd4d30 (commit)
via 599ec36b2cb2cab0e50e924c97923d1eea92fd8a (commit)
via 8bc01af58141b2999db9a60aba6f897265a13dc9 (commit)
via fe3484fbc0976e2cda984a71cefb1b01857876dc (commit)
via 0055a10b3a9c675bee60cccc0f1aced5cb1f74db (commit)
via 51ab5e55c1a51e56586d7a92d7751529ddbe770a (commit)
via 1e836be3d8e21e62486f09a91aebafdf1bfdc7c3 (commit)
via 31eea0f143607b379c0563be8372e9259f5c74b8 (commit)
via 329f55598f024da012ef9af868729841539eb18f (commit)
via c5ff94a319fd38b7a1ab2b45b34b8eaf2c8c273f (commit)
via 0070aef3d12ee97fc7bc4bd9121a538c0dcaf00b (commit)
via 1517a2ca0efdc3d197a6382ec373c45416d0e32d (commit)
via fe6cf00a8a017359b5e9c2c29264cacac46c9877 (commit)
via 53d7f800bf45852a3b914df2fd917a4ecd780182 (commit)
via 15052e58a24b572a312df3cdc93f10ad6e5f3dcb (commit)
via 684afc7f4e223ad21a8d288e54944716fd07d9d7 (commit)
via b60e28e1a492bd9f49d44cdb5fa34373624421cd (commit)
via 0bd4b9beca02fc9c29270953bd84a2aa63fe22aa (commit)
via db30ed8c3e6cc3ac6fa6fff1eacb4ca58fab3e0c (commit)
via 95e0eae69af40f3fead22894b256d21817364a4a (commit)
via 1fd0f96b49b6a7f54834610508a941fa78a4241d (commit)
via eb5a70fe0909450e3767a6123ae756178096651b (commit)
via 64935546632c4e0bbb987adadd9bba55cdc9d165 (commit)
via cd78705e3a312c6ec291bcdf95b9eb0fc45c110f (commit)
via ac2ef45a3de1acdaa98bd3269c4d093eedf726ef (commit)
via 3dec0e96f8b8fa468956dad8cc799e04de90af5e (commit)
via bac6c3ab029b3c8412b04e8cc9e51559dfa4f4d7 (commit)
via ab6fac884d4c8f0e27ee5915768251c81ce7340b (commit)
via 9d9ef983dde8a404be7a0007a6c1fae7f5126595 (commit)
from fdcc7d18e7d9eea2ccf89f5b0b7a8b69321ef466 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 22272f6c5b73fdeea125aec7833938e493a75618
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 15 14:04:44 2014 +0200
lua: export packet keywords to detect scripts
Set packet pointer, so it's available to the lua keywords that
require it.
commit 5a86e57d415fd20d171e57e109d69ab532da73e4
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 14 16:37:37 2014 +0200
detect-lua: register all 'output' keywords as well
Register all keywords available to output scripts to the detect
scripts as well.
commit 41523ede77f6675fae5f040e80abf28d65e23cb8
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 14 16:33:37 2014 +0200
detect-lua: set tx ptr
Set tx ptr so it can be used later by other keywords.
commit 3b98a1ce66b4820e8170dcf16bcf2c19fe461867
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 14 16:21:38 2014 +0200
detect: track current tx_id in det_ctx
When using the inspection engines, track the current tx_id in the
thread storage the detect thread uses. As 0 is a valid tx_id, add
a simple bool that indicates if the tx_id field is set.
commit a11478715019b07fc2c46e0fd5956298efbca74d
Author: Victor Julien <victor at inliniac.net>
Date: Tue Aug 5 09:58:48 2014 +0200
lua: move lua output code to generic lua file
So that other Lua scripts (detect) can also start using it.
commit fdc73eeba67d41eefd25417b3c3f69e8b7f42736
Author: Victor Julien <victor at inliniac.net>
Date: Tue Aug 5 09:26:59 2014 +0200
lua: remove LogLua prefix and replace it with Lua
Preparing making code available to more than just output.
commit e0d544fb86095f95083d20434e46bf35693cdd1c
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 4 17:47:47 2014 +0200
lua: move output http funcs to generic util file
Move output Http functions to util-lua-http.c so that detect can use
it later.
commit f23399d6724bbbe8c9f8d66a6241bc9ba118e09e
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 1 16:29:53 2014 +0200
Rename Lua code to just Lua
As we support regular Lua as well as LuaJIT, it makes more sense to call
it all Lua.
commit adfe17280becb8f7f21958b329f054c2c2a9e733
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 1 15:34:37 2014 +0200
lua: use LuaPushStringBuffer in more places
Replace existing workarounds with LuaPushStringBuffer
commit 66019ba3251b86a79bf529b3633ccc16f27ea4ef
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 1 12:41:17 2014 +0200
lua: LuaPushStringBuffer optimization
Only use a temp buffer when really necessary, which is when the
buffer size is not a multiple of 4.
commit 307ce40500c714d93124fcb922f58231083c8f05
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 1 12:32:38 2014 +0200
lua: move LuaPushStringBuffer to the generic util-lua.c
commit 90b5aff02ec5e63cefcf693ac12e7617ed866469
Author: Victor Julien <victor at inliniac.net>
Date: Fri Aug 1 12:29:17 2014 +0200
lua: rename LuaReturnStringBuffer to LuaPushStringBuffer
LuaPushStringBuffer is a wrapper for lua_pushlstring, so the new name
better reflects it's function.
commit 0e93a292744a2c9c3faa6e5c29be3882acd21393
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 31 18:02:40 2014 +0200
output-lua: add SCFlowStats
SCFlowStats gets the packet and byte counts per flow:
tscnt, tsbytes, tccnt, tcbytes = SCFlowStats()
commit 46ac85dea61ed680e0508f294099310efc44c194
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jul 29 17:36:42 2014 +0200
output lua: expose flow logging api
Allow use of the Flow Logging API through Lua scripts.
Minimal script:
function init (args)
local needs = {}
needs["type"] = "flow"
return needs
end
function setup (args)
end
function log(args)
startts = SCFlowTimeString()
ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
print ("Flow IPv" .. ipver .. " src " .. srcip .. " dst " .. dstip ..
" proto " .. proto .. " sp " .. sp .. " dp " .. dp)
end
function deinit (args)
end
commit f7d890fe00438e98f581d971e5737f2a5465cecf
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jun 25 15:25:53 2014 +0200
lua-output: add SCStreamingBuffer
Add SCStreamingBuffer lua function to retrieve the data passed
to the script per streaming API invocation.
Example:
function log(args)
data = SCStreamingBuffer()
hex_dump(data)
end
commit ca3be7700801bbe264364729a6368c0a83a17920
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jun 24 22:40:33 2014 +0200
output-lua: add support for streaming api
Add support to lua output for the streaming api. This allows for a
script to subscribe itself to streaming tcp data and http body data.
commit efb5c29698a4649f007809ef9a448599e4217ecd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Apr 3 00:09:57 2014 +0200
output-lua: give access to packet payload
Add SCPacketPayload()
Example:
function log(args)
p = SCPacketPayload()
print(p)
end
commit 08b0d9a5b45766ef6d42356dcb50cc62d069a435
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 31 15:05:15 2014 +0200
output-lua: expose http body data
Make normalized body data available to the script through
HttpGetRequestBody and HttpGetResponseBody.
There no guarantees that all of the body will be availble.
Example:
function log(args)
a, o, e = HttpGetResponseBody();
--print("offset " .. o .. " end " .. e)
for n, v in ipairs(a) do
print(v)
end
end
commit 8360b707e88abca5dafaa8a571600a343fcbc48e
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 28 17:24:22 2014 +0100
output-lua: add HttpGetRequestHost callback
Get the host from libhtp's tx->request_hostname, which can either be
the host portion of the url or the host portion of the Host header.
Example:
http_host = HttpGetRequestHost()
if http_host == nil then
http_host = "<hostname unknown>"
end
commit a234a335ac0688d549097fcafbc2380d3cd5932a
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 21 22:26:28 2014 +0100
output-lua: http alproto check
commit cb69cee4d8d81080519a932530c65f4bfcff6481
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 21 22:26:37 2014 +0100
output-lua: clean up flow lock handling
commit 19383fd428b5c226901556096892386a4bcd1410
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 21 14:25:04 2014 +0100
output-lua: alproto string callback
SCFlowAppLayerProto: get alproto as string from the flow. If alproto
is not (yet) known, it returns "unknown".
function log(args)
alproto = SCFlowAppLayerProto()
if alproto ~= nil then
print (alproto)
end
end
commit 22dd14d5604c717a5296433ef19cdb953f156eb3
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 21 09:40:54 2014 +0100
output-lua: expose thread info
A new callback to give access to thread id, name and group name:
SCThreadInfo. It gives: tid (integer), tname (string), tgroup (string)
function log(args)
tid, tname, tgroup = SCThreadInfo()
commit 8802ba3f67ea175a1b15d7e16aa4dea9d698f93e
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 19 18:38:29 2014 +0100
output-lua: expose flow start time string
SCFlowTimeString: returns string form of start time of a flow
Example:
function log(args)
startts = SCFlowTimeString()
ts = SCPacketTimeString()
if ts == startts then
print("new flow")
end
commit 07ff85a44e89b225982c9830a2d7fed4d8cb4f27
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 19 16:13:38 2014 +0100
output-lua: add file callbacks
SCFileInfo: returns fileid (number), txid (number), name (string),
size (number), magic (string), md5 in hex (string)
Example:
function log(args)
fileid, txid, name, size, magic, md5 = SCFileInfo()
SCFileState: returns state (string), stored (bool)
Example:
function log(args)
state, stored = SCFileState()
commit 3343060d85d96a2bd6cd7a481e153c1350bcbc40
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 19 12:36:01 2014 +0100
output-lua: add SCPacketTimeString
Add SCPacketTimeString to get the packets time string in the format:
11/24/2009-18:57:25.179869
Example use:
function log(args)
ts = SCPacketTimeString()
commit b3dfd3cd8e2d209f316a555865fe6c146b1eaf2b
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 17 18:44:09 2014 +0100
output-lua: rule info callback
SCRuleIds(): returns sid, rev, gid:
function log(args)
sid, rev, gid = SCRuleIds()
SCRuleMsg(): returns msg
function log(args)
msg = SCRuleMsg()
SCRuleClass(): returns class msg and prio:
function log(args)
class, prio = SCRuleClass()
if class == nil then
class = "unknown"
end
commit d9efa7048ab7fbbf208309cb97935d25a024b066
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 14 14:16:47 2014 +0100
lua: add SCFlowTuple lua function
Like SCPacketTuple, only retrieves Tuple from the flow.
Minimal log function:
function log(args)
ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
print ("Flow IPv" .. ipver .. " src " .. srcip .. " dst " .. dstip ..
" proto " .. proto .. " sp " .. sp .. " dp " .. dp)
end
commit f2da5dbbad2d5d41b12291fcef0b41f3d54ec1d7
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 3 14:11:00 2014 +0100
detect-lua: convert extensions to use flow wrappers
Use the new flow wrapper functions in the lua flowvar and flowint
extensions.
commit affbd697ed8c30b474045e045fd206847dcd4d30
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 3 14:09:18 2014 +0100
lua: add flow store and retrieval wrappers
Add flow store and retrieval wrappers for accessing the flow through
Lua's lightuserdata method.
The flow functions store/retrieve a lock hint as well.
commit 599ec36b2cb2cab0e50e924c97923d1eea92fd8a
Author: Victor Julien <victor at inliniac.net>
Date: Fri Feb 28 16:18:48 2014 +0100
lua: introduce util-lua.[ch]
Shared functions for all lua parts of the engine.
commit 8bc01af58141b2999db9a60aba6f897265a13dc9
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 24 17:08:44 2014 +0100
output-lua: add all packets logging support
If the script needing a packet doesn't specify a filter, it will
be run against all packets. This patch adds the support for this
mode. It is a packet logger with a condition function that always
returns true.
commit fe3484fbc0976e2cda984a71cefb1b01857876dc
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 24 16:41:27 2014 +0100
output-lua: improve error checking for init()
If init doesn't properly init the script, skip the script and error
out.
commit 0055a10b3a9c675bee60cccc0f1aced5cb1f74db
Author: Victor Julien <victor at inliniac.net>
Date: Fri Feb 21 12:20:46 2014 +0100
output-log: expose SCLog functions to lua scripts
The lua scripts can use SCLogDebug, SCLogInfo, SCLogNotice, SCLogWarning,
SCLogError. The latter 2 won't be able to add an error code though.
commit 51ab5e55c1a51e56586d7a92d7751529ddbe770a
Author: Victor Julien <victor at inliniac.net>
Date: Fri Feb 21 10:17:16 2014 +0100
output-lua: make packet ptr available to all scripts
TxLogger and Packet logger need it to be able to use the Tuple
callback.
commit 1e836be3d8e21e62486f09a91aebafdf1bfdc7c3
Author: Victor Julien <victor at inliniac.net>
Date: Fri Feb 21 09:37:39 2014 +0100
output-lua: add SCLogPath callback
Add a lua callback for getting Suricata's log path, so that lua scripts
can easily get the logging directory Suricata uses.
Update the Setup logic to register callbacks before the scripts 'setup'
is called.
Example:
name = "fast_lua.log"
function setup (args)
filename = SCLogPath() .. "/" .. name
file = assert(io.open(filename, "a"))
end
commit 31eea0f143607b379c0563be8372e9259f5c74b8
Author: Victor Julien <victor at inliniac.net>
Date: Fri Feb 21 09:00:42 2014 +0100
output-lua: TxLogger use proper stack function
Use proper wrapper to setup the stack.
commit 329f55598f024da012ef9af868729841539eb18f
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 17:58:15 2014 +0100
output-lua: improve error handling and documentation
Better document the various functions and improve error handling.
commit c5ff94a319fd38b7a1ab2b45b34b8eaf2c8c273f
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 17:55:15 2014 +0100
output-lua: register common callbacks
Clean up callback registration in the setup-stage and register
common callbacks.
commit 0070aef3d12ee97fc7bc4bd9121a538c0dcaf00b
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 17:51:47 2014 +0100
output-lua: support File logging
Add file logger support. The script uses:
function init (args)
local needs = {}
needs['type'] = 'file'
return needs
end
The type is set to file to make it a file logger.
commit 1517a2ca0efdc3d197a6382ec373c45416d0e32d
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 17:49:51 2014 +0100
output-lua: rename LuaPacketLogger to ..Alerts
As the script is called for each alert, not for each packet, name
the script LuaPacketLoggerAlerts.
commit fe6cf00a8a017359b5e9c2c29264cacac46c9877
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 15:57:00 2014 +0100
output-lua: add stack utility functions
Add utility functions for placing things on the stack for use
by the scripts. Functions for numbers, strings and byte arrays.
Add callback for returing IP header info: ip version, src ip,
dst ip, proto, sp, dp (or type and code for icmp and icmpv6):
SCPacketTuple
commit 53d7f800bf45852a3b914df2fd917a4ecd780182
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 15:47:50 2014 +0100
output-lua: initial packet support
Add key for storing packet pointer in the lua stack and a utility
function to retrieve it from lua callbacks.
commit 15052e58a24b572a312df3cdc93f10ad6e5f3dcb
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 15:45:33 2014 +0100
output-lua: move LuaPrintStack to common
It's a utility function that will be used in several other places
as well.
commit 684afc7f4e223ad21a8d288e54944716fd07d9d7
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 09:39:24 2014 +0100
output-lua: add example packet log script
Example packet log script that outputs to stdout in the alert-
fast log format.
commit b60e28e1a492bd9f49d44cdb5fa34373624421cd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 20 09:36:16 2014 +0100
output-lua: packet logger support
Through 'needs' the script init function can indicate it wants to
see packets and select a condition function. Currently only alerts
is an option:
function init (args)
local needs = {}
needs["type"] = "packet"
needs["filter"] = "alerts"
return needs
end
commit 0bd4b9beca02fc9c29270953bd84a2aa63fe22aa
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 19 13:49:35 2014 +0100
output-lua: new file for common functions
Add output-lua-common.[ch] to store functions common to various parts
of the lua output framework.
commit db30ed8c3e6cc3ac6fa6fff1eacb4ca58fab3e0c
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 11 14:44:21 2014 +0100
output: Lua HTTP log initial implementation
Initial version of a HTTP LUA logger. Execute lua scripts from the
Tx-log API.
commit 95e0eae69af40f3fead22894b256d21817364a4a
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 19 12:52:03 2014 +0100
output-lua: support submodules
Use the OutputCtx::submodules list to register additional log modules.
Currently this is hardcoded to the 'lua' module.
commit 1fd0f96b49b6a7f54834610508a941fa78a4241d
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 19 12:50:57 2014 +0100
output-lua: display warning if no lua support
Display a warning that the lua module is not available if we're
not compiled against lua(jit).
commit eb5a70fe0909450e3767a6123ae756178096651b
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 19 12:46:50 2014 +0100
output: add submodules list to OutputCtx
Add a list to the OutputCtx that can contain OutputModule structures.
This will be used by a 'parent' module to register submodules directly.
commit 64935546632c4e0bbb987adadd9bba55cdc9d165
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jun 18 12:15:58 2014 +0200
streaming: pass tx_id to logger
This way we can distinguish between various tx' in the logger.
commit cd78705e3a312c6ec291bcdf95b9eb0fc45c110f
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jun 17 17:49:05 2014 +0200
streaming-loggers: add configuration
Add a (disabled by default) config to the yaml
commit ac2ef45a3de1acdaa98bd3269c4d093eedf726ef
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jun 13 12:05:33 2014 +0200
tcp-data-log: file and dir logging modes
Add a file logging mode, which logs all the data into a single log file.
Also, make the directory logging more configurable.
commit 3dec0e96f8b8fa468956dad8cc799e04de90af5e
Author: Victor Julien <victor at inliniac.net>
Date: Sat Apr 5 10:02:38 2014 +0200
tcp-data: new streaming logger
tcp-data logs out reassembled stream data in a streaming fashion.
Records type to log into different directories.
commit bac6c3ab029b3c8412b04e8cc9e51559dfa4f4d7
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jun 12 11:42:00 2014 +0200
streaming logger: support Http Body logging
Add an argument to the registration to indicate which iterator
needs to be used: Stream or HttpBody
Add HttpBody Iterator, calling the logger(s) for each Http body chunk.
commit ab6fac884d4c8f0e27ee5915768251c81ce7340b
Author: Victor Julien <victor at inliniac.net>
Date: Sat Apr 5 10:00:27 2014 +0200
output-streaming: StreamIterator
StreamIterator implementation for iterating over ACKed segments.
Flag each segment as logged when the log function has been called for it.
Set a 'OPEN' flag for the first segment in both directions.
Set a 'CLOSE' flag when the stream ends. If the last segment was already
logged, a empty CLOSE call is performed with NULL data.
commit 9d9ef983dde8a404be7a0007a6c1fae7f5126595
Author: Victor Julien <victor at inliniac.net>
Date: Fri Apr 4 12:51:26 2014 +0200
output-streaming: a Log API for streaming data
This patch adds a new Log API for streaming data such as TCP reassembled
data and HTTP body data. It could also replace Filedata API.
Each time a new chunk of data is available, the callback will be called.
-----------------------------------------------------------------------
Summary of changes:
lua/fast.lua | 34 +
src/Makefile.am | 10 +-
src/app-layer-htp-body.c | 2 +
src/app-layer-htp.h | 1 +
src/detect-engine-content-inspection.c | 16 +-
src/detect-engine-file.c | 3 -
src/detect-engine-state.c | 8 +
src/detect-filemagic.c | 2 +-
...luajit-extensions.c => detect-lua-extensions.c} | 198 ++---
...luajit-extensions.h => detect-lua-extensions.h} | 12 +-
src/{detect-luajit.c => detect-lua.c} | 234 +++---
src/{detect-luajit.h => detect-lua.h} | 19 +-
src/detect-parse.c | 4 +-
src/detect.c | 4 +-
src/detect.h | 4 +-
src/log-tcp-data.c | 345 +++++++++
src/{detect-depth.h => log-tcp-data.h} | 11 +-
src/output-lua.c | 771 ++++++++++++++++++++
src/{output-json-ssh.h => output-lua.h} | 8 +-
src/output-streaming.c | 454 ++++++++++++
src/{output-filedata.h => output-streaming.h} | 35 +-
src/output.c | 73 ++
src/output.h | 10 +
src/runmodes.c | 62 ++
src/stream-tcp-private.h | 3 +
src/suricata.c | 8 +
src/tm-modules.c | 3 +
src/tm-modules.h | 2 +
src/tm-threads-common.h | 3 +
src/util-error.c | 6 +-
src/util-error.h | 6 +-
src/util-lua-common.c | 750 +++++++++++++++++++
src/{output-json-ssh.h => util-lua-common.h} | 19 +-
src/util-lua-http.c | 368 ++++++++++
src/{output-json-ssh.h => util-lua-http.h} | 12 +-
src/util-lua.c | 258 +++++++
src/util-lua.h | 91 +++
suricata.yaml.in | 22 +
38 files changed, 3558 insertions(+), 313 deletions(-)
create mode 100644 lua/fast.lua
rename src/{detect-luajit-extensions.c => detect-lua-extensions.c} (72%)
rename src/{detect-luajit-extensions.h => detect-lua-extensions.h} (76%)
rename src/{detect-luajit.c => detect-lua.c} (86%)
rename src/{detect-luajit.h => detect-lua.h} (82%)
create mode 100644 src/log-tcp-data.c
copy src/{detect-depth.h => log-tcp-data.h} (81%)
create mode 100644 src/output-lua.c
copy src/{output-json-ssh.h => output-lua.h} (85%)
create mode 100644 src/output-streaming.c
copy src/{output-filedata.h => output-streaming.h} (55%)
create mode 100644 src/util-lua-common.c
copy src/{output-json-ssh.h => util-lua-common.h} (57%)
create mode 100644 src/util-lua-http.c
copy src/{output-json-ssh.h => util-lua-http.h} (81%)
create mode 100644 src/util-lua.c
create mode 100644 src/util-lua.h
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list