[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta3-73-g2d7f79a
OISF Git
noreply at openinfosecfoundation.org
Thu Mar 12 08:14:21 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 2d7f79a62bc1ad75dd5d97b1a43710a5b36552cc (commit)
via 2e754ca6fadf9caf94a6d09390a58785feca0843 (commit)
via 6b172bb0103d723574640b53c24f4b00d35a0df3 (commit)
via 8a97bb0d042ea25c445872e142de406aa432ca1e (commit)
via e9857200b3704d4c4a0feedca098a8b6898b9b21 (commit)
via c914f7bcdc40d60b6a27354a9c04d79cb89d52ae (commit)
via b8e7d3a2593ee5673aabac267ac0f2a5ea4fbe93 (commit)
via e138a2ac1e0e0be8421b21d1c461cbfb0733731e (commit)
via ab1d69fc4eb0e4ccd8902c198af0cb94fce1e696 (commit)
via 6ed246c041b9d08e0616401d011cea4d28378763 (commit)
via a243a42bdf1bf4bc88deebc2408c51af7e85df5a (commit)
via 290b01f95e1864fca8926797a183260146659213 (commit)
via 47d9c7b21170540073d4861c4f2e598bd3bf9c5b (commit)
via 54b13851cc390eb1a7963d564a6a1c6d733ccd50 (commit)
via 881f32cc02e897fec8cb0c1bec022709f4748083 (commit)
via c1970a3655360ef603288d50451a6547becdaf3a (commit)
via 180faece7cb5df942bff8f6583e68c45ed7ba19f (commit)
via 22182e7a8430626753b4903db9705b8359a08904 (commit)
from fb0ecaba05cfde20198975037116ce9b2effa7b1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2d7f79a62bc1ad75dd5d97b1a43710a5b36552cc
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 21 19:27:34 2014 +0200
drop json log: log out 'drop' signature
If no normal sig was logged as the 'drop' reason, try the stored
drop signature instead, this will also log out 'noalert' sigs.
commit 2e754ca6fadf9caf94a6d09390a58785feca0843
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 20 15:43:42 2014 +0200
drop json: make alerts logging optional
Make logging out alerts that caused the drop optional.
commit 6b172bb0103d723574640b53c24f4b00d35a0df3
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 20 14:02:20 2014 +0200
drop json: add sids (if applicable)
If a drop is caused by a SID match, add it to the drop record.
commit 8a97bb0d042ea25c445872e142de406aa432ca1e
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 20 13:59:28 2014 +0200
alert json: move alert info into function
Move adding the alert info (sid,rev,gid,etc) into it's own function,
so it can be called from other outputs as well.
commit e9857200b3704d4c4a0feedca098a8b6898b9b21
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 21 10:04:57 2014 +0200
detect: set action from utility function
Set actions that are set directly from Signatures using the new
utility function DetectSignatureApplyActions. This will apply
the actions and also store info about the 'drop' that first made
the rule drop.
commit c914f7bcdc40d60b6a27354a9c04d79cb89d52ae
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 21 10:43:56 2014 +0200
detect: cleanup, remove unused order_id
No longer used, so remove.
commit b8e7d3a2593ee5673aabac267ac0f2a5ea4fbe93
Author: Eric Leblond <eric at regit.org>
Date: Mon Jan 19 19:16:49 2015 +0100
flow-timeout: fix init of pseudo packet
The code was not checking if we had enough room in the direct
data. In case default_packet_size was set really small, this was
resulting in data being written over the data and causing a crash.
The patch fixes the issue by forcing an allocation if the direct
data size in the Packet is to small.
commit e138a2ac1e0e0be8421b21d1c461cbfb0733731e
Author: Eric Leblond <eric at regit.org>
Date: Thu Feb 12 21:15:27 2015 +0100
decode: introduce PacketCallocExtPkt function
In flow timeout handling we need a function that allocate and blank
a place that will be used to put constructed packet data. This new
function has no other goal.
commit ab1d69fc4eb0e4ccd8902c198af0cb94fce1e696
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 27 11:30:47 2015 -0600
When re-opening a log file on HUP, always append.
This will prevent log files that have not been rotated by some
external tool from being deleted, but log files that were
rotated (moved out of the way) will be re-opened.
This is a better default behaviour, especially when not all
log files are rotated at the same time.
Thanks to iro on IRC.
commit 6ed246c041b9d08e0616401d011cea4d28378763
Author: Jason Ish <ish at unx.ca>
Date: Thu Jan 15 14:43:45 2015 -0600
Don't attempt to load the rule files if the rule-files configuration
node is not a sequence. Instead log a warning as this is usually
a configuration error.
commit a243a42bdf1bf4bc88deebc2408c51af7e85df5a
Author: Jason Ish <ish at unx.ca>
Date: Thu Jan 15 14:43:22 2015 -0600
New function to test if a configuration node is a sequence or not.
commit 290b01f95e1864fca8926797a183260146659213
Author: Eric Leblond <eric at regit.org>
Date: Tue Feb 24 17:46:06 2015 +0100
af-packet: don't unlock twice the bpf mutex
commit 47d9c7b21170540073d4861c4f2e598bd3bf9c5b
Author: Eric Leblond <eric at regit.org>
Date: Fri Mar 6 22:21:12 2015 +0100
json-alert: use getter for appstate
commit 54b13851cc390eb1a7963d564a6a1c6d733ccd50
Author: Eric Leblond <eric at regit.org>
Date: Fri Mar 6 22:17:30 2015 +0100
flow: constify getters param
Some potential callers are already using constified values so it
is good to do it.
commit 881f32cc02e897fec8cb0c1bec022709f4748083
Author: Eric Leblond <eric at regit.org>
Date: Fri Mar 6 21:16:52 2015 +0100
json-alert: add SSH fields in alert logging
commit c1970a3655360ef603288d50451a6547becdaf3a
Author: Eric Leblond <eric at regit.org>
Date: Fri Mar 6 21:05:51 2015 +0100
json-ssh: export logging function
It will be use in alert logging to display SSH information.
commit 180faece7cb5df942bff8f6583e68c45ed7ba19f
Author: Eric Leblond <eric at regit.org>
Date: Fri Mar 6 20:03:13 2015 +0100
json-alert: log tls info in alert
This patch adds the capabilities to log the TLS information the
same way it is currently possible to do with HTTP. As it is
quite hard to read ASN.1 directly in the stream, this will help
people to understand why suricata is firing on alert relative
to TLS.
commit 22182e7a8430626753b4903db9705b8359a08904
Author: Eric Leblond <eric at regit.org>
Date: Fri Mar 6 19:55:28 2015 +0100
json-tls: refactor to export logging function
To be able to add TLS data in alert we need to do the same as what
is done with HTTP ie export the logging functions.
-----------------------------------------------------------------------
Summary of changes:
src/conf.c | 39 +++++++++++++
src/conf.h | 1 +
src/decode.c | 12 ++++
src/decode.h | 6 +-
src/detect-engine-alert.c | 5 +-
src/detect-engine-iponly.c | 2 +-
src/detect-engine-state.c | 10 ++--
src/detect.c | 55 ++++++++++++------
src/detect.h | 1 +
src/flow-timeout.c | 16 ++++++
src/flow.c | 4 +-
src/flow.h | 4 +-
src/output-json-alert.c | 137 +++++++++++++++++++++++++++++++++++---------
src/output-json-alert.h | 3 +
src/output-json-drop.c | 99 ++++++++++++++++++++++++++++----
src/output-json-ssh.c | 45 +++++++++------
src/output-json-ssh.h | 6 ++
src/output-json-tls.c | 24 +++++---
src/output-json-tls.h | 7 +++
src/source-af-packet.c | 1 -
src/util-logopenfile.c | 7 ++-
suricata.yaml.in | 5 +-
22 files changed, 388 insertions(+), 101 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list