[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta4
OISF Git
noreply at openinfosecfoundation.org
Fri May 8 14:36:36 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 0e2a4c01bacf71ac7b11ab34f0511a30e182a5b2 (commit)
via 0303245761942d5bd5dd455042003e12d68394da (commit)
via 43f691fef8d003edf6a6c849edb91d9be6f6082b (commit)
via 268285c49f2ab2141c9217cc21aeffbf366cb555 (commit)
via da98b0b84f4c36a77e6c141404cccf22d47501c7 (commit)
via 58582df1c6644c1ca9cf2dfcde237b32476ab60e (commit)
via 26ba647d58c01efce2e38ac31194b884046c2084 (commit)
via 4b5848616f903997674f57e1ed3e1af561d0ba95 (commit)
via 1f52410d0fdac1e2eb95256cee40b7e2aeb46d39 (commit)
via d2657becc9bc5e9fea6c0dd2fdc874eaa7e89924 (commit)
via 84dc73d9dee4ddc7f5d33aea861541e2d0450d30 (commit)
via f0c54d47648bd7e973bd315fc0c2d1351af50d02 (commit)
via b9468aba7cbc03481165939cbe62de5f5ff2154a (commit)
via 68cf3dd621fff203e976d40a9a48fe03f29930e9 (commit)
via 04561f13d375989b25b4c17e71415ca711d0ac8f (commit)
via 41a1a9f4aff442bcad4d38ab9222c410fdaa5355 (commit)
from eac83be1216a554f99b668b053e8dd4f6cea6953 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0e2a4c01bacf71ac7b11ab34f0511a30e182a5b2
Author: Victor Julien <victor at inliniac.net>
Date: Fri May 8 16:09:24 2015 +0200
Update changelog for 2.1beta4 release
commit 0303245761942d5bd5dd455042003e12d68394da
Author: Eric Leblond <eric at regit.org>
Date: Sun Jan 25 20:49:28 2015 +0100
af-packet: use max packet size as snaplen
If default_packet_size is set to 0, then we use the maximum packet
size as snaplen.
commit 43f691fef8d003edf6a6c849edb91d9be6f6082b
Author: Eric Leblond <eric at regit.org>
Date: Sun Jan 25 19:31:45 2015 +0100
util-device: fix LiveBuildDeviceListCustom
The code was assuming that the dictionnary containing the parameter
of a interface was ordered. But for YAML, the order is not assumed
so in case the configuration is generated we may not be able to
parse correctly the configuration file.
By iterating on child on main node and then iterating on subchild
and doing a match on the name, we are able to find the interface
list. In term of code, this algorithm was obtained by simply
removing the test on the name of the first child.
commit 268285c49f2ab2141c9217cc21aeffbf366cb555
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 18 11:07:59 2014 +0100
output-json-http: output status as an integer
HTTP status is an integer and it should be written as such in the
JSON events. This will allow to have improved matching in log
analysis tools.
commit da98b0b84f4c36a77e6c141404cccf22d47501c7
Author: Eric Leblond <eric at regit.org>
Date: Tue Jun 10 09:43:56 2014 +0200
coccinelle: update struct flags test
commit 58582df1c6644c1ca9cf2dfcde237b32476ab60e
Author: Eric Leblond <eric at regit.org>
Date: Wed Oct 1 16:15:06 2014 +0200
decode-der: decode DC keyword
'DC' is used by some certificates and it was not currently translated
to a string.
commit 26ba647d58c01efce2e38ac31194b884046c2084
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Thu May 7 23:34:15 2015 +0200
filedata: read inspected tracker settings from suricata.yaml
commit 4b5848616f903997674f57e1ed3e1af561d0ba95
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Tue Mar 10 16:21:14 2015 +0100
filedata: implement inspected tracker
commit 1f52410d0fdac1e2eb95256cee40b7e2aeb46d39
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Fri Jan 30 10:36:55 2015 +0100
UT: implement tests for inspection code
commit d2657becc9bc5e9fea6c0dd2fdc874eaa7e89924
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Tue Feb 10 15:21:35 2015 +0100
app-layer-smtp: make functions as public
commit 84dc73d9dee4ddc7f5d33aea861541e2d0450d30
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Wed Jan 21 20:39:34 2015 +0100
mpm: implement prefiltering for smtp
commit f0c54d47648bd7e973bd315fc0c2d1351af50d02
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Tue Jan 20 17:38:06 2015 +0100
Detect engine for smtp file_data file_data: inspecting smtp attachments
Create a buffer to store reassembled file chunks,
and inspect the content.
commit b9468aba7cbc03481165939cbe62de5f5ff2154a
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Tue Jan 20 17:20:57 2015 +0100
FileData: add stream_offset field
This is required to store the offset for reassembling chunks.
commit 68cf3dd621fff203e976d40a9a48fe03f29930e9
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Tue Jan 20 12:02:16 2015 +0100
file_data: register keyword for smtp and tcp protocol
Permits to use file_data keyword with smtp or tcp proto.
Also adds some unit tests
commit 04561f13d375989b25b4c17e71415ca711d0ac8f
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Thu Feb 5 15:04:13 2015 +0100
signature: set flags and test the protocol
This checks if the signature's protocol is http
when setup the content keyword.
Also sets the proper flags based by protocol
since the flag SIG_FLAG_TOSERVER has to be set
if the proto is smtp, otherwise SIG_FLAG_TOCLIENT
is it's http.
commit 41a1a9f4aff442bcad4d38ab9222c410fdaa5355
Author: Giuseppe Longo <giuseppelng at gmail.com>
Date: Tue Jan 20 10:28:38 2015 +0100
find and replace HSBDMATCH by FILEDATA
This commit do a find and replace of the following:
- DETECT_SM_LIST_HSBDMATCH by DETECT_SM_LIST_FILEDATA
sed -i 's/DETECT_SM_LIST_HSBDMATCH/DETECT_SM_LIST_FILEDATA/g' src/*
- HSBD by FILEDATA:
sed -i 's/HSBDMATCH/FILEDATA/g' src/*
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 37 ++
qa/coccinelle/struct-flags.cocci | 54 +-
src/Makefile.am | 1 +
src/app-layer-smtp.c | 112 ++--
src/app-layer-smtp.h | 14 +
src/detect-byte-extract.c | 18 +-
src/detect-bytejump.c | 20 +-
src/detect-bytetest.c | 20 +-
src/detect-content.c | 22 +-
src/detect-depth.c | 2 +-
src/detect-distance.c | 2 +-
src/detect-engine-analyzer.c | 8 +-
src/detect-engine-content-inspection.h | 1 +
src/detect-engine-filedata-smtp.c | 565 +++++++++++++++++++++
...engine-hscd.h => detect-engine-filedata-smtp.h} | 26 +-
src/detect-engine-hsbd.c | 2 +-
src/detect-engine-mpm.c | 96 +++-
src/detect-engine-mpm.h | 1 +
src/detect-engine-state.h | 1 +
src/detect-engine.c | 15 +-
src/detect-fast-pattern.c | 122 +++--
src/detect-file-data.c | 103 +++-
src/detect-http-server-body.c | 116 ++---
src/detect-isdataat.c | 26 +-
src/detect-lua.c | 2 +-
src/detect-nocase.c | 2 +-
src/detect-offset.c | 2 +-
src/detect-parse.c | 13 +-
src/detect-pcre.c | 26 +-
src/detect-pkt-data.c | 4 +-
src/detect-within.c | 2 +-
src/detect.c | 56 +-
src/detect.h | 17 +-
src/output-json-http.c | 3 +-
src/runmode-unittests.c | 2 +
src/source-af-packet.c | 9 +
src/suricata-common.h | 1 +
src/util-decode-der-get.c | 3 +
src/util-device.c | 20 +-
src/util-file.c | 7 +
src/util-file.h | 3 +
suricata.yaml.in | 6 +-
42 files changed, 1269 insertions(+), 293 deletions(-)
create mode 100644 src/detect-engine-filedata-smtp.c
copy src/{detect-engine-hscd.h => detect-engine-filedata-smtp.h} (59%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list