[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta4-374-gdcbbda5
OISF Git
noreply at openinfosecfoundation.org
Thu Oct 8 15:58:02 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via dcbbda505f1abb55739333de0c6c347e30cb5797 (commit)
via 53bfcf64b7020993dd4d1cb2c2260fb5757e5e8e (commit)
via 413082afc0bedecc0bc0b6e49e12ee3571d59503 (commit)
via 580728087cd6f3be4a80177b5d1d8624ac1c9ae8 (commit)
via 4185f3ee9270b51f2e7b0d0a7227029933b79e40 (commit)
via 6572725a7ada11a33906af4e8243781bac556d43 (commit)
via 4d83318b464143b29e1e2632d94b3c1c2b5cc487 (commit)
via 6f223c6dba2f62550ad6bece750d4dded2041858 (commit)
via 3aa7e38c14b0c0d04913f4c68bfa013f6567367c (commit)
via 69b4218afc9bf1888d3ab34ff305e05f7b6eb7bb (commit)
via ed400acf8e946404bbc0634df153bf155dcae345 (commit)
via 3e29a232087ddac825d1779eae23accbafbade10 (commit)
via 437fe40660d97f7507fdf4e6ad9e33b2d9a13cd2 (commit)
via e634fcee60d0c67394743e1f00720b7dc7217a20 (commit)
via 2ecab3f76523e9078afe1fc425b5972520680dda (commit)
via 53419b93c861b948890bb2ac12e13982e72ae726 (commit)
via dbb3e1976e417c3b1346e17b747f2ebd41328328 (commit)
via 38750f1313ba4cbda20fb84adf99fe618ecab2fc (commit)
via 6f04988ba125ab6885340f1baa1eda0c06299104 (commit)
via 113d6a395020396d9d29e0ff7cb796caa85f9bc9 (commit)
via 96412e8921b6c145ddc8bf06551a6e8abfb4d79d (commit)
via bf6b0145e2758784643576312bff8d33bf730ceb (commit)
via d9b602fc0f243b4ed42e70aa2cf7f8a0060613d8 (commit)
via 0ef0f1d526386d3aa85cd5dd5683d326c2aef1b1 (commit)
via f03a7a032f09d6d4e822319ff73ed3b5e708549f (commit)
via 77a5273cdef1bf067fddacd8ba5f34e21a2ed333 (commit)
via 946f2a6acc4541e92584d2db628d940f2e1a2e39 (commit)
via fbd6428f1bb082b35b24c9b1e4715c2a2ce8128f (commit)
via 534360fc0202c66d8877c5c8b55dbee5ead320b8 (commit)
via 8fd88f543d43ad0f291fc02bf04c40b6676ed03e (commit)
via f81f353d1f75a790dc84a200aa25a2fe38e142bc (commit)
via 6f033747ec7853d048683acb743ba124ad9d15d6 (commit)
via 17edff6c5e7cb4f5d41da8d17737681a3879ba71 (commit)
via 6e0668125c16b729106ee5b5e4bda69135c5cf7d (commit)
via dad1f85edb59406a00164e6533c31ca12253b790 (commit)
via d1b0a5aa6d6368c40c347b2fde8ddfacded1cc53 (commit)
via caa8982b4324c7e63cd7f72afb4208257bdec1d1 (commit)
via ca52fa91dd7e03a23dd417c19480db079182ad67 (commit)
via a719ea3c928e0e4c961713c8b6dca72b0abd99a7 (commit)
via 881aa3efce7e12530d606057ba2d99b35a8ddeab (commit)
via 7bb38f7c301741deedd4945c04500e4707746951 (commit)
via 431dc155aa8cfec8df96b7caa5140e26ab27fa25 (commit)
via abcaf46193474dc4a1acc6984da1318570c16d58 (commit)
via 4c0f8803e7e4b9848af1c2e2a976ca4dbf66909f (commit)
via a7ef0c05ba28f8d41776ebc1411d9a9e4cc7faf7 (commit)
via 3456ec467f7c36f5cd5f324f75c7a8f43e9afc71 (commit)
via 714c30a127828bfff8e8c44e19c3ffc7316744df (commit)
via 54038f5691c0e3367651a1fa0b8ff3346ad5f07b (commit)
via ab941305d53cacd20697403b4ced1b26e44dacc0 (commit)
via 77119a31863ee9cc3bedcd8abf007914ba7942cc (commit)
via 47a199ee978608ba4351c40f48c00833bdc3b6c6 (commit)
via 94dbd303e4744a40f3761265be7c73a7a4754764 (commit)
via 4ef12dcf5d0d7e47f25a5a1cb78b9c2b73f8deef (commit)
via bccabe3813627abfe4f7a77272d1b195a8115753 (commit)
via d7e13c2c039901fdc4042431d693be31fe1c7ef1 (commit)
via a233a982ea1495b0d473c8affecac5dbb4f66b20 (commit)
via 990055842830a65cb31ea51c52a06412c3d6c191 (commit)
via ea311c159424a8a76e2b76875f65e38737e1bc6c (commit)
via d39009ca582af30a1478934be7259294a7247d09 (commit)
via e43eb76abd043c5eb14240d808b66a6d07d4f1d2 (commit)
via 0f3979cc814a35a63ba7aca8582551439bd5ab59 (commit)
via 752fdba95725a94cf1cb31145009fd90448397b3 (commit)
via 2abae3f0a13237a3a945b058b03147b59acdc8e0 (commit)
via 7bca8268bcae54db5a2e7ac0914f63f78a39d49b (commit)
via 5c26a2f2c8f52a4612f6c185dfd5af912f418589 (commit)
from 77302e5d51f8a0f8c4486a39a7b5c8bd243aa3d8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dcbbda505f1abb55739333de0c6c347e30cb5797
Author: Alessandro Guido <ag at alessandroguido.name>
Date: Tue Sep 8 11:39:20 2015 +0200
Describe new unified2-alert "payload" option
commit 53bfcf64b7020993dd4d1cb2c2260fb5757e5e8e
Author: Alessandro Guido <ag at alessandroguido.name>
Date: Fri Jun 19 16:57:48 2015 +0200
Add option to omit payload in unified2 output
Add a boolean option named "payload" to the unified2-alert output type.
Such options makes suricata omit the payload in the resulting unified2
file. The default value is true in order to preserve the current behaviour.
commit 413082afc0bedecc0bc0b6e49e12ee3571d59503
Author: Jason Ish <ish at unx.ca>
Date: Mon Sep 21 15:39:37 2015 -0600
GPL license sync with official gpl-2.0.txt
Synced up with:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
commit 580728087cd6f3be4a80177b5d1d8624ac1c9ae8
Author: Jason Ish <ish at unx.ca>
Date: Mon Apr 20 15:54:11 2015 -0600
fix util-host-os-info unit tests.
- Some tests always passed due to the result value being
initialized to 1.
- Fix tests that now fail. Looks like just the test were wrong
and that the code does the right thing.
commit 4185f3ee9270b51f2e7b0d0a7227029933b79e40
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 22 13:58:41 2015 -0600
detect-pcre: allow upper cases metachars for host (/W).
Redmine issue 1490.
commit 6572725a7ada11a33906af4e8243781bac556d43
Author: Eric Leblond <eric at regit.org>
Date: Thu Sep 24 14:20:42 2015 +0200
util-debug: don't colorize if a redirect is used
It is better to disable the color mode when a redirect of stderr
is done to avoid getting colorized output in the generated file.
commit 4d83318b464143b29e1e2632d94b3c1c2b5cc487
Author: Victor Julien <victor at inliniac.net>
Date: Thu Sep 24 12:24:15 2015 +0200
defrag tests: fix compiler warnings
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2423:5: note: remove the 'if' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2423:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2423:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~
defrag.c:2427:5: note: variable 'p' is declared here
Packet *p = Defrag(NULL, NULL, p1, NULL);
^
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2486:5: note: remove the 'if' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2486:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2486:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~
defrag.c:2490:5: note: variable 'p' is declared here
Packet *p = Defrag(NULL, NULL, p1, NULL);
^
6 errors generated.
make[3]: *** [defrag.o] Error 1
commit 6f223c6dba2f62550ad6bece750d4dded2041858
Author: Jason Ish <ish at unx.ca>
Date: Thu Aug 27 13:59:30 2015 -0600
defrag: stop reassembly at the first packet with more flags not set
commit 3aa7e38c14b0c0d04913f4c68bfa013f6567367c
Author: Jason Ish <ish at unx.ca>
Date: Mon Jun 15 11:14:16 2015 -0600
defrag: tracker initialization cleanup
Remove the old tracker reset macro which is no longer being used.
Clear last_seen and remove flags on initialization.
Remove extra call to DefragTrackerInit as it was being called 2x
for each new tracker.
Now that DefragTrackerNew is just a wrapper for DefragTrackerAlloc,
remove it and just call DefragTrackerAlloc directly.
commit 69b4218afc9bf1888d3ab34ff305e05f7b6eb7bb
Author: Jason Ish <ish at unx.ca>
Date: Mon Jun 15 11:06:50 2015 -0600
defrag: don't use trackers marked for removal
These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
commit ed400acf8e946404bbc0634df153bf155dcae345
Author: Jason Ish <ish at unx.ca>
Date: Thu Jun 18 14:18:49 2015 -0600
defrag: unit test for tracker reuse (current fails)
Will be fixed in subsequent commits as tracker reuse is fixed.
commit 3e29a232087ddac825d1779eae23accbafbade10
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date: Sun Sep 27 22:03:12 2015 +0300
unix-manager: log client (dis)connection with DEBUG level.
Also select/receive errors are logged as ERROR.
commit 437fe40660d97f7507fdf4e6ad9e33b2d9a13cd2
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date: Tue Sep 29 00:08:55 2015 +0300
Feature 1527: ability to compile as a position independent executable
Adds corresponding configure option which enables proper CPPFLAGS
and LDFLAGS.
commit e634fcee60d0c67394743e1f00720b7dc7217a20
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed Sep 30 10:42:26 2015 +0200
lua: TLS lua output support
Support TLS in lua output scripts (Feature #1568).
function init (args)
local needs = {}
needs["protocol"] = "tls"
return needs
end
function setup (args)
filename = SCLogPath() .. "/" .. "lua_tls.log"
file = assert(io.open(filename, "a"))
end
function log (args)
ts = SCPacketTimeString()
ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
version, subject, issuer, fingerprint = TlsGetCertInfo();
if version == nil then
return 0
end
file:write(ts .. " " .. srcip .. ":" .. sp .. " -> " .. dstip ..
":" .. dp .. " TLS: " .. "Subject='" .. subject ..
"' " .. "Issuerdn='" .. issuer .. "\n")
file:flush()
end
function deinit (args)
file:close(file)
end
commit 2ecab3f76523e9078afe1fc425b5972520680dda
Author: Eric Leblond <eric at regit.org>
Date: Fri Oct 2 23:40:54 2015 +0200
decode-mime: fix body md5 computation
Previous code was wrongly supposing the lines are ending with CRLF.
But this is not the case so we must propagate the length of end of
line delimiter to be able to compute the md5 of the mail body.
commit 53419b93c861b948890bb2ac12e13982e72ae726
Author: Eric Leblond <eric at regit.org>
Date: Wed Sep 23 14:49:03 2015 +0200
util-decode-mime: fix some unittests
Unittests were failling when ASAN is activated because it was
finding some read outside of bounds. This patch fixes the different
reported issues.
commit dbb3e1976e417c3b1346e17b747f2ebd41328328
Author: Eric Leblond <eric at regit.org>
Date: Wed Sep 23 14:47:40 2015 +0200
util-decode-mime: fix IsIpv6Host function
Using in6_addr is better when calling inet_pton. This fixes an
issue reported by ASAN.
commit 38750f1313ba4cbda20fb84adf99fe618ecab2fc
Author: Eric Leblond <eric at regit.org>
Date: Wed Sep 23 13:54:38 2015 +0200
smtp-layer: remove FIXME and del excessive newline
commit 6f04988ba125ab6885340f1baa1eda0c06299104
Author: Eric Leblond <eric at regit.org>
Date: Tue Sep 15 16:36:37 2015 +0200
output-json: add tx_id to events
This patch updates alert, stmp and http JSON logging to have a
tx_id in the root of the JSON log message.
commit 113d6a395020396d9d29e0ff7cb796caa85f9bc9
Author: Eric Leblond <eric at regit.org>
Date: Tue Sep 15 16:34:44 2015 +0200
output-json: add create header with tx function
To be able to correlate between events, it is better to have the
tx_id information in the root object. This function adds a new
function to automate the addition of the field.
commit 96412e8921b6c145ddc8bf06551a6e8abfb4d79d
Author: Eric Leblond <eric at regit.org>
Date: Tue Sep 15 15:48:19 2015 +0200
json-email: JsonEmailAddMetadata update
Add tx_id to the list of params to be in sync with recent changes.
commit bf6b0145e2758784643576312bff8d33bf730ceb
Author: Eric Leblond <eric at regit.org>
Date: Tue Sep 15 09:36:00 2015 +0200
json-http: gen metadata function with tx_id param
commit d9b602fc0f243b4ed42e70aa2cf7f8a0060613d8
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 14 11:39:19 2015 +0200
json-smtp: add tx_id param to metadata generation
In all metadata generation contexts we know the tx_id so we better
used it to log the correct transaction and not an other one.
commit 0ef0f1d526386d3aa85cd5dd5683d326c2aef1b1
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 14 11:38:39 2015 +0200
json-smtp: change copyright date
commit f03a7a032f09d6d4e822319ff73ed3b5e708549f
Author: Eric Leblond <eric at regit.org>
Date: Sun Sep 13 19:08:52 2015 +0200
json-alert: add smtp elements in alert
commit 77a5273cdef1bf067fddacd8ba5f34e21a2ed333
Author: Eric Leblond <eric at regit.org>
Date: Sun Sep 13 19:07:34 2015 +0200
json-smtp: fix a debug message
commit 946f2a6acc4541e92584d2db628d940f2e1a2e39
Author: Eric Leblond <eric at regit.org>
Date: Wed May 20 10:23:36 2015 +0200
email-json: add bcc to extended fields
commit fbd6428f1bb082b35b24c9b1e4715c2a2ce8128f
Author: Eric Leblond <eric at regit.org>
Date: Tue May 12 17:56:59 2015 +0200
smtp-layer: add MAIL FROM parsing test in unittest
commit 534360fc0202c66d8877c5c8b55dbee5ead320b8
Author: Eric Leblond <eric at regit.org>
Date: Tue May 12 17:31:56 2015 +0200
smtp-layer: add HELO parsing test in unittest
commit 8fd88f543d43ad0f291fc02bf04c40b6676ed03e
Author: Eric Leblond <eric at regit.org>
Date: Tue May 12 16:55:49 2015 +0200
yaml: add comment describing smtp extended
commit f81f353d1f75a790dc84a200aa25a2fe38e142bc
Author: Eric Leblond <eric at regit.org>
Date: Tue May 12 16:53:20 2015 +0200
email-json: add 'date' field extraction
commit 6f033747ec7853d048683acb743ba124ad9d15d6
Author: Eric Leblond <eric at regit.org>
Date: Tue May 12 16:52:12 2015 +0200
util-decode-mime: add unittests for field fetching
commit 17edff6c5e7cb4f5d41da8d17737681a3879ba71
Author: Eric Leblond <eric at regit.org>
Date: Tue May 12 16:50:16 2015 +0200
unittests: finally register MIME tests
commit 6e0668125c16b729106ee5b5e4bda69135c5cf7d
Author: Eric Leblond <eric at regit.org>
Date: Thu May 7 14:52:12 2015 +0200
email-json: improve log message
commit dad1f85edb59406a00164e6533c31ca12253b790
Author: Eric Leblond <eric at regit.org>
Date: Thu May 7 14:44:14 2015 +0200
email-json: add author
Add myself as author and change the copyright date.
commit d1b0a5aa6d6368c40c347b2fde8ddfacded1cc53
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 14:20:13 2015 +0200
yaml: document new MIME features
commit caa8982b4324c7e63cd7f72afb4208257bdec1d1
Author: Eric Leblond <eric at regit.org>
Date: Thu May 7 11:38:15 2015 +0200
email-json: add some fields
This patch adds some fields to the list of extracted fields.
commit ca52fa91dd7e03a23dd417c19480db079182ad67
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 15:16:35 2015 +0200
email-json: body md5 logging is optional
commit a719ea3c928e0e4c961713c8b6dca72b0abd99a7
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 11:55:46 2015 +0200
email-json: add capa to display subject md5
To be able to identify mails with identical subjects without
using the subject itself as a key, it is possible to use the md5
hash of the subjet string. This allows to limit the privacy impact.
commit 881aa3efce7e12530d606057ba2d99b35a8ddeab
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 10:32:16 2015 +0200
email-json: don't log subject by default
It seems to be a bit too intrusive for the privacy so this patch
adds this field to the extended logging only.
commit 7bb38f7c301741deedd4945c04500e4707746951
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 10:16:10 2015 +0200
decode-mime: fix typo in comment
commit 431dc155aa8cfec8df96b7caa5140e26ab27fa25
Author: Eric Leblond <eric at regit.org>
Date: Mon May 4 18:14:03 2015 +0200
email-json: delete white space from "from"
The From field is handled separatly and it could also starts by
white spaces.
commit abcaf46193474dc4a1acc6984da1318570c16d58
Author: Eric Leblond <eric at regit.org>
Date: Mon May 4 18:11:37 2015 +0200
email-json: delete leading white spaces
Some mail clients are using tabulation and/or space for comma
separated list. This patch removes them so the event will contain
only significative characters.
commit 4c0f8803e7e4b9848af1c2e2a976ca4dbf66909f
Author: Eric Leblond <eric at regit.org>
Date: Mon May 4 17:42:33 2015 +0200
email-json: factorize the code
commit a7ef0c05ba28f8d41776ebc1411d9a9e4cc7faf7
Author: Eric Leblond <eric at regit.org>
Date: Mon May 4 17:35:27 2015 +0200
email-json: add LOG_EMAIL_COMMA type
extract these data types by treating them as a comma separated list.
commit 3456ec467f7c36f5cd5f324f75c7a8f43e9afc71
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 14:33:50 2015 +0200
email-json: add custom fields support
This patch adds a way to specify which MIME fields to log via
the custom keyword in the EVE configuration. it also adds an
extended logging where some fields are added. The logging support
mono value fields as well as multivalue fields via the use of
JSON array.
commit 714c30a127828bfff8e8c44e19c3ffc7316744df
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 14:31:55 2015 +0200
decode-mime: introduce MimeDecFindFieldsForEach
This patch introduces a new function that can be used to handle
multivalued MIME fields. A callback function can be called for
each corresponding field value.
commit 54038f5691c0e3367651a1fa0b8ff3346ad5f07b
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 15:24:52 2015 +0200
file-json: log 'email' information
Log information coming from email/MIME decoding in the message.
commit ab941305d53cacd20697403b4ced1b26e44dacc0
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 14:45:52 2015 +0200
email-json: add function to export data
commit 77119a31863ee9cc3bedcd8abf007914ba7942cc
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 13:44:58 2015 +0200
file-json: output smtp proto info
commit 47a199ee978608ba4351c40f48c00833bdc3b6c6
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 13:28:49 2015 +0200
smtp-json: introduce function to output smtp data
commit 94dbd303e4744a40f3761265be7c73a7a4754764
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 12:53:09 2015 +0200
file-json: log http data using common function
commit 4ef12dcf5d0d7e47f25a5a1cb78b9c2b73f8deef
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 12:52:22 2015 +0200
alert-json: use new JsonHttpAddMetadata function
This patch uses the newly introduced function to handle the logging
of HTTP data.
commit bccabe3813627abfe4f7a77272d1b195a8115753
Author: Eric Leblond <eric at regit.org>
Date: Thu Apr 30 11:08:47 2015 +0200
http-json: introduce JsonHttpAddMetadata function
This function will be usable in other logging components to add
the http data to their messages.
commit d7e13c2c039901fdc4042431d693be31fe1c7ef1
Author: Eric Leblond <eric at regit.org>
Date: Wed Apr 29 18:25:05 2015 +0200
email-json: output MIME parsing status
If the status is not PARSE_DONE then in that case we may have
imcomplete information. Increasing the stream reassemly depth
in that case would be a good idea.
commit a233a982ea1495b0d473c8affecac5dbb4f66b20
Author: Eric Leblond <eric at regit.org>
Date: Wed Apr 29 18:24:09 2015 +0200
decode-mime: add function to get status
This new function return the textual status of MIME parsing.
commit 990055842830a65cb31ea51c52a06412c3d6c191
Author: Eric Leblond <eric at regit.org>
Date: Tue May 5 15:00:58 2015 +0200
smtp: add 'body-md5' mime option
This option will allow the user to select weither or not he wants
to journalize the md5 of the mail body.
commit ea311c159424a8a76e2b76875f65e38737e1bc6c
Author: Eric Leblond <eric at regit.org>
Date: Tue Apr 28 13:23:23 2015 +0200
email-json: export md5sum of body
The body_md5 has been added and contain the value of the md5sum
of the body.
This patch is using the state PARSE_DONE on the MIME state to
detect when a message has been completely parsed.
commit d39009ca582af30a1478934be7259294a7247d09
Author: Eric Leblond <eric at regit.org>
Date: Fri Apr 24 16:17:19 2015 +0200
decode-mime: compute body md5
This patch is computing the md5 sum of the body of the MIME message.
This will allow to detect messages with same content and sent to
different people.
commit e43eb76abd043c5eb14240d808b66a6d07d4f1d2
Author: Eric Leblond <eric at regit.org>
Date: Fri Apr 24 13:25:41 2015 +0200
app-layer-stmp: simplify code
Delete a only used once goto to a point where we only do a return.
commit 0f3979cc814a35a63ba7aca8582551439bd5ab59
Author: Eric Leblond <eric at regit.org>
Date: Wed Apr 22 14:41:20 2015 +0200
output-json-smtp: output RCPT TO fields
This patch uses an array to output the RCPT TO fields to the
JSON message.
commit 752fdba95725a94cf1cb31145009fd90448397b3
Author: Eric Leblond <eric at regit.org>
Date: Wed Apr 22 14:40:30 2015 +0200
app-layer-smtp: parse and extract RCPT TO fields
Add the RCPT TO fields to a linked list stored in the transaction.
commit 2abae3f0a13237a3a945b058b03147b59acdc8e0
Author: Eric Leblond <eric at regit.org>
Date: Fri Apr 17 16:34:56 2015 +0200
smtp-json: update SMTP EVE messages
This patch updates SMTP message to have them feature a 'smtp'
section which will contain all fields coming from the smtp
protocol.
commit 7bca8268bcae54db5a2e7ac0914f63f78a39d49b
Author: Eric Leblond <eric at regit.org>
Date: Fri Apr 17 10:46:15 2015 +0200
app-layer-smtp: extract and store HELO and MAIL FROM
This patch updates the SMTP transaction and SMTP state to be able
to contain the HELO and MAIL FROM fields.
commit 5c26a2f2c8f52a4612f6c185dfd5af912f418589
Author: Eric Leblond <eric at regit.org>
Date: Fri Apr 17 16:13:23 2015 +0200
email-json: move email fields to email section
This patch changes the way smtp message are written. It is using
the "email" key to store the email related fields. This will
allow to do the same search through SMTP and IMAP if we implement
this last one.
-----------------------------------------------------------------------
Summary of changes:
COPYING | 39 +++--
LICENSE | 14 +-
configure.ac | 11 ++
src/alert-unified2-alert.c | 21 +++
src/app-layer-smtp.c | 153 +++++++++++++++++-
src/app-layer-smtp.h | 16 ++
src/app-layer-ssl.h | 2 +
src/defrag-hash.c | 19 +--
src/defrag.c | 205 ++++++++++++++++++++++-
src/defrag.h | 14 --
src/detect-pcre.c | 95 +++++++++--
src/output-json-alert.c | 72 +++++----
src/output-json-email-common.c | 359 ++++++++++++++++++++++++++++++++---------
src/output-json-email-common.h | 8 +-
src/output-json-file.c | 138 ++++------------
src/output-json-http.c | 26 ++-
src/output-json-http.h | 1 +
src/output-json-smtp.c | 80 ++++++++-
src/output-json-smtp.h | 3 +
src/output-json.c | 12 ++
src/output-json.h | 1 +
src/output-lua.c | 88 ++++++++++
src/runmode-unittests.c | 1 +
src/unix-manager.c | 8 +-
src/util-debug.c | 2 +-
src/util-decode-mime.c | 158 +++++++++++++++---
src/util-decode-mime.h | 12 +-
src/util-host-os-info.c | 32 ++--
suricata.yaml.in | 22 ++-
29 files changed, 1265 insertions(+), 347 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list