[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.2beta1-77-g1aa70fb
OISF Git
noreply at openinfosecfoundation.org
Tue Oct 18 21:16:01 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 1aa70fb39e5581956cef99cc4ac3daef80e0454e (commit)
via e072e70ea6b2be7ae335a08c835b6cb61f6ae2ef (commit)
via dcdf160ab2c99185ae605d93db6207bc648a4dfa (commit)
via 1a724ba851b8c63c2d66232046b68da47a8de6fa (commit)
via 8f56c234683551f9418377cd250c434938c08ddc (commit)
via f81619a13efeb08c4a744238a07a75dc7af7cd71 (commit)
via 571f56cfcf8fdd541b2a6d4d594afe749b55e2e9 (commit)
via dc762cd44d08d0b682c62b64c52c9ed592fce1d6 (commit)
via 6948b2332abeb1531212594f117976c54470f119 (commit)
via 56ffba9fd82bb30858a661f6406a05148e187e07 (commit)
via 449c93e062c4b575ca537d887c8f35250604dce8 (commit)
via 0ed119068d09842361195a905f1bce73b262b99a (commit)
via 8094b2b12e89a1329fbf96cb8e39487a00e18ec3 (commit)
via c28d9d053861ad0ee396f2a4d2ce6368022c1a1b (commit)
via dbb3a12b32e8c841e8721e8c4126755027182c74 (commit)
via 93298e91c77ac86c2098e7f0a53a830957271063 (commit)
via 3b98feef011571e9b90804be4e673419a2b1f5eb (commit)
via 90bf2b5a32f6ea0aeb46ded8fed40df3bca075af (commit)
via e955cf3366ca87745fc85b9f49cae5ce5388df9e (commit)
via 9560e8b5b2ce7a0e4ea62e0d3b5dc908695f142b (commit)
via 7d7ec78cc3e80ce47888684f65034cac6f69bc47 (commit)
via ac2cf526f1c925c138ea5cfa4021bc11bc9f3134 (commit)
via d7c828bcb0f9737d92128ec379ddc9d1e93bc582 (commit)
via 6022fa44a50520883a4769e1a1ab5ddbb354afd7 (commit)
via 8347aa01fa9d32c364b8b72163e921f32ce01cbc (commit)
from c6134e007e0785bc9a3ef5b524fd03adf7fa2c09 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1aa70fb39e5581956cef99cc4ac3daef80e0454e
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 18 18:33:11 2016 +0200
doc: add rate_filter
commit e072e70ea6b2be7ae335a08c835b6cb61f6ae2ef
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 18 18:09:39 2016 +0200
alert: fix rate_filter issues
Fix rate_filter issues: if action was modified it wouldn't be logged
in EVE. To address this pass the PacketAlert structure to the threshold
code so it can flag the PacketAlert as modified. Use this in logging.
Update API to use const where possible. Fix a timout issue that this
uncovered.
commit dcdf160ab2c99185ae605d93db6207bc648a4dfa
Author: Jason Ish <ish at unx.ca>
Date: Mon Oct 17 12:56:35 2016 -0600
conf: cleanup compiler warning (unintialized vars)
commit 1a724ba851b8c63c2d66232046b68da47a8de6fa
Author: Jason Ish <ish at unx.ca>
Date: Thu Oct 13 13:53:27 2016 -0600
doc: flow: update and add new keywords
commit 8f56c234683551f9418377cd250c434938c08ddc
Author: Jason Ish <ish at unx.ca>
Date: Thu Oct 13 11:31:21 2016 -0600
detect-flow: no_frag and only_frag keyword support
Support flow:no_frag and flow:only_frag keywords from Snort.
commit f81619a13efeb08c4a744238a07a75dc7af7cd71
Author: Jason Ish <ish at unx.ca>
Date: Thu Oct 13 12:08:40 2016 -0600
defrag: set flag on packets reassembled from fragments
Set the PKT_REBUILT_FRAGMENT on packets that are re-assembled
from fragments.
commit 571f56cfcf8fdd541b2a6d4d594afe749b55e2e9
Author: Jason Ish <ish at unx.ca>
Date: Tue Oct 11 11:11:26 2016 -0600
detect-flow: support flow:not_established
commit dc762cd44d08d0b682c62b64c52c9ed592fce1d6
Author: Jason Ish <ish at unx.ca>
Date: Tue Oct 11 10:43:34 2016 -0600
detect-flow: use new unit test macros
commit 6948b2332abeb1531212594f117976c54470f119
Author: Duarte Silva <development at serializing.me>
Date: Sat Oct 15 16:53:03 2016 +0200
file-hashing: Fixed line parsing code
commit 56ffba9fd82bb30858a661f6406a05148e187e07
Author: Victor Julien <victor at inliniac.net>
Date: Fri Oct 14 17:28:34 2016 +0200
doc: initial app-layer keywords
Document app-layer-protocol and make a start with app-layer-event.
commit 449c93e062c4b575ca537d887c8f35250604dce8
Author: Victor Julien <victor at inliniac.net>
Date: Fri Oct 14 10:23:44 2016 +0200
detect-app-layer-protocol: improve rule validation
Also add tests for PD-only conditions
commit 0ed119068d09842361195a905f1bce73b262b99a
Author: Victor Julien <victor at inliniac.net>
Date: Fri Oct 14 10:11:56 2016 +0200
detect-app-layer-protocol: implement prefilter
Introduce 'Protocol detection'-only rules. These rules will only be
fully evaluated when the protocol detection completed. To allow
mixing of the app-layer-protocol keyword with other types of matches
the keyword can also inspect the flow's app-protos per packet.
Implement prefilter for the 'PD-only' rules.
commit 8094b2b12e89a1329fbf96cb8e39487a00e18ec3
Author: Victor Julien <victor at inliniac.net>
Date: Thu Oct 13 23:33:06 2016 +0200
detect-app-layer-protocol: convert to pkt match
commit c28d9d053861ad0ee396f2a4d2ce6368022c1a1b
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 23:08:04 2016 +0200
eve: print app_proto_ts/app_proto_tc
commit dbb3a12b32e8c841e8721e8c4126755027182c74
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 23:07:32 2016 +0200
logging: return string for ALPROTO_FAILED
commit 93298e91c77ac86c2098e7f0a53a830957271063
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 22:54:19 2016 +0200
app-layer counters: count failed protocol detect
commit 3b98feef011571e9b90804be4e673419a2b1f5eb
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 10 12:06:48 2016 +0200
proto-detect: clean up UDP handling
Set FAILED instead of using a flow flag. Flag packets in both
sides when detection is done. Detection is only done in one
direction.
commit 90bf2b5a32f6ea0aeb46ded8fed40df3bca075af
Author: Victor Julien <victor at inliniac.net>
Date: Sun Oct 9 23:49:09 2016 +0200
proto detect: improve error case handling
Improve flags logic, update tests.
commit e955cf3366ca87745fc85b9f49cae5ce5388df9e
Author: Victor Julien <victor at inliniac.net>
Date: Sun Oct 9 11:23:49 2016 +0200
detect-app-layer-protocol: improve error handling
Redo tests.
commit 9560e8b5b2ce7a0e4ea62e0d3b5dc908695f142b
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 18:00:37 2016 +0200
proto-detect: update mismatch handling
Improve protocol mismatch handling. Preserve both protos. Use otherdir
if already sent to parser, use toclient otherwise.
commit 7d7ec78cc3e80ce47888684f65034cac6f69bc47
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 19:31:38 2016 +0200
app-layer-protocol: improve detection
Add negated matches to match list instead of amatch.
Allow matching on 'failed'.
Introduce per packet flags for proto detection. Flags are used to
only inspect once per direction. Flag packet on PD-failure too.
commit ac2cf526f1c925c138ea5cfa4021bc11bc9f3134
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 12:02:25 2016 +0200
proto detect: remove flow data tracking
The Flow::data_al_so_far was used for tracking data already
parsed when protocol for the current direction wasn't known yet. As
this behaviour has changed the tracking can be removed.
commit d7c828bcb0f9737d92128ec379ddc9d1e93bc582
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 11:47:35 2016 +0200
proto detect: update behavior on partial detection
When the current direction doesn't get a protocol detection, but the
opposing direction did, previously we would send the current data to
the parser. Then when we'd be invoked again (until the protocol
detection finally failed) we'd get the same data + the new data. To
make sure we'd not send the same data to the parser again, the flow
kept track of how much was already sent to the app-layer using
data_al_so_far.
This patch changes the behaviour. Instead of sending the data for
the current direction right away, we only do this when protocol
detection is complete. This way we won't have to track anything.
commit 6022fa44a50520883a4769e1a1ab5ddbb354afd7
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 8 10:22:35 2016 +0200
proto detect: TCP cleanup
Split function into multiple smaller ones.
commit 8347aa01fa9d32c364b8b72163e921f32ce01cbc
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 10 11:18:06 2016 +0200
app-layer: clean up counters registration
-----------------------------------------------------------------------
Summary of changes:
doc/userguide/configuration/global-thresholds.rst | 84 +-
doc/userguide/rules/app-layer.rst | 80 +
doc/userguide/rules/flow-keywords.rst | 73 +-
doc/userguide/rules/index.rst | 1 +
src/app-layer-protos.c | 2 +
src/app-layer.c | 3406 +++++++--------------
src/conf.c | 12 +-
src/decode.h | 9 +
src/defrag.c | 1 +
src/detect-app-layer-protocol.c | 546 ++--
src/detect-engine-address.c | 2 +-
src/detect-engine-address.h | 2 +-
src/detect-engine-alert.c | 17 +-
src/detect-engine-analyzer.c | 1 +
src/detect-engine-threshold.c | 126 +-
src/detect-engine-threshold.h | 6 +-
src/detect-flow.c | 663 ++--
src/detect-flow.h | 19 +-
src/detect.c | 104 +-
src/detect.h | 6 +-
src/flow-private.h | 2 +
src/flow-util.h | 4 -
src/flow.c | 10 +
src/flow.h | 9 +-
src/output-json-alert.c | 16 +-
src/output-json-flow.c | 11 +-
src/stream-tcp-reassemble.c | 34 -
src/util-detect-file-hash.c | 23 +-
28 files changed, 2255 insertions(+), 3014 deletions(-)
create mode 100644 doc/userguide/rules/app-layer.rst
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list