[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.1.2-401-ga3a1757
OISF Git
noreply at openinfosecfoundation.org
Fri Sep 30 18:20:03 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via a3a175747213f38b19af28af262b5c6b80344650 (commit)
via 595c20ddf4e21d6f2251a037dea9b8ba5c13ee77 (commit)
via 7e4df3a1d17ad7d7279601a395b2e9329ad8ee43 (commit)
via 10d827639e279d9fab977bd32ac9503f9b44c841 (commit)
via 1fea52dd8aaab9e0f4da57981f8a581ea347f036 (commit)
via f7e0083269df2ce7a6c1001123314c92ec690fbe (commit)
via f22c9d9781cd6f8a6feaa5256a4c7ff37a5b094b (commit)
via 07d2312d96cb1798d58e9f3ff23775b7b87c99e7 (commit)
via e6cf7ae8fa0ce5fdb10e36b53ec2181b9f149ecd (commit)
via 3f214b506a66e390ecf7821a8ac51cd1c0916ca5 (commit)
via 4751677e2490bf18649ce51d146bf3e38c707806 (commit)
via 9ab1194f68d55f32bb958b7da437e2381665a6de (commit)
via b160c49e9eab730791b06a224a72fe68246aacd5 (commit)
via a63c6b320eaebcf130c94ce80368277d3ea8d7db (commit)
via 960ebb2822d1f2e7b75cac91912106f7353083fa (commit)
via 80c3aedbfcff676f709907637809d398a7293417 (commit)
via 72b5da43137f4194251373c09a190960954ba210 (commit)
via 92b393ee9ad9b73d46d5d59e66ab6cc0371b8d02 (commit)
via a2d8cfb5d39c979932b666a8090b9dc5be8201ec (commit)
via 050f36eaa5b8de1f63997654446f0ec1dd0eb445 (commit)
via 6b1c21b115d1fb144d912c3a236e2f4de74dfa1f (commit)
via a3ffebd8354c5c207f0a31b929dd2464aac53e22 (commit)
from 5bd906ae9f6cea9db02583786d26afcc6cfb86c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a3a175747213f38b19af28af262b5c6b80344650
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 16:26:40 2016 +0200
flow-mgr: fix bypass counter registration
commit 595c20ddf4e21d6f2251a037dea9b8ba5c13ee77
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 14:06:32 2016 +0200
der: fix asan/valgrind errors in time parsing
commit 7e4df3a1d17ad7d7279601a395b2e9329ad8ee43
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 12:33:49 2016 +0200
tls-validity: fix memory handling
commit 10d827639e279d9fab977bd32ac9503f9b44c841
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Sep 27 17:56:22 2016 +0200
detect-tls-cert-validity: clean up unit tests
Remove locks, unnecessary function calls and conditional statements.
commit 1fea52dd8aaab9e0f4da57981f8a581ea347f036
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Sep 27 14:19:03 2016 +0200
detect: add keyword tls_cert_valid
Add keyword to check if TLS certificate is valid.
commit f7e0083269df2ce7a6c1001123314c92ec690fbe
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Sep 27 13:41:38 2016 +0200
detect-cert-validity: fix typos
commit f22c9d9781cd6f8a6feaa5256a4c7ff37a5b094b
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Sep 27 13:39:43 2016 +0200
detect: add keyword tls_cert_expired
Add keyword to check if TLS certificate is expired.
commit 07d2312d96cb1798d58e9f3ff23775b7b87c99e7
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Sep 27 08:56:28 2016 +0200
detect-tls-validity: use flags for modes
Use flags for modes to support using multiple modes at the same time.
commit e6cf7ae8fa0ce5fdb10e36b53ec2181b9f149ecd
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 12:04:40 2016 +0200
yaml: improve stream-depth comments
commit 3f214b506a66e390ecf7821a8ac51cd1c0916ca5
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Tue Dec 1 11:21:24 2015 +0100
file-store: add depth setting
When a rules match and fired filestore we may want
to increase the stream reassembly depth for this specific.
This add the 'depth' setting in file-store config,
which permits to specify how much data we want to reassemble
into a stream.
commit 4751677e2490bf18649ce51d146bf3e38c707806
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Aug 29 11:46:33 2016 +0200
app-layer: use StreamTcpSetReassemblyDepth
This calls StreamTcpSetReassemblyDepth to set the stream depth
specified for the protocol.
commit 9ab1194f68d55f32bb958b7da437e2381665a6de
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Aug 1 16:30:03 2016 +0200
modbus: set stream depth
Some protocol like modbus requires
a infinite stream depth because session
are kept open and we want to analyze everything.
Since we have a stream reassembly depth per stream,
we can also set a stream reassembly depth per proto.
commit b160c49e9eab730791b06a224a72fe68246aacd5
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Tue Dec 1 15:50:02 2015 +0100
app-layer-parser: add stream depth
This permits to set a stream depth value for each
app-layer.
By default, the stream depth specified for tcp is set,
then it's possible to specify a own value into the app-layer
module with a proper API.
commit a63c6b320eaebcf130c94ce80368277d3ea8d7db
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 24 21:52:06 2015 +0100
stream: per TcpStream reassembly depth
commit 960ebb2822d1f2e7b75cac91912106f7353083fa
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 10:34:39 2016 +0200
enip: fix scan-build warnings
detect-cipservice.c:161:29: warning: Assigned value is garbage or undefined
cipserviced->cipservice = input[0];
^ ~~~~~~~~
detect-cipservice.c:162:27: warning: Assigned value is garbage or undefined
cipserviced->cipclass = input[1];
^ ~~~~~~~~
detect-cipservice.c:163:31: warning: Assigned value is garbage or undefined
cipserviced->cipattribute = input[2];
^ ~~~~~~~~
3 warnings generated.
commit 80c3aedbfcff676f709907637809d398a7293417
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 08:54:27 2016 +0200
enip: parsing and tests cleanup
commit 72b5da43137f4194251373c09a190960954ba210
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 08:23:39 2016 +0200
enip/cip: improve output & style
Remove printf, remove \n from SCLogDebug. Add SCLogError for
rule parsing issues.
Fix various style issues
commit 92b393ee9ad9b73d46d5d59e66ab6cc0371b8d02
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 08:18:22 2016 +0200
doc: include enip page
commit a2d8cfb5d39c979932b666a8090b9dc5be8201ec
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 08:15:12 2016 +0200
doc: reorder rule docs
commit 050f36eaa5b8de1f63997654446f0ec1dd0eb445
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 08:14:00 2016 +0200
enip: improve yaml
commit 6b1c21b115d1fb144d912c3a236e2f4de74dfa1f
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 30 08:10:18 2016 +0200
enip/cip: register inspect engines
commit a3ffebd8354c5c207f0a31b929dd2464aac53e22
Author: kwong <kwong at solananetworks.com>
Date: Thu Sep 29 13:15:54 2016 -0400
Adding SCADA EtherNet/IP and CIP protocol support
Add support for the ENIP/CIP Industrial protocol
This is an app layer implementation which uses the "enip" protocol
and "cip_service" and "enip_command" keywords
Implements AFL entry points
-----------------------------------------------------------------------
Summary of changes:
doc/userguide/configuration/suricata-yaml.rst | 18 +
doc/userguide/file-extraction/file-extraction.rst | 3 +-
doc/userguide/rules/enip-keyword.rst | 40 +
doc/userguide/rules/index.rst | 9 +-
src/Makefile.am | 4 +
src/app-layer-detect-proto.c | 4 +
src/app-layer-enip-common.c | 947 ++++++++++++++++++++++
src/app-layer-enip-common.h | 250 ++++++
src/app-layer-enip.c | 605 ++++++++++++++
src/{decode-template.h => app-layer-enip.h} | 20 +-
src/app-layer-modbus.c | 131 ++-
src/app-layer-parser.c | 31 +
src/app-layer-parser.h | 6 +
src/app-layer-protos.c | 3 +
src/app-layer-protos.h | 1 +
src/app-layer.c | 3 +
src/detect-cipservice.c | 471 +++++++++++
src/detect-cipservice.h | 100 +++
src/detect-engine-enip.c | 378 +++++++++
src/{decode-template.h => detect-engine-enip.h} | 26 +-
src/detect-engine.c | 5 +
src/detect-filestore.c | 4 +
src/detect-parse.c | 5 +
src/detect-tls-cert-validity.c | 906 +++++++++++++++++++--
src/detect-tls-cert-validity.h | 14 +-
src/detect.c | 12 +
src/detect.h | 8 +
src/flow-manager.c | 2 +-
src/log-filestore.c | 16 +
src/stream-tcp-private.h | 1 +
src/stream-tcp-reassemble.c | 18 +-
src/stream-tcp.c | 10 +
src/stream-tcp.h | 1 +
src/suricata.c | 13 +
src/util-decode-der-get.c | 4 +-
src/util-error.c | 1 +
src/util-error.h | 1 +
src/util-file.c | 25 +
src/util-file.h | 2 +
src/util-time.c | 2 +
suricata.yaml.in | 12 +-
41 files changed, 4006 insertions(+), 106 deletions(-)
create mode 100644 doc/userguide/rules/enip-keyword.rst
create mode 100644 src/app-layer-enip-common.c
create mode 100644 src/app-layer-enip-common.h
create mode 100644 src/app-layer-enip.c
copy src/{decode-template.h => app-layer-enip.h} (71%)
create mode 100644 src/detect-cipservice.c
create mode 100644 src/detect-cipservice.h
create mode 100644 src/detect-engine-enip.c
copy src/{decode-template.h => detect-engine-enip.h} (53%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list