[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-118-g6f0794c
OISF Git
noreply at openinfosecfoundation.org
Mon Dec 11 08:28:43 UTC 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 6f0794c16f6adaa3e8a79553a8fcc81aadeed9c7 (commit)
via 3ab9120821e2b5cbc5925470bcfa5bcfb53f246b (commit)
via 94e9d1379152504a7359b6fcbf5cc9822fad404f (commit)
via e7392a0780ac960f49d48c0272af4cd74fdc9ec6 (commit)
via f1d372a505a47f642e0b196a3ff343ea3aa7d9f9 (commit)
via 9131afbe71266c1b2ea80d7f664df8169c071b06 (commit)
via 1328ecb8f6e981f6ce47704b17d7884f21d1d4cc (commit)
via e17b9616ab4f0817139b5e3f62cf5b920d792198 (commit)
via 1567f84cd246b5d97e99df34e5cec361ac1cf011 (commit)
via 89c629a79d754ab6d423d5d5cdd258e9d102dfe1 (commit)
via 720cfcfcca6b2355b3d977a2d018f9e3bc068e6e (commit)
via 56000acefb7b4f50926f6fb9ecada12e4710c1ac (commit)
from 0c99338e071612775bd895f64800d01e865f900b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6f0794c16f6adaa3e8a79553a8fcc81aadeed9c7
Author: Andreas Herz <andi at geekosphere.org>
Date: Sat Aug 5 01:06:22 2017 +0200
keyword-filesize: add units
commit 3ab9120821e2b5cbc5925470bcfa5bcfb53f246b
Author: Dana Helwig <dana.helwig at protectwise.com>
Date: Thu Apr 27 11:17:16 2017 -0600
source-pcap-file: Pcap Directory Mode (Feature #2222)
https://redmine.openinfosecfoundation.org/issues/2222
Pcap file mode that when passed a directory will process all files in
that directory. If --pcap-file-continuous or continuous option is passed
in json, the directory will be monitored until the directory is
moved/deleted, suricata is interrupted, or the pcap-interrupt command
is used with unix command socket. Existing file implementation and new
directory implementation has moved from source-pcap-file into
pcap-file-helper and pcap-directory-helper.
Engine state will not reset between files.
Also satisfies:
* https://redmine.openinfosecfoundation.org/issues/2299
* https://redmine.openinfosecfoundation.org/issues/724
* https://redmine.openinfosecfoundation.org/issues/1476
Co-Authors: Dana Helwig <dana.helwig at protectwise.com> and
Danny Browning <danny.browning at protectwise.com>
commit 94e9d1379152504a7359b6fcbf5cc9822fad404f
Author: Eric Leblond <eric at regit.org>
Date: Thu Sep 29 23:23:21 2016 +0200
doc: add ruleset commands available in unix socket
commit e7392a0780ac960f49d48c0272af4cd74fdc9ec6
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Tue Aug 2 16:09:41 2016 +0200
unix-manager: block live reload when -s/-S is specified
Currently, when live reload is executed through
unix-socket, suri prints in the console the following
error message:
"Live rule reload not possible if -s or -S option used at runtime."
Instead, prints "done" in unix socket,
when the live reload is not executed.
commit f1d372a505a47f642e0b196a3ff343ea3aa7d9f9
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Tue Aug 2 15:11:07 2016 +0200
unix-manager: add "ruleset-reload-rules" command
This add a new command the new naming convention.
The (old) command "reload-rules" is kept for
backward compatibility
commit 9131afbe71266c1b2ea80d7f664df8169c071b06
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Oct 19 15:06:17 2015 +0200
unix-manager: print failed rules
This permits to print the invalid rules through
unix socket.
An example output is the following:
>>> show-failed-rules
Success:
[
{
"filename": "/home/eric/git/oisf/benches/tls-store.rules",
"line": 2,
"rule": "alert ts any any -> any 334 (msg:\"Store TLS\"; tls.store; sid:2; rev:1;)"
},
{
"filename": "/home/eric/git/oisf/benches/tls-store.rules",
"line": 3,
"rule": "alert ls any any -> any 334 (msg:\"Store TLS\"; tls.store; sid:3; rev:1;)"
}
]
The dump is limited to 20 entries to avoid to send a too big
message to the client that don't support it by default.
commit 1328ecb8f6e981f6ce47704b17d7884f21d1d4cc
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Oct 19 15:02:13 2015 +0200
detect: save invalid rules
This keeps the invalid rules in string format into a list,
added in DetectEngineCtx.
commit e17b9616ab4f0817139b5e3f62cf5b920d792198
Author: Eric Leblond <eric at regit.org>
Date: Fri Oct 16 16:19:03 2015 +0200
unix-socket: add ruleset-reload-nonblocking command
Add a non blocking function to reload rules. It will be useful
for remote system management to avoid to block them waiting the
reload. And as we now have a last-reload command we can get the
status of the current reload.
commit 1567f84cd246b5d97e99df34e5cec361ac1cf011
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Wed May 4 17:13:39 2016 +0200
detect-engine: remove DONE state
Remove the DONE state to fix a problem with state not being
changed correctly when multiple reload were done. As DONE was
not really useful, we can remove it.
commit 89c629a79d754ab6d423d5d5cdd258e9d102dfe1
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Fri Oct 9 09:27:08 2015 +0200
unix-socket: add commands to print engine stats
This permits to print engine stats through
unix socket.
commit 720cfcfcca6b2355b3d977a2d018f9e3bc068e6e
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Fri Oct 9 09:16:40 2015 +0200
json-stats: print engine stats
This adds the engine stats in stats event.
If multi-tenancy is enabled, it will add
stats for each tenant
The following is a snippet of the generated EVE entry:
"detect":{"engines":[{"last_reload":"2015-10-13T09:59:48.044996+0200","rules_loaded":17184,"rules_failed":0}],"alert":28}
Multi-tenancy enabled:
"detect":{"engines":[{"id":1,"last_reload":"2015-10-13T09:56:46.447153+0200","rules_loaded":17084,"rules_failed":0},
{"id":2,"last_reload":"2015-10-13T09:56:36.504877+0200","rules_loaded":3268,"rules_failed":0}],
"alert":28}
commit 56000acefb7b4f50926f6fb9ecada12e4710c1ac
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Fri Oct 9 08:59:48 2015 +0200
detect-engine: add reload time/rules stats
This patch adds the following stats for
the detect engine:
- time of the last reload
- number of rules loaded
- number of rules failed
-----------------------------------------------------------------------
Summary of changes:
doc/userguide/partials/options.rst | 10 +-
doc/userguide/rules/file-keywords.rst | 6 +-
doc/userguide/unix-socket.rst | 35 +-
scripts/suricatasc/src/suricatasc.py | 20 +-
src/Makefile.am | 3 +
src/detect-engine.c | 38 +-
src/detect-engine.h | 8 +-
src/detect-filesize.c | 12 +-
src/detect-http-hh.c | 15 +-
src/detect-http-method.c | 16 +-
src/detect-http-raw-header.c | 10 +-
src/detect-http-raw-uri.c | 6 +-
src/detect-http-uri.c | 6 +-
src/detect-parse.c | 2 +-
src/detect-urilen.c | 3 +-
src/detect-urilen.h | 2 +-
src/detect.c | 27 +-
src/detect.h | 33 +-
src/output-json-stats.c | 112 ++++++
src/output-json-stats.h | 2 +
src/runmode-unix-socket.c | 259 ++++++++++----
src/runmode-unix-socket.h | 2 +-
src/source-pcap-file-directory-helper.c | 535 +++++++++++++++++++++++++++++
src/source-pcap-file-directory-helper.h | 83 +++++
src/source-pcap-file-helper.c | 235 +++++++++++++
src/source-pcap-file-helper.h | 109 ++++++
src/source-pcap-file.c | 439 +++++++++++------------
src/suricata-common.h | 4 +
src/suricata.c | 66 ++--
src/suricata.h | 2 +
src/unix-manager.c | 125 ++++++-
src/util-detect.c | 120 +++++++
src/{app-layer-nfs-tcp.h => util-detect.h} | 16 +-
33 files changed, 1955 insertions(+), 406 deletions(-)
create mode 100644 src/source-pcap-file-directory-helper.c
create mode 100644 src/source-pcap-file-directory-helper.h
create mode 100644 src/source-pcap-file-helper.c
create mode 100644 src/source-pcap-file-helper.h
create mode 100644 src/util-detect.c
copy src/{app-layer-nfs-tcp.h => util-detect.h} (72%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list