[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-46-gbb65a48
OISF Git
noreply at openinfosecfoundation.org
Thu Nov 23 17:43:40 UTC 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via bb65a48edd981cde55adcfa8ece89cfd509dc04b (commit)
via 83808bbdad172de77904d6acb54c38d63afd8fa8 (commit)
via 0b07bdf5d944721a774621dd30d8f26d0666c9db (commit)
via e7c0a53cbf36c2342ebdde747be34b004c736f43 (commit)
via 3edc76533ccce9496dca2b5e8d5c569dcfe47ec0 (commit)
via 862abd2fe4685f90db05a7742c196e1bc2646d0d (commit)
via 7c8bdfd3dd6a1cb93f26f87ac0a512119bfdb9ff (commit)
via 6ce45bcf38b5eb17fc4dd721037408ffb8ff78ef (commit)
via b6baafb3e3be5bef3dc6e027a5e64f8b73c33dc5 (commit)
via ac18ef01c297c25e3a897273105aa432644b09d3 (commit)
via 7ac6e0afb38470823355446eeb65f31df2ddb7bc (commit)
via 2e5422df8e39099e76939175a61cd7cf256711c6 (commit)
via 9556d4fef32ee42c1faeb4d955cb6f32868090a6 (commit)
via 5e6b8c47dfeaeb33cd03526e4c186d667e814e57 (commit)
via 6ab5d42c92ab55a6ea59d442d6c6a01e8282bbc6 (commit)
via e60bfc78c1e5cdd58cf8bc97acf5b28cd1a98576 (commit)
from 89b656d8eed0c8ebddc960a06f0434819abdc673 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bb65a48edd981cde55adcfa8ece89cfd509dc04b
Author: Victor Julien <victor at inliniac.net>
Date: Wed Nov 22 15:40:49 2017 +0100
rust: require at least libc 0.2.33
Required to be higher than 0.2.24 for IPPROTO_UDP. Upgraded to latest
version.
commit 83808bbdad172de77904d6acb54c38d63afd8fa8
Author: Pierre Chifflier <chifflier at wzdftpd.net>
Date: Thu Oct 26 08:05:41 2017 +0200
rust/ntp: convert parser to new registration method
Converting the NTP parser to the new registration method is a simple,
3-steps process:
- change the extern functions to use generic input parameters (functions
in all parsers must share common types to be generic) and cast them
- declare the Parser structure
- remove the C code and call the registration function
commit 0b07bdf5d944721a774621dd30d8f26d0666c9db
Author: Pierre Chifflier <chifflier at wzdftpd.net>
Date: Thu Oct 26 08:18:46 2017 +0200
rust: generate declaration for extern unsafe funcs
commit e7c0a53cbf36c2342ebdde747be34b004c736f43
Author: Pierre Chifflier <chifflier at wzdftpd.net>
Date: Thu Oct 26 07:57:03 2017 +0200
rust/applayer: add registration iface for parsers
Add Rust support for the common interface to declare and register all
parsers.
Add a common structure definition to contain all required elements
required for registering a parser, similar to the C interface.
This also reduces the risk of incorrectly registering a parser: the
compiler prevents omitting required functions from the structure, and
functions (even if external) are type-checked. Optional functions are
explicitly marked.
commit 3edc76533ccce9496dca2b5e8d5c569dcfe47ec0
Author: Pierre Chifflier <chifflier at wzdftpd.net>
Date: Fri Oct 27 13:10:04 2017 +0200
applayer: add registration interface for parsers
Add a common structure definition to contain all required elements
required for registering a parser.
This also reduces the risk of incorrectly registering a parser: the
compiler will type-check functions.
The registration function allows factorization of the code. It can be
used to register parsers, but is not mandatory.
If extra registration code (for functions not in the structure)
it is still possible by calling the C functions after the registration.
commit 862abd2fe4685f90db05a7742c196e1bc2646d0d
Author: Pierre Chifflier <chifflier at wzdftpd.net>
Date: Thu Oct 26 07:53:12 2017 +0200
applayer: add StringToAppProto
Add StringToAppProto to map a protocol name to a AppProto.
Exposing this function is required to let parsers discover their
AppProto identifier constant dynamically.
For example, a parser can request this value, and use it for
registration without knowing the value.
commit 7c8bdfd3dd6a1cb93f26f87ac0a512119bfdb9ff
Author: Pierre Chifflier <chifflier at wzdftpd.net>
Date: Fri Oct 27 13:07:29 2017 +0200
applayer: add typedef for Parsing functions
commit 6ce45bcf38b5eb17fc4dd721037408ffb8ff78ef
Author: Victor Julien <victor at inliniac.net>
Date: Tue Nov 21 18:22:12 2017 +0100
pfring: various build issues
pfring.h brings a different version of likely/unlikely that gives
warnings. So make sure we include our own before.
Make sure pfring.h isn't included globally due to apparent redefinition
of pthread_rwlock_t.
commit b6baafb3e3be5bef3dc6e027a5e64f8b73c33dc5
Author: Alfredo Cardigliano <cardigliano at ntop.org>
Date: Tue Nov 7 11:49:47 2017 +0100
pfring: hw bypass support
This patch adds support for hw bypass by enabling flow offload in the network
card (when supported) and implementing the BypassPacketsFlow callback.
Hw bypass support is disabled by default, and can be enabled by setting
"bypass: yes" in the pfring interface configuration section in suricata.yaml.
commit ac18ef01c297c25e3a897273105aa432644b09d3
Author: Pascal Delalande <pdl35 at free.fr>
Date: Wed Oct 18 21:42:37 2017 +0200
NSM: add TTL fields for netflow log
commit 7ac6e0afb38470823355446eeb65f31df2ddb7bc
Author: Eric Leblond <eric at regit.org>
Date: Fri May 5 16:53:38 2017 +0200
netflow: fix ttl logic
Use a per direction TTL min and max so we can log different values
seen in the two half flows.
Signed-off-by: Eric Leblond <eric at regit.org>
commit 2e5422df8e39099e76939175a61cd7cf256711c6
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Thu Dec 15 17:28:21 2016 +0100
netflow: log ttl fields
Netflow entry collects the minimum and maximum
time to live during the life of the incoming flow.
This adds those field to a netflow event.
Signed-off-by: Eric Leblond <eric at regit.org>
commit 9556d4fef32ee42c1faeb4d955cb6f32868090a6
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed Mar 15 08:02:08 2017 +0100
doc: add documentation for tls_cert_fingerprint keyword
commit 5e6b8c47dfeaeb33cd03526e4c186d667e814e57
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed Mar 15 07:55:31 2017 +0100
detect: add (mpm) keyword tls_cert_fingerprint
Reimplement keyword to match on SHA-1 fingerprint of TLS
certificate as a mpm keyword.
alert tls any any -> any (msg:"TLS cert fingerprint test";
tls_cert_fingerprint;
content:"4a:a3:66:76:82:cb:6b:23:bb:c3:58:47:23:a4:63:a7:78:a4:a1:18";
sid:12345;)
commit 6ab5d42c92ab55a6ea59d442d6c6a01e8282bbc6
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Aug 7 09:53:25 2017 +0200
unittests: initialize NSS in unittests runmode
Initialize NSS in unittests runmode when Suricata is compiled with
libnss. Otherwise, calculating SHA-1 sums for TLS fingerprints
will fail.
commit e60bfc78c1e5cdd58cf8bc97acf5b28cd1a98576
Author: Victor Julien <victor at inliniac.net>
Date: Tue Nov 21 17:31:36 2017 +0100
Open 4.1 development branch
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 20 +-
doc/userguide/rules/tls-keywords.rst | 16 ++
rust/Cargo.toml.in | 2 +-
rust/gen-c-headers.py | 9 +-
rust/src/core.rs | 12 +
rust/src/lib.rs | 2 +
rust/src/ntp/ntp.rs | 150 +++++++++----
rust/src/parser.rs | 164 ++++++++++++++
scripts/setup-app-layer.sh | 4 +
src/Makefile.am | 2 +
src/app-layer-ntp.c | 243 +--------------------
src/app-layer-parser.c | 10 +-
src/app-layer-parser.h | 11 +-
src/app-layer-protos.c | 28 +++
src/app-layer-protos.h | 9 +
src/app-layer-register.c | 185 ++++++++++++++++
src/app-layer-register.h | 90 ++++++++
src/decode.h | 8 +
src/detect-engine-tls.c | 76 +++++++
src/detect-engine-tls.h | 7 +
...cert-serial.c => detect-tls-cert-fingerprint.c} | 85 ++++---
...cert-serial.h => detect-tls-cert-fingerprint.h} | 8 +-
src/detect.c | 2 +
src/detect.h | 1 +
src/flow-util.c | 2 +
src/flow.c | 27 +++
src/flow.h | 4 +
src/output-json-netflow.c | 9 +
src/runmode-pfring.c | 18 ++
src/runmode-unittests.c | 12 +
src/source-pfring.c | 86 +++++++-
src/source-pfring.h | 26 ++-
src/suricata-common.h | 2 +-
src/suricata.h | 2 +-
src/util-device.h | 1 +
src/util-error.c | 1 +
src/util-error.h | 3 +-
suricata.yaml.in | 6 +
38 files changed, 969 insertions(+), 374 deletions(-)
create mode 100644 rust/src/parser.rs
create mode 100644 src/app-layer-register.c
create mode 100644 src/app-layer-register.h
copy src/{detect-tls-cert-serial.c => detect-tls-cert-fingerprint.c} (85%)
copy src/{detect-tls-cert-serial.h => detect-tls-cert-fingerprint.h} (82%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list