[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-554-gc60decd

OISF Git noreply at openinfosecfoundation.org
Thu Mar 15 09:25:21 UTC 2018


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  c60decd678f9d8f155fec65b0d5dcc67efc61487 (commit)
       via  27fd5214204fa5e6d891b27e223635670bbd2ad2 (commit)
       via  57d9574839f089624a6c5ed39a754ca3011c974c (commit)
       via  dfdfc478abb89a05dc9f1373a484f4ac9aac4243 (commit)
       via  769f9721856e4bee5d0ef7dca17da6f702f94677 (commit)
       via  fb66d4575406310bfe15335a75924e20c9f82206 (commit)
       via  92db7be502bc80294151a0a2169b55175603f7a4 (commit)
       via  6231ffc110dcc4b05186e6f49877082c4606faf5 (commit)
       via  756bed06a8f9d879fdd2b138a168223f3096698d (commit)
       via  869b7c0e0cb3b62bb3a88f89ef90979e1d17e0bd (commit)
       via  c2236ea2b31deb683319481cf9312abdaf42764b (commit)
       via  71742ed52bac6053892746b2285de0a100b419f6 (commit)
       via  bc193242ad3d4a7b96516823b8a67912200fa94e (commit)
       via  32b19fac99d4602b392c03118e98a67ad3cf98e3 (commit)
       via  fb986abe81f5948724eb152318ec9b592120e6b5 (commit)
       via  67f0e27ca4b8259c2d06b53654a61784f735e431 (commit)
       via  816bd022a6996267e72d7d73fda3fc277074f9a1 (commit)
       via  0519807639f9dd3b6feef57f90cd153771351531 (commit)
       via  286c054472e6253595a4e62aa2fd3a13cc09c463 (commit)
       via  7ab071a58da141d4316c9452337114c0414b49dd (commit)
       via  ff398deda9ace22c20724c78eaac25eb38de8420 (commit)
       via  251a8e7debbd5cc5276c7984a6a9928f75ec897e (commit)
       via  283be3cade48896bfe27fd11946a51fd6e967113 (commit)
       via  bf08285602ed6a010d5a537310117fe00e291ed1 (commit)
       via  5c260207147de4aa4cea27ab8552fdec635fd307 (commit)
       via  75265ec37614e6aa6e065bd17de8bef7d1609d7f (commit)
       via  7cd66516f0fed144d04942eb9a95a6efda4d8647 (commit)
       via  f7ed749d4f66ee96c546b46643d0d41109fa2f20 (commit)
       via  eed492547c605fcdc85365f472cb46e1fcd9758f (commit)
       via  6d56edc3de480113e2db5f19b10827601bc92849 (commit)
       via  c56f5e11ca2748c700ba37e7d5a26955403d91bb (commit)
       via  d75ebdb9814eafc520c988a93eacc0d6b8f5c437 (commit)
       via  fcbeab70a4cddd87395c10ff9b9ca5a50f369439 (commit)
       via  90e2abaac4692d35acd626465782cf2b5c36e9fb (commit)
       via  76917a87324aaab55c1fa1c8bf1417f3957c323c (commit)
       via  668c747aee1fe2fb666e63b1c6788b7c7e5a1a4c (commit)
       via  0ed00cf104f1cd776898c69237d5ffe25152b3f1 (commit)
       via  1c701dc50e1ea6ed24a2b46752e1b6a49fcbee10 (commit)
       via  1d4aac1d4d01e5a5e2a170123e7e65cff4d68597 (commit)
       via  c91242e71cae8059840e0439e2f653476f98d89f (commit)
       via  caf29e92b3f314f552bc9fece4f2e7a542551ed5 (commit)
       via  0e05ef7369e3f7204cbac728e2670abea607f9ca (commit)
       via  28f16e38ac2a310e3e562a373e6a3ea9a7cf6daa (commit)
       via  78cd92a933cc280951a846eed6e4db5b7ddf034e (commit)
       via  05992f1772e70621f3fb64d210a45ee81ad2afd2 (commit)
       via  be615c9fbc386c85a2714f3e27edcfd538bcaba6 (commit)
       via  dab055d8c83b409a0046766e29717ee45d56f25d (commit)
       via  0d69e7b8c286815e69dbb613269ec8bc9049baca (commit)
       via  ad1bc7f473610977b992ed6cef7604a2cb2925fe (commit)
       via  a44504a1bf0bbef07fa640e562f0229a08346963 (commit)
       via  7114d5d25be3fc1df5dfec1028bd2b88ff5ee834 (commit)
       via  d9e43d3e633e398812bd858763e26585ac1deec0 (commit)
       via  ecbf10da70c0ecbcedd2663262ef389807064b0b (commit)
       via  b34392051dd7c5c75c64144294bb4d496d4a491f (commit)
       via  894a73ee066acd00229f053b514bced69c6cfce4 (commit)
       via  170edf7c445cfce8a608224227286b73035b1491 (commit)
       via  7ceb67138f495aaf192f64b6fca3f72f6dd5ca28 (commit)
       via  98b926bf728d09b9efd04b96d2f0507dcc1a6e1a (commit)
       via  595557eb8d29a9a3fbc17985dfd459e9d20fecfe (commit)
       via  7dff9b99696fe52eb8a11d20144056a41527ca3c (commit)
       via  8bef1208989d47c03e07589dae204cd4e995e755 (commit)
       via  75d7c9d64af9a758c3b6f76c474a787b4e1d1d85 (commit)
       via  50a182194a20a9a733d637b83a35ab5f2876c63c (commit)
      from  19988310d1dfe941be7fd9231a64c98aba7391d2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c60decd678f9d8f155fec65b0d5dcc67efc61487
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 14 16:58:45 2018 +0100

    rust/dns: default to eve log version 2 for rust

commit 27fd5214204fa5e6d891b27e223635670bbd2ad2
Author: Jason Ish <ish at unx.ca>
Date:   Fri Feb 2 12:46:13 2018 -0600

    eve/dns/v2: support eve/dns v2 in rust

commit 57d9574839f089624a6c5ed39a754ca3011c974c
Author: Jason Ish <ish at unx.ca>
Date:   Fri Feb 2 12:45:35 2018 -0600

    rust/json: expose more of jansson to rust

commit dfdfc478abb89a05dc9f1373a484f4ac9aac4243
Author: Jason Ish <ish at unx.ca>
Date:   Fri Feb 2 11:45:20 2018 -0600

    eve/dns-v2: only log responses for enabled types
    
    This changes the logic a bit for v2, checking the rrtype of the
    query to see if the response should be logged.

commit 769f9721856e4bee5d0ef7dca17da6f702f94677
Author: Jason Ish <ish at unx.ca>
Date:   Fri Feb 2 11:08:00 2018 -0600

    eve/dns-v2: log authorities as a list
    
    Log the authorities just like the answers, as a list under
    the authorities key.

commit fb66d4575406310bfe15335a75924e20c9f82206
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date:   Wed Dec 20 11:27:48 2017 +0100

    doc: introduce dns compact logging

commit 92db7be502bc80294151a0a2169b55175603f7a4
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date:   Mon Aug 7 10:31:16 2017 +0200

    output-json-alert: add dns info
    
    This changes LogQuery and LogAnswer functions
    returning a json object instead of writing it in a log file.
    In this way it's possible to reuse them to add dns info
    into an alert.
    
    The following is an alert record with dns:
    
    {
      "timestamp": "2017-07-31T15:01:17.885281+0200",
      "event_type": "alert",
      "src_ip": "8.8.8.8",
      ...
      "dns": {
        "query": [
          {
            "type": "query",
            "id": 25394,
            "rrname": "notifications.google.com",
            "rrtype": "A",
            "tx_id": 0
          }
        ],
        "answer": {
          "type": "answer",
          "id": 25394,
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "notifications.google.com",
              "rrtype": "CNAME",
              "ttl": 3599,
              "rdata": "plus.l.google.com"
            },
            {
              "rrname": "plus.l.google.com",
              "rrtype": "A",
              "ttl": 299,
              "rdata": "216.58.205.174"
            }
          ]
        }
      }
    }

commit 6231ffc110dcc4b05186e6f49877082c4606faf5
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date:   Thu Aug 10 14:21:56 2017 +0200

    output-json-dns: add json logging functions
    
    This adds some public functions needed to add
    dns information when an alert is logged.

commit 756bed06a8f9d879fdd2b138a168223f3096698d
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date:   Wed Aug 2 15:55:01 2017 +0200

    output-json-dns: add new output formats for v2
    
    This adds two new output formats that permits to reduce
    the number of line logged for a dns answer because
    actually an event is logged for each answer.
    With this patch, only an event that contains all the answers
    is logged.
    
    The formats are named 'detailed' and 'grouped'.
    
    The first format provides a list of answers with
    the following fields:
    - rrname
    - rrdata
    - ttl
    - rdata
    
    The second format provides a list of record data grouped
    by their type.
    
    The output below is an example of the formats:
    
    {
      "timestamp": "2017-11-29T10:27:18.148282+0100",
      "flow_id": 268864910185905,
      "in_iface": "wlp2s0",
      "event_type": "dns",
      "src_ip": "192.168.1.254",
      "src_port": 53,
      "dest_ip": "192.168.1.176",
      "dest_port": 52609,
      "proto": "UDP",
      "dns": {
        "type": "answer",
        "id": 3654,
        "rcode": "NOERROR",
        "answers": [
          {
            "rrname": "wordpress.org",
            "rrtype": "A",
            "ttl": 544,
            "rdata": "66.155.40.249"
          },
          {
            "rrname": "wordpress.org",
            "rrtype": "A",
            "ttl": 544,
            "rdata": "66.155.40.250"
          }
        ],
        "grouped": {
          "A": [
            "66.155.40.249",
            "66.155.40.250"
          ]
        }
      }
    }

commit 869b7c0e0cb3b62bb3a88f89ef90979e1d17e0bd
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date:   Tue Nov 28 09:51:48 2017 +0100

    output-json-dns: add new configuration
    
    This patch adds a new configuration for dns,
    introducing a "version" that permits to switch
    between the new and old format to provide
    backward compatibility.
    
    The new configuration is made up of these new fields:
    - version
    - requests (query)
    - response (answer)
    - types (custom)

commit c2236ea2b31deb683319481cf9312abdaf42764b
Author: David DIALLO <david.diallo at gmail.com>
Date:   Thu Feb 22 00:29:33 2018 +0100

    modbus: Support Unit Identifier
    
    When destination IP address does not suffice to uniquely identify
    the Modbus/TCP device.
    
    Some Modbus/TCP devices act as gateways to other Modbus/TCP devices
    that are behind this gateways.

commit 71742ed52bac6053892746b2285de0a100b419f6
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 14 21:59:51 2018 +0100

    smb: share can't be <share_root>

commit bc193242ad3d4a7b96516823b8a67912200fa94e
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 14 13:47:07 2018 +0100

    smb1: add OPEN_ANDX command name for logging

commit 32b19fac99d4602b392c03118e98a67ad3cf98e3
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 14 13:16:38 2018 +0100

    smb2: don't log/track each READ/WRITE/etc

commit fb986abe81f5948724eb152318ec9b592120e6b5
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 14 10:26:40 2018 +0100

    smb: log file FID/GUID as fuid

commit 67f0e27ca4b8259c2d06b53654a61784f735e431
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 14 09:05:12 2018 +0100

    smb: add smb records to fileinfo

commit 816bd022a6996267e72d7d73fda3fc277074f9a1
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 17:34:00 2018 +0100

    smb1: improve non nt-status handling
    
    Support SRV error, with a couple of codes.
    Rename statux field to status_code.

commit 0519807639f9dd3b6feef57f90cd153771351531
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 16:36:45 2018 +0100

    smb1: ignore tree_id in session setup

commit 286c054472e6253595a4e62aa2fd3a13cc09c463
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 13:44:35 2018 +0100

    smb: improve nbss/smb record detection

commit 7ab071a58da141d4316c9452337114c0414b49dd
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 13:36:19 2018 +0100

    rust/smb: implement minimal record parsing in probing

commit ff398deda9ace22c20724c78eaac25eb38de8420
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 13:24:45 2018 +0100

    rust/smb: improve protocol detection
    
    Register both pattern based detection and probing parsers.

commit 251a8e7debbd5cc5276c7984a6a9928f75ec897e
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 13:10:42 2018 +0100

    smb: add smb to default eve-log config

commit 283be3cade48896bfe27fd11946a51fd6e967113
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 13 08:05:03 2018 +0100

    smb2: break out ioctl handling

commit bf08285602ed6a010d5a537310117fe00e291ed1
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 21:05:07 2018 +0100

    smb2: parse async records

commit 5c260207147de4aa4cea27ab8552fdec635fd307
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 21:04:54 2018 +0100

    smb2: add ioctl transactions to log the funcs

commit 75265ec37614e6aa6e065bd17de8bef7d1609d7f
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 18:09:12 2018 +0100

    smb2: map ioctl funcs to names
    
    List is based on Wireshark's list.

commit 7cd66516f0fed144d04942eb9a95a6efda4d8647
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 14:32:08 2018 +0100

    smb: use formal MS names for disposition

commit f7ed749d4f66ee96c546b46643d0d41109fa2f20
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 14:31:49 2018 +0100

    smb: disable debug output

commit eed492547c605fcdc85365f472cb46e1fcd9758f
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 09:56:12 2018 +0100

    smb1: extract server guid from negotiate

commit 6d56edc3de480113e2db5f19b10827601bc92849
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 09:32:17 2018 +0100

    smb2: log client and server guid from negotiate

commit c56f5e11ca2748c700ba37e7d5a26955403d91bb
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 08:28:21 2018 +0100

    smb2: log share type

commit d75ebdb9814eafc520c988a93eacc0d6b8f5c437
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 07:57:06 2018 +0100

    smb: log create empty filename as '<share_root>' like Bro does

commit fcbeab70a4cddd87395c10ff9b9ca5a50f369439
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 12 07:56:29 2018 +0100

    smb1: log create 'service' fields

commit 90e2abaac4692d35acd626465782cf2b5c36e9fb
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 10 12:52:56 2018 +0100

    smb1: use generic string parsing for trans

commit 76917a87324aaab55c1fa1c8bf1417f3957c323c
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 10 11:18:48 2018 +0100

    smb1: generic smb string parse func

commit 668c747aee1fe2fb666e63b1c6788b7c7e5a1a4c
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 10 11:10:25 2018 +0100

    smb1: more exact tree connect record parsing

commit 0ed00cf104f1cd776898c69237d5ffe25152b3f1
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 10 09:57:44 2018 +0100

    smb: move common parsing funcs into own file

commit 1c701dc50e1ea6ed24a2b46752e1b6a49fcbee10
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 10 09:42:55 2018 +0100

    smb: make string parsing functions public

commit 1d4aac1d4d01e5a5e2a170123e7e65cff4d68597
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Mar 9 17:09:23 2018 +0100

    smb1: set event on empty/malformed dialect

commit c91242e71cae8059840e0439e2f653476f98d89f
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Mar 9 16:05:17 2018 +0100

    smb: rename file to filename in output

commit caf29e92b3f314f552bc9fece4f2e7a542551ed5
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Mar 9 16:04:22 2018 +0100

    smb1: parse and log timestamps in CREATE

commit 0e05ef7369e3f7204cbac728e2670abea607f9ca
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Mar 9 10:27:13 2018 +0100

    smb2: parse and log timestamps in CREATE

commit 28f16e38ac2a310e3e562a373e6a3ea9a7cf6daa
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 7 18:23:17 2018 +0100

    smb1: disable 'generic tx's for common commands
    
    Don't create a generic TX for each READ, WRITE, TRANS, TRANS2,
    except if they cause events to trigger.

commit 78cd92a933cc280951a846eed6e4db5b7ddf034e
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 7 15:29:49 2018 +0100

    smb: generic event per trans/read/write for tx events

commit 05992f1772e70621f3fb64d210a45ee81ad2afd2
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 7 11:32:04 2018 +0100

    smb: fix event handling when no tx is available

commit be615c9fbc386c85a2714f3e27edcfd538bcaba6
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 6 10:13:40 2018 +0100

    smb: small cleanups, fixes and optimizations

commit dab055d8c83b409a0046766e29717ee45d56f25d
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Mar 2 17:19:18 2018 +0100

    smb: update to der-parser 0.5.1

commit 0d69e7b8c286815e69dbb613269ec8bc9049baca
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 12:47:49 2018 +0100

    smb: remove unused dialects from state

commit ad1bc7f473610977b992ed6cef7604a2cb2925fe
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 12:39:15 2018 +0100

    smb1: minor debug improvment

commit a44504a1bf0bbef07fa640e562f0229a08346963
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 12:38:53 2018 +0100

    smb: redo gap catch up handling

commit 7114d5d25be3fc1df5dfec1028bd2b88ff5ee834
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 10:55:21 2018 +0100

    smb1: parser cleanups

commit d9e43d3e633e398812bd858763e26585ac1deec0
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 10:37:06 2018 +0100

    smb: cleaner server component parsing

commit ecbf10da70c0ecbcedd2663262ef389807064b0b
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 10:31:07 2018 +0100

    smb2: improve write error handling

commit b34392051dd7c5c75c64144294bb4d496d4a491f
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 10:30:02 2018 +0100

    smb3: parse transform records

commit 894a73ee066acd00229f053b514bced69c6cfce4
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 08:50:36 2018 +0100

    smb2: add missing commands and improve ioctl err handling

commit 170edf7c445cfce8a608224227286b73035b1491
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 1 08:50:04 2018 +0100

    smb1: improve error handling

commit 7ceb67138f495aaf192f64b6fca3f72f6dd5ca28
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 28 21:19:20 2018 +0100

    smb: add status

commit 98b926bf728d09b9efd04b96d2f0507dcc1a6e1a
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 28 18:38:33 2018 +0100

    smb1: implement WRITE_AND_CLOSE

commit 595557eb8d29a9a3fbc17985dfd459e9d20fecfe
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 28 17:56:01 2018 +0100

    smb1: locking andx may have no response

commit 7dff9b99696fe52eb8a11d20144056a41527ca3c
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 28 17:25:08 2018 +0100

    smb/nbss: work around bad traffic

commit 8bef1208989d47c03e07589dae204cd4e995e755
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 27 18:12:07 2018 +0100

    smb: session setup improvements
    
    Improve ntlmssp version extraction and logging, make its data structures
    optional. Extract native os/lm from smb1 ssn setup.
    
    Move session setup handling into their own files.
    
    Only log auth data for the session setup tx.

commit 75d7c9d64af9a758c3b6f76c474a787b4e1d1d85
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Feb 26 13:39:42 2018 +0100

    rust/smb: initial support
    
    Implement SMB app-layer parser for SMB1/2/3. Features:
    - file extraction
    - eve logging
    - existing dce keyword support
    - smb_share/smb_named_pipe keyword support (stickybuffers)
    - auth meta data extraction (ntlmssp, kerberos5)

commit 50a182194a20a9a733d637b83a35ab5f2876c63c
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Feb 19 17:30:36 2018 +0100

    eve: log pcap filename

-----------------------------------------------------------------------

Summary of changes:
 doc/userguide/output/eve/eve-json-format.rst       |  102 +-
 doc/userguide/partials/eve-log.yaml                |   31 +
 doc/userguide/rules/modbus-keyword.rst             |   46 +-
 rules/smb-events.rules                             |   16 +
 rust/Cargo.toml.in                                 |    1 +
 rust/gen-c-headers.py                              |    2 +
 rust/src/dns/log.rs                                |  224 ++-
 rust/src/filetracker.rs                            |    1 +
 rust/src/json.rs                                   |   17 +
 rust/src/lib.rs                                    |    3 +
 rust/src/smb/auth.rs                               |  471 +++++
 rust/src/smb/dcerpc.rs                             |  556 ++++++
 rust/src/smb/dcerpc_records.rs                     |  233 +++
 rust/src/smb/debug.rs                              |   78 +
 rust/src/smb/detect.rs                             |  214 +++
 rust/src/smb/events.rs                             |   73 +
 rust/src/smb/files.rs                              |  233 +++
 rust/src/smb/funcs.rs                              |  114 ++
 rust/src/smb/log.rs                                |  402 ++++
 rust/src/{nfs => smb}/mod.rs                       |   28 +-
 rust/src/smb/nbss_records.rs                       |   82 +
 rust/src/smb/ntlmssp_records.rs                    |  122 ++
 rust/src/smb/session.rs                            |   75 +
 rust/src/smb/smb.rs                                | 1934 ++++++++++++++++++++
 rust/src/smb/smb1.rs                               |  886 +++++++++
 rust/src/smb/smb1_records.rs                       |  671 +++++++
 rust/src/smb/smb1_session.rs                       |  203 ++
 rust/src/smb/smb2.rs                               |  693 +++++++
 rust/src/smb/smb2_ioctl.rs                         |  143 ++
 rust/src/smb/smb2_records.rs                       |  477 +++++
 rust/src/smb/smb2_session.rs                       |   83 +
 ebpf/vlan_filter.c => rust/src/smb/smb3.rs         |   42 +-
 rust/src/smb/smb_records.rs                        |   53 +
 src/Makefile.am                                    |    3 +
 src/app-layer-modbus.c                             |  761 +++-----
 src/app-layer-modbus.h                             |    4 +
 src/app-layer-smb-tcp-rust.c                       |  284 +++
 ...yer-dns-tcp-rust.h => app-layer-smb-tcp-rust.h} |    9 +-
 src/app-layer-smb.c                                |   11 +
 src/app-layer-smb.h                                |    6 +-
 src/detect-dce-iface.c                             |   89 +-
 src/detect-dce-opnum.c                             |   63 +-
 src/detect-dce-stub-data.c                         |   91 +-
 src/detect-engine-modbus.c                         |  850 +++++----
 src/detect-engine-register.c                       |    4 +
 src/detect-engine-register.h                       |    2 +
 src/detect-file-data.c                             |   18 +-
 src/detect-filename.c                              |    7 +
 src/detect-modbus.c                                |  526 +++---
 src/detect-modbus.h                                |    1 +
 src/detect-smb-share.c                             |  243 +++
 src/{detect-nfs-procedure.h => detect-smb-share.h} |   10 +-
 src/output-json-alert.c                            |   40 +-
 src/output-json-dns.c                              |  679 +++++--
 src/output-json-dns.h                              |    7 +
 src/output-json-file.c                             |    6 +
 src/{output-json-tftp.c => output-json-smb.c}      |  118 +-
 src/{detect-nfs-procedure.h => output-json-smb.h}  |   13 +-
 src/output-json.c                                  |   22 +
 src/output-json.h                                  |    1 +
 src/output.c                                       |    4 +
 src/rust.h                                         |    2 +
 src/source-pcap-file-directory-helper.c            |    1 +
 src/source-pcap-file-helper.c                      |    9 +
 src/source-pcap-file.h                             |    1 +
 src/suricata-common.h                              |    1 +
 src/util-error.c                                   |    1 +
 src/util-error.h                                   |    1 +
 src/util-logopenfile.h                             |    3 +
 src/util-profiling.c                               |    1 +
 suricata.yaml.in                                   |   44 +-
 71 files changed, 10793 insertions(+), 1452 deletions(-)
 create mode 100644 rules/smb-events.rules
 create mode 100644 rust/src/smb/auth.rs
 create mode 100644 rust/src/smb/dcerpc.rs
 create mode 100644 rust/src/smb/dcerpc_records.rs
 create mode 100644 rust/src/smb/debug.rs
 create mode 100644 rust/src/smb/detect.rs
 create mode 100644 rust/src/smb/events.rs
 create mode 100644 rust/src/smb/files.rs
 create mode 100644 rust/src/smb/funcs.rs
 create mode 100644 rust/src/smb/log.rs
 copy rust/src/{nfs => smb}/mod.rs (66%)
 create mode 100644 rust/src/smb/nbss_records.rs
 create mode 100644 rust/src/smb/ntlmssp_records.rs
 create mode 100644 rust/src/smb/session.rs
 create mode 100644 rust/src/smb/smb.rs
 create mode 100644 rust/src/smb/smb1.rs
 create mode 100644 rust/src/smb/smb1_records.rs
 create mode 100644 rust/src/smb/smb1_session.rs
 create mode 100644 rust/src/smb/smb2.rs
 create mode 100644 rust/src/smb/smb2_ioctl.rs
 create mode 100644 rust/src/smb/smb2_records.rs
 create mode 100644 rust/src/smb/smb2_session.rs
 copy ebpf/vlan_filter.c => rust/src/smb/smb3.rs (51%)
 create mode 100644 rust/src/smb/smb_records.rs
 create mode 100644 src/app-layer-smb-tcp-rust.c
 copy src/{app-layer-dns-tcp-rust.h => app-layer-smb-tcp-rust.h} (79%)
 create mode 100644 src/detect-smb-share.c
 copy src/{detect-nfs-procedure.h => detect-smb-share.h} (80%)
 copy src/{output-json-tftp.c => output-json-smb.c} (52%)
 copy src/{detect-nfs-procedure.h => output-json-smb.h} (77%)


hooks/post-receive
-- 
OISF


More information about the Oisf-devel mailing list