[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-554-gc60decd
OISF Git
noreply at openinfosecfoundation.org
Thu Mar 15 09:25:21 UTC 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via c60decd678f9d8f155fec65b0d5dcc67efc61487 (commit)
via 27fd5214204fa5e6d891b27e223635670bbd2ad2 (commit)
via 57d9574839f089624a6c5ed39a754ca3011c974c (commit)
via dfdfc478abb89a05dc9f1373a484f4ac9aac4243 (commit)
via 769f9721856e4bee5d0ef7dca17da6f702f94677 (commit)
via fb66d4575406310bfe15335a75924e20c9f82206 (commit)
via 92db7be502bc80294151a0a2169b55175603f7a4 (commit)
via 6231ffc110dcc4b05186e6f49877082c4606faf5 (commit)
via 756bed06a8f9d879fdd2b138a168223f3096698d (commit)
via 869b7c0e0cb3b62bb3a88f89ef90979e1d17e0bd (commit)
via c2236ea2b31deb683319481cf9312abdaf42764b (commit)
via 71742ed52bac6053892746b2285de0a100b419f6 (commit)
via bc193242ad3d4a7b96516823b8a67912200fa94e (commit)
via 32b19fac99d4602b392c03118e98a67ad3cf98e3 (commit)
via fb986abe81f5948724eb152318ec9b592120e6b5 (commit)
via 67f0e27ca4b8259c2d06b53654a61784f735e431 (commit)
via 816bd022a6996267e72d7d73fda3fc277074f9a1 (commit)
via 0519807639f9dd3b6feef57f90cd153771351531 (commit)
via 286c054472e6253595a4e62aa2fd3a13cc09c463 (commit)
via 7ab071a58da141d4316c9452337114c0414b49dd (commit)
via ff398deda9ace22c20724c78eaac25eb38de8420 (commit)
via 251a8e7debbd5cc5276c7984a6a9928f75ec897e (commit)
via 283be3cade48896bfe27fd11946a51fd6e967113 (commit)
via bf08285602ed6a010d5a537310117fe00e291ed1 (commit)
via 5c260207147de4aa4cea27ab8552fdec635fd307 (commit)
via 75265ec37614e6aa6e065bd17de8bef7d1609d7f (commit)
via 7cd66516f0fed144d04942eb9a95a6efda4d8647 (commit)
via f7ed749d4f66ee96c546b46643d0d41109fa2f20 (commit)
via eed492547c605fcdc85365f472cb46e1fcd9758f (commit)
via 6d56edc3de480113e2db5f19b10827601bc92849 (commit)
via c56f5e11ca2748c700ba37e7d5a26955403d91bb (commit)
via d75ebdb9814eafc520c988a93eacc0d6b8f5c437 (commit)
via fcbeab70a4cddd87395c10ff9b9ca5a50f369439 (commit)
via 90e2abaac4692d35acd626465782cf2b5c36e9fb (commit)
via 76917a87324aaab55c1fa1c8bf1417f3957c323c (commit)
via 668c747aee1fe2fb666e63b1c6788b7c7e5a1a4c (commit)
via 0ed00cf104f1cd776898c69237d5ffe25152b3f1 (commit)
via 1c701dc50e1ea6ed24a2b46752e1b6a49fcbee10 (commit)
via 1d4aac1d4d01e5a5e2a170123e7e65cff4d68597 (commit)
via c91242e71cae8059840e0439e2f653476f98d89f (commit)
via caf29e92b3f314f552bc9fece4f2e7a542551ed5 (commit)
via 0e05ef7369e3f7204cbac728e2670abea607f9ca (commit)
via 28f16e38ac2a310e3e562a373e6a3ea9a7cf6daa (commit)
via 78cd92a933cc280951a846eed6e4db5b7ddf034e (commit)
via 05992f1772e70621f3fb64d210a45ee81ad2afd2 (commit)
via be615c9fbc386c85a2714f3e27edcfd538bcaba6 (commit)
via dab055d8c83b409a0046766e29717ee45d56f25d (commit)
via 0d69e7b8c286815e69dbb613269ec8bc9049baca (commit)
via ad1bc7f473610977b992ed6cef7604a2cb2925fe (commit)
via a44504a1bf0bbef07fa640e562f0229a08346963 (commit)
via 7114d5d25be3fc1df5dfec1028bd2b88ff5ee834 (commit)
via d9e43d3e633e398812bd858763e26585ac1deec0 (commit)
via ecbf10da70c0ecbcedd2663262ef389807064b0b (commit)
via b34392051dd7c5c75c64144294bb4d496d4a491f (commit)
via 894a73ee066acd00229f053b514bced69c6cfce4 (commit)
via 170edf7c445cfce8a608224227286b73035b1491 (commit)
via 7ceb67138f495aaf192f64b6fca3f72f6dd5ca28 (commit)
via 98b926bf728d09b9efd04b96d2f0507dcc1a6e1a (commit)
via 595557eb8d29a9a3fbc17985dfd459e9d20fecfe (commit)
via 7dff9b99696fe52eb8a11d20144056a41527ca3c (commit)
via 8bef1208989d47c03e07589dae204cd4e995e755 (commit)
via 75d7c9d64af9a758c3b6f76c474a787b4e1d1d85 (commit)
via 50a182194a20a9a733d637b83a35ab5f2876c63c (commit)
from 19988310d1dfe941be7fd9231a64c98aba7391d2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c60decd678f9d8f155fec65b0d5dcc67efc61487
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 16:58:45 2018 +0100
rust/dns: default to eve log version 2 for rust
commit 27fd5214204fa5e6d891b27e223635670bbd2ad2
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 2 12:46:13 2018 -0600
eve/dns/v2: support eve/dns v2 in rust
commit 57d9574839f089624a6c5ed39a754ca3011c974c
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 2 12:45:35 2018 -0600
rust/json: expose more of jansson to rust
commit dfdfc478abb89a05dc9f1373a484f4ac9aac4243
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 2 11:45:20 2018 -0600
eve/dns-v2: only log responses for enabled types
This changes the logic a bit for v2, checking the rrtype of the
query to see if the response should be logged.
commit 769f9721856e4bee5d0ef7dca17da6f702f94677
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 2 11:08:00 2018 -0600
eve/dns-v2: log authorities as a list
Log the authorities just like the answers, as a list under
the authorities key.
commit fb66d4575406310bfe15335a75924e20c9f82206
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Wed Dec 20 11:27:48 2017 +0100
doc: introduce dns compact logging
commit 92db7be502bc80294151a0a2169b55175603f7a4
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Aug 7 10:31:16 2017 +0200
output-json-alert: add dns info
This changes LogQuery and LogAnswer functions
returning a json object instead of writing it in a log file.
In this way it's possible to reuse them to add dns info
into an alert.
The following is an alert record with dns:
{
"timestamp": "2017-07-31T15:01:17.885281+0200",
"event_type": "alert",
"src_ip": "8.8.8.8",
...
"dns": {
"query": [
{
"type": "query",
"id": 25394,
"rrname": "notifications.google.com",
"rrtype": "A",
"tx_id": 0
}
],
"answer": {
"type": "answer",
"id": 25394,
"rcode": "NOERROR",
"answers": [
{
"rrname": "notifications.google.com",
"rrtype": "CNAME",
"ttl": 3599,
"rdata": "plus.l.google.com"
},
{
"rrname": "plus.l.google.com",
"rrtype": "A",
"ttl": 299,
"rdata": "216.58.205.174"
}
]
}
}
}
commit 6231ffc110dcc4b05186e6f49877082c4606faf5
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Thu Aug 10 14:21:56 2017 +0200
output-json-dns: add json logging functions
This adds some public functions needed to add
dns information when an alert is logged.
commit 756bed06a8f9d879fdd2b138a168223f3096698d
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Wed Aug 2 15:55:01 2017 +0200
output-json-dns: add new output formats for v2
This adds two new output formats that permits to reduce
the number of line logged for a dns answer because
actually an event is logged for each answer.
With this patch, only an event that contains all the answers
is logged.
The formats are named 'detailed' and 'grouped'.
The first format provides a list of answers with
the following fields:
- rrname
- rrdata
- ttl
- rdata
The second format provides a list of record data grouped
by their type.
The output below is an example of the formats:
{
"timestamp": "2017-11-29T10:27:18.148282+0100",
"flow_id": 268864910185905,
"in_iface": "wlp2s0",
"event_type": "dns",
"src_ip": "192.168.1.254",
"src_port": 53,
"dest_ip": "192.168.1.176",
"dest_port": 52609,
"proto": "UDP",
"dns": {
"type": "answer",
"id": 3654,
"rcode": "NOERROR",
"answers": [
{
"rrname": "wordpress.org",
"rrtype": "A",
"ttl": 544,
"rdata": "66.155.40.249"
},
{
"rrname": "wordpress.org",
"rrtype": "A",
"ttl": 544,
"rdata": "66.155.40.250"
}
],
"grouped": {
"A": [
"66.155.40.249",
"66.155.40.250"
]
}
}
}
commit 869b7c0e0cb3b62bb3a88f89ef90979e1d17e0bd
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Tue Nov 28 09:51:48 2017 +0100
output-json-dns: add new configuration
This patch adds a new configuration for dns,
introducing a "version" that permits to switch
between the new and old format to provide
backward compatibility.
The new configuration is made up of these new fields:
- version
- requests (query)
- response (answer)
- types (custom)
commit c2236ea2b31deb683319481cf9312abdaf42764b
Author: David DIALLO <david.diallo at gmail.com>
Date: Thu Feb 22 00:29:33 2018 +0100
modbus: Support Unit Identifier
When destination IP address does not suffice to uniquely identify
the Modbus/TCP device.
Some Modbus/TCP devices act as gateways to other Modbus/TCP devices
that are behind this gateways.
commit 71742ed52bac6053892746b2285de0a100b419f6
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 21:59:51 2018 +0100
smb: share can't be <share_root>
commit bc193242ad3d4a7b96516823b8a67912200fa94e
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 13:47:07 2018 +0100
smb1: add OPEN_ANDX command name for logging
commit 32b19fac99d4602b392c03118e98a67ad3cf98e3
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 13:16:38 2018 +0100
smb2: don't log/track each READ/WRITE/etc
commit fb986abe81f5948724eb152318ec9b592120e6b5
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 10:26:40 2018 +0100
smb: log file FID/GUID as fuid
commit 67f0e27ca4b8259c2d06b53654a61784f735e431
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 09:05:12 2018 +0100
smb: add smb records to fileinfo
commit 816bd022a6996267e72d7d73fda3fc277074f9a1
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 17:34:00 2018 +0100
smb1: improve non nt-status handling
Support SRV error, with a couple of codes.
Rename statux field to status_code.
commit 0519807639f9dd3b6feef57f90cd153771351531
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 16:36:45 2018 +0100
smb1: ignore tree_id in session setup
commit 286c054472e6253595a4e62aa2fd3a13cc09c463
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 13:44:35 2018 +0100
smb: improve nbss/smb record detection
commit 7ab071a58da141d4316c9452337114c0414b49dd
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 13:36:19 2018 +0100
rust/smb: implement minimal record parsing in probing
commit ff398deda9ace22c20724c78eaac25eb38de8420
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 13:24:45 2018 +0100
rust/smb: improve protocol detection
Register both pattern based detection and probing parsers.
commit 251a8e7debbd5cc5276c7984a6a9928f75ec897e
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 13:10:42 2018 +0100
smb: add smb to default eve-log config
commit 283be3cade48896bfe27fd11946a51fd6e967113
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 13 08:05:03 2018 +0100
smb2: break out ioctl handling
commit bf08285602ed6a010d5a537310117fe00e291ed1
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 21:05:07 2018 +0100
smb2: parse async records
commit 5c260207147de4aa4cea27ab8552fdec635fd307
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 21:04:54 2018 +0100
smb2: add ioctl transactions to log the funcs
commit 75265ec37614e6aa6e065bd17de8bef7d1609d7f
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 18:09:12 2018 +0100
smb2: map ioctl funcs to names
List is based on Wireshark's list.
commit 7cd66516f0fed144d04942eb9a95a6efda4d8647
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 14:32:08 2018 +0100
smb: use formal MS names for disposition
commit f7ed749d4f66ee96c546b46643d0d41109fa2f20
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 14:31:49 2018 +0100
smb: disable debug output
commit eed492547c605fcdc85365f472cb46e1fcd9758f
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 09:56:12 2018 +0100
smb1: extract server guid from negotiate
commit 6d56edc3de480113e2db5f19b10827601bc92849
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 09:32:17 2018 +0100
smb2: log client and server guid from negotiate
commit c56f5e11ca2748c700ba37e7d5a26955403d91bb
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 08:28:21 2018 +0100
smb2: log share type
commit d75ebdb9814eafc520c988a93eacc0d6b8f5c437
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 07:57:06 2018 +0100
smb: log create empty filename as '<share_root>' like Bro does
commit fcbeab70a4cddd87395c10ff9b9ca5a50f369439
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 12 07:56:29 2018 +0100
smb1: log create 'service' fields
commit 90e2abaac4692d35acd626465782cf2b5c36e9fb
Author: Victor Julien <victor at inliniac.net>
Date: Sat Mar 10 12:52:56 2018 +0100
smb1: use generic string parsing for trans
commit 76917a87324aaab55c1fa1c8bf1417f3957c323c
Author: Victor Julien <victor at inliniac.net>
Date: Sat Mar 10 11:18:48 2018 +0100
smb1: generic smb string parse func
commit 668c747aee1fe2fb666e63b1c6788b7c7e5a1a4c
Author: Victor Julien <victor at inliniac.net>
Date: Sat Mar 10 11:10:25 2018 +0100
smb1: more exact tree connect record parsing
commit 0ed00cf104f1cd776898c69237d5ffe25152b3f1
Author: Victor Julien <victor at inliniac.net>
Date: Sat Mar 10 09:57:44 2018 +0100
smb: move common parsing funcs into own file
commit 1c701dc50e1ea6ed24a2b46752e1b6a49fcbee10
Author: Victor Julien <victor at inliniac.net>
Date: Sat Mar 10 09:42:55 2018 +0100
smb: make string parsing functions public
commit 1d4aac1d4d01e5a5e2a170123e7e65cff4d68597
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 9 17:09:23 2018 +0100
smb1: set event on empty/malformed dialect
commit c91242e71cae8059840e0439e2f653476f98d89f
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 9 16:05:17 2018 +0100
smb: rename file to filename in output
commit caf29e92b3f314f552bc9fece4f2e7a542551ed5
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 9 16:04:22 2018 +0100
smb1: parse and log timestamps in CREATE
commit 0e05ef7369e3f7204cbac728e2670abea607f9ca
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 9 10:27:13 2018 +0100
smb2: parse and log timestamps in CREATE
commit 28f16e38ac2a310e3e562a373e6a3ea9a7cf6daa
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 7 18:23:17 2018 +0100
smb1: disable 'generic tx's for common commands
Don't create a generic TX for each READ, WRITE, TRANS, TRANS2,
except if they cause events to trigger.
commit 78cd92a933cc280951a846eed6e4db5b7ddf034e
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 7 15:29:49 2018 +0100
smb: generic event per trans/read/write for tx events
commit 05992f1772e70621f3fb64d210a45ee81ad2afd2
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 7 11:32:04 2018 +0100
smb: fix event handling when no tx is available
commit be615c9fbc386c85a2714f3e27edcfd538bcaba6
Author: Victor Julien <victor at inliniac.net>
Date: Tue Mar 6 10:13:40 2018 +0100
smb: small cleanups, fixes and optimizations
commit dab055d8c83b409a0046766e29717ee45d56f25d
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 2 17:19:18 2018 +0100
smb: update to der-parser 0.5.1
commit 0d69e7b8c286815e69dbb613269ec8bc9049baca
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 12:47:49 2018 +0100
smb: remove unused dialects from state
commit ad1bc7f473610977b992ed6cef7604a2cb2925fe
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 12:39:15 2018 +0100
smb1: minor debug improvment
commit a44504a1bf0bbef07fa640e562f0229a08346963
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 12:38:53 2018 +0100
smb: redo gap catch up handling
commit 7114d5d25be3fc1df5dfec1028bd2b88ff5ee834
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 10:55:21 2018 +0100
smb1: parser cleanups
commit d9e43d3e633e398812bd858763e26585ac1deec0
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 10:37:06 2018 +0100
smb: cleaner server component parsing
commit ecbf10da70c0ecbcedd2663262ef389807064b0b
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 10:31:07 2018 +0100
smb2: improve write error handling
commit b34392051dd7c5c75c64144294bb4d496d4a491f
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 10:30:02 2018 +0100
smb3: parse transform records
commit 894a73ee066acd00229f053b514bced69c6cfce4
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 08:50:36 2018 +0100
smb2: add missing commands and improve ioctl err handling
commit 170edf7c445cfce8a608224227286b73035b1491
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 1 08:50:04 2018 +0100
smb1: improve error handling
commit 7ceb67138f495aaf192f64b6fca3f72f6dd5ca28
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 28 21:19:20 2018 +0100
smb: add status
commit 98b926bf728d09b9efd04b96d2f0507dcc1a6e1a
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 28 18:38:33 2018 +0100
smb1: implement WRITE_AND_CLOSE
commit 595557eb8d29a9a3fbc17985dfd459e9d20fecfe
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 28 17:56:01 2018 +0100
smb1: locking andx may have no response
commit 7dff9b99696fe52eb8a11d20144056a41527ca3c
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 28 17:25:08 2018 +0100
smb/nbss: work around bad traffic
commit 8bef1208989d47c03e07589dae204cd4e995e755
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 27 18:12:07 2018 +0100
smb: session setup improvements
Improve ntlmssp version extraction and logging, make its data structures
optional. Extract native os/lm from smb1 ssn setup.
Move session setup handling into their own files.
Only log auth data for the session setup tx.
commit 75d7c9d64af9a758c3b6f76c474a787b4e1d1d85
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 26 13:39:42 2018 +0100
rust/smb: initial support
Implement SMB app-layer parser for SMB1/2/3. Features:
- file extraction
- eve logging
- existing dce keyword support
- smb_share/smb_named_pipe keyword support (stickybuffers)
- auth meta data extraction (ntlmssp, kerberos5)
commit 50a182194a20a9a733d637b83a35ab5f2876c63c
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 19 17:30:36 2018 +0100
eve: log pcap filename
-----------------------------------------------------------------------
Summary of changes:
doc/userguide/output/eve/eve-json-format.rst | 102 +-
doc/userguide/partials/eve-log.yaml | 31 +
doc/userguide/rules/modbus-keyword.rst | 46 +-
rules/smb-events.rules | 16 +
rust/Cargo.toml.in | 1 +
rust/gen-c-headers.py | 2 +
rust/src/dns/log.rs | 224 ++-
rust/src/filetracker.rs | 1 +
rust/src/json.rs | 17 +
rust/src/lib.rs | 3 +
rust/src/smb/auth.rs | 471 +++++
rust/src/smb/dcerpc.rs | 556 ++++++
rust/src/smb/dcerpc_records.rs | 233 +++
rust/src/smb/debug.rs | 78 +
rust/src/smb/detect.rs | 214 +++
rust/src/smb/events.rs | 73 +
rust/src/smb/files.rs | 233 +++
rust/src/smb/funcs.rs | 114 ++
rust/src/smb/log.rs | 402 ++++
rust/src/{nfs => smb}/mod.rs | 28 +-
rust/src/smb/nbss_records.rs | 82 +
rust/src/smb/ntlmssp_records.rs | 122 ++
rust/src/smb/session.rs | 75 +
rust/src/smb/smb.rs | 1934 ++++++++++++++++++++
rust/src/smb/smb1.rs | 886 +++++++++
rust/src/smb/smb1_records.rs | 671 +++++++
rust/src/smb/smb1_session.rs | 203 ++
rust/src/smb/smb2.rs | 693 +++++++
rust/src/smb/smb2_ioctl.rs | 143 ++
rust/src/smb/smb2_records.rs | 477 +++++
rust/src/smb/smb2_session.rs | 83 +
ebpf/vlan_filter.c => rust/src/smb/smb3.rs | 42 +-
rust/src/smb/smb_records.rs | 53 +
src/Makefile.am | 3 +
src/app-layer-modbus.c | 761 +++-----
src/app-layer-modbus.h | 4 +
src/app-layer-smb-tcp-rust.c | 284 +++
...yer-dns-tcp-rust.h => app-layer-smb-tcp-rust.h} | 9 +-
src/app-layer-smb.c | 11 +
src/app-layer-smb.h | 6 +-
src/detect-dce-iface.c | 89 +-
src/detect-dce-opnum.c | 63 +-
src/detect-dce-stub-data.c | 91 +-
src/detect-engine-modbus.c | 850 +++++----
src/detect-engine-register.c | 4 +
src/detect-engine-register.h | 2 +
src/detect-file-data.c | 18 +-
src/detect-filename.c | 7 +
src/detect-modbus.c | 526 +++---
src/detect-modbus.h | 1 +
src/detect-smb-share.c | 243 +++
src/{detect-nfs-procedure.h => detect-smb-share.h} | 10 +-
src/output-json-alert.c | 40 +-
src/output-json-dns.c | 679 +++++--
src/output-json-dns.h | 7 +
src/output-json-file.c | 6 +
src/{output-json-tftp.c => output-json-smb.c} | 118 +-
src/{detect-nfs-procedure.h => output-json-smb.h} | 13 +-
src/output-json.c | 22 +
src/output-json.h | 1 +
src/output.c | 4 +
src/rust.h | 2 +
src/source-pcap-file-directory-helper.c | 1 +
src/source-pcap-file-helper.c | 9 +
src/source-pcap-file.h | 1 +
src/suricata-common.h | 1 +
src/util-error.c | 1 +
src/util-error.h | 1 +
src/util-logopenfile.h | 3 +
src/util-profiling.c | 1 +
suricata.yaml.in | 44 +-
71 files changed, 10793 insertions(+), 1452 deletions(-)
create mode 100644 rules/smb-events.rules
create mode 100644 rust/src/smb/auth.rs
create mode 100644 rust/src/smb/dcerpc.rs
create mode 100644 rust/src/smb/dcerpc_records.rs
create mode 100644 rust/src/smb/debug.rs
create mode 100644 rust/src/smb/detect.rs
create mode 100644 rust/src/smb/events.rs
create mode 100644 rust/src/smb/files.rs
create mode 100644 rust/src/smb/funcs.rs
create mode 100644 rust/src/smb/log.rs
copy rust/src/{nfs => smb}/mod.rs (66%)
create mode 100644 rust/src/smb/nbss_records.rs
create mode 100644 rust/src/smb/ntlmssp_records.rs
create mode 100644 rust/src/smb/session.rs
create mode 100644 rust/src/smb/smb.rs
create mode 100644 rust/src/smb/smb1.rs
create mode 100644 rust/src/smb/smb1_records.rs
create mode 100644 rust/src/smb/smb1_session.rs
create mode 100644 rust/src/smb/smb2.rs
create mode 100644 rust/src/smb/smb2_ioctl.rs
create mode 100644 rust/src/smb/smb2_records.rs
create mode 100644 rust/src/smb/smb2_session.rs
copy ebpf/vlan_filter.c => rust/src/smb/smb3.rs (51%)
create mode 100644 rust/src/smb/smb_records.rs
create mode 100644 src/app-layer-smb-tcp-rust.c
copy src/{app-layer-dns-tcp-rust.h => app-layer-smb-tcp-rust.h} (79%)
create mode 100644 src/detect-smb-share.c
copy src/{detect-nfs-procedure.h => detect-smb-share.h} (80%)
copy src/{output-json-tftp.c => output-json-smb.c} (52%)
copy src/{detect-nfs-procedure.h => output-json-smb.h} (77%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list