Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
fd175f2bfbbd...
Pierre Chifflier
Add logger for Kerberos 5 metadata
fb85822730ab...
Jason Ish
dhcp: update user guide
f67aa5deaab6...
fooinha
packet: gre over ip link type
f30f038179d3...
Victor Julien
detect/stream_size: apply rule to packets & stream
The use of stream_size in combination with raw content matches is an
indication that the rule needs to be evaluated per packet, not just
per reassembled stream chunk.
e9ae62ed05dd...
Pierre Chifflier
Kerberos 5: properly handle TCP buffering
e6a009ae7fbc...
Victor Julien
detect/stream_size: code cleanups
da4912dfe738...
Jason Ish
rust: add get_tx_iterator to parser registration
d73b5ee276c3...
Jason Ish
rust: cargo fixes for out of tree build
d6b9c0294a9a...
Pierre Chifflier
Add krb5_cname and krb5_sname detection keywords
cf33c9975a65...
Jason Ish
filestore: fix truncation warnings
c677e07d3e5b...
Victor Julien
kerberos: minor doc updates, add author
c51ff32adb87...
Pierre Chifflier
Document Kerberos 5 parsing events
c052e23348e7...
Jason Ish
dhcp: add dhcp app-layer rules file
b61e9c21736d...
Victor Julien
dhcp: add author
9fc1250ca8c3...
Jason Ish
app-layer-detect-proto: remove unnecessary gotos
95481a91760e...
Jason Ish
eve/json/xff - remove check for flow being NULL.
Fix Coverity issue:
** CID 1435535:  Null pointer dereferences  (REVERSE_INULL)
/src/output-json-file.c: 212 in JsonBuildFileInfoRecord()

Where we check a variable for being NULL, when all paths to the
code show that it can't be NULL.
9210d8743bef...
Jason Ish
rust/dhcp: Rust based DHCP decoder and logger.
This is a DHCP decoder and logger written in Rust. Unlike most
parsers, this one is stateless so responses are not matched
up to requests by Suricata. However, the output does contain
enough fields to match them up in post-processing.

Rules are included to alert of malformed or truncated options.
851efd9c60ea...
Eric Leblond
util-random: workaround getrandom unavailability
getrandom syscall availability is detected at runtime. So it is
possible that the build is done on a box that supports it but
the run is done on a system with no availability. So a workaround
solution is needed to fix this case.

Also we have seen some issue in docker environment where the build
is detecting getrandom but where it does not work at runtime.

For both reasons, the code is updated to have a call to a fallback
function if ever the getrandom call returns that the syscall is
not available.
7e06e765f390...
Jason Ish
python: fixes for out of tree build
Autoconf/automake and python setup.py don't play that well
together with out of tree builds.

Makes suricatasc not an autoconf input file, instead use the
defaults module that is already being created.

In the case of an out of tree build, copy the generated defaults.py
to the build directory manually.
77f0c11c9ed2...
Pierre Chifflier
Add Kerberos 5 application layer
6ae53a1869a4...
Pierre Chifflier
Add event rules for Kerberos 5
69897af6f6c1...
Victor Julien
wirefuzz: add 'quiet' mode
Adds -q commandline option to force quiet operation.
693a3df031f9...
Victor Julien
tls: document encrypt-handling option
Document in sample yaml and user guide.
645ba1750933...
Pierre Chifflier
Kerberos: check version in probing function
55ad4e4ecef6...
Jason Ish
travis: use gcc-7 on cocci build
Catches more errors, like switch statements fall throughs
that are caught in private QA.
52f5c7914f83...
Pierre Chifflier
Log Kerberos 5 errors
503705116155...
Pierre Chifflier
Kerberos 5: rename weak crypto to weak encryption, and log it
4f48927c44e4...
Pascal Delalande
doc: spelling mistakes in various sections of the user guide
3a017f61b0a1...
Pierre Chifflier
Kerberos 5: pretty-print error code when logging
325f336f637f...
Eric Leblond
util-random: fix detection of getrandom failure
2ec33816007e...
Jason Ish
rust/app-layer: macros to export de_state functions
These macros generate the extern "C" functions for transactions
structs that need provide functions for setting and getting
the de_state. The idea is to provide macros do avoid code
duplication and make it simpler to create an app-layer.

A trait would be the correct solution, but it doesn't look like
you can use traits to export extern "C" functions.
2d50fe499ad2...
Victor Julien
tls: new config for dealing with encrypted traffic
Much of encrypted traffic is uninteresting to Suricata. Once encrypted
communication starts, inspecting the packet payloads is generally
not interesting anymore. The default behavior is to disable the parts
of the detection engine and stream reassembly that relate to raw content
inspection.

The tls app-layer parser also had a crude option to affect this behavior:
set 'no-reassemble' to true went much further than the default behavior.
It disabled the TCP reassembly on the flow completely, disabled all
inspection on the flow and enabled bypass if available.

This patch adds a new option: full inspection. This continues to treat
a TLS session as any other, so without any limits to inspection.

The new option is implemented in a new config option 'encrypt-handling',
that replaces 'no-reassemble'. The new option has 3 values:
'default', 'full' and 'bypass'. Default is the current default behavior,
'bypass' is the current 'no-reassemble = true' behavior and 'full'
is the new full inspection mode.
2d1c4420de24...
Pierre Chifflier
Update ntp-parser to 0.2.0
1e8959b4659f...
Chris Speidel
doc: fix minor typo
1e5f5d405ffa...
Pierre Chifflier
Kerberos 5: add support for TCP as well
1b0b74dc1610...
Jason Ish
rust: a Rust ConfNode wrapper.
A Rust wrapper around the C ConfNode object. Currenlty only exposes
ConfGetChildValueBool and ConfGetChildValue.
14843a7b439e...
Jason Ish
app-layer-register: add GetTxIterator
Add a field to set the GetTxIterator function to the AppLayerParser
registration struct.
1076c7cd4715...
Pierre Chifflier
Add krb5_err_code detection keyword
0bd81ff83897...
Pierre Chifflier
Add krb5_msg_type detection keyword
05e20c5c57b3...
Jason Ish
eve: check if enabled before attempting to setup
Before setting up a sub eve-logger, check that it is enabled. This
allows us to set "enabled: no" for loggers that are not registered
with the system without generating an error. An example of this
is loggers that are only available with Rust.