Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Categories: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
Pierre Chifflier
Add logger for Kerberos 5 metadata
Jason Ish
dhcp: update user guide
packet: gre over ip link type
Victor Julien
detect/stream_size: apply rule to packets & stream
The use of stream_size in combination with raw content matches is an
indication that the rule needs to be evaluated per packet, not just
per reassembled stream chunk.
Pierre Chifflier
Kerberos 5: properly handle TCP buffering
Victor Julien
detect/stream_size: code cleanups
Jason Ish
rust: add get_tx_iterator to parser registration
Jason Ish
rust: cargo fixes for out of tree build
Pierre Chifflier
Add krb5_cname and krb5_sname detection keywords
Jason Ish
filestore: fix truncation warnings
Victor Julien
kerberos: minor doc updates, add author
Pierre Chifflier
Document Kerberos 5 parsing events
Jason Ish
dhcp: add dhcp app-layer rules file
Victor Julien
dhcp: add author
Jason Ish
app-layer-detect-proto: remove unnecessary gotos
Jason Ish
eve/json/xff - remove check for flow being NULL.
Fix Coverity issue:
** CID 1435535:  Null pointer dereferences  (REVERSE_INULL)
/src/output-json-file.c: 212 in JsonBuildFileInfoRecord()

Where we check a variable for being NULL, when all paths to the
code show that it can't be NULL.
Jason Ish
rust/dhcp: Rust based DHCP decoder and logger.
This is a DHCP decoder and logger written in Rust. Unlike most
parsers, this one is stateless so responses are not matched
up to requests by Suricata. However, the output does contain
enough fields to match them up in post-processing.

Rules are included to alert of malformed or truncated options.
Eric Leblond
util-random: workaround getrandom unavailability
getrandom syscall availability is detected at runtime. So it is
possible that the build is done on a box that supports it but
the run is done on a system with no availability. So a workaround
solution is needed to fix this case.

Also we have seen some issue in docker environment where the build
is detecting getrandom but where it does not work at runtime.

For both reasons, the code is updated to have a call to a fallback
function if ever the getrandom call returns that the syscall is
not available.
Jason Ish
python: fixes for out of tree build
Autoconf/automake and python setup.py don't play that well
together with out of tree builds.

Makes suricatasc not an autoconf input file, instead use the
defaults module that is already being created.

In the case of an out of tree build, copy the generated defaults.py
to the build directory manually.
Pierre Chifflier
Add Kerberos 5 application layer
Pierre Chifflier
Add event rules for Kerberos 5
Victor Julien
wirefuzz: add 'quiet' mode
Adds -q commandline option to force quiet operation.
Victor Julien
tls: document encrypt-handling option
Document in sample yaml and user guide.
Pierre Chifflier
Kerberos: check version in probing function
Jason Ish
travis: use gcc-7 on cocci build
Catches more errors, like switch statements fall throughs
that are caught in private QA.
Pierre Chifflier
Log Kerberos 5 errors
Pierre Chifflier
Kerberos 5: rename weak crypto to weak encryption, and log it
Pascal Delalande
doc: spelling mistakes in various sections of the user guide
Pierre Chifflier
Kerberos 5: pretty-print error code when logging
Eric Leblond
util-random: fix detection of getrandom failure
Jason Ish
rust/app-layer: macros to export de_state functions
These macros generate the extern "C" functions for transactions
structs that need provide functions for setting and getting
the de_state. The idea is to provide macros do avoid code
duplication and make it simpler to create an app-layer.

A trait would be the correct solution, but it doesn't look like
you can use traits to export extern "C" functions.
Victor Julien
tls: new config for dealing with encrypted traffic
Much of encrypted traffic is uninteresting to Suricata. Once encrypted
communication starts, inspecting the packet payloads is generally
not interesting anymore. The default behavior is to disable the parts
of the detection engine and stream reassembly that relate to raw content

The tls app-layer parser also had a crude option to affect this behavior:
set 'no-reassemble' to true went much further than the default behavior.
It disabled the TCP reassembly on the flow completely, disabled all
inspection on the flow and enabled bypass if available.

This patch adds a new option: full inspection. This continues to treat
a TLS session as any other, so without any limits to inspection.

The new option is implemented in a new config option 'encrypt-handling',
that replaces 'no-reassemble'. The new option has 3 values:
'default', 'full' and 'bypass'. Default is the current default behavior,
'bypass' is the current 'no-reassemble = true' behavior and 'full'
is the new full inspection mode.
Pierre Chifflier
Update ntp-parser to 0.2.0
Chris Speidel
doc: fix minor typo
Pierre Chifflier
Kerberos 5: add support for TCP as well
Jason Ish
rust: a Rust ConfNode wrapper.
A Rust wrapper around the C ConfNode object. Currenlty only exposes
ConfGetChildValueBool and ConfGetChildValue.
Jason Ish
app-layer-register: add GetTxIterator
Add a field to set the GetTxIterator function to the AppLayerParser
registration struct.
Pierre Chifflier
Add krb5_err_code detection keyword
Pierre Chifflier
Add krb5_msg_type detection keyword
Jason Ish
eve: check if enabled before attempting to setup
Before setting up a sub eve-logger, check that it is enabled. This
allows us to set "enabled: no" for loggers that are not registered
with the system without generating an error. An example of this
is loggers that are only available with Rust.