Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Tags: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
Jeff Lucovsky
eve/ftp: minor cleanups and fixes
Victor Julien
ftp: implement progress tracking
Make sure FTP_STATE_FINISHED is returned for transactions that
are marked 'done'.

This is necessary for timely logging and inspection.
Jeff Lucovsky
userguide: ftp formatting updates
Victor Julien
detect/mpm: put transform into 'profile name'
So that profiling gives more info about cost of the mpm
engines when they use transforms.
Max Fillinger
af-packet: Always fill in vlan_id
The vlan tag will be filled in either from the extended header (for
kernel version >= 3.0) or from the packet itself.

Related to https://redmine.openinfosecfoundation.org/issues/3076
Victor Julien
detect: fix inaccurate comments
Shivani Bhardwaj
rust: fix compiler warning
rustc 1.36 introduced:

error: variable does not need to be mutable
  --> src/dhcp/parser.rs:202:17
202 |            let mut malformed_options = false;
    |                ----^^^^^^^^^^^^^^^^^
    |                |
    |                help: remove this `mut`
note: lint level defined here
  --> src/lib.rs:18:38
18  | #![cfg_attr(feature = "strict", deny(warnings))]
    |                                      ^^^^^^^^
    = note: #[deny(unused_mut)] implied by #[deny(warnings)]

error: aborting due to previous error

error: Could not compile `suricata`.

Ticket #3072.
Victor Julien
ftp: fix reply without request
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.

Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
Eric Leblond
af-packet: fix build on recent Linux kernels
Jeff Lucovsky
userguide: formatting: remove tabs
Jeff Lucovsky
eve/ftp: Log initial responses
This changeset ensures that unknown commands are logged.
Unknown commands are either
- Banner responses when connecting to the FTP port
- Commands not includes in the FtpCommands descriptor table
Jeff Lucovsky
eve/ftp: Refactor and reduce logging functions
Jeff Lucovsky
suricata.yaml: Add ftp logging option to eve-log
Philippe Antoine
ftp: removes one use of atoi
Fixes only one small part of #3053
Jeff Lucovsky
ftp: Generalize prelim positive reply
Extend special case for reply code 150 to handle all preliminary
positive reply -- reply codes with `1xy`.
Max Fillinger
decode vlan: Always fill in vlan_id
Since the vlan.use-for-tracking setting is now handled in flow-hash.c,
we can fill in the vlan_id fields unconditionally. This makes the vlanh
fields unnecessary.

Related to https://redmine.openinfosecfoundation.org/issues/3076
Shivani Bhardwaj
configure: Add date with rev information
Date makes it even clearer that when was the last commit for the build
that one is running. Add this info alongwith rev. Change inspired by

$ suricata -V
This is Suricata version 5.0.0-dev (rev 2d217e666)

This is Suricata version 5.0.0-dev (2d217e666 2019-07-12)

Closes redmine ticket #3092
Victor Julien
ftp: be more strict with tx type
Victor Julien
string: making shortening function global
Victor Julien
device: remove duplicate length check
Shorten code handles all cases correctly.
Victor Julien
pcap: code reformatting and minor cleanups
Jeff Lucovsky
eve/json: Break multiline FTP responses into array
This changeset breaks multi-line FTP responses into separate array
entries. Multi-line responses are those with "text-1\r\ntext-2[...]".
Each of \r\n delimited text segments is reported in the `reply` array;
each text segment _may_ include a completion code; completion codes are
reported in the `completion_code` array.
Victor Julien
stream: fix midstream reverse flow handling
When a TCP session is picked up from the response the flow is
reversed by the protocol detection code.

This would lead to duplicate logging of the response. The reason this
happened was that the per stream app progress tracker was not handled
correctly by the direction reversing code. While the streams were
swapped the stream engine would continue to use a now outdated pointer
to what had become the wrong direction.

This patches fixes this by making the stream a ptr to ptr that can be
updated by the protocol detection as well.

In addition, the progress tracking was cleaned up and the GAP error
handling in this case was improved as well.
Victor Julien
detect/dns: register correct profile name
Max Fillinger
pfring: Fix kernel version in comment
Philippe Antoine
ssl: register probing for port 443 if no config
Max Fillinger
decode erspan: Always fill in vlan_id
Fill in the vlan_id fields unconditionally. We can now remove the check
for the vlan.use-for-tracking setting in decode.c. The debug log message
is moved to suricata.c.
Jeff Lucovsky
output/json: Refactor output buffer size macro
Victor Julien
pcap: fix breakloop error handling
Ticket #3004
Victor Julien
ftp: reply code 150 doesn't end tx
Philippe Antoine
http: fixes overflow in range parsing
Eric Leblond
ebpf: remove left over debug in lb.c
Victor Julien
detect: move includes/declarations closer to use
Victor Julien
device: break string shortening out of device shortening
Victor Julien
flow: minor formatting updates
Jeff Lucovsky
eve/ftp: Transaction support for unmatched requests
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
Jeff Lucovsky
eve/ftp: Log FTP transactions
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
Zach Kelly
eve/ftp: Bug fix and banner capture
1. Correct off-by-one error in server response whitespace removal
2. Include banner response (before first command entered)
Max Fillinger
pfring: Always fill in vlan_id
Previously, source-pfring.c would copy the vlan_id from the extended
header only if vlan.use-for-tracking was enabled. This commit removes
that check.

Related to https://redmine.openinfosecfoundation.org/issues/3076
Victor Julien
netmap: suppress format truncation warning
  CC      source-netmap.o
source-netmap.c: In function ‘NetmapOpen’:
source-netmap.c:327:56: error: ‘%s’ directive output may be truncated writing up to 15 bytes into a region of size between 10 and 57 [-Werror=format-truncation=]
        snprintf(devname, sizeof(devname), "netmap:%s%s%s",
                ns->iface, strlen(optstr) ? "/" : "", optstr);
source-netmap.c:327:9: note: ‘snprintf’ output 8 or more bytes (assuming 70) into a destination of size 64
        snprintf(devname, sizeof(devname), "netmap:%s%s%s",
                ns->iface, strlen(optstr) ? "/" : "", optstr);
source-netmap.c:330:59: error: ‘%s’ directive output may be truncated writing up to 15 bytes into a region of size between 8 and 55 [-Werror=format-truncation=]
        snprintf(devname, sizeof(devname), "netmap:%s-%d%s%s",
                ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
source-netmap.c:330:9: note: ‘snprintf’ output 10 or more bytes (assuming 72) into a destination of size 64
        snprintf(devname, sizeof(devname), "netmap:%s-%d%s%s",
                ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
source-netmap.c:316:54: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
        snprintf(devname, sizeof(devname), "%s}%d%s%s",
source-netmap.c:316:9: note: ‘snprintf’ output 3 or more bytes (assuming 65) into a destination of size 64
        snprintf(devname, sizeof(devname), "%s}%d%s%s",
                ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
cc1: all warnings being treated as errors

Gcc 8 with -Wformat-truncation=1