Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Categories: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
Victor Julien
file: fix files not getting pruned
When the filedata logger is enabled (file extraction), but a file is not
stored due to no rules matching to force this, the file would never be

This was caused by a check in the file pruning logic that only freed a
file when the FILE_STORED flag was set. However files can also have the
FILE_NOSTORE flag set which indicates that a file won't be stored.

This patch makes sure that both conditions lead to file pruning.
Victor Julien
rust/dns: simplify tx freeing
Now that we no longer need the state when freeing a TX, we can simply
do cleanup from the Drop trait.
Jason Ish
dnp3-gen: require jinja2 v2.10 or later
Previous versions, but not all, have issues tracking
Victor Julien
detect: prefilter/inspect API v2, with transforms
Introduce InspectionBuffer a structure for passing data between
prefilters, transforms and inspection engines.

At rule parsing time, we'll register new unique 'DetectBufferType's
for a 'parent' buffer (e.g. pure file_data) with its transformations.
Each unique combination of buffer with transformations gets it's
own buffer id.

Similarly, mpm registration and inspect engine registration will be
copied from the 'parent' (again, e.g. pure file_data) to the new id's.

The transforms are called from within the prefilter engines themselves.

Provide generic MPM matching and setup callbacks. Can be used by
keywords to avoid needless code duplication. Supports transformations.

Use unique name for profiling, to distinguish between pure buffers
and buffers with transformation.

Add new registration calls for mpm/prefilters and inspect engines.

Inspect engine api v2: Pass engine to itself. Add generic engine that
uses GetData callback and other registered settings.

The generic engine should be usable for every 'simple' case where
there is just a single non-streaming buffer. For example HTTP uri.

The v2 API assumes that registered MPM implements transformations.

Add util func to set new transform in rule and add util funcs for rule
Victor Julien
detect: move mpm engines into detect engine ctx
This allows safe registration at runtime.
Victor Julien
detect/bsize: tests for http_request_line
Victor Julien
detect/prefilter: move hash into detect engine ctx
Victor Julien
detect/content: pass START/END flags to inspection
Victor Julien
detect: set implied flow direction based on keywords
Jason Ish
app-layer: remove has events callback - not used
Andreas Herz
docs: remove many outdated and old install docs
Victor Julien
detect/inspect engines: copy to detect engine ctx
Register rule-time engines in the detect engine. This is necessary
now that rule parsing can create new buffers.
Victor Julien
detect: move buffer type map into detect ctx
Move previously global table into detect engine ctx. Now that we
can register buffers at rule loading time we need to take concurrency
into account.

Move DetectBufferType to detect.h and update DetectBufferCtx API calls
to include a detect engine ctx reference.
Victor Julien
detect: fix out of bounds write in detect thread space creation
Victor Julien
stream: inform app layer of depth reached
Pierre Chifflier
rust: update 'external' api for app layer changes
Remove unused HasTxDetectState function and remove state argument
from SetTxDetectState.

Update NTP code.
Victor Julien
detect/prefilter: add de_ctx to registration
Jason Ish
conf/yaml: don't allow empty key values
When loading an empty file, libyaml will fire a single scalar
event causing us to create a key that contains an empty string.
We're not interested in this, so skip an empty scalar value
when expecting a key.

Redmine issue:
Victor Julien
detect/dns_query: move to API v2. Supports transforms.
Victor Julien
detect/transform: initial to_sha256 implementation
Takes input buffer and replaces it with hash value for that buffer.
Hash value is in raw bytes.
Victor Julien
der: warn if null passed to decoders
Remove null checks for errcode.
Victor Julien
file_data: update to API v2
As we can have multiple files per TX we use the multi inspect
buffer support.

By using this API file_data supports transforms.

Redo part of the flash decompression as a hard coded built-in sort
of transform.
Victor Julien
detect: prep for dynamic smlists arrays in sigs
Initialize Signature::init_data::smlists like normal, but before use
expand them if needed.
Victor Julien
app-layer: remove unused HasTxDetectState call
Also remove the now useless 'state' argument from the SetTxDetectState
calls. For those app-layer parsers that use a state == tx approach,
the state pointer is passed as tx.

Update app-layer parsers to remove the unused call and update the
modified call.
Victor Julien
rule analyzer: simple rules to json dumper
Victor Julien
flash: code cleanups
modbus: duplicate alerts unaware of direction
Remove DetectAppLayerInspectEngineRegister for TOCLIENT direction
because Modbus inspection engine is only performing in request (TOSERVER).

Detect Value keyword in read access rule. In read access, match on value
is not possible.

Update Modbus keyword documentation.
Philippe Antoine
dnp3-gen: fix heap buffer overflow in generated code
Due to missing check before memcpy.
Victor Julien
detect: bsize keyword
Allows matching on stickybuffers. Like dsize, it allows matching on
exact values, greater than and less than, and ranges.

For streaming buffers, such as HTTP bodies, the final size of the
body is only known at the end of the transaction.
Victor Julien
detect/http_request_line: convert to inspect api v2
Victor Julien
detect/transform: initial strip_whitespace implementation
Eric Leblond
tm-threads: fix build warning in afl mode
Victor Julien
content inspection: support transforms
Make sure content is applied to the transformed version of a buffer.

Support content with its modifiers, and also isdataat, pcre, bytetest
and bytejump.
Andreas Herz
docs: replace redmine links and enforce https on oisf urls
Victor Julien
der: fix recursion depth not being handled correctly
In a mix of sequences the 'depth reached' error would not
be fully propagated.

Found with AFL.
Jason Ish
dnp3: regenerate object decoding code
Victor Julien
nfs: remove old test code
Victor Julien
detect: register dynamic buffers into de_ctx
Register buffers that are created during rule parsing. Currently
this means an existing buffer with one or more transformations.
Victor Julien
detect/transform: initial compress_whitespace implementation
Jason Ish
metadata: fix parsing when not k/v
Allows for parsing metadata with mixed single word and key/val