Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Categories: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
Victor Julien
flow: log gap state per direction
Pierre Chifflier
rust: nom4 requires to add complete!() when using many! combinators
Victor Julien
eve/fileinfo: don't alloc filename during logging
Mats Klepsland
app-layer-ssl: check that cipher suites length is divisible by two
Cipher suites length should always be divisible by two. If it is a
odd number, which should not happen with normal traffic, it ends up
reading one byte too much.
Victor Julien
windows: fix sc_log_stream_lock handling
Pierre Chifflier
rust: update dependencies for nom4 transition
Victor Julien
windows/syscall: fix unused function warning
Shivani Bhardwaj
suricatasc: Snug the processing of different commands
Since all of the commands were following the same procedure, namely,
split the input extract the arguments, throw the error if required
argument is missing else send the command over to suricata, put all of
this in one compact function alongwith a dictionary for specifications
for different commands, the name of the argument, the type and if it is
required or not.
Following fixups come with this commit:
- Code becomes really cozy
- Split errors on a few commands are well handled
- No redundant code
- More readability

References redmine ticket #2793
Victor Julien
configure: support msys target
Shivani Bhardwaj
suricatasc: Fix command failures
This commit addresses the following three cases:

1. Do not use maxsplit keyword arg
maxsplit argument to the split command was not a part of Python 2
and using it with Python 2 causes the following failure:
TypeError: split() takes no keyword arguments
Avoid this by eliminating all the named arguments from split.

2. Fix failure on extra arguments
Up until now, suricatasc fails if any command which is not supposed to
take args is given args.
Fix this by ignoring any extra params.
Closes redmine ticket #2813

3. Fix failure on different type of args
If a command was given a string argument where it expected an int, it
would fail and the process would exit.
Fix this by handling the exception caused in such cases.
Closes redmine ticket #2812
Pierre Chifflier
rust: fix cargo tests
Victor Julien
file/swf: fix undefined int behaviour
Fix warnings by the undefined sanitizer.
Victor Julien
detect/bytetest: don't print errors at runtime
Victor Julien
windows: msys/mingw based appveyor support
Add rust but have it disabled as it is broken.

Add windivert, winpcap and npcap builds.

Run unittests on one of the builds.

Use reasonably strict CFLAGS.
Pierre Chifflier
rust: fix warnings for unused variables (add _)
Victor Julien
dcerpc/udp: fix int mishandling in opnum parsing
For Big Endian support in the protocol, the opnum would not be set

Found using undefined sanitizer.
Alexander Gozman
nfqueue: added received packets counter for 'iface-stat' command
Previously nfqueue did not update received packets counter in a
livedev so 'iface-stat' UNIX-socket command always showed zeros.
Victor Julien
eve/ftp: don't alloc memory to log filename
Victor Julien
windows: allow multiple pcap devices on commandline
Ticket #2774
Victor Julien
windows/syscall: convert file to use unix newlines
ran: dos2unix src/win32-syscall.[ch]
Maurizio Abba
eve/http: add request/response http headers
Add a keyword configuration dump-all-headers, with allowed values
{both, request, response}, dumping all HTTP headers in the eve-log http
object. Each header is a single object in the list request_headers
(response_headers) with the following notation:

    "name": <header name>,
    "value": <header value>

To avoid forged malicious headers, the header name size is capped at 256
bytes, the header value size at 2048.

By default, dump-all-headers is disabled.
Eric Leblond
configure: rust support requires Python
Add error message to warn the user.
Shivani Bhardwaj
suricatasc: Get rid of issues detected by Pylint
Pylint is a tool to make sure we do not regress the support for Python
3. The following conventions, warnings, errors, refactors have been

C0326: Exactly one space required around assignment
C0326: No space allowed around keyword argument assignment
C0325: Unnecessary parens after 'if' keyword
W0301: Unnecessary semicolon
W0702: No exception type(s) specified
W0231: __init__ method from base class 'Exception' is not called
W0107: Unnecessary pass statement
C0121: Comparison to None should be 'expr is not None'
E0602: Undefined variable 'raw_input'
W0201: Attribute 'socket' defined outside __init__
W0611: Unused import
Victor Julien
netmap: switch to nm_* API
Process multiple packets at nm_dispatch. Use zero copy for workers
recv mode.

Add configure check netmap check for API 11+ and find netmap api version.

Add netmap guide to the userguide.
Maurizio Abba
smtp: create raw-extraction feature
Add a raw-extraction option for smtp. When enabled, this feature will
store the raw e-mail inside a file, including headers, e-mail content,
attachments (base64 encoded). This content is stored in a normal File *,
allowing for normal file detection.
It'd also allow for all-emails extraction if a rule has
detect-filename:"rawmsg" matcher (and filestore).
Note that this feature is in contrast with decode-mime.

This feature is disabled by default, and will be disabled automatically
if decode-mime is enabled.
Victor Julien
decoder: improve stats hash error handling
Victor Julien
ips: set host mode only after engine mode
Make sure it is set after the final engine mode update.
Victor Julien
eve/http: use stack for buffer to string conversions
Pierre Chifflier
rust/nom4: error_code is superseded by error_position
Victor Julien
detect/pcre: fix false positive
Fix case where a HTTP modifier in PCRE statements would lead to
the rule alerting when it should not.

Bug #2769
Victor Julien
stream: no more stream events after known issue
No longer set stream events after a gap or wrong thread. We know
we lost sync and are now in 'lets make the best of it'-mode. No
point in flooding the system with stream events.

Ticket #2484
Alexander Gozman
nfqueue: more descriptive queue names (e.g. 'NFQ#1' instead of '1')
This will also make 'iface-list' output more informative.
Shivani Bhardwaj
suricatasc: Use better exception message, sort imports
Up until now, suricatasc gives a message as follows in case a command is
missing arguments:
>>> list-hostbit
Arguments to command 'list-hostbit' is missing

Fix this up and provide a better message:
>>> list-hostbit
Missing arguments: expected 1
>>> pcap-file-continuous
Missing arguments: expected at least 2
Victor Julien
rust/smb: fix and optimize record search
Get rid of struct with just a slice reference as well.
Mats Klepsland
util-ja3: fix AddressSanitizer heap-buffer-overflow
No resizing is done in Ja3BufferResizeIfFull() when the buffer is
empty. This leads to a potential overflow when this happens, since
a ',' is appended even when the buffer is empty.

Bug #2762
Victor Julien
byte: add bytes to string w/o allocation
Travis Green
engine-analysis: add support for http_host buffer
Add support for http_host buffer for more accurate reporting.
Bug: #2798
Pierre Chifflier
rust: upgrade all parsers to nom4
filestore v2: print sid in json output
Victor Julien
stream: fix 'stream.inline=auto' for L2 IPS
Make sure the livedev setup is finalized before initializing the
stream engine.

Bug #2811

Reported-by: Ad Schellevis