Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Tags: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
Philippe Antoine
leak: Fixes leak in AppLayerProtoDetectPMRegisterPattern
Fixes #3070
Jeff Lucovsky
eve/ftp: minor cleanups and fixes
Victor Julien
ftp: implement progress tracking
Make sure FTP_STATE_FINISHED is returned for transactions that
are marked 'done'.

This is necessary for timely logging and inspection.
Bill Meeks
mem: add SCStrndup() function to wrap strndup().
Max Fillinger
flow hash: Mask vlan_id if not used for tracking
If vlan.use-for-tracking is disabled, set the vlan_id fields to 0 when
hashing or comparing flows. This is done using a bitmask as suggested by
Victor Julien in IRC, in order to avoid adding more branches to this

Currently, suricata does not fill in vlan_id fields if
vlan.use-for-tracking is disabled and instead leaves them at the default
0 value, so this commit makes no functional change. This change is in
preparation for future commits where the vlan_ids will be always filled

Related to https://redmine.openinfosecfoundation.org/issues/3076
Jeff Lucovsky
userguide: ftp formatting updates
Victor Julien
afl: fix afl-ftp causing FPE due to missing ippair
Max Fillinger
af-packet: Always fill in vlan_id
The vlan tag will be filled in either from the extended header (for
kernel version >= 3.0) or from the packet itself.

Related to https://redmine.openinfosecfoundation.org/issues/3076
Victor Julien
ftp: fix reply without request
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.

Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
Victor Julien
mem: avoid potential shadow vars with 'len' name
Jeff Lucovsky
userguide: formatting: remove tabs
Jeff Lucovsky
eve/ftp: Log initial responses
This changeset ensures that unknown commands are logged.
Unknown commands are either
- Banner responses when connecting to the FTP port
- Commands not includes in the FtpCommands descriptor table
Victor Julien
runmodes: remove no-Rust logic
Jeff Lucovsky
eve/ftp: Refactor and reduce logging functions
Jeff Lucovsky
suricata.yaml: Add ftp logging option to eve-log
Philippe Antoine
ftp: removes one use of atoi
Fixes only one small part of #3053
Jeff Lucovsky
ftp: Generalize prelim positive reply
Extend special case for reply code 150 to handle all preliminary
positive reply -- reply codes with `1xy`.
Max Fillinger
decode vlan: Always fill in vlan_id
Since the vlan.use-for-tracking setting is now handled in flow-hash.c,
we can fill in the vlan_id fields unconditionally. This makes the vlanh
fields unnecessary.

Related to https://redmine.openinfosecfoundation.org/issues/3076
Victor Julien
runmodes: simply default runmode logic
Victor Julien
geoip: fix unittests w/o db present
Victor Julien
ftp: be more strict with tx type
Victor Julien
runmodes: remove unused prototypes
Philippe Antoine
log: use SCLogError instead of fprintf
Victor Julien
pcap: code reformatting and minor cleanups
Jeff Lucovsky
eve/json: Break multiline FTP responses into array
This changeset breaks multi-line FTP responses into separate array
entries. Multi-line responses are those with "text-1\r\ntext-2[...]".
Each of \r\n delimited text segments is reported in the `reply` array;
each text segment _may_ include a completion code; completion codes are
reported in the `completion_code` array.
Philippe Antoine
leak: Fixes leak in DetectAppLayerEventPrepare
Victor Julien
stream: fix midstream reverse flow handling
When a TCP session is picked up from the response the flow is
reversed by the protocol detection code.

This would lead to duplicate logging of the response. The reason this
happened was that the per stream app progress tracker was not handled
correctly by the direction reversing code. While the streams were
swapped the stream engine would continue to use a now outdated pointer
to what had become the wrong direction.

This patches fixes this by making the stream a ptr to ptr that can be
updated by the protocol detection as well.

In addition, the progress tracking was cleaned up and the GAP error
handling in this case was improved as well.
Max Fillinger
decode erspan: Always fill in vlan_id
Fill in the vlan_id fields unconditionally. We can now remove the check
for the vlan.use-for-tracking setting in decode.c. The debug log message
is moved to suricata.c.
Jeff Lucovsky
output/json: Refactor output buffer size macro
Max Fillinger
flow hash: Make CMP_FLOW macro an inline function
Victor Julien
ftp: reply code 150 doesn't end tx
Victor Julien
runmodes: code cleanups
Philippe Antoine
http: fixes overflow in range parsing
Eric Leblond
ebpf: remove left over debug in lb.c
Victor Julien
flow: minor formatting updates
Jeff Lucovsky
eve/ftp: Transaction support for unmatched requests
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
Philippe Antoine
leak: fixes leak in DetectAddressParse2
Jeff Lucovsky
eve/ftp: Log FTP transactions
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
Zach Kelly
eve/ftp: Bug fix and banner capture
1. Correct off-by-one error in server response whitespace removal
2. Include banner response (before first command entered)
Max Fillinger
pfring: Always fill in vlan_id
Previously, source-pfring.c would copy the vlan_id from the extended
header only if vlan.use-for-tracking was enabled. This commit removes
that check.

Related to https://redmine.openinfosecfoundation.org/issues/3076