Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Tags: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
feda5e73922b...
Philippe Antoine
leak: Fixes leak in AppLayerProtoDetectPMRegisterPattern
Fixes #3070
fb019213e72a...
Jeff Lucovsky
eve/ftp: minor cleanups and fixes
dc80d520affa...
Victor Julien
ftp: implement progress tracking
Make sure FTP_STATE_FINISHED is returned for transactions that
are marked 'done'.

This is necessary for timely logging and inspection.
d1525c6fb80f...
Bill Meeks
mem: add SCStrndup() function to wrap strndup().
cef9961f59ab...
Max Fillinger
flow hash: Mask vlan_id if not used for tracking
If vlan.use-for-tracking is disabled, set the vlan_id fields to 0 when
hashing or comparing flows. This is done using a bitmask as suggested by
Victor Julien in IRC, in order to avoid adding more branches to this
code.

Currently, suricata does not fill in vlan_id fields if
vlan.use-for-tracking is disabled and instead leaves them at the default
0 value, so this commit makes no functional change. This change is in
preparation for future commits where the vlan_ids will be always filled
in.

Related to https://redmine.openinfosecfoundation.org/issues/3076
c68510437f4e...
Jeff Lucovsky
userguide: ftp formatting updates
c12252617c88...
Victor Julien
afl: fix afl-ftp causing FPE due to missing ippair
bcc03f172a05...
Max Fillinger
af-packet: Always fill in vlan_id
The vlan tag will be filled in either from the extended header (for
kernel version >= 3.0) or from the packet itself.

Related to https://redmine.openinfosecfoundation.org/issues/3076
b595da6c51ee...
Victor Julien
ftp: fix reply without request
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.

Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
a7d65668ae16...
Victor Julien
mem: avoid potential shadow vars with 'len' name
a66383569c86...
Jeff Lucovsky
userguide: formatting: remove tabs
a04b1c1664a1...
Jeff Lucovsky
eve/ftp: Log initial responses
This changeset ensures that unknown commands are logged.
Unknown commands are either
- Banner responses when connecting to the FTP port
- Commands not includes in the FtpCommands descriptor table
9e70716d5ae8...
Victor Julien
runmodes: remove no-Rust logic
9cf4e2e432ec...
Jeff Lucovsky
eve/ftp: Refactor and reduce logging functions
9b88ecb3c186...
Jeff Lucovsky
suricata.yaml: Add ftp logging option to eve-log
94a976d47ef0...
Philippe Antoine
ftp: removes one use of atoi
Fixes only one small part of #3053
911d423a6bcc...
Jeff Lucovsky
ftp: Generalize prelim positive reply
Extend special case for reply code 150 to handle all preliminary
positive reply -- reply codes with `1xy`.
8d3b04b0e3a0...
Max Fillinger
decode vlan: Always fill in vlan_id
Since the vlan.use-for-tracking setting is now handled in flow-hash.c,
we can fill in the vlan_id fields unconditionally. This makes the vlanh
fields unnecessary.

Related to https://redmine.openinfosecfoundation.org/issues/3076
8c6251ea6c71...
Victor Julien
runmodes: simply default runmode logic
8b87801b80f1...
Victor Julien
geoip: fix unittests w/o db present
8ae691155d9f...
Victor Julien
ftp: be more strict with tx type
7ccf14bc60e9...
Victor Julien
runmodes: remove unused prototypes
684f1017103b...
Philippe Antoine
log: use SCLogError instead of fprintf
66d6196e9b54...
Victor Julien
pcap: code reformatting and minor cleanups
66c565e9e78c...
Jeff Lucovsky
eve/json: Break multiline FTP responses into array
This changeset breaks multi-line FTP responses into separate array
entries. Multi-line responses are those with "text-1\r\ntext-2[...]".
Each of \r\n delimited text segments is reported in the `reply` array;
each text segment _may_ include a completion code; completion codes are
reported in the `completion_code` array.
66c500eaac41...
Philippe Antoine
leak: Fixes leak in DetectAppLayerEventPrepare
5ddfc42b87c3...
Victor Julien
stream: fix midstream reverse flow handling
When a TCP session is picked up from the response the flow is
reversed by the protocol detection code.

This would lead to duplicate logging of the response. The reason this
happened was that the per stream app progress tracker was not handled
correctly by the direction reversing code. While the streams were
swapped the stream engine would continue to use a now outdated pointer
to what had become the wrong direction.

This patches fixes this by making the stream a ptr to ptr that can be
updated by the protocol detection as well.

In addition, the progress tracking was cleaned up and the GAP error
handling in this case was improved as well.
44bea80d3cc1...
Max Fillinger
decode erspan: Always fill in vlan_id
Fill in the vlan_id fields unconditionally. We can now remove the check
for the vlan.use-for-tracking setting in decode.c. The debug log message
is moved to suricata.c.
3d5eccf084ce...
Jeff Lucovsky
output/json: Refactor output buffer size macro
38731d30da10...
Max Fillinger
flow hash: Make CMP_FLOW macro an inline function
343ba459169b...
Victor Julien
ftp: reply code 150 doesn't end tx
3282fb49675a...
Victor Julien
runmodes: code cleanups
2d217e66611b...
Philippe Antoine
http: fixes overflow in range parsing
2c1b923500c9...
Eric Leblond
ebpf: remove left over debug in lb.c
255ab1528bdd...
Victor Julien
flow: minor formatting updates
2149807bd62b...
Jeff Lucovsky
eve/ftp: Transaction support for unmatched requests
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
19ab85f17e87...
Philippe Antoine
leak: fixes leak in DetectAddressParse2
1930b1f5043d...
Jeff Lucovsky
eve/ftp: Log FTP transactions
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
1588cd873541...
Zach Kelly
eve/ftp: Bug fix and banner capture
1. Correct off-by-one error in server response whitespace removal
2. Include banner response (before first command entered)
09c54471e579...
Max Fillinger
pfring: Always fill in vlan_id
Previously, source-pfring.c would copy the vlan_id from the extended
header only if vlan.use-for-tracking was enabled. This commit removes
that check.

Related to https://redmine.openinfosecfoundation.org/issues/3076