580728087c
fix util-host-os-info unit tests.
...
- Some tests always passed due to the result value being
initialized to 1.
- Fix tests that now fail. Looks like just the test were wrong
and that the code does the right thing.
10 years ago
4185f3ee92
detect-pcre: allow upper cases metachars for host (/W).
...
Redmine issue 1490.
10 years ago
6572725a7a
util-debug: don't colorize if a redirect is used
...
It is better to disable the color mode when a redirect of stderr
is done to avoid getting colorized output in the generated file.
10 years ago
4d83318b46
defrag tests: fix compiler warnings
...
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2423:5: note: remove the 'if' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2423:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2423:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~
defrag.c:2427:5: note: variable 'p' is declared here
Packet *p = Defrag(NULL, NULL, p1, NULL);
^
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2486:5: note: remove the 'if' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2486:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
if (p != NULL) {
^
defrag.c:2486:9: note: remove the '||' if its condition is always false
if (p1 == NULL || p2 == NULL || p3 == NULL) {
^~~~~~~~~~~~~
defrag.c:2490:5: note: variable 'p' is declared here
Packet *p = Defrag(NULL, NULL, p1, NULL);
^
6 errors generated.
make[3]: *** [defrag.o] Error 1
10 years ago
6f223c6dba
defrag: stop reassembly at the first packet with more flags not set
10 years ago
3aa7e38c14
defrag: tracker initialization cleanup
...
Remove the old tracker reset macro which is no longer being used.
Clear last_seen and remove flags on initialization.
Remove extra call to DefragTrackerInit as it was being called 2x
for each new tracker.
Now that DefragTrackerNew is just a wrapper for DefragTrackerAlloc,
remove it and just call DefragTrackerAlloc directly.
10 years ago
69b4218afc
defrag: don't use trackers marked for removal
...
These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
10 years ago
ed400acf8e
defrag: unit test for tracker reuse (current fails)
...
Will be fixed in subsequent commits as tracker reuse is fixed.
10 years ago
3e29a23208
unix-manager: log client (dis)connection with DEBUG level.
...
Also select/receive errors are logged as ERROR.
10 years ago
437fe40660
Feature 1527: ability to compile as a position independent executable
...
Adds corresponding configure option which enables proper CPPFLAGS
and LDFLAGS.
10 years ago
e634fcee60
lua: TLS lua output support
...
Support TLS in lua output scripts (Feature #1568 ).
function init (args)
local needs = {}
needs["protocol"] = "tls"
return needs
end
function setup (args)
filename = SCLogPath() .. "/" .. "lua_tls.log"
file = assert(io.open(filename, "a"))
end
function log (args)
ts = SCPacketTimeString()
ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
version, subject, issuer, fingerprint = TlsGetCertInfo();
if version == nil then
return 0
end
file:write(ts .. " " .. srcip .. ":" .. sp .. " -> " .. dstip ..
":" .. dp .. " TLS: " .. "Subject='" .. subject ..
"' " .. "Issuerdn='" .. issuer .. "\n")
file:flush()
end
function deinit (args)
file:close(file)
end
10 years ago
2ecab3f765
decode-mime: fix body md5 computation
...
Previous code was wrongly supposing the lines are ending with CRLF.
But this is not the case so we must propagate the length of end of
line delimiter to be able to compute the md5 of the mail body.
10 years ago
53419b93c8
util-decode-mime: fix some unittests
...
Unittests were failling when ASAN is activated because it was
finding some read outside of bounds. This patch fixes the different
reported issues.
10 years ago
dbb3e1976e
util-decode-mime: fix IsIpv6Host function
...
Using in6_addr is better when calling inet_pton. This fixes an
issue reported by ASAN.
10 years ago
38750f1313
smtp-layer: remove FIXME and del excessive newline
10 years ago
6f04988ba1
output-json: add tx_id to events
...
This patch updates alert, stmp and http JSON logging to have a
tx_id in the root of the JSON log message.
10 years ago
113d6a3950
output-json: add create header with tx function
...
To be able to correlate between events, it is better to have the
tx_id information in the root object. This function adds a new
function to automate the addition of the field.
10 years ago
96412e8921
json-email: JsonEmailAddMetadata update
...
Add tx_id to the list of params to be in sync with recent changes.
10 years ago
bf6b0145e2
json-http: gen metadata function with tx_id param
10 years ago
d9b602fc0f
json-smtp: add tx_id param to metadata generation
...
In all metadata generation contexts we know the tx_id so we better
used it to log the correct transaction and not an other one.
10 years ago
0ef0f1d526
json-smtp: change copyright date
10 years ago
f03a7a032f
json-alert: add smtp elements in alert
10 years ago
77a5273cde
json-smtp: fix a debug message
10 years ago
946f2a6acc
email-json: add bcc to extended fields
10 years ago
fbd6428f1b
smtp-layer: add MAIL FROM parsing test in unittest
10 years ago
534360fc02
smtp-layer: add HELO parsing test in unittest
10 years ago
8fd88f543d
yaml: add comment describing smtp extended
10 years ago
f81f353d1f
email-json: add 'date' field extraction
10 years ago
6f033747ec
util-decode-mime: add unittests for field fetching
10 years ago
17edff6c5e
unittests: finally register MIME tests
10 years ago
6e0668125c
email-json: improve log message
10 years ago
dad1f85edb
email-json: add author
...
Add myself as author and change the copyright date.
10 years ago
d1b0a5aa6d
yaml: document new MIME features
10 years ago
caa8982b43
email-json: add some fields
...
This patch adds some fields to the list of extracted fields.
10 years ago
ca52fa91dd
email-json: body md5 logging is optional
10 years ago
a719ea3c92
email-json: add capa to display subject md5
...
To be able to identify mails with identical subjects without
using the subject itself as a key, it is possible to use the md5
hash of the subjet string. This allows to limit the privacy impact.
10 years ago
881aa3efce
email-json: don't log subject by default
...
It seems to be a bit too intrusive for the privacy so this patch
adds this field to the extended logging only.
10 years ago
7bb38f7c30
decode-mime: fix typo in comment
10 years ago
431dc155aa
email-json: delete white space from "from"
...
The From field is handled separatly and it could also starts by
white spaces.
10 years ago
abcaf46193
email-json: delete leading white spaces
...
Some mail clients are using tabulation and/or space for comma
separated list. This patch removes them so the event will contain
only significative characters.
10 years ago
4c0f8803e7
email-json: factorize the code
10 years ago
a7ef0c05ba
email-json: add LOG_EMAIL_COMMA type
...
extract these data types by treating them as a comma separated list.
10 years ago
3456ec467f
email-json: add custom fields support
...
This patch adds a way to specify which MIME fields to log via
the custom keyword in the EVE configuration. it also adds an
extended logging where some fields are added. The logging support
mono value fields as well as multivalue fields via the use of
JSON array.
10 years ago
714c30a127
decode-mime: introduce MimeDecFindFieldsForEach
...
This patch introduces a new function that can be used to handle
multivalued MIME fields. A callback function can be called for
each corresponding field value.
10 years ago
54038f5691
file-json: log 'email' information
...
Log information coming from email/MIME decoding in the message.
10 years ago
ab941305d5
email-json: add function to export data
10 years ago
77119a3186
file-json: output smtp proto info
10 years ago
47a199ee97
smtp-json: introduce function to output smtp data
10 years ago
94dbd303e4
file-json: log http data using common function
10 years ago
4ef12dcf5d
alert-json: use new JsonHttpAddMetadata function
...
This patch uses the newly introduced function to handle the logging
of HTTP data.
10 years ago
Jason Ish
Eric Leblond
Victor Julien
Alexander Gozman
Mats Klepsland