Commit Graph

8060 Commits (ba1a67e2cb11016a617e1074bc5789a66a15309e)
 

Author SHA1 Message Date
Mats Klepsland 47a5b493d7 output-json: rotate log file based on time
Rotate log file based on time. Support both rotating based on a timer (XXs,
XXm, XXd, XXw) and rotating based on a absolute time, like each minute,
hour or day.
9 years ago
Mats Klepsland db6c80fd8e logging: support date modifiers in log filenames
Allow log filenames to contain date modifiers, e.g.:

  - eve-log:
    filename: eve-%Y-%m-%d-%H:%M:%S.json
9 years ago
Victor Julien bc480fa8c3 pcre: disable jit on powerpc64
It appears that both using gcc and clang something gets misoptimised
around pcre's jit. So disable jit for now.
9 years ago
Jason Ish 845e18f25a defrag: (windows) detect more overlaps 9 years ago
Jason Ish 7922f9be1b defrag: (linux) fix an error in overlapping fragments
If a subsequent fragment has a lower offset than a previous
one and overlaps, trim off the beginning of the previous
fragment.

Based on an issue reported privately.
9 years ago
Jason Ish ca92be896e defrag: use new unit test macros
Also reformat unit test functions to Suricata style.
9 years ago
Jason Ish 00cd47b2bf travis: use new container build infrastructure
Migrate to the new Travis container build system. This build system does
not allow use of sudo, so required packages must be done declaratively
which required reworking how we install packages that are conditional
based on the build being done.

Mac builds are still done with sudo=true.
9 years ago
Jason Ish ff30d924db unix-socket: return failure on failure
UnixManagerThreadInit needs to return a failure code if the socket
fails to initialize to avoid entering the UnixManager loop which
will continuously fail on the call to bind, as no listening
socket was setup.

This can occur when the socket fails to initialize due to a
permissions error and fatal init errors is not on.
9 years ago
fooinha 20d4d40051 log: tls custom format log 9 years ago
fooinha af174c82bb log: common custom format output 9 years ago
Victor Julien d5a0eb4b2c geoip: fix compiler warning
detect-geoip.c:78:40: error: incompatible pointer types assigning to 'int (*)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)' from 'int (ThreadVars *, DetectEngineThreadCtx *, Packet *, Signature *, const SigMatchCtx *)' [-Werror,-Wincompatible-pointer-types]
    sigmatch_table[DETECT_GEOIP].Match = DetectGeoipMatch;
                                       ^ ~~~~~~~~~~~~~~~~
1 error generated.

Bug #2045
9 years ago
Victor Julien b134dfcce7 modbus: fix compiler warnings about alignment
app-layer-modbus.c:1226:39: warning: taking address of packed member 'transactionId' of class or structure 'ModbusHeader_' may result in an unaligned pointer value [-Waddress-of-packed-member]
    if (ModbusExtractUint16(modbus, &(header->transactionId), input, input_len, &offset)    ||
                                      ^~~~~~~~~~~~~~~~~~~~~
app-layer-modbus.c:1228:39: warning: taking address of packed member 'protocolId' of class or structure 'ModbusHeader_' may result in an unaligned pointer value [-Waddress-of-packed-member]
        ModbusExtractUint16(modbus, &(header->protocolId), input, input_len, &offset)       ||
                                      ^~~~~~~~~~~~~~~~~~
app-layer-modbus.c:1230:39: warning: taking address of packed member 'length' of class or structure 'ModbusHeader_' may result in an unaligned pointer value [-Waddress-of-packed-member]
        ModbusExtractUint16(modbus, &(header->length), input, input_len, &offset)           ||
                                      ^~~~~~~~~~~~~~
3 warnings generated.

Bug #2088
9 years ago
Victor Julien e1bf48c0ee pool: fix compiler warning
clang-4.0 reported:

util-pool.c:242:13: warning: logical not is only applied to the left hand side of this bitwise operator [-Wlogical-not-parentheses]
        if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
            ^           ~
util-pool.c:242:13: note: add parentheses after the '!' to evaluate the bitwise operator first
        if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
            ^
              (                                   )
util-pool.c:242:13: note: add parentheses around left hand side expression to silence this warning
        if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
            ^
            (          )
util-pool.c:261:13: warning: logical not is only applied to the left hand side of this bitwise operator [-Wlogical-not-parentheses]
        if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
            ^           ~
util-pool.c:261:13: note: add parentheses after the '!' to evaluate the bitwise operator first
        if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
            ^
              (                                   )
util-pool.c:261:13: note: add parentheses around left hand side expression to silence this warning
        if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
            ^
            (          )
2 warnings generated.
9 years ago
Victor Julien 6227d0955f af-packet: fix cppcheck false positive
[src/source-af-packet.c:1903]: (error) Resource leak: fd
9 years ago
Victor Julien 3726fd66be http: fix body tracking corner case
In some cases, observed with inspect limits 0, the body tracking could
get confused. When all chunks were already freed, a new chunk would
be considered to be the start of the body. This would overwrite the
bodies 'content_len_so_far' tracker, instead of adding to it. This in
turn could lead to a assertion abort in the inspection code.

This patch redoes the append code to always add the current lenght. It
cleans up the code to remove redundant logic.

Issue: https://redmine.openinfosecfoundation.org/issues/2078
Reported-By: Jørgen Bøhnsdalen
9 years ago
Jason Ish 3ca1a29bbd defrag: fix argument used in macro to match signature
"p" was being used in the macro but was not an argument to
the macro, but it worked due to the context of the macro.

Use the actual macro argument, d2, instead of p.

Results in no change to generated code.
9 years ago
Mats Klepsland 7b1dae6251 doc: add documentation for Lua SCFlowTimestamps 9 years ago
Mats Klepsland 365aa1f3e5 lua: add SCFlowTimestamps function
Add SCFlowTimestamps() to return startts and lastts as seconds and
microseconds from flow.

Examples:

  startts, lastts = SCFlowTimestamps()
  startts_s, lastts_s, startts_us, lastts_us = SCFlowTimestamps()
9 years ago
Mats Klepsland 3b23387664 doc: add documentation for eve-log file permissions 9 years ago
Mats Klepsland 005a700e54 logging: support custom file permissions
Support setting file permissions per logger using 'filemode', e.g.:

  outputs:
    - eve-log:
        enabled: yes
        filetype: regular
        filename: eve.json
        filemode: 660
9 years ago
Jason Ish 63078909d5 ipv4: update checksum function to be like tcp/udp
Update the IPv4 checksum function to be like the
changed TCP/UDP checksum functions for consistency.
9 years ago
Jason Ish b79a18ea15 tcp/udp: rename checksum functions for better meaning
The TCP/UDP checksum functions no longer just calculate
the checksum, they can validate as well as calculate so
use a more generic name.
9 years ago
Jason Ish f56428d996 tcp/udp: fix checksum validation when 0xffff
Issue:
https://redmine.openinfosecfoundation.org/issues/2041

One approach to fixing this issue to just validate the
checksum instead of regenerating it and comparing it. This
method is used in some kernels and other network tools.

When validating, the current checksum is passed in as an
initial argument which will cause the final checksum to be 0
if OK. If generating a checksum, 0 is passed and the result
is the generated checksum.
9 years ago
Jon Zeolla ce8a65a58e docs: fix statement about flow:to_server 9 years ago
Jon Zeolla 1589a15495 docs: clarify how iprep works 9 years ago
Jason Ish 1a7c5a01a1 travis: macos: unlink all deps, then relink
Kind of ugly, but first unlink all dependencies then install.
The deps that don't get an upgrade will remain unlinked, so
relink all dependencies as relinking an already linked dep
does not error out.
9 years ago
Victor Julien b58127edcb print: constify input 9 years ago
Victor Julien 44bab885d6 detect: fix ssl_state test 9 years ago
Victor Julien 4f8eacdc69 disable-detect: fix needless file hashing
When detection is running flags are set on flows to indicate if file
hashing is needed. This is based on global output settings and rules.

In the case of --disable-detection this was not happening, so all
files where hashed with all methods. This has a significant
performance impact.

This patch adds logic to set the flow flags in --disable-detect mode.
9 years ago
Victor Julien e24eb0f2b1 app-layer: remove version logic 9 years ago
Victor Julien a56b4817ef flow: remove unused alversion fields 9 years ago
Victor Julien c066f043a5 detect: remove unused alversion logic 9 years ago
Victor Julien 6c6802b957 detect: simplify state detect code: remove unused params 9 years ago
Victor Julien c961da2dce detect: clean up test 9 years ago
Victor Julien 3626ecb474 bytejump: don't print errors when matching
When bytejump was told to convert some payload data to int from a
string it would print an error to the screen if the conversion
failed. This is unwanted as the payload is controlled by an attacker
and printing is expensive.
9 years ago
Victor Julien 15d26f14e1 file-store: fix force store 9 years ago
Victor Julien dbbf185173 app-layer: fix gap handling in protocol detection
A GAP during protocol detection would lead to all reassembly
getting disabled, so also the raw reassembly. In addition, it
could prevent the opposing side from doing protocol detection.

This patch remove the 'disable reassembly' logic. Stream engine
will take the stream with GAP and app-layer will make the proto
detection as complete.
9 years ago
Victor Julien f1e19b5dd4 file store: store multiple files if available 9 years ago
Victor Julien 7c0a3b5582 app-layer: fix memleak on bad traffic
If state was alloc'd after protocol detection, but then the direction
turned out to be wrong, the state would not be freed.
9 years ago
Victor Julien 132e0e21f0 ippair: fix xbits unset memleak 9 years ago
Victor Julien 4c597bb9e1 ippair: use both addresses in hash 9 years ago
Victor Julien 1de1413863 stream: validate SACK right edge to be in window 9 years ago
Victor Julien daf39b422b stream: remove unused stream config member 9 years ago
Victor Julien 7512949670 stream: make data pointer in StreamSegmentCallback const 9 years ago
Victor Julien 2a5b9eb5fa stream: remove unused variable 9 years ago
Victor Julien a86b7b7042 app-layer: minor debug improvement 9 years ago
Victor Julien 25bd3e28f7 qa/appveyor: install libiconv-devel 9 years ago
Victor Julien 205975009a travis: fix pkg-config in mac builds
Unlink pkg-config before installing.
9 years ago
Jason Ish db5708f6ad travis: fix libpcre in mac builds
It looks like Travis changed their Mac image and pcre is now
installed by default. In case it gets removed again, just unlink
it before re-installing so it doesn't fail on install.
9 years ago
Jason Ish 6585ac4a9f logging: remove unused print stats callbacks
Remove the ThreadExitPrintStats callback from logging modules
that weren't doing anything with it.
9 years ago