Skip to content

Feature/flow community id/v18#3504

Closed
victorjulien wants to merge 15 commits intoOISF:masterfrom
victorjulien:feature/flow-community-id/v18
Closed

Feature/flow community id/v18#3504
victorjulien wants to merge 15 commits intoOISF:masterfrom
victorjulien:feature/flow-community-id/v18

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Oct 10, 2018

@victorjulien
smb2: skip rest of READ response if status is not success
9dd7c38
@victorjulien
smb2/dcerpc: probe if response data is dcerpc
ac4e888 
If we missed the tree connect we can't know for sure if we're
reading from a (DCERPC) PIPE or not. In this case probe the data
to see if it looks like DCERPC.

If the detection succeeds, use a special 'suricata::dcerpc' service
in the TX.

Simplify handling of DCERPC records that cross records

Update logging for the response only TXs.
@victorjulien
smb/dcerpc: clean up and unify DCERPC probe logic
4d04448
@victorjulien
smb/dcerpc: remove now unused ssn2maxsize_map
4d50242
@victorjulien
configure: fix and cleanup nss and nspr detection
4ece6ba
@victorjulien
rust: enable by default
ed71276 
Remove 'experimental' label for Rust, and enable it by default if
rustc and cargo (and libjansson) are available.

Add rustc and cargo versions to the build-info.
@victorjulien
travis: update rust to 1.29.1, add auto & disabled tests
c54acd3
@victorjulien
hash/sha1: optimize by avoiding mem alloc
7bf7180 
Don't allocate an output buffer for each call. These buffers
would have the exact same size every time.
@victorjulien
eve/flow: minor cleanups
f357ad1
@victorjulien
eve/json: add common helper funcs
8b8270e 
Add simple helper funcs for option-less loggers
@victorjulien
smb: use common json output structures
04edc7c
@victorjulien
nfs: use common json output structures
116c03c
@victorjulien
eve/json: move common settings into it's own struct
df1ec82
@victorjulien
eve/json: handle common options in central function
e956b48
@victorjulien
eve/json: introduce community flow id
992053e 
Add support for community flow id, meant to give a records a
predictable flow id that can be used to match records to
output of other tools.

Takes a 'seed' that needs to be same across sensors and tools
to make the id less predictable.
@victorjulien victorjulien requested review from a team and jasonish as code owners October 10, 2018 08:44
@victorjulien
Copy link
Member Author

victorjulien commented Oct 10, 2018

@regit fixed the ICMP issue

@victorjulien victorjulien mentioned this pull request Oct 11, 2018
Closed
@victorjulien
Copy link
Member Author

victorjulien commented Oct 11, 2018

Replaced by #3506

@victorjulien victorjulien deleted the feature/flow-community-id/v18 branch October 15, 2018 06:31
amirabell pushed a commit to amirabell/suricata that referenced this pull request Jun 16, 2020
fix Bug OISF#3504 truncated http raw header len
ae58039 
This changeset fixes a bug on the computation of the buffer
lenght for raw http headers. The bug is due to a mismatch
on the data type of the length (uint8_t vs uint32_t) and it
was causing signature misses.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@victorjulien