Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20210419/v4 #6070

Closed
wants to merge 12 commits into from
Closed

Next/20210419/v4 #6070

wants to merge 12 commits into from

Conversation

victorjulien
Copy link
Member

#6060 #5508 #5808
dcerpc proto detect fix

jasonish and others added 12 commits April 15, 2021 14:33
@jasonish
eve: remove duplicate call to LogFileEnsureExists
702f3b3 
Remove duplicate call to LogFileEnsureExists in the generic
eve thread init function.
@jasonish
eve: factor thread context creation/free for reuse
c890f9d
@jasonish
eve: reset buffer in OutputJsonBuilderBuffer
013becf 
Reset the buffer here so each caller doesn't need to do it.
@jasonish
eve: convert many loggers to use generate thread context
08eee26 
- mqtt
- dnp3
- smtp
- ike
- dns
- alert
- tls
- anomaly
- drop
- file
- http
- http2
- templates
- dhcp

The idea is to factor out the commom code for setting
up the output file objects, which is repetitive, and
often done wrong when it comes to threading.
@jasonish
eve: refactor OutputJsonBuilderBuffer to take context
06f5865 
All callers of OutputJsonBuilderBuffer are now calling it
using fields from an OutputJsonThreadCtx, so just pass
a pointer to the thread context now.
@norg @victorjulien
detect-rawbytes: update to new clang format
37789d9
@norg @victorjulien
detect-rawbytes: add rawbytes doc help output
d62616f
@norg @victorjulien
doc: add documentation for rawbytes keyword
a5f36ec
@inashivb @victorjulien
dcerpc/tcp: improve detection
c663ac6 
Lately, some of the TLS data was misdetected as DCERPC/TCP because of
the pattern |05 00|. Add more checks in DCERPC probe function to ensure
that it is in fact DCERPC/TCP.
@inashivb @victorjulien
applayer: fix test data for a valid DCERPC pkt
5fff394
@jlucovsky @victorjulien
detect/address: Improve support for large addrs
de22528 
This commit improves support for large address variables. Without this
commit, address size was fixed at 8196 or less. This commit permits
larger sized address variables.
@jlucovsky @victorjulien
general: Typo cleanup
6045db5
@victorjulien victorjulien requested review from jasonish, norg and a team as code owners April 21, 2021 05:12
@victorjulien victorjulien mentioned this pull request Apr 21, 2021
Merged
@codecov
Copy link

codecov bot commented Apr 21, 2021

Codecov Report

Merging #6070 (6045db5) into master (23b1607) will increase coverage by 0.07%.
The diff coverage is 87.57%.

@@            Coverage Diff             @@
##           master    #6070      +/-   ##
==========================================
+ Coverage   76.94%   77.02%   +0.07%     
==========================================
  Files         612      612              
  Lines      187760   187682      -78     
==========================================
+ Hits       144469   144557      +88     
+ Misses      43291    43125     -166
Flag Coverage Δ
fuzzcorpus 53.03% <54.96%> (+0.20%) ⬆️
suricata-verify 50.27% <83.22%> (-0.01%) ⬇️
unittests 63.26% <22.29%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien
Copy link
Member Author

Replaced by #6071

@victorjulien victorjulien deleted the next/20210419/v4 branch June 18, 2021 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@victorjulien @jasonish @norg @inashivb @jlucovsky