Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Backport of 6553/6875 to main-7.0.x #11761

Closed
wants to merge 14 commits into from
Closed

Backport of 6553/6875 to main-7.0.x #11761

wants to merge 14 commits into from

Commits on Sep 11, 2024

  1. stream: const args for StreamReassembleLog 

    Needed a workaround cast for RBTREE use.

(cherry picked from commit a5a6527)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    d45c615 View commit details
    Browse the repository at this point in the history

  2. eve/frame: implement payload-buffer-size option 

    Modeled after the same option in eve/alert. Defaults to 4k.

(cherry picked from commit 829bab2)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    5712f7f View commit details
    Browse the repository at this point in the history

  3. eve/alert: log payload directly from stream buffer 

    This avoids looping over partly duplicate segments that cause
output data corruption by logging parts of the stream data multiple
times.

For data with GAPs now add a indicator '[4 bytes missing]' similar
to how Wireshark does it.

Bug: OISF#6553.
(cherry picked from commit 43858f7)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    5e4d86e View commit details
    Browse the repository at this point in the history

  4. eve/alert: init membuffer size on missing config 

    Don't init buffer to 0 size but use the desired default of 4k.

(cherry picked from commit 462a6d7)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    c57203d View commit details
    Browse the repository at this point in the history

  5. eve/frames: pass membuffer to API 

    In preparation of stream logging changes.

(cherry picked from commit a205583)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    cfcd85e View commit details
    Browse the repository at this point in the history

  6. eve/frame: improve frame payload logging 

    Log using stream callback API, meaning that data will also
be logged if there are GAPs.

Also implement GAP indicators: '[123 bytes missing]'.

(cherry picked from commit 6e10c66)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    c9c8b68 View commit details
    Browse the repository at this point in the history

  7. unix-manager: add \n string to buffer using correct API call 

    (cherry picked from commit ea98df8)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    7bab2fb View commit details
    Browse the repository at this point in the history

  8. membuffer: turn complex macros into functions 

    For better readability and type checking.

(cherry picked from commit 3ef98f2)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    99ba333 View commit details
    Browse the repository at this point in the history

  9. membuffer: use buffer pointer as flexible array member 

    (cherry picked from commit 9c3669b)

An additional change was made to correct an ASAN issue -- the membuffer
is reset following allocation in MemBufferCreateNew().
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    f9208e9 View commit details
    Browse the repository at this point in the history

  10. membuffer: return bytes written 

    (cherry picked from commit 7d5b537)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    d1c421e View commit details
    Browse the repository at this point in the history

  11. eve/frame: break out of logging callback if buffer is full 

    (cherry picked from commit 1dea4fe)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    750bb1b View commit details
    Browse the repository at this point in the history

  12. eve/alert: break out of payload logging callback if buffer is full 

    (cherry picked from commit 926c6e3)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    c20e1e9 View commit details
    Browse the repository at this point in the history

  13. membuffer: annotate printf style function 

    (cherry picked from commit ff8597d)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    dcbef39 View commit details
    Browse the repository at this point in the history

  14. eve/alert: fix validation check 

    Bug: OISF#6875.
(cherry picked from commit 0be3ba8)
    @victorjulien @jlucovsky
    victorjulien authored and jlucovsky committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    6280cee View commit details
    Browse the repository at this point in the history