[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta1-337-g36bc8d5
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Fri Nov 15 14:44:44 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 36bc8d5cd0549b061dc4688a408592d1b147b465 (commit)
via bee5ff172b69c6ff129d94335953859b95bbc0c6 (commit)
via 6730f3d5ccd422a0b557bc2ff69814c8fe528abf (commit)
via 61cdd9be6bb8e2b7b5e62a81c3d56c9080d63e9a (commit)
via c1b9f0e1f459157917832d56f31eeda713faf64b (commit)
from 72a147b6f16ded148fc65428b98f0be9a0986691 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 36bc8d5cd0549b061dc4688a408592d1b147b465
Author: Victor Julien <victor at inliniac.net>
Date: Thu Nov 14 15:57:04 2013 +0100
http & tls: fix transaction handling
When http and/or tls logging is disabled, the app layer would still
be flagged as logging. This caused transactions not to be freed until
the end of the flow as the logged tx id would never increment.
This fix postpones the setting of the app layer parser "logger"
flag to the point where we know the logger is enabled.
commit bee5ff172b69c6ff129d94335953859b95bbc0c6
Author: Victor Julien <victor at inliniac.net>
Date: Thu Nov 14 15:44:35 2013 +0100
dns: fix transaction handling
When logging is disabled, the app layer would still be flagged
as logging. This caused transactions not to be freed until the
end of the flow as the logged tx id would never increment.
This fix postpones the setting of the app layer parser "logger"
flag to the point where we know the logger is enabled.
commit 6730f3d5ccd422a0b557bc2ff69814c8fe528abf
Author: Victor Julien <victor at inliniac.net>
Date: Mon Nov 11 17:27:56 2013 +0100
DNS: trigger logging for toserver dir when previous reply is lost.
commit 61cdd9be6bb8e2b7b5e62a81c3d56c9080d63e9a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Nov 7 22:55:15 2013 +0100
dns: detect case of request flooding
In the case where DNS requests are sent over the same flow w/o a
reply being received, we now set an event in the flow and refuse
to add more transactions to the state. This protects the DNS
handling from getting overloaded slowing down everything.
A new option to configure this behaviour was added:
app-layer:
protocols:
dnsudp:
enabled: yes
detection-ports:
udp:
toserver: 53
request-flood: 750
The request-flood parameter can be 0 (disabling this feature) or a
positive integer. It defaults to 500.
This means that if 500 unreplied requests are seen in a row an event
is set. Rule 2240007 was added to dns-events.rules to match on this.
commit c1b9f0e1f459157917832d56f31eeda713faf64b
Author: Ken Steele <ken at tilera.com>
Date: Fri Nov 15 08:55:39 2013 -0500
Formatting and comment updates in flow files
Some reformatting to meet coding standards.
Added a few comments to make it more clear where p->flow gets set.
-----------------------------------------------------------------------
Summary of changes:
rules/dns-events.rules | 2 +
src/app-layer-dns-common.c | 39 +++++++++++++++++++++++++-
src/app-layer-dns-common.h | 8 +++++
src/app-layer-dns-tcp.c | 16 ++++-------
src/app-layer-dns-udp.c | 43 ++++++++++++++++++++---------
src/app-layer-parser.c | 3 ++
src/flow-bit.c | 65 +++++++++++++++++++++++++++++---------------
src/flow-hash.c | 44 +++++++++++++++++++----------
src/flow-util.c | 6 ++--
src/flow.c | 25 +++++++++--------
src/log-dnslog.c | 58 +++++++++++++++++++++------------------
src/log-httplog.c | 6 ++--
src/log-tlslog.c | 6 ++--
src/util-error.h | 1 +
14 files changed, 212 insertions(+), 110 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list