[Oisf-devel] [COMMIT] OISF branch, master-2.0.x, updated. suricata-2.0.3-8-ga3bd19e

[OISF Git]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-2.0.x has been updated
       via  a3bd19e18a33a748618633dde4aff767373371d9 (commit)
       via  e9821accc84a89e672bb74ae593aaa5352badc56 (commit)
      from  5279c2472d49fd6eb21a78a65552e9925e03826f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a3bd19e18a33a748618633dde4aff767373371d9
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Sep 22 17:33:40 2014 +0200

    af-packet: check pointers before use

commit e9821accc84a89e672bb74ae593aaa5352badc56
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 19 16:54:00 2014 +0200

    af-packet: force suricata in IPS mode when needed
    
    AF_PACKET is not setting the engine mode to IPS when some
    interfaces are peered and use IPS mode. This is due to the
    fact, it is possible to peer 2 interfaces and run an IPS on
    them and have a third one that is running in normal IDS mode.
    
    In fact this choice is the bad one as unwanted side effect is
    that there is no drop log and that stream inline is not used.
    
    To fix that, this patch puts suricata in IPS mode as soon as
    there is two interfaces in IPS mode. And it displays a error
    message to warn user that the accuracy of detection on IDS only
    interfaces will be low.

-----------------------------------------------------------------------

Summary of changes:
 src/runmode-af-packet.c |   78 +++++++++++++++++++++++++++++++++++++++++++++++
 src/runmode-af-packet.h |    1 +
 src/suricata.c          |    4 +++
 3 files changed, 83 insertions(+)


hooks/post-receive
-- 
OISF