[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.2.1-159-g6585ac4
OISF Git
noreply at openinfosecfoundation.org
Tue Feb 21 12:40:51 UTC 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 6585ac4a9faee41663f707fab8d463337ba06629 (commit)
via 0c3f1e2974180f4382ed6c551f1de4a6d2650e56 (commit)
via ddf1bf6518fd2a87a143652944b129f1075766b9 (commit)
via 285b5662050c6a33513f74489226d0c218e73cab (commit)
via ee9f822b8e14c27f1b0f19fdf64febaa1740c8d3 (commit)
via d6508e640a2330722011e4cfc39a36f60f735796 (commit)
via 95864375f2a510b122909923bd0ba0f8c0558d74 (commit)
via 2e339aa7911b090c11ecef5869df43faa633e2d2 (commit)
via 2b460b8d06390fa12415d23891098d8a9184c0dc (commit)
via 2c1a36dd6e56a84bc2894a7e544b1e83651b85bf (commit)
via 310b27a196a93b46ea719a51323fd3d4a83bea64 (commit)
via e41a9d637bf0b420d548c2bec0fb26c79c1f5ccf (commit)
via ee7e689b5423295d17f1560e2a3b1a1491cdf314 (commit)
via 92db12c3492d1931e346869695351ca1788869e2 (commit)
via 1bf7ded224bacace8b7779d76a738c8976e55f58 (commit)
via b1ad770b36ba2595f77a94e67b0ae86c22d4217c (commit)
from e91bb09c9138d6087eec2c09fc648cc06c08ca71 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6585ac4a9faee41663f707fab8d463337ba06629
Author: Jason Ish <ish at unx.ca>
Date: Mon Feb 20 12:00:15 2017 -0600
logging: remove unused print stats callbacks
Remove the ThreadExitPrintStats callback from logging modules
that weren't doing anything with it.
commit 0c3f1e2974180f4382ed6c551f1de4a6d2650e56
Author: Jason Ish <ish at unx.ca>
Date: Mon Feb 20 11:52:34 2017 -0600
logging: move lock into write function
All loggers were wrapping just the write in a lock with some
updating a counter. This moves the lock into the write function.
The log_ctx alerts counter was also removed as many modules have
stopped using this and the alert count is available elsewhere.
Should satisfy Coverity CID 1400798:
CID 1400798 (#1 of 1): Data race condition (MISSING_LOCK) 2.
missing_lock: Accessing log_ctx->rotation_flag without holding lock
LogFileCtx_.fp_mutex. Elsewhere, "LogFileCtx_.rotation_flag" is accessed
with LogFileCtx_.fp_mutex held 4 out of 5 times.
Which appears to be a false positive as all calls to SCLogFileWrite
were done under lock, but this will make it more explicit.
commit ddf1bf6518fd2a87a143652944b129f1075766b9
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 17 11:22:23 2017 -0600
unified2: unlock using same dereference as lock
Addresses Coverity CIDs:
1400797
1400796
Note that the mutex was actually being unlocked, but
from a different variable pointing to the same mutex.
commit 285b5662050c6a33513f74489226d0c218e73cab
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Jan 17 09:53:23 2017 +0100
doc: add documentation for TlsGetCertSerial Lua function
commit ee9f822b8e14c27f1b0f19fdf64febaa1740c8d3
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Feb 20 08:33:49 2017 +0100
doc: add documentation for tls_cert_serial keyword
commit d6508e640a2330722011e4cfc39a36f60f735796
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Feb 20 08:27:23 2017 +0100
detect: add (mpm) keyword tls_cert_serial
Match on TLS certificate serial number using tls_cert_serial
keyword, e.g.:
alert tls any any -> any any (msg:"TLS cert serial test";
tls_cert_serial; content:"5C:19:B7:B1:32:3B:1C:A1";
sid:12345;)
commit 95864375f2a510b122909923bd0ba0f8c0558d74
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Jan 17 09:23:30 2017 +0100
lua: add function to print certificate serial number
Add function LuaGetCertSerial to print serial number from TLS
certificate.
Example:
function log (args)
serial = TlsGetCertSerial()
if serial then
file:write(serial .. "\n");
file:flush()
end
end
commit 2e339aa7911b090c11ecef5869df43faa633e2d2
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Jan 17 09:22:10 2017 +0100
tls-log: log certificate serial number
commit 2b460b8d06390fa12415d23891098d8a9184c0dc
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Jan 17 09:21:30 2017 +0100
output-json-lua: log certificate serial number
commit 2c1a36dd6e56a84bc2894a7e544b1e83651b85bf
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Jan 17 09:20:25 2017 +0100
app-layer-tls: decode certificate serial number
commit 310b27a196a93b46ea719a51323fd3d4a83bea64
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date: Mon Feb 20 16:47:31 2017 +0300
af-packet: fix parsing packet in TPACKET_V3 mode
AFPParsePacketV3() saved tpacket_block_desc structure
instead of tpacket3_hdr. As a result, reconstructed
packets were wrong.
Bug #2044.
commit e41a9d637bf0b420d548c2bec0fb26c79c1f5ccf
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date: Mon Feb 20 16:43:10 2017 +0300
af-packet: get VLAN info for packets in TPACKET_V3 mode
commit ee7e689b5423295d17f1560e2a3b1a1491cdf314
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date: Mon Feb 20 16:41:18 2017 +0300
af-packet: write VLAN info for both TPACKET_V2 and V3
commit 92db12c3492d1931e346869695351ca1788869e2
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 17 10:46:43 2017 -0600
pidfile: fail if the pid file exists
Changes the pidfile check function to fail just on the
existence of the file to address issue
https://redmine.openinfosecfoundation.org/issues/1335
but log a message if the pid file appears to be stale.
commit 1bf7ded224bacace8b7779d76a738c8976e55f58
Author: David Wharton <dwharton at secureworks.com>
Date: Mon Feb 20 08:29:59 2017 -0500
doc: specify buffers that can be used for fast_pattern
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
commit b1ad770b36ba2595f77a94e67b0ae86c22d4217c
Author: David Wharton <dwharton at secureworks.com>
Date: Mon Feb 20 08:27:05 2017 -0500
doc: removed references to older Suricata versions
docs are versioned; references to older Suricata versions undesired.
-----------------------------------------------------------------------
Summary of changes:
doc/userguide/output/eve/eve-json-format.rst | 2 +
doc/userguide/output/eve/eve-json-output.rst | 2 +-
doc/userguide/output/lua-output.rst | 16 +++++
doc/userguide/rules/tls-keywords.rst | 30 +++++---
src/Makefile.am | 1 +
src/alert-debuglog.c | 19 +----
src/alert-fastlog.c | 18 +----
src/alert-syslog.c | 25 +------
src/alert-unified2-alert.c | 16 ++---
src/app-layer-ssl.c | 2 +
src/app-layer-ssl.h | 1 +
src/app-layer-tls-handshake.c | 15 ++++
src/detect-engine-tls.c | 76 ++++++++++++++++++++
src/detect-engine-tls.h | 7 ++
...-tls-cert-issuer.c => detect-tls-cert-serial.c} | 83 +++++++++++-----------
...-tls-cert-issuer.h => detect-tls-cert-serial.h} | 13 ++--
src/detect.c | 2 +
src/detect.h | 1 +
src/log-dnslog.c | 4 --
src/log-httplog.c | 15 +---
src/log-stats.c | 13 +---
src/log-tcp-data.c | 16 +----
src/log-tlslog.c | 5 +-
src/output-json-tls.c | 29 ++++++--
src/source-af-packet.c | 45 ++++++++----
src/util-decode-der-get.c | 45 ++++++++++++
src/util-decode-der-get.h | 1 +
src/util-logopenfile.c | 6 +-
src/util-logopenfile.h | 2 -
src/util-lua-tls.c | 35 +++++++++
src/util-pidfile.c | 25 ++++---
suricata.yaml.in | 2 +-
32 files changed, 365 insertions(+), 207 deletions(-)
copy src/{detect-tls-cert-issuer.c => detect-tls-cert-serial.c} (87%)
copy src/{detect-tls-cert-issuer.h => detect-tls-cert-serial.h} (76%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list