[Oisf-devel] [COMMIT] OISF branch, master-3.2.x, updated. suricata-3.2.2-3-g9d3a99b

OISF Git noreply at openinfosecfoundation.org
Fri Jul 7 15:34:57 UTC 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-3.2.x has been updated
       via  9d3a99bf0b95f938f84c924e112a9904e84b6765 (commit)
       via  24fe3c99f162699d6c71c29b620fa2ab41873a25 (commit)
       via  076188308d6bea78009506c43faeea7ed8f38465 (commit)
      from  913071f6725a666174d3b359ccdb3410e1ffbb03 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9d3a99bf0b95f938f84c924e112a9904e84b6765
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Jun 27 15:07:40 2017 +0200

    pcap: fix linktype raw issues
    
    On OpenBSD 6.0 and 6.1 the following pcap gets a datalink type of
    101 instead of our defined DLT_RAW.
    
        File type:           Wireshark/tcpdump/... - pcap
        File encapsulation:  Raw IP
        File timestamp precision:  microseconds (6)
        Packet size limit:   file hdr: 262144 bytes
        Number of packets:   23
        File size:           11 kB
        Data size:           11 kB
        Capture duration:    7,424945 seconds
        First packet time:   2017-05-25 21:59:31,957953
        Last packet time:    2017-05-25 21:59:39,382898
        Data byte rate:      1536 bytes/s
        Data bit rate:       12 kbps
        Average packet size: 496,00 bytes
        Average packet rate: 3 packets/s
        SHA1:                120cff9878b93ac74b68fb9216027bef3b3c018f
        RIPEMD160:           35fa287bf30d8be8b8654abfe26e8d3883262e8e
        MD5:                 13fe4bc50fe09bdd38f07739bd1ff0f0
        Strict time order:   True
        Number of interfaces in file: 1
        Interface #0 info:
                             Encapsulation = Raw IP (7/101 - rawip)
                             Capture length = 262144
                             Time precision = microseconds (6)
                             Time ticks per second = 1000000
                             Number of stat entries = 0
                             Number of packets = 23
    
    On Linux it is 12.
    
    On the tcpdump/libpcap site the DLT_RAW is defined as 101:
    http://www.tcpdump.org/linktypes.html
    
    Strangely, on OpenBSD the DLT_RAW macro is defined as 14 as expected.
    So for some reason, libpcap on OpenBSD uses 101 which seems to match
    the tcpdump/libpcap documentation.
    
    So this patch adds support for datalink 101 as RAW.

commit 24fe3c99f162699d6c71c29b620fa2ab41873a25
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jun 28 09:23:42 2017 +0200

    log: destroy file mutex

commit 076188308d6bea78009506c43faeea7ed8f38465
Author: Jason Ish <ish at unx.ca>
Date:   Mon Jun 26 11:04:46 2017 -0600

    log: wrap rotation and write in lock
    
    The application log is subject to rotation, so the check for
    rotation, the actual rotation and write needs to be done under
    lock to ensure the file pointer is in a consisten state
    at the time of write().
    
    Fixes issue:
    https://redmine.openinfosecfoundation.org/issues/2155

-----------------------------------------------------------------------

Summary of changes:
 src/decode.h           | 3 +++
 src/source-pcap-file.c | 1 +
 src/util-debug.c       | 7 ++++++-
 src/util-debug.h       | 3 +++
 4 files changed, 13 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list