[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4beta3-62-g0f42f0e
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Tue Nov 20 13:44:59 UTC 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 0f42f0e89077acbea7dffe2f85a3e3d669210cb0 (commit)
via 6b3ebc810d749cce61501dea6ee1890aa80288ab (commit)
via 195b144daaef00bcd7aeb498f46f97d348735184 (commit)
via a05113a2b1aa196a135c9775ea87d85ef8f392ee (commit)
via 028a37f6e7f0fff6eb31862f3bca75ecb1b2beab (commit)
via 547c55114e3efb33f1948e030624a2430c59c4e7 (commit)
via f38b8fe4eb582c07bf3c1a29f3e1ce804f82931a (commit)
via 13237b8af28b96a657c6fd4fea38897ddcf43fbf (commit)
via ef45f7dac408664343843fed922d8d786437e3d9 (commit)
via 936c36d5f17a858a61090b51b25b73ea6c4dce15 (commit)
via d5457ad70ea67a36fadc01d7509cf020c4fbff82 (commit)
via af16c418b753774b70e06cf0cc94ec7388c38611 (commit)
via ef64648cf8e7e6f34b8e7c994e6ca2c1a4dca927 (commit)
via 8d0260b27e642c0377b6d95e3411d53cc311ded9 (commit)
via cc71c993f4a26c53c67d520a7a5f7f67d9b2077b (commit)
via c78e112e3ed8d6e85822674aa1b0c1b36265db0a (commit)
via 6f0a851087ff3137203e3ad07cfcfa4d8e882db6 (commit)
via f2a17f47d31d6524f5a61758b0b4534803ac3644 (commit)
via 83f0af36305cb9b5523a2b8ccb24fa6520949aa2 (commit)
via a9cb8ce89f111d3528d6209265f66574169a1d6c (commit)
via 93f801b3a97d44bbb946cf5f0446b04dc980bbfe (commit)
via cfd80e7063261818c555c0d0a87bd4c156e8f89d (commit)
via f8921d8a2808b38c980084469019a0cee1b46a17 (commit)
via 20a8b9dbe57f6fed9c94e04eca692db5d4c0f7a1 (commit)
via 6be63bdc4f65fd7cef5df595a047d2a2302a7bbc (commit)
via 412482f6b131b196824e585a92b7fcaa39db6d1b (commit)
via 7b1d346c22f934327b17f5f50a4ee53b3ac7bf3e (commit)
via 84f2645e3eca24b1eefddb246068ddcd4f7d2dcc (commit)
via 28b4bed1411be8f9904ad24be6bfef4aecf299c3 (commit)
via 1b26660ac439e31982f42828a730688800bb8ec4 (commit)
via 09b79cb5bfa613f2d89709975a1486cc371bf044 (commit)
from 8ae11f73b21c9aa952c43aecd4aed9c8022baefb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0f42f0e89077acbea7dffe2f85a3e3d669210cb0
Author: Victor Julien <victor at inliniac.net>
Date: Tue Nov 20 14:40:41 2012 +0100
Minor fixes
commit 6b3ebc810d749cce61501dea6ee1890aa80288ab
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:57:16 2012 +0100
unix runmode: improve JSON handling
The jansson function with new in their name take care of ref
counting. The this patch fixes a memory leak.
commit 195b144daaef00bcd7aeb498f46f97d348735184
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:58:34 2012 +0100
unix-manager: fix error and JSON handling
commit a05113a2b1aa196a135c9775ea87d85ef8f392ee
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:28:35 2012 +0100
unix-manager: memory handling fixes.
This patch adds unlikey() for memory error handling and fixes a few
error cases.
commit 028a37f6e7f0fff6eb31862f3bca75ecb1b2beab
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:21:16 2012 +0100
unix runmode: use unlikely for memory error
commit 547c55114e3efb33f1948e030624a2430c59c4e7
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:17:57 2012 +0100
unix runmode: fix FIXME
commit f38b8fe4eb582c07bf3c1a29f3e1ce804f82931a
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:15:13 2012 +0100
unix runmode: fix JSON mem handling
json_decref was not correctly used through the code. This patch
fixes it.
commit 13237b8af28b96a657c6fd4fea38897ddcf43fbf
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:10:08 2012 +0100
unix manager: add static
commit ef45f7dac408664343843fed922d8d786437e3d9
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 20 10:09:48 2012 +0100
configure: fix indent
commit 936c36d5f17a858a61090b51b25b73ea6c4dce15
Author: Eric Leblond <eric at regit.org>
Date: Mon Nov 19 12:41:42 2012 +0100
Disable 'reload-rules' command.
commit d5457ad70ea67a36fadc01d7509cf020c4fbff82
Author: Eric Leblond <eric at regit.org>
Date: Mon Nov 19 11:53:29 2012 +0100
unix-manager: doc and whitespace fixes
commit af16c418b753774b70e06cf0cc94ec7388c38611
Author: Eric Leblond <eric at regit.org>
Date: Mon Nov 19 11:49:04 2012 +0100
unix-socket: fix build when jansson not present
commit ef64648cf8e7e6f34b8e7c994e6ca2c1a4dca927
Author: Eric Leblond <eric at regit.org>
Date: Thu Nov 15 09:58:01 2012 +0100
unix-command: add drop counter to iface-stat message
commit 8d0260b27e642c0377b6d95e3411d53cc311ded9
Author: Eric Leblond <eric at regit.org>
Date: Thu Nov 15 09:56:17 2012 +0100
Add atomic counter for iface drop.
commit cc71c993f4a26c53c67d520a7a5f7f67d9b2077b
Author: Eric Leblond <eric at regit.org>
Date: Thu Nov 15 09:06:01 2012 +0100
unix-command: add iface information command.
This patch adds two commands to unix-command. 'iface-list' displays
the list of interface which are sniffed by Suricata and 'iface-stat'
display the available statistics for a single interface. For now,
this is the number of packets and the number of invalid checksums.
commit c78e112e3ed8d6e85822674aa1b0c1b36265db0a
Author: Eric Leblond <eric at regit.org>
Date: Thu Nov 15 09:05:08 2012 +0100
af-packet: update runmode copyright date.
commit 6f0a851087ff3137203e3ad07cfcfa4d8e882db6
Author: Eric Leblond <eric at regit.org>
Date: Tue Oct 30 14:35:23 2012 +0100
unix-manager: fix error treatment in accept phase
commit f2a17f47d31d6524f5a61758b0b4534803ac3644
Author: Eric Leblond <eric at regit.org>
Date: Mon Oct 29 11:56:46 2012 +0100
unix-manager: implement multi client support
This patch implements the support of multiple clients connected
at once to the unix socket.
commit 83f0af36305cb9b5523a2b8ccb24fa6520949aa2
Author: Eric Leblond <eric at regit.org>
Date: Fri Oct 26 16:21:21 2012 +0200
suricatasc: improve reading when system is loaded
commit a9cb8ce89f111d3528d6209265f66574169a1d6c
Author: Eric Leblond <eric at regit.org>
Date: Fri Oct 26 10:31:13 2012 +0200
affinity: avoid to init structure twice
In unix socket mode, suricata was doing multiple init of the
structure. This was not needed and caused a memory leak in
mutex creation.
commit 93f801b3a97d44bbb946cf5f0446b04dc980bbfe
Author: Eric Leblond <eric at regit.org>
Date: Fri Oct 26 10:21:36 2012 +0200
pcap-file: update affinity setting code
The affinity setting code was using the old API. This patch updates
to the new API and also adds a call to RunModeInitiaze() which was
missing in Single running mode.
commit cfd80e7063261818c555c0d0a87bd4c156e8f89d
Author: Eric Leblond <eric at regit.org>
Date: Fri Oct 26 09:52:11 2012 +0200
unix-mode: fix return of pcap-file command
commit f8921d8a2808b38c980084469019a0cee1b46a17
Author: Eric Leblond <eric at regit.org>
Date: Thu Oct 25 22:06:29 2012 +0200
unix-socket: introduce API to add commands and tasks
This patch transforms the unix socket into a flexible system to
add commands (triggered by user) and taks (run periodically).
It introduces two functions UnixManagerRegisterCommand and
UnixManagerRegisterBackroundTask to registed commands and tasks.
Other part of Suricata can then declare a new command via a simple
call of the function. In the case of a command the caller is
responsible of building the answer message using Jansson API. The
sending of the message is made by unix manager code.
commit 20a8b9dbe57f6fed9c94e04eca692db5d4c0f7a1
Author: Eric Leblond <eric at regit.org>
Date: Tue Feb 7 23:48:56 2012 +0100
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
commit 6be63bdc4f65fd7cef5df595a047d2a2302a7bbc
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 17 15:24:39 2012 +0200
tm-threads: add TM_ECODE_DONE state
This patch adds a nex return state which can be used by threads
to warn that a task has been done. In this case, suricata does not
leave.
commit 412482f6b131b196824e585a92b7fcaa39db6d1b
Author: Eric Leblond <eric at regit.org>
Date: Tue Oct 9 12:56:17 2012 +0200
filestore: create file store directory if needed
This patch modifies the file store system to have it create the
file store directory if needed. It dos not create the full
directory tree as the parent directory must have already been
created.
commit 7b1d346c22f934327b17f5f50a4ee53b3ac7bf3e
Author: Eric Leblond <eric at regit.org>
Date: Tue Oct 9 18:38:34 2012 +0200
counters: management cpu set was set twice
Setting the management CPU set on perf threads is already done in
the TmThreadCreateMgmtThread() function used to create the threads.
commit 84f2645e3eca24b1eefddb246068ddcd4f7d2dcc
Author: Eric Leblond <eric at regit.org>
Date: Thu Oct 18 17:27:48 2012 +0200
pcap-file: free thread var at deinit.
commit 28b4bed1411be8f9904ad24be6bfef4aecf299c3
Author: Eric Leblond <eric at regit.org>
Date: Tue Oct 9 18:38:02 2012 +0200
tm-threads: fix potential access to NULL pointer.
commit 1b26660ac439e31982f42828a730688800bb8ec4
Author: Eric Leblond <eric at regit.org>
Date: Wed Oct 17 08:54:31 2012 +0200
counter: defensive set to NULL in free.
commit 09b79cb5bfa613f2d89709975a1486cc371bf044
Author: Eric Leblond <eric at regit.org>
Date: Tue Oct 23 18:20:22 2012 +0200
stream-tcp: fix double call to debug print function
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 3 +-
configure.ac | 52 ++-
scripts/Makefile.am | 1 +
scripts/suricatasc/Makefile.am | 1 +
scripts/suricatasc/suricatasc.in | 120 ++++
src/Makefile.am | 2 +
src/counters.c | 5 +-
src/log-filestore.c | 19 +-
src/runmode-af-packet.c | 2 +-
src/runmode-pcap-file.c | 35 +-
src/runmode-unix-socket.c | 380 ++++++++++
src/{detect-l3proto.h => runmode-unix-socket.h} | 23 +-
src/runmodes.c | 6 +
src/runmodes.h | 2 +
src/source-af-packet.c | 1 +
src/source-pcap-file.c | 26 +-
src/source-pcap.c | 1 +
src/source-pfring.c | 1 +
src/stream-tcp-reassemble.c | 1 -
src/suricata.c | 120 +++-
src/suricata.h | 7 +-
src/tm-threads-common.h | 2 +
src/tm-threads.c | 112 +++-
src/tm-threads.h | 3 +
src/unix-manager.c | 852 +++++++++++++++++++++++
src/{detect-l3proto.h => unix-manager.h} | 32 +-
src/util-affinity.c | 9 +-
src/util-device.c | 72 ++
src/util-device.h | 7 +
suricata.yaml.in | 9 +
30 files changed, 1804 insertions(+), 102 deletions(-)
create mode 100644 scripts/Makefile.am
create mode 100644 scripts/suricatasc/Makefile.am
create mode 100755 scripts/suricatasc/suricatasc.in
create mode 100644 src/runmode-unix-socket.c
copy src/{detect-l3proto.h => runmode-unix-socket.h} (65%)
create mode 100644 src/unix-manager.c
copy src/{detect-l3proto.h => unix-manager.h} (56%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list