[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4beta1-14-g6303b5d

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Sat Sep 8 19:15:56 UTC 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  6303b5d987ef9cd78f697523b5751296efa66646 (commit)
       via  d51dd6a30e23e24d08d79bb203421cfcccaca8b1 (commit)
       via  c4f9d0e0e1de3080c062e6f5c43de12d2155bfca (commit)
       via  7af9fd7735c2004866272ffe3a0d91ca5c96e080 (commit)
       via  4d2305c0a87c7c1c825f6a37ac459deb030fa89f (commit)
       via  6d5544665547f474125921ee2e266bcd4ce705fb (commit)
       via  41cb365a399edd8b6f1e456a2d7e9be616792103 (commit)
       via  ec2445702c34ba67657e088f131d17a9540211f6 (commit)
       via  e168824d806736b38301eece5967c01ab16d421d (commit)
       via  ea020e2be6d959769681b14525232be4c9f4923a (commit)
       via  4a1a008009563f12e995eb1f01dd0bdd4f3c62de (commit)
      from  0d55950840bc3a2f175b151f58b6756e38a8b275 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6303b5d987ef9cd78f697523b5751296efa66646
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 13:54:35 2012 +0200

    SC_LOG_ERROR is not an error.

commit d51dd6a30e23e24d08d79bb203421cfcccaca8b1
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 13:53:44 2012 +0200

    Fix warning about unused return of SC_ATOMIC func.

commit c4f9d0e0e1de3080c062e6f5c43de12d2155bfca
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 13:52:21 2012 +0200

    Fix invalid usage of operator.

commit 7af9fd7735c2004866272ffe3a0d91ca5c96e080
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 13:31:03 2012 +0200

    freebsd: fix warning about redeclaration.

commit 4d2305c0a87c7c1c825f6a37ac459deb030fa89f
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 13:25:35 2012 +0200

    freebsd: fix warning

commit 6d5544665547f474125921ee2e266bcd4ce705fb
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 13:18:35 2012 +0200

    ipfw: avoid critical error for broadcast
    
    In some setup, suricata may receive broadcast packets and the call
    to sendto may fail if the wrong interface is choosen by kernel.
    This patch change the error treatment to avoid to leave when
    this problem occurs.

commit 41cb365a399edd8b6f1e456a2d7e9be616792103
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 11:20:18 2012 +0200

    ipfw: add missing include

commit ec2445702c34ba67657e088f131d17a9540211f6
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 7 10:52:37 2012 +0200

    autotools: fix default path for magic file.

commit e168824d806736b38301eece5967c01ab16d421d
Author: Eric Leblond <eric at regit.org>
Date:   Thu Sep 6 22:39:02 2012 +0200

    freebsd: fix function usage.
    
    The unlock function was not correctly used in error treatment.

commit ea020e2be6d959769681b14525232be4c9f4923a
Author: Jason Ish <jason.ish at endace.com>
Date:   Fri Sep 7 10:22:38 2012 -0600

    Do not trim the FCS, pcaps converted to ERF will have have an FCS.

commit 4a1a008009563f12e995eb1f01dd0bdd4f3c62de
Author: Eric Leblond <eric at regit.org>
Date:   Sat Sep 8 11:48:59 2012 +0200

    af-packet: fix looping in ring buffer.
    
    A crash can occurs in the following conditions:
     * Suricata running in other mode than "workers"
     * Kernel fill in the ring buffer
    Under this conditions, it is possible that the capture thread reads
    a packet that has not yet released by one of the treatment threads
    because there is no modification done on the ring buffer entry when
    a packet is read. Doing, this it access to memory which can be
    released to the kernel and modified. This results in a kind of memory
    corruption.
    
    This bug has only been seen recently and this has to be linked with the
    read speed improvement recently made in AF_PACKET support.
    
    The patch fixes the issue by modifying the tp_status bitmask in the
    ring buffer. It sets the TP_STATUS_USER_BUSY flag when it is confirmed
    that the packet will be treated. And at the start of the read, it exits
    from the reading loop (returning to poll) when it reaches a packet with
    the flag set. As tp_status is set to 0 during packet release the flag
    is destroyed when releasing the packet.
    
    Regarding concurrency, we've got a sequence of modification. The
    capture thread read the packet and set the flag, then it passes the
    queue and the packet get processed by other threads. The change on
    tp_status are thus made at different time.
    
    Regarding the value of the flag, the patch uses the last bit of
    tp_status to avoid be impacting by a change in kernel. I will
    propose a patch to have TP_STATUS_USER_BUSY included in kernel
    as this is a generic issue for multithreading application using
    AF_PACKET mechanism.

-----------------------------------------------------------------------

Summary of changes:
 configure.ac           |    5 +++--
 src/detect-engine.c    |    2 +-
 src/detect.c           |    2 +-
 src/source-af-packet.c |   16 ++++++++++++++++
 src/source-erf-dag.c   |    2 +-
 src/source-erf-file.c  |    2 +-
 src/source-ipfw.c      |   14 +++++++++++---
 src/source-nfq.c       |    2 +-
 src/source-pcap-file.c |    2 +-
 src/source-pcap.c      |    2 +-
 src/stream-tcp.c       |    4 ++--
 src/threads.h          |    3 +++
 src/tm-threads.c       |   18 +++++++++---------
 src/util-atomic.c      |    4 ++--
 src/util-crypt.h       |    2 ++
 src/util-profiling.c   |    3 +++
 16 files changed, 58 insertions(+), 25 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list