[Oisf-devel] [COMMIT] OISF annotated tag, suricata-2.0beta2, created. suricata-2.0beta2

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Wed Dec 18 13:24:04 UTC 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The annotated tag, suricata-2.0beta2 has been created
        at  85f79e0de06236b0dc8b2250b577c0410b76009d (tag)
   tagging  d3d745d515d30da5553c725bf5ea6d751fc4af57 (commit)
  replaces  suricata-2.0beta1
 tagged by  Victor Julien
        on  Wed Dec 18 14:23:33 2013 +0100

- Log -----------------------------------------------------------------
Tag Suricata 2.0beta2 release.
Version: GnuPG v1.4.14 (GNU/Linux)


Anoop Saldanha (83):
      fix for #882.
      fix bug where we were not printing http hostname(printing <unknown>
      fix for #915.  Fix segv when we send NULL to snprintf.
      Rearrange ac state.
      Fixes segv inside rule swap under low mem conditions.
      fix for #920.
      fix for #932.
      Fix unittests that use chunked encoding.
      Introduce generic utility API to log message on invalid config entry.
      Fix for #922.
      fix for #927.
      fix for #926.
      fix for #925.
      Fix creating a backup of htp config.  This is used by unittests that
      Introduce a saner way to validate the completion of request and
      unittests for gzip, deflate http compression, multiple stacked
      Modify handling of negated content.
      Unittest to display bug #970.
      fix for bug #970.
      Unittest to display bug #970(ac-bs).
      fix for bug #970(ac-bs).
      Unittest to display bug #970(ac-gfbs).
      fix for bug #970(ac-gfbs).
      bug #955 - Fix SSL parsing issue.
      Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".
      Unittest for bug #973.
      fix for bug #973.
      Now supports accepting port addresses as strings, like the ones accepted in our rules. As a consequence we now accept port range, and other such combination. Support PP for ports based on ipproto as well.
      Introduce new options into the conf file to enable/disable -
      Allow detection ports for alproto to be specified via the conf file.
      feature #727 - Add support for app-layer-protocol:<protocol> keyword
      Introduce detection parser function pointer.
      code cleanup.
      update pmp to return whole set of matches, rather than a single match.
      Provide convenience macros for setting flow flags on protocol matching by
      Replace ssn appproto_detection_completed flag with individual stream ones.
      App layer protocol detection updated and improved.  We now use
      code cleanup.
      Move app event module registration as a part of app layer proto table.
      validate dns sigs that are reported as plain dns and not dnsudp or dnstcp.
      Fix duplicate packet decoder events. Add event entries that were missing as well.
      Add and use EventGetInfo for getting info on an event.
      Add app layer protocol packet event detection support.
      Update htp event handler to both warning and error events regardless of any conditions.
      Introduce a separate inspection engine for app events.
      alert ipv4 and alert ipv6 specified proto rules should be treated and PROTO_ANY just like how we treat alert ip rules.
      Update rule engine relationship with regard to setting ip protocol between specifying protocol after action, ip_proto and app-layer-protocol.
      Add unittest to test for http ambiguous host header.
      Rename function pointer var to use the FuncPtr typing convention. Resupply "dns" as the alproto name for ALPROTO_DNS.
      Introduce convenience macro to set Stream app proto completion flag.
      If we have proto mismatch from 2 directions, use one of the protos, instead of erroring out and not sending the data further to the parser.
      indentation fix.
      Cosmetic changes to code. Introduce human readabel flag values for some constants. Here the parameter in question is "data_first_seen_dir" for session context.
      Cosmetic changes to app parser struct.
      Update stream inline to use the improved app proto detection.
      Fix compilation failure when we don't enable unittests.  Got to #ifdef
      Remove the smtp parser restriction that it accepts data only in to client
      Reset some flow flags when port numbers are re-used and we re-use the
      Remove the unused flow flags - FLOW_TS_PM_PP_ALPROTO_DETECT_DONE and
      Remove unused vars alp_content_module_handle and proto_map from
      Fix mem leak in b2g.
      Fix a leak in app layer parser proto code.  Free the proto signatures
      Fix a leak in probing parsers.  We were freeing just the head of the list,
      Fix coverity scan defect #1099714.
      Fix return value from DetectProtoParse() which is used by probing
      Stateful detection inspection continuation API call should update per
      Update ssl parser protocol detection pattern strings.
      Inside PP parser, we were using the return value from DetectPortParse as
      Reset app layer processed flag for segments that have been sent for proto
      Fix for bug #989.
      API renaming/beautification.
      fix for bug #987.
      Add a /* fall through */ comment for all switch case fall throughs.
      Support for feature #983.
      Remove the obsolete DetectFtpBounceMatch() function.
      Introduce new API to allow case insensitive protocol detection patterns.
      Update ftp parser protocol detection to use lowercase patterns.
      Fix for #1003.
      Removed unused function MpmMatcherGetMaxPatternLength.
      Code cleanup.
      Restructured flow_proto mapping enums.
      Updated the ftp response handler to return without doing anything.
      FTP parser updated to not use the archaic App layer feature of AppLayerParserResultElmt.

Duarte Silva (5):
      Added the new files containing the repeated functions
      Now using the common functions
      Now using the common functions
      Modified suricata configuration
      Adds X-Forwarded-For support to the Unified2 output format

Eric Leblond (104):
      Host: use global free storage function
      Add per-flow generic storage
      flow tag: conversion to flow storage API
      engine-tag: rename var and add sanity check
      runmodes: fix comment
      suricata: separate keyword and app layer listing code
      suricata: list cuda cards in separate function
      move unittest out of suricata.c
      suricata: add some wrapper for config file handling
      Add util-conf for config util
      Use new function GetLogDirectory()
      suricata: add wrapper for interface listing
      Simplify code by removing comment
      suricata: function for lowercase table creation
      Suppress Suri prefix.
      af-packet: add sanity check in free function
      unittest: make check use a qa/log dir for logging
      Export IsRuleReloadSet and use it.
      Add SuriInstance structure
      add internal running mode
      get (almost) rid of run_mode variable.
      engine analysis is a running mode
      kill remaining run_mode usage
      Running mode is set earlier so out earlier
      suricata: windows specific in one function
      Add function for internal running mode
      suricata: use function to print version
      SetBPfString is part of command line parsing
      set rule_reload as part of SuriInstance
      Use function for daemonification and signal handler
      Factorize Signature loading
      Add functions for elapsed time computation.
      Use function for delayed detect setup.
      Generic code don't need ifdef
      Move CreateLowercaseTable to GLobalInits
      Prefix util-conf function with Config
      Add offline flag to SuriInstance and some refactoring
      Use a typedef for SuriInstance.
      suricata: suppress Suri prefix
      suricata: rename SuriInstance to SCInstance.
      fix pf_ring build
      pf_ring: avoid to ask for extended header.
      unittest: recycle packet before exit
      unittests: some functions needs a flow lock.
      unittests: fix stream-tcp.c
      solaris: fix compilation failure
      autotools: use builddir instead of srcdir
      autotools: all target are conditional
      script: add script to start personal builder
      prscript: check if branch is synced with master
      prscript: exit when no build exists
      prscript: add verbose option
      Use wget or curl to download ruleset.
      prscript: display url where user can watch build
      prscript: support bigger PR
      prscript: update code following buildbot upgrade
      coccinelle: implement parallel check
      Introduce host-mode.
      reject: reindent and code cleaning
      reject: use host-mode to set interface
      reject: fix typo
      reject: update computation of seq and ack
      configure: accept libnet 1.1 and 1.2.
      Add reject for IPv6
      reject: delete debug line
      reject: clean respond-reject code.
      reject: try to fail more gracefully
      log: change default log level to notice
      suricata: reorder start
      suricata: info message after log init
      suricata: add -v[v] option to increase verbosity
      decode: fix typo in comment
      af-packet: init correctly the config structure
      Use unlikely in malloc failure test.
      suricata: move some code into PostConfLoadedSetup
      pfring: improve error reporting at device opening
      util-ioctl: minor code cleaning.
      util-ioctl: add GRO/LRO detection capabilities
      af-packet: add warning message if LRO or GRO are set
      pcap: add warning about GRO and LRO usage
      util-ioctl: ioctl error should be a warning
      decode: update API to return error
      decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup
      defrag: don't modify packet if defrag fails
      Add invalid pkt counter.
      Set packet invalid flag during decoding.
      pcap-file: add checksum-checks configuration variable
      cmdline: add -k to specify checksum validation
      decode: clean DecodeThreadVars counter
      decode: fix failure in layered tunnel
      htp: randomization of htp inspection sizes
      htp: display info about randomization
      prscript: add support for pcap build
      dns: rules files was not installed
      yaml: remove no more present files
      erf-dag: fix typo in header guard
      error checking: add missing alloc error treatment
      coccinelle: add option to continue on errors
      coccinelle: fix malloc test
      qa: prscript now output pastable line for PR.
      suricata: ignore SIGHUP signal
      pfring: workaround potential librt deps
      Fix realloc error handling
      coccinelle: add test on realloc

Giuseppe Longo (3):
      feature #417: add support for configuration per host timeout value
      Adds a defrag configuration example in suricata.yaml
      defrag-config: fix a bug

Ignacio Sanchez (3):
      Added support for %{cookiename}C
      Added modifications suggested by Charles Smutz (https://redmine.openinfosecfoundation.org/issues/602)
      Various custom http logging improvements

Jason Ish (12):
      Feature #901 - VLAN defrag support.
      Support for configuration include files.
      Remove the single line if statements.
      Cleanup ConfSet, ConfGet, make more concise.
      More concise API for setting config values that
      Function to prune all non-final nodes from a configuration node.
      Subsequent configuration keys now override previous ones
      Better document ConfSet and ConfSetFinal.
      Instead of exiting on memory failure, log a warning then return NULL
      Fix alignment in usage.
      When setting final configuration nodes, set the whole tree as final.
      Use the stack for temporary memory buffers.

Ken Steele (44):
      Replace ReleaseData function on Packet Structure with ReleasePacket.
      Fix typo in configure.ac echo message
      Add TILE-Gx mPIPE packet processing support.
      Enable using Tile cycle counter.
      Tile SIMD implementation of SCMemcmp and SCMemcmpLowercase
      Use Tilera SIMD for Signature matching ala SSE3
      Merge multiple copies of CreateTimeString() to one copy.
      Cache time conversions for localtime() and CreateTimeString()
      On Open BSD systems don't cache time.
      Clean up SCLocalTime() usage
      Formatting change for function call.
      Make the missing libhtp error message more clear.
      Minor optimization in time caching code.
      New Multi-pattern matcher, ac-tile, optimized for Tile architecture.
      Move FlowIncrUsecnt to header file to allow for inlining.
      Align some structures to cacheline
      Support for Tile Gx atomic instructions
      Change one more atomic size in detect.h
      Move SIMD implementations out of detect.c
      Improve Signature sorting speed
      Use Spin locks on Tile
      Clean up function syntax
      Correct indentation and wording of comments.
      Spell fixes in threads-arch-tile.h
      Give Suricata priority to receive packets over Linux with mPIPE.
      Add Unit test to check TCPv4 and IPV4 checksums together.
      Formatting and comment updates in flow files
      Add missing case for DNS_CONFIG
      Share Packet checksum values for TCP, UDP, IPv6. ICMPv4 and ICMPv6
      Rename checksums to level3_comp_csum and level4_comp_csum.
      Cleanup Tile build for -Werror
      Allocate mPIPE packet ingress queue in each worker thread.
      Reduce the size of Packet structure
      Check for compiler for -march=native support
      Use pflow variable in place of p->flow to prevent reloading.
      Mark pflow as a constant pointer.
      Fix configuring Prelude with -Werror
      Add more suricata.yaml configuration options for mPIPE.
      Split AC-Tile MPM context into Search and Initialization structures.
      Remove pkt variable from Packet structure.
      Fix pfring so that zero-copy mode can work.
      Fix uninitialized variable warning.
      Add const for Packet * in flow functions.

Nelson Escobar (2):
      Use the Async versions of SCCudaMemcpy* to improve gpu performance.
      Build cuda kernel for capability 3.5 devices.

Victor Julien (243):
      NFQ: adapt to ReleasePacket API
      NFQ: fix packets not getting freed
      Pcap: fix snaplen autodetection, GetIfaceMTU doesn't include link layer length
      Rename GetIfaceMaxPayloadSize to GetIfaceMaxPacketSize to reflect the actual function.
      Add --unittests-coverage option to list how many code modules have tests
      Remove obsolete code: flow alert sid storage
      flow: take vlan_id's into account in the flow hash
      Add yaml option to disable vlan ids hashing
      vlan: add rule for new 'too many layers' event
      Fix compiler warning due to missing include
      icmpv6: fix icmp_id and icmp_seq keywords
      ipv6: fix parsing of malformed ext hdr. Bug #908.
      Misc fixes after make check feedback
      Initial storage api work
      host: use storage api
      storage: allow preallocated storage
      Add Host specific wrapper to StorageRegister()
      Move Host Tag storage to Host Storage API.
      Storage API: add registration check closed test in debug mode.
      Init storage api at start up
      Use Host Storage API for per host thresholding
      Storage API: add safety check for cases when there is no storage used.
      Storage: rename Init to Alloc to reflect actual functioning. Comment updates.
      Fix Tile compile
      IsRuleReloadSet() shouldn't return an uninitialized value
      Runmode fixes and cleanups
      Bug #948: detect thread local storage support
      xff: don't do xff check if there are no alerts anyway.
      xff: fix unittest crashes
      Coverity 1038111: fix local overrun of a string in app layer proto detect setup code.
      Coverity 1038133 fix
      Coverity 1038135 fix
      Coverity 1038134 fix
      Coverity 1038138 fix
      geoip: never try to store more locations than possible (Coverity 1038517)
      Fix memory leak on invalid luajit signature. Coverity 1038520.
      Coverity 1038129 fix
      Coverity 400477: pcre_get_substring retval
      Coverity 1038089: error check fseek call
      Coverity 1038094: remove dead code from defrag hash
      Coverity 1038095: remove dead code from defrag hash timeout code
      Coverity 1038098: remove dead code from flow hash
      Coverity 1038099: remove dead code from flow hash timeout code
      Coverity 1038100: remove dead code from flow hash timeout code(2)
      Coverity 1038101: remove dead code from host hash timeout code
      Coverity 1038102: remove dead code from host hash
      unified2: fix tags not being logged. Bug #968
      Don't set tag on pseudo packets
      Tag: document in the code that 'tag' is compatible with ip only
      Fix several compile and runtime warnings found by clang 3.2 with the -fsanitize=address option.
      Move header thread_affinity declaration to extern to avoid duplicate declarations.
      Suppress compiler warning about comparing signed and unsigned vars
      Add a fallback memrchr implementation for those platforms that dont support it. Bug #963.
      Add sanity checks for command line argument handling
      Fix valgrind warning on memrchr unittest.
      Dns: fix memory leak when events are set
      Http: fix memory leaks when cleaning up our per-tx storage
      stream: clean up queue list in all cases
      Http: improve tx data cleanup
      DNS: free TX events using proper function
      Change ParseSize api to not leak memory and only setup pcre once.
      Properly cleanup NSS ctx
      profiling: don't alloc 0 bytes block if no rules are used
      profiling: properly clean up thread local memory.
      mpm: clean up stream thread ctx
      pcre: check for pcre_free_study, fall back to pcre_free if it unavailable
      urilen: fix memory leak when freeing the rule
      ssh: fix memleaks during ssh.softwareversion init and cleanup
      flowint: fix setup memory leaks
      flowint: fix compile warning
      radix: actually free a tree in SCRadixReleaseRadixTree
      Fix tests that didn't expect radix to be freed
      counters: consolidate counters after all ThreadInit functions of a thread have run. This prevents duplicate and overwriting memory allocations.
      flowint: further setup fixes and cleanups
      Fix small leak in ports validation at startup
      Add DrMemory suppress file
      Improve memory cleanup for decoder-events
      ipproto: improve cleanup
      Properly clean up decoder event rules
      DNS: copy only the length of the hardcoded string, not the length of the destination buffer.
      Fix compiler warning
      Split Thresholds and Suppression
      Thresholding: move parsing code into separate func
      locks: clean up locks declarations
      http: add test for HTTP_DECODER_EVENT_UNKNOWN_ERROR event as a result of a too long request
      http: don't call HTPHandleWarning before HTPHandleError as the latter handles warnings and errors.
      http: fix field too long events
      http: update http rules
      http: fix some decoder events
      http: add new events for invalid host header and host part of uri
      Coverity 1100843: remove unnecessary check
      Coverity 1100842: add missing return statement
      Improve 'host-mode' info message
      Revert change in queue handler wait logic. Bug #988.
      Bug 640: add more tests to validate that issue is fixed
      htp: for apache and apache_2_2 personalities, that are no longer supported by libhtp, fall back to apache_2 with a warning.
      Store TX id with alerts
      Display TX id in alert debuglog.
      XFF: use per alert tx id
      Clean up rule reload logging
      tag: add some debug statements
      tag: fix session seconds tracking
      iprep: fix reputation loading and reloading
      Don't initialize threshold before rules on delayed detect. Bug #999.
      Reset both sides of the de_state on rule reload. Bug #998.
      threshold: register threshold host storage. Related to bug #991
      storage: fix freeing storage
      Fix sanity check in AppInspectionEngine registration code
      Fix broken check in stream.max-synack-queued parsing (coverity 1038103)
      Minor pppoe cleanup
      Minor fix for detection engine setup error check
      Minor code cleanup/fixes to fast pattern unittests
      Fix 2 unittests
      flow: set correct family in FLOW_COPY_IPV6_ADDR_TO_PACKET
      storage: fix and small optimization
      Dead code removal
      Counters: remove all unused parts of the API
      Counters: remove unused code
      Counters: more unused code removal
      Counters: remove SCPerfCounterValue struct as we no longer support multiple data types
      Counters: merge SCPerfCounterName into SCPerfCounter as there was a 1 on 1 mapping
      Counters: fix unix socket
      Counters: remove unused tm_name comparison loops
      Optimizations to reduce branch misses
      Counters: remove unused updated field
      Counter: fix accidental logic change
      Counters: move perf critical var to the top of the SCPerfContext struct
      Counters: fix delayed-detect counter registration
      DNS: fix response name length logic
      IPv4 decoder compile warning fix
      stream: reduce scope of StreamTcpPseudoPacketSetupHeader
      stream: fix IPv6 pseudo packet setup
      content inspection: introduce no_match label
      profiling: introduce per keyword profiling
      detect: add tostring function for DETECT_SM_LIST_ enum.
      profiling: per buffer profiling
      profiling: add tracking of missing keywords
      detect: don't do rule reload during delayed detect
      Fix live rule reload confusing delayed detect
      http: don't decode + to space by default
      stream: fix sequence number on smsg
      detect: only inspect smsg for valid tcp packets
      dns: detect case of request flooding
      DNS: trigger logging for toserver dir when previous reply is lost.
      dns: fix transaction handling
      http & tls: fix transaction handling
      Fix pcre_study error check
      pcap: register counters for old pcap versions as well
      profiling: when config is missing, keyword profiling is disabled
      profiling: don't init rule profiling ctx if rule profiling is disabled
      memcmp: don't use SSE intrinsics if less that 16 bytes are available in SSE_4_2 version.
      Add SSE support to --build-info
      Remove mkinstalldirs (bug #1041)
      http: strip 'proxy' part of http_uri
      SSE 4.2 memcmp: don't read beyond var boundary
      http: add meta-field-limit option
      flow: aligned flow balance structures (used by autofp) to CLS to reduce false sharing
      build-info: add a nicer way of printing atomics support
      Fix autofp flow queue handler optimization
      stream: improve raw reassembly
      detect: don't consider smsgs for no inspect flag
      Fix using uninitialized memory (Bug #994)
      http: use body limit in inspection
      valgrind: add suppression file
      signature address parsing improvements and tests
      address and port: reduce memory allocs
      rule parsing: reduce mallocs and clean up
      rule parsing cleanups
      rule parser: don't use uninitialized value
      Convert ParseSizeString to use pcre_copy_substring
      Convert flow keyword parsing to use pcre_copy_substring
      Convert flowbits keyword parsing to use pcre_copy_substring
      detect: use macro for max rule size
      rule parser: convert to use pcre_copy_string
      Convert pcre keyword parsing to use pcre_copy_substring
      Convert dsize keyword parsing to use pcre_copy_substring
      rule setup: cleanup
      defrag: clean up
      content: reorder DetectContentData member, shrinking the struct from 64 to 48 bytes.
      stream: minor clean up of TcpSession structure
      pcre: parsing cleanup
      vars: optimize layout to reduce size requirements of flowbits and other vars
      Fix parsing of 'custom' detect grouping values
      stream: wait for protocol detection to complete
      stream: add size debug code
      proto detection: add limit for one sided sessions
      app layer: set event if proto detect disabled for a stream, but we see data anyway.
      Convert reference keyword to pcre_copy_substring
      Convert classtype keyword to pcre_copy_substring
      Don't use strdup in ip-only address parsing
      Don't malloc temp var in SCRuleVarsGetConfVar
      Don't alloc for hash lookup in SCClassConfGetClasstype
      Reduce allocs in boyer moore prepare phase
      tls: allow matching for @ symbol in tls.subject
      Fix Conf api usage after rebase
      luajit: pass calling rule's sid,gid,rev to script as SCRuleSid, SCRuleGid, SCRuleRev.
      lua: clear stack after each script run
      lua: push correct length back through ScFlowvarGet, work around valgrind warning
      stream: add option to disable raw reassembly
      flow/stream: use named values in flow timeout code
      flow timeout cleanup and fix
      flow: fix typo in function name
      flow timeout: remove now unused code
      pcap: fix stats dump logic
      flowvar: initialize new memory to prevent issues on error handling
      Convert Flow macros to inline functions
      log-http: enforce hostname print limit
      log-http: fix error check leading to null-deref on malloc failure during setup
      cppcheck: improve reporting cppcheck when passing -DCPPCHECK to the checker.
      Fix small memory leak in classtype parsing
      cppcheck: don't use likely/unlikely when -DCPPCHECK is passed to the checker
      htp: minor cleanup to silence cppcheck warning
      Use %u for unsigned ints in checksum warning
      Use %u for unsigned int in (console) output
      Fix realloc error handling in threshold.config file parsing. Bug #1062.
      threading setup: fix small mem leak on failure
      Fix small memleak in runmode setup
      port: don't lead memory on port parsing failure
      cppcheck: add special BUG_ON so cppcheck understands we exit
      port parsing: improve memory handling
      http header: improve realloc failure checking. Bug #1062.
      Bug 1061: fix multiple vars per sig in ordering
      Remove DrMemory suppressions for Bug #979, it is fixed.
      Add DrMemory suppression for Bug #980. Suppress useless (likely) buggy leak message too
      Fix compilation on systems that use the fallback SC_ATOMIC_ API.
      mpipe code cleanup: indent fixes
      defrag: pass u64 to ParseU64
      log-http: fix compiler warning
      dns: fix passing NULL to memcpy
      http: clear header pointer on realloc failure
      dns: suppress harmless cppcheck warning
      dns: suppress minor scan-build warnings
      stream: suppress minor scan-build warnings
      detect-ssl: suppress harmless scan-build warning
      DER decoding: fix potential memory leak
      debug: fix realloc error checking on flowbit print
      defrag: fix compiler warning
      Fix filemagic unittests on OS_DARWIN
      realloc error handling: remove unnecessary else branch
      Revert TmqhFlowMode alignment as it breaks on CLANG
      stream: fix potential memory loss on error
      conf: fix potential use-after-free on error
      Update Changelog for 2.0beta2



More information about the Oisf-devel mailing list