[Oisf-devel] [COMMIT] OISF annotated tag, suricata-2.0beta2, created. suricata-2.0beta2
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Wed Dec 18 13:24:04 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The annotated tag, suricata-2.0beta2 has been created
at 85f79e0de06236b0dc8b2250b577c0410b76009d (tag)
tagging d3d745d515d30da5553c725bf5ea6d751fc4af57 (commit)
replaces suricata-2.0beta1
tagged by Victor Julien
on Wed Dec 18 14:23:33 2013 +0100
- Log -----------------------------------------------------------------
Tag Suricata 2.0beta2 release.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAABAgAGBQJSsaHgAAoJEMH0leOSaFa0qmMH/0D/k9aEJYKb68A4DcZxYvkg
M6iKYTn07+iLtBjhXaBYQZ3uh4vSzwBF8PIazn9KQRnIygNO9WQ6UizgBpCN41tb
mqN/f26WixoJS+5WSpVbMaX0G0bs+tYdn1eJkjmKXpc2pAZI4W2BzwV+AbydvWfa
p8rJwbxh9YeB1cTQjUHSekd40YK2ZRLpLw40j9H+qhn0UkZDJg7UArB6it5QnnVL
/N8tKOj0iFjAMZM8tWrF8vX5esGP9ey8rvNJH/f4z7P884QMW2Pm/D0vxrtiZX4c
ZqfZj4Oqi0AsKetzZmuPvz0BZ5gg9LRMnShGpwr9+NqBQYavHIE9IbQAJe6KFx8=
=BcUV
-----END PGP SIGNATURE-----
Anoop Saldanha (83):
fix for #882.
fix bug where we were not printing http hostname(printing <unknown>
fix for #915. Fix segv when we send NULL to snprintf.
Rearrange ac state.
Fixes segv inside rule swap under low mem conditions.
fix for #920.
fix for #932.
Fix unittests that use chunked encoding.
Introduce generic utility API to log message on invalid config entry.
Fix for #922.
fix for #927.
fix for #926.
fix for #925.
Fix creating a backup of htp config. This is used by unittests that
Introduce a saner way to validate the completion of request and
unittests for gzip, deflate http compression, multiple stacked
Modify handling of negated content.
Unittest to display bug #970.
fix for bug #970.
Unittest to display bug #970(ac-bs).
fix for bug #970(ac-bs).
Unittest to display bug #970(ac-gfbs).
fix for bug #970(ac-gfbs).
bug #955 - Fix SSL parsing issue.
Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".
Unittest for bug #973.
fix for bug #973.
Now supports accepting port addresses as strings, like the ones accepted in our rules. As a consequence we now accept port range, and other such combination. Support PP for ports based on ipproto as well.
Introduce new options into the conf file to enable/disable -
Allow detection ports for alproto to be specified via the conf file.
feature #727 - Add support for app-layer-protocol:<protocol> keyword
Introduce detection parser function pointer.
code cleanup.
update pmp to return whole set of matches, rather than a single match.
Provide convenience macros for setting flow flags on protocol matching by
Replace ssn appproto_detection_completed flag with individual stream ones.
App layer protocol detection updated and improved. We now use
code cleanup.
Move app event module registration as a part of app layer proto table.
validate dns sigs that are reported as plain dns and not dnsudp or dnstcp.
Fix duplicate packet decoder events. Add event entries that were missing as well.
Add and use EventGetInfo for getting info on an event.
Add app layer protocol packet event detection support.
Update htp event handler to both warning and error events regardless of any conditions.
Introduce a separate inspection engine for app events.
alert ipv4 and alert ipv6 specified proto rules should be treated and PROTO_ANY just like how we treat alert ip rules.
Update rule engine relationship with regard to setting ip protocol between specifying protocol after action, ip_proto and app-layer-protocol.
Add unittest to test for http ambiguous host header.
Rename function pointer var to use the FuncPtr typing convention. Resupply "dns" as the alproto name for ALPROTO_DNS.
Introduce convenience macro to set Stream app proto completion flag.
If we have proto mismatch from 2 directions, use one of the protos, instead of erroring out and not sending the data further to the parser.
indentation fix.
Cosmetic changes to code. Introduce human readabel flag values for some constants. Here the parameter in question is "data_first_seen_dir" for session context.
Cosmetic changes to app parser struct.
Update stream inline to use the improved app proto detection.
Fix compilation failure when we don't enable unittests. Got to #ifdef
Remove the smtp parser restriction that it accepts data only in to client
Reset some flow flags when port numbers are re-used and we re-use the
Remove the unused flow flags - FLOW_TS_PM_PP_ALPROTO_DETECT_DONE and
Remove unused vars alp_content_module_handle and proto_map from
Fix mem leak in b2g.
Fix a leak in app layer parser proto code. Free the proto signatures
Fix a leak in probing parsers. We were freeing just the head of the list,
Fix coverity scan defect #1099714.
Fix return value from DetectProtoParse() which is used by probing
Stateful detection inspection continuation API call should update per
Update ssl parser protocol detection pattern strings.
Inside PP parser, we were using the return value from DetectPortParse as
Reset app layer processed flag for segments that have been sent for proto
Fix for bug #989.
API renaming/beautification.
fix for bug #987.
Add a /* fall through */ comment for all switch case fall throughs.
Support for feature #983.
Remove the obsolete DetectFtpBounceMatch() function.
Introduce new API to allow case insensitive protocol detection patterns.
Update ftp parser protocol detection to use lowercase patterns.
Fix for #1003.
Removed unused function MpmMatcherGetMaxPatternLength.
Code cleanup.
Restructured flow_proto mapping enums.
Updated the ftp response handler to return without doing anything.
FTP parser updated to not use the archaic App layer feature of AppLayerParserResultElmt.
Duarte Silva (5):
Added the new files containing the repeated functions
Now using the common functions
Now using the common functions
Modified suricata configuration
Adds X-Forwarded-For support to the Unified2 output format
Eric Leblond (104):
Host: use global free storage function
Add per-flow generic storage
flow tag: conversion to flow storage API
engine-tag: rename var and add sanity check
runmodes: fix comment
suricata: separate keyword and app layer listing code
suricata: list cuda cards in separate function
move unittest out of suricata.c
suricata: add some wrapper for config file handling
Add util-conf for config util
Use new function GetLogDirectory()
suricata: add wrapper for interface listing
Simplify code by removing comment
suricata: function for lowercase table creation
Suppress Suri prefix.
af-packet: add sanity check in free function
unittest: make check use a qa/log dir for logging
Export IsRuleReloadSet and use it.
Add SuriInstance structure
add internal running mode
get (almost) rid of run_mode variable.
engine analysis is a running mode
kill remaining run_mode usage
Running mode is set earlier so out earlier
suricata: windows specific in one function
Add function for internal running mode
suricata: use function to print version
SetBPfString is part of command line parsing
set rule_reload as part of SuriInstance
Use function for daemonification and signal handler
Factorize Signature loading
Add functions for elapsed time computation.
Use function for delayed detect setup.
Generic code don't need ifdef
Move CreateLowercaseTable to GLobalInits
Prefix util-conf function with Config
Add offline flag to SuriInstance and some refactoring
Use a typedef for SuriInstance.
suricata: suppress Suri prefix
suricata: rename SuriInstance to SCInstance.
fix pf_ring build
pf_ring: avoid to ask for extended header.
unittest: recycle packet before exit
unittests: some functions needs a flow lock.
unittests: fix stream-tcp.c
solaris: fix compilation failure
autotools: use builddir instead of srcdir
autotools: all target are conditional
script: add script to start personal builder
prscript: check if branch is synced with master
prscript: exit when no build exists
prscript: add verbose option
Use wget or curl to download ruleset.
prscript: display url where user can watch build
prscript: support bigger PR
prscript: update code following buildbot upgrade
coccinelle: implement parallel check
Introduce host-mode.
reject: reindent and code cleaning
reject: use host-mode to set interface
reject: fix typo
reject: update computation of seq and ack
configure: accept libnet 1.1 and 1.2.
Add reject for IPv6
reject: delete debug line
reject: clean respond-reject code.
reject: try to fail more gracefully
log: change default log level to notice
suricata: reorder start
suricata: info message after log init
suricata: add -v[v] option to increase verbosity
decode: fix typo in comment
af-packet: init correctly the config structure
Use unlikely in malloc failure test.
suricata: move some code into PostConfLoadedSetup
pfring: improve error reporting at device opening
util-ioctl: minor code cleaning.
util-ioctl: add GRO/LRO detection capabilities
af-packet: add warning message if LRO or GRO are set
pcap: add warning about GRO and LRO usage
util-ioctl: ioctl error should be a warning
decode: update API to return error
decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup
defrag: don't modify packet if defrag fails
Add invalid pkt counter.
Set packet invalid flag during decoding.
pcap-file: add checksum-checks configuration variable
cmdline: add -k to specify checksum validation
decode: clean DecodeThreadVars counter
decode: fix failure in layered tunnel
htp: randomization of htp inspection sizes
htp: display info about randomization
prscript: add support for pcap build
dns: rules files was not installed
yaml: remove no more present files
erf-dag: fix typo in header guard
error checking: add missing alloc error treatment
coccinelle: add option to continue on errors
coccinelle: fix malloc test
qa: prscript now output pastable line for PR.
suricata: ignore SIGHUP signal
pfring: workaround potential librt deps
Fix realloc error handling
coccinelle: add test on realloc
Giuseppe Longo (3):
feature #417: add support for configuration per host timeout value
Adds a defrag configuration example in suricata.yaml
defrag-config: fix a bug
Ignacio Sanchez (3):
Added support for %{cookiename}C
Added modifications suggested by Charles Smutz (https://redmine.openinfosecfoundation.org/issues/602)
Various custom http logging improvements
Jason Ish (12):
Feature #901 - VLAN defrag support.
Support for configuration include files.
Remove the single line if statements.
Cleanup ConfSet, ConfGet, make more concise.
More concise API for setting config values that
Function to prune all non-final nodes from a configuration node.
Subsequent configuration keys now override previous ones
Better document ConfSet and ConfSetFinal.
Instead of exiting on memory failure, log a warning then return NULL
Fix alignment in usage.
When setting final configuration nodes, set the whole tree as final.
Use the stack for temporary memory buffers.
Ken Steele (44):
Replace ReleaseData function on Packet Structure with ReleasePacket.
Fix typo in configure.ac echo message
Add TILE-Gx mPIPE packet processing support.
Enable using Tile cycle counter.
Tile SIMD implementation of SCMemcmp and SCMemcmpLowercase
Use Tilera SIMD for Signature matching ala SSE3
Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER
Merge multiple copies of CreateTimeString() to one copy.
Cache time conversions for localtime() and CreateTimeString()
On Open BSD systems don't cache time.
Clean up SCLocalTime() usage
Formatting change for function call.
Make the missing libhtp error message more clear.
Minor optimization in time caching code.
New Multi-pattern matcher, ac-tile, optimized for Tile architecture.
Move FlowIncrUsecnt to header file to allow for inlining.
Align some structures to cacheline
Support for Tile Gx atomic instructions
Change one more atomic size in detect.h
Move SIMD implementations out of detect.c
Improve Signature sorting speed
Use Spin locks on Tile
Clean up function syntax
Correct indentation and wording of comments.
Spell fixes in threads-arch-tile.h
Give Suricata priority to receive packets over Linux with mPIPE.
Add Unit test to check TCPv4 and IPV4 checksums together.
Formatting and comment updates in flow files
Add missing case for DNS_CONFIG
Share Packet checksum values for TCP, UDP, IPv6. ICMPv4 and ICMPv6
Rename checksums to level3_comp_csum and level4_comp_csum.
Cleanup Tile build for -Werror
Allocate mPIPE packet ingress queue in each worker thread.
Reduce the size of Packet structure
Check for compiler for -march=native support
Use pflow variable in place of p->flow to prevent reloading.
Mark pflow as a constant pointer.
Fix configuring Prelude with -Werror
Add more suricata.yaml configuration options for mPIPE.
Split AC-Tile MPM context into Search and Initialization structures.
Remove pkt variable from Packet structure.
Fix pfring so that zero-copy mode can work.
Fix uninitialized variable warning.
Add const for Packet * in flow functions.
Nelson Escobar (2):
Use the Async versions of SCCudaMemcpy* to improve gpu performance.
Build cuda kernel for capability 3.5 devices.
Victor Julien (243):
NFQ: adapt to ReleasePacket API
NFQ: fix packets not getting freed
Pcap: fix snaplen autodetection, GetIfaceMTU doesn't include link layer length
Rename GetIfaceMaxPayloadSize to GetIfaceMaxPacketSize to reflect the actual function.
Add --unittests-coverage option to list how many code modules have tests
Remove obsolete code: flow alert sid storage
flow: take vlan_id's into account in the flow hash
Add yaml option to disable vlan ids hashing
vlan: add rule for new 'too many layers' event
Fix compiler warning due to missing include
icmpv6: fix icmp_id and icmp_seq keywords
ipv6: fix parsing of malformed ext hdr. Bug #908.
Misc fixes after make check feedback
Initial storage api work
host: use storage api
storage: allow preallocated storage
Add Host specific wrapper to StorageRegister()
Move Host Tag storage to Host Storage API.
Storage API: add registration check closed test in debug mode.
Init storage api at start up
Use Host Storage API for per host thresholding
Storage API: add safety check for cases when there is no storage used.
Storage: rename Init to Alloc to reflect actual functioning. Comment updates.
Fix Tile compile
IsRuleReloadSet() shouldn't return an uninitialized value
Runmode fixes and cleanups
Bug #948: detect thread local storage support
xff: don't do xff check if there are no alerts anyway.
xff: fix unittest crashes
Coverity 1038111: fix local overrun of a string in app layer proto detect setup code.
Coverity 1038133 fix
Coverity 1038135 fix
Coverity 1038134 fix
Coverity 1038138 fix
geoip: never try to store more locations than possible (Coverity 1038517)
Fix memory leak on invalid luajit signature. Coverity 1038520.
Coverity 1038129 fix
Coverity 400477: pcre_get_substring retval
Coverity 1038089: error check fseek call
Coverity 1038094: remove dead code from defrag hash
Coverity 1038095: remove dead code from defrag hash timeout code
Coverity 1038098: remove dead code from flow hash
Coverity 1038099: remove dead code from flow hash timeout code
Coverity 1038100: remove dead code from flow hash timeout code(2)
Coverity 1038101: remove dead code from host hash timeout code
Coverity 1038102: remove dead code from host hash
unified2: fix tags not being logged. Bug #968
Don't set tag on pseudo packets
Tag: document in the code that 'tag' is compatible with ip only
Fix several compile and runtime warnings found by clang 3.2 with the -fsanitize=address option.
Move header thread_affinity declaration to extern to avoid duplicate declarations.
Suppress compiler warning about comparing signed and unsigned vars
Add a fallback memrchr implementation for those platforms that dont support it. Bug #963.
Add sanity checks for command line argument handling
Fix valgrind warning on memrchr unittest.
Dns: fix memory leak when events are set
Http: fix memory leaks when cleaning up our per-tx storage
stream: clean up queue list in all cases
Http: improve tx data cleanup
DNS: free TX events using proper function
Change ParseSize api to not leak memory and only setup pcre once.
Properly cleanup NSS ctx
profiling: don't alloc 0 bytes block if no rules are used
profiling: properly clean up thread local memory.
mpm: clean up stream thread ctx
pcre: check for pcre_free_study, fall back to pcre_free if it unavailable
urilen: fix memory leak when freeing the rule
ssh: fix memleaks during ssh.softwareversion init and cleanup
flowint: fix setup memory leaks
flowint: fix compile warning
radix: actually free a tree in SCRadixReleaseRadixTree
Fix tests that didn't expect radix to be freed
counters: consolidate counters after all ThreadInit functions of a thread have run. This prevents duplicate and overwriting memory allocations.
flowint: further setup fixes and cleanups
Fix small leak in ports validation at startup
Add DrMemory suppress file
Improve memory cleanup for decoder-events
ipproto: improve cleanup
Properly clean up decoder event rules
DNS: copy only the length of the hardcoded string, not the length of the destination buffer.
Fix compiler warning
Split Thresholds and Suppression
Thresholding: move parsing code into separate func
locks: clean up locks declarations
http: add test for HTTP_DECODER_EVENT_UNKNOWN_ERROR event as a result of a too long request
http: don't call HTPHandleWarning before HTPHandleError as the latter handles warnings and errors.
http: fix field too long events
http: update http rules
http: fix some decoder events
http: add new events for invalid host header and host part of uri
Coverity 1100843: remove unnecessary check
Coverity 1100842: add missing return statement
Improve 'host-mode' info message
Revert change in queue handler wait logic. Bug #988.
Bug 640: add more tests to validate that issue is fixed
htp: for apache and apache_2_2 personalities, that are no longer supported by libhtp, fall back to apache_2 with a warning.
Store TX id with alerts
Display TX id in alert debuglog.
XFF: use per alert tx id
Clean up rule reload logging
tag: add some debug statements
tag: fix session seconds tracking
iprep: fix reputation loading and reloading
Don't initialize threshold before rules on delayed detect. Bug #999.
Reset both sides of the de_state on rule reload. Bug #998.
threshold: register threshold host storage. Related to bug #991
storage: fix freeing storage
Fix sanity check in AppInspectionEngine registration code
Fix broken check in stream.max-synack-queued parsing (coverity 1038103)
Minor pppoe cleanup
Minor fix for detection engine setup error check
Minor code cleanup/fixes to fast pattern unittests
Fix 2 unittests
flow: set correct family in FLOW_COPY_IPV6_ADDR_TO_PACKET
storage: fix and small optimization
Dead code removal
Counters: remove all unused parts of the API
Counters: remove unused code
Counters: more unused code removal
Counters: remove SCPerfCounterValue struct as we no longer support multiple data types
Counters: merge SCPerfCounterName into SCPerfCounter as there was a 1 on 1 mapping
Counters: fix unix socket
Counters: remove unused tm_name comparison loops
Optimizations to reduce branch misses
Counters: remove unused updated field
Counter: fix accidental logic change
Counters: move perf critical var to the top of the SCPerfContext struct
Counters: fix delayed-detect counter registration
DNS: fix response name length logic
IPv4 decoder compile warning fix
stream: reduce scope of StreamTcpPseudoPacketSetupHeader
stream: fix IPv6 pseudo packet setup
content inspection: introduce no_match label
profiling: introduce per keyword profiling
detect: add tostring function for DETECT_SM_LIST_ enum.
profiling: per buffer profiling
profiling: add tracking of missing keywords
detect: don't do rule reload during delayed detect
Fix live rule reload confusing delayed detect
http: don't decode + to space by default
stream: fix sequence number on smsg
detect: only inspect smsg for valid tcp packets
dns: detect case of request flooding
DNS: trigger logging for toserver dir when previous reply is lost.
dns: fix transaction handling
http & tls: fix transaction handling
Fix pcre_study error check
pcap: register counters for old pcap versions as well
profiling: when config is missing, keyword profiling is disabled
profiling: don't init rule profiling ctx if rule profiling is disabled
memcmp: don't use SSE intrinsics if less that 16 bytes are available in SSE_4_2 version.
Add SSE support to --build-info
Remove mkinstalldirs (bug #1041)
http: strip 'proxy' part of http_uri
SSE 4.2 memcmp: don't read beyond var boundary
http: add meta-field-limit option
flow: aligned flow balance structures (used by autofp) to CLS to reduce false sharing
build-info: add a nicer way of printing atomics support
Fix autofp flow queue handler optimization
stream: improve raw reassembly
detect: don't consider smsgs for no inspect flag
Fix using uninitialized memory (Bug #994)
http: use body limit in inspection
valgrind: add suppression file
signature address parsing improvements and tests
address and port: reduce memory allocs
rule parsing: reduce mallocs and clean up
rule parsing cleanups
rule parser: don't use uninitialized value
Convert ParseSizeString to use pcre_copy_substring
Convert flow keyword parsing to use pcre_copy_substring
Convert flowbits keyword parsing to use pcre_copy_substring
detect: use macro for max rule size
rule parser: convert to use pcre_copy_string
Convert pcre keyword parsing to use pcre_copy_substring
Convert dsize keyword parsing to use pcre_copy_substring
rule setup: cleanup
defrag: clean up
content: reorder DetectContentData member, shrinking the struct from 64 to 48 bytes.
stream: minor clean up of TcpSession structure
pcre: parsing cleanup
vars: optimize layout to reduce size requirements of flowbits and other vars
Fix parsing of 'custom' detect grouping values
stream: wait for protocol detection to complete
stream: add size debug code
proto detection: add limit for one sided sessions
app layer: set event if proto detect disabled for a stream, but we see data anyway.
Convert reference keyword to pcre_copy_substring
Convert classtype keyword to pcre_copy_substring
Don't use strdup in ip-only address parsing
Don't malloc temp var in SCRuleVarsGetConfVar
Don't alloc for hash lookup in SCClassConfGetClasstype
Reduce allocs in boyer moore prepare phase
tls: allow matching for @ symbol in tls.subject
Fix Conf api usage after rebase
luajit: pass calling rule's sid,gid,rev to script as SCRuleSid, SCRuleGid, SCRuleRev.
lua: clear stack after each script run
lua: push correct length back through ScFlowvarGet, work around valgrind warning
stream: add option to disable raw reassembly
flow/stream: use named values in flow timeout code
flow timeout cleanup and fix
flow: fix typo in function name
flow timeout: remove now unused code
pcap: fix stats dump logic
flowvar: initialize new memory to prevent issues on error handling
Convert Flow macros to inline functions
log-http: enforce hostname print limit
log-http: fix error check leading to null-deref on malloc failure during setup
cppcheck: improve reporting cppcheck when passing -DCPPCHECK to the checker.
Fix small memory leak in classtype parsing
cppcheck: don't use likely/unlikely when -DCPPCHECK is passed to the checker
htp: minor cleanup to silence cppcheck warning
Use %u for unsigned ints in checksum warning
Use %u for unsigned int in (console) output
Fix realloc error handling in threshold.config file parsing. Bug #1062.
threading setup: fix small mem leak on failure
Fix small memleak in runmode setup
port: don't lead memory on port parsing failure
cppcheck: add special BUG_ON so cppcheck understands we exit
port parsing: improve memory handling
http header: improve realloc failure checking. Bug #1062.
Bug 1061: fix multiple vars per sig in ordering
Remove DrMemory suppressions for Bug #979, it is fixed.
Add DrMemory suppression for Bug #980. Suppress useless (likely) buggy leak message too
Fix compilation on systems that use the fallback SC_ATOMIC_ API.
mpipe code cleanup: indent fixes
defrag: pass u64 to ParseU64
log-http: fix compiler warning
dns: fix passing NULL to memcpy
http: clear header pointer on realloc failure
dns: suppress harmless cppcheck warning
dns: suppress minor scan-build warnings
stream: suppress minor scan-build warnings
detect-ssl: suppress harmless scan-build warning
DER decoding: fix potential memory leak
debug: fix realloc error checking on flowbit print
defrag: fix compiler warning
Fix filemagic unittests on OS_DARWIN
realloc error handling: remove unnecessary else branch
Revert TmqhFlowMode alignment as it breaks on CLANG
stream: fix potential memory loss on error
conf: fix potential use-after-free on error
Update Changelog for 2.0beta2
-----------------------------------------------------------------------
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list