[Oisf-devel] [COMMIT] OISF annotated tag, suricata-2.0beta1, created. suricata-2.0beta1
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Thu Jul 18 14:39:20 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The annotated tag, suricata-2.0beta1 has been created
at dcc673957b48ee5537beed0fb9b29b027ce30858 (tag)
tagging f09f289b348ce1c5eff7be7cf343646bb9ff6c33 (commit)
replaces suricata-1.4
tagged by Victor Julien
on Thu Jul 18 16:38:54 2013 +0200
- Log -----------------------------------------------------------------
Tag 2.0beta1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlHn/gYACgkQiSMBBAuniMfxbwCfdjqhTcNczEPPI9mDVGBzoT5O
3TwAniQmx2SbUCL8Lkz6PSUfOATw/Oln
=bNz3
-----END PGP SIGNATURE-----
Anoop Saldanha (73):
updated to fix unix shutdown sequence
unittest to show the seg fault from bug_694
fix for #694.
bug #737. Display a more apt error message when wrong argument's supplied to
fix(more like a feature update) for bug #708.
Add support for a new keyword to inspect http_host header.
Add support for the new keyword - http_raw_host header.
code cleanup + unittests added against http_host and http_raw_host keywords,
sigorder cleaned up.
temporarily patched smb + dcerpc parsers for direction demaraction.
fix for #725.
fix for #760.
fix for #758. Add redmine wiki link and desc for icmp-id keyword.
fix for #769.
fix for #771.
fix for #770.
Allow the use of relative without the presence of a related previous keyword.
turn dce_stub_data into a sticky buffer.
code cleanup for all content based keywords.
uricontent simplified to use the existing content + http_uri infrastructure.
http_* setup unified.
Further customize content modifier buffer registration.
Detect sm_list rearranged for performance reasons.
Fast pattern setup now configurable in our code.
Enable a conf option to enable/disable legacy keywords.
Figure out sig fp during validation stage, instead of staging stage.
Update content id assignment.
We now assign ids to fp patterns only. Rest of them don't need one.
We now print content flags in engine fp analyzer.
fix for #564.
Minor fixes against the last set of patches for #564, 565, 581 + fp automation.
Live rule swap logs added to report SigLoadSignatures() failure. Also set
unittest to display #784.
Handle the case of pcre combined with a relative content, where pcre has the
Update comment in yaml to indicate size limit for the following vars -
Update the way we handle http_host keywords.
hsbd mpm and packet mpm share same mpm ctx id.
Track transaction progress separately for each direction in libhtp.
Transaction engine redesigned.
Fix luajit compilation failure introduced by the transaction update.
More lock fixes for the transaction update. Issues reported by Coverity.
Allow protocols to have both app layer keywords, as well as transaction
1. Fix assignment of signums, which affected how we used read
Removed Signature->order_id and replaced it with Signature->num.
fix for #788.
Http trailer headers unittests added.
Unit-tests exposing a bug in byte_test, byte_jump and byte_extract.
Fix the bug specified in the previous commit.
discontinue matching on buffer if urilen returns a match failure.
Fix wrong casting of htp pointer. Fixed it back to (HTPState *) inside
Fix magic unittets.
update cuda API wrappers
Remove all cuda related code in the engine except for the cuda api wrappers
code refactoring. Call mpmprefilter slightly later than where it's called atm
pool now uses a queue kinda behaviour when getting/inserting data through poolbuckets.
We call packet and stream mpm as late as possible now. Won't affect the working of the engine.
Version 1 of CudaBuffer API. Introduced to buffer data to the gpu.
Version 1 of AC Cuda.
Add a usleep to CudaBuffer culling process. Would lead to a situation where the thread wouldn't care to yield to others."
Modified CudaBufferCullCompletedSlices.
Minor cosmetic changes to the cuda code.
Coverity 1038522: fix memset inside cuda code. Wrong size specified to memset.
Cuda make distcheck fix for cuda-ptxdump.h
Coverity 1038523: Fix using cuda buffer slice that has been returned to the pool.
Don't let geoip match on pseudo packets.
Update mpm init ctx to not accept the final cuda_rc_module argument.
Remove mpm ctxs in the wrong direction.
Update configure.ac to use the default value of 64 for the cache line size
remove unused pattern id assignment functions. Goodbye
Suricata upgrade to libhtp 0.5.x.
Code to enable cuda support for live mode pcap and af-packet. Keep an eye
Code to enable cuda support for pfring live mode.
fix for #875.
Christian Kreibich (1):
Try to use pkg-config to resolve libnss and related dependencies.
Eric Leblond (81):
pcap-file: don't kill engine in unix socket mode
conf: introduce WithDefault function
af-packet: add support for 'default' interface
pfring: add support for 'default' interface
pcap: add support for 'default' interface
conf: add unittest for WithDefault functions.
suricata: add information to build-info
add configure summary to build-info output
build-info: use printf instead of SCLogInfo
Fix latest build-info modification
teredo: update protocol decoding.
pcap: set snaplen to MTU if available.
pcap: add 'promisc' YAML configuration variable
log-pcap: don't limit snaplen.
pfring: delete unused define.
pcap: add snaplen YAML variable
configure: update htp version dependancy
Workaround function missing in libhtp include
Fix build with old pcap library.
cocci test: add sizeof test
cuda: fix invalid use of sizeof
unix socket: implement command-list command
unix runmode: add 'pcap-current' command
suricatasc: factorize code and use dynamic commands
suricatasc: add readline completion
suricatasc: display command list
unix socket: add 'version' command
unix socket: add 'uptime' command
unix socket: add 'runnning-mode' command
Add function to display current capture mode
unix socket: add 'capture-mode' command
unix socket: add 'conf-get' command
suricatasc: real cmd line parsing and verbose mode
unix socket: add 'help' as alias to 'command-list'
suricatasc: treat old server case
suricatasc: improve output of command result
unix socket: add 'dump-counters' command
suricatasc: refactor as a class
suricatasc: update python packaging
unix-manager: fix thread killing function
suricatasc: fix make distcheck.
af-packet: leave reading loop at each turn
pcap-file: treat the case of unsupported pcap link
Fix potential Null deref.
jansson: change function test to be sure of version
configure: add --enable-unix-socket flag
configure: use correct syntax for help string
Exit if bpf is used in IPS mode
af-packet: warn about BPF filter consequence in IPS mode
bpf filter: use SCLogError instead of fprintf
Don't try to sniff 'default' interface
coccinelle: add tcp flag check
streaming: randomize chunk size
nfq: add errno display when verdict fail
coccinelle: update pkt not set test
action handling: define and use macros
action handling: use macro for test.
action handling: add test to avoid direct access
unix-socket: fix OSX build
Import suri-graphite script
Add one shot run option to suri-graphite.
Coverity 1038515: check function return
Coverity: 1038139 suppress sanity check
Coverity 1038106: fix FP out-of-bond access
decode: Packet action start with PACKET
decode: factorize macro code
Use PACKET_* macro instead of UPDATE
nfq: be sure to always verdict packets
ccccinelle: add formatted comment for flag test
coccinelle: add script to generate flags test
coccinelle: dynamic testing through make check
detect-engine: do a direct update of flag
Check for local include first.
configure: check for iconv in htp embedded mode
Add file needed for some autotools version.
Fix compilation warning
autotool: INCLUDES usage is deprecated
autotools: AM_INIT_AUTOMAKE with args is deprecated
unix socket: fix typo in error message
configure: minor cleaning
autotools: workaround on partial cleaning
Florian Westphal (2):
nfq: avoid extra copy when running in workers mode
nfq: add support for batch verdicts
Ignacio Sanchez (1):
Adds support for the geoip keyword
Jake Gionet (2):
Adding support for Feature #667
Adding comment in suricata.yaml.in to indicate sensor-id option.
Jamie Strandboge (1):
suppress: DETECT_SUPPRESS_REGEX should support IPv6 addresses too. Bug #697.
Jason Ish (1):
Replace the deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS.
Ken Steele (6):
Move memset() out of PACKET_INITIALIZE()
Preserve PKT_ALLOC flag inside PACKET_RECYCLE().
Use PacketGetfromAlloc() for packet allocation instead of SCMalloc.
More PacketGetFromMalloc() to allocate packets.
Clear the PKT_ALLOC flag when storing Packets into the Packet pool.
Update configure.ac to detect Tile architecture.
Matt Keeler (1):
Added host buffer allowance and stream configuration for Napatech 3GD
Nikolay Denev (3):
set SO_BROADCAST on the divert socket so that broadcast
setsockopt() failures are already fatal,
preserve the existing error code order
Phil Schroeder (1):
Adding an updated doxygen config file, because the old one was created a couple major versions ago.
Victor Julien (137):
Fix protocol check for IP-only (#689).
Fix byte order detection on Mac OS X/Darwin. Bug 700.
Fix double definition of CPU_* macro's for Darwin/OSX. Bug 701.
Use _mm_free for memory allocated by _mm_alloc. Bug 703. Minor compiler warning fixes.
Fix ftpbounce address calc failing on PPC64
file md5: print filename and line number on md5 parse errors. Bug #693.
geoip: add Fedora pkg hint to configure check
Fix stateful inspection not always inspecting at stream end.
Fix sig grouping bug when certain sigs are mixed. Add tests.
Add separate libhtp query string normalization function and configuration toggles for it.
Use new libhtp query string normalization. Bug #739.
Fix test AddressTestParse36 on Big Endian systems
Fix potential iprep file parsing issue.
Fix potential iprep file parsing issue (2).
nfq: add missing error string
Open 2.0 dev branch
Try to use pkg-config to resolve libnspr and related dependencies.
Fix valgrind error/warning in ip reputation parsing code
If an IP-only pass rule matches, set the no inspect flag for that flow. Bug #718.
Coverity 989710 and 989711: small recourse leaks in filemd5 parsing code.
tcp stream: don't move to LAST_ACK on toserver resent of FIN
After some discussion we decided that var declarations inside a for statement are not in line with our coding style. So removing a bunch. Decision was not unanimous ^^.
Update version number of bundled htp to 0.2.12, so it matches the non-bundled version.
Change logic of SCErrorToString causing any missing entries to result in a compiler warning.
stream: don't use ssn timestamp flag in stream
stream: zero ts is a per stream flag
stream: remove unused 'pause' feature
stream: intro function for SYN/ACK state update
Fix PmqSetup calls in Liveswap thread init. Func was out of sync with normal thread init.
detection engine: consolidate thread setup
Use define instead of magic number for pmq's per detect thread
Minor reshuffling of Signature struct.
Minor SigValidate cleanup
profiling: add formatted totals, percents to packet stats
flowvars: update funcs to accept u16 id
flowvar: fix deadlock with http buffers
flowvar: add unittests for #802.
flowvar: clean up properly on signature clean up.
stream: handle extra different SYN/ACK
Coverity 1005133: fix unlikely case where malformed pcre statement in rule would lead to null-deref.
Coverity 1005134: fix minor memory leak on flowvar rule setup errors.
flowvar: cleanup keyword argument parsing. Should also address Coverity 400655.
file: make fileext, filename and filemagic use the same rule parsing function as others. This has as a side effect that we enforce doubly qouted values now.
Remove obsolete DetectParseContentString function, it has been replaced by DetectContentDataParse
Remove filemagic debug statement
Update DetectContentDataParse to reflect the actual data types content uses.
stream: default 'random' setting when running unittests is disabled, so that test results are predictable.
Bug 794: stream SACK list needs to respect memcap
Bug 780 unittests, showing no problem.
UDP: inspection app layer state as soon as we have it.
Suppress warnings when StreamSegmentForEach is called for UDP or SCTP, unless debug is compiled in.
unified2: only call stream callback for TCP
prelude: only call stream callback for TCP
profiling: enabled app layer profiling for UDP app layer modules
unified2: more udp fixes
alert-debuglog: cleanup TCP check
NFQ: fix configure check for finding out signed/unsigned args for nfq_get_payload
NFQ: convert batchcount related yaml errors to warnings.
Detect L1 cache line size at build time. Fall back to 64 bytes if detection failed.
Fix CLS detection on systems that have getconf, but don't support the LEVEL1_DCACHE_LINESIZE option.
Move fallback to CLS detection to configure script.
luajit flowvar support
flowvar/flowint: make local function static
flowvar/flowint: split set functions into normal and NoLock version, where the latter won't lock the flow.
luajit: add flowint support
flowvar/luajit: make 'sets' real time. Needed for cross HTTP-header matching.
luajit/flowint: add ScFlowintIncr & ScFlowintDecr
bytetest: fix debug messages not printing negative offset correctly
bytetest: add unittest showing missed detection
Coverity 1038113: possibly out of bounds read
Coverity 1038115: memory leak on 'ack' keyword parsing failure
Coverity 1038116 & 1038117: memory leaks on 'app-layer-event' keyword parsing failure
Coverity 1038123: memory leak on 'flowint' keyword parsing failure
Coverity 1038124: memory leak on 'seq' keyword parsing failure
Coverity 1038518: fix wrong error check
Coverity 1038092 & 1038093: remove dead code
Coverity 1038085: remove 'default' statement in SCErrorToString. This way a warning will be given if an error is defined w/o updating this function.
stream: fix typo in function name
stream: detect keep-alive and keep-alive ACK
DNS TCP and UDP parser and DNS response logger
Hacks to enable alert dns even though we have dnstcp and dnsudp parsers. Needs proper solution later.
DNS: add per tx internal id
DNS: adding dns_request content modifier
DNS: add unittests for UDP and TCP for dns_query keyword
DNS: add event rules file
DNS: add /F modifier to pcre to inspect DNS query name
DNS: enable mpm/fast_pattern support for dns_query
Merge SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_DNS into SIG_FLAG_MPM_APPLAYER, do the same for the _NEG variant.
DNS: add test for app layer event match
Reset app layer events when we start inspecting a new TX
app layer: add support for per TX decoder events
DNS: add support for per TX decoder events.
DNS: disable logging by default
DNS: fix warning when debug is not enabled
DNS: fix CUDA build
Coverity 1038959: DNS mpm might use initialized variable
Add a per threadvars thread local thread id, that starts at 0 and increments for each thread.
pool: add error msgs and improve memory layout
pool: add api for per thread pools
pool: add error msgs and improve memory layout
Stream: use per thread ssn pool
Stream: fix unittests after ssn pool changes.
Improve memory cleanup in some unittests
Stream: use per thread ssn_pool_id instead of thread id.
Thread: remove thread id
Coverity 1040312, 1040313, 1040314 1040315: improve pool thread error handling.
Content: set up sticky buffers like file_data and dce_stub_data w/o flags, but with a list variable
DNS: convert dns_query to sticky buffer
App layer: add 'StateHasEvents' API call
DNS: move internal tx id tracking to u64
Applayer: remove obsolete StateUpdateTransactionId
DNS: suppress log-dns registration message
App layer: clean up TX before lowest active one
HTP: free TX from transaction free API call
DNS: better handle TX' with lost replies
Print pkt src to alert-debug log
DNS: rename dns.rules to dns-events.rules, include it in yaml
TLS: add missing options to shipped yaml. Bug #709.
TLS: create certs directory during startup if it doesn't exist yet. Bug #710.
TLS: create certs dir on 'make install-full'. Bug #711.
Yaml: give a more detailed error if the user supplies a directory instead of a yaml file. Bug #803.
Generate proper errors if sid,gid,rev values are out of range. Bug #779.
Autotools: move libhtp conditionals to configure
Use relative dir instead of ac_builddir
Fix sgh mpm flags assignment
Enable libhtp 0.3.0 compilation and crash free UT run. Still see 5 failed tests.
libhtp: remove libhtp from repo
Fix CLS configure check
Luajit: fix compilation and tests after libhtp upgrade
In case of fragments, don't consider ports. Bug #847.
Fix autogen on older systems
configure: add iconv.h check to configure if bundled libhtp is used
Fix ac-bs and ac-gfbs mpm-algo settings leading to fatal error if CUDA is enabled. Workaround for #882.
DNS: convert info logs to debugs
Stream: don't inject stream end pseudo pkt on FinWait2 state. Bug #883.
DNS: break out of DNSResponseGetNameByOffset if we're in there too long. Can happen on bad data.
Update changelog for 2.0beta1
-----------------------------------------------------------------------
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list