[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4-174-gab1f8af
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Tue May 21 08:40:04 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via ab1f8afbc3d26177a899cab918539200c57d1ad9 (commit)
via 43d1229dfac65366a85ca982f291c81f5ec4bf13 (commit)
via 9219079e1a02b8e3d6ea5969324800fe6efc65b1 (commit)
from a490176c8ab21236924fcc04f652cca4f4a4e193 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ab1f8afbc3d26177a899cab918539200c57d1ad9
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date: Fri May 10 21:50:16 2013 +0530
Removed Signature->order_id and replaced it with Signature->num.
commit 43d1229dfac65366a85ca982f291c81f5ec4bf13
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date: Thu May 9 08:52:05 2013 +0530
1. Fix assignment of signums, which affected how we used read
sigs(priority wise) inside staging.
Previously we would assign signums before sig ordering, and hence the
order didn't actually reflect the order of the sig in the
sig_list(assuming sig reordering changed the sig_list). Staging would
use the old sig_nums to decide the priority of sigs.
2. Fix sig ordering for flowvar, flowbits, flowint, pktvar sigs. We have
introduced a new priority to treat sigs with set + read as lower
priority compared to set only sigs.
3. Previously we treated sigs with a "priority(keyword)" > another sig's
priority, as a sig with greater priority than the later. We have
reversed it. Now the sig priority ordering is 1,2,.etc. Updated
sigordering unittests to reflect the same.
commit 9219079e1a02b8e3d6ea5969324800fe6efc65b1
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date: Mon May 20 21:16:41 2013 +0530
Allow protocols to have both app layer keywords, as well as transaction
based ones.
Our general logic and assumption is protocols either support one of the
above and not have both.
-----------------------------------------------------------------------
Summary of changes:
src/detect-engine-alert.c | 6 +-
src/detect-engine-sigorder.c | 319 ++++++++++++++++++++++++++++--------------
src/detect-engine-state.c | 16 ++-
src/detect-pcre.c | 4 +
src/detect.c | 24 ++--
src/detect.h | 2 -
src/util-action.c | 176 -----------------------
src/util-unittest-helper.c | 4 +
8 files changed, 252 insertions(+), 299 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list