[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4-174-gab1f8af

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Tue May 21 08:40:04 UTC 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  ab1f8afbc3d26177a899cab918539200c57d1ad9 (commit)
       via  43d1229dfac65366a85ca982f291c81f5ec4bf13 (commit)
       via  9219079e1a02b8e3d6ea5969324800fe6efc65b1 (commit)
      from  a490176c8ab21236924fcc04f652cca4f4a4e193 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ab1f8afbc3d26177a899cab918539200c57d1ad9
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Fri May 10 21:50:16 2013 +0530

    Removed Signature->order_id and replaced it with Signature->num.

commit 43d1229dfac65366a85ca982f291c81f5ec4bf13
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Thu May 9 08:52:05 2013 +0530

    1. Fix assignment of signums, which affected how we used read
       sigs(priority wise) inside staging.
       Previously we would assign signums before sig ordering, and hence the
       order didn't actually reflect the order of the sig in the
       sig_list(assuming sig reordering changed the sig_list).  Staging would
       use the old sig_nums to decide the priority of sigs.
    2. Fix sig ordering for flowvar, flowbits, flowint, pktvar sigs.   We have
       introduced a new priority to treat sigs with set + read as lower
       priority compared to set only sigs.
    3. Previously we treated sigs with a "priority(keyword)" > another sig's
       priority, as a sig with greater priority than the later.  We have
       reversed it.  Now the sig priority ordering is 1,2,.etc.  Updated
       sigordering unittests to reflect the same.

commit 9219079e1a02b8e3d6ea5969324800fe6efc65b1
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Mon May 20 21:16:41 2013 +0530

    Allow protocols to have both app layer keywords, as well as transaction
    based ones.
    Our general logic and assumption is protocols either support one of the
    above and not have both.


Summary of changes:
 src/detect-engine-alert.c    |    6 +-
 src/detect-engine-sigorder.c |  319 ++++++++++++++++++++++++++++--------------
 src/detect-engine-state.c    |   16 ++-
 src/detect-pcre.c            |    4 +
 src/detect.c                 |   24 ++--
 src/detect.h                 |    2 -
 src/util-action.c            |  176 -----------------------
 src/util-unittest-helper.c   |    4 +
 8 files changed, 252 insertions(+), 299 deletions(-)


More information about the Oisf-devel mailing list