[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta1-254-gcb15000

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Thu Oct 3 05:25:50 UTC 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  cb150003879edc0128f1902db903c5466f86a733 (commit)
       via  43b39d333f2b006dc890b881e2e109e9773f20d0 (commit)
       via  85f13c4e2857befe80627393549352410aedc4dd (commit)
       via  636791751e75727fd2adeac1e7b34df1a50d3db1 (commit)
       via  5d10bafdbaa405a4d9c390ef814e625706d4c5b1 (commit)
       via  129b6a65ca20ed04076e2ab7efdd58e15021d8a5 (commit)
       via  2c50e411538f173ffba00823adf04901c1a768d1 (commit)
       via  10b05a6361ba3885d3d9b2ca6bba1b5a06c6fcd0 (commit)
       via  6f1cf9728edc304c37155993e14e9d5cced3dc2a (commit)
       via  f05efeb46f1286c0cb05830c3e85fffab1ea2075 (commit)
       via  64cd49da319d6eba11feed7e8a7e79effe9027c5 (commit)
       via  5f224f87d1e59f90969d45e6dcbbd6918083ee7d (commit)
       via  4e15cf2245186109fb4ec965ca675b95adb2d911 (commit)
       via  efc12b24ae802de6bd925fd8d6374b5e8744a9ce (commit)
       via  9bbd2a103da891ab9e2eccd66f69319c15619010 (commit)
       via  6cf7da30e2321740c94e6c43aa7ecb1f92f71043 (commit)
      from  d8cb821875d5b66f80b0b4bdfd3686d40c69f1c9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cb150003879edc0128f1902db903c5466f86a733
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 1 14:08:36 2013 +0200

    http: add new events for invalid host header and host part of uri

commit 43b39d333f2b006dc890b881e2e109e9773f20d0
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 1 13:49:39 2013 +0200

    http: fix some decoder events
    
    Some events we retrieved from error messages are flag now, so check
    those. Not all can be converted though. These are no longer set:
    
    HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE
    HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT
    
    Part of Bug #982.

commit 85f13c4e2857befe80627393549352410aedc4dd
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 1 12:20:07 2013 +0200

    http: update http rules

commit 636791751e75727fd2adeac1e7b34df1a50d3db1
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 1 12:15:41 2013 +0200

    http: fix field too long events

commit 5d10bafdbaa405a4d9c390ef814e625706d4c5b1
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 1 12:13:38 2013 +0200

    http: don't call HTPHandleWarning before HTPHandleError as the latter handles warnings and errors.

commit 129b6a65ca20ed04076e2ab7efdd58e15021d8a5
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 1 11:59:42 2013 +0200

    http: add test for HTTP_DECODER_EVENT_UNKNOWN_ERROR event as a result of a too long request

commit 2c50e411538f173ffba00823adf04901c1a768d1
Author: Eric Leblond <eric at regit.org>
Date:   Tue Oct 1 16:23:47 2013 +0200

    reject: try to fail more gracefully
    
    In the case of reject both, a failure in sending one way do not lead to
    abort the reset procedure.

commit 10b05a6361ba3885d3d9b2ca6bba1b5a06c6fcd0
Author: Eric Leblond <eric at regit.org>
Date:   Tue Oct 1 16:05:34 2013 +0200

    reject: clean respond-reject code.

commit 6f1cf9728edc304c37155993e14e9d5cced3dc2a
Author: Eric Leblond <eric at regit.org>
Date:   Thu Sep 26 19:57:19 2013 +0200

    reject: delete debug line

commit f05efeb46f1286c0cb05830c3e85fffab1ea2075
Author: Eric Leblond <eric at regit.org>
Date:   Wed Sep 18 13:27:49 2013 +0200

    Add reject for IPv6
    
    With this patch reject is now available in IPv6.

commit 64cd49da319d6eba11feed7e8a7e79effe9027c5
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 13 13:46:19 2013 +0200

    configure: accept libnet 1.1 and 1.2.

commit 5f224f87d1e59f90969d45e6dcbbd6918083ee7d
Author: Eric Leblond <eric at regit.org>
Date:   Wed Sep 11 17:52:09 2013 +0200

    reject: update computation of seq and ack
    
    We have follow TCP RFC (http://tools.ietf.org/html/rfc793#section-3.4).
    There is two cases depending on wether the original packet contains a
    ACK.
    If packet has no ACK, the RST seq number is 0 and the ACK is built the
    standard way.
    If packet has a ACK, the seq of the RST packet is equal to the ACK of
    incoming packet and the ACK is build using packet sequence number and
    size of the data.
    
    Regarding standard Ack number, it is computed using seq number of captured
    packet added to packet length. Finally 1 is added so we respect the
    RFC:
        If the ACK control bit is set this field contains the value of the
        next sequence number the sender of the segment is expecting to
        receive.  Once a connection is established this is always sent.
    
    With this patch we have some correct results. With the following rule:
        reject ssh any any -> 192.168.56.3 any (msg:"no SSH  way"; sid:3; rev:1;)
    ssh connection to 192.168.56.3 is correctly resetted on client side.
    
    But this is not perfect. If we have the following rule:
        reject tcp any any -> 192.168.56.3 22 (msg:"no way"; sid:2; rev:1;)
    then the connection is not resetted on a standard ethernet network. But
    if we introduce 20ms delay on packets, then it is correctly resetted.
    This is explained when looking at the network trace. The reset is sent
    as answer to the SYN packet and it is emitted after the SYN ACK from
    server because the exchange is really fast. So this is discarded by the
    client OS which has already seen a ACK for the same sequence number.
    
    This should fix #895.

commit 4e15cf2245186109fb4ec965ca675b95adb2d911
Author: Eric Leblond <eric at regit.org>
Date:   Thu Sep 12 15:17:38 2013 +0200

    reject: fix typo

commit efc12b24ae802de6bd925fd8d6374b5e8744a9ce
Author: Eric Leblond <eric at regit.org>
Date:   Wed Sep 11 17:58:28 2013 +0200

    reject: use host-mode to set interface
    
    This patch update reject code to send the packet on the interface
    it comes from when 'host-mode' is set to 'sniffer-only'. When
    'host-mode' is set to 'router', the reject packet is sent via
    the routing interface.
    
    This should fix #957.

commit 9bbd2a103da891ab9e2eccd66f69319c15619010
Author: Eric Leblond <eric at regit.org>
Date:   Wed Sep 11 17:45:20 2013 +0200

    reject: reindent and code cleaning
    
    Reindent file and use some switch instead of if else if.

commit 6cf7da30e2321740c94e6c43aa7ecb1f92f71043
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 13 12:21:04 2013 +0200

    Introduce host-mode.
    
    This variable can be used to indicate to suricata that the host
    running is running as a router or is in sniffing only mode.
    This will used at least to determine which interfaces are used to
    send reject message.

-----------------------------------------------------------------------

Summary of changes:
 configure.ac                  |    2 +-
 rules/http-events.rules       |   13 +-
 src/app-layer-htp.c           |  207 +++++++++++++++++++++--
 src/app-layer-htp.h           |    2 +
 src/respond-reject-libnet11.c |  382 ++++++++++++++++++++++++++++++++++------
 src/respond-reject-libnet11.h |    3 +
 src/respond-reject.c          |   81 ++++++---
 src/suricata.c                |   47 +++++
 src/suricata.h                |    9 +
 suricata.yaml.in              |    7 +
 10 files changed, 654 insertions(+), 99 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list