[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0-53-g3df9044

OISF Git noreply at openinfosecfoundation.org
Thu Apr 17 13:47:13 UTC 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  3df904475c5de936645b8038a1fcec698676d0aa (commit)
       via  8252416c1013f77a2ee3ffb7703d7fbfdea5d483 (commit)
       via  eae5b1ba3513d25b5484f1be8a30dfc360fe92b6 (commit)
       via  7b0f1e9512f638e5e78ce3267d75b726433e3397 (commit)
       via  96adcf6829dcdadedea1f4f71bc44ccb5f30e8d5 (commit)
       via  354a24e2ef4b3eeed4a72bc4a628a42ad1103add (commit)
      from  fc559ce227d4254840b5f1241d5408c52879ce8c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3df904475c5de936645b8038a1fcec698676d0aa
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 3 16:42:42 2014 +0200

    proto-detect: masks cleanup
    
    The direction specific masks were not used correctly. The toserver ones
    were only used for 'dp' registrations, the toclient ones only for 'sp'.
    
    The patch merges them.

commit 8252416c1013f77a2ee3ffb7703d7fbfdea5d483
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 3 13:55:22 2014 +0200

    proto-detect: update port logic
    
    If a flow matches both an 'sp' based PP registration and a 'dp' based,
    until now we would only check the 'dp' one. This patch changes that. It
    will inspect both.

commit eae5b1ba3513d25b5484f1be8a30dfc360fe92b6
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 27 16:13:08 2014 +0100

    app-layer: proto detection update
    
    Instead of the notion of toserver and toclient protocol detection, use
    destination port and source port.
    
    Independent of the data direction, the flow's port settings will be used
    to find the correct probing parser, where we first try the dest port,
    and if that fails the source port.
    
    Update the configuration file format, where toserver is replaced by 'dp'
    and toclient by 'sp'. Toserver is intrepreted as 'dp' and toclient as
    'sp' for backwards compatibility.
    
    Example for dns:
    
        dns:
          # memcaps. Globally and per flow/state.
          #global-memcap: 16mb
          #state-memcap: 512kb
    
          # How many unreplied DNS requests are considered a flood.
          # If the limit is reached, app-layer-event:dns.flooded; will match.
          #request-flood: 500
    
          tcp:
            enabled: yes
            detection-ports:
              dp: 53
          udp:
            enabled: yes
            detection-ports:
              dp: 53
    
    Like before, progress of protocol detection is tracked per flow direction.
    
    Bug #1142.

commit 7b0f1e9512f638e5e78ce3267d75b726433e3397
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 16 12:55:09 2014 +0200

    stream: improve retransmission handling
    
    When connection are closing, don't reject retransmissions of data
    packets.
    
    Bug #1180.

commit 96adcf6829dcdadedea1f4f71bc44ccb5f30e8d5
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Apr 15 17:01:52 2014 +0200

    refactor IDS/IPS engine mode logic
    
    Instead of error phrone externs with macro's, use functions with a local
    static enum var instead.
    
    - EngineModeIsIPS(): in IPS mode
    - EngineModeIsIDS(): in IDS mode
    
    To set the modes:
    
    - EngineModeSetIDS(): IDS mode (default)
    - EngineModeSetIPS(): IPS mode
    
    Bug #1177.

commit 354a24e2ef4b3eeed4a72bc4a628a42ad1103add
Author: Ken Steele <ken at tilera.com>
Date:   Tue Apr 15 10:18:30 2014 -0400

    Fix unaligned load in AC-TILE MPM.
    
    The SLOAD define using __insn_ld2s_L2 is used to provide a compiler
    hint that the load will come from the L2 cache instead of the L1. It
    also specifies that it is a 2 byte signed load. For the Tiny MPM, that
    needs to be a 1-byte load, which is what is specified in util-ac-mpm-tile.c,
    but the #undef was removing that definition.

-----------------------------------------------------------------------

Summary of changes:
 src/alert-fastlog.c          |    3 +-
 src/alert-syslog.c           |    7 +-
 src/app-layer-detect-proto.c |  406 +++++++++++++++++++++++++-----------------
 src/detect.c                 |    5 +-
 src/log-droplog.c            |   12 +-
 src/output-json-alert.c      |    6 +-
 src/output-json-drop.c       |    3 +-
 src/output-json.c            |    1 -
 src/stream-tcp.c             |   87 +++++----
 src/stream-tcp.h             |    3 +-
 src/suricata.c               |   36 +++-
 src/suricata.h               |   15 +-
 src/util-mpm-ac-tile-small.c |    6 +-
 suricata.yaml.in             |    8 +-
 14 files changed, 350 insertions(+), 248 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list