[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta2-230-g6dd1044

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Tue Feb 4 12:44:32 UTC 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  6dd10443ce6e91503a9188021d54137e9ea4860d (commit)
       via  a37a1d9de7b4e5d4d763963e569e69d4b0b8fdf5 (commit)
       via  f902c9e6c714ed495f83a68c49fd1161e56b9aef (commit)
       via  a3b0577a1f205c50d4f0776f9002074abb06c896 (commit)
       via  b166e2f0e739b9e12b477dd1407166a8c01a05e2 (commit)
       via  c36a8d30e5e6de74cae30eb4dc8c1b178a495d72 (commit)
       via  8a735a9b90fed6ecdeb43317bc0a7adc110fabd9 (commit)
       via  2c3a92a1c9ba357c448a0884ec4f482bf0414e6a (commit)
       via  13d491f57749d1546fcd8cbc87a091b0ba4b001a (commit)
       via  c2fcf329f09c6e0d16cebb5906244c4ecc8ba30f (commit)
      from  385c04164b7df5ab5dadcbeac4c6afd0a022fa5b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6dd10443ce6e91503a9188021d54137e9ea4860d
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 4 12:53:00 2014 +0100

    profiling: output log api modules separately
    
    Skip log api thread modules in the regular 'thread modules' list,
    instead print them in a separate list.

commit a37a1d9de7b4e5d4d763963e569e69d4b0b8fdf5
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 4 12:52:07 2014 +0100

    profiling: fix percentage of detect phases
    
    Use proper 'total' to calculate weigth of each detection phase.

commit f902c9e6c714ed495f83a68c49fd1161e56b9aef
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 4 12:15:04 2014 +0100

    threading: add missing json types to TmModuleTmmIdToString
    
    Also, remove 'default' case from switch statement, so missing entries
    will lead to a compiler warning.

commit a3b0577a1f205c50d4f0776f9002074abb06c896
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 4 11:49:20 2014 +0100

    output: add TM_FLAG_LOGAPI_TM thread module flag
    
    The TM_FLAG_LOGAPI_TM flag indicates that a module is run by the log
    api, not by the 'regular' thread module call functions.
    
    Set flag in all all Log API users' registration code.
    
    Purpose of this flag is in profiling. In profiling output it will be
    used to list log api thread modules separately.

commit b166e2f0e739b9e12b477dd1407166a8c01a05e2
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 4 11:34:21 2014 +0100

    profiling: support log api
    
    The log API calls thread modules directly, so the TMM profiling logic
    can be applied to it. This patch does so.
    
    The "Thread Module" out now again lists the individual loggers. As the
    module are normally called much less frequently the numbers are hard to
    compare to pre-log-api numbers.

commit c36a8d30e5e6de74cae30eb4dc8c1b178a495d72
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 4 11:31:02 2014 +0100

    threading: add utility to get module id from name
    
    Add TmModuleGetIdByName to go from module name to id directly.

commit 8a735a9b90fed6ecdeb43317bc0a7adc110fabd9
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Feb 3 17:40:45 2014 +0100

    profiling: add sample-rate yaml option
    
    Add option "profiling.sample-rate":
    
      # Run profiling for every xth packet. The default is 1, which means we
      # profile every packet. If set to 1000, one packet is profiled for every
      # 1000 received.
      #sample-rate: 1000
    
    This allows for configuration of the sample rate.

commit 2c3a92a1c9ba357c448a0884ec4f482bf0414e6a
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Feb 1 15:58:58 2014 +0100

    profiling: conditional rule profiling
    
    Add support for conditional rule profiling. Currently only simple
    rate limiting is supported, but hardcoded to inspecting rules for
    each packet.

commit 13d491f57749d1546fcd8cbc87a091b0ba4b001a
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Feb 1 12:57:01 2014 +0100

    profiling: lower overhead when disabled
    
    Instead of a large (6k+) structure in the Packet, make the profiling
    storage dynamic. To do this the Packet->profile is now a pointer.
    
    Initial support for selective sampling, e.g. only profile every
    1000th packet.

commit c2fcf329f09c6e0d16cebb5906244c4ecc8ba30f
Author: Eric Leblond <eric at regit.org>
Date:   Tue Jan 28 16:54:51 2014 +0100

    tls: fix negated match
    
    A negated match is matching if the tested field is NULL. But as it
    is not set, nor negated nor normal test must match.
    
    Without this patch, a rule like:
     alert tls any any -> any any (msg:"negated match"; tls.subject:!"CN=home.regit.org"; sid:1; rev:1;)
    is alerting for all connections. Event if they are done on a certificate
    with matching subject. This was due to the fact that tls protocol
    is discovered before the handshake is complete. Thus the condition
    on tls is true with a NULL tls.subject. And code was returning a
    positive match in the case of a NULL subject and a signature with
    a negated match.

-----------------------------------------------------------------------

Summary of changes:
 src/alert-debuglog.c       |    1 +
 src/alert-fastlog.c        |    1 +
 src/alert-pcapinfo.c       |    1 +
 src/alert-prelude.c        |    1 +
 src/alert-syslog.c         |    1 +
 src/alert-unified2-alert.c |    1 +
 src/decode.h               |    3 +-
 src/detect-engine-state.c  |    8 +-
 src/detect-tls.c           |   41 ++++++-----
 src/detect.c               |    4 +-
 src/log-dnslog.c           |    1 +
 src/log-droplog.c          |    1 +
 src/log-file.c             |    1 +
 src/log-filestore.c        |    1 +
 src/log-httplog.c          |    1 +
 src/log-tlslog.c           |    1 +
 src/output-file.c          |    9 +++
 src/output-filedata.c      |    9 +++
 src/output-json-alert.c    |    1 +
 src/output-json-dns.c      |    1 +
 src/output-json-drop.c     |    1 +
 src/output-json-file.c     |    1 +
 src/output-json-http.c     |    1 +
 src/output-json-tls.c      |    1 +
 src/output-packet.c        |    9 +++
 src/output-tx.c            |    9 +++
 src/tm-modules.c           |   23 +++++-
 src/tm-modules.h           |    2 +
 src/util-profiling.c       |  171 ++++++++++++++++++++++++++++++++++++++++----
 src/util-profiling.h       |   86 ++++++++++++----------
 suricata.yaml.in           |    4 +
 31 files changed, 314 insertions(+), 82 deletions(-)


hooks/post-receive
-- 
OISF


More information about the Oisf-devel mailing list