[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta2-230-g6dd1044
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Tue Feb 4 12:44:32 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 6dd10443ce6e91503a9188021d54137e9ea4860d (commit)
via a37a1d9de7b4e5d4d763963e569e69d4b0b8fdf5 (commit)
via f902c9e6c714ed495f83a68c49fd1161e56b9aef (commit)
via a3b0577a1f205c50d4f0776f9002074abb06c896 (commit)
via b166e2f0e739b9e12b477dd1407166a8c01a05e2 (commit)
via c36a8d30e5e6de74cae30eb4dc8c1b178a495d72 (commit)
via 8a735a9b90fed6ecdeb43317bc0a7adc110fabd9 (commit)
via 2c3a92a1c9ba357c448a0884ec4f482bf0414e6a (commit)
via 13d491f57749d1546fcd8cbc87a091b0ba4b001a (commit)
via c2fcf329f09c6e0d16cebb5906244c4ecc8ba30f (commit)
from 385c04164b7df5ab5dadcbeac4c6afd0a022fa5b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6dd10443ce6e91503a9188021d54137e9ea4860d
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 4 12:53:00 2014 +0100
profiling: output log api modules separately
Skip log api thread modules in the regular 'thread modules' list,
instead print them in a separate list.
commit a37a1d9de7b4e5d4d763963e569e69d4b0b8fdf5
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 4 12:52:07 2014 +0100
profiling: fix percentage of detect phases
Use proper 'total' to calculate weigth of each detection phase.
commit f902c9e6c714ed495f83a68c49fd1161e56b9aef
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 4 12:15:04 2014 +0100
threading: add missing json types to TmModuleTmmIdToString
Also, remove 'default' case from switch statement, so missing entries
will lead to a compiler warning.
commit a3b0577a1f205c50d4f0776f9002074abb06c896
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 4 11:49:20 2014 +0100
output: add TM_FLAG_LOGAPI_TM thread module flag
The TM_FLAG_LOGAPI_TM flag indicates that a module is run by the log
api, not by the 'regular' thread module call functions.
Set flag in all all Log API users' registration code.
Purpose of this flag is in profiling. In profiling output it will be
used to list log api thread modules separately.
commit b166e2f0e739b9e12b477dd1407166a8c01a05e2
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 4 11:34:21 2014 +0100
profiling: support log api
The log API calls thread modules directly, so the TMM profiling logic
can be applied to it. This patch does so.
The "Thread Module" out now again lists the individual loggers. As the
module are normally called much less frequently the numbers are hard to
compare to pre-log-api numbers.
commit c36a8d30e5e6de74cae30eb4dc8c1b178a495d72
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 4 11:31:02 2014 +0100
threading: add utility to get module id from name
Add TmModuleGetIdByName to go from module name to id directly.
commit 8a735a9b90fed6ecdeb43317bc0a7adc110fabd9
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 3 17:40:45 2014 +0100
profiling: add sample-rate yaml option
Add option "profiling.sample-rate":
# Run profiling for every xth packet. The default is 1, which means we
# profile every packet. If set to 1000, one packet is profiled for every
# 1000 received.
#sample-rate: 1000
This allows for configuration of the sample rate.
commit 2c3a92a1c9ba357c448a0884ec4f482bf0414e6a
Author: Victor Julien <victor at inliniac.net>
Date: Sat Feb 1 15:58:58 2014 +0100
profiling: conditional rule profiling
Add support for conditional rule profiling. Currently only simple
rate limiting is supported, but hardcoded to inspecting rules for
each packet.
commit 13d491f57749d1546fcd8cbc87a091b0ba4b001a
Author: Victor Julien <victor at inliniac.net>
Date: Sat Feb 1 12:57:01 2014 +0100
profiling: lower overhead when disabled
Instead of a large (6k+) structure in the Packet, make the profiling
storage dynamic. To do this the Packet->profile is now a pointer.
Initial support for selective sampling, e.g. only profile every
1000th packet.
commit c2fcf329f09c6e0d16cebb5906244c4ecc8ba30f
Author: Eric Leblond <eric at regit.org>
Date: Tue Jan 28 16:54:51 2014 +0100
tls: fix negated match
A negated match is matching if the tested field is NULL. But as it
is not set, nor negated nor normal test must match.
Without this patch, a rule like:
alert tls any any -> any any (msg:"negated match"; tls.subject:!"CN=home.regit.org"; sid:1; rev:1;)
is alerting for all connections. Event if they are done on a certificate
with matching subject. This was due to the fact that tls protocol
is discovered before the handshake is complete. Thus the condition
on tls is true with a NULL tls.subject. And code was returning a
positive match in the case of a NULL subject and a signature with
a negated match.
-----------------------------------------------------------------------
Summary of changes:
src/alert-debuglog.c | 1 +
src/alert-fastlog.c | 1 +
src/alert-pcapinfo.c | 1 +
src/alert-prelude.c | 1 +
src/alert-syslog.c | 1 +
src/alert-unified2-alert.c | 1 +
src/decode.h | 3 +-
src/detect-engine-state.c | 8 +-
src/detect-tls.c | 41 ++++++-----
src/detect.c | 4 +-
src/log-dnslog.c | 1 +
src/log-droplog.c | 1 +
src/log-file.c | 1 +
src/log-filestore.c | 1 +
src/log-httplog.c | 1 +
src/log-tlslog.c | 1 +
src/output-file.c | 9 +++
src/output-filedata.c | 9 +++
src/output-json-alert.c | 1 +
src/output-json-dns.c | 1 +
src/output-json-drop.c | 1 +
src/output-json-file.c | 1 +
src/output-json-http.c | 1 +
src/output-json-tls.c | 1 +
src/output-packet.c | 9 +++
src/output-tx.c | 9 +++
src/tm-modules.c | 23 +++++-
src/tm-modules.h | 2 +
src/util-profiling.c | 171 ++++++++++++++++++++++++++++++++++++++++----
src/util-profiling.h | 86 ++++++++++++----------
suricata.yaml.in | 4 +
31 files changed, 314 insertions(+), 82 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list