[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta2-263-gb603ad6

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Sun Feb 9 11:33:30 UTC 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  b603ad62e56ae9aa8a18409a98abc2d2042573db (commit)
       via  f7b1aefaf451bc4675630d27d34357594f5b8cd7 (commit)
       via  85760a7044d121b7d48cf2d28784c419758529c0 (commit)
       via  fdca557e0162e02ee5b40949948685e3ca8ae5c0 (commit)
       via  43aa74d711eb774053e3fd85a9705638a49eaf60 (commit)
       via  01b80e2d8fb8909ca32caea11383de3f7d4b94a4 (commit)
       via  b75eb77295984cb6ac8b0000e621e1e0f978b715 (commit)
       via  fd193107debd2a54f7372c75021b7404f3036bc9 (commit)
       via  cd91738a4b4d84f6191bb0081a8cf7fd7f6569fa (commit)
       via  d0a26c6a179a95bea60adf9584be63a36f426d97 (commit)
       via  3b914eb7ba1feff68ddbd5d5c419b95adcdc91d1 (commit)
       via  7b4be598c46da33b0fb4addf949ebb8aa7e8ab8a (commit)
      from  7a9da787f9151d8a919c73ca25dfb66b353e1b20 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b603ad62e56ae9aa8a18409a98abc2d2042573db
Author: Eric Leblond <eric at regit.org>
Date:   Sat Feb 8 22:01:13 2014 +0100

    af-packet: declare TP_STATUS_VLAN_VALID if needed
    
    Some old distribution don't ship recent enough linux header. This
    result in TP_STATUS_VLAN_VALID being undefined. This patch defines
    the constant and use it as it is used in backward compatible method
    in the code: the flag is not set by kernel and a test on vci value
    will be made.
    
    This should fix https://redmine.openinfosecfoundation.org/issues/1106

commit f7b1aefaf451bc4675630d27d34357594f5b8cd7
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Feb 8 17:39:16 2014 +0100

    Bug 1107: decoders: bail out on pseudo packets
    
    Flow-timeout code injects pseudo packets into the decoders, leading
    to various issues. For a full explanation, see:
      https://redmine.openinfosecfoundation.org/issues/1107
    
    This patch works around the issues with a hack. It adds a check to
    each of the decoder entry points to bail out as soon as a pseudo
    packet from the flow timeout is encountered.
    
    Ticket #1107.

commit 85760a7044d121b7d48cf2d28784c419758529c0
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Feb 8 17:09:10 2014 +0100

    Flow: fix flow reference cnt issues
    
    FlowReference stores the flow in the destination pointer and increases
    the flow reference counter (use_cnt). This should only be called once
    per destination pointer. The reference counter is decremented when
    FlowDereference is called. Multiple FlowReference calls would lead to
    multiple use_cnt bumps, while there would be only one FlowRereference.
    This lead to a use_cnt that would never become 0, meaning the flow
    would stay in the hash for the entire lifetime of the process.
    
    The fix here is to check if the destination pointer is already set to
    the flow. If so, we don't increase the reference counter.
    
    As this is really a bug, this condition will lead to a BUG_ON if the
    DEBUG_VALIDATION checking is enabled.

commit fdca557e0162e02ee5b40949948685e3ca8ae5c0
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Feb 8 11:25:13 2014 +0100

    ipv4 decoder: set 'invalid' event on icmpv6
    
    ICMPv6 on IPv4 is invalid, so if we encounter this we set an event
    and flag the packet as invalid.
    
    Ticket #1105.

commit 43aa74d711eb774053e3fd85a9705638a49eaf60
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Feb 8 10:35:47 2014 +0100

    debug-validation: fix packet check
    
    On fragments and invalid packets we can have p->proto set, while the
    matching protocol header pointer is null.

commit 01b80e2d8fb8909ca32caea11383de3f7d4b94a4
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:38:22 2013 +0100

    detect ip-only: update radix usage
    
    Update IP-only lookups to the changed radix API.
    
    The return of user_data is treated as a succesful lookup, instead of
    the node.

commit b75eb77295984cb6ac8b0000e621e1e0f978b715
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:37:10 2013 +0100

    host-os-info: update radix lookups
    
    Update host OS lookups to use the new API.
    
    The return of user_data is treated as a succesful lookup, instead of
    the node.

commit fd193107debd2a54f7372c75021b7404f3036bc9
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:36:14 2013 +0100

    unused reputation: radix update
    
    Update the unused reputation code to compile after radix update.

commit cd91738a4b4d84f6191bb0081a8cf7fd7f6569fa
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:34:48 2013 +0100

    defrag: update radix usage
    
    Update defrag timeout lookup to use the updated radix API.
    
    The return of user_data is treated as a succesful lookup, instead of
    the node.

commit d0a26c6a179a95bea60adf9584be63a36f426d97
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:32:33 2013 +0100

    radix: update HTP config lookup logic
    
    The HTP config tree is a radix. The lookups are updated to the new API.
    The return of user_data is treated as a succesful lookup, instead of
    the node itself.

commit 3b914eb7ba1feff68ddbd5d5c419b95adcdc91d1
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:29:13 2013 +0100

    radix: update tests after API change
    
    This patch updates all the radix tests to the new API. In most cases
    it just passes a NULL user data return pointer.
    
    It also removes the tests related to SC_RADIX_NODE_USERDATA, as this
    macro is removed.
    
    Bug #1073

commit 7b4be598c46da33b0fb4addf949ebb8aa7e8ab8a
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 20 14:19:23 2013 +0100

    radix: don't modify node prefix on lookup
    
    The radix tree stores user data. However, it had no function to return
    this data to the consumers of the API. Instead, on lookup, it would
    set a field "user_data_result" in the nodes prefix structure which
    could then be read by the caller.
    
    Apart for this not being a very nice design as it exposes API internals
    to the caller, it is not thread safe. By updating the global data
    structure without any form (or suggestion) of locking, threads could
    overwrite the same field unexpectedly.
    
    This patch modifies the lookup logic to get rid of this stored
    user_data_result. Instead, all the lookup functions how take an
    addition argument: void **user_data_result.
    
    Through this pointer the user data is returned. It's allowed to be
    NULL, in this case the user data is ignored.
    
    This is a significant API change, that affects a lot of tests and
    callers. These will be updated in follow up patches.
    
    Bug #1073.

-----------------------------------------------------------------------

Summary of changes:
 rules/decoder-events.rules |    3 +-
 src/app-layer-htp.c        |   57 ++---
 src/decode-events.h        |    1 +
 src/decode-ipv4.c          |    3 +
 src/defrag-config.c        |   19 +-
 src/detect-engine-event.h  |    1 +
 src/detect-engine-iponly.c |  140 +++++------
 src/flow.h                 |    9 +
 src/reputation.c           |   58 +++--
 src/source-af-packet.c     |    9 +
 src/source-erf-dag.c       |    5 +
 src/source-erf-file.c      |    5 +
 src/source-ipfw.c          |    5 +
 src/source-mpipe.c         |    5 +
 src/source-napatech.c      |    5 +
 src/source-nfq.c           |    5 +
 src/source-pcap-file.c     |    5 +
 src/source-pcap.c          |    5 +
 src/source-pfring.c        |    5 +
 src/util-host-os-info.c    |   26 ++-
 src/util-radix-tree.c      |  595 ++++++++++++++++++++------------------------
 src/util-radix-tree.h      |   32 +--
 src/util-validate.h        |   22 +-
 23 files changed, 505 insertions(+), 515 deletions(-)


hooks/post-receive
-- 
OISF


More information about the Oisf-devel mailing list