[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta2-27-g446e68a
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Fri Jan 10 11:27:12 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 446e68adca0aaebc23bb3a6bc78f4ecaba6d3737 (commit)
via 3b8e9ffbe910997836d5fa2b0c84be0a06853183 (commit)
via 8dbf7a0d78607efcd48ab55f22253ceb8b4f7637 (commit)
via 9634e60e7af5f0f08c5e884eb2cf33f28120e30f (commit)
via c7ae662d260c9c8bb7dcb66ab33b1e53df6f771a (commit)
via fdefb65be47facc21036ad2f348c519e110a4f60 (commit)
via 0bac43a1cab9d39060e68448b06d88160e889f77 (commit)
via f5f148805c1b47231bd1e921eebee883a520a214 (commit)
via 5cdeadb33d34ad1a08078e8e1ad51a49ba7b7cce (commit)
via 8527b8e08ef2fcbde5c64301b13a1bff6dcb1a6a (commit)
via 30f16ee446313491234ab09ac73c4d5b659f764b (commit)
via cd0627cd39926f9c635726025a394571ba0ea370 (commit)
via c23742a0a73030d46610ab74789fb021ed176929 (commit)
via 72a16459794389748ecdab185fd694689547d095 (commit)
via ac77cd790f788920d4c094759655498b79d459b1 (commit)
via e111401c10ec1e5d3d7971e283aca448a442446c (commit)
via e2f7226569c67ad8aaca83dfe84b4211a42969c1 (commit)
via 67053e6ed000b6c9d8cbebd8f6fee8f4fb1824c0 (commit)
via ff16d6fa53033890145c0bd0abc75c54972beae5 (commit)
via a456bd81819f4a10b6fee9c1be599f3f09faf752 (commit)
via 8801585f10782152c7d246236e8a113d42e74802 (commit)
via 106e1c7d19ebd2cafdacdffcba234ffcf6afb030 (commit)
via 1cbd1cdf362ce1644bf40a109ff6955df5af08c6 (commit)
via 59327e0fd4191540ef3ae6d4910ac79eb0f0b785 (commit)
via 429c6388f6c901174cce64b5eed383d52b525dcb (commit)
via 127ef8f903f2f0cf9101c7992d3aa7e3dcbb6bee (commit)
via abded4200a39c28e9adaa352eb9d2bd66a3aa271 (commit)
from d3d745d515d30da5553c725bf5ea6d751fc4af57 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 446e68adca0aaebc23bb3a6bc78f4ecaba6d3737
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jan 10 10:15:48 2014 +0100
app-layer: only typedef opaque pointers once
commit 3b8e9ffbe910997836d5fa2b0c84be0a06853183
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 16:40:59 2014 +0100
app layer: void -> AppLayerProtoDetectThreadCtx
User AppLayerProtoDetectThreadCtx ptr instead of void.
commit 8dbf7a0d78607efcd48ab55f22253ceb8b4f7637
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 16:20:21 2014 +0100
Update tests to use AppLayerParserThreadCtx ptr instead of void. Fix a few bugs uncovered by this.
commit 9634e60e7af5f0f08c5e884eb2cf33f28120e30f
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 15:10:37 2014 +0100
app-layer: Use opaque pointers instead of void
For AppLayerThreadCtx, AppLayerParserState, AppLayerParserThreadCtx
and AppLayerProtoDetectThreadCtx, use opaque pointers instead of
void pointers.
AppLayerParserState is declared in flow.h as it's part of the Flow
structure.
AppLayerThreadCtx is declared in decode.h, as it's part of the
DecodeThreadVars structure.
commit c7ae662d260c9c8bb7dcb66ab33b1e53df6f771a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 12:40:08 2014 +0100
Fix HTPBodyReassemblyTest01 Asan error
Fix improper pointer assignment in HTPBodyReassemblyTest01, causing
ASAN to error out.
commit fdefb65be47facc21036ad2f348c519e110a4f60
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 12:13:03 2014 +0100
app-layer: rename AppLayerThreadCtx funcs
AppLayerParserGetCtxThread -> AppLayerParserThreadCtxAlloc
AppLayerParserDestroyCtxThread -> AppLayerParserThreadCtxFree
commit 0bac43a1cab9d39060e68448b06d88160e889f77
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 11:52:46 2014 +0100
app layer: fix memory leak
Actually free the ctx in AppLayerParserDestroyCtxThread
commit f5f148805c1b47231bd1e921eebee883a520a214
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 11:32:40 2014 +0100
app layer: uint16_t alproto -> AppProto alproto
This conversion was missing in a couple of places.
commit 5cdeadb33d34ad1a08078e8e1ad51a49ba7b7cce
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 11:19:58 2014 +0100
Use u8 for ipproto
In a few places in app layer and unittests u16 was used.
commit 8527b8e08ef2fcbde5c64301b13a1bff6dcb1a6a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 11:06:59 2014 +0100
App Layer: cleanup state func naming
Rename functions related to AppLayerState to be more consistent.
commit 30f16ee446313491234ab09ac73c4d5b659f764b
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 10:41:22 2014 +0100
Rename AppLayerProtoDetectCtxThread -> AppLayerProtoDetectThreadCtx
commit cd0627cd39926f9c635726025a394571ba0ea370
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 10:38:12 2014 +0100
Rename AppLayerParserParserState -> AppLayerParserState
commit c23742a0a73030d46610ab74789fb021ed176929
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 10:33:54 2014 +0100
Rename AppLayerParserpCtx -> AppLayerParserProtoCtx
commit 72a16459794389748ecdab185fd694689547d095
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 10:28:34 2014 +0100
Rename AppLayerParserCtxThread -> AppLayerParserThreadCtx
commit ac77cd790f788920d4c094759655498b79d459b1
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 10:25:33 2014 +0100
Rename AppLayerCtxThread -> AppLayerThreadCtx
commit e111401c10ec1e5d3d7971e283aca448a442446c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jan 9 10:10:19 2014 +0100
detect unittests: clang build fix and cleanups
A number of unittests would lead to clang build errors because
of unsafe det_ctx ptr usage. This patch fixes these and inits
det_ctx to NULL in the other detect tests.
commit e2f7226569c67ad8aaca83dfe84b4211a42969c1
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 18:43:48 2014 +0100
App Layer: fix memory leaks
Call FlowCleanupAppLayer before setting f->proto to 0, as the former
bails out without doing anything if proto is 0.
commit 67053e6ed000b6c9d8cbebd8f6fee8f4fb1824c0
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 18:10:16 2014 +0100
Fix AppLayerProtoDetectPMFreeSignature related valgrind errors
commit ff16d6fa53033890145c0bd0abc75c54972beae5
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 17:20:58 2014 +0100
app proto detect: fix valgrind test warnings
Only in unittests when debug is enabled would valgrind warn about
a print statement.
commit a456bd81819f4a10b6fee9c1be599f3f09faf752
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 17:05:04 2014 +0100
Cleanup and fix scan-build warning
Add comments and slightly refactor to make function more understandable
and fix a scan-build warning too.
commit 8801585f10782152c7d246236e8a113d42e74802
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 17:04:49 2014 +0100
scan-build fixes
commit 106e1c7d19ebd2cafdacdffcba234ffcf6afb030
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 16:11:43 2014 +0100
profiling: fix compilation
Stream engine can't access app layer proto detection datatypes
anymore, so moved some of the logic into app-layer.c
commit 1cbd1cdf362ce1644bf40a109ff6955df5af08c6
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 16:11:21 2014 +0100
compile fixes
commit 59327e0fd4191540ef3ae6d4910ac79eb0f0b785
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 8 16:10:26 2014 +0100
Various style fixes
commit 429c6388f6c901174cce64b5eed383d52b525dcb
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date: Tue Dec 24 15:30:57 2013 +0530
App layer API rewritten. The main files in question are:
app-layer.[ch], app-layer-detect-proto.[ch] and app-layer-parser.[ch].
Things addressed in this commit:
- Brings out a proper separation between protocol detection phase and the
parser phase.
- The dns app layer now is registered such that we don't use "dnstcp" and
"dnsudp" in the rules. A user who previously wrote a rule like this -
"alert dnstcp....." or
"alert dnsudp....."
would now have to use,
alert dns (ipproto:tcp;) or
alert udp (app-layer-protocol:dns;) or
alert ip (ipproto:udp; app-layer-protocol:dns;)
The same rules extend to other another such protocol, dcerpc.
- The app layer parser api now takes in the ipproto while registering
callbacks.
- The app inspection/detection engine also takes an ipproto.
- All app layer parser functions now take direction as STREAM_TOSERVER or
STREAM_TOCLIENT, as opposed to 0 or 1, which was taken by some of the
functions.
- FlowInitialize() and FlowRecycle() now resets proto to 0. This is
needed by unittests, which would try to clean the flow, and that would
call the api, AppLayerParserCleanupParserState(), which would try to
clean the app state, but the app layer now needs an ipproto to figure
out which api to internally call to clean the state, and if the ipproto
is 0, it would return without trying to clean the state.
- A lot of unittests are now updated where if they are using a flow and
they need to use the app layer, we would set a flow ipproto.
- The "app-layer" section in the yaml conf has also been updated as well.
commit 127ef8f903f2f0cf9101c7992d3aa7e3dcbb6bee
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date: Fri Dec 6 17:21:57 2013 +0530
Use a typdef AppProto <-> uint16_t for representing app layer protocol.
Some minor refactoring/cleanup, including renaming functions.
commit abded4200a39c28e9adaa352eb9d2bd66a3aa271
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date: Wed Oct 23 11:25:46 2013 +0530
Disabling the ssh parser temporarily, since we are moving away from some
of the archaic features we use in the app layer. We will reintroduce this
parser shortly. Also do note that keywords that rely on the ssh parser
would now be disabled.
-----------------------------------------------------------------------
Summary of changes:
src/alert-unified2-alert.c | 19 +-
src/app-layer-dcerpc-udp.c | 64 +-
src/app-layer-dcerpc.c | 321 +++--
src/app-layer-detect-proto.c | 3643 ++++++++++++++++++++++++++++---------
src/app-layer-detect-proto.h | 259 ++-
src/app-layer-dns-common.c | 9 +-
src/app-layer-dns-common.h | 2 +-
src/app-layer-dns-tcp.c | 77 +-
src/app-layer-dns-udp.c | 85 +-
src/app-layer-ftp.c | 86 +-
src/app-layer-htp-file.c | 145 +-
src/app-layer-htp.c | 393 +++--
src/app-layer-parser.c | 3245 +++++++--------------------------
src/app-layer-parser.h | 582 ++-----
src/app-layer-protos.c | 25 +-
src/app-layer-protos.h | 20 +-
src/app-layer-smb.c | 302 ++--
src/app-layer-smb2.c | 31 +-
src/app-layer-smtp.c | 462 +++---
src/app-layer-ssh.c | 8 +
src/app-layer-ssl.c | 476 ++++--
src/app-layer.c | 1362 +++++++-------
src/app-layer.h | 119 +-
src/decode-events.h | 6 +-
src/decode-udp.c | 2 +-
src/decode.c | 5 +-
src/decode.h | 28 +-
src/detect-app-layer-event.c | 232 ++-
src/detect-app-layer-event.h | 5 +-
src/detect-app-layer-protocol.c | 17 +-
src/detect-app-layer-protocol.h | 2 +-
src/detect-dce-iface.c | 103 +-
src/detect-dce-opnum.c | 138 +-
src/detect-dce-stub-data.c | 90 +-
src/detect-dns-query.c | 105 +-
src/detect-engine-analyzer.c | 2 +-
src/detect-engine-apt-event.c | 10 +-
src/detect-engine-dcepayload.c | 230 ++-
src/detect-engine-hcbd.c | 225 ++-
src/detect-engine-hcd.c | 108 +-
src/detect-engine-hhd.c | 222 ++-
src/detect-engine-hhhd.c | 154 ++-
src/detect-engine-hmd.c | 106 +-
src/detect-engine-hrhd.c | 210 ++-
src/detect-engine-hrhhd.c | 154 ++-
src/detect-engine-hrud.c | 210 ++-
src/detect-engine-hsbd.c | 214 ++-
src/detect-engine-hscd.c | 126 +-
src/detect-engine-hsmd.c | 126 +-
src/detect-engine-hua.c | 106 +-
src/detect-engine-state.c | 128 +-
src/detect-engine-state.h | 6 +-
src/detect-engine-uri.c | 264 +++-
src/detect-engine.c | 160 +-
src/detect-engine.h | 11 +-
src/detect-filestore.c | 4 +-
src/detect-fragbits.c | 5 +-
src/detect-ftpbounce.c | 25 +-
src/detect-http-client-body.c | 103 +-
src/detect-http-cookie.c | 67 +-
src/detect-http-header.c | 76 +-
src/detect-http-hh.c | 77 +-
src/detect-http-hrh.c | 85 +-
src/detect-http-method.c | 29 +-
src/detect-http-raw-header.c | 59 +-
src/detect-http-server-body.c | 213 ++-
src/detect-http-stat-code.c | 33 +-
src/detect-http-stat-msg.c | 25 +-
src/detect-http-ua.c | 77 +-
src/detect-luajit.c | 47 +-
src/detect-parse.c | 234 +--
src/detect-parse.h | 2 +-
src/detect-pcre.c | 153 ++-
src/detect-replace.c | 4 +-
src/detect-simd.c | 4 +-
src/detect-ssh-proto-version.c | 6 +
src/detect-ssh-software-version.c | 6 +
src/detect-ssl-state.c | 25 +-
src/detect-ssl-version.c | 36 +-
src/detect-tls-version.c | 36 +-
src/detect-uricontent.c | 76 +-
src/detect-urilen.c | 7 +-
src/detect.c | 239 ++-
src/detect.h | 6 +-
src/flow-timeout.c | 15 +-
src/flow-util.c | 16 +
src/flow-util.h | 15 +-
src/flow.c | 16 +-
src/flow.h | 30 +-
src/log-dnslog.c | 21 +-
src/log-file.c | 11 +-
src/log-filestore.c | 10 +-
src/log-httplog.c | 25 +-
src/log-tlslog.c | 11 +-
src/runmode-unittests.c | 17 +-
src/stream-tcp-reassemble.c | 108 +-
src/stream-tcp-reassemble.h | 2 +-
src/stream-tcp.c | 5 +-
src/suricata.c | 7 +-
src/util-error.c | 1 +
src/util-error.h | 1 +
src/util-file.c | 10 +-
src/util-memcmp.h | 2 +
src/util-mpm-ac-bs.c | 58 +-
src/util-mpm-ac-gfbs.c | 56 +-
src/util-mpm-ac.c | 56 +-
src/util-mpm.c | 4 +-
src/util-mpm.h | 2 +-
src/util-profiling.c | 6 +-
src/util-running-modes.c | 4 +-
src/util-unittest-helper.c | 14 +-
src/util-unittest-helper.h | 12 +-
suricata.yaml.in | 25 +-
113 files changed, 10149 insertions(+), 7410 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list