[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0-89-gfd56acd

OISF Git noreply at openinfosecfoundation.org
Fri May 2 12:50:11 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  fd56acd4b3b56c54b97d3715dbeae620a5b4b8a1 (commit)
       via  3543150f42572742ed6554a90ff35e8abdf316a0 (commit)
       via  b2184f936e5b2a02b9e78acddd933b3a8a613df2 (commit)
       via  ad355c3c0acf088adbf6e2a5f8916b33dd1c116a (commit)
       via  f0bdb009ed5e09b7d8f8b5358368460d99e69501 (commit)
       via  31655aef7e313c8528c9c576ec465c429021884c (commit)
       via  fdbd9b3f25e38ddd8e4f07e794cc1d7c3fb2bb4f (commit)
       via  c5f43785f1a032508b7c0e7686c945f6bf9d90f0 (commit)
       via  26169ad8c5d096ebe2cdfad3d43ba3a284357103 (commit)
       via  0564a8da3c62d7ef264f7082040b3f5a68feea8a (commit)
       via  2002067fb1c1a3bfcf1f3a69d3ec84cf950e1010 (commit)
       via  7df9b283f17244ab02c63f06352ad9a4f8ec2f09 (commit)
       via  4838b9bf4f17306eded26eeed0c568a420627a5d (commit)
      from  6fbb9551bd7a68cd659b2f28867977bd95add668 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fd56acd4b3b56c54b97d3715dbeae620a5b4b8a1
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 24 17:31:08 2014 +0200

    stream: cleanup
    StreamTcpSetDisableRawReassemblyFlag() has the same effect as
    AppLayerParserTriggerRawStreamReassembly in that it will force the
    raw reassembly to flush out asap. So it is redundant to call both.

commit 3543150f42572742ed6554a90ff35e8abdf316a0
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 24 10:48:37 2014 +0200

    stream: implement raw reassembly stop api
    Implement StreamTcpSetDisableRawReassemblyFlag() which stops raw
    reassembly for _NEW_ segments in a stream direction.
    It is used only by TLS/SSL now, to flag the streams as encrypted.
    Existing segments will still be reassembled and inspected, while
    new segments won't be. This allows for pattern based inspection
    of the TLS handshake.
    Like is the case with completely disabled 'raw' reassembly, the
    logic is that the segments are flagged as completed for 'raw' right
    away. So they are not considered in raw reassembly anymore.
    As no new segments will be considered, the chunk limit check will
    return true on the next call.

commit b2184f936e5b2a02b9e78acddd933b3a8a613df2
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 24 10:02:21 2014 +0200

    stream: unify segment discard handling
    Have a single function StreamTcpReturnSegmentCheck determine if a
    segment is ready to be removed from the stream.
    Handle FLOW_NOPAYLOAD_INSPECT in raw reassembly.

commit ad355c3c0acf088adbf6e2a5f8916b33dd1c116a
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 23 17:55:24 2014 +0200

    app-layer: improve no payload inspect flag

commit f0bdb009ed5e09b7d8f8b5358368460d99e69501
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 23 16:09:09 2014 +0200

    tls/heartbleed: fix test
    Now that we continue to track ssl/tls after the handshake, we need
    to fix tests that checked for the cutoff flags.

commit 31655aef7e313c8528c9c576ec465c429021884c
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 23 15:53:25 2014 +0200

    tls/heartbleed: improve encrypted logic
    Don't assume that if the type field isn't 01 or 02 it's an encrypted
    heartbeat. Instead, use our knowledge of the SSL state.

commit fdbd9b3f25e38ddd8e4f07e794cc1d7c3fb2bb4f
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 23 15:40:25 2014 +0200

    tls/heartbleed: formatting fixes

commit c5f43785f1a032508b7c0e7686c945f6bf9d90f0
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 23 15:38:32 2014 +0200

    tls/heartbleed: add rule for invalid encrypted hb
    Add rule to tls-events.rules to match on the invalid encrypted

commit 26169ad8c5d096ebe2cdfad3d43ba3a284357103
Author: Will Metcalf <william.metcalf at gmail.com>
Date:   Tue Apr 22 11:11:32 2014 -0500

    Look for Mismatched Encrypted HB request and response sizes, along with multiple in-flight HB requests from the same direction

commit 0564a8da3c62d7ef264f7082040b3f5a68feea8a
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Apr 30 09:57:09 2014 +0200

    detect: add more defensive checks for flow handling
    Don't unconditionally deref f->alparser in detection through
    DeStateFlowHasInspectableState(). In very rare cases it can
    be NULL.

commit 2002067fb1c1a3bfcf1f3a69d3ec84cf950e1010
Author: Victor Julien <victor at inliniac.net>
Date:   Fri May 2 11:01:18 2014 +0200

    http-json: init 'fields' to 0 before setting it
    httplog_ctx->fields would not be initialized before setting flags in
    output-json-http.c:491:46: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
                                http_ctx->fields |= (1<<f);
                                ~~~~~~~~~~~~~~~~ ^
    1 warning generated.
    ~~27874~~ Error #1: UNINITIALIZED READ: reading register eax
    ~~27874~~ # 0 JsonHttpLogJSON                       [/home/buildbot/qa/buildbot/donkey/drmemory/Suricata/src/output-json-http.c:260]
    ~~27874~~ # 1 JsonHttpLogger                        [/home/buildbot/qa/buildbot/donkey/drmemory/Suricata/src/output-json-http.c:375]
    Just memset the whole structure right after initialition.

commit 7df9b283f17244ab02c63f06352ad9a4f8ec2f09
Author: Tom DeCanio <decanio.tom at gmail.com>
Date:   Wed Apr 23 18:08:18 2014 -0700

    json: address custom output capability to http eve log review comments

commit 4838b9bf4f17306eded26eeed0c568a420627a5d
Author: Tom DeCanio <decanio.tom at gmail.com>
Date:   Wed Apr 16 16:59:43 2014 -0700

    json: add custom output capability to http eve log


Summary of changes:
 rules/tls-events.rules      |    3 +-
 src/app-layer-parser.c      |   22 +++++-
 src/app-layer-parser.h      |    8 +-
 src/app-layer-ssl.c         |  127 ++++++++++++++++++++++---------
 src/app-layer-ssl.h         |    9 +++
 src/detect-engine-state.c   |   15 +++-
 src/output-json-http.c      |  177 ++++++++++++++++++++++++++++++++++++++++++-
 src/stream-tcp-private.h    |    2 +
 src/stream-tcp-reassemble.c |  173 +++++++++++++-----------------------------
 src/stream-tcp-reassemble.h |    1 +
 src/stream-tcp.c            |   12 +++
 suricata.yaml.in            |    3 +
 12 files changed, 385 insertions(+), 167 deletions(-)


More information about the Oisf-devel mailing list