[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta4-216-g3aa58f2
OISF Git
noreply at openinfosecfoundation.org
Thu Jul 23 17:29:08 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 3aa58f25ad51a68b57946f06a2423a26e41400c8 (commit)
via 2ef0ebb24b2a8f762e1545eddab47c2c1778490e (commit)
via 06ee2bc87e77bcb981a56ffbe74e7e55757146bf (commit)
via bbc9874b817fcdfda4fac71e806bc4c077ba001e (commit)
via 814f0b40945f238b7168809136ebc02ef3c8b92e (commit)
via b592f98727ec584b6fd249fc2b6fc2da730f5f34 (commit)
via 6946e0be55e89f546f842bca3b2f64b479cb4277 (commit)
via c087708fa999c18ffbf486366db6386996fed438 (commit)
via 00ef789ffcae70ac2f6ff199ede53340385eeafb (commit)
via ea571add738d73e1e8bbe6c4206c7d24813ad237 (commit)
via 8125e04b39243ca75dd2a7ac8f51f5c7e0c8bd8d (commit)
via 6e2c90a83b745d3b61c581be87fc1bb445330301 (commit)
via c419f33f441882ba5c080337667db5591df9eb2c (commit)
via b0f5f7ee97d1d14923bb62c68e81172f56d0dc5b (commit)
via 62fa9f09d4fe021cdd6b437ac8f3f26e7620043c (commit)
via 11d3f5f67aa9c4c70d71c8cc035f716d05dc0248 (commit)
via be2849044b164d49a6f009a3b39d1370916c1bbc (commit)
via a0899cbe85a5aa33863891f345feebcf7e37b0ac (commit)
via baadcab1b8b5c11528b78355fa8960e13af743e3 (commit)
via 1cd97713c2945a1e55ea6e3b8df804ab3f06fca4 (commit)
via 8fde842f97161fe69013944800ebd68cb805384a (commit)
via dc306f3bad0446d8fecca1f950b32a018a8e4903 (commit)
via 851fcef9627e11f62b9cd0fe78a1ec7775204093 (commit)
via caa2438b98f7f48fc0f6e6a30e9522b68d368f81 (commit)
via 823167bde2d805b7a089c3ea0c69ee0bc2ff4d64 (commit)
via 5104b02f322017d9ccb1a9a4f9c713779335ad7a (commit)
via 491fca468d73eab0ef554f32fa4ee7444259dd3f (commit)
from 6484299701699a3934f145ababeaae5b9f01bf75 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3aa58f25ad51a68b57946f06a2423a26e41400c8
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jul 22 16:33:56 2015 +0200
eve alert: fix stream payload printing
commit 2ef0ebb24b2a8f762e1545eddab47c2c1778490e
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 21:05:14 2015 +0200
detect: fix pass transaction handling
If a flow was 'pass'd, it means that no packet of it will flow be handled
by the detection engine. A side effect of this was that the per flow
inspect_id would never be moved forward. This in turn lead to a situation
where transactions wouldn't be freed.
This patch addresses this case by incrementing the inspect_id anyway for
the pass case.
commit 06ee2bc87e77bcb981a56ffbe74e7e55757146bf
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 17:49:01 2015 +0200
detect: set flow noinspect on pass in applayer/stream
If a pass rule matches in the reassembled stream and/or in the
app-layer state, it means the rest of the flow should not be
inspected.
commit bbc9874b817fcdfda4fac71e806bc4c077ba001e
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 15:31:56 2015 +0200
http: destroy htp_tx_t even if incomplete
commit 814f0b40945f238b7168809136ebc02ef3c8b92e
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 13:38:36 2015 +0200
detect: make http prefilter use disrupt flags
commit b592f98727ec584b6fd249fc2b6fc2da730f5f34
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 13:37:46 2015 +0200
detect: optimize http prefilter handing
commit 6946e0be55e89f546f842bca3b2f64b479cb4277
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 13:32:31 2015 +0200
detect: pass flags to inspect_id update logic
commit c087708fa999c18ffbf486366db6386996fed438
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 13:10:15 2015 +0200
output-tx: use disrupt flags
commit 00ef789ffcae70ac2f6ff199ede53340385eeafb
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jul 17 13:09:37 2015 +0200
app-layer: pass full flags around in tx handling
commit ea571add738d73e1e8bbe6c4206c7d24813ad237
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 16 16:43:19 2015 +0200
app-layer: disruption flags
Stream GAPs and stream reassembly depth are tracked per direction. In
many cases they will happen in one direction, but not in the other.
Example:
HTTP requests a generally smaller than responses. So on the response
side we may hit the depth limit, but not on the request side.
The asynchronious 'disruption' has a side effect in the transaction
engine. The 'progress' tracking would never mark such transactions
as complete, and thus some inspection and logging wouldn't happen
until the very last moment: when EOF's are passed around.
Especially in proxy environments with _very_ many transactions in a
single TCP connection, this could lead to serious resource issues. The
EOF handling would suddenly have to handle thousands or more
transactions. These transactions would have been stored for a long time.
This patch introduces the concept of disruption flags. Flags passed to
the tx progress logic that are and indication of disruptions in the
traffic or the traffic handling. The idea is that the progress is
marked as complete on disruption, even if a tx is not complete. This
allows the detection and logging engines to process the tx after which
it can be cleaned up.
commit 8125e04b39243ca75dd2a7ac8f51f5c7e0c8bd8d
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 16 15:35:19 2015 +0200
detect: clean up flag usage
commit 6e2c90a83b745d3b61c581be87fc1bb445330301
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 16 15:35:01 2015 +0200
detect: constify some DetectMpmPrefilter args
commit c419f33f441882ba5c080337667db5591df9eb2c
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jul 15 13:58:12 2015 +0200
dns: fix state progress handling
commit b0f5f7ee97d1d14923bb62c68e81172f56d0dc5b
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jul 15 13:08:22 2015 +0200
app-layer: fix args to state progress calls
commit 62fa9f09d4fe021cdd6b437ac8f3f26e7620043c
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jul 15 09:53:39 2015 +0200
Sync alversion/appversion types
The app layer state 'version' field is incremented with each update
to the state. It is used by the detection engine to see if the current
version of the state has already been inspected. Since app layer and
detect always run closely together there is no need for a big number
here. The detect code really only checks for equal/not-equal, so wrap
arounds are not an issue.
commit 11d3f5f67aa9c4c70d71c8cc035f716d05dc0248
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jul 14 20:09:36 2015 +0200
http: harden tx inspection code
commit be2849044b164d49a6f009a3b39d1370916c1bbc
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 16 12:49:38 2015 +0200
flow/stream: xfer noinspect flags to pseudo pkts
Set noinspection flags for payloads and packets on flow and stream
pseudo packets. Without these, the pseudo packets could trigger
inspection even though this was disabled for a flow.
commit a0899cbe85a5aa33863891f345feebcf7e37b0ac
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 16 11:22:04 2015 +0200
detect: optimize Signature layout
commit baadcab1b8b5c11528b78355fa8960e13af743e3
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 16 11:21:44 2015 +0200
detect: default to u32 for SigIntId
commit 1cd97713c2945a1e55ea6e3b8df804ab3f06fca4
Author: Eric Leblond <eric at regit.org>
Date: Wed May 27 14:01:36 2015 +0200
file-json: add file_id to message
This will allow to get the filename and by consequence the file
after a parsing of the EVEV log file.
commit 8fde842f97161fe69013944800ebd68cb805384a
Author: Eric Leblond <eric at regit.org>
Date: Fri Jun 19 12:13:31 2015 +0200
af-packet: implement rollover option
This patch implements the rollover option in af_packet capture.
This should heavily minimize the packet drops as well as the
maximum bandwidth treated for a single flow.
The option has been deactivated by default but it is activated in
the af_packet default section. This ensure there is no change for
old users using an existing YAML. And new users will benefit from
the change.
This option is available since Linux 3.10. An analysis of af_packet
kernel code shows that setting the flag in all cases should not
cause any trouble for older kernel.
commit dc306f3bad0446d8fecca1f950b32a018a8e4903
Author: Eric Leblond <eric at regit.org>
Date: Fri Jun 19 12:08:53 2015 +0200
af-packet: implement new load balancing modes
This patch implements the fanout load balancing modes available
in kernel 4.0. The more interesting is cluster_qm that does the
load balancing based on the RSS queues. So if the network card
is doing a flow based load balancing then a given socket will
receive all packets of a flow indepently of the CPU affinity.
commit 851fcef9627e11f62b9cd0fe78a1ec7775204093
Author: Eric Leblond <eric at regit.org>
Date: Fri Jun 19 12:05:05 2015 +0200
af-packet: sync header with latest features
Sync the replacement define with the latest Linux code.
This patch also updates the detection part in configure.ac
to do a declaration of all fields if the newest features are
not present.
commit caa2438b98f7f48fc0f6e6a30e9522b68d368f81
Author: Aleksey Katargin <gureedo at gmail.com>
Date: Thu Jul 16 21:17:49 2015 +0500
netmap: support SW rings
Netmap uses SW rings to send and receive packets from OS.
commit 823167bde2d805b7a089c3ea0c69ee0bc2ff4d64
Author: Aleksey Katargin <gureedo at gmail.com>
Date: Thu Jul 16 18:51:03 2015 +0500
netmap: strict check for zero copy mode
Netmap does not guarantees that mmap'ed regions for different interfaces would be the same.
commit 5104b02f322017d9ccb1a9a4f9c713779335ad7a
Author: Aleksey Katargin <gureedo at gmail.com>
Date: Thu Jul 16 18:35:23 2015 +0500
netmap: fixed autofp mode.
Previous implementation does not work with this mode.
commit 491fca468d73eab0ef554f32fa4ee7444259dd3f
Author: Aleksey Katargin <gureedo at gmail.com>
Date: Thu Jul 16 17:43:28 2015 +0500
netmap: support non-equal count of Rx and Tx rings on interface.
Netmap does not guarantees that NIC will have equal number of transmit and receive rings.
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 4 +-
src/app-layer-dns-common.c | 9 +-
src/app-layer-htp.c | 11 ++
src/app-layer-parser.c | 48 +++++----
src/app-layer-parser.h | 4 +-
src/detect-engine-alert.c | 9 ++
src/detect-engine-hcbd.c | 17 +--
src/detect-engine-hcd.c | 4 +-
src/detect-engine-hhd.c | 18 ++--
src/detect-engine-hhhd.c | 2 +-
src/detect-engine-hmd.c | 2 +-
src/detect-engine-hrhd.c | 12 +--
src/detect-engine-hrhhd.c | 2 +-
src/detect-engine-hrl.c | 2 +-
src/detect-engine-hrud.c | 2 +-
src/detect-engine-hsbd.c | 19 ++--
src/detect-engine-hscd.c | 2 +-
src/detect-engine-hsmd.c | 2 +-
src/detect-engine-hua.c | 2 +-
src/detect-engine-state.c | 21 ++--
src/detect-engine-state.h | 12 +--
src/detect-engine-uri.c | 2 +-
src/detect.c | 77 +++++++++-----
src/detect.h | 40 ++++---
src/flow-timeout.c | 8 ++
src/flow.c | 31 ++++++
src/flow.h | 1 +
src/output-json-alert.c | 4 +-
src/output-json-file.c | 3 +
src/output-streaming.c | 12 ++-
src/output-tx.c | 16 +--
src/runmode-af-packet.c | 21 ++++
src/runmode-netmap.c | 54 +++++++---
src/source-af-packet.h | 5 +
src/source-netmap.c | 253 ++++++++++++++++++++++++++++++++-------------
src/source-netmap.h | 13 ++-
src/stream-tcp.c | 7 ++
src/suricata-common.h | 4 +-
suricata.yaml.in | 26 ++++-
39 files changed, 548 insertions(+), 233 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list