[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta3-73-g2d7f79a

OISF Git noreply at openinfosecfoundation.org
Thu Mar 12 08:14:21 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  2d7f79a62bc1ad75dd5d97b1a43710a5b36552cc (commit)
       via  2e754ca6fadf9caf94a6d09390a58785feca0843 (commit)
       via  6b172bb0103d723574640b53c24f4b00d35a0df3 (commit)
       via  8a97bb0d042ea25c445872e142de406aa432ca1e (commit)
       via  e9857200b3704d4c4a0feedca098a8b6898b9b21 (commit)
       via  c914f7bcdc40d60b6a27354a9c04d79cb89d52ae (commit)
       via  b8e7d3a2593ee5673aabac267ac0f2a5ea4fbe93 (commit)
       via  e138a2ac1e0e0be8421b21d1c461cbfb0733731e (commit)
       via  ab1d69fc4eb0e4ccd8902c198af0cb94fce1e696 (commit)
       via  6ed246c041b9d08e0616401d011cea4d28378763 (commit)
       via  a243a42bdf1bf4bc88deebc2408c51af7e85df5a (commit)
       via  290b01f95e1864fca8926797a183260146659213 (commit)
       via  47d9c7b21170540073d4861c4f2e598bd3bf9c5b (commit)
       via  54b13851cc390eb1a7963d564a6a1c6d733ccd50 (commit)
       via  881f32cc02e897fec8cb0c1bec022709f4748083 (commit)
       via  c1970a3655360ef603288d50451a6547becdaf3a (commit)
       via  180faece7cb5df942bff8f6583e68c45ed7ba19f (commit)
       via  22182e7a8430626753b4903db9705b8359a08904 (commit)
      from  fb0ecaba05cfde20198975037116ce9b2effa7b1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2d7f79a62bc1ad75dd5d97b1a43710a5b36552cc
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 21 19:27:34 2014 +0200

    drop json log: log out 'drop' signature
    If no normal sig was logged as the 'drop' reason, try the stored
    drop signature instead, this will also log out 'noalert' sigs.

commit 2e754ca6fadf9caf94a6d09390a58785feca0843
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Oct 20 15:43:42 2014 +0200

    drop json: make alerts logging optional
    Make logging out alerts that caused the drop optional.

commit 6b172bb0103d723574640b53c24f4b00d35a0df3
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Oct 20 14:02:20 2014 +0200

    drop json: add sids (if applicable)
    If a drop is caused by a SID match, add it to the drop record.

commit 8a97bb0d042ea25c445872e142de406aa432ca1e
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Oct 20 13:59:28 2014 +0200

    alert json: move alert info into function
    Move adding the alert info (sid,rev,gid,etc) into it's own function,
    so it can be called from other outputs as well.

commit e9857200b3704d4c4a0feedca098a8b6898b9b21
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 21 10:04:57 2014 +0200

    detect: set action from utility function
    Set actions that are set directly from Signatures using the new
    utility function DetectSignatureApplyActions. This will apply
    the actions and also store info about the 'drop' that first made
    the rule drop.

commit c914f7bcdc40d60b6a27354a9c04d79cb89d52ae
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Oct 21 10:43:56 2014 +0200

    detect: cleanup, remove unused order_id
    No longer used, so remove.

commit b8e7d3a2593ee5673aabac267ac0f2a5ea4fbe93
Author: Eric Leblond <eric at regit.org>
Date:   Mon Jan 19 19:16:49 2015 +0100

    flow-timeout: fix init of pseudo packet
    The code was not checking if we had enough room in the direct
    data. In case default_packet_size was set really small, this was
    resulting in data being written over the data and causing a crash.
    The patch fixes the issue by forcing an allocation if the direct
    data size in the Packet is to small.

commit e138a2ac1e0e0be8421b21d1c461cbfb0733731e
Author: Eric Leblond <eric at regit.org>
Date:   Thu Feb 12 21:15:27 2015 +0100

    decode: introduce PacketCallocExtPkt function
    In flow timeout handling we need a function that allocate and blank
    a place that will be used to put constructed packet data. This new
    function has no other goal.

commit ab1d69fc4eb0e4ccd8902c198af0cb94fce1e696
Author: Jason Ish <ish at unx.ca>
Date:   Fri Feb 27 11:30:47 2015 -0600

    When re-opening a log file on HUP, always append.
    This will prevent log files that have not been rotated by some
    external tool from being deleted, but log files that were
    rotated (moved out of the way) will be re-opened.
    This is a better default behaviour, especially when not all
    log files are rotated at the same time.
    Thanks to iro on IRC.

commit 6ed246c041b9d08e0616401d011cea4d28378763
Author: Jason Ish <ish at unx.ca>
Date:   Thu Jan 15 14:43:45 2015 -0600

    Don't attempt to load the rule files if the rule-files configuration
    node is not a sequence.  Instead log a warning as this is usually
    a configuration error.

commit a243a42bdf1bf4bc88deebc2408c51af7e85df5a
Author: Jason Ish <ish at unx.ca>
Date:   Thu Jan 15 14:43:22 2015 -0600

    New function to test if a configuration node is a sequence or not.

commit 290b01f95e1864fca8926797a183260146659213
Author: Eric Leblond <eric at regit.org>
Date:   Tue Feb 24 17:46:06 2015 +0100

    af-packet: don't unlock twice the bpf mutex

commit 47d9c7b21170540073d4861c4f2e598bd3bf9c5b
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 6 22:21:12 2015 +0100

    json-alert: use getter for appstate

commit 54b13851cc390eb1a7963d564a6a1c6d733ccd50
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 6 22:17:30 2015 +0100

    flow: constify getters param
    Some potential callers are already using constified values so it
    is good to do it.

commit 881f32cc02e897fec8cb0c1bec022709f4748083
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 6 21:16:52 2015 +0100

    json-alert: add SSH fields in alert logging

commit c1970a3655360ef603288d50451a6547becdaf3a
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 6 21:05:51 2015 +0100

    json-ssh: export logging function
    It will be use in alert logging to display SSH information.

commit 180faece7cb5df942bff8f6583e68c45ed7ba19f
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 6 20:03:13 2015 +0100

    json-alert: log tls info in alert
    This patch adds the capabilities to log the TLS information the
    same way it is currently possible to do with HTTP. As it is
    quite hard to read ASN.1 directly in the stream, this will help
    people to understand why suricata is firing on alert relative
    to TLS.

commit 22182e7a8430626753b4903db9705b8359a08904
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 6 19:55:28 2015 +0100

    json-tls: refactor to export logging function
    To be able to add TLS data in alert we need to do the same as what
    is done with HTTP ie export the logging functions.


Summary of changes:
 src/conf.c                 |   39 +++++++++++++
 src/conf.h                 |    1 +
 src/decode.c               |   12 ++++
 src/decode.h               |    6 +-
 src/detect-engine-alert.c  |    5 +-
 src/detect-engine-iponly.c |    2 +-
 src/detect-engine-state.c  |   10 ++--
 src/detect.c               |   55 ++++++++++++------
 src/detect.h               |    1 +
 src/flow-timeout.c         |   16 ++++++
 src/flow.c                 |    4 +-
 src/flow.h                 |    4 +-
 src/output-json-alert.c    |  137 +++++++++++++++++++++++++++++++++++---------
 src/output-json-alert.h    |    3 +
 src/output-json-drop.c     |   99 ++++++++++++++++++++++++++++----
 src/output-json-ssh.c      |   45 +++++++++------
 src/output-json-ssh.h      |    6 ++
 src/output-json-tls.c      |   24 +++++---
 src/output-json-tls.h      |    7 +++
 src/source-af-packet.c     |    1 -
 src/util-logopenfile.c     |    7 ++-
 suricata.yaml.in           |    5 +-
 22 files changed, 388 insertions(+), 101 deletions(-)


More information about the Oisf-devel mailing list