[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta3-218-geac83be

OISF Git noreply at openinfosecfoundation.org
Fri May 8 07:45:57 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  eac83be1216a554f99b668b053e8dd4f6cea6953 (commit)
       via  ddec92676d27ed68c9e767a178e7bd4685a083bf (commit)
       via  cf9da2be15e7042c20f96b6a573305f8d35268d4 (commit)
       via  d44eab82c1a015e3797a7aa4583072a121f8a2b7 (commit)
       via  f0c659f82f675a090fa08dacc008061a70db2550 (commit)
       via  208d27abc76a8ab9280a91d9cfbdc16abe43b196 (commit)
       via  b12c53cd51ca1b24039c248f1eab6808d9686e4b (commit)
       via  2918a75da1f3f74f1c57e5848e4e7a860854b945 (commit)
       via  cf839c931f90253afcc27f00ee159fe880f1a92a (commit)
      from  04f3f5066d0ed7ef50b8413f7026d260c9009a75 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eac83be1216a554f99b668b053e8dd4f6cea6953
Author: Ken Steele <ken at tilera.com>
Date:   Thu Feb 6 10:22:17 2014 -0500

    Formatting cleanup in detect-replace.c
    Wrap lines longer than 80 characters
    Add "static" for unit tests.
    Use (void) for () for function arguments.
    Add space after "while(" -> "while ("
    Remove space after function names.
    Put open bracket of function on a new line.

commit ddec92676d27ed68c9e767a178e7bd4685a083bf
Author: Ken Steele <ken at tilera.com>
Date:   Thu Feb 6 10:12:24 2014 -0500

    Add a comment for DetectReplaceList
    Reworded a quote in PR 742 by Regit from Inliniac to explain why adding
    the head of the list (really a FIFO) is the correct behavior.

commit cf9da2be15e7042c20f96b6a573305f8d35268d4
Author: Ken Steele <ken at tilera.com>
Date:   Fri Dec 20 16:36:58 2013 -0500

    Fix DetectReplaceAddToList
    I see two problems:
    1) If allocating a newlist fails, the function returns NULL, which then
       leaks any existing list elements.
    2) The code to add the new value to the list works for the first two, but
       for not the third. For example, replist=A, A->next=B, B->next=NULL, then
       adding C results in replist=A, A->next=C, C->next=NULL, B is lost.
    The fix pushes new values onto the head of the list, which might not be
    what is needed, but there are no comments on what the function does, so I
    made an assumption.

commit d44eab82c1a015e3797a7aa4583072a121f8a2b7
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date:   Thu Apr 16 12:40:17 2015 +0300

    Fix bug #1435 (data loss when dumping payloads to JSON)

commit f0c659f82f675a090fa08dacc008061a70db2550
Author: Zachary Rasmor <zachary.r.rasmor at lmco.com>
Date:   Fri Apr 24 14:28:32 2015 -0400

    Fix Bug #1204
    Fix typo that causes eve syslog settings code to be unreachable.

commit 208d27abc76a8ab9280a91d9cfbdc16abe43b196
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 9 08:42:23 2015 +0200

    stream: next_seq handling improvements
    Allow next_seq updating to recover from cases where last_ack has been
    moved beyond it. This can happen if ACK's have been accepted for missing
    data that is later retransmitted.
    This undoes some of the previous last_ack update changes

commit b12c53cd51ca1b24039c248f1eab6808d9686e4b
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date:   Thu May 7 12:40:28 2015 +0300

    Add timezone to timestamp in JSON logs

commit 2918a75da1f3f74f1c57e5848e4e7a860854b945
Author: David Cannings <david.cannings at nccgroup.com>
Date:   Thu Apr 16 19:40:46 2015 +0100

    Added support for full parsing of the rcode header in DNS answer
    packets. Where rcode isn't "no error" this is displayed in both DNS and
    JSON logs.
    Note that this changes the current "No such domain" to "NXDOMAIN" in DNS
    logs. This could be fixed if desired to maintain compatibility with
    anybody crazy enough to parse the DNS log.
    When the rcode is not "no error" (for example NXDOMAIN or SERVFAIL) it
    is unlikely that there will be answer RRs. Therefore the rname from the
    query is used.
    Because the rcode applies to a whole answer packet (not individual
    queries) it is impossible to determine which query RR caused the error.
    Because of this most DNS servers currently reject multiple queries per
    packet. Therefore each query RR is output instead with the relevant
    error code, likely to be FORMERR if queries > 1.

commit cf839c931f90253afcc27f00ee159fe880f1a92a
Author: Victor Julien <victor at inliniac.net>
Date:   Fri May 1 15:12:47 2015 +0200

    tls: force 'raw' reassembly after each record
    Trigger raw reassembly after each record and after the handshake.


Summary of changes:
 src/app-layer-dns-common.c | 171 +++++++++++++++++++++++++++------------------
 src/app-layer-dns-common.h |  23 +++++-
 src/app-layer-dns-tcp.c    |  28 ++++----
 src/app-layer-dns-udp.c    |  26 ++++---
 src/app-layer-ssl.c        |   7 ++
 src/detect-replace.c       |  83 ++++++++++++----------
 src/log-dnslog.c           |  13 ++--
 src/output-json-alert.c    |  39 ++++++-----
 src/output-json-dns.c      |  55 ++++++++++++++-
 src/output-json.c          |   2 +-
 src/stream-tcp.c           |  76 ++++++++++++++------
 src/util-buffer.h          |   2 -
 src/util-time.c            |   6 +-
 13 files changed, 346 insertions(+), 185 deletions(-)


More information about the Oisf-devel mailing list