[Oisf-devel] [COMMIT] OISF annotated tag, suricata-2.1beta4, created. suricata-2.1beta4

OISF Git noreply at openinfosecfoundation.org
Fri May 8 14:36:36 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The annotated tag, suricata-2.1beta4 has been created
        at  2bd14a5851614ccdf151fe05076bf6a309b38886 (tag)
   tagging  0e2a4c01bacf71ac7b11ab34f0511a30e182a5b2 (commit)
  replaces  suricata-2.1beta3
 tagged by  Victor Julien
        on  Fri May 8 16:36:13 2015 +0200

- Log -----------------------------------------------------------------
Tag 2.1beta4 release
Version: GnuPG v1


Alexander Gozman (4):
      DetectAddressParseString(): fix IPv6 address handling
      Reject ICMP traffic, not only TCP/UDP
      Add timezone to timestamp in JSON logs
      Fix bug #1435 (data loss when dumping payloads to JSON)

DIALLO David (1):
      app-layer-modbus: fix deadlock in parsers

David Cannings (1):
      Added support for full parsing of the rcode header in DNS answer

David Maciejak (1):
      Fix Unit ID check

Eric Leblond (40):
      util-ioctl: don't build code RX ring on old system
      runmode-pcap-file: suppress useless include
      pcap-file: add missing atomic init
      build: don't link with libnfnetlink
      json-tls: refactor to export logging function
      json-alert: log tls info in alert
      json-ssh: export logging function
      json-alert: add SSH fields in alert logging
      flow: constify getters param
      json-alert: use getter for appstate
      af-packet: don't unlock twice the bpf mutex
      decode: introduce PacketCallocExtPkt function
      flow-timeout: fix init of pseudo packet
      flow-manager: don't set cpu affinity twice
      runmodes: fix typo in output
      suricata.yaml: add missing mpm-algo
      runmodes: improve listing output
      rules: add app layer events rules
      prscript: refactor for docker
      prscript: add docker handling support
      prscript: add a comment on the SELinux issue
      prscript: read buildbot config from source
      prscript: iterate on builds when checking status
      prscript: suppress useless message
      prscript: improve wordings
      prscript: add notification system
      prscript: improve command line
      prscript: fix error message in non local test
      prscript: rework option logic
      list keywords: restore 2.0 similar output
      list keywords: fix regression on app layer name
      util-running-mode: setup config file
      app-layer-smtp: fix SMTPTransactionFree function
      email-json: free temporary 'to' string
      email-json: free temporary 'cc' string
      decode-der: decode DC keyword
      coccinelle: update struct flags test
      output-json-http: output status as an integer
      util-device: fix LiveBuildDeviceListCustom
      af-packet: use max packet size as snaplen

Giuseppe Longo (10):
      find and replace HSBDMATCH by FILEDATA
      signature: set flags and test the protocol
      file_data: register keyword for smtp and tcp protocol
      FileData: add stream_offset field
      Detect engine for smtp file_data file_data: inspecting smtp attachments
      mpm: implement prefiltering for smtp
      app-layer-smtp: make functions as public
      UT: implement tests for inspection code
      filedata: implement inspected tracker
      filedata: read inspected tracker settings from suricata.yaml

Jason Ish (13):
      Define _DEFAULT_SOURCE.  Its the replacement for _BSD_SOURCE which
      New function to test if a configuration node is a sequence or not.
      Don't attempt to load the rule files if the rule-files configuration
      When re-opening a log file on HUP, always append.
      Bug 1417 - Record sequence nodes as sequences.
      prscript - fallback to json is simplejson not available.
      Duplicate rule ID.
      ParseSizeString - don't abort on unknown unit type.
      DetectSidSetup - safer stripping of quotes.
      DetectGidSet - safer stripping of quotes.
      spelling - dubbed -> duped (for duplicate)
      afl - Don't fail if app-layer proto enabled value is NULL.
      afl - SCHINfoLoadFromConfig - check for NULL before parsing.

Ken Steele (4):
      Inject pseudo packet periodically when there is not traffic in mPIPE.
      Fix DetectReplaceAddToList
      Add a comment for DetectReplaceList
      Formatting cleanup in detect-replace.c

Pierre Chifflier (1):
      Fix possible wrap in uint32_t addition in DER parser

Tom DeCanio (1):
      fix reputation parser so that it accepts ipv6 addresses in configuration file.

Victor Julien (152):
      stream: move reassembly loop into util funcs
      stream: track data sent to app-layer
      stream: replace STREAM_SET_INLINE_FLAGS macro
      stream: update inline tests
      stream: remove STREAM_SET_FLAGS
      stream: unify inline and non-inline applayer assembly
      stream: remove StreamTcpReassembleInlineAppLayer
      stream: move raw reassembly into util func
      stream: move raw stream gap handling into util func
      tcp: zero copy fast path in app-layer reassembly
      tcp: add debug stats about reassembly fast paths
      tcp: add stream.reassembly.zero-copy-size option
      flow: change flow state logic
      flow: modify lastts update logic
      flow: lockless flow manager checks
      file: optimize file pruning
      runmodes: add funcs to check if file loggers enabled
      file: improve file pruning
      file: register filedata log before file log
      stats api: call thread deinit API functions
      detect-flow: use dedicated flags
      tcp midstream: fix window scaling
      flow: handle TCP session reuse in flow engine
      tcp reuse: remove old code
      flow: add flow.tcp_reuse counter
      flow: move flow/packet updates into util func
      flow: overwrite p::flowflags on first set
      flow: add util func to remove packet from flow
      tcp reuse: handle reuse in stream engine
      tcp reuse: unify autofp and single/workers check
      tcp reuse: support reuse on syn/ack
      tcp reuse: enable stream handling based on runmode
      flow: tag first packet in each direction
      tcp reuse: don't double 'reuse'
      flow: make TCP reuse handling in flow engine optional
      dcerpc: fix error handling for alloc errors
      dcerpc: don't exit() on malloc failure
      http: remove unused and broken 'content-len' logic
      stream: init global config after flow engine
      http: add libhtp uri warning event
      http: add event for suspicious method delimeter
      CentOS 5.11 pkg-config fix
      Fix compiler warning on CentOS 5.11
      Fix make distcheck on CentOS 5.11
      stream: fix unittests wrt flow
      flow-manager: init global atomics
      app-layer: init flow in tests
      util-magic: make unittests less specific
      detect: cleanup, remove unused order_id
      detect: set action from utility function
      alert json: move alert info into function
      drop json: add sids (if applicable)
      drop json: make alerts logging optional
      drop json log: log out 'drop' signature
      Remove spinning PacketPoolWait
      http: fix stat_msg and stat_code state tracking
      http: add inspection engine for http request line
      file: don't 'close' file if we need to track it
      modbus: shrink data structure
      detect-state: cleanup retvals
      detect-state: cleanup ContinueDetection
      detect-state: add helper to indicate last tx
      detect-state: add helper to test state
      detect-state: remove redundant code
      detect-state: remove DeStateResetFileInspection
      detect-state: rip per sig detect out of ContinueDetect
      detect-state: various cleanups
      detect-state: fix profiling
      app-layer: per tx destate
      http: support per TX destate storage
      http: clean up tx destate at tx destroy
      dns: implement tx de_state
      smtp: tx de_state
      modbus: tx de_state
      detect-state: split flow and tx state
      detect-state: implement tx state reset for reload
      Bug 1401: on midstream pickup, fix packet direction
      unix-command: fix duplicate registration error msg
      detect: consolidate more setup into DetectEngineCtxInit
      detect: no exit on reference/classification errors
      suricatasc: allow for much longer response times
      detect: update detect engine management
      unittests: add exception to detect engine setup
      runmodes: remove DetectEngineCtx passing from API
      detect: unify delayed detect and reload
      threading: remove 'dummy' slot logic
      detect: introduce 'minimal' detect engine
      detect: move reload into main loop
      detect: remove old live reload implementation
      detect reload: allow master update during reload
      detect: reload thread init cleanup
      detect: allow det_ctx->de_ctx to be NULL
      conf: add ConfYamlLoadFileWithPrefix
      detect: initialize detection engine by prefix
      detect: pass DetectEngineCtx to address parsing
      detect:pass DetectEngineCtx to port parsing
      rule-vars: take detect engine as arg
      rule vars: support prefix
      detect: remove config at prefix
      detect reload: load config
      unix-socket: implement reload-rules
      detect-reload: 0 detect threads is no error
      detect-reload: enable unconditionally
      dns: optimize tx list walks
      detect-state: fix profiling
      detect-flowint: fix unlocked flow access
      detect-state: handle 'post match' locking
      detect-flowint: conditional locking
      detect-flowbits: locking update
      detect-state: use f->protomap instead of FlowGetProtoMapping(f->proto)
      detect-state: cleanups and comments
      stream: fix bad last_ack update leading to gaps
      ippair: track ippairs, enable tests
      detect: hostbits keyword
      hostbits: implement sigorder
      hostbits: add more tests, include sigorder
      hostbits: allow for src/dst parameter
      hostbits: unittest cleanups
      ippair: xbit implementation
      xbit: move to util-var
      xbits: hostbits use xbits type
      vars: redo var name <-> idx handling
      xbits: prepare for non-ippair support
      hostbits: prepare for xbits integration
      xbits: implement ip_src/ip_dst support
      xbits: expire (first steps)
      ippair: implement xbits expiration
      host: implement hostbits/xbits expire
      hosts: consider hostbits/xbits status in timeout
      ippair: implement basic timeout check
      ippair: handle timeouts in the flow manager
      host: handle timeout
      app-layer: update protocol detection tests
      threading: add missing locks to threading storage
      autofp: reduce flow storage space requirement
      packet pool: init pool for autofp workers as well
      suricatasc: allow for longer response times after connect
      classification: cleanups
      reference: use pcre_copy_substring
      threshold: cleanups
      packet pool: fix memleaks
      Fix potential deadlock in output
      coverity fix: don't do pointer check on static array
      xbits: fix coverity warnings
      profiling: fix sorting on very long runs
      pcap: implement LINKTYPE_NULL
      Bug 1340: fix missing flow cleanup
      pcap-file: fix malformed timestamp crash
      smtp: fix mime boundary parsing issue
      tls: force 'raw' reassembly after each record
      stream: next_seq handling improvements
      Update changelog for 2.1beta4 release

Zachary Rasmor (1):
      Fix Bug #1204

gureedo (1):
      netmap support

maxtors (4):
      Added DELETE and PATCH http methods to app-layer-htp.c
      Added http methods for webdav (rfc4918).
      Reworked pattern registration structure and feedback issues.
      Added new WebDAV http methods.



More information about the Oisf-devel mailing list