[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta4-16-g9764a35

OISF Git noreply at openinfosecfoundation.org
Mon May 11 15:13:37 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  9764a356047a191f0f5f0171371f560d316cf444 (commit)
       via  c1558f5ac49a8be0e0946fe09688e7236154cf52 (commit)
       via  b6798495c5ba89ed45eaa31cfd4ca94a1078eb2d (commit)
       via  b2e1854e2a7a19a44026b27f0a8e63b89dd37009 (commit)
       via  22a810813c8c9a33371dc65acf222de1cfff881d (commit)
       via  f536099a67b4524c8705627f54708f63a211445e (commit)
       via  5f0678120d40447269917754041bf35db5b11496 (commit)
       via  37f0bd57b68f888689e1fb664d6dd05054cc7d9f (commit)
       via  bc6e4140befa80080777c41040eb47f9b6e05129 (commit)
       via  9d198e66627a6a8a33f7d0e96ff1bab025d7142a (commit)
       via  359e2d68f5739fceccb6f7a27b04c626196f442d (commit)
       via  62e937672df0f1b038bffdf97945620c699520e6 (commit)
       via  8d0b09015053e37898ffd8f56d4783035728c483 (commit)
       via  21f932898963f98af9ae7d6b18413951736e8ba9 (commit)
       via  52195a419213e49f60a9a46f5abe48be3d8b4f5c (commit)
       via  2f85308afe216e399a164018d375932dca57093b (commit)
      from  0e2a4c01bacf71ac7b11ab34f0511a30e182a5b2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9764a356047a191f0f5f0171371f560d316cf444
Author: Victor Julien <victor at inliniac.net>
Date:   Tue May 5 19:43:33 2015 +0200

    stream: fix --disable-detection reassembly issue
    Due to an error at initialization, the stream engine would not disable
    'raw' reassembly automatically when --disable-detection was used.
    This lead to segments not getting cleared from the segment lists.

commit c1558f5ac49a8be0e0946fe09688e7236154cf52
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jan 28 13:07:19 2015 +0100

    stream: remove FLOW_NO_APPLAYER_INSPECTION flag
    Instead, intruduce StreamTcpDisableAppLayer to disable app layer
    tracking and reassembly. StreamTcpAppLayerIsDisabled can be used
    to check it.
    Replace all uses of FlowSetSessionNoApplayerInspectionFlag and

commit b6798495c5ba89ed45eaa31cfd4ca94a1078eb2d
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jan 28 12:16:32 2015 +0100

    stream: remove FLOW_NO_APPLAYER_INSPECTION use from tests

commit b2e1854e2a7a19a44026b27f0a8e63b89dd37009
Author: Victor Julien <victor at inliniac.net>
Date:   Tue May 5 17:48:18 2015 +0200

    stream: improve 'no app layer' handling
    When the session/flow was flagged as 'no applayer inspect', which
    could happen as a result various reasons, packets would still be
    considered by the app layer reassembly.
    When ACK'd, they would be removed again. Depending also on the raw
    In very long sessions however, this meganism could fail leading to
    virtually endlessly growing segment lists.
    This patch makes sure that segments that come in on a 'no app layer'
    session are tagged properly or even not added at all.
    Use a new ssn flag instead of flow flag for no app tracking.

commit 22a810813c8c9a33371dc65acf222de1cfff881d
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jan 28 11:12:37 2015 +0100

    app-layer: add DisableAppLayer
    Move various app layer related flag setting calls into a utility
    function "DisableAppLayer"

commit f536099a67b4524c8705627f54708f63a211445e
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Apr 7 16:00:08 2015 +0200

    app-layer: de_state optimization
    Add API to bypass expensive TX list walks. This API call is optional.
    Implement it for HTTP and DNS.

commit 5f0678120d40447269917754041bf35db5b11496
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 25 15:54:35 2015 +0100

    detect-state: update test to check state storing

commit 37f0bd57b68f888689e1fb664d6dd05054cc7d9f
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 24 15:36:39 2015 +0100

    detect-state: handle duplicate inspect/match
    If for a packet we have a TX N that has detect state and a TX N+1 that
    has no detect state, but does have 'progress', we have a corner case
    in stateful detection.
    ContinueDetection inspects TX N, but cannot flag the rule in the
    de_state_sig_array as the next (TX N+1) has already started and needs
    to be inspected. 'StartDetection' however, is then unaware of the fact
    that ContinueDetection already inspected the rule. It uses the per
    session 'inspect_id' that is only moved forward at the end of the
    detection run.
    This patch adds a workaround. It uses the DetectEngineThreadCtx::
    de_state_sig_array to store an offset between the 'base' inspect_id
    and the inspect_id that StartDetection should use. The data type is
    limited, so if the offset would be too big, a search based fall back
    is implemented as well.

commit bc6e4140befa80080777c41040eb47f9b6e05129
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 25 09:19:49 2015 +0100

    detect: add de_state duplication check
    Add test to check if no duplicate destate is created.
    Only enabled with DEBUG_VALIDATION.

commit 9d198e66627a6a8a33f7d0e96ff1bab025d7142a
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 24 12:40:27 2015 +0100

    detect-state: fix state storing
    Fix storing state and bypassing detection. Previously we'd store
    on a match only, meaning that StartDetection would rerun often.
    Make sure StartDetection only stores if there is something to store.

commit 359e2d68f5739fceccb6f7a27b04c626196f442d
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Mar 24 17:25:04 2015 +0100

    detect-http-header: improve buffer handling
    Previously we could never be calling DetectEngineHHDGetBufferForTX
    for TX N and then afterwards for TX N - 1. Due to changes in the
    stateful detection code this is now possible.
    This patch changes the buffer logic to take the 'inspect_id' as it's
    base, instead of the first transaction that we are called with.

commit 62e937672df0f1b038bffdf97945620c699520e6
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Nov 12 13:41:50 2014 +0100

    detect-events: set SIG_MASK_REQUIRE_*_STATE for events
    Set SIG_MASK_REQUIRE_*_STATE for event rules to earlier discard

commit 8d0b09015053e37898ffd8f56d4783035728c483
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Jul 21 21:09:06 2014 +0200

    engine-analysis: print fast_pattern summary
    When using engine analysis for print fast_pattern stats, print a
    short summary at the end containing per buffer:
    - smallest fp
    - biggest fp
    - number of patterns
    - avg fp len

commit 21f932898963f98af9ae7d6b18413951736e8ba9
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jul 2 13:16:28 2014 +0200

    lua: fix error handling

commit 52195a419213e49f60a9a46f5abe48be3d8b4f5c
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Oct 18 21:46:59 2014 +0200

    http: add event for leading spaces on request line
    Libhtp will issue a warning in this case, so we can match on this.
    This patch adds event, rule and unittest.

commit 2f85308afe216e399a164018d375932dca57093b
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Jan 16 11:06:35 2015 +0100

    threads: fix missing unlock in error handling
    If TmThreadsUnregisterThread was called with out of range 'id', a lock
    would not be cleared after returning from the function.
    ** CID 1264421:  Missing unlock  (LOCK)
    /src/tm-threads.c: 2186 in TmThreadsUnregisterThread()


Summary of changes:
 rules/http-events.rules      |   4 +-
 src/alert-debuglog.c         |   6 +-
 src/app-layer-dns-common.c   |  17 +++-
 src/app-layer-dns-common.h   |   5 +-
 src/app-layer-dns-tcp.c      |   1 +
 src/app-layer-dns-udp.c      |   1 +
 src/app-layer-htp.c          | 130 +++++++++++++++++++++++-----
 src/app-layer-htp.h          |   2 +
 src/app-layer-modbus.c       |   4 +-
 src/app-layer-parser.c       |  51 +++++++----
 src/app-layer-parser.h       |   6 +-
 src/app-layer-smtp.c         |   8 +-
 src/app-layer.c              | 198 ++++++++++++++++++++-----------------------
 src/detect-engine-analyzer.c |  44 ++++++++++
 src/detect-engine-hcbd.c     |  28 +++---
 src/detect-engine-hhd.c      |  28 +++---
 src/detect-engine-hsbd.c     |  25 +++---
 src/detect-engine-state.c    | 180 ++++++++++++++++++++++++++++++++++-----
 src/detect-engine-state.h    |   6 +-
 src/detect-lua.c             |   2 +-
 src/detect.c                 |  32 ++++++-
 src/flow.h                   |  13 +--
 src/stream-tcp-private.h     |   6 ++
 src/stream-tcp-reassemble.c  |  91 ++++++++++++--------
 src/stream-tcp-reassemble.h  |   4 +
 src/stream-tcp.c             |   2 +-
 src/suricata.c               |   8 +-
 src/tm-threads.c             |   4 +-
 28 files changed, 636 insertions(+), 270 deletions(-)


More information about the Oisf-devel mailing list