[Oisf-devel] [COMMIT] OISF annotated tag, suricata-3.0RC1, created. suricata-3.0RC1

OISF Git noreply at openinfosecfoundation.org
Wed Nov 25 13:46:15 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The annotated tag, suricata-3.0RC1 has been created
        at  feccf7250d5caafcfe3335d8b489df1a865f0efc (tag)
   tagging  737c99dd308d437765fc7d74b64b437884febe0a (commit)
  replaces  suricata-2.1beta4
 tagged by  Victor Julien
        on  Wed Nov 25 14:45:51 2015 +0100

- Log -----------------------------------------------------------------
Tag 3.0RC1 release
Version: GnuPG v1


Aaron Campbell (1):
      Fix out-of-bounds memory access in DNS TXT record parser.

Aleksey Katargin (4):
      netmap: support non-equal count of Rx and Tx rings on interface.
      netmap: fixed autofp mode.
      netmap: strict check for zero copy mode
      netmap: support SW rings

Alessandro Guido (2):
      Add option to omit payload in unified2 output
      Describe new unified2-alert "payload" option

Alexander Gozman (7):
      Feature #1440: support wildcards in rule filenames
      Fix issues #1493 and #1494
      Issue 1491: fix capabilities for pf_ring mode when running under non-root account
      suricatasc: remove "u" prefix when printing JSON output.
      In non interactive mode, print errors to stderr
      Feature 1527: ability to compile as a position independent executable
      unix-manager: log client (dis)connection with DEBUG level.

Antti Tönkyrä (2):
      Allow colon in SSH version, at least some trojaned PuTTY clients have version like Putty-Local: Timestamp HH:MM:SS
      source-pfring: don't set cluster mode when using ZC and VLAN tracking is disabled

DIALLO David (1):
      modbus: fix heap-buffer-overflow in Modbus parser

David Cannings (1):
      Fix rcode parsing, as noticed by Coverity.

Eric Leblond (101):
      output-json: fix type of data parameter
      suricata.yaml: fix the name of EVE module
      log file: add type flag
      output-json: suppress global variable
      suri-graphite: fix port option
      suri-graphite: add daemonization capability
      suri-graphite: add ouput to file option
      output-lua: sync variable name with yaml
      logging: fix modules ordering during logging
      app-layer: add modbus to AppProtoToString
      tls-store: now a separate module
      tls-store: backward compatibility
      filestore: use SCFree instead of free
      tls-store: avoid log flooding
      af-packet: sync header with latest features
      af-packet: implement new load balancing modes
      af-packet: implement rollover option
      file-json: add file_id to message
      af-packet: don't activate rollover by default
      docker: add ASAN to pcaps build
      configure: use pkg_config for libhtp
      host-storage: document host storage API
      email-json: move email fields to email section
      app-layer-smtp: extract and store HELO and MAIL FROM
      smtp-json: update SMTP EVE messages
      app-layer-smtp: parse and extract RCPT TO fields
      output-json-smtp: output RCPT TO fields
      app-layer-stmp: simplify code
      decode-mime: compute body md5
      email-json: export md5sum of body
      smtp: add 'body-md5' mime option
      decode-mime: add function to get status
      email-json: output MIME parsing status
      http-json: introduce JsonHttpAddMetadata function
      alert-json: use new JsonHttpAddMetadata function
      file-json: log http data using common function
      smtp-json: introduce function to output smtp data
      file-json: output smtp proto info
      email-json: add function to export data
      file-json: log 'email' information
      decode-mime: introduce MimeDecFindFieldsForEach
      email-json: add custom fields support
      email-json: add LOG_EMAIL_COMMA type
      email-json: factorize the code
      email-json: delete leading white spaces
      email-json: delete white space from "from"
      decode-mime: fix typo in comment
      email-json: don't log subject by default
      email-json: add capa to display subject md5
      email-json: body md5 logging is optional
      email-json: add some fields
      yaml: document new MIME features
      email-json: add author
      email-json: improve log message
      unittests: finally register MIME tests
      util-decode-mime: add unittests for field fetching
      email-json: add 'date' field extraction
      yaml: add comment describing smtp extended
      smtp-layer: add HELO parsing test in unittest
      smtp-layer: add MAIL FROM parsing test in unittest
      email-json: add bcc to extended fields
      json-smtp: fix a debug message
      json-alert: add smtp elements in alert
      json-smtp: change copyright date
      json-smtp: add tx_id param to metadata generation
      json-http: gen metadata function with tx_id param
      json-email: JsonEmailAddMetadata update
      output-json: add create header with tx function
      output-json: add tx_id to events
      smtp-layer: remove FIXME and del excessive newline
      util-decode-mime: fix IsIpv6Host function
      util-decode-mime: fix some unittests
      decode-mime: fix body md5 computation
      util-debug: don't colorize if a redirect is used
      json-email-common: can now log same header twice
      json-email-common: suppress commented code
      json-email-common: fix email extended logging
      json-email: fix coverity alert
      json-file: avoid allocation
      output-json: add redis support
      output-json: improve hiredis define
      travis: add libjansson and hiredis
      output-json: add sensor-name config variable
      util-logopenfile: add write function
      util-logopenfile: introduce SCConfLogOpenRedis
      util-logopenfile: implement redis pipelining
      util-logopenfile: reconnect handling
      redis-output: fix sensor-name code
      util-logopenfile: use a function for redis write
      util-logopenfile: don't use atomic for batch_count
      util-logopenfile: cleaner free function
      util-logopenfile: don't lock syslog write
      util-logopenfile: log queued events at exit
      util-logopenfile: move sensor_name to filectx
      util-logopenfile: don't allocate redis command
      suricata: clean dump-config output
      config: don't use hardcoded path
      handle MTU discovery in multi iface case
      prscript: docker do not need sudo
      prscript: add rm command
      rules-reload: fix reload with -s or -S

Giuseppe Longo (5):
      app-layer-htp: add http_body_inline setting
      hsbd: inspect buffer depending on the engine mode
      http: rework UT
      file_data: check for signature alproto and flow
      decode: add flow memcap counter

Helmut Schaa (1):
      Disable pcap-config use during cross compilation

Jason Ish (29):
      Bug 1281 - Accept rule content with lengths greater than 255.
      Bug 1281 - Add tests for rule content of lengths > 255.
      radix-tree - prevent out of bounds array access
      conf - process includes even if not at root node.
      conf - function declaration style
      --set - handle spaces on either side of '='
      flowbits: strip leading and trailing spaces in name
      json-stats: log uptime in seconds, instead of a string
      json-stats: reorg threads and totals
      hostbits: ignore leading and trailing white space
      json-stats: log deltas
      rule vars: strip leading white space before looking up var.
      logging: integrate rotation into SCConfLogOpenGeneric.
      app-layer: template for application layer parser
      app-layer: template for application layer tx logger
      app-layer: template for application layer content inspection
      app-layer: scripts to setup app-layer templates
      app-layer setup scripts: fix header substitution.
      defrag: unit test for tracker reuse (current fails)
      defrag: don't use trackers marked for removal
      defrag: tracker initialization cleanup
      defrag: stop reassembly at the first packet with more flags not set
      detect-pcre: allow upper cases metachars for host (/W).
      fix util-host-os-info unit tests.
      GPL license sync with official gpl-2.0.txt
      template app-layer: disable if not in config file (default)
      app-layer setup scripts: enable new modules on copy
      util-base64: strict mode - all characters must be valid
      base64_decode, base64_data: decode and match base64

Jeff Barber (1):
      Support for reconnecting unix domain socket log files

Mats Klepsland (7):
      lua: TLS lua output support
      lua: SSH support
      lua: SSH output support
      app-layer-ssl: get server name from SNI extension
      output-json-tls: added SNI field to extended output
      log-tls: added SNI field to extended output
      lua: added function TlsGetSNI()

Schnaffon (1):
      Use unlikely for error treatment in alert-prelude.c

Tom DeCanio (2):
      eve-log: add JSON stats logging
      eve-log: stats logging code cleanup.

Torgeir Natvig (1):
      Bugfix for detect-engine.luajit-states

Victor Julien (267):
      threads: fix missing unlock in error handling
      http: add event for leading spaces on request line
      lua: fix error handling
      engine-analysis: print fast_pattern summary
      detect-events: set SIG_MASK_REQUIRE_*_STATE for events
      detect-http-header: improve buffer handling
      detect-state: fix state storing
      detect: add de_state duplication check
      detect-state: handle duplicate inspect/match
      detect-state: update test to check state storing
      app-layer: de_state optimization
      app-layer: add DisableAppLayer
      stream: improve 'no app layer' handling
      stream: remove FLOW_NO_APPLAYER_INSPECTION use from tests
      stream: remove FLOW_NO_APPLAYER_INSPECTION flag
      stream: fix --disable-detection reassembly issue
      classification: remove global from parsing
      reference: remove global
      classification: update pcre globals use
      reference: update pcre globals use
      reference/classification: call global init for unittests
      unix-manager: convert to thread module
      threading: remove unused cmd thread create func
      flow: don't hold tv_root_lock longer than needed
      threading: explain purpose of threadvars mucond
      parsing: s/strtok/strtok_r/g
      detect: minor cleanups
      threads: add untimed control cond call
      alert-json: fix stream logging for IPS mode
      logfile: rename ALERT_ types to LOGFILE_TYPE_
      counters: minor cleanups
      counters: s/SCPerfCounterArray/SCPerfPrivateContext/g
      counters: s/SCPerfContext/SCPerfPublicContext/g
      counters: rename threadvars public counters
      counters: threadvars s/sc_perf_pca/perf_private_ctx/g
      counters: make increment call take threadvars
      counters: remove references to SCPerfCounterAddDouble
      counters: SCPerfGetLocalCounterValue cleanup
      counters: make threadvars::perf_private_ctx static
      counters: introduce SCPerfSetupPrivate for thread setup
      counters: minor cleanups
      counters: make SCPerfSetupPrivate a function
      counters: remove unused public API calls and make them private
      counters: merge counters from threads for output
      counters: remove unused description
      Fix harmless typo in IPOnlyCIDRItemNew's SCReturnPtr use
      counters: global counters registration
      stream: make tcp.reassembly_memuse counter global
      counters: remove thread module name from counters API
      counters: remove threadvars arg from SCPerfAddToClubbedTMTable
      counters: simplify and speedup counters sync
      counters: start using Stats prefix
      counters: split API init
      counters: call global counters funcs
      counters: rename widely used pctmi var to sts (stats thread store)
      counters: pass per thread stats to output api
      stats-json: fixes and improvements
      stats json: replace strndup
      stats: support per thread stats in json output
      log-stats: make global/threads logging configurable
      counters: rename register API calls
      counters: clean up defines
      counters: s/SCPerfCounterAddUI64/StatsAddUI64/g
      counters: s/SCPerfCounterIncr/StatsIncr/g
      counters: s/SCPerfCounterSetUI64/StatsSetUI64/g
      counters: various renames and cleanups
      counters: s/SCPerfPublicContext/StatsPublicThreadContext/g
      counters: s/SCPerfPrivateContext/StatsPrivateThreadContext/g
      counters: remaining s/SCPerf/Stats/g
      counters: minor header cleanup
      counters: rename unparsable SCPCAElem to StatsLocalCounter
      counters: minor internal API cleanups
      counters: remove old unix socket json logic
      counters: remove last and now unused tm_name reference
      counters: remove references to 'perf' counters
      http: make http.memuse a global counter
      counters: make tcp.memuse a global counter
      counters: make DNS counters globals
      counters: turn flow.memuse into a global counter
      counters: clean up global context
      counters: make threads cleanup all memory
      counters: work around unix-socket init issues
      counters: don't run if no counters have been registered
      counters: use ptr to name instead of copy
      http-client-body: create unittest util func
      http: fix body tracking
      http: improve body pruning
      detect: remove unused match_flags from inspect engines
      detect: remove struct/union tricks from Signature
      detect: various header cleanups
      decode: clean up tunnel decode logic
      decode: add ERSPANv1 decoder
      decode: add erspan counter
      decode: optimize DecodeThreadVars layout
      suppress: support ip-lists
      suppress: add track by_either mode
      alproto: improve AppProtoToString
      file extract: add app_proto to logging
      detect-state: remove/hide BUG_ON statements
      decode: create util function for basic counter updates
      nfq: add ips stats
      ips: move counters in common struct and funcs
      http: body pruning update
      http: improve inline body tracking
      flow timeout: prevent dead locks
      smtp file_data: fix wrong free
      http: memcap HTTP server inspect body code
      stream: update StreamMsg to don't have fixed size
      print: make PrintRawDataFp take a const arg
      app-layer: improve EOF handling
      app-layer: update all protocols to accept NULL+EOF
      detect hsbd: simplify resize logic
      fast log: clean up tests
      htp: fix test
      dce_opnum: improve memory handling on parsing error
      counters: reduce global usage
      pfring runmode: remove set that is never read
      smb: fix coverity warning
      file_data smtp: fix minor coverity warning
      detect analizer: fix minor coverity warning
      smtp json: fix potential crash on malloc failure
      htp: hide BUG_ON's behind DEBUG_VALIDATION
      erspan: respect vlan.use-for-tracking setting
      app-layer: fix coverity warnings
      Minor unittest cleanups
      detect: fix settings override for reloads
      log: reorganize SCLogOPIfaceCtx to make it more efficient
      logging: cleanup output API
      output: cleanup
      logging: change newline handling
      logging: optional colors output
      logging: fix per output log formats
      logging: json output
      config: update yaml to show json logging option
      lua: initial DNS logging support
      lua: dns extensions
      dns: rename type so it's purpose is more clear
      dns: generic request/response detect lists
      detect: add AppLayerTxMatch call
      dns: generic inspect engines for DNS
      lua: dns support
      introduce fatal error macro's
      detect: default to u32 for SigIntId
      detect: optimize Signature layout
      flow/stream: xfer noinspect flags to pseudo pkts
      http: harden tx inspection code
      Sync alversion/appversion types
      app-layer: fix args to state progress calls
      dns: fix state progress handling
      detect: constify some DetectMpmPrefilter args
      detect: clean up flag usage
      app-layer: disruption flags
      app-layer: pass full flags around in tx handling
      output-tx: use disrupt flags
      detect: pass flags to inspect_id update logic
      detect: optimize http prefilter handing
      detect: make http prefilter use disrupt flags
      http: destroy htp_tx_t even if incomplete
      detect: set flow noinspect on pass in applayer/stream
      detect: fix pass transaction handling
      eve alert: fix stream payload printing
      multi-detect: (un)register-tenant unix socket commands
      detect: initial MT lookup logic
      tenants: apply added/removed tenant
      detect: make multi tenancy a global switch
      detect: use multi tenant thread init if MT enabled
      suricatasc: allow for tenant id in pcap-file
      pcap-file: set tenant-id if available
      unix-socket: allow tenant id with pcap-file
      detect: select detect engine at Detect entry
      multi-detect: initial selectors for tenants
      unix-socket: implement register-tenant-handler
      multi-detect: allow start up with 0 tenants
      multi-detect: register counters on 'master' det_ctx
      multi-detect: error on start if no selector registered
      multi-detect: set selector from yaml
      detect: don't error out on no de_ctx
      multi-detect: implement unregister-tenant-handler
      suricatasc: add register-tenant-handler command
      suricatasc: add unregister-tenant-handler
      multi-detect: load tenants from yaml file
      multi-detect: cleanup, reuse tenant loading code
      multi-detect: refuse to add duplicate tenant
      multi-detect: store tenant id in packet
      multi-detect: add tenant id to alert json output
      multi-detect: add reload-tenant command
      multi-detect: implement reload tenant in suricatasc
      multi-detect: make classification prefix aware
      multi-detect: make reference prefix aware
      multi-detect: make threshold prefix aware
      detect: clean up thread free code
      multi-detect: hash lookup for tenants
      multi-detect: set tenant id on pseudo packets
      detect: create loader threads
      multi-detect: detect loader for unix socket
      multi-detect: improve memory handling of setup code
      unittests: use a global packetpool
      debug: packet pool init/destroy validation
      detect-loaders: configurable amount of loaders
      detect loader: move to own file
      xff: support ports and more ipv6 notations
      transaction inspection: fix limit enforcement
      autotools: cleanup
      Fix minor format string issues
      yaml: add missing ippair section
      DNS: refactor tx completion logic
      lua: add direction support
      detect-lua: set direction
      lua: TLS support
      decoder: add template/example
      development tools: add script to setup new decoder
      detect plugin: add template
      development tools: add script to setup detect module
      stream: optimize proto detect segment handling
      stream: fix protocol detection issue for GAPs
      stream: use reassembly fast path after proto detect
      stream: allow next_seq catch up after pkt loss
      detect: fix issue with smsg and seq wraps
      debug validation: add segment list sanity check
      proto detect: more bypass conditions
      stream: RST last_ack update fix
      stream: improve handling of GAPs at stream start
      mpm: minor fixes and cleanups
      debug validation: introduce DEBUG_VALIDATE_BUG_ON
      mpm: change direction checking in mpm wrappers
      mpm: indent fix, no functional change
      mpm: assume we'll likely have a mpm_ctx
      mpm: optimize & debug validate
      mpm: use IPPROTO_TCP for readability
      mpm: improve debug output
      mpm: remove bloated counting logic
      mpm: remove used counter
      detect: improve comments on mpm
      mpm: redo uri maxlen logic
      mpm: improve SGH content len tracking
      mpm: SGH maxlen was actually minlen, so rename
      stream: improve retransmission detection
      ippair: update ippair size logic
      host: update host size logic
      flow: add missing storage size to checks, output
      threshold: remove debug message from info loglevel
      defrag tests: fix compiler warnings
      htp: cleanup, remove unused declaration
      threading: store thread module flags in threadvars
      threads: add func to count running threads of types
      threading: avoid autofp deadlock
      profiling: cleanup, remove MIN declaration
      rule profiling: json output
      output-json: don't alloc for JSON to string
      output: cleanup JSON logging
      json: fix malformed output
      base64: code style fixups
      multi-detect: clean up output
      multi-detect: use default tenant
      multi-detect: validate vlan_id
      multi-detect: consider vlan tracking
      multi-detect: handle missing mappings
      multi-detect: improve error handling
      multi-detect: fix and simplify config
      http: test cleanups
      http: don't run unittests twice
      http: add test for plain http over connect
      tls: fix compiler warnings
      rule vars: fix compiler warning
      Update dev version to reflect we're doing 3.0 now
      Update changelog for 3.0RC1

Zachary Rasmor (1):
      Add Feature #1454. Generic eve-log prefix support.

Zopieux (1):
      stream_size operator comparison (fix issue #1488)

cardigliano (5):
      workers runmode: allow multiple input devices
      pfring pkt acq: use zero-copy recv in workers runmode
      pfring pkt acq: removed reentrant flag
      pfring pkt acq: capture loop optimisation
      pfring pkt acq: keep running on 'pfring_set_cluster' failure when cluster is not required

gureedo (2):
      netmap: extended comments for options in configuration file.
      netmap: enable zero-copy mode only when copy-mode is specified.

sfd (1):
      Fix compile bad dereferences



More information about the Oisf-devel mailing list