[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta4-308-gfc7f090
OISF Git
noreply at openinfosecfoundation.org
Wed Sep 23 10:43:36 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via fc7f090cd3268a3a624177cef32a9576b74975e3 (commit)
via 37fa4a48762dda0a8ed5c4f6bc68b383138afb63 (commit)
via 480e91edac2d071f37b76d278e0b76a5f684a2fd (commit)
via ff769b73a77bcaaa234a9b32f1977045af51cc2b (commit)
via 6b2f831a709382c78a71a03249b2ec412fda849f (commit)
via 2716c786283799745436637cc6534bd0059a29e5 (commit)
via e529ebb50edbed9fe6aa6d1a5ad66bbf6bc17948 (commit)
via df95d375bbe5c7ddfb1316baf8f2f025d22beb3d (commit)
via 496f9800ac8c35d833cd75b7959caf2103728f61 (commit)
via c53c9b4b2009f769f2ab6e6c670f6e68ad147213 (commit)
via da7bad7c1b5d95c5997b94c1368aa1837dc234ad (commit)
via 977074930ba9b88a5ad328ba61534a1241694052 (commit)
via a559c41295e395e8db01a18a543423a623837afa (commit)
via 0dd3b73db2d0264cbabcd402c76a171306f2ac72 (commit)
via 7c336f4190c7b78720312a0dae5c3430df3b8955 (commit)
via a00d83f1f53ab9ec39f3144181bd33e4103de863 (commit)
via 804f8619671a0f3847b911cfd6e183c26ff9dd86 (commit)
via e755913b4b6ca3d8f184932841c2f9e8f18fa479 (commit)
via cacf425bd38aeee48c6cb77189d9412dbbe3d4e2 (commit)
via 574ef0ad2a47a2ee0b59bd23fea58c8f02499d1a (commit)
via 3ca44219dc65e17461db5bae96cef1818a7eec43 (commit)
via fa8dc77dcc73e3e4b9c0374b6eec8b3e5f379fd8 (commit)
via e67188e437b39f21cb2f7452cd300c522ce97252 (commit)
via 8ac49d9129603efd5698c9851f769c6d8cc9aee9 (commit)
via 596465b76d9bd89102cc4d18e38f991185b6666a (commit)
via 34ed15e1823dd85f89bef7944aac130bd0b7e44f (commit)
via 708e80c90023b4b122f57542ba92099a661bbca1 (commit)
via 84fd28eaed25c61ad2bea87800bfae756cc0c03f (commit)
via a2867153670f776a338fc698bca08b33ae36d3b6 (commit)
via f8b8b6f753d62ffe5469384b9c420a1f1acb25c2 (commit)
from 4a738023d5ac945f0109ceb13fcc43e3f3095453 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fc7f090cd3268a3a624177cef32a9576b74975e3
Author: Victor Julien <victor at inliniac.net>
Date: Mon Sep 21 08:34:19 2015 +0200
flow: add missing storage size to checks, output
commit 37fa4a48762dda0a8ed5c4f6bc68b383138afb63
Author: Victor Julien <victor at inliniac.net>
Date: Sun Sep 20 22:54:32 2015 +0200
host: update host size logic
Instead of using (sizeof(Host)+HostStorageSize()) in many places,
create a simple size variable that is set during setup.
commit 480e91edac2d071f37b76d278e0b76a5f684a2fd
Author: Victor Julien <victor at inliniac.net>
Date: Sun Sep 20 22:39:17 2015 +0200
ippair: update ippair size logic
Instead of using (sizeof(IPPair)+IPPairStorageSize()) in many places,
create a simple size variable that is set during setup.
commit ff769b73a77bcaaa234a9b32f1977045af51cc2b
Author: Victor Julien <victor at inliniac.net>
Date: Mon Sep 21 15:01:56 2015 +0200
stream: improve retransmission detection
Consider packets starting before last_ack and ending after it also
to be retransmissions. This way we can see if they are having
different data.
commit 6b2f831a709382c78a71a03249b2ec412fda849f
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 21:56:29 2015 +0200
mpm: SGH maxlen was actually minlen, so rename
commit 2716c786283799745436637cc6534bd0059a29e5
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 21:46:34 2015 +0200
mpm: improve SGH content len tracking
SGH's track content length for rule grouping.
This patch changes the logic to only consider the pattern that is
used in the mpm for a sig.
commit e529ebb50edbed9fe6aa6d1a5ad66bbf6bc17948
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 20:53:26 2015 +0200
mpm: redo uri maxlen logic
The mpm_uricontent_maxlen logic was meant to track the shortest
possible pattern in the MPM of a SGH. So a minlen more than a maxlen.
This patch replaces the complicated tracking logic by a simpler
scheme. When the SGH's are finalize, the minlen is calculated.
It also fixes a small corner case where the calculated "maxlen" could
be wrong. This would require a smaller pattern in a rule to be forced
as fast pattern.
commit df95d375bbe5c7ddfb1316baf8f2f025d22beb3d
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 19:33:14 2015 +0200
detect: improve comments on mpm
commit 496f9800ac8c35d833cd75b7959caf2103728f61
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 19:28:52 2015 +0200
mpm: remove used counter
commit c53c9b4b2009f769f2ab6e6c670f6e68ad147213
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 18:56:43 2015 +0200
mpm: remove bloated counting logic
Counters were only used to print debug info.
commit da7bad7c1b5d95c5997b94c1368aa1837dc234ad
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 18:41:51 2015 +0200
mpm: improve debug output
commit 977074930ba9b88a5ad328ba61534a1241694052
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 18:41:36 2015 +0200
mpm: use IPPROTO_TCP for readability
commit a559c41295e395e8db01a18a543423a623837afa
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 13:58:03 2015 +0200
mpm: optimize & debug validate
Wrappers are called only if a mpm_ctx is available. So remove the test
for a null ctx and replace it by a debug validation BUG_ON.
commit 0dd3b73db2d0264cbabcd402c76a171306f2ac72
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 13:57:57 2015 +0200
mpm: assume we'll likely have a mpm_ctx
commit 7c336f4190c7b78720312a0dae5c3430df3b8955
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 13:24:47 2015 +0200
mpm: indent fix, no functional change
commit a00d83f1f53ab9ec39f3144181bd33e4103de863
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 13:13:55 2015 +0200
mpm: change direction checking in mpm wrappers
Instead of having reachable assertions, use DEBUG_VALIDATE_BUG_ON
commit 804f8619671a0f3847b911cfd6e183c26ff9dd86
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 13:11:56 2015 +0200
debug validation: introduce DEBUG_VALIDATE_BUG_ON
DEBUG_VALIDATE_BUG_ON(exp) will call BUG_ON(exp) if debug validation
is compiled in. Otherwise it's a no-op.
commit e755913b4b6ca3d8f184932841c2f9e8f18fa479
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 19 13:11:35 2015 +0200
mpm: minor fixes and cleanups
commit cacf425bd38aeee48c6cb77189d9412dbbe3d4e2
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 31 19:00:35 2015 +0200
stream: improve handling of GAPs at stream start
Detect and handle gaps at the start of the stream, when there may
be no segments in the list (yet).
commit 574ef0ad2a47a2ee0b59bd23fea58c8f02499d1a
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 27 23:49:15 2015 +0200
stream: RST last_ack update fix
Only use ACK if ACK flag was set and ACK value is valid.
commit 3ca44219dc65e17461db5bae96cef1818a7eec43
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 27 22:58:32 2015 +0200
proto detect: more bypass conditions
More exceptional cases for protocol detection. In very unbalanced flows,
where just a few bytes are sent toserver and many toclient, proto detect
might not complete in time on the toserver direction. This can lead to
queuing up many segments in the toclient direction.
Another case is that in come cases the stream is flagged as proto detect
done, but the flows proto detect flags are not set. This is now handled
by the ProtoDetectDone() check.
commit fa8dc77dcc73e3e4b9c0374b6eec8b3e5f379fd8
Author: Victor Julien <victor at inliniac.net>
Date: Wed Aug 26 16:52:09 2015 +0200
debug validation: add segment list sanity check
commit e67188e437b39f21cb2f7452cd300c522ce97252
Author: Victor Julien <victor at inliniac.net>
Date: Thu Aug 27 18:57:48 2015 +0200
detect: fix issue with smsg and seq wraps
Due to a broken sequence number check, detect could fail to process
smsgs in case of a sequence wrap. This could lead to excessive use
of smsg's but also of segments, since these aren't cleared until the
smsg containing them is.
commit 8ac49d9129603efd5698c9851f769c6d8cc9aee9
Author: Victor Julien <victor at inliniac.net>
Date: Tue Sep 1 22:46:14 2015 +0200
stream: allow next_seq catch up after pkt loss
If next_seq falls behind last_ack, force update it.
commit 596465b76d9bd89102cc4d18e38f991185b6666a
Author: Victor Julien <victor at inliniac.net>
Date: Mon Aug 31 18:50:06 2015 +0200
stream: use reassembly fast path after proto detect
Use the reassembly fast paths only after protocol detection has completed.
In some corner cases the sending of smaller segments lead to protocol
detection failing.
commit 34ed15e1823dd85f89bef7944aac130bd0b7e44f
Author: Victor Julien <victor at inliniac.net>
Date: Wed Aug 26 16:15:07 2015 +0200
stream: fix protocol detection issue for GAPs
If the protocol required TOSERVER data first, but the SSN started with
a GAP, then the TOCLIENT side would get stuck in an expensive path:
1. it would run detection on TOCLIENT
2. it would try to force reassembly for TOSERVER
3. it would reset the detected protocol as TOSERVER failed
4. it would not evict any segment
This had 2 consequences:
1. on long running sessions this could lead to using lots of memory
on segments, denying other sessions resources
2. wasted cycles on protocol detection and segment list management
This patch introduces a fix. It checks in the (2) stage above, whether
the opposing stream (that we depend on) it is a NOREASSEMBLY state. If
so, it gives up on this side of the session as well.
commit 708e80c90023b4b122f57542ba92099a661bbca1
Author: Victor Julien <victor at inliniac.net>
Date: Wed Aug 26 14:25:16 2015 +0200
stream: optimize proto detect segment handling
In case of protocol detection not yet being complete, the segment
list was walked unconditionally to unset the app layer processed
flag. Optimize this to bail on the first segment that doesn't have
the flag set.
commit 84fd28eaed25c61ad2bea87800bfae756cc0c03f
Author: Jason Ish <ish at unx.ca>
Date: Wed Sep 16 11:23:34 2015 -0600
app-layer setup scripts: fix header substitution.
Fixes make distcheck.
commit a2867153670f776a338fc698bca08b33ae36d3b6
Author: Eric Leblond <eric at regit.org>
Date: Sun Sep 13 23:34:16 2015 +0200
host-storage: document host storage API
commit f8b8b6f753d62ffe5469384b9c420a1f1acb25c2
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 14 10:55:04 2015 +0200
configure: use pkg_config for libhtp
It was not possible to simply specify PKG_CONFIG_PATH to build
with an non bundled libhtp. With this patch we don't need anymore
the htp lib and include configure options.
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 6 +
scripts/setup-app-layer-logger.sh | 2 +-
src/app-layer.c | 43 +-
src/detect-engine-filedata-smtp.c | 5 +-
src/detect-engine-mpm.c | 860 ++++++++++++++++++--------------------
src/detect-engine-siggroup.c | 98 +++--
src/detect-engine-siggroup.h | 2 +
src/detect-parse.c | 57 ---
src/detect-uricontent.c | 12 +-
src/detect.c | 282 ++++---------
src/detect.h | 17 +-
src/flow-hash.c | 3 +-
src/flow.c | 4 +-
src/host-storage.c | 59 ++-
src/host.c | 29 +-
src/ippair.c | 28 +-
src/stream-tcp-reassemble.c | 178 +++++---
src/stream-tcp.c | 110 +++--
src/util-validate.h | 3 +
19 files changed, 888 insertions(+), 910 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list