[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.0.1-168-g7f700a1
OISF Git
noreply at openinfosecfoundation.org
Mon Apr 25 16:40:22 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 7f700a137cd54497c16d99a0c4418f1296a87aaa (commit)
via c4a9580fce91bafc5e2cfcf366dd50a3ec16eaaa (commit)
via 8cd4405c213bc5f4344f2d5d37cf7a3dacbeeec5 (commit)
via ea0067add8006f125bb0fa185d89f9228dad5a5e (commit)
via 83e0529b2b7cf953c83a6fbf5c59279f02574caf (commit)
via aa4ad9d25b042fc7f6cb9f0d704a3c7420fd6d32 (commit)
via 807fe4ac9fc49f9bbdfbab14aef77e70fe331627 (commit)
via 19d112ba077cae4d79beb5f4944ec78a0a69f8fd (commit)
via 5c514c904ffee373b8d872ee13ff3eda7d1fec9c (commit)
via 9d3fd828490a3f116947bb8f35ff745d1ebe8578 (commit)
via 06d74b5775a92579372dd767c38584586b373e11 (commit)
via 69863f7b1c34fadf6148066dbc099e17812cabee (commit)
via 7f2f7cc48de7d842ce6b7dc3dae2a1d5c52aa3f9 (commit)
via c6bbd89251432af2c458a7a6f5114bcf54667f5d (commit)
from 554080cced6f01f364e6d794acb6a7e8be582a1c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7f700a137cd54497c16d99a0c4418f1296a87aaa
Author: Victor Julien <victor at inliniac.net>
Date: Thu Apr 21 16:51:54 2016 +0200
smtp: fix test
commit c4a9580fce91bafc5e2cfcf366dd50a3ec16eaaa
Author: Victor Julien <victor at inliniac.net>
Date: Thu Apr 21 13:17:33 2016 +0200
detect file: improve multi file handling
When multiple files were in a tx, the first one(s) closed/complete
and a new open one as well, a match in the former could lead to not
inspecting the latter.
This patch adds a workaround for this case, by allowing the file
inspection code to return a special code for 'match, but more files
available in tx'.
The stateful detection engine will then not make this match final for
the tx. It relies on the file pruning to kick in to make sure the
already complete files are removed from the tx before the next time
the detection engine is called on the tx.
commit 8cd4405c213bc5f4344f2d5d37cf7a3dacbeeec5
Author: Victor Julien <victor at inliniac.net>
Date: Thu Apr 21 10:08:06 2016 +0200
detect file: cleanups
commit ea0067add8006f125bb0fa185d89f9228dad5a5e
Author: Victor Julien <victor at inliniac.net>
Date: Wed Apr 20 17:47:31 2016 +0200
debug: add various detect engine debug statements
commit 83e0529b2b7cf953c83a6fbf5c59279f02574caf
Author: Victor Julien <victor at inliniac.net>
Date: Wed Apr 20 18:42:01 2016 +0200
http: flag destate about new files
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in http. For http it
should only apply to multipart bodies although the flag is set for
all files.
commit aa4ad9d25b042fc7f6cb9f0d704a3c7420fd6d32
Author: Victor Julien <victor at inliniac.net>
Date: Wed Apr 20 17:27:41 2016 +0200
smtp: flag detect state that new files are available
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.
commit 807fe4ac9fc49f9bbdfbab14aef77e70fe331627
Author: Victor Julien <victor at inliniac.net>
Date: Fri Apr 22 08:53:19 2016 +0200
detect state: fix issues with multiple files per tx
Make sure multiple files in a single tx are inspected correctly. This
requires resetting part of the stored state on new files.
commit 19d112ba077cae4d79beb5f4944ec78a0a69f8fd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Apr 21 15:14:45 2016 +0200
smtp/mime: allow unquoted name/filename fields
Don't enforce that name/filename fields are quoted.
Reported-By: Blair Steven
commit 5c514c904ffee373b8d872ee13ff3eda7d1fec9c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Apr 21 14:37:43 2016 +0200
smtp: fix file logging and matching
When no rules with 'file content' keywords like filemd5 or filestore
were used, and non of the file outputs would force 'output' like
'force-md5' and 'force-magic', the file would not be tracked at all.
This meant that logging wouldn't work and neither would filename and
fileext inspection.
This patch removes the tracking bypass from the SMTP code and leaves
decisions to the file API.
commit 9d3fd828490a3f116947bb8f35ff745d1ebe8578
Author: maxtors <moe.andreas at gmail.com>
Date: Sun Apr 24 16:19:39 2016 +0200
Removed duplicate include statements.
commit 06d74b5775a92579372dd767c38584586b373e11
Author: maxtors <moe.andreas at gmail.com>
Date: Sun Apr 24 11:18:50 2016 +0200
Module specific error code for init ctx error.
commit 69863f7b1c34fadf6148066dbc099e17812cabee
Author: maxtors <moe.andreas at gmail.com>
Date: Sun Apr 24 11:04:59 2016 +0200
Corrected and unified debugmessages for init data errors in *ThreadInit.
commit 7f2f7cc48de7d842ce6b7dc3dae2a1d5c52aa3f9
Author: maxtors <moe.andreas at gmail.com>
Date: Fri Apr 22 20:15:21 2016 +0200
Added parsing and utilization of yaml defined payload buffer value.
commit c6bbd89251432af2c458a7a6f5114bcf54667f5d
Author: maxtors <moe.andreas at gmail.com>
Date: Fri Apr 22 19:18:40 2016 +0200
Added payload-buffer-size option to yaml configuration
-----------------------------------------------------------------------
Summary of changes:
src/alert-debuglog.c | 2 +-
src/alert-fastlog.c | 1 -
src/alert-unified2-alert.c | 5 +--
src/app-layer-htp-body.c | 1 -
src/app-layer-htp-file.c | 1 -
src/app-layer-htp.c | 20 +++++++++++
src/app-layer-smtp.c | 51 +++++++++++++--------------
src/app-layer.c | 4 ---
src/detect-app-layer-event.c | 2 --
src/detect-base64-decode.c | 3 --
src/detect-depth.c | 1 -
src/detect-detection-filter.c | 2 --
src/detect-distance.c | 1 -
src/detect-dns-query.c | 1 -
src/detect-dsize.c | 2 +-
src/detect-engine-address-ipv4.c | 1 -
src/detect-engine-file.c | 74 +++++++++++++++++++--------------------
src/detect-engine-filedata-smtp.c | 1 -
src/detect-engine-mpm.c | 1 -
src/detect-engine-state.c | 48 +++++++++++++++++++++++--
src/detect-engine-state.h | 6 ++++
src/detect-engine.c | 1 -
src/detect-filemagic.c | 1 -
src/detect-filesize.c | 2 --
src/detect-flowbits.c | 1 -
src/detect-fragoffset.c | 2 --
src/detect-icmp-id.c | 2 --
src/detect-icmp-seq.c | 2 --
src/detect-icode.c | 2 --
src/detect-ipproto.c | 3 --
src/detect-itype.c | 1 -
src/detect-l3proto.c | 4 ---
src/detect-parse.c | 1 -
src/detect-pcre.c | 4 ---
src/detect-threshold.c | 4 ---
src/detect-ttl.c | 2 --
src/detect-urilen.c | 1 -
src/detect-within.c | 1 -
src/detect.c | 2 --
src/flow.c | 1 -
src/log-dnslog.c | 2 +-
src/log-droplog.c | 1 -
src/log-filestore.c | 2 +-
src/log-httplog.c | 2 +-
src/log-pcap.c | 2 +-
src/log-stats.c | 4 +--
src/log-tcp-data.c | 2 +-
src/log-tlsstore.c | 2 +-
src/output-json-alert.c | 34 +++++++++++++-----
src/output-json-dns.c | 2 +-
src/output-json-drop.c | 3 +-
src/output-json-file.c | 2 +-
src/output-json-flow.c | 4 +--
src/output-json-http.c | 2 +-
src/output-json-netflow.c | 4 +--
src/output-json-smtp.c | 4 +--
src/output-json-ssh.c | 4 +--
src/output-json-stats.c | 4 +--
src/output-json-template.c | 2 +-
src/output-json-tls.c | 4 +--
src/output-json.c | 5 ++-
src/reputation.c | 2 --
src/runmode-unittests.c | 1 -
src/runmode-unix-socket.c | 3 --
src/source-mpipe.c | 1 -
src/util-action.c | 1 -
src/util-decode-mime.c | 4 +--
src/util-error.c | 7 ++++
src/util-error.h | 7 ++++
src/util-file.c | 4 +++
suricata.yaml.in | 15 ++++----
71 files changed, 216 insertions(+), 185 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list