[Oisf-devel] [COMMIT] OISF annotated tag, suricata-3.2beta1, created. suricata-3.2beta1
OISF Git
noreply at openinfosecfoundation.org
Mon Oct 3 13:49:45 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The annotated tag, suricata-3.2beta1 has been created
at 7398ccede942e4871088d29adb642fe80b552d55 (tag)
tagging 790ac8d417d451358a2aca6db81a4cc5363fad33 (commit)
replaces suricata-3.1.2
tagged by Victor Julien
on Mon Oct 3 15:48:42 2016 +0200
- Log -----------------------------------------------------------------
Tag 3.2beta1 release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJX8mHCAAoJEMH0leOSaFa0T98IAIg2ZkfUedYR6SNDpnHAhKbv
4oZEVZMTypYZt6xKqQWwuusyTIUYGy0wtZ7pHyofImaImW0v3rUKS93yL5PLKJ8w
FMQN3c7UNOY2XSCJETXOk/fCot2PHQVVKMCUtal8LK4lxYu38+3TrfABgyvdW1e4
tZIw6wpE3QQiKU50kcRstQiyVYYntD+phL7XPR0RSpV0c71bxoHREW0V5ITh/4Lr
Ib0VZaOuGaS9tvBB/YcZxyJUS5YjCEpWMHHyqxAAScPyM2k52SmfGnPmzK0+EfCM
Q1uW9PvHQIuQQegyvSGjqmnqFz5+xXcf899D6vzdZCwOWY2224UANydHH0YCmfk=
=CQFz
-----END PGP SIGNATURE-----
Andi (3):
doc: Document http_host and http_raw_host
doc: Add ssl_state doc
eve-json-format: add newest version from the wiki
Andreas Herz (21):
rule-parsing: reject unescaped double quote within content section
rule-reload: remember pending USR2 signals
configure: set correct cppflags for enabled nfqueue
doc: fixed underline too short error
doc: added ip reputation
doc: added ip reputation
doc: added initscripts
doc: add index for reputation to match wiki
doc: added setting up ips inline
doc: update gitignore to ignore node_modules
doc: added public data sets
doc: added capture hardware except for napatech
doc: added public data sets with file
doc: added capture hardware except for napatech with file
doc: added file-extraction
doc: added output section (some fixes still to do)
doc: minor fixes in configuration causing errors/warnings
doc: finished remaining conversion for output
doc: fixed remaining FIXME
doc: reorder duplicates
docs: sync up to recent redmine
Duarte Silva (4):
file-hashing: common code added
file-hashing: added support for SHA-1 file hashing
file-hashing: added support for SHA-256 file hashing
file-hashing: added configuration options and common parsing code
Eric Leblond (19):
unix-manager: fix output of version command
coccinelle: add siginit test
detect: fix setup for some keywords
util-time: new function to know if live or offline
unix-socket: add auto mode
stream: fix depth reached detection
app-layer: tx counter implementation
flow: add bypassed states
flow: display info about bypass in log
flow: add pruned bypassed flow counter
flow: get bypass info in get used flow function
flow: force reassembly for bypassed flows
decode: implement bypass function
flow: bypass encrypted and after stream depth flow
flow: update lastts in FlowHandlePacketUpdate
flow: downgrade to local bypass if we see packets
flow: discard packets belonging to bypassed flows
output-json-flow: display bypass method
stream: per TcpStream reassembly depth
Giuseppe Longo (12):
app-layer: add flow counters
app-layer: add ThreadVars to AppLayerParserParse
packet: add API for bypass
nfq: introduce bypass function
stream-tcp: enable bypass setting
detect: add bypass keyword
filestore: avoid conflict with bypass keyword
flow: add timeout for local bypass
app-layer-parser: add stream depth
modbus: set stream depth
app-layer: use StreamTcpSetReassemblyDepth
file-store: add depth setting
Jason Ish (117):
flowbits: validate that there are no spaces in the name
hostbits: fail parse on unexpected trailing data
hostbits: use new unittest macros
detect-flowbits: more unittest macro usage
logging: convert dns log to a non-thread module
logging: convert fast log to a non-thread module
logging: convert eve dns logging to non-thread module
logging: convert eve http to non-thread module
logging: convert prelude output to non-thread module
logging: convert json tls output to non-thread module
logging: convert json alert output to non-thread module
logging: convert json flow output to non-thread module
logging: convert json netflow output to non-thread module
logging: convert json ssh output to non-thread module
logging: convert json smtp output to non-thread module
logging: convert json drop output to non-thread module
tests: setup unit test framework earlier
logging: convert json template output to non-thread module
logging: convert drop output to non-thread module
logging: convert alert syslog to non-thread module
logging: convert http log to non-thread module
logging: convert stats loggers to non-thread module
logging: convert unified2 to non-thread module
logging: convert file logging to non-thread module
logging: convert file data logging to non-thread module
logging: convert tls store logging to non-thread module
logging: convert tcp data logging to non-thread module
logging: convert alert debug log to non-thread module
logging: convert tls log to non-thread module
logging: convert lua output to non-thread module
logging: add profiling back for non-tmm loggers
output.[ch]: consistent style
logging: remove dead code from output-json
logging: remove output priorities: not used
logging: use a single entry point for all loggers
logging: just return if no tx loggers
logging: convert pcap log to non-thread module
logging: rename registration functions to not have tmm
output-streaming: free thread store on deinit
logging: hook into flow worker thread
logging: remove the packetqueue's from the logging path
stream: remove lock from StreamTcpSegmentForEach
lua: remove flow locking from the lua layer
flow-bits: remove flow locks
flow-vars: remove flow locks
logging: proper failure on memory allocation error
setup-app-layer-logger.sh: update for logging changes
defrag: use frag_pkt_too_large instead of frag_too_large
pcre: fix missing quote in pcre unit test
detect-pcre: use new unit test macros
ssl: store current state separately from cumulative state
ssl: issue 1231 - support ssl state negation
detect-ssl-state: use new unit test macros
rule parsing: check for balanced double quotes
tls-json: make tls events direction sensitive
detect-tls: make check on fingerprint directional
docs: sample of sphinx docs
doc: payload-keywords
doc: fast-pattern
doc: header-keywords
doc: helper tool to convert from wiki to sphinx
doc: pcre
doc: flow-keywords
doc: flowint
doc: file-keywords
doc: thresholding
doc: rule lua scripting
doc: rule lua scripting
doc: adding your own rules
doc: live rule swap
doc: tls keywords
doc: normalized buffers
doc: rule profiling
doc: modbus keyword
doc: dnp3 keywords
doc: finish off the rules section
doc: add fixme to broken images
doc: restructure the rules section a little
doc: restructure directory layout
doc: command line options
doc: snort compatibility
doc: oinkmaster
doc: making sense of alerts
doc: high performance config
doc: tuning considerations
doc: statistics
doc: packet profiling
doc: rule profiling
doc: runmodes
doc: tcmalloc
doc: ignoring traffic
doc: add configuration
doc: fixup references
doc: reference fixups
doc: acknowledge doc/wiki authors
doc: new global threshold examples from Peter Manev.
doc: user .. option:: for command line option formatting
doc: rename from "sphinx" to "userguide"
doc: update url to modbus paper as advised by David Diallo.
doc: add GPL and CC licenses
doc: flow:not_established not supported
doc: dns: sync up with wiki
doc: packet capture: sync up with wiki
doc: hook sphinx into build
doc: minimal man page: suricata.1
doc: expose variables for substition in docs
doc: link up hyperscan and packet capture
doc: use - instead of _ in filenames for consistency
doc: get Suricata version from autoconf vars
doc: list files/directories in EXTRA_DIST
doc: shorten some paths to satisfy distcheck
doc: make target for pdf, and suricata.1 shortcut
doc: bundle pre-built man page in distribution
doc: attempt to parse version if not in environment
doc: bring in unix socket interaction from wiki
pcap-log config: sguil-base-dir -> dir and update comment
pcap-log: cleanup allocations at exit
Mats Klepsland (33):
tls: add (mpm) keyword tls_cert_issuer
tls: add (mpm) keyword tls_cert_subject
tls: add unit tests for tls_cert_subject
tls: add unit tests for tls_cert_issuer
tls: add function for decoding client_hello
app-layer-tls: add name to authors
tls: set event if input buffer overflows
rules: add rule for HANDSHAKE_INVALID_LENGTH event
coverty: fix CID 1361873
tls: fix faulty unittests
detect: fix faulty tls_sni unittests
detect-tls-sni: use new unit test macros
detect-tls-version: use new unit test macros
detect-ssl-version: use new unit test macros
app-layer-ssl: use new unit test macros
util-decode-der: decode GeneralizedTime
util-time: add function to convert tm to time_t
app-layer-ssl: add validity dates from certificate
util-time: add function to parse a date string based on patterns
detect: add tls_cert_notbefore and tls_cert_notafter keywords
util-time: add function to create a UTC time string
output-json-tls: add notBefore and notAfter fields to extended output
log-tls: add notBefore and notAfter fields to extended output
util-lua: add (wrapper) function to push integer to lua scripts
lua: add lua functions for certificate validity dates
detect-dns: move DetectEngineInspectGenericList to detect-engine.c
detect: add detect engine for tls validity keywords
util-decode-der-get: fix coverity warning
detect-tls-validity: use flags for modes
detect: add keyword tls_cert_expired
detect-cert-validity: fix typos
detect: add keyword tls_cert_valid
detect-tls-cert-validity: clean up unit tests
Tom DeCanio (1):
util-decode-mime: remove quote from boundary= string.
Victor Julien (199):
detect: don't print (null) in --list-keywords=all
bpf: fix file parsing memory handling
mpls: add missing event type + rule
magic: fix broken tests after CentOS6 update
Open Suricata 3.2 development branch
threading: remove thread restart logic
threads: failed thread is a fatal error now
threads: remove EngineKill & SURICATA_KILL
app-layer: add function to check if app-layer supports files
detect file: enforce protocol in single place
detect file: enable HTTP inspection from validate func
detect: don't set alproto while registering keyword
gitignore: update to hide more local files
detect: mark alproto in keyword reg deprecated
decoder-event: BUG_ON on table mismatches
detect: optimize rule address parsing
iponly: fix unittests
common: introduce BIT_U16
file: introduce common flags handling function
file-hashing: restore 'force-md5'
offloading: preparation for disabling offload on BSD
device: add global flag for disabling offloading
netmap: optionally disable offloading
pcap: optionally disable offloading
offloading: Linux ethtool offloading support
af-packet: optionally disable offloading
offloading: restore settings on exit
offloading: implement restoring settings for BSD
offloading: reduce verbosity to 'perf'
offloading: make disabling offloading configurable
flow: remove dead code
flow: simplify timeout logic
flow-manager: optimize hash walking
file: remove dead code
unittests: replace SCMutex* calls by FLOWLOCK_*
unittests: fix tests
http: removed unused flags
doc: move snort compat to rule chapter
doc: rename to 'Suricata User Guide'
doc: move drop privs into configuration
doc: commandline improvements
doc: update what is suricata section
doc: fix lua keyword name
doc: remove/cleanup 'guides'
doc: improve commandline options
doc: fix ET example URL
doc: improve tuning/perf docs
doc: reorganize hyperscan guide
detect-parse: add new func to get last sigmatch
mpm uri: remove unused function args
mpm raw uri: remove unused function args
mpm method: remove unused function args
mpm host: remove unused function args
mpm raw host: remove unused function args
mpm cookie: remove unused function args
mpm ua: remove unused function args
mpm stat msg: remove unused function args
mpm stat code: remove unused function args
mpm dns query: remove unused function args
mpm tls: remove unused function args
uricontent: remove left over func decl
detect-fragoffset: minor cleanup
mpm: remove Cleanup API call
prefilter: rename PatternMatcherQueue datatype
detect: rename non_mpm lists/vars to non_pf
detect: rename SignatureNonMpmStore
prefilter: introduce prefilter engines
http_uri: mpm prefilter engine
http_method: mpm prefilter engine
packet/stream: mpm prefilter engine
dns_query: mpm prefilter engine
http_raw_uri: mpm prefilter engine
http_cookie: mpm prefilter engine
http_user_agent: mpm prefilter engine
http_host: mpm prefilter engine
http_raw_host: mpm prefilter engine
http_stat_msg: mpm prefilter engine
http_stat_code: mpm prefilter engine
http_headers: mpm prefilter engines
http_client_body: mpm prefilter engine
http_server_body / file_data: mpm prefilter engine
http_raw_header: mpm prefilter engine
smtp file_data: mpm prefilter engine
tls: mpm prefilter engines
sgh: remove unused flags
detect cleanup: remove sgh mpm_ctx pointers
prefilter: implement prefilter keyword
prefilter: show prefilter capability in --list-keywords
prefilter: common funcs for packet header prefilters
prefilter: intro common engine for u8 matches
profiling: support prefilter engines
prefilter: engine for tcp flags keyword
prefilter: engine for ack rules
prefilter: implement fragbits
detect-dsize: enable prefilter support
detect analyzer: give minimal prefilter info
detect-fragoffset: implement prefilter
prefilter: implement basic prefilter priority order
detect-flow: implement prefilter
detect-seq: implement prefilter
detect-ttl: implement prefilter
detect-itype: implement prefilter
detect-icode: implement prefilter
detect-id: implement prefilter
detect-itype: implement as u8 hash prefilter
detect-icode: implement as u8 hash prefilter
detect-icmp-seq: prefilter
detect-icmp-id: prefilter
detect mpm: negated setup fix
prefilter: add 'extra match' logic to packet engines
detect-flow: prefilter extra match support
detect-flags: prefilter extra match support
detect-dsize: extra match support
detect-id: extra match support
detect-ttl: extra match support
detect-seq: extra match support
detect-ack: extra match support
prefilter: move payload engines into separate list
detect mpm: consider sgh direction when adding rules
prefilter: alloc CLS aligned memory
prefilter: in profiling print totals
detect: config opt to enable keyword prefilters
profiling: more prefilter profiling
prefilter: cleanup and optimization
detect: simplify content inspection types
mpm: add App Layer MPM registery
http_uri: register mpm from keyword
http_raw_uri: register mpm from keyword
http_header: register mpm from keyword
http_user_agent: register mpm from keyword
http_raw_header: register mpm from keyword
http_method: register mpm from keyword
file_data: register mpm from keyword
http_stat_msg: register mpm from keyword
http_stat_code: register mpm from keyword
http_client_body: register mpm from keyword
http_host: register mpm from keyword
http_raw_host: register mpm from keyword
http_cookie: register mpm from keyword
dns_query: register mpm from keyword
tls: register mpm from keywords
mpm: remove empty app_mpms table
fast_pattern: register app layer mpms automatically
http_request_line: implement keyword and mpm
http_response_body: implement keyword with mpm
detect state: reorganize flags
detect-engine: improved inspect engines
detect-mpm: cleanup
detect mpm: small optimization
detect-engine: new registration call
http_request_line: register inspect engine from keyword
http_response_line: register inspect engine from keyword
http_uri: register inspect engine from keyword
http_client_body: register inspect engine from keyword
http_header: register inspect engine from keyword
http_raw_header: register inspect engine from keyword
http_method: register inspect engine from keyword
http_cookie: register inspect engine from keyword
http_raw_uri: register inspect engine from keyword
http_user_agent: register inspect engine from keyword
http_host: register inspect engine from keyword
http_raw_host: register inspect engine from keyword
file_data: register inspect engine from keyword
http_stat_msg: register inspect engine from keyword
http_stat_code: register inspect engine from keyword
tls_sni: register inspect engine from keyword
tls_cert_subject: register inspect engine from keyword
tls_cert_issuer: register inspect engine from keyword
dns detect: register inspect engine from keyword
modbus detect: register inspect engine from keyword
file detect: register inspect engines from keyword
template_buffer: register inspect engine from keyword
detect: remove empty app registration table
detect app-layer-event: clean up registration
detect: clean up inspect engine registration
detect: reshuffle keyword registration order
prefilter: clean up setup code
prefilter: use array of engines per sgh
http: track if request/response have trailers
http_header: only run trailer mpm if we have trailers
http_header: don't separately inspect trailer yet
doc: prefilter keyword and config
enip/cip: register inspect engines
enip: improve yaml
doc: reorder rule docs
doc: include enip page
enip/cip: improve output & style
enip: parsing and tests cleanup
enip: fix scan-build warnings
yaml: improve stream-depth comments
tls-validity: fix memory handling
der: fix asan/valgrind errors in time parsing
flow-mgr: fix bypass counter registration
util: add facility to check for RWX page support
pcre: disable JIT if RWX pages not supported
bug 1353: don't cut off last char of unix path
unix-socket: don't try to change permissions on BSD
cygwin: leave magic-file commented out in yaml
changelog: update for 3.2beta1
brandonlattin (1):
doc: performance: Replace 'medium' with 'custom'
kwong (1):
Adding SCADA EtherNet/IP and CIP protocol support
-----------------------------------------------------------------------
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list