[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.2-91-g8622242

OISF Git noreply at openinfosecfoundation.org
Wed Feb 8 19:54:21 UTC 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  86222428dd51adf2b6ff562a49e0e1ed22e0da76 (commit)
       via  4683b0e662aa1349168c9706440aaeab1bef0e47 (commit)
       via  c89ce17017ae91dce20a701974e902a3947e14be (commit)
       via  ecf59be413f2c51960614efc4063fee6777943f2 (commit)
      from  f407d77016dcf037bc533c68495b38bd36884974 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 86222428dd51adf2b6ff562a49e0e1ed22e0da76
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 8 13:55:34 2017 +0100

    detect: don't run IP inspection on non-IP packets
    The code to get the rule group (sgh) would return the group for
    IP proto 0 instead of nothing. This lead to certain types of rules
    unintentionally matching (False Positive).
    Since the packets weren't actually IP, the logged alert records
    were missing the IP header.
    Bug #2017.

commit 4683b0e662aa1349168c9706440aaeab1bef0e47
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 8 09:20:54 2017 +0100

    afl: fix ENIP, switch DNS to UDP and add --afl-dnstcp*

commit c89ce17017ae91dce20a701974e902a3947e14be
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 8 08:40:46 2017 +0100

    afl: with -Wshadow issues

commit ecf59be413f2c51960614efc4063fee6777943f2
Author: Eric Leblond <eric at regit.org>
Date:   Tue Nov 1 22:09:31 2016 +0100

    af-packet: add VLAN header when needed in IPS mode
    When packet is coming from a real ethernet card, the kernel is
    stripping the vlan header and delivering a modified packet so
    we need to insert the VLAN header back before sending the packet
    on the wire.
    To do so, we pass an option to the raw socket to add a reserve
    before the packet data. It will get Suricata some head room to
    to move the ethernet addresses before there actual place and
    and insert the VLAN header in the correct place.
    We get VLAN info from the ring buffer as the call of AFPWrite is
    always done in the release function so we still have access to the


Summary of changes:
 src/app-layer-detect-proto.c |  3 +++
 src/app-layer-dnp3.c         |  2 ++
 src/app-layer-dns-udp.c      |  2 ++
 src/app-layer-enip.c         |  2 ++
 src/app-layer-modbus.c       |  4 ---
 src/app-layer-parser.c       | 29 +++++++++++++-------
 src/app-layer-parser.h       |  4 +--
 src/decode.c                 |  6 ++---
 src/detect.c                 |  5 ++++
 src/source-af-packet.c       | 64 ++++++++++++++++++++++++++++++++++++++++----
 src/suricata.c               | 53 +++++++++++++++++++++---------------
 src/util-decode-mime.c       |  6 ++---
 12 files changed, 132 insertions(+), 48 deletions(-)


More information about the Oisf-devel mailing list