[Oisf-devel] [COMMIT] OISF annotated tag, suricata-4.0.0-beta1, created. suricata-4.0.0-beta1
OISF Git
noreply at openinfosecfoundation.org
Wed Jun 7 15:30:30 UTC 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The annotated tag, suricata-4.0.0-beta1 has been created
at 4d896b0b5b02864d680a034f5cc2059f2efc5588 (tag)
tagging 8ea9a5a7d6619057ea7c51676743b02692dad7b5 (commit)
replaces suricata-3.2.1
tagged by Victor Julien
on Wed Jun 7 17:29:48 2017 +0200
- Log -----------------------------------------------------------------
Tag Suricata 4.0.0-beta1 release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJZOBv7AAoJEMH0leOSaFa0bPYH/0Ux1v+AzBlMRNqnxLLobHNh
rGFJQgxpp8cV9qtFsf6oj/wjTwvffY2cXeB5/ESUs/hGtVM8rtbhyeMBSYxsRHKD
gTGmbEPR0e/551ocfl92VM0qNYFQVYMHc7b6ly+mujtIFEippq+6Z9AqGq6DJFRB
fITDgZ+sZfcelkeR58TQdNSUKql2SbaHWz/hATnqqhmpZcIozoYhBsV3SawNi6qW
ZxbqiksD/h0POrM9cc41MG/bqR+7cGWGXUShfPQKZ8nkcEhA9W7HTnmA52x3SscI
FQxxj7mhdej6XBUY4CjhcLGtySmbv7rAzzPd6qY/8p8H78u2fFWb7f8GRQhNWEk=
=vb4C
-----END PGP SIGNATURE-----
Alexander Gozman (3):
af-packet: write VLAN info for both TPACKET_V2 and V3
af-packet: get VLAN info for packets in TPACKET_V3 mode
af-packet: fix parsing packet in TPACKET_V3 mode
Andreas Herz (2):
doc: rephrase nocase placement explanation
rules: add missing classtypes for event.rules
David Wharton (5):
doc: removed references to older Suricata versions
doc: specify buffers that can be used for fast_pattern
doc: overhaul of the snort-compatibility document
doc: replacing snort-compatibility link
doc: removing (replaced) snort-compatibility.rst
Eric Leblond (10):
log-tlsstore: fix error handling
filestore: add option to disable meta file writing
filestore: avoid open write close sequence
doc: document filestore update
stream-tcp: add option to accept invalid packets
af-packet: warn when tpacket_v3 is used in IPS
stream-tcp: use flags field to store bypass info
stream-tcp: use flags field to store inline info
qa: update struct-flags coccinelle test
doc: document drop-invalid option.
Jason Ish (49):
Makefile: fix race condition in make install-full
unified2: minor cleanups
autoconf - look for stdbool.h
unified2: nostamp and file rotation
doc: update unified2 section
pidfile: fail if the pid file exists
unified2: unlock using same dereference as lock
logging: move lock into write function
logging: remove unused print stats callbacks
travis: fix libpcre in mac builds
travis: macos: unlink all deps, then relink
tcp/udp: fix checksum validation when 0xffff
tcp/udp: rename checksum functions for better meaning
ipv4: update checksum function to be like tcp/udp
defrag: fix argument used in macro to match signature
unix-socket: return failure on failure
travis: use new container build infrastructure
defrag: use new unit test macros
defrag: (linux) fix an error in overlapping fragments
defrag: (windows) detect more overlaps
logging: don't block on socket writes
eve: log number of events dropped at exit
logging: only do non-blocking writes if live
detect: don't consider an empty rule file an error
template script: typo in app-layer setup script
dnp3: in template, include files own headers
dns: fix log filtering
profiling: fix const compiler warnings
detect-dns-query: use unit test macros
app-layer: notify parsers of gaps if enabled
dns: accept gaps in TCP DNS
rust: add rust skeleton tree
rust: hook rust into the build
travis: enable a rust build
rust: stub out logging from rust
rust: stub out configuration access functions
rust: example of how an app-layer may be initialized
rust: add libjansson wrapper for rust
rust: c header generator
rust: generate headers as part of build
rust: wrapper around C logging, and "context"
rust: dns: nom DNS parsers
rust: DNS app-layer.
rust: lua wrapper
rust: lua support for DNS based Rust
rust: use LoggerFlags type to track logged state
rust: dns: add log filtering on rrtype
rust: build fixes and nom update
rust dns: fixup for nom 3.0
Jon Zeolla (2):
docs: clarify how iprep works
docs: fix statement about flow:to_server
Mats Klepsland (32):
output-json: make JSON flags in eve-log user configurable
doc: documentation for custom JSON flags in eve-log
output-json-alert: fix wrongful comments
output-json: move code to get 5-tuple to own function
output-json-alert: print 'tunnel' JSON object if tunnel
output-json-tls: custom tls logging
output-json-tls: log certificate and chain
output-json-tls: code cleanup
doc: add documentation for TLS eve-log
app-layer-tls: decode certificate serial number
output-json-lua: log certificate serial number
tls-log: log certificate serial number
lua: add function to print certificate serial number
detect: add (mpm) keyword tls_cert_serial
doc: add documentation for tls_cert_serial keyword
doc: add documentation for TlsGetCertSerial Lua function
logging: support custom file permissions
doc: add documentation for eve-log file permissions
lua: add SCFlowTimestamps function
doc: add documentation for Lua SCFlowTimestamps
logging: support date modifiers in log filenames
output-json: rotate log file based on time
logging: create log directories when needed
doc: add documentation for eve-log file rotation
doc: add documentation for date modifiers in eve-log
app-layer: support changing flow alproto
app-layer-htp: add HTTP CONNECT support
app-layer-smtp: add STARTTLS support
output-json-tls: log 'from_proto' field
app-layer-ftp: detect FTP alproto when using AUTH TLS
app-layer-ftp: add STARTTLS support
app-layer: add decoder event for missing TLS after STARTTLS
Ray Ruvinskiy (2):
device: fix warning about NULL device
tls: logging for session resumption
Victor Julien (323):
Open 4.0 development branch
detect: remove alproto from keyword registration
detect: simplify SIG_FLAG_STATE_MATCH set logic
detect: constify Signature/SigMatch use at runtime
detect: make setup/free/match funcs static where possible
detect: remove unused flags
detect-parse: set ipprotos earlier
detect file_data: improve error messages
detect: fix file_data / http_server_body tests
detect alert/threshold/tag: sm_list -> sm_array
detect: remove unused SIG_FLAG_INIT_PAYLOAD init_flag
detect: shrink inspect engine by using 'id' as state flag
detect: use InspectEngineFuncPtr in inspect engines
detect: add SigMatch arg to inspect functions
detect: when freeing sig also see sm in inspect engine
detect-engine: memory handling of sm_lists
detect: http lists in engine
detect: dns & tls lists in engine
detect: app-event list in engine
detect: file list in engine
detect: modbus list in engine
detect: enip/cip list in engine
detect: template list in engine
detect: pass SigMatchData to inspect functions
detect: use detect list passed to generic funcs
detect: get rid of Signature::sm_lists
detect: improve memory handling & comments
threshold: fix and redo tests
detect: reorganize id's in prep of dynamic lists
detect: shrink Signature::sm_arrays
detect: move init only Signature members to init_data
detect-csum: redo tests
detect: dce test fixes and improvements
detect: inspect engine setup cleanup
detect: buffer type API
detect: remove hardcoded sm_list logic from setup
http_request_line: dynamic buffer
file_data: dynamic buffer
http_method: make list dynamic
http_uri: dynamic buffer
http_response_line: dynamic buffer
http_user_agent: dynamic buffer
http_cookie: dynamic buffer
http_host: dynamic buffer
http_raw_host: dynamic buffer
http_stat_code: dynamic buffer
http_stat_msg: dynamic buffer
http_header / http_raw_header: dynamic buffers
http_client_body: dynamic buffer
http_raw_uri: dynamic buffer
detect-parse: content modifier cleanup
dns: use dynamic buffers
tls: dynamic buffers
dnp3: dynamic buffers/lists
modbus: dynamic buffer
cip/enip: dynamic buffer
files: use dynamic list
app-layer-events: dynamic list
template: dynamic buffer
detect: cleanup built-in list id's
detect: detect engine registration cleanup
detect-engine-mpm: api cleanup
profiling: fix keyword profiling
profiling: honor limit in json rule output
profiling: output all sort options for rules
detect: global registery for keyword thread data
detect: http_header_names sticky buffer keyword
http_header: move all code into keyword files
http_header: remove old files
http_header: common detection code
http_header: convert to use common code
detect: add http_protocol sticky buffer
detect: http_start sticky buffer
app-layer-events: remove unused API options
tls.store: cleanup
tls.store: convert to postmatch
detect: convert old tls keywords to dynamic list
ssl/tls: clean up keywords
detect ssl/tls: use dynamic lists
lua: use tls_generic list for ssl/tls
ssh: convert app-layer parser to be tx aware
ssh: remove single logger limit
detect: make ssh detection use dynamic list
lua: convert lua output to be tx aware
detect: move lua smtp support to dynamic list
ftp: parser and ftpbounce update
dcerpc: simplify common detect code
smb/dcerpc: use tx api
dce: dynamic lists
detect: remove AppLayerMatch API call
detect: remove the AMATCH list
flow: remove unused Flow::de_state
detect: remove DMATCH list
detect: unify FileMatch API with other calls
detect: move file hash common code
detect: small API cleanup
detect: remove unused state file flag
detect: remove unused SIGMATCH_PAYLOAD flag
detect: ssh_proto stickybuffer
detect: ssh_software sticky buffer
detect: use engine version instead of id
var-names: expose outside of detect engine
alert-debug: print flowbit names from VarNameStore
alert-debug: print flowvar/int names
detect-pcre: small cleanups
pcre: support multiple captures
pkt-var: use id instead of name pointer
pkt-var: abuse flowvar postmatch logic for pktvars
pcre: new way of specifying var names
eve: log pktvars/flowvars/bits/ints
outputs: vars log
pktvars: same name pktvars, key-value vars
hostbits: add list API
unix-socket: add/list/remove hostbit commands
suricatasc: add/list/remove hostbit commands
doc: update unix socket
flowvar: remove unused DETECT_VAR_TYPE_ALWAYS
lua: support key/value flowvars in lua
flowvar: shrink flowvar type by using padded space
doc: update for unix socket hostbits
detect: add and use util func for alproto sets
threads: don't sleep under lock
threads: address sleep under lock issue
detect: fix missing unlock in error path
detect-lua: setup cleanup, fixing a potential int issue
detect-ssh: cleanup duplicate code
coverity: suppress CID 1400648
flow-worker: clean up thread init
dce: remove commented out code
travis: fix pkg-config in mac builds
qa/appveyor: install libiconv-devel
app-layer: minor debug improvement
stream: remove unused variable
stream: make data pointer in StreamSegmentCallback const
stream: remove unused stream config member
stream: validate SACK right edge to be in window
ippair: use both addresses in hash
ippair: fix xbits unset memleak
app-layer: fix memleak on bad traffic
file store: store multiple files if available
app-layer: fix gap handling in protocol detection
file-store: fix force store
bytejump: don't print errors when matching
detect: clean up test
detect: simplify state detect code: remove unused params
detect: remove unused alversion logic
flow: remove unused alversion fields
app-layer: remove version logic
disable-detect: fix needless file hashing
detect: fix ssl_state test
print: constify input
http: fix body tracking corner case
af-packet: fix cppcheck false positive
pool: fix compiler warning
modbus: fix compiler warnings about alignment
geoip: fix compiler warning
pcre: disable jit on powerpc64
doc: expand on bpf
pcre: on ppc64 disable only for specific versions
cleanup: get rid of %llu format specifiers
core dumps: check for sys/resource.h
common: improve byte order and wordsize detection
mingw: don't use uint type as mingw doesn't have it
random: improve random logic
random: convert stream and htp to new call
qa: add rand/rand_r to banned functions
qa: add --no-random commandline option
redis: use SCCalloc to reduce risk of unitialized vars
detect: http_accept sticky buffer + common code
detect: implement http referer sticky buffer
detect: implement http_connection sticky buffer
detect: implement http_accept_lang sticky buffer
detect: implement http_accept_enc sticky buffer
detect: implement http_content_type sticky buffer
detect: implement http_content_len sticky buffer
doc: http keywords update
profile: account flow-worker tcp-prune step
stream-tcp: StreamTcpUTAddPayload unittest helper
streaming: add blocklist
streaming: remove BUG_ON and other improvements
tcp: streaming implementation
stream: safety check in overlap handling
stream: remove unused zero copy setting
stream: small cleanups
stream: reduce space used for progress tracking
stream: make app_progress relative to STREAM_BASE_OFFSET
stream: make raw_progress relative to STREAM_BASE_OFFSET
stream: improve no app and no raw case
stream: add tcp.overlap and tcp.overlap_diff_data counters
stream: add stream.reassembly.check-overlap-different-data option
stream: add insert failure counters
stream: test cleanups and fixes
stream: use static instead of dynamic streaming buffer structure
stream: implement memory handling functions
stream-tcp: implement thread pool for segments
unittests: fail if TCP memory still in use
stream: constify StreamTcpReassembleRawCheckLimit
detect / stream: new 'raw' stream inspection
stream: set 'trigger raw' per direction
flow/stream: reduce/disable pseudo packet injections
stream: raw content inspection inline mode
stream: handle no stream scanning case
stream: StreamTcpReassembleRawCheckLimit cleanup
debug-validation: add stream checks
stream: detect stream GAP also during reassembly
stream: allow raw reassembly catch up
stream: new depth / disable raw logic
app-layer: change logic of setting 'no reassembly'
stream: more aggressive StreamReassembleRawHasDataReady
stream: improve needs reassembly code
detect: remove unused detect flag
detect: turn single detect flag into bool
detect: make SigMatchSignatures void
detect: only do flow dependent cleanup if a flow is present
stream: validate code
yaml: sync with new stream engine
doc: update for stream changes
stream: optimize session pruning
stream: remove unused StreamTcpGetStreamSize function
stream: improve --disable-detection GAP handling
stream: mpm inspect micro optimizations
stream: raw reassembly explicit disable raw handling
stream: app-layer micro optimizations
stream: don't call app reassembly if disable flag set
stream: enforce gap earlier in app reassembly
stream: pack config struct
stream inspection: add debug counters
stream: debug improvements
stream: list management cleanups
stream: move inline tests
autotools: add src/tests to extra dist
stream: reduce scope of new ssn func
detect: clean up stateful detect
app-layer: set stream-depth after stream init
detect: more detailed state profiling
ssh: fix banner state setting
ssh: fix test
http_header (trailer) test cleanup
http_header: add another trailer test
http_uri: unittest cleanup
detect-state: don't use casts to uint
detect: register progress in inspect engines
mpm: run engines as few times as possible
detect: change mask logic
detect: improve stateful detection
state: check progress before calling engine
http_header: enable trailer prefilter engines
unittests: add/improve helpers for stream/flow
detect: update tests that mix state/stream inspect
cleanup: from AS_VERSION_COMPARE CentOS5 workaround
configure: remove CentOS5 pkg-config fix
cleanup: remove libpcap < 1 support
cleanup: remove unused ringbuffer code
debug: suppress notice message
detect: use BIT_U32 macro for content flags
detect: avoid needless recursive scanning
detect: content-inspection tests
detect: don't rescan when just distance is used
detect: more content inspection tests
detect: enforce isdataat:!1,relative earlier
detect-parse: improve common parser
compiler: more strict compiler warnings
nflog: compiler warning fix
isdataat: add test for leading space
nfq: remove obsolete and broken netfilterforwin support
magic: fix compile warnings
proto-detect: add debug output
app-layer: protocol change API
connect/starttls: handle detection corner cases
nfq: don't try to verdict detect/log flush pkts
eve.flow: log original and expected app_protocols
lua: extend SCFlowAppLayerProto
pfring: compiler warning fixes
flow: counters for total number of flows
file: clarify file store id name
file-store: small cleanup
file: introduce per file 'track id'
file: update loops to account for parallel files
file: fix storing parallel files
file: fix pruning for parallel files
app-layer API optimizations and cleanups
tests: update tests for app-layer changes
output: tx logging optimizations
app-layer: optimize many-tx case
bug 2113: unix-socket start up race
doc: move parts out of snort difference doc
doc: flowints formatting cleanup
doc: fix doc links for http keywords
stream: single GAP check
bug 2113: fix live modes
lua: add SCFlowId for getting the flow id
flow: enforce 51 bits id globally
unix-socket: fix minor memleak
unix socket: improve runmode handling
output-tx: small cleanups and scan-build suppression
detect/file: cleanups
flow-worker: improve no-flow case
lua/streaming: fix http body logging
streaming: small code cleanup
luajit: cleanup states before return to pool
streaming/lua: add direction indication to streamer
stream: introduce optional 'log' progress tracker
output/streaming: fixes and redo tcp logging
stream/async: improvements for IPS
stream/async: more liberal RST acceptance
flow-hash: optimize to avoid branch misses
stream: minor output cleanup
netmap: minor output cleanup
stream: suppress GAP notice message
rust/json: expose json_boolean
rust: filecontainer API
rust: filetracker API
rust/core: add file tx API call
rust: bindings: improve generator script
rust/nfs: NFSv3 parser, logger and detection
rust/nfs: add more record types
rust/nfs: move files into tx type data
rust/nfs/files: no longer Option/Box
log: fix mem leak in error path (CID1404888)
rust: make clear it's experimental
rust: add to features
changelog: update for 4.0.0-beta1
common: sync PROG_VER version with configure.ac
fooinha (4):
log: common custom format output
log: tls custom format log
doc: async mode for redis eve output
eve: async mode for redis output
psanders240 (1):
doc: Napatech docs improvement
-----------------------------------------------------------------------
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list