[Oisf-devel] [COMMIT] OISF annotated tag, suricata-4.0.0-beta1, created. suricata-4.0.0-beta1

OISF Git noreply at openinfosecfoundation.org
Wed Jun 7 15:30:30 UTC 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The annotated tag, suricata-4.0.0-beta1 has been created
        at  4d896b0b5b02864d680a034f5cc2059f2efc5588 (tag)
   tagging  8ea9a5a7d6619057ea7c51676743b02692dad7b5 (commit)
  replaces  suricata-3.2.1
 tagged by  Victor Julien
        on  Wed Jun 7 17:29:48 2017 +0200

- Log -----------------------------------------------------------------
Tag Suricata 4.0.0-beta1 release
Version: GnuPG v1


Alexander Gozman (3):
      af-packet: write VLAN info for both TPACKET_V2 and V3
      af-packet: get VLAN info for packets in TPACKET_V3 mode
      af-packet: fix parsing packet in TPACKET_V3 mode

Andreas Herz (2):
      doc: rephrase nocase placement explanation
      rules: add missing classtypes for event.rules

David Wharton (5):
      doc: removed references to older Suricata versions
      doc: specify buffers that can be used for fast_pattern
      doc: overhaul of the snort-compatibility document
      doc: replacing snort-compatibility link
      doc: removing (replaced) snort-compatibility.rst

Eric Leblond (10):
      log-tlsstore: fix error handling
      filestore: add option to disable meta file writing
      filestore: avoid open write close sequence
      doc: document filestore update
      stream-tcp: add option to accept invalid packets
      af-packet: warn when tpacket_v3 is used in IPS
      stream-tcp: use flags field to store bypass info
      stream-tcp: use flags field to store inline info
      qa: update struct-flags coccinelle test
      doc: document drop-invalid option.

Jason Ish (49):
      Makefile: fix race condition in make install-full
      unified2: minor cleanups
      autoconf - look for stdbool.h
      unified2: nostamp and file rotation
      doc: update unified2 section
      pidfile: fail if the pid file exists
      unified2: unlock using same dereference as lock
      logging: move lock into write function
      logging: remove unused print stats callbacks
      travis: fix libpcre in mac builds
      travis: macos: unlink all deps, then relink
      tcp/udp: fix checksum validation when 0xffff
      tcp/udp: rename checksum functions for better meaning
      ipv4: update checksum function to be like tcp/udp
      defrag: fix argument used in macro to match signature
      unix-socket: return failure on failure
      travis: use new container build infrastructure
      defrag: use new unit test macros
      defrag: (linux) fix an error in overlapping fragments
      defrag: (windows) detect more overlaps
      logging: don't block on socket writes
      eve: log number of events dropped at exit
      logging: only do non-blocking writes if live
      detect: don't consider an empty rule file an error
      template script: typo in app-layer setup script
      dnp3: in template, include files own headers
      dns: fix log filtering
      profiling: fix const compiler warnings
      detect-dns-query: use unit test macros
      app-layer: notify parsers of gaps if enabled
      dns: accept gaps in TCP DNS
      rust: add rust skeleton tree
      rust: hook rust into the build
      travis: enable a rust build
      rust: stub out logging from rust
      rust: stub out configuration access functions
      rust: example of how an app-layer may be initialized
      rust: add libjansson wrapper for rust
      rust: c header generator
      rust: generate headers as part of build
      rust: wrapper around C logging, and "context"
      rust: dns: nom DNS parsers
      rust: DNS app-layer.
      rust: lua wrapper
      rust: lua support for DNS based Rust
      rust: use LoggerFlags type to track logged state
      rust: dns: add log filtering on rrtype
      rust: build fixes and nom update
      rust dns: fixup for nom 3.0

Jon Zeolla (2):
      docs: clarify how iprep works
      docs: fix statement about flow:to_server

Mats Klepsland (32):
      output-json: make JSON flags in eve-log user configurable
      doc: documentation for custom JSON flags in eve-log
      output-json-alert: fix wrongful comments
      output-json: move code to get 5-tuple to own function
      output-json-alert: print 'tunnel' JSON object if tunnel
      output-json-tls: custom tls logging
      output-json-tls: log certificate and chain
      output-json-tls: code cleanup
      doc: add documentation for TLS eve-log
      app-layer-tls: decode certificate serial number
      output-json-lua: log certificate serial number
      tls-log: log certificate serial number
      lua: add function to print certificate serial number
      detect: add (mpm) keyword tls_cert_serial
      doc: add documentation for tls_cert_serial keyword
      doc: add documentation for TlsGetCertSerial Lua function
      logging: support custom file permissions
      doc: add documentation for eve-log file permissions
      lua: add SCFlowTimestamps function
      doc: add documentation for Lua SCFlowTimestamps
      logging: support date modifiers in log filenames
      output-json: rotate log file based on time
      logging: create log directories when needed
      doc: add documentation for eve-log file rotation
      doc: add documentation for date modifiers in eve-log
      app-layer: support changing flow alproto
      app-layer-htp: add HTTP CONNECT support
      app-layer-smtp: add STARTTLS support
      output-json-tls: log 'from_proto' field
      app-layer-ftp: detect FTP alproto when using AUTH TLS
      app-layer-ftp: add STARTTLS support
      app-layer: add decoder event for missing TLS after STARTTLS

Ray Ruvinskiy (2):
      device: fix warning about NULL device
      tls: logging for session resumption

Victor Julien (323):
      Open 4.0 development branch
      detect: remove alproto from keyword registration
      detect: simplify SIG_FLAG_STATE_MATCH set logic
      detect: constify Signature/SigMatch use at runtime
      detect: make setup/free/match funcs static where possible
      detect: remove unused flags
      detect-parse: set ipprotos earlier
      detect file_data: improve error messages
      detect: fix file_data / http_server_body tests
      detect alert/threshold/tag: sm_list -> sm_array
      detect: remove unused SIG_FLAG_INIT_PAYLOAD init_flag
      detect: shrink inspect engine by using 'id' as state flag
      detect: use InspectEngineFuncPtr in inspect engines
      detect: add SigMatch arg to inspect functions
      detect: when freeing sig also see sm in inspect engine
      detect-engine: memory handling of sm_lists
      detect: http lists in engine
      detect: dns & tls lists in engine
      detect: app-event list in engine
      detect: file list in engine
      detect: modbus list in engine
      detect: enip/cip list in engine
      detect: template list in engine
      detect: pass SigMatchData to inspect functions
      detect: use detect list passed to generic funcs
      detect: get rid of Signature::sm_lists
      detect: improve memory handling & comments
      threshold: fix and redo tests
      detect: reorganize id's in prep of dynamic lists
      detect: shrink Signature::sm_arrays
      detect: move init only Signature members to init_data
      detect-csum: redo tests
      detect: dce test fixes and improvements
      detect: inspect engine setup cleanup
      detect: buffer type API
      detect: remove hardcoded sm_list logic from setup
      http_request_line: dynamic buffer
      file_data: dynamic buffer
      http_method: make list dynamic
      http_uri: dynamic buffer
      http_response_line: dynamic buffer
      http_user_agent: dynamic buffer
      http_cookie: dynamic buffer
      http_host: dynamic buffer
      http_raw_host: dynamic buffer
      http_stat_code: dynamic buffer
      http_stat_msg: dynamic buffer
      http_header / http_raw_header: dynamic buffers
      http_client_body: dynamic buffer
      http_raw_uri: dynamic buffer
      detect-parse: content modifier cleanup
      dns: use dynamic buffers
      tls: dynamic buffers
      dnp3: dynamic buffers/lists
      modbus: dynamic buffer
      cip/enip: dynamic buffer
      files: use dynamic list
      app-layer-events: dynamic list
      template: dynamic buffer
      detect: cleanup built-in list id's
      detect: detect engine registration cleanup
      detect-engine-mpm: api cleanup
      profiling: fix keyword profiling
      profiling: honor limit in json rule output
      profiling: output all sort options for rules
      detect: global registery for keyword thread data
      detect: http_header_names sticky buffer keyword
      http_header: move all code into keyword files
      http_header: remove old files
      http_header: common detection code
      http_header: convert to use common code
      detect: add http_protocol sticky buffer
      detect: http_start sticky buffer
      app-layer-events: remove unused API options
      tls.store: cleanup
      tls.store: convert to postmatch
      detect: convert old tls keywords to dynamic list
      ssl/tls: clean up keywords
      detect ssl/tls: use dynamic lists
      lua: use tls_generic list for ssl/tls
      ssh: convert app-layer parser to be tx aware
      ssh: remove single logger limit
      detect: make ssh detection use dynamic list
      lua: convert lua output to be tx aware
      detect: move lua smtp support to dynamic list
      ftp: parser and ftpbounce update
      dcerpc: simplify common detect code
      smb/dcerpc: use tx api
      dce: dynamic lists
      detect: remove AppLayerMatch API call
      detect: remove the AMATCH list
      flow: remove unused Flow::de_state
      detect: remove DMATCH list
      detect: unify FileMatch API with other calls
      detect: move file hash common code
      detect: small API cleanup
      detect: remove unused state file flag
      detect: remove unused SIGMATCH_PAYLOAD flag
      detect: ssh_proto stickybuffer
      detect: ssh_software sticky buffer
      detect: use engine version instead of id
      var-names: expose outside of detect engine
      alert-debug: print flowbit names from VarNameStore
      alert-debug: print flowvar/int names
      detect-pcre: small cleanups
      pcre: support multiple captures
      pkt-var: use id instead of name pointer
      pkt-var: abuse flowvar postmatch logic for pktvars
      pcre: new way of specifying var names
      eve: log pktvars/flowvars/bits/ints
      outputs: vars log
      pktvars: same name pktvars, key-value vars
      hostbits: add list API
      unix-socket: add/list/remove hostbit commands
      suricatasc: add/list/remove hostbit commands
      doc: update unix socket
      flowvar: remove unused DETECT_VAR_TYPE_ALWAYS
      lua: support key/value flowvars in lua
      flowvar: shrink flowvar type by using padded space
      doc: update for unix socket hostbits
      detect: add and use util func for alproto sets
      threads: don't sleep under lock
      threads: address sleep under lock issue
      detect: fix missing unlock in error path
      detect-lua: setup cleanup, fixing a potential int issue
      detect-ssh: cleanup duplicate code
      coverity: suppress CID 1400648
      flow-worker: clean up thread init
      dce: remove commented out code
      travis: fix pkg-config in mac builds
      qa/appveyor: install libiconv-devel
      app-layer: minor debug improvement
      stream: remove unused variable
      stream: make data pointer in StreamSegmentCallback const
      stream: remove unused stream config member
      stream: validate SACK right edge to be in window
      ippair: use both addresses in hash
      ippair: fix xbits unset memleak
      app-layer: fix memleak on bad traffic
      file store: store multiple files if available
      app-layer: fix gap handling in protocol detection
      file-store: fix force store
      bytejump: don't print errors when matching
      detect: clean up test
      detect: simplify state detect code: remove unused params
      detect: remove unused alversion logic
      flow: remove unused alversion fields
      app-layer: remove version logic
      disable-detect: fix needless file hashing
      detect: fix ssl_state test
      print: constify input
      http: fix body tracking corner case
      af-packet: fix cppcheck false positive
      pool: fix compiler warning
      modbus: fix compiler warnings about alignment
      geoip: fix compiler warning
      pcre: disable jit on powerpc64
      doc: expand on bpf
      pcre: on ppc64 disable only for specific versions
      cleanup: get rid of %llu format specifiers
      core dumps: check for sys/resource.h
      common: improve byte order and wordsize detection
      mingw: don't use uint type as mingw doesn't have it
      random: improve random logic
      random: convert stream and htp to new call
      qa: add rand/rand_r to banned functions
      qa: add --no-random commandline option
      redis: use SCCalloc to reduce risk of unitialized vars
      detect: http_accept sticky buffer + common code
      detect: implement http referer sticky buffer
      detect: implement http_connection sticky buffer
      detect: implement http_accept_lang sticky buffer
      detect: implement http_accept_enc sticky buffer
      detect: implement http_content_type sticky buffer
      detect: implement http_content_len sticky buffer
      doc: http keywords update
      profile: account flow-worker tcp-prune step
      stream-tcp: StreamTcpUTAddPayload unittest helper
      streaming: add blocklist
      streaming: remove BUG_ON and other improvements
      tcp: streaming implementation
      stream: safety check in overlap handling
      stream: remove unused zero copy setting
      stream: small cleanups
      stream: reduce space used for progress tracking
      stream: make app_progress relative to STREAM_BASE_OFFSET
      stream: make raw_progress relative to STREAM_BASE_OFFSET
      stream: improve no app and no raw case
      stream: add tcp.overlap and tcp.overlap_diff_data counters
      stream: add stream.reassembly.check-overlap-different-data option
      stream: add insert failure counters
      stream: test cleanups and fixes
      stream: use static instead of dynamic streaming buffer structure
      stream: implement memory handling functions
      stream-tcp: implement thread pool for segments
      unittests: fail if TCP memory still in use
      stream: constify StreamTcpReassembleRawCheckLimit
      detect / stream: new 'raw' stream inspection
      stream: set 'trigger raw' per direction
      flow/stream: reduce/disable pseudo packet injections
      stream: raw content inspection inline mode
      stream: handle no stream scanning case
      stream: StreamTcpReassembleRawCheckLimit cleanup
      debug-validation: add stream checks
      stream: detect stream GAP also during reassembly
      stream: allow raw reassembly catch up
      stream: new depth / disable raw logic
      app-layer: change logic of setting 'no reassembly'
      stream: more aggressive StreamReassembleRawHasDataReady
      stream: improve needs reassembly code
      detect: remove unused detect flag
      detect: turn single detect flag into bool
      detect: make SigMatchSignatures void
      detect: only do flow dependent cleanup if a flow is present
      stream: validate code
      yaml: sync with new stream engine
      doc: update for stream changes
      stream: optimize session pruning
      stream: remove unused StreamTcpGetStreamSize function
      stream: improve --disable-detection GAP handling
      stream: mpm inspect micro optimizations
      stream: raw reassembly explicit disable raw handling
      stream: app-layer micro optimizations
      stream: don't call app reassembly if disable flag set
      stream: enforce gap earlier in app reassembly
      stream: pack config struct
      stream inspection: add debug counters
      stream: debug improvements
      stream: list management cleanups
      stream: move inline tests
      autotools: add src/tests to extra dist
      stream: reduce scope of new ssn func
      detect: clean up stateful detect
      app-layer: set stream-depth after stream init
      detect: more detailed state profiling
      ssh: fix banner state setting
      ssh: fix test
      http_header (trailer) test cleanup
      http_header: add another trailer test
      http_uri: unittest cleanup
      detect-state: don't use casts to uint
      detect: register progress in inspect engines
      mpm: run engines as few times as possible
      detect: change mask logic
      detect: improve stateful detection
      state: check progress before calling engine
      http_header: enable trailer prefilter engines
      unittests: add/improve helpers for stream/flow
      detect: update tests that mix state/stream inspect
      cleanup: from AS_VERSION_COMPARE CentOS5 workaround
      configure: remove CentOS5 pkg-config fix
      cleanup: remove libpcap < 1 support
      cleanup: remove unused ringbuffer code
      debug: suppress notice message
      detect: use BIT_U32 macro for content flags
      detect: avoid needless recursive scanning
      detect: content-inspection tests
      detect: don't rescan when just distance is used
      detect: more content inspection tests
      detect: enforce isdataat:!1,relative earlier
      detect-parse: improve common parser
      compiler: more strict compiler warnings
      nflog: compiler warning fix
      isdataat: add test for leading space
      nfq: remove obsolete and broken netfilterforwin support
      magic: fix compile warnings
      proto-detect: add debug output
      app-layer: protocol change API
      connect/starttls: handle detection corner cases
      nfq: don't try to verdict detect/log flush pkts
      eve.flow: log original and expected app_protocols
      lua: extend SCFlowAppLayerProto
      pfring: compiler warning fixes
      flow: counters for total number of flows
      file: clarify file store id name
      file-store: small cleanup
      file: introduce per file 'track id'
      file: update loops to account for parallel files
      file: fix storing parallel files
      file: fix pruning for parallel files
      app-layer API optimizations and cleanups
      tests: update tests for app-layer changes
      output: tx logging optimizations
      app-layer: optimize many-tx case
      bug 2113: unix-socket start up race
      doc: move parts out of snort difference doc
      doc: flowints formatting cleanup
      doc: fix doc links for http keywords
      stream: single GAP check
      bug 2113: fix live modes
      lua: add SCFlowId for getting the flow id
      flow: enforce 51 bits id globally
      unix-socket: fix minor memleak
      unix socket: improve runmode handling
      output-tx: small cleanups and scan-build suppression
      detect/file: cleanups
      flow-worker: improve no-flow case
      lua/streaming: fix http body logging
      streaming: small code cleanup
      luajit: cleanup states before return to pool
      streaming/lua: add direction indication to streamer
      stream: introduce optional 'log' progress tracker
      output/streaming: fixes and redo tcp logging
      stream/async: improvements for IPS
      stream/async: more liberal RST acceptance
      flow-hash: optimize to avoid branch misses
      stream: minor output cleanup
      netmap: minor output cleanup
      stream: suppress GAP notice message
      rust/json: expose json_boolean
      rust: filecontainer API
      rust: filetracker API
      rust/core: add file tx API call
      rust: bindings: improve generator script
      rust/nfs: NFSv3 parser, logger and detection
      rust/nfs: add more record types
      rust/nfs: move files into tx type data
      rust/nfs/files: no longer Option/Box
      log: fix mem leak in error path (CID1404888)
      rust: make clear it's experimental
      rust: add to features
      changelog: update for 4.0.0-beta1
      common: sync PROG_VER version with configure.ac

fooinha (4):
      log: common custom format output
      log: tls custom format log
      doc: async mode for redis eve output
      eve: async mode for redis output

psanders240 (1):
      doc: Napatech docs improvement



More information about the Oisf-devel mailing list