[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.0-beta1-67-gfee0fdc

OISF Git noreply at openinfosecfoundation.org
Tue Jun 27 18:37:34 UTC 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  fee0fdc5951e5e0f03c841a6e3c6a5497b9366f4 (commit)
       via  885b8cefec83b63bbde1279f59d7ff1e40ba320c (commit)
      from  6226338d5b830c20397bc41d02ed8937c1ff43e6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fee0fdc5951e5e0f03c841a6e3c6a5497b9366f4
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Jun 27 15:07:40 2017 +0200

    pcap: fix linktype raw issues
    On OpenBSD 6.0 and 6.1 the following pcap gets a datalink type of
    101 instead of our defined DLT_RAW.
        File type:           Wireshark/tcpdump/... - pcap
        File encapsulation:  Raw IP
        File timestamp precision:  microseconds (6)
        Packet size limit:   file hdr: 262144 bytes
        Number of packets:   23
        File size:           11 kB
        Data size:           11 kB
        Capture duration:    7,424945 seconds
        First packet time:   2017-05-25 21:59:31,957953
        Last packet time:    2017-05-25 21:59:39,382898
        Data byte rate:      1536 bytes/s
        Data bit rate:       12 kbps
        Average packet size: 496,00 bytes
        Average packet rate: 3 packets/s
        SHA1:                120cff9878b93ac74b68fb9216027bef3b3c018f
        RIPEMD160:           35fa287bf30d8be8b8654abfe26e8d3883262e8e
        MD5:                 13fe4bc50fe09bdd38f07739bd1ff0f0
        Strict time order:   True
        Number of interfaces in file: 1
        Interface #0 info:
                             Encapsulation = Raw IP (7/101 - rawip)
                             Capture length = 262144
                             Time precision = microseconds (6)
                             Time ticks per second = 1000000
                             Number of stat entries = 0
                             Number of packets = 23
    On Linux it is 12.
    On the tcpdump/libpcap site the DLT_RAW is defined as 101:
    Strangely, on OpenBSD the DLT_RAW macro is defined as 14 as expected.
    So for some reason, libpcap on OpenBSD uses 101 which seems to match
    the tcpdump/libpcap documentation.
    So this patch adds support for datalink 101 as RAW.

commit 885b8cefec83b63bbde1279f59d7ff1e40ba320c
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Jun 27 09:59:48 2017 +0200

    detect: fix crash when stream inspect runs on UDP
    Certain rules can apply to both TCP and UDP. For example 'alert dns'
    rules are inspected against both TCP and UDP. This lead to the
    stream inspect engine being called on a UDP packet.
    This patch fixes the issue by exiting early from the stream inspect
    engine if a) proto is not TCP or b) ssn is not available
    Bug #2158.


Summary of changes:
 src/decode.h                | 3 +++
 src/detect-engine-payload.c | 9 ++++++++-
 src/source-pcap-file.c      | 1 +
 3 files changed, 12 insertions(+), 1 deletion(-)


More information about the Oisf-devel mailing list