[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.2.1-324-g842dfbc

OISF Git noreply at openinfosecfoundation.org
Mon May 1 16:15:29 UTC 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  842dfbc3f86cee39d19ae394d39f87be2e1eea94 (commit)
       via  c0275c2b29d405e60782da7c1cc975d854a4be64 (commit)
       via  7eda6beade1b9227a5ad36c50610858c67155530 (commit)
       via  84b97ca15519ebffded1a475d9eda058620b1931 (commit)
       via  b9579fbe7dd408200ef03cbe20efddb624b73885 (commit)
       via  bc7c01ecbc816618aa8a4a3be133d16a2728fc07 (commit)
       via  c65a119cc043075851af26fbb2866585e8b66c80 (commit)
       via  276125c1ef322363b49ae22f8b4b6a9303825fbe (commit)
       via  cda6e0291f561fac715c470a195ad01026b17918 (commit)
       via  119115d3b6d10fcd1b1db5cd02f92bec033baa54 (commit)
       via  0516b5d7044d3361d4ea2fa16f562bbb0f946c23 (commit)
      from  d31cb083e910d779279e47ffbb32d5da096220fe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 842dfbc3f86cee39d19ae394d39f87be2e1eea94
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 6 16:41:05 2017 +0100

    detect: enforce isdataat:!1,relative earlier
    The expression 'isdataat:!1,relative' is used to make sure a match
    is at the end of a buffer quite often. This patch optimizes this case
    for 'content' followed by the expression. It enforces it by setting
    and 'ends with' flag on the content and then taking that flag into
    account while doing the pattern match.

commit c0275c2b29d405e60782da7c1cc975d854a4be64
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Mar 6 11:17:12 2017 +0100

    detect: more content inspection tests

commit 7eda6beade1b9227a5ad36c50610858c67155530
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 4 13:40:39 2017 +0100

    detect: don't rescan when just distance is used
    Content inspection optimization: when just distance is used without
    within we don't need to search recursively.
    E.g. content:"a"; content:"b"; distance:1; will scan the buffer for
    'a' and when it finds 'a' it will scan the remainder for 'b'. Until
    now, the failure to find 'b' would lead to looking for the next 'a'
    and then for 'b' after that. However, we already inspected the
    entire buffer for 'b', so we know this will fail.

commit 84b97ca15519ebffded1a475d9eda058620b1931
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 4 10:15:39 2017 +0100

    detect: content-inspection tests
    Add tests for the content inspection engine that count the number
    of steps it takes to eval a rule.

commit b9579fbe7dd408200ef03cbe20efddb624b73885
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Mar 3 15:38:43 2017 +0100

    detect: avoid needless recursive scanning
    Don't recursively inspect a detect list if the recursion
    doesn't increase chance of success.

commit bc7c01ecbc816618aa8a4a3be133d16a2728fc07
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Mar 4 13:05:37 2017 +0100

    detect: use BIT_U32 macro for content flags

commit c65a119cc043075851af26fbb2866585e8b66c80
Author: Victor Julien <victor at inliniac.net>
Date:   Mon May 1 10:38:22 2017 +0200

    debug: suppress notice message

commit 276125c1ef322363b49ae22f8b4b6a9303825fbe
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Apr 28 09:23:09 2017 +0200

    cleanup: remove unused ringbuffer code

commit cda6e0291f561fac715c470a195ad01026b17918
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Apr 28 09:44:37 2017 +0200

    cleanup: remove libpcap < 1 support

commit 119115d3b6d10fcd1b1db5cd02f92bec033baa54
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Apr 28 09:50:59 2017 +0200

    configure: remove CentOS5 pkg-config fix

commit 0516b5d7044d3361d4ea2fa16f562bbb0f946c23
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Apr 28 09:48:09 2017 +0200

    cleanup: from AS_VERSION_COMPARE CentOS5 workaround


Summary of changes:
 configure.ac                                 |   31 +-
 src/Makefile.am                              |    2 -
 src/detect-byte-extract.c                    |    4 +-
 src/detect-content.h                         |   40 +-
 src/detect-distance.c                        |    6 +-
 src/detect-engine-content-inspection.c       |   95 ++-
 src/detect-engine-content-inspection.h       |    2 +
 src/detect-engine.c                          |    2 +-
 src/detect-isdataat.c                        |   11 +
 src/detect-within.c                          |    2 +-
 src/detect.c                                 |    2 +
 src/runmode-unittests.c                      |    2 -
 src/source-pcap.c                            |  146 ----
 src/suricata.c                               |    5 -
 src/tests/detect-engine-content-inspection.c |  236 ++++++
 src/tm-queuehandlers.c                       |    3 -
 src/tm-queuehandlers.h                       |    3 -
 src/tmqh-ringbuffer.c                        |  151 ----
 src/tmqh-ringbuffer.h                        |   30 -
 src/util-ringbuffer.c                        | 1088 --------------------------
 src/util-ringbuffer.h                        |  136 ----
 21 files changed, 355 insertions(+), 1642 deletions(-)
 create mode 100644 src/tests/detect-engine-content-inspection.c
 delete mode 100644 src/tmqh-ringbuffer.c
 delete mode 100644 src/tmqh-ringbuffer.h
 delete mode 100644 src/util-ringbuffer.c
 delete mode 100644 src/util-ringbuffer.h


More information about the Oisf-devel mailing list