[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-248-g50a762b

OISF Git noreply at openinfosecfoundation.org
Thu Jan 18 09:34:44 UTC 2018

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  50a762bfd164e27c55624c7e4f7e3c2e064ca788 (commit)
       via  4b24d965b8081c86759ef80080c50787d66f4727 (commit)
      from  38e6901c34119f49903fa92130afe292aa948f13 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 50a762bfd164e27c55624c7e4f7e3c2e064ca788
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Jan 16 11:54:39 2018 +0100

    thresholds: fix issues with host based thresholds
    The flow manager thread (that also runs the host cleanup code) would
    sometimes free a host before it's thresholds are timed out. This would
    lead to misdetection or too many alerts.
    This was mostly (only?) visible on slower systems. And was caused by a
    mismatch between time concepts of the async flow manager thread and the
    packet threads, resulting in the flow manager using a timestamp that
    was before the threshold entry creation ts. This would lead to an
    integer underflow in the timeout check, leading to a incorrect conclusion
    that the threshold entry was timed out.
    To address this,  check if the 'check' timestamp is not before the creation

commit 4b24d965b8081c86759ef80080c50787d66f4727
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jan 17 13:04:54 2018 +0100

    stream/midstream: be more liberal with window
    Use the wscale setting when updating the window, even if it's very


Summary of changes:
 src/detect-engine-threshold.c | 5 ++++-
 src/stream-tcp.c              | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)


More information about the Oisf-devel mailing list