[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-481-g68b9ebd
OISF Git
noreply at openinfosecfoundation.org
Mon Mar 5 07:39:14 UTC 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 68b9ebdc02c9fda03208dc3226703294b704fdb9 (commit)
via 710c7b821fcb919dfaa816f45a8b342acee622f4 (commit)
via 9f133652223f8be116c8e1083bcb5be27bd74493 (commit)
via 44c4008f7794752090c8d8153e2f7f51c070f376 (commit)
via 1115eb52eb546fad87fe10b5c9b183ca440ad735 (commit)
via 053022931c189ee12a4801df5c67f851a0b1afcd (commit)
via 73fac478a25777fddc6e78dcf868585a8458672f (commit)
via a01a229b373c6e93f7592a9af0965632fc6faa32 (commit)
via 4b897c906004d2b43a1d0f77d86f0c48a2e672be (commit)
via cd98d7ddccbc9c6077efbcecef63d37cb0b5ad46 (commit)
via 39754a976a0c969552df4ff8024bb8fa29907fef (commit)
via 3f4c7efa72125db39a6737b46c72a94bd3c4f6a4 (commit)
via 7906c521cdde5b1d0eb3ce379b8e343c3055653f (commit)
from ffc847db01fbf81df8a647d7a794d99894e4939d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 68b9ebdc02c9fda03208dc3226703294b704fdb9
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 2 13:44:43 2018 +0100
output: fix logging wrong direction in tls upgrade
When upgrading to TLS from HTTP logging of the final HTTP tx could
have the wrong direction. This was due to the original packet triggering/
finalizing the upgrade would be used as the base for both the toserver
and toclient pseudo packet meaning it was wrong in one direction.
This patch creates a pseudo packet in the same way as the flow timeout
code does, so it no longer takes the raw original packet in.
Bug #2430
commit 710c7b821fcb919dfaa816f45a8b342acee622f4
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 2 12:15:11 2018 +0100
output/json: update callers to use explicit directions
commit 9f133652223f8be116c8e1083bcb5be27bd74493
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 2 11:53:12 2018 +0100
output/json: make log direction explicit
Introduce enum OutputJsonLogDirection to make logging direction
explicit.
commit 44c4008f7794752090c8d8153e2f7f51c070f376
Author: Victor Julien <victor at inliniac.net>
Date: Fri Mar 2 11:36:36 2018 +0100
output/json: clean up CreateJSONHeader calls
commit 1115eb52eb546fad87fe10b5c9b183ca440ad735
Author: Jason Ish <ish at unx.ca>
Date: Thu Mar 1 07:42:09 2018 -0600
travis: redirect unittest output to file in all builds
On error, print the last 500 lines of output then exit 1.
Shoud allow us to see why a build fail on the debug tests,
when the error was burried in an output file we weren't
making visible.
commit 053022931c189ee12a4801df5c67f851a0b1afcd
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 26 13:35:28 2018 +0100
rust/json: add array_append_string
commit 73fac478a25777fddc6e78dcf868585a8458672f
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 19 18:24:14 2018 +0100
rust/dns: fix nom verbose error mode
commit a01a229b373c6e93f7592a9af0965632fc6faa32
Author: Brandon Sterne <brandon.sterne at gmail.com>
Date: Tue Feb 27 13:28:45 2018 -0800
doc: use standard spelling of daemon
commit 4b897c906004d2b43a1d0f77d86f0c48a2e672be
Author: Danny Browning <danny.browning at protectwise.com>
Date: Thu Dec 21 14:09:08 2017 -0700
source-pcap-file: Directory mode may miss files (bug #2394)
https://redmine.openinfosecfoundation.org/issues/2394
Certain parameters of delay and poll interval could cause newly added
files in a directory to be missed. Cleaned up how time is handled for
files in a directory and fix which time is used for future directory
traversals. Add a mutex to make sure processing time is not optimized
away.
commit cd98d7ddccbc9c6077efbcecef63d37cb0b5ad46
Author: Eric Leblond <eric at regit.org>
Date: Tue Feb 13 00:04:05 2018 +0100
ebpf: remove vlan_hdr alignement
If we align the vlan_hdr then we increase its size and the parsing
of packets with VLAN tag is broken.
commit 39754a976a0c969552df4ff8024bb8fa29907fef
Author: Jesper Dangaard Brouer <netoptimizer at brouer.com>
Date: Wed Feb 7 23:21:24 2018 +0100
epf: improving the ebpf makefile
The current ebpf/Makefile.am have the problem that clang compile
errors still result in an ELF .bpf output file. This is obviously
problematic as the problem is first seen runtime when loading
the bpf-prog. This is caused by the uses of a pipe from
clang to llc.
To address this problem, split up the clang and llc invocations
up into two separate commands, to get proper reaction based on
the compiler exit code. The clang compiler is used as a
frontend (+ optimizer) and instructed (via -S -emit-llvm) to
generate LLVM IR (Intermediate Representation) with suffix .ll.
The LLVM llc command is used as a compiler backend taking IR and
producing BPF machine bytecode, and storing this into a ELF
object. In the last step the IR .ll suffix code it removed.
The official documentation of the IR language:
http://llvm.org/docs/LangRef.html
Also fix the previous make portability warning:
'%-style pattern rules are a GNU make extension'
I instead use some static pattern rules:
https://www.gnu.org/software/make/manual/html_node/Static-Usage.html
Signed-off-by: Jesper Dangaard Brouer <netoptimizer at brouer.com>
commit 3f4c7efa72125db39a6737b46c72a94bd3c4f6a4
Author: Jesper Dangaard Brouer <netoptimizer at brouer.com>
Date: Wed Feb 7 23:21:19 2018 +0100
ebpf: compile with clang -target bpf
Enable compiling eBPF programs with clang -target bpf.
This is mostly to workaround a bug in libbpf, where clang > ver 4.0.0
generates some ELF sections (.eh_frame) when -target bpf is NOT specified,
and libbpf fails loading such files.
Notice libbpf is provided by the kernel, and in kernel v4.16 the library
will contain the needed function for attaching to the XDP hook.
Kernel commit 949abbe88436 ("libbpf: add function to setup XDP")
https://git.kernel.org/torvalds/c/949abbe88436
The library fix has reached kernel v4.16 but the workaround for Suricata
is interesting anyway in case people use a kernel v4.15.
Signed-off-by: Jesper Dangaard Brouer <netoptimizer at brouer.com>
commit 7906c521cdde5b1d0eb3ce379b8e343c3055653f
Author: Jesper Dangaard Brouer <netoptimizer at brouer.com>
Date: Wed Feb 7 23:21:14 2018 +0100
ebpf: take clang -target bpf include issue of stdint.h into account
This patch prepares code before enabling the clang -target bpf.
The clang compiler does not like #include <stdint.h> when
using '-target bpf' it will fail with:
fatal error: 'gnu/stubs-32.h' file not found
This is because using clang -target bpf, then clang will have '__bpf__'
defined instead of '__x86_64__' hence the gnu/stubs-32.h include
attempt as /usr/include/gnu/stubs.h contains, on x86_64:
#if !defined __x86_64__
# include <gnu/stubs-32.h>
#endif
#if defined __x86_64__ && defined __LP64__
# include <gnu/stubs-64.h>
#endif
#if defined __x86_64__ && defined __ILP32__
# include <gnu/stubs-x32.h>
#endif
This can be worked around by installing the 32-bit version of
glibc-devel.i686 on your distribution.
But the BPF programs does not really need to include stdint.h,
if converting:
uint64_t -> __u64
uint32_t -> __u32
uint16_t -> __u16
uint8_t -> __u8
This patch does this type syntax conversion.
The build of a ebpf files had an issue for system like Debian
because they don't have a asm/types.h in the include path if the
architecture is not defined which is the case due to target bpf.
This results in:
clang-5.0 -Wall -Iinclude -O2 \
-D__KERNEL__ -D__ASM_SYSREG_H \
-target bpf -S -emit-llvm vlan_filter.c -o vlan_filter.ll
In file included from vlan_filter.c:19:
In file included from include/linux/bpf.h:11:
/usr/include/linux/types.h:5:10: fatal error: 'asm/types.h' file not
found
#include <asm/types.h>
^~~~~~~~~~~~~
1 error generated.
Makefile:523: recipe for target 'vlan_filter.bpf' failed
This patch fixes the issue by adding a include path setting the
architecture to the one of the builder.
Signed-off-by: Jesper Dangaard Brouer <netoptimizer at brouer.com>
Sidned-off-by: Eric Leblond <eric at regit.org>
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 16 +--
doc/userguide/partials/options.rst | 2 +-
ebpf/Makefile.am | 23 ++++-
ebpf/bypass_filter.c | 27 +++--
ebpf/filter.c | 3 +-
ebpf/hash_func01.h | 12 +--
ebpf/lb.c | 11 +-
ebpf/vlan_filter.c | 5 +-
ebpf/xdp_filter.c | 44 ++++----
rust/src/dns/parser.rs | 10 +-
rust/src/json.rs | 5 +
scripts/suricatasc/src/suricatasc.py | 3 +-
src/detect-engine-profile.c | 2 +-
src/output-json-alert.c | 4 +-
src/output-json-dnp3.c | 4 +-
src/output-json-dns.c | 11 +-
src/output-json-drop.c | 5 +-
src/output-json-file.c | 2 +-
src/output-json-flow.c | 4 +-
src/output-json-http.c | 2 +-
src/output-json-metadata.c | 2 +-
src/output-json-netflow.c | 6 +-
src/output-json-nfs.c | 5 +-
src/output-json-smtp.c | 5 +-
src/output-json-ssh.c | 4 +-
src/output-json-template.c | 7 +-
src/output-json-tftp.c | 5 +-
src/output-json-tls.c | 2 +-
src/output-json.c | 89 +++++++++--------
src/output-json.h | 14 ++-
src/runmode-unix-socket.c | 20 +++-
src/source-pcap-file-directory-helper.c | 83 ++++++++-------
src/source-pcap-file-directory-helper.h | 1 +
src/source-pcap-file.c | 1 +
src/stream-tcp.c | 172 +++++++++++++++++++++++++++-----
src/suricata.c | 1 +
src/util-time.h | 1 +
37 files changed, 387 insertions(+), 226 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list