Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/50x/20200211/v1 #4534

Merged
merged 2 commits into from Feb 11, 2020
Merged

Next/50x/20200211/v1 #4534

merged 2 commits into from Feb 11, 2020

Conversation

victorjulien
Copy link
Member

Backports of #4521 and AFL compile fixes.

PRScript output (if applicable):

victorjulien and others added 2 commits February 11, 2020 10:09
@victorjulien
afl: fix compilation
43ee9d8 
(cherry picked from commit f05c12b)
@silentcreek @victorjulien
init: Fix dropping privileges in nflog runmode
e1b363b 
Using the run-as configuration option with the nflog capture method
results in the following error during the startup of suricata:
[ERRCODE: SC_ERR_NFLOG_BIND(248)] - nflog_bind_pf() for AF_INET failed

This is because SCDropMainThreadCaps does not have any capabilities
defined for the nflog runmode (unlike other runmodes). Therefore, apply
the same capabilities to the nflog runmode that are already defined for
the nfqueue runmode. This has been confirmed to allow suricata start
and drop its privileges in the nflog runmode.

Fixes redmine issue OISF#3265.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 1262ecb)
@victorjulien victorjulien requested review from jasonish and a team as code owners February 11, 2020 16:52
@victorjulien victorjulien changed the base branch from master to master-5.0.x February 11, 2020 17:07
@victorjulien victorjulien merged commit e1b363b into OISF:master-5.0.x Feb 11, 2020
@victorjulien victorjulien deleted the next/50x/20200211/v1 branch February 21, 2020 13:12
catenacyber added a commit to catenacyber/suricata that referenced this pull request Jun 25, 2021
@catenacyber
ike: do not keep server transforms in state
9ea1760 
Fixes OISF#4534

Now, only the tx with the transforms will match
with ike.chosen_sa_attribute
catenacyber added a commit to catenacyber/suricata that referenced this pull request Oct 10, 2021
@catenacyber
ike: do not keep server transforms in state
8381b10 
Fixes OISF#4534

Now, only the tx with the transforms will match
with ike.chosen_sa_attribute
victorjulien pushed a commit to victorjulien/suricata that referenced this pull request Oct 11, 2021
@catenacyber @victorjulien
ike: do not keep server transforms in state
accdad7 
Fixes OISF#4534

Now, only the tx with the transforms will match
with ike.chosen_sa_attribute
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@victorjulien @silentcreek