Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20170208/v5 #2549

Merged
merged 4 commits into from Feb 8, 2017
Merged

Next/20170208/v5 #2549

merged 4 commits into from Feb 8, 2017

Conversation

inliniac
Copy link
Contributor

@inliniac inliniac commented Feb 8, 2017

Merge #2544 plus:

Prscript:

regit and others added 4 commits February 8, 2017 11:21
@regit @victorjulien
af-packet: add VLAN header when needed in IPS mode
ecf59be 
When packet is coming from a real ethernet card, the kernel is
stripping the vlan header and delivering a modified packet so
we need to insert the VLAN header back before sending the packet
on the wire.

To do so, we pass an option to the raw socket to add a reserve
before the packet data. It will get Suricata some head room to
to move the ethernet addresses before there actual place and
and insert the VLAN header in the correct place.

We get VLAN info from the ring buffer as the call of AFPWrite is
always done in the release function so we still have access to the
memory.
@victorjulien
afl: with -Wshadow issues
c89ce17
@victorjulien
afl: fix ENIP, switch DNS to UDP and add --afl-dnstcp*
4683b0e
@victorjulien
detect: don't run IP inspection on non-IP packets
8622242 
The code to get the rule group (sgh) would return the group for
IP proto 0 instead of nothing. This lead to certain types of rules
unintentionally matching (False Positive).

Since the packets weren't actually IP, the logged alert records
were missing the IP header.

Bug #2017.
@inliniac inliniac merged commit 8622242 into master Feb 8, 2017
@inliniac inliniac mentioned this pull request Feb 8, 2017
Closed
@inliniac inliniac deleted the next/20170208/v5 branch February 13, 2017 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@inliniac @regit @victorjulien