Important Suricata update
We just released Suricata 1.3.3 which contains some important accuracy fixes. Also, it should be much more robust against out of memory conditions.
For those of you running Suricata in IPS mode, this is important as well. We found that rules that have the drop or reject actions, were not playing well with thresholding.
So upgrading is highly recommended!
Code changes are not too big, largest changes are due to some extra unittests:
ChangeLog | 11 +
libhtp/htp/dslib.c | 4 +-
libhtp/htp/hooks.c | 31 +-
libhtp/htp/htp_connection.c | 34 ++-
libhtp/htp/htp_connection_parser.c | 25 +-
libhtp/htp/htp_parsers.c | 2 +-
libhtp/htp/htp_request.c | 4 +-
libhtp/htp/htp_request_apache_2_2.c | 24 +-
libhtp/htp/htp_transaction.c | 68 +++--
libhtp/htp/htp_util.c | 35 ++-
src/alert-debuglog.c | 4 +-
src/app-layer.c | 9 +-
src/decode.h | 3 +-
src/detect-detection-filter.c | 96 ++++++
src/detect-engine-alert.c | 37 ++-
src/detect-engine-hcbd.c | 5 +
src/detect-engine-hhd.c | 121 +++++++-
src/detect-engine-hsbd.c | 5 +
src/detect-engine-iponly.c | 5 +-
src/detect-engine-payload.c | 26 ++
src/detect-engine-threshold.c | 15 +-
src/detect-filemd5.c | 24 +-
src/detect-filestore.c | 11 +-
src/detect-filestore.h | 2 +-
src/detect-pcre.c | 485 +----------------------------
src/detect-threshold.c | 569 ++++++++++++++++++++++++++++++++++-
src/detect.c | 11 +-
src/detect.h | 2 +-
src/flow-hash.c | 10 +-
src/flow-timeout.c | 10 +-
src/flow.c | 1 -
src/flow.h | 14 +
src/log-httplog.c | 2 +-
src/runmodes.c | 2 +-
src/source-ipfw.c | 1 +
src/source-pfring.c | 20 +-
src/stream-tcp-reassemble.c | 4 +-
src/stream-tcp.c | 12 +-
src/stream.c | 3 +-
src/threads.h | 1 +
src/tmqh-packetpool.c | 5 +-
src/util-buffer.h | 6 +-
src/util-debug.c | 2 +-
src/util-host-os-info.c | 32 +-
src/util-threshold-config.c | 210 +++++++++++++
suricata.yaml.in | 6 +-
46 files changed, 1340 insertions(+), 669 deletions(-)