app-layer-modbus.c:1226:39: warning: taking address of packed member 'transactionId' of class or structure 'ModbusHeader_' may result in an unaligned pointer value [-Waddress-of-packed-member]
if (ModbusExtractUint16(modbus, &(header->transactionId), input, input_len, &offset) ||
^~~~~~~~~~~~~~~~~~~~~
app-layer-modbus.c:1228:39: warning: taking address of packed member 'protocolId' of class or structure 'ModbusHeader_' may result in an unaligned pointer value [-Waddress-of-packed-member]
ModbusExtractUint16(modbus, &(header->protocolId), input, input_len, &offset) ||
^~~~~~~~~~~~~~~~~~
app-layer-modbus.c:1230:39: warning: taking address of packed member 'length' of class or structure 'ModbusHeader_' may result in an unaligned pointer value [-Waddress-of-packed-member]
ModbusExtractUint16(modbus, &(header->length), input, input_len, &offset) ||
^~~~~~~~~~~~~~
3 warnings generated.
Bug #2088
clang-4.0 reported:
util-pool.c:242:13: warning: logical not is only applied to the left hand side of this bitwise operator [-Wlogical-not-parentheses]
if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
^ ~
util-pool.c:242:13: note: add parentheses after the '!' to evaluate the bitwise operator first
if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
^
( )
util-pool.c:242:13: note: add parentheses around left hand side expression to silence this warning
if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
^
( )
util-pool.c:261:13: warning: logical not is only applied to the left hand side of this bitwise operator [-Wlogical-not-parentheses]
if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
^ ~
util-pool.c:261:13: note: add parentheses after the '!' to evaluate the bitwise operator first
if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
^
( )
util-pool.c:261:13: note: add parentheses around left hand side expression to silence this warning
if (! pb->flags & POOL_BUCKET_PREALLOCATED) {
^
( )
2 warnings generated.
In some cases, observed with inspect limits 0, the body tracking could
get confused. When all chunks were already freed, a new chunk would
be considered to be the start of the body. This would overwrite the
bodies 'content_len_so_far' tracker, instead of adding to it. This in
turn could lead to a assertion abort in the inspection code.
This patch redoes the append code to always add the current lenght. It
cleans up the code to remove redundant logic.
Issue: https://redmine.openinfosecfoundation.org/issues/2078
Reported-By: Jørgen Bøhnsdalen
"p" was being used in the macro but was not an argument to
the macro, but it worked due to the context of the macro.
Use the actual macro argument, d2, instead of p.
Results in no change to generated code.
Add SCFlowTimestamps() to return startts and lastts as seconds and
microseconds from flow.
Examples:
startts, lastts = SCFlowTimestamps()
startts_s, lastts_s, startts_us, lastts_us = SCFlowTimestamps()
Issue:
https://redmine.openinfosecfoundation.org/issues/2041
One approach to fixing this issue to just validate the
checksum instead of regenerating it and comparing it. This
method is used in some kernels and other network tools.
When validating, the current checksum is passed in as an
initial argument which will cause the final checksum to be 0
if OK. If generating a checksum, 0 is passed and the result
is the generated checksum.
Kind of ugly, but first unlink all dependencies then install.
The deps that don't get an upgrade will remain unlinked, so
relink all dependencies as relinking an already linked dep
does not error out.
When detection is running flags are set on flows to indicate if file
hashing is needed. This is based on global output settings and rules.
In the case of --disable-detection this was not happening, so all
files where hashed with all methods. This has a significant
performance impact.
This patch adds logic to set the flow flags in --disable-detect mode.
When bytejump was told to convert some payload data to int from a
string it would print an error to the screen if the conversion
failed. This is unwanted as the payload is controlled by an attacker
and printing is expensive.
A GAP during protocol detection would lead to all reassembly
getting disabled, so also the raw reassembly. In addition, it
could prevent the opposing side from doing protocol detection.
This patch remove the 'disable reassembly' logic. Stream engine
will take the stream with GAP and app-layer will make the proto
detection as complete.
It looks like Travis changed their Mac image and pcre is now
installed by default. In case it gets removed again, just unlink
it before re-installing so it doesn't fail on install.
All loggers were wrapping just the write in a lock with some
updating a counter. This moves the lock into the write function.
The log_ctx alerts counter was also removed as many modules have
stopped using this and the alert count is available elsewhere.
Should satisfy Coverity CID 1400798:
CID 1400798 (#1 of 1): Data race condition (MISSING_LOCK) 2.
missing_lock: Accessing log_ctx->rotation_flag without holding lock
LogFileCtx_.fp_mutex. Elsewhere, "LogFileCtx_.rotation_flag" is accessed
with LogFileCtx_.fp_mutex held 4 out of 5 times.
Which appears to be a false positive as all calls to SCLogFileWrite
were done under lock, but this will make it more explicit.
Match on TLS certificate serial number using tls_cert_serial
keyword, e.g.:
alert tls any any -> any any (msg:"TLS cert serial test";
tls_cert_serial; content:"5C:19:B7:B1:32:3B:1C:A1";
sid:12345;)
Add function LuaGetCertSerial to print serial number from TLS
certificate.
Example:
function log (args)
serial = TlsGetCertSerial()
if serial then
file:write(serial .. "\n");
file:flush()
end
end