Merge pull request #566 in SNORT/snort3 from 203 to master

Squashed commit of the following:

commit f2bbfd30862eda17647f842d31b4d4e595fbd9da
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Jul 22 10:08:22 2016 -0400

    bump to build 203, update change log
    warn on duplicate ports in list
    allow multiple ip_proto and stream_size per rule

diff --git a/ChangeLog b/ChangeLog
index bb4183242af5438dc779e67aa6f5342fbb249483..1830e58f4633b126ec74fdd6a8fb0a28458edd62 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+16/07/22 - build 203
+
+-- add oversize directory alert to new_http_inspect
+-- add appid counts for mdns, timbuktu, battlefield, bgp, and netbios services
+-- continue smb port - write and close command, deprecated dialect check, smb fingerprint
+-- fix outstanding strndup calls
+
 16/07/15 - build 202
 
 -- fix dynamic build of new_http_inspect

diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc
index b79ebf9d0db46bccbc3e9a765173e41ae70225d7..f40fa758761616c151e8222fe1dc600b43109237 100644 (file)
--- a/src/ips_options/ips_ip_proto.cc
+++ b/src/ips_options/ips_ip_proto.cc
@@ -307,7 +307,7 @@ static const IpsApi ip_proto_api =
         mod_dtor
     },
     OPT_TYPE_DETECTION,
-    1, PROTO_BIT__IP,
+    0, PROTO_BIT__IP,
     nullptr,
     nullptr,
     nullptr,

diff --git a/src/main/build.h b/src/main/build.h
index 425a63cf4798765cff13667fc543d673bf9b7980..b4826843578c81722918be1e7636f8331533ced0 100644 (file)
--- a/src/main/build.h
+++ b/src/main/build.h
@@ -10,7 +10,7 @@
 //                                               //
 //-----------------------------------------------//
 
-#define BUILD "202"
+#define BUILD "203"
 
 #endif
 

diff --git a/src/ports/port_object.cc b/src/ports/port_object.cc
index 87b7b4b5bb01dad156e112bb893fc91a202064d8..a7fb2d9dd4aef29feb404e3aeb24acd44ea9ccd2 100644 (file)
--- a/src/ports/port_object.cc
+++ b/src/ports/port_object.cc
@@ -136,11 +136,7 @@ int PortObjectAddItem(PortObject* po, PortObjectItem* poi, int* errflag)
         p=(PortObjectItem*)sflist_next(&pos) )
     {
         if ((p->lport == poi->lport) && (p->hport == poi->hport))
-        {
-            if (errflag)
-                *errflag = 9; // FIXIT-L why return poparser code here? POPERR_DUPLICATE_ENTRY;
-            return -1; /* -1 chosen for consistency with sflist_add_tail */
-        }
+            ParseWarning(WARN_RULES, "duplicate ports in list");
     }
 
     sflist_add_tail(po->item_list, poi);

diff --git a/src/stream/tcp/ips_stream_size.cc b/src/stream/tcp/ips_stream_size.cc
index 0a64f1311a13db3b9ef2862ced8770c11612019f..aa0f58b417fe2d456f62232bf18b23c89ed69d66 100644 (file)
--- a/src/stream/tcp/ips_stream_size.cc
+++ b/src/stream/tcp/ips_stream_size.cc
@@ -251,7 +251,7 @@ static const IpsApi size_api =
         mod_dtor
     },
     OPT_TYPE_DETECTION,
-    1, PROTO_BIT__TCP,
+    0, PROTO_BIT__TCP,  // FIXIT-L eventually change to 1 since <> and <=> are supported
     nullptr,
     nullptr,
     nullptr,