From: Priyanka Bangalore Gurudev (prbg) Date: Thu, 21 Dec 2023 22:44:39 +0000 (+0000) Subject: Pull request #4156: build: generate and tag 3.1.77.0 X-Git-Tag: 3.1.77.0^0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=878c5eb40017ecac95afe59897cff12c961071d9;p=thirdparty%2Fsnort3.git Pull request #4156: build: generate and tag 3.1.77.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.77.0 to master Squashed commit of the following: commit 1a7cd88c533952f1b55a1aa9ef367edc245019a3 Author: Priyanka Gurudev Date: Wed Dec 20 20:42:30 2023 -0500 build: generate and tag 3.1.77.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index ceb70d8aa..5fa6f0752 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 76) +set (VERSION_PATCH 77) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index efb9789d4..0a16fa0fd 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,24 @@ +2023-12-20: 3.1.77.0 + +* appid: add http3 to the list of ssl protocols as http3 will always be inside quic and encrypted +* appid: do not delete hsession for http3 +* appid: fix coverity issues +* appid: lua logging doc update +* build: arm compilation support +* catch: add boost software license for catch.hpp +* detection: adjust built-in GID range to 40-999 +* detection: collect matched buffers on IpsContext +* flow: add tenant ID to FlowKey +* host_cache: fix race condition on peg counts +* http_inspect: publish HTTP/1 request bodies, track MIME boundary +* main: fix reload_id data race +* parser: add CWD to conf search order +* profiler: change time tracking for "rule_time (%)" field in rule_profiler output +* profiler: dump memory profiler stats at frequent interval +* pub_sub: add get_client_body and is_mime methods +* ssl: stopping inspection once client or server app packet is found +* utils: add get_file_size + 2023-12-03: 3.1.76.0 * appid: added missed cppcheck warning diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index f7de7c942..124f56ca2 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.76.0 2023-12-03 22:56:58 EST TST +Revision 3.1.77.0 2023-12-21 17:02:00 EST TST --------------------------------------------------------------------- @@ -670,6 +670,8 @@ Peg counts: by matched continuations (sum) * detection.cont_mismatch_distance: total number of bytes jumped over by mismatched continuations (sum) + * detection.buf_dumps: total number of IPS buffers collected from + matched rules (sum) 2.8. event_filter @@ -1328,6 +1330,8 @@ Configuration: none | allocations | total_used | avg_allocation } * int profiler.memory.max_depth = -1: limit depth to max_depth (-1 = no limit) { -1:255 } + * int profiler.memory.dump_file_size = 1073741824: files will be + rolled over if they exceed this size { 4096:max53 } * bool profiler.rules.show = true: show rule time profile stats * int profiler.rules.count = 0: print results to given level (0 = all) { 0:max32 } @@ -3929,9 +3933,9 @@ Configuration: * string http_inspect.xff_headers = x-forwarded-for true-client-ip: specifies the xff type headers to parse and consider in the same order of preference as defined - * bool http_inspect.request_body_app_detection = true: make HTTP/2 + * bool http_inspect.request_body_app_detection = true: make HTTP request message bodies available for application detection - (detection requires AppId) + (AppId) and other inspectors * string http_inspect.allowed_methods: list of allowed methods * string http_inspect.disallowed_methods: list of disallowed methods @@ -8581,6 +8585,9 @@ Configuration: * bool alert_fast.file = false: output to alert_fast.txt instead of stdout * bool alert_fast.packet = false: output packet dump with alert + * bool alert_fast.buffers = false: output IPS buffer dump + * int alert_fast.buffers_depth = 0: number of IPS buffer bytes to + dump per buffer (0 is unlimited) { 0:maxSZ } * int alert_fast.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ } @@ -9053,6 +9060,9 @@ libraries see the Getting Started section of the manual. character sequence * bool alert_ex.upper = false: true/false → convert to upper/lower case + * int alert_fast.buffers_depth = 0: number of IPS buffer bytes to + dump per buffer (0 is unlimited) { 0:maxSZ } + * bool alert_fast.buffers = false: output IPS buffer dump * bool alert_fast.file = false: output to alert_fast.txt instead of stdout * int alert_fast.limit = 0: set maximum size in MB before rollover @@ -9725,9 +9735,9 @@ libraries see the Getting Started section of the manual. encodings * bool http_inspect.plus_to_space = true: replace + with when normalizing URIs - * bool http_inspect.request_body_app_detection = true: make HTTP/2 + * bool http_inspect.request_body_app_detection = true: make HTTP request message bodies available for application detection - (detection requires AppId) + (AppId) and other inspectors * int http_inspect.request_depth = -1: maximum request message body bytes to examine (-1 no limit) { -1:max53 } * int http_inspect.response_depth = -1: maximum response message @@ -10337,6 +10347,8 @@ libraries see the Getting Started section of the manual. (seconds, 0 to disable) { 0:60 } * int profiler.memory.count = 0: limit results to count items per level (0 = no limit) { 0:max32 } + * int profiler.memory.dump_file_size = 1073741824: files will be + rolled over if they exceed this size { 4096:max53 } * int profiler.memory.max_depth = -1: limit depth to max_depth (-1 = no limit) { -1:255 } * bool profiler.memory.show = true: show module memory profile @@ -11488,6 +11500,8 @@ libraries see the Getting Started section of the manual. * detection.alt_searches: alt fast pattern searches in packet data (sum) * detection.analyzed: total packets processed (now) + * detection.buf_dumps: total number of IPS buffers collected from + matched rules (sum) * detection.cont_creations: total number of continuations created (sum) * detection.cont_evals: total number of condition-met continuations diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index dd43481a1..ccbe235c7 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.76.0 2023-12-03 22:58:05 EST TST +Revision 3.1.77.0 2023-12-21 17:03:07 EST TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 28717da00..132da95c5 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.76.0 2023-12-03 22:57:21 EST TST +Revision 3.1.77.0 2023-12-21 17:02:23 EST TST --------------------------------------------------------------------- @@ -433,6 +433,7 @@ the following order: 2. Snort will try the directory containing the including file. 3. Snort will try the directory containing the -c configuration file. + 4. Snort will try the current working directory. Some things to keep in mind: