From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri, 22 Jul 2016 15:25:30 +0000 (-0400)
Subject: Merge pull request #566 in SNORT/snort3 from 203 to master
X-Git-Tag: 3.0.0-233~326
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc4ea3f;p=thirdparty%2Fsnort3.git

Merge pull request #566 in SNORT/snort3 from 203 to master

Squashed commit of the following:

commit f2bbfd30862eda17647f842d31b4d4e595fbd9da
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Jul 22 10:08:22 2016 -0400

    bump to build 203, update change log
    warn on duplicate ports in list
    allow multiple ip_proto and stream_size per rule
---

diff --git a/ChangeLog b/ChangeLog
index bb4183242..1830e58f4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+16/07/22 - build 203
+
+-- add oversize directory alert to new_http_inspect
+-- add appid counts for mdns, timbuktu, battlefield, bgp, and netbios services
+-- continue smb port - write and close command, deprecated dialect check, smb fingerprint
+-- fix outstanding strndup calls
+
 16/07/15 - build 202
 
 -- fix dynamic build of new_http_inspect
diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc
index b79ebf9d0..f40fa7587 100644
--- a/src/ips_options/ips_ip_proto.cc
+++ b/src/ips_options/ips_ip_proto.cc
@@ -307,7 +307,7 @@ static const IpsApi ip_proto_api =
         mod_dtor
     },
     OPT_TYPE_DETECTION,
-    1, PROTO_BIT__IP,
+    0, PROTO_BIT__IP,
     nullptr,
     nullptr,
     nullptr,
diff --git a/src/main/build.h b/src/main/build.h
index 425a63cf4..b48268435 100644
--- a/src/main/build.h
+++ b/src/main/build.h
@@ -10,7 +10,7 @@
 //                                               //
 //-----------------------------------------------//
 
-#define BUILD "202"
+#define BUILD "203"
 
 #endif
 
diff --git a/src/ports/port_object.cc b/src/ports/port_object.cc
index 87b7b4b5b..a7fb2d9dd 100644
--- a/src/ports/port_object.cc
+++ b/src/ports/port_object.cc
@@ -136,11 +136,7 @@ int PortObjectAddItem(PortObject* po, PortObjectItem* poi, int* errflag)
         p=(PortObjectItem*)sflist_next(&pos) )
     {
         if ((p->lport == poi->lport) && (p->hport == poi->hport))
-        {
-            if (errflag)
-                *errflag = 9; // FIXIT-L why return poparser code here? POPERR_DUPLICATE_ENTRY;
-            return -1; /* -1 chosen for consistency with sflist_add_tail */
-        }
+            ParseWarning(WARN_RULES, "duplicate ports in list");
     }
 
     sflist_add_tail(po->item_list, poi);
diff --git a/src/stream/tcp/ips_stream_size.cc b/src/stream/tcp/ips_stream_size.cc
index 0a64f1311..aa0f58b41 100644
--- a/src/stream/tcp/ips_stream_size.cc
+++ b/src/stream/tcp/ips_stream_size.cc
@@ -251,7 +251,7 @@ static const IpsApi size_api =
         mod_dtor
     },
     OPT_TYPE_DETECTION,
-    1, PROTO_BIT__TCP,
+    0, PROTO_BIT__TCP,  // FIXIT-L eventually change to 1 since <> and <=> are supported
     nullptr,
     nullptr,
     nullptr,