]>
git.ipfire.org Git - thirdparty/snort3.git/log
Michael Altizer (mialtize) [Tue, 31 Mar 2020 15:35:19 +0000 (15:35 +0000)]
Merge pull request #2119 in SNORT/snort3 from ~MIALTIZE/snort3:3.0.1_build_1 to master
Squashed commit of the following:
commit
fea387971db1f4f7552af4f7a402a5b032efb218
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 31 09:59:58 2020 -0400
build: generate and tag 3.0.1 build 1
Steve Chew (stechew) [Tue, 31 Mar 2020 14:41:57 +0000 (14:41 +0000)]
Merge pull request #2102 in SNORT/snort3 from ~STECHEW/snort3:detained_packet_with_ssl to master
Squashed commit of the following:
commit
403c0de29a90c3a101730357a9bd5ba9caabf243
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 23 20:48:52 2020 -0400
analyzer: Send detained packet event when a packet is held.
commit
43ecbb9b1cdb32a532342e29be6162ada75e2ecf
Author: Steve Chew <stechew@cisco.com>
Date: Thu Mar 26 12:01:35 2020 -0400
dce_rpc: Fixed missing space in string.
Michael Altizer (mialtize) [Mon, 30 Mar 2020 22:50:53 +0000 (22:50 +0000)]
Merge pull request #2078 in SNORT/snort3 from ~MIALTIZE/snort3:version_3_0_1 to master
Squashed commit of the following:
commit
017bead76ae7609494c26cf0a5756a3e07f73995
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Mar 13 13:16:37 2020 -0400
build: Increment version to 3.0.1
Steve Chew (stechew) [Mon, 30 Mar 2020 21:36:02 +0000 (21:36 +0000)]
Merge pull request #2107 in SNORT/snort3 from ~BBANTWAL/snort3:latency_updates to master
Squashed commit of the following:
commit
99e8356b5e645aebb676d58acc22462948cab5b8
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Mar 25 10:01:54 2020 -0400
latency: remove action config option and convert the log handler to trace_log message
commit
d9ce00ad8447b8f376077b249f1a03c7f0c2acbc
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Mar 25 09:05:41 2020 -0400
snort2lua: remove conversion of deprecated options pkt-log and rule-log
Mike Stepanek (mstepane) [Mon, 30 Mar 2020 15:36:59 +0000 (15:36 +0000)]
Merge pull request #2111 in SNORT/snort3 from ~KATHARVE/snort3:h2_headers to master
Squashed commit of the following:
commit
b076d151ec56be77b27a72904e68c9eae18e887b
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Mar 25 19:06:59 2020 -0400
http2_inspect: handle Cl and TE headers, and end_stream flags set on headers frames
Mike Stepanek (mstepane) [Mon, 30 Mar 2020 11:54:35 +0000 (11:54 +0000)]
Merge pull request #2114 in SNORT/snort3 from ~THOPETER/snort3:nhttp138 to master
Squashed commit of the following:
commit
cdbf6e7e9e313444606b38d2afcea79954cca108
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Mar 27 11:47:19 2020 -0400
http_inspect: added FIXIT for thread safety
Russ Combs (rucombs) [Sat, 28 Mar 2020 00:10:29 +0000 (00:10 +0000)]
Merge pull request #2095 in SNORT/snort3 from ~RUCOMBS/snort3:fixit_h to master
Squashed commit of the following:
commit
0ebc66453a734219078df3fd286d01dd63fa8474
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Mar 22 13:22:33 2020 -0400
doc: add FIXIT-E description
commit
fb12eb5b0cbdc6976de6a27bb13866085969a0e2
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Mar 22 13:04:12 2020 -0400
src: udpate high priority "to be fixed" comments (FIXIT-H)
Mike Stepanek (mstepane) [Fri, 27 Mar 2020 19:32:59 +0000 (19:32 +0000)]
Merge pull request #2101 in SNORT/snort3 from ~MDAGON/snort3:h2i_pt4 to master
Squashed commit of the following:
commit
9942a2e7ebd578c2c0715646e09f3357026083a7
Author: mdagon <mdagon@cisco.com>
Date: Tue Mar 17 10:36:25 2020 -0400
http2_inspect: multiple data frames support
Russ Combs (rucombs) [Thu, 26 Mar 2020 22:53:55 +0000 (22:53 +0000)]
Merge pull request #2083 in SNORT/snort3 from ~SBAIGAL/snort3:so_proxy to master
Squashed commit of the following:
commit
f19ea58fa5e667524c554164ab956346e1abe04a
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Mar 10 18:11:14 2020 -0400
so_rule: fix reload of shared object rules that use flow data
add tracking SO rule flow data with so_proxy inspector
Shravan Rangarajuvenkata (shrarang) [Thu, 26 Mar 2020 22:32:57 +0000 (22:32 +0000)]
Merge pull request #2098 in SNORT/snort3 from ~SAARAYA/snort3:http2_app_detection to master
Squashed commit of the following:
commit
472fe39ed1ec39a11bbc0748b4f1368b8a7d6a1e
Author: Oleksii Zaika <ozaika@cisco.com>
Date: Mon Mar 23 06:13:16 2020 -0400
appid: use http2 inspector for detection even if third-party module is present
Mike Stepanek (mstepane) [Thu, 26 Mar 2020 14:57:55 +0000 (14:57 +0000)]
Merge pull request #2105 in SNORT/snort3 from ~THOPETER/snort3:nhttp137 to master
Squashed commit of the following:
commit
f813962863f8f35615109ccea129f68499903e00
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Mar 24 13:33:49 2020 -0400
http_inspect: eliminate empty body sections for missing message bodies
Michael Altizer (mialtize) [Wed, 25 Mar 2020 22:15:48 +0000 (22:15 +0000)]
Merge pull request #2045 in SNORT/snort3 from ~SVLASIUK/snort3:trace_log_level to master
Squashed commit of the following:
commit
b83b61ba207177d583ef57ec3642ae130b9a7680
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Fri Feb 14 16:33:00 2020 +0200
modules: Support verbosity level for module trace options, modify trace logging macros.
Log level range [0-255].
There are conditional debug_log/debug_logf and unconditional trace_log/trace_logf macros for logging.
Now log messages have format: module:sub_module:log_level: msg.
Ex: detection:rule_eval:1: Fast pattern search
Added trace 'all' option for detection module.
Mike Stepanek (mstepane) [Wed, 25 Mar 2020 19:40:43 +0000 (19:40 +0000)]
Merge pull request #2089 in SNORT/snort3 from ~NIHDESAI/snort3:tsan_mime to master
Squashed commit of the following:
commit
60962397f8910eb4ade3ff842db5262d3337eeea
Author: Nihal Desai <nihdesai@cisco.com>
Date: Wed Mar 18 04:57:26 2020 -0400
mime: fix data race in mime config
Steve Chew (stechew) [Wed, 25 Mar 2020 15:37:32 +0000 (15:37 +0000)]
Merge pull request #2081 in SNORT/snort3 from ~OKHOMIAK/snort3:standardize_inspectors_config_output to master
Squashed commit of the following:
commit
136f35e3127f142c92e37717b9b864b36a2074f2
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Fri Mar 13 02:15:11 2020 +0200
service_inspectors: standardize verbose config startup output for SMTP, POP and IMAP inspectors
Davis McPherson (davmcphe) [Wed, 25 Mar 2020 14:33:23 +0000 (14:33 +0000)]
Merge pull request #2073 in SNORT/snort3 from ~ZHIJLIU/snort3:CSCvs59026_badack to master
Squashed commit of the following:
commit
c0f2ed2c2b2572310314aa5b7b53557b12cc9966
Author: Louis Zhijun Liu <zhijliu@cisco.com>
Date: Wed Mar 11 17:44:19 2020 -0700
stream_tcp: Out-of-order ACK processing fix
Mike Stepanek (mstepane) [Wed, 25 Mar 2020 14:13:20 +0000 (14:13 +0000)]
Merge pull request #2106 in SNORT/snort3 from ~MSTEPANE/snort3:build_270 to master
Squashed commit of the following:
commit
6155a90e061a401368f4c31c22c36cbae2a85a64
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Mar 25 09:08:03 2020 -0400
build: generate and tag build 270
Michael Altizer (mialtize) [Wed, 25 Mar 2020 01:39:33 +0000 (01:39 +0000)]
Merge pull request #2091 in SNORT/snort3 from ~MIALTIZE/snort3:detained_fixups to master
Squashed commit of the following:
commit
1444a851fb7c3714995441a3cd6385f38e733e5e
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 24 12:03:33 2020 -0400
stream_tcp: Cancel hold requests on the current packet when flushing
commit
16ab4c97c5342e893a2ab5dc6b50b4c7a909fd79
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Mar 19 13:52:16 2020 -0400
active: Move packet hold realization for Stream detainment to verdict handling
commit
3e5d373c511b04dd2fcd61937c75e5ae490bd407
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Mar 19 11:24:46 2020 -0400
active: Base hold_packet() decision on DAQ message pool usage
This change cascades into TcpStreamTracker's hold packet logic.
commit
d61ce2dc2ba3d30bd8347ed6b7885e5bd5699e8a
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Mar 19 09:34:10 2020 -0400
stream_tcp: Finalize held packets in TcpSession::clear_session()
This ensures that held packets are released even if a flow is cleared
without cleanup (as in prune conditions).
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Mar 2020 22:40:00 +0000 (22:40 +0000)]
Merge pull request #2069 in SNORT/snort3 from ~OZAIKA/snort3:http2_draft_test to master
Squashed commit of the following:
commit
3c70e324722c55684edd27c3689db0d699dfcad8
Author: Oleksii Zaika <ozaika@cisco.com>
Date: Tue Mar 10 08:26:02 2020 -0400
appid: support detection for first stream in http/2 session
George Koikara (gkoikara) [Tue, 24 Mar 2020 18:18:28 +0000 (18:18 +0000)]
Merge pull request #1984 in SNORT/snort3 from ~NEHASH4/snort3:CSCvh17903 to master
Squashed commit of the following:
commit
fe0e3ebb85728a7ace9022accf90046561a843ce
Author: neha sharma <nehash4@cisco.com>
Date: Tue Dec 17 05:53:19 2019 -0500
smb: inspect midstream sessions for file inspection
Mike Stepanek (mstepane) [Tue, 24 Mar 2020 17:51:01 +0000 (17:51 +0000)]
Merge pull request #2094 in SNORT/snort3 from ~SMINUT/snort3:expect_cache_min_prune to master
Squashed commit of the following:
commit
9eb02b8dabe4bee0a03cbcbf0a991913f014d059
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Mar 20 22:30:54 2020 -0400
flow: allow the ExpectCache to force prune, so that we can always make room when the cache is full.
flow: change the ExpectCache prune logic to only remove a specified number of oldest entries, regardless of node expiration time.
flow: do away altogether with the loop in ExpectCache::prune, just remove one, only when the cache is full.
Steve Chew (stechew) [Tue, 24 Mar 2020 14:03:54 +0000 (14:03 +0000)]
Merge pull request #2079 in SNORT/snort3 from ~STECHEW/snort3:malware_block_with_retry to master
Squashed commit of the following:
commit
9c4ea9f5a683908369e005325ca833d85fec01a3
Author: Steve Chew <stechew@cisco.com>
Date: Sun Mar 22 10:48:00 2020 -0400
stream/tcp: Moved retry check to TcpSession::process.
commit
46cc63de4bd2b0b5e026dfd5e47e17f98680e531
Author: Steve Chew <stechew@cisco.com>
Date: Sat Mar 14 18:55:51 2020 -0400
stream: short-circuit stream when handling retry packets in no-ack mode.
Mike Stepanek (mstepane) [Tue, 24 Mar 2020 14:01:40 +0000 (14:01 +0000)]
Merge pull request #2100 in SNORT/snort3 from ~KATHARVE/snort3:nhi_refactor_print_body_section to master
Squashed commit of the following:
commit
9c9226cea9e366bfd8be4da464ba1428497c9221
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Mar 23 16:54:22 2020 -0400
http_inspect: refactor print_section for message bodies
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Mar 2020 10:43:18 +0000 (10:43 +0000)]
Merge pull request #2068 in SNORT/snort3 from ~CLJUDGE/snort3:ftpsdata_not_overwritten_as_ssl to master
Squashed commit of the following:
commit
2999eb64b825646b5840ced516c8ec4894c05ba5
Author: cljudge <cljudge@cisco.com>
Date: Fri Mar 6 03:36:54 2020 -0500
appid: restart service detection on start of decryption
Steve Chew (stechew) [Mon, 23 Mar 2020 23:25:02 +0000 (23:25 +0000)]
Merge pull request #2084 in SNORT/snort3 from ~STECHEW/snort3:ioctl_inject_fix to master
Squashed commit of the following:
commit
49237a73836f4b17b7cf9ef4ce101abca6e876c6
Author: Steve Chew <stechew@cisco.com>
Date: Thu Mar 19 01:05:01 2020 -0400
active: Send entire buffer at once when send_data uses ioctl.
commit
38a9fd566784902701899bd098456e442ca6fd15
Author: Steve Chew <stechew@cisco.com>
Date: Tue Mar 17 17:52:51 2020 -0400
active: Fix direction of RST packet being sent to server.
Mike Stepanek (mstepane) [Mon, 23 Mar 2020 19:26:48 +0000 (19:26 +0000)]
Merge pull request #2088 in SNORT/snort3 from ~KATHARVE/snort3:nhi_h2 to master
Squashed commit of the following:
commit
eada91f3303497cbb76e33cc1dc6e54c5c34e5fd
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Mar 18 10:08:59 2020 -0400
http_inspect: create http2 message body type
commit
242bff1e4f0c717a184f213a342ade9192b895de
Author: mdagon <mdagon@cisco.com>
Date: Mon Mar 9 15:39:02 2020 -0400
http2_inspect: refactor data cutter - preparation for multi packet processing
Shravan Rangarajuvenkata (shrarang) [Mon, 23 Mar 2020 19:19:14 +0000 (19:19 +0000)]
Merge pull request #2093 in SNORT/snort3 from ~KAMURTHI/snort3:DoT to master
Squashed commit of the following:
commit
175d9f0296de8b09fd637fd5ec3c997794758483
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Tue Mar 17 16:26:41 2020 -0400
appid: Include DNS over TLS port for classification.
Shravan Rangarajuvenkata (shrarang) [Mon, 23 Mar 2020 18:24:59 +0000 (18:24 +0000)]
Merge pull request #2082 in SNORT/snort3 from ~KAMURTHI/snort3:client_ut to master
Squashed commit of the following:
commit
366655b4b7b6468df1722d9fe33bbc43dd4b971f
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Mon Mar 16 16:46:31 2020 -0400
appid: Adding UT for client_app_aim_test
Steve Chew (stechew) [Mon, 23 Mar 2020 14:16:34 +0000 (14:16 +0000)]
Merge pull request #1937 in SNORT/snort3 from ~OSHUMEIK/snort3:snort2lua_ips_option_replace to master
Squashed commit of the following:
commit
78fd7e410f877f6850b8e1a43877695e3c9804ac
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 11:42:39 2020 +0200
lua: enable a rewrite plugin in a default config
commit
a96c133df889bf8e9261c960053e5fab347f7a6e
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Mar 10 12:09:40 2020 +0200
build: refactor included headers
Sort a list of included headers according to the Coding Style.
For .cc files in `tools/snort2lua/rule_states` directory.
commit
e78f54d6fa600155d05b2eac9f5b0528db452116
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Jan 9 11:50:20 2020 +0200
snort2lua: convert a replace option to a rewrite plugin/action.
Check if option has empty value.
Add comment for rules with a replace option.
Drop/block action takes precedence over a rewrite action.
Mike Stepanek (mstepane) [Mon, 23 Mar 2020 13:18:40 +0000 (13:18 +0000)]
Merge pull request #2090 in SNORT/snort3 from ~MASHASAN/snort3:idle_reload to master
Squashed commit of the following:
commit
77d0b2b990780864d9c6a3f67d076a9f14a216ea
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu Mar 19 12:34:45 2020 -0400
reload: Setting higher maximum pruning when idle
George Koikara (gkoikara) [Mon, 23 Mar 2020 08:38:46 +0000 (08:38 +0000)]
Merge pull request #1952 in SNORT/snort3 from ~NEHASH4/snort3:CSCvh69673 to master
Squashed commit of the following:
commit
ad1702181be3428dba9fb67fdc5215134a8cc648
Author: neha sharma <nehash4@cisco.com>
Date: Wed Feb 5 11:36:31 2020 -0500
file_api: reading the new data for the overlapped file_data
Michael Altizer (mialtize) [Fri, 20 Mar 2020 23:14:35 +0000 (23:14 +0000)]
Merge pull request #2092 in SNORT/snort3 from ~MIALTIZE/snort3:no_uuid to master
Squashed commit of the following:
commit
39849097efee6f2e6cad02c598424ea46792d8c1
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Mar 20 12:17:19 2020 -0400
build: Don't try to use libuuid headers/libraries when not found
The updated FindUUID macros properly set the libuuid variables to
NOTFOUND, which exposed the places where they were being unconditionally
used. This properly conditionalizes that usage.
Thanks to James Lay <jlay@slave-tothe-box.net> for reporting the issue.
Mike Stepanek (mstepane) [Fri, 20 Mar 2020 20:25:19 +0000 (20:25 +0000)]
Merge pull request #2072 in SNORT/snort3 from ~THOPETER/snort3:nhttp133 to master
Squashed commit of the following:
commit
ad73c4fabe6ecbc90bb9283d52ae574288072ec9
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Feb 5 14:54:56 2020 -0500
http_inspect: gzip detained inspection
Michael Altizer (mialtize) [Fri, 20 Mar 2020 16:59:53 +0000 (16:59 +0000)]
Merge pull request #1957 in SNORT/snort3 from ~SELYSENK/snort3:bug/network_policy_nullptr to master
Squashed commit of the following:
commit
691b1f3af718cf70893c4026b1d480ca1abe3d9b
Author: Serhii Lysenko <selysenk@cisco.com>
Date: Thu Mar 5 13:37:53 2020 +0200
loggers: update usage to GLOBAL for all loggers
commit
d661b7e1eac7fdb3386ac4cbab537de72ebfcabb
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Mar 4 11:26:20 2020 -0500
snort2lua: don't print out network_policy binding
commit
43de169f5a6f10c0c03bfe6521bd22dfab0a0b17
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Mar 4 11:25:22 2020 -0500
binder: ignore the network_policy binding
commit
3ac2647f7f2e358ab6205adabd9e22a4643ef845
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Feb 26 20:23:07 2020 -0500
filters: update threshold tracking functions
General event threshold tracking functions take one more parameter
policy_id.
Usage for suppress and rate_filter modules is changed to CONTEXT.
event_filter, rate_filter and suppress modules use get_network_policy
to get the policy_id passed to the generic threshold tracking.
detection filter module uses get_ips_policy to get the policy_id
passed to the generic threshold traching.
Michael Altizer (mialtize) [Wed, 18 Mar 2020 14:21:42 +0000 (14:21 +0000)]
Merge pull request #1851 in SNORT/snort3 from ~BBANTWAL/snort3:vxlan_new to master
Squashed commit of the following:
commit
5c8104ebe65146c9315ae4a5a52e8fa3843b19c8
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Mar 17 15:19:57 2020 -0400
main: check if flow state is blocked while applying verdicts
commit
c7f9f5def1d0a42695a0a1e6f9229a443f329b4b
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Dec 10 15:14:37 2019 -0500
codecs: add new proto bit for udp tunneled traffic
commit
82313413cf6f4152915ffce33fc2f41118bbbd1c
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Aug 30 13:41:51 2018 -0400
codecs: add vxlan codec
move gtp_ports and deep_teredo_inspection from
snort config to UdpCodecConfig
Mike Stepanek (mstepane) [Wed, 18 Mar 2020 11:41:37 +0000 (11:41 +0000)]
Merge pull request #2062 in SNORT/snort3 from ~MDAGON/snort3:h2i_pt3 to master
Squashed commit of the following:
commit
4ef91cac5ae0967b79a057bbc11828098c55d694
Author: mdagon <mdagon@cisco.com>
Date: Wed Feb 26 16:09:04 2020 -0500
http2_inspect: support single data frame sent to http, multiple flushes
Shravan Rangarajuvenkata (shrarang) [Tue, 17 Mar 2020 22:27:03 +0000 (22:27 +0000)]
Merge pull request #2076 in SNORT/snort3 from ~SATHIRKA/snort3:icmpv6_in_ipv4_tunnel to master
Squashed commit of the following:
commit
c3f39b0995a7821d1fd1c3ca05db359467b26a44
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 12 17:24:53 2020 -0400
appid: Support appid detection for outer protocol service
Shravan Rangarajuvenkata (shrarang) [Mon, 16 Mar 2020 14:17:30 +0000 (14:17 +0000)]
Merge pull request #2075 in SNORT/snort3 from ~KAMURTHI/snort3:smb_appid to master
Squashed commit of the following:
commit
158a37aa6275e82dc1504f26f83617463336700f
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Wed Mar 11 14:40:01 2020 -0400
appid: Fix SMB session data memory leak.
Michael Altizer (mialtize) [Fri, 13 Mar 2020 21:37:04 +0000 (21:37 +0000)]
Merge pull request #2067 in SNORT/snort3 from ~MIALTIZE/snort3:cxx14 to master
Squashed commit of the following:
commit
be07a2b2ac719b81b1d16e09e9cb552e73573a29
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Mar 6 18:13:43 2020 -0500
build: Bump the C++ compiler supported feature set requirement to C++14
Mike Stepanek (mstepane) [Fri, 13 Mar 2020 14:43:25 +0000 (14:43 +0000)]
Merge pull request #2065 in SNORT/snort3 from ~DERAMADA/snort3:h2i_flow_data_size to master
Squashed commit of the following:
commit
b4ed56e4d29821bd549824de43845861fc062b62
Author: deramada <deramada@cisco.com>
Date: Fri Mar 6 10:18:28 2020 -0500
http2_inspect: update dev notes with memory calculations
Michael Altizer (mialtize) [Thu, 12 Mar 2020 18:28:08 +0000 (18:28 +0000)]
Merge pull request #2074 in SNORT/snort3 from ~MIALTIZE/snort3:build_269 to master
Squashed commit of the following:
commit
08d5b15a1d4a8eedc4628bbed0a36f2e0bb8ed9d
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Mar 12 10:40:14 2020 -0400
build: generate and tag build 269
Steve Chew (stechew) [Wed, 11 Mar 2020 19:53:38 +0000 (19:53 +0000)]
Merge pull request #1990 in SNORT/snort3 from ~OSHUMEIK/snort3:trace_all_builds to master
Squashed commit of the following:
commit
d82d981dd4e40793bb741e8cfd8c2ac053b908cf
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Mar 3 12:05:28 2020 +0200
build: refactor trace logs
Changes follow:
* move on/off check before forming va_list
* delete unused trace_debug trace_debugf
* delete unused code
FileMemPool::verify()
flush_policy_names in src/stream/tcp/tcp_stream_session.cc
George Koikara (gkoikara) [Wed, 11 Mar 2020 18:07:10 +0000 (18:07 +0000)]
Merge pull request #2040 in SNORT/snort3 from ~KBHANDAN/snort3:fw_reload to master
Squashed commit of the following:
commit
d555619fa3df7e73a2921d8ff353dcc724877558
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Thu Feb 27 03:44:42 2020 -0500
main: do FileService::post_init after inspectors are configured
Shravan Rangarajuvenkata (shrarang) [Wed, 11 Mar 2020 15:51:59 +0000 (15:51 +0000)]
Merge pull request #2070 in SNORT/snort3 from ~SHRARANG/snort3:appid_mdns_tsan to master
Squashed commit of the following:
commit
33e1910c3dfc27f1c28507c29cc743fb07cf33b4
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Mar 10 12:17:26 2020 -0400
appid: fix thread-safety issues in mdns detector
Shravan Rangarajuvenkata (shrarang) [Tue, 10 Mar 2020 13:16:29 +0000 (13:16 +0000)]
Merge pull request #2066 in SNORT/snort3 from ~SATHIRKA/snort3:reload_mid_stream to master
Squashed commit of the following:
commit
74a624bbb17b3405addc1dc0107df4070c6b2274
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Mar 6 14:19:29 2020 -0500
appid: Adding support for third-party reload on midstream session
Shravan Rangarajuvenkata (shrarang) [Tue, 10 Mar 2020 02:05:43 +0000 (02:05 +0000)]
Merge pull request #2013 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt_4 to master
Squashed commit of the following:
commit
86c07b18b201441bba9c0986b5f35d6c21b88f63
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Feb 17 08:49:08 2020 -0500
appid: move client/service pattern detectors and service discovery manager to odp context
Russ Combs (rucombs) [Mon, 9 Mar 2020 23:59:23 +0000 (23:59 +0000)]
Merge pull request #2050 in SNORT/snort3 from ~RUCOMBS/snort3:long_road to master
Squashed commit of the following:
commit
7fac732d47e375c11ccaaa09c460ce097698c052
Author: russ <rucombs@cisco.com>
Date: Sat Mar 7 16:55:46 2020 -0500
build: use const and auto references where possible
commit
ab2497818f6dbcfb448deee8b29ba60ba69dcda6
Author: russ <rucombs@cisco.com>
Date: Fri Mar 6 17:56:59 2020 -0500
style: remove tabs and too long lines
commit
ef713d0a2672db3c3e99fec22085a871c9554493
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 23:56:53 2020 -0500
parser: remove legacy parsing code
commit
8cb33a613e08adc45eacc3ec7ec1f0fef4e6aba6
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 13:09:13 2020 -0500
service: update implementation to vector
commit
f1abe6fd867f95825860489b075f77c392fa2efc
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 12:37:42 2020 -0500
rules: add constructors for references and classifications
commit
a8bd8c55d6a1f639a5107a86d34d1126d1759cf4
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 11:21:10 2020 -0500
classifications: use consistent variable names
commit
b7c8f3bcc6ea05b65c607cb3955860c4cc4539dd
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 11:01:39 2020 -0500
reference: update implementation to vector
commit
7d0e021b805a82aeabe2af0fa09259d5afc3a2e7
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 10:23:08 2020 -0500
references: update implementation with unordered map
commit
f85ef33a59b2bc3d6a81fbcc0ed97ac433fd8f4d
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 09:38:47 2020 -0500
classifications: update implementation with unordered map
commit
7046a630d3e94901b0c0bb0c61404666ba547e8d
Author: russ <rucombs@cisco.com>
Date: Sun Mar 1 08:45:28 2020 -0500
build: tweak includes
commit
43db2d95c454236cf638c280736fa6ac506e9eaa
Author: russ <rucombs@cisco.com>
Date: Sat Feb 29 17:12:58 2020 -0500
stats: update shutdown timing stats
Fix pkts/sec to use analyzed packet count. Also remove packets which is
already provided under daq stats. Add Mbits/sec.
commit
3a331613022272a845ca4e3ee30e2e6d486abe1f
Author: russ <rucombs@cisco.com>
Date: Thu Feb 27 09:32:55 2020 -0500
# This is a combination of 2 commits.
# This is the 1st commit message:
rules: simplify implementation of services, classifications, and references by using std::string
# The commit message #2 will be skipped:
# fixup std::string
commit
ee176681f558429e98e1a2dcca9bc318b2051f56
Author: russ <rucombs@cisco.com>
Date: Wed Feb 26 23:16:21 2020 -0500
rules: update --gen-msg-map to include all configured rules with references
commit
431dddb0a50b2dd1766cc12f8d5454d43367aaa1
Author: russ <rucombs@cisco.com>
Date: Sun Feb 23 08:15:54 2020 -0500
rules: remove cruft
commit
51816c1d9776221651bc639bd9870df4d6285212
Author: russ <rucombs@cisco.com>
Date: Sun Feb 23 08:15:07 2020 -0500
rules: fix warnings and startup counts for duplicates
commit
1c9f4b1ca655c9e8ed3bab2814caaa21616891b5
Author: russ <rucombs@cisco.com>
Date: Sun Feb 23 08:12:19 2020 -0500
stream_tcp: no_ack applies only to ips mode
Mike Stepanek (mstepane) [Mon, 9 Mar 2020 19:52:38 +0000 (19:52 +0000)]
Merge pull request #2056 in SNORT/snort3 from ~MMATIRKO/snort3:reputation_improvements to master
Squashed commit of the following:
commit
0228a7d28c9569b818e9d8697af27607ba9a9316
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Mar 3 10:45:30 2020 -0500
reputation: remove flag from packet, track verdict on flow
Steve Chew (stechew) [Fri, 6 Mar 2020 21:06:48 +0000 (21:06 +0000)]
Merge pull request #2060 in SNORT/snort3 from ~SHEFAPRA/snort3:fix_gmtime to master
Squashed commit of the following:
commit
d65d98524cbe1485686934992791fec0d16d4b9f
Author: Shefali <shefapra@cisco.com>
Date: Wed Mar 4 12:28:39 2020 -0500
util: handled out-of-range time
Steve Chew (stechew) [Fri, 6 Mar 2020 20:24:57 +0000 (20:24 +0000)]
Merge pull request #2058 in SNORT/snort3 from ~STECHEW/snort3:lzma_fix to master
Squashed commit of the following:
commit
e259cd43f913bec63910d067bc2b276c77390e4a
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 4 01:46:40 2020 -0500
cmake: Fix building without lzma library.
Thanks to Fabrice Fontaine <fontaine.fabrice@gmail.com> for reporting the issue.
Steve Chew (stechew) [Fri, 6 Mar 2020 20:02:03 +0000 (20:02 +0000)]
Merge pull request #2053 in SNORT/snort3 from ~ALLEWI/snort3:byte_overflows to master
Squashed commit of the following:
commit
f179c255237e6d9a7bcfd5c81c49bcdf60d95e5b
Author: allewi <allewi@cisco.com>
Date: Sat Feb 29 21:33:34 2020 -0500
byte_math: Snort2 bug port of integer over and under flow detection
Michael Altizer (mialtize) [Fri, 6 Mar 2020 16:43:40 +0000 (16:43 +0000)]
Merge pull request #2061 in SNORT/snort3 from ~OSERHIIE/snort3:alpine_build_fix to master
Squashed commit of the following:
commit
c149560b8bd0fabb7ce802cde20685ad1ef67e5b
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Mar 3 12:41:53 2020 +0200
flow: Add missing time.h include for struct timeval
Russ Combs (rucombs) [Fri, 6 Mar 2020 13:38:27 +0000 (13:38 +0000)]
Merge pull request #2064 in SNORT/snort3 from ~DAVMCPHE/snort3:hash_foo_2 to master
Squashed commit of the following:
commit
649dd07dbd388d18c87bb0a8d1da755a1dff1a11
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Mar 5 09:13:14 2020 -0500
ips_manager: revert broken support for thread_reinit
commit
14333c503c2694e3d811097e84f14d1bd66dc701
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Mar 5 08:12:25 2020 -0500
flow_cache: fix memory deallocation bug due to inverted return value from hash release node
commit
5fe12ecd06e53b8239540fd51ad5a1527ddefa3d
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Mar 4 09:25:06 2020 -0500
Revert "Merge pull request #2054 in SNORT/snort3 from ~DAVMCPHE/snort3:revert_hash_foo to master"
This reverts commit
6b385a10a4c012df7c8dd682b72958ae8e9d9adb .
Mike Stepanek (mstepane) [Fri, 6 Mar 2020 13:18:32 +0000 (13:18 +0000)]
Merge pull request #2018 in SNORT/snort3 from ~DERAMADA/snort3:hi_http_uri to master
Squashed commit of the following:
commit
d06d71e6983cde3acc12c1955425235e771258c8
Author: deramada <deramada@cisco.com>
Date: Wed Feb 19 10:01:15 2020 -0500
http_inspect: change http_uri to only include path and query for absolute and absolute path uris
Michael Altizer (mialtize) [Fri, 6 Mar 2020 00:21:31 +0000 (00:21 +0000)]
Merge pull request #2052 in SNORT/snort3 from ~MIALTIZE/snort3:freebsd_osx to master
Squashed commit of the following:
commit
23b466c713fcf8ffeed1c3c3f07dc04cdf506d4e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 2 10:07:34 2020 -0500
build: Fix various build issues on FreeBSD and OS X
commit
0dd9359134dc17194fa31f75d65e6f752675c7af
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 2 10:07:34 2020 -0500
build: Fix LibUUID detection on OS X
commit
30ebcc7187ec3127571caaa8d18aa3fb6516170d
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 2 10:07:34 2020 -0500
http_inspect: Properly mock HttpModule::peg_counts in http_transaction_test
Mike Stepanek (mstepane) [Thu, 5 Mar 2020 17:26:43 +0000 (17:26 +0000)]
Merge pull request #2049 in SNORT/snort3 from ~SMINUT/snort3:flow_mem_leak to master
Squashed commit of the following:
commit
ac638bb058bbb634528feb5d666a46e85d53efdb
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Feb 28 16:05:33 2020 -0500
flow: free the flow data before deleting the actual flow
Steve Chew (stechew) [Thu, 5 Mar 2020 16:34:27 +0000 (16:34 +0000)]
Merge pull request #2015 in SNORT/snort3 from ~STECHEW/snort3:defer_whitelist to master
Squashed commit of the following:
commit
0f77d6e97b51eaf3aef757874f36c2ebf612c3fe
Author: Steve Chew <stechew@cisco.com>
Date: Wed Feb 5 17:49:46 2020 -0500
flow: turn off deferred whitelist on DONE if no whitelist was seen.
Steve Chew (stechew) [Thu, 5 Mar 2020 13:40:11 +0000 (13:40 +0000)]
Merge pull request #2007 in SNORT/snort3 from ~OKHOMIAK/snort3:not_load_daq_in_test_mode to master
Squashed commit of the following:
commit
3988e995744d8ab7d87c47824086cbd80706d7b0
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Thu Feb 13 21:55:30 2020 +0200
sfdaq: converted parsing related error messages in DAQ init to ParseErrors
George Koikara (gkoikara) [Thu, 5 Mar 2020 11:19:24 +0000 (11:19 +0000)]
Merge pull request #1986 in SNORT/snort3 from ~APOORAJ/snort3:ftp_whitelist to master
Squashed commit of the following:
commit
cd28ecf05fbe5379661772cdd6704ea2d7f8c253
Author: Apoorv Raj <apooraj@cisco.com>
Date: Thu Feb 6 02:57:58 2020 -0500
ftp: Whitelist ftp session after max sig depth reached
Mike Stepanek (mstepane) [Tue, 3 Mar 2020 19:51:34 +0000 (19:51 +0000)]
Merge pull request #2019 in SNORT/snort3 from ~MDAGON/snort3:data_frame to master
Squashed commit of the following:
commit
00768b50e95acb2349676661affb73b40f2a53b1
Author: mdagon <mdagon@cisco.com>
Date: Fri Jan 31 11:49:38 2020 -0500
http2_inspect: send data frames to http - full frames only in a single flush
Russ Combs (rucombs) [Tue, 3 Mar 2020 15:59:38 +0000 (15:59 +0000)]
Merge pull request #2054 in SNORT/snort3 from ~DAVMCPHE/snort3:revert_hash_foo to master
Squashed commit of the following:
commit
2b1a1979ac8b05de9e1adbf78cd80a334408f626
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Mar 3 07:38:43 2020 -0500
Revert "Merge pull request #2009 in SNORT/snort3 from ~DAVMCPHE/snort3:lru_cache_for_hash to master"
This reverts commit
bb26ceaaed7ca78c25ff5b8aa6f0b338fb9ecc1a .
commit
ed107a307c5b1c05b69a99d6f167133af90e2dba
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Mar 3 07:32:19 2020 -0500
Revert "Merge pull request #2037 in SNORT/snort3 from ~DAVMCPHE/snort3:nuking_reload_errors to master"
This reverts commit
9ee76016f1abe825d5ebcaa472a2651e89f88171 .
Mike Stepanek (mstepane) [Tue, 3 Mar 2020 14:49:29 +0000 (14:49 +0000)]
Merge pull request #2042 in SNORT/snort3 from ~NIHDESAI/snort3:abort_h2h to master
Squashed commit of the following:
commit
d5b1e259399fbcc38fa191291ef6c4b99264f809
Author: Nihal Desai <nihdesai@cisco.com>
Date: Wed Feb 19 15:41:51 2020 -0500
http2_inspect: aborts for nhi errors
Mike Stepanek (mstepane) [Tue, 3 Mar 2020 14:35:11 +0000 (14:35 +0000)]
Merge pull request #2035 in SNORT/snort3 from ~KATHARVE/snort3:h2i_pub_sub to master
Squashed commit of the following:
commit
07072478f6c3cd762193531d4bec7f62beb44b0f
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Feb 26 11:51:19 2020 -0500
pub_sub: add http2 info to http pub messages
George Koikara (gkoikara) [Tue, 3 Mar 2020 04:21:59 +0000 (04:21 +0000)]
Merge pull request #1989 in SNORT/snort3 from ~LBEVINAM/snort3:telemetry_counters to master
Squashed commit of the following:
commit
508c753c767cf033b551b1f31621fd5f070cbab0
Author: lbevinam <lbevinam@cisco.com>
Date: Thu Jan 30 05:35:55 2020 -0500
service_inspectors: added counters to track total number of data bytes processed in SMTP,POP,SSH and FTP
udp_stream: added counters to track total number of data bytes processed
ip_stream: added counters to track total number of data bytes processed
Mike Stepanek (mstepane) [Mon, 2 Mar 2020 17:59:53 +0000 (17:59 +0000)]
Merge pull request #2044 in SNORT/snort3 from ~MASHASAN/snort3:stats_and_data_races to master
Squashed commit of the following:
commit
9d4b9171cdde544f26b63f2390e6dafc3fb7f1fb
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu Feb 27 18:27:03 2020 -0500
stream: Addressing inconsistent stream stats and some data races
Shravan Rangarajuvenkata (shrarang) [Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)]
Merge pull request #2041 in SNORT/snort3 from ~OZAIKA/snort3:ozaika_asproxy to master
Squashed commit of the following:
commit
57ea30912d8b864caf6f17cd0dda03d771db595d
Author: Oleksii Zaika <ozaika@cisco.com>
Date: Thu Feb 27 08:24:06 2020 -0500
appid: detect apps using x-working-with http field in response header
Steve Chew (stechew) [Mon, 2 Mar 2020 15:39:36 +0000 (15:39 +0000)]
Merge pull request #2020 in SNORT/snort3 from ~SBAIGAL/snort3:so_reload_2 to master
Squashed commit of the following:
commit
0ffe1aa821d7d4e092a64173900e9a264f999dde
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Feb 19 11:01:43 2020 -0500
plugin_manager: add support for reload so_rule plugins
Shravan Rangarajuvenkata (shrarang) [Fri, 28 Feb 2020 21:18:07 +0000 (21:18 +0000)]
Merge pull request #2010 in SNORT/snort3 from ~SATHIRKA/snort3:navl_reload_multithread to master
Squashed commit of the following:
commit
481482201b9e05af0fed08f8cec583c001e52f5b
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Feb 13 14:14:58 2020 -0500
appid: Support third-party reload when snort is running with multiple packet threads
Russ Combs (rucombs) [Fri, 28 Feb 2020 18:15:34 +0000 (18:15 +0000)]
Merge pull request #2046 in SNORT/snort3 from ~RUCOMBS/snort3:base64_fix to master
Squashed commit of the following:
commit
fec65014e2215bf87ab02639dbd6d28130fe02ca
Author: russ <rucombs@cisco.com>
Date: Fri Feb 28 09:05:31 2020 -0500
base64_decode: use standard detection context data buffer
Russ Combs (rucombs) [Fri, 28 Feb 2020 04:12:34 +0000 (04:12 +0000)]
Merge pull request #2037 in SNORT/snort3 from ~DAVMCPHE/snort3:nuking_reload_errors to master
Squashed commit of the following:
commit
9d50248d9b1768509c9876ed3ed53a3c52cc8d91
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Feb 27 21:12:31 2020 -0500
ghash: fix thread race condition with GHash member variables when a GHash instance is global
commit
8b7b0bab38e9d567e81acf784b39fe4eae4d6534
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Feb 10 17:24:28 2020 -0500
snort_config: footprint REG_TEST, no check for stream inspector add/rm, etc
reload: add description of reload error to the response message of the reload_config command
ips_base64: add logic to call ips option tinit method on reload if not previously called
hash: delete unused sfmemcap.[h|cc] and remove unnecessary includes
Steve Chew (stechew) [Fri, 28 Feb 2020 03:58:34 +0000 (03:58 +0000)]
Merge pull request #1949 in SNORT/snort3 from ~OSERHIIE/snort3:trace_bitmask to master
Squashed commit of the following:
commit
4cccd12b0aacbc85543aabc63db1ad5212bc4a7d
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Feb 12 19:31:05 2020 +0200
detection: refactoring updates to detection. Moved DetectionModule into a separate file.
commit
cded4b12458ea9d4c7456ebd93041482a91c2a30
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Feb 4 20:34:00 2020 +0200
framework: add generic convertation trace string to bitmaks.
commit
29c144ae2e148b35d76bebef24146d84adc83311
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Jan 16 17:08:49 2020 +0200
detection: added support for trace config option to take a list of strings with verbosity level instead of bitmask
Steve Chew (stechew) [Thu, 27 Feb 2020 21:03:27 +0000 (21:03 +0000)]
Merge pull request #2011 in SNORT/snort3 from ~STECHEW/snort3:inject_ioctls to master
Squashed commit of the following:
commit
b45dc3b4723aa06a7c058bd94b6da8226ba50c0f
Author: Steve Chew <stechew@cisco.com>
Date: Fri Feb 14 17:35:50 2020 -0500
active: Add ability to inject resets and payload via IOCTLs.
George Koikara (gkoikara) [Thu, 27 Feb 2020 16:40:52 +0000 (16:40 +0000)]
Merge pull request #2033 in SNORT/snort3 from ~KDEWANGA/snort3:iab to master
Squashed commit of the following:
commit
66cade7b40d9f07deeba5ff0735b82f8a58f9806
Author: Keshaw Dewangan <kdewanga@cisco.com>
Date: Tue Feb 11 05:55:01 2020 -0500
daq:Made get_stats public for plugins
Michael Altizer (mialtize) [Wed, 26 Feb 2020 23:41:35 +0000 (23:41 +0000)]
Merge pull request #2038 in SNORT/snort3 from ~MMATIRKO/snort3:improved_flowstats3 to master
Squashed commit of the following:
commit
8382ed77ac0571ff4601934ae6dec7f1ce26493d
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Feb 6 12:02:12 2020 -0500
flow: added initiator bytes/packets onto flow
Russ Combs (rucombs) [Wed, 26 Feb 2020 20:54:36 +0000 (20:54 +0000)]
Merge pull request #2009 in SNORT/snort3 from ~DAVMCPHE/snort3:lru_cache_for_hash to master
Squashed commit of the following:
commit
6f962204d41c0b1007992483f739db508e5d9c0d
Author: davis mcpherson <davmcphe@cisco.com>
Date: Fri Jan 24 09:11:21 2020 -0500
xhash/zhash: refactor duplicated code into a common base class, xhash/zhash will subclass this new base class
utils: create memory allocation class based on sfmemcap functionality
xhash: refactor XHash and HashFnc to eliminate c-style callbacks and simplify ctor options
xhash: rename hashfcn.[cc|h] to hash_keys.[cc|h]
zhash: refactor to use hash_lru_cache and hash_key_operations classes
zhash: make zhash a subclass of xhash...eliminate duplicate code
utils: add unit tests for MemCapAllocator class
hash: add unit tests for new HashLruCache class - (PR review comments
Michael Altizer (mialtize) [Tue, 25 Feb 2020 23:34:14 +0000 (23:34 +0000)]
Merge pull request #2034 in SNORT/snort3 from ~MIALTIZE/snort3:revert_flowip_cli to master
Squashed commit of the following:
commit
450cc0e132f5d062b82624f2d44c29ea7a6ee4ca
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Feb 25 14:38:18 2020 -0500
Revert "Merge pull request #1985 in SNORT/snort3 from ~PUNEETKU/snort3:snort3_flowip to master"
This reverts commit
5530a271854442972f88c740c335957488a480ea .
Steve Chew (stechew) [Tue, 25 Feb 2020 19:06:51 +0000 (19:06 +0000)]
Merge pull request #1954 in SNORT/snort3 from ~OKHOMIAK/snort3:big_endian_system_build to master
Squashed commit of the following:
commit
d402a299c4168f67eea200fc0e5973071a6bc5c1
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Mon Jan 20 16:03:04 2020 +0200
build: fix build on big-endian systems
moved little-endian arrays conversion macros in a common header
added macros to convert little endian to host order for unaligned access
made unit tests independent of types size and system arch
Shravan Rangarajuvenkata (shrarang) [Tue, 25 Feb 2020 17:45:34 +0000 (17:45 +0000)]
Merge pull request #2014 in SNORT/snort3 from ~OZAIKA/snort3:ozaika_cert_status_type to master
Squashed commit of the following:
commit
f09bbc493a8567cb60a280c264e120216ebbc82f
Author: Oleksii Zaika <ozaika@cisco.com>
Date: Mon Feb 17 18:48:19 2020 +0200
appid: handle CERTIFICATE STATUS handshake type in SSL detector
George Koikara (gkoikara) [Tue, 25 Feb 2020 14:25:57 +0000 (14:25 +0000)]
Merge pull request #2032 in SNORT/snort3 from ~KDEWANGA/snort3:backout_IAB_changes to master
Squashed commit of the following:
commit
19314b6ea33ab3b634cf221eacf216e85d5a7d56
Author: Keshaw Dewangan <kdewanga@cisco.com>
Date: Tue Feb 25 08:59:29 2020 -0500
daq: reverting changes to get_stats declaration
George Koikara (gkoikara) [Tue, 25 Feb 2020 10:02:42 +0000 (10:02 +0000)]
Merge pull request #1996 in SNORT/snort3 from ~KDEWANGA/snort3:iab to master
Squashed commit of the following:
commit
92605d70bc76df74cf3aeedec85fc44508f472a9
Author: Keshaw Dewangan <kdewanga@cisco.com>
Date: Tue Feb 11 05:55:01 2020 -0500
IAB:Made get_stats public to get Daq Stats for IAB.
George Koikara (gkoikara) [Tue, 25 Feb 2020 10:01:51 +0000 (10:01 +0000)]
Merge pull request #1988 in SNORT/snort3 from ~POAWASTH/snort3:cli to master
Squashed commit of the following:
commit
7ec3359e5db730e2f7e7529e22269b55fc9b3dd3
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Tue Feb 4 03:49:36 2020 -0500
CLI:Dump stats termination label for show snort3 counters CLI
George Koikara (gkoikara) [Tue, 25 Feb 2020 09:13:59 +0000 (09:13 +0000)]
Merge pull request #1985 in SNORT/snort3 from ~PUNEETKU/snort3:snort3_flowip to master
Squashed commit of the following:
commit
a458cd3697d0e8c6dce66a6c83203db2ca29977b
Author: Puneeth Kumar C V <puneetku@cisco.com>
Date: Thu Jan 30 22:04:29 2020 -0500
perf_monitor: Enable or disable flow-ip-profiling using shell commands.
George Koikara (gkoikara) [Tue, 25 Feb 2020 06:38:48 +0000 (06:38 +0000)]
Merge pull request #1928 in SNORT/snort3 from ~DIPANDIT/snort3:port-CSCvg68807 to master
Squashed commit of the following:
commit
158c355b026dd0a57f139a129ac630e888b41a0c
Author: Dipto Pandit <dipandit@cisco.com>
Date: Fri Jan 31 00:16:44 2020 -0500
smb:Malware over size 131kb is not detected in SMBv2/SMBv3
For SMB2/SMB3, the length field in NetBIOS Session Service Header should be considered 3 bytes.
Shravan Rangarajuvenkata (shrarang) [Mon, 24 Feb 2020 19:29:24 +0000 (19:29 +0000)]
Merge pull request #2027 in SNORT/snort3 from ~SATHIRKA/snort3:appid_cert_viz to master
Squashed commit of the following:
commit
1ddc6c3d40591b403d2f36b783d2fef0767d3693
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Feb 20 12:24:44 2020 -0500
appid: Enhance ssl appid lookup api to store SNI and CN provided by SSL for app detection
Mike Stepanek (mstepane) [Mon, 24 Feb 2020 14:07:49 +0000 (14:07 +0000)]
Merge pull request #2030 in SNORT/snort3 from ~THOPETER/snort3:nhttp135 to master
Squashed commit of the following:
commit
d7b1e4a922555e1d5b046eaacb8f36849e56e1ac
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Feb 21 11:26:22 2020 -0500
http_inspect: improve precautions for stream interactions
Michael Altizer (mialtize) [Fri, 21 Feb 2020 18:06:45 +0000 (18:06 +0000)]
Merge pull request #1992 in SNORT/snort3 from ~MIALTIZE/snort3:build_268 to master
Squashed commit of the following:
commit
785c0e89b1bde00cc72133e23738c57727407758
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Feb 21 11:00:08 2020 -0500
build: generate and tag build 268
Michael Altizer (mialtize) [Thu, 20 Feb 2020 17:52:16 +0000 (17:52 +0000)]
Merge pull request #2022 in SNORT/snort3 from ~SMINUT/snort3:multiple_reject_take5 to master
Squashed commit of the following:
commit
46f3ef78a578553e2eedb7f4da91a366b55967fd
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Feb 19 14:09:50 2020 -0500
file_api: enable Active only when idx = 0 and misc style edits.
Shravan Rangarajuvenkata (shrarang) [Wed, 19 Feb 2020 02:48:43 +0000 (02:48 +0000)]
Merge pull request #2016 in SNORT/snort3 from ~ARMANDAV/snort3:appidbugfix to master
Squashed commit of the following:
commit
837f3ec09a88152c620c0a0138b9fb0c9fd9316d
Author: Arun Mandava <armandav@cisco.com>
Date: Mon Feb 17 12:23:16 2020 -0500
appid: handle invalid uri in http tunnel traffic
Steve Chew (stechew) [Tue, 18 Feb 2020 22:09:36 +0000 (22:09 +0000)]
Merge pull request #2002 in SNORT/snort3 from ~ALLEWI/snort3:smtp_default_typo to master
Squashed commit of the following:
commit
156df41662dc1ceef7af7b958d04564ce2759a04
Author: allewi <allewi@cisco.com>
Date: Thu Feb 13 09:47:31 2020 -0500
lua: fix typo in default smtp's alt_max_command_line_len
Mike Stepanek (mstepane) [Tue, 18 Feb 2020 21:21:07 +0000 (21:21 +0000)]
Merge pull request #1961 in SNORT/snort3 from ~SMINUT/snort3:multiple_reject_take5 to master
Squashed commit of the following:
commit
d2f17bbd38c252525c3a36822d2e19c872dc4868
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Jan 3 18:01:36 2020 -0500
main: make ips actions (reject, react, replace) configurable by ips policy and provide default reject to everything else that needs one.
managers: take IpsAction out of ActionManager.
actions: change ReactData from struct to class with proper constructor and destructor and enable default_react in active.cc.
packet_io: introduce the BaseAction class for Active to work with, and take IpsAction out of Active.
packet_io: allow ips reject to put both an RST and ICMP dest unreachable on the wire, if so configured, and make the active default reset action put a RST for tcp and ICMP for icmp.
packet_io: add a version of Active::reset_session()that does not take a BaseAction as an input argument, but rather queues the default reset; similarly for set_delayed_action.
actions: remove act_react.h, act_reject.h and act_replace.h.
actions: get rid of Replace_ResetQueue() and Replace_QueueChange().
packet_io: rename ActiveAction to ActiveActionType and BaseAction to ActiveAction.
Russ Combs (rucombs) [Tue, 18 Feb 2020 16:32:41 +0000 (16:32 +0000)]
Merge pull request #1947 in SNORT/snort3 from ~BRASTULT/snort3:http_param to master
Squashed commit of the following:
commit
7372ff7c4455456788e055bb74a8ff957042ad70
Author: Brandon Stultz <brastult@cisco.com>
Date: Wed Dec 11 18:29:15 2019 -0500
http_inspect: add http_param rule option
Michael Altizer (mialtize) [Tue, 18 Feb 2020 15:38:18 +0000 (15:38 +0000)]
Merge pull request #1908 in SNORT/snort3 from ~BBANTWAL/snort3:lua_whitelist to master
Squashed commit of the following:
commit
b3a7aed754ada79a9493d27b9eda4cac57db6810
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Feb 11 20:54:48 2020 -0500
doc: update documentation for lua whitelist
commit
c91dc91110887f7348fe09f60b4fad2a95de4fe4
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Feb 11 20:52:38 2020 -0500
main: add verbose output and print whitelist during reload
commit
3c54fac801e3ea60854e34cd8d46dc0b8e27f64a
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Feb 11 20:52:15 2020 -0500
lua: update lua files to whitelist the tables defined.
define default_whitelist and whitelist them in snort_defaults.lua
file_magic.lua to add file_magic table to whitelist
commit
a1867b791cd05bcf36e308f701423aee08ae8dd4
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Feb 11 20:48:44 2020 -0500
module_manager: add snort_whitelist_append and snort_whitelist_add_prefix ffis
These ffis add table names and prefixes to the lua whitelist used to print warnings when modules for the table names are not found in snort.
split bootstrap into two lua files( bootstrap and finalize )
load aliases before called snort_traversal in finalize.lua
main: move config_lua to Shell::configure
snort: add new warn flag warn-conf-strict that will throw out warning when table is not found
Mike Stepanek (mstepane) [Tue, 18 Feb 2020 15:27:42 +0000 (15:27 +0000)]
Merge pull request #2001 in SNORT/snort3 from ~KATHARVE/snort3:h2i_disable_detection to master
Squashed commit of the following:
commit
3f544dd8749a9ea7f25cdbafa29582b0396ade31
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Feb 7 13:32:24 2020 -0500
http2_inspect: support disabling detection for uninteresting HTTP/2 frames
http_inspect: when detection is disabled, disable all rules not just content rules
Russ Combs (rucombs) [Tue, 18 Feb 2020 01:02:52 +0000 (01:02 +0000)]
Merge pull request #2012 in SNORT/snort3 from ~RUCOMBS/snort3:new_stuff to master
Squashed commit of the following:
commit
442e97ad2054e74f008a9f800f1e99930e24e8af
Author: russ <rucombs@cisco.com>
Date: Sat Feb 15 10:27:32 2020 -0500
gtp_inspect: fix default port binding
The default snort.lua had a port binding to type = 'gtp' which is a typo.
The service is 'gtp' and the inspector is 'gtp_inspect'. Due to a flaw in
lookup, the inspector was being matched by service. To avoid confusing type
and service the lookups were separated. However, we silenty covert the old
type = 'gtp' bidings to type = 'gtp_inspect' until RC at which point this
deprecated usage support will be removed.
commit
215bd1e4829550183ae36198a3764245a3669cba
Author: russ <rucombs@cisco.com>
Date: Sat Feb 15 10:08:29 2020 -0500
inspectors: ensure correct lookup by type, name, or service
commit
db649915eddbf805d9f587dd985ec9bd254b4f37
Author: russ <rucombs@cisco.com>
Date: Sat Feb 8 10:12:19 2020 -0500
metadata: add --metadata-filter to load matching rules only
Rule metadata is a comma separated list of name-value tokens, eg:
metadata:impact_flag red,policy security-ips drop,ruleset community;
--metadata-filter f will load only rules where f appears in one of
the metadata tokens. "policy security" and "security-ips" would
both match the above example. Rules that are filtered out are
counted as "total rules not loaded" in the startup output.
Steve Chew (stechew) [Fri, 14 Feb 2020 01:04:46 +0000 (01:04 +0000)]
Merge pull request #2006 in SNORT/snort3 from ~SBAIGAL/snort3:revert_so_reload to master
Squashed commit of the following:
commit
b75c6217776b5d124c7ae002a1f9432e305a82c3
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Feb 13 18:00:27 2020 -0500
Revert "Merge pull request #1963 in SNORT/snort3 from ~SBAIGAL/snort3:so_reload to master"
This reverts commit
e6293b0e23bc8620560896d15930f1725db33d0e .
commit
68842c56dd0a9bc484fe0ecf95e816c54b9f70cd
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Feb 13 18:00:09 2020 -0500
Revert "Merge pull request #2003 in SNORT/snort3 from ~SBAIGAL/snort3:soapi_version_bump to master"
This reverts commit
1b256c379cc1ca49626817c2edd11fab713ecb94 .
Mike Stepanek (mstepane) [Thu, 13 Feb 2020 21:35:38 +0000 (21:35 +0000)]
Merge pull request #2005 in SNORT/snort3 from ~KAMURTHI/snort3:appid_array_init to master
Squashed commit of the following:
commit
0adb29e412cce1d019c6b9056f5a0247116c6a01
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Thu Feb 13 14:20:29 2020 -0500
appid: Fix array initialization on Appid
Steve Chew (stechew) [Thu, 13 Feb 2020 18:57:15 +0000 (18:57 +0000)]
Merge pull request #2003 in SNORT/snort3 from ~SBAIGAL/snort3:soapi_version_bump to master
Squashed commit of the following:
commit
f37b20d300f63e2f9f7e8efd2ff8792f9ed3cfe1
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Feb 13 13:35:10 2020 -0500
soapi: dumped version number due to change to IpsOption data structure
Davis McPherson (davmcphe) [Thu, 13 Feb 2020 14:26:17 +0000 (14:26 +0000)]
Merge pull request #1965 in SNORT/snort3 from ~DAVMCPHE/snort3:reload_fatal_attractions to master
Squashed commit of the following:
commit
24b57441e129bcfdd47bfaf62d55957a0ccc6c38
Author: davis mcpherson <davmcphe@cisco.com>
Date: Fri Nov 22 13:27:03 2019 -0500
reload: eliminate FatalError calls that can't happen because snort_calloc always returns valid memory
ghash: refactor ghash implementation to convert it to an actual c++ class.
xhash: refactor xhash to be a real c++ class
xhash/zhash: refactor to move common definitions into hash_defs.h
hashfcn: refactor key compare function prototype and functions to return boolean
Michael Altizer (mialtize) [Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)]
Merge pull request #1998 in SNORT/snort3 from ~THOPETER/snort3:nhttp134 to master
Squashed commit of the following:
commit
70adf9b7d5329b7c573739d6f952b67e228bd173
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Feb 11 16:52:43 2020 -0500
http_inspect: gzip splitting beyond request_depth should use correct target size
Mike Stepanek (mstepane) [Wed, 12 Feb 2020 15:22:24 +0000 (15:22 +0000)]
Merge pull request #1995 in SNORT/snort3 from ~MASHASAN/snort3:fix_reload_tests to master
Squashed commit of the following:
commit
c3ae82898a061d84054fe286738848186b25dd1b
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Feb 10 22:04:34 2020 -0500
host_tracker: Checking lock in a separate thread in unit-test
Mike Stepanek (mstepane) [Wed, 12 Feb 2020 15:09:12 +0000 (15:09 +0000)]
Merge pull request #1969 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt_3 to master
Squashed commit of the following:
commit
dd1d2a4f13e9f73f8406fa6530b1f9ab5dcc4acc
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Jan 28 22:18:16 2020 -0500
appid: move dns, sip, ssl and http pattern matchers to odp context; move client discovery manager to odp context
projects / thirdparty / snort3.git / log
