]>
git.ipfire.org Git - thirdparty/snort3.git/log
Mike Stepanek (mstepane) [Wed, 9 Mar 2022 16:12:24 +0000 (16:12 +0000)]
Pull request #3304: build: generate and tag 3.1.25.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.25.0 to master
Squashed commit of the following:
commit
61394736d321402730ce5b83456539af4a04c4e4
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Mar 9 06:24:44 2022 -0500
build: generate and tag 3.1.25.0
Masud Hasan (mashasan) [Tue, 8 Mar 2022 23:05:45 +0000 (23:05 +0000)]
Pull request #3257: stream_tcp: call flush_queued_segments() from flush_on_ack_policy()
Merge in SNORT/snort3 from ~SMINUT/snort3:flush_queued_segments to master
Squashed commit of the following:
commit
77304a6d8f435d8491fa6113108dfb331651f386
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Feb 28 21:15:18 2022 -0500
stream_tcp: add fin_i_seq and fin_no_gap() and try to use those together with the existing next_no_gap() to determine whether we are on a gap in the seglist or not, when scanning
commit
15eb71a6197aef4e190cd59083bc6cd4012403b3
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Feb 25 16:27:26 2022 -0500
stream_tcp: distinguish between the various non-flush cases when returning from scan_on_data_policy(), so we can call final flush only when the seglist has no gaps; if the seglist has gaps, call final_flush only when the gaps have filled or on session teardown
commit
e753368af6f64c501dd67f426c4dd40c005fce46
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Feb 24 19:26:29 2022 -0500
stream_tcp: introduce TcpStreamTracker::set_fin_seq_status_seen() and call it before using the fin_seq_status flag in perform_fin_recv_flush()
commit
840f71182a9125660b1742fe190abc2d32303873
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Feb 2 22:00:39 2022 -0500
stream_tcp: * call flush_queued_segments() from flush_on_ack_policy() when the splitter did not flush but we are on a FIN
* fix how fin_seq_status is being set in update_tracker_ack_sent()
* make the pre-ack mode work the same way as post-ack by modifying flush_on_data_policy() accordingly
Mike Stepanek (mstepane) [Tue, 8 Mar 2022 21:06:40 +0000 (21:06 +0000)]
Pull request #3300: JS Normalizer refactoring.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_perf to master
Squashed commit of the following:
commit
45a6b666b8c8ae9a6e67ed8d098acee76dc7d406
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Tue Mar 8 15:30:20 2022 +0200
utils: improve Flex matching patterns
Try to match as much as possible at a time.
commit
88b1d71905cda27a2231b95e1dfafbe7a91aa1e2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Sun Mar 6 18:50:56 2022 +0200
utils: combine ignore list with normalization map
An ID name is looked once in a combined map (normalized names and ignored names).
commit
af84510fd2527b9b20cd3a3fd6e41e6651c0d436
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Sun Mar 6 10:59:00 2022 +0200
utils: wrap unordered set with a fast lookup table
commit
23a81bb9f19c51f9f3c57fc39afb5b045622d392
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Sat Mar 5 22:03:43 2022 +0200
utils: check more likely branches at first
commit
a043edabcee24c5a0f167939581ab6202b3e491b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Sat Mar 5 21:09:48 2022 +0200
utils: pre-compute ID normalized names
commit
c1c644e47b8a7f0b04126fa4a6e7e68ca2e283b0
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Mar 4 20:57:24 2022 +0200
utils: refactor the alias lookup
One search in the map is performed per alias lookup.
Loops removed.
The scope_contains() test function removed, it is redundant.
Masud Hasan (mashasan) [Tue, 8 Mar 2022 19:15:24 +0000 (19:15 +0000)]
Pull request #3302: appid: do not add odp mapping for a process name that already has a custom process to app mapping
Merge in SNORT/snort3 from ~SATHIRKA/snort3:custom_process_mapping to master
Squashed commit of the following:
commit
41b88649edd815ed38aa25641a360bf18ebac711
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 3 16:29:30 2022 -0500
appid: do not add duplicate process to client app mapping for the same process name
Pranav Bhalerao (prbhaler) [Tue, 8 Mar 2022 06:05:30 +0000 (06:05 +0000)]
Pull request #3301: ssh: NULL check for session pointer before access.
Merge in SNORT/snort3 from ~PRBHALER/snort3:ssh_crash to master
Squashed commit of the following:
commit
d1425cd466acbecc7e25dcd7bce141f5ca0c015d
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Mon Mar 7 17:42:43 2022 +0530
ssh: NULL check for session pointer before access.
Tom Peters (thopeter) [Tue, 8 Mar 2022 04:19:54 +0000 (04:19 +0000)]
Pull request #3281: http_inspect: call mime in a loop for each attachment
Merge in SNORT/snort3 from ~KATHARVE/snort3:http_mime_file_data_part1 to master
Squashed commit of the following:
commit
f9a0cd0d24bb4730037aa8d426859556f09a8ab8
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Mar 3 13:37:58 2022 -0500
http_inspect: use http_inspect decompression config parameters for HTTP MIME traffic instead of file_id;
file_id: remove unused decompression and decode depth parameters
commit
c77e3b165142f89a78d4c60cce25962f00f13a1d
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Feb 17 17:47:04 2022 -0500
mime: fix resetting state after every attachment and check state instead of decode object
commit
70a27c3a2cc5866a5ca38e5350b3575543b68d4e
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Feb 16 17:16:38 2022 -0500
http_inspect: call mime in a loop for each attachment
mime: return at the end of each attachment and set the file_data for http
Mike Stepanek (mstepane) [Fri, 4 Mar 2022 14:32:23 +0000 (14:32 +0000)]
Pull request #3298: utils: fix compilation issues in js_tokenizer
Merge in SNORT/snort3 from ~VHORBATO/snort3:js_platforms_fix to master
Squashed commit of the following:
commit
1dcb665ab0353b30d7df6a89e74de3a7ffb47889
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Mar 4 12:35:30 2022 +0200
utils: fix compilation issues in js_tokenizer
Mike Stepanek (mstepane) [Thu, 3 Mar 2022 20:45:40 +0000 (20:45 +0000)]
Pull request #3282: http_inspect: add function state tracking for Enchanced javascript normalization
Merge in SNORT/snort3 from ~VHORBATO/snort3:js_unesc_track to master
Squashed commit of the following:
commit
18222154a76c7b9377a1080e4a146dbdfa3964de
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Feb 16 16:15:25 2022 +0200
http_inspect: add unescape function tracking for Enhanced JS Normalizer
Masud Hasan (mashasan) [Thu, 3 Mar 2022 15:07:43 +0000 (15:07 +0000)]
Pull request #3294: stream_tcp: Clarify small segments help text and remove usage from lua
Merge in SNORT/snort3 from ~MASHASAN/snort3:small_segs to master
Squashed commit of the following:
commit
52982070e9dd55f4b2e5dcd01031b1311087e412
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Mar 2 10:44:58 2022 -0500
stream_tcp: Clarify small segments help text and remove usage from lua
Masud Hasan (mashasan) [Wed, 2 Mar 2022 16:53:18 +0000 (16:53 +0000)]
Pull request #3293: watchdog: remove unused code
Merge in SNORT/snort3 from ~SBAIGAL/snort3:wdog_fix to master
Squashed commit of the following:
commit
638c16a54c5ada4c71787d44b8b855645a3e8833
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Mar 2 08:41:07 2022 -0500
watchdog: remove unused code
Tom Peters (thopeter) [Tue, 1 Mar 2022 21:30:30 +0000 (21:30 +0000)]
Pull request #3235: process: add watchdog to detect packet threads dead lock or dead loop
Merge in SNORT/snort3 from ~SBAIGAL/snort3:watchdog to master
Squashed commit of the following:
commit
8879f0f31b9ff1ad0b7b15f8650153ab9eecccbb
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Jan 13 12:35:30 2022 -0500
process: add watchdog to detect packet threads dead lock or dead loop
Tom Peters (thopeter) [Fri, 25 Feb 2022 18:23:22 +0000 (18:23 +0000)]
Pull request #3273: US 688507: http_inspect: rule option to compare numeric header values
Merge in SNORT/snort3 from ~MDAGON/snort3:numeric2 to master
Squashed commit of the following:
commit
aafe16b64d6b9620cdb8869459072f86381da7e7
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Feb 14 15:34:50 2022 -0500
http_inspect: http_header_test, http_trailer_test rule options
Tom Peters (thopeter) [Fri, 25 Feb 2022 16:32:26 +0000 (16:32 +0000)]
Pull request #3289: http_inspect: remove feature to disable raw detection upon flow depth
Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp162 to master
Squashed commit of the following:
commit
0cdbe45898e0b4302bdf0a012067c591f3a9ba83
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Feb 2 15:38:52 2022 -0500
http_inspect: remove feature to disable raw detection upon flow depth
Mike Stepanek (mstepane) [Thu, 24 Feb 2022 11:35:22 +0000 (11:35 +0000)]
Pull request #3287: Check for null pointer.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:nullptr_check to master
Squashed commit of the following:
commit
56fd2e82203634e775a3aea7c31f8643a7256665
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Feb 23 12:46:28 2022 +0200
utils: check for NULL before calling fclose()
Tom Peters (thopeter) [Wed, 23 Feb 2022 20:30:05 +0000 (20:30 +0000)]
Pull request #3286: http_inspect: fix warning
Merge in SNORT/snort3 from ~MDAGON/snort3:fix_issue to master
Squashed commit of the following:
commit
3fd17ac7017b4ac8235e68919c162894e56c6ea7
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Feb 22 21:09:36 2022 -0500
http_inspect: add override to fix warning
Steve Chew (stechew) [Wed, 23 Feb 2022 20:15:13 +0000 (20:15 +0000)]
Pull request #3288: build: Generate and tag 3.1.24.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.24.0 to master
Squashed commit of the following:
commit
f39648a0906a1ed934480ece1ed63b6a7565634d
Author: Steve Chew <stechew@cisco.com>
Date: Wed Feb 23 09:22:33 2022 -0500
build: Generate and tag 3.1.24.0
Tom Peters (thopeter) [Tue, 22 Feb 2022 23:04:21 +0000 (23:04 +0000)]
Pull request #3270: US 727968: http_inspect: refactor HttpIpsOption
Merge in SNORT/snort3 from ~MDAGON/snort3:refactor_ips to master
Squashed commit of the following:
commit
2791042eff639fe3d50139a9b63396841ee1a862
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Feb 10 17:26:51 2022 -0500
http_inspect: refactor rule options
Masud Hasan (mashasan) [Tue, 22 Feb 2022 17:51:16 +0000 (17:51 +0000)]
Pull request #3272: stream: Remove preemptive prunes peg count
Merge in SNORT/snort3 from ~MASHASAN/snort3:preemptive_pegcount to master
Squashed commit of the following:
commit
4e5e78eab8e4cd06d0452e4e757e67913f4972f8
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Feb 14 22:24:40 2022 -0500
stream: Remove preemptive prunes peg count
Mike Stepanek (mstepane) [Tue, 22 Feb 2022 17:36:52 +0000 (17:36 +0000)]
Pull request #3285: sfdaq: fix for underflow of outstanding counter
Merge in SNORT/snort3 from ~OSERHIIE/snort3:daq_outstanding_fix to master
Squashed commit of the following:
commit
d97c12297e4c794b5d61753760c63dd2102aff28
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Feb 22 15:02:05 2022 +0200
packet_io: truncate negative values to zero in DAQ stats
Masud Hasan (mashasan) [Fri, 18 Feb 2022 21:20:13 +0000 (21:20 +0000)]
Pull request #3278: netflow: add dev_notes.txt
Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow-devnotes to master
Squashed commit of the following:
commit
562995f31163726ee9a547bd3bbb3b50150052b6
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Feb 17 10:33:59 2022 -0500
netflow: add dev_notes.txt
Tom Peters (thopeter) [Fri, 18 Feb 2022 21:05:37 +0000 (21:05 +0000)]
Pull request #3274: mime: stop setting the file_data buffer for raw non-file MIME parts
Merge in SNORT/snort3 from ~KATHARVE/snort3:mime_file_data to master
Squashed commit of the following:
commit
a71fc1cfe61fb6cbaa644c2dd238ff5641d63aa4
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Feb 15 14:45:15 2022 -0500
mime: stop setting the file_data buffer for raw non-file MIME parts
Masud Hasan (mashasan) [Fri, 18 Feb 2022 17:45:34 +0000 (17:45 +0000)]
Pull request #3280: detection_filter: update dev notes to show multithreaded behavior
Merge in SNORT/snort3 from ~MMATIRKO/snort3:dev-notes-df to master
Squashed commit of the following:
commit
b1f85411b8978cb61d634f815ce960e6e54d560f
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Feb 17 11:59:55 2022 -0500
detection_filter: update dev notes to show multithreaded behavior
Shanmugam S (shanms) [Mon, 14 Feb 2022 15:42:48 +0000 (15:42 +0000)]
Pull request #3264: latency: disabling time out functionality on implicit enable
Merge in SNORT/snort3 from ~ABHPAL/snort3:efd to master
Squashed commit of the following:
commit
565c333909f777174211084e247bef41f6ef1389
Author: abhpal <abhpal@cisco.com>
Date: Wed Feb 9 13:53:11 2022 +0530
latency: disabling time out on forced enable with disabled config
Mike Stepanek (mstepane) [Fri, 11 Feb 2022 11:32:10 +0000 (11:32 +0000)]
Pull request #3268: Typos in doc files.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:doc_spelling to master
Squashed commit of the following:
commit
30822afe43a6a44785fc6d30b4704e163beff1c8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Feb 11 11:19:23 2022 +0200
doc: fix typos in text
Thanks to Greg <myersg86> Myers for reporting the issue.
Mike Stepanek (mstepane) [Wed, 9 Feb 2022 14:31:27 +0000 (14:31 +0000)]
Pull request #3265: build: Generate and tag 3.1.23.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.23.0 to master
Squashed commit of the following:
commit
78bbb97046191e8d2bf3fe40b8d87f3c75a747f9
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Feb 9 05:02:03 2022 -0500
build: Generate and tag 3.1.23.0
Tom Peters (thopeter) [Tue, 8 Feb 2022 19:57:14 +0000 (19:57 +0000)]
Pull request #3262: reference: fix incorrect http builtin rule sid
Merge in SNORT/snort3 from ~KATHARVE/snort3:doc_fix_http_builtin to master
Squashed commit of the following:
commit
4ff67c809328ddab37494d97624637e1ecac4f61
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Feb 8 11:24:23 2022 -0500
reference: fix incorrect http builtin rule sid
Masud Hasan (mashasan) [Tue, 8 Feb 2022 13:58:43 +0000 (13:58 +0000)]
Pull request #3231: Detection filter multithread
Merge in SNORT/snort3 from ~MMATIRKO/snort3:detection_filter_multithread to master
Squashed commit of the following:
commit
833ec1e6f58a05a1db673e2a141d9b81694819ee
Author: Michael Matirko <mmatirko@cisco.com>
Date: Fri Dec 3 16:17:02 2021 -0500
filters: allow detection filter to sum events across threads
Tom Peters (thopeter) [Tue, 8 Feb 2022 00:38:02 +0000 (00:38 +0000)]
Pull request #3258: http_inspect: HttpStreamSplitter::reassemble verifies gzip file magic and checks for FEXTRA flag
Merge in SNORT/snort3 from ~KATHARVE/snort3:http_gzip_fextra to master
Squashed commit of the following:
commit
63e64d99166c241f253be1c1ce088dbf3e2d4e23
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Jan 26 12:02:52 2022 -0500
http_inspect: HttpStreamSplitter::reassemble verifies gzip file magic and checks for FEXTRA flag
Mike Stepanek (mstepane) [Mon, 7 Feb 2022 14:05:25 +0000 (14:05 +0000)]
Pull request #3256: config_parser: fix segfault when include(nil)
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_segv_in_config_parser_lua to master
Squashed commit of the following:
commit
692843214a9428cd00ea99696dbfe755281f8a03
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Mon Jan 31 15:05:04 2022 +0200
main: stop with error on include(nil) attempt
Mike Stepanek (mstepane) [Mon, 7 Feb 2022 13:42:44 +0000 (13:42 +0000)]
Pull request #3259: detection: add direction abort check in skip_raw_tcp
Merge in SNORT/snort3 from ~ASERBENI/snort3:aborted_dir_raw_inspect to master
Squashed commit of the following:
commit
d2541d8336523a682eb86f8c4c7b39e4bd8bf7c5
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Thu Feb 3 10:14:44 2022 +0200
detection: add dir abort check in skip_raw_tcp
Masud Hasan (mashasan) [Wed, 2 Feb 2022 00:20:50 +0000 (00:20 +0000)]
Pull request #3212: Call splitter finish() on end-of-flow data, on a FIN packet.
Merge in SNORT/snort3 from ~SMINUT/snort3:fin_recv_flush_up to master
Squashed commit of the following:
commit
638c0494ccdf566b1f82605d43c29c2c24c58527
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Dec 9 11:41:14 2021 -0500
stream_tcp: fix a bug in which in some cases we did not call splitter finish() in each direction, by calling flush_queued_segments() in perform_fin_recv_flush() on FIN with data packets
stream: defer flush_queued_segments() if flow->clouseau
stream_tcp: introduce TcpStreamTracker::delayed_finish_flag and call splitter finish from flush_on_data_policy if delayed_finish_flag is true
stream_tcp: better place for setting delayed_finish_flag
call flush_queued_segments() rather than splitter_finish() directly, from flush_on_data_policy()
stream_tcp: wrap flow->clouseau in searching_for_service()
Mike Stepanek (mstepane) [Tue, 1 Feb 2022 17:56:59 +0000 (17:56 +0000)]
Pull request #3247: Define config options precedence
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:snort_the_first to master
Squashed commit of the following:
commit
8e80ead518f81e01d5030cd9419c1e9e49aad273
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Jan 26 10:01:29 2022 +0200
doc: add notes about CLI/Lua precedence
commit
c33f249fbef12ebfbed574054410fb28d4c13f16
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 25 14:37:10 2022 +0200
main: remove default values for other-module parameters in snort module
Snort module is not listed in coreinit.lua as a builtin module,
thus some of its parameters get their default values elsewhere.
Adjust the range for snaplen parameter, as in daq.
Update --daq-batch-size description with a default value.
commit
0ff8c06919d30aace185f197aaa8a7b7c71ea7a5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 25 14:26:16 2022 +0200
packet_io: decrease daq module's parameters priority
Config parameter priority follows:
Highest: command-line option
Lower: snort module config entry (from Lua)
Lowest: targeted module config entry (from Lua)
commit
948e8a18880395c9b84f3adcfe0c4adf10b0a5a4
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Jan 24 14:18:52 2022 +0200
main: ignore Snort module's option if it duplicates CLI option
commit
2a5282cb6d73e513dc04fbd025e439b662b9c3f5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Jan 20 15:06:42 2022 +0200
main: parse snort module before others
Naveen Gujje (ngujje) [Tue, 1 Feb 2022 07:12:38 +0000 (07:12 +0000)]
Pull request #3252: event: making apis SO_PUBLIC to access in .so
Merge in SNORT/snort3 from ~RJAVALI/snort3:eventid to master
Squashed commit of the following:
commit
c867d326923f22660569b195e98e8ad5bec19841
Author: Raghavendra Javali <rjavali@cisco.com>
Date: Fri Jan 28 05:27:10 2022 -0500
event: making apis SO_PUBLIC to access in .so
Mike Stepanek (mstepane) [Mon, 31 Jan 2022 13:47:23 +0000 (13:47 +0000)]
Pull request #3253: build: Generate and tag 3.1.22.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.22.0 to master
Squashed commit of the following:
commit
8e72732ceead2e94549fe4636bfd3e7361555876
Author: Mike Stepanek <mstepane@cisco.com>
Date: Mon Jan 31 06:05:52 2022 -0500
build: Generate and tag 3.1.22.0
Masud Hasan (mashasan) [Fri, 28 Jan 2022 19:04:53 +0000 (19:04 +0000)]
Pull request #3249: stream: setting the max number of flows pruned while idle to 400
Merge in SNORT/snort3 from ~ALLEWI/snort3:idle_prune_to_400 to master
Squashed commit of the following:
commit
b32b0648b79a9b8045ad4916c6a1995a1f3920e4
Author: allewi@cisco.com <allewi@cisco.com>
Date: Thu Jan 27 10:52:44 2022 -0500
stream: setting the max number of flows pruned while idle to 400
Shanmugam S (shanms) [Fri, 28 Jan 2022 17:27:13 +0000 (17:27 +0000)]
Pull request #3229: pub_sub: Export assistant_gadget_event.h header file
Merge in SNORT/snort3 from ~KBHANDAN/snort3:qdi to master
Squashed commit of the following:
commit
b2c61fc6523915e55979d422b9eecfe4841d61df
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Sun Jan 2 09:37:12 2022 -0500
pub_sub: Export assistant_gadget_event.h header file
Shravan Rangarajuvenkata (shrarang) [Fri, 28 Jan 2022 12:44:44 +0000 (12:44 +0000)]
Pull request #3250: appid: rename efp (encrypted fingerprint) to eve (encrypted visibility engine)
Merge in SNORT/snort3 from ~SATHIRKA/snort3:rename_efp_to_eve to master
Squashed commit of the following:
commit
1d8b5ebd3194fd7db291963652febd2b0389ecf1
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jan 26 14:20:23 2022 -0500
appid: rename efp (encrypted fingerprint) to eve (encrypted visibility engine)
Shravan Rangarajuvenkata (shrarang) [Thu, 27 Jan 2022 01:44:06 +0000 (01:44 +0000)]
Pull request #3245: appid: give priority to custom process to app mappings over VDB mappings
Merge in SNORT/snort3 from ~SATHIRKA/snort3:multi_process_to_same_app_mapping to master
Squashed commit of the following:
commit
7bc7925573e5888981618557215d3398927823ce
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jan 19 16:50:51 2022 -0500
appid: give priority to custom process to app mappings over ODP mappings
Mike Stepanek (mstepane) [Wed, 26 Jan 2022 13:38:03 +0000 (13:38 +0000)]
Pull request #3242: detection: change output format of dump-rule-state
Merge in SNORT/snort3 from ~VHORBATO/snort3:drs_change to master
Squashed commit of the following:
commit
2ec901b110ad16237d1e5c9f330cf8c7f8a6f23a
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Jan 18 17:16:31 2022 +0200
detection: change output format of dump-rule-state
Shravan Rangarajuvenkata (shrarang) [Tue, 25 Jan 2022 18:45:20 +0000 (18:45 +0000)]
Pull request #3246: build: Generate and tag 3.1.21.0
Merge in SNORT/snort3 from ~SHRARANG/snort3:build_3.1.21.0 to master
Squashed commit of the following:
commit
b7e5ac0e500ac686926143addc74b2f104590961
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Jan 25 11:19:07 2022 -0500
build: Generate and tag 3.1.21.0
Tom Peters (thopeter) [Mon, 24 Jan 2022 19:42:07 +0000 (19:42 +0000)]
Pull request #3239: BUG #722837 http_version_match should use the msg section version id instead of the flow data version id
Merge in SNORT/snort3 from ~MDAGON/snort3:version_fix to master
Squashed commit of the following:
commit
15b88a547e2a1c1231f15bc78a1cefaaa32b1f77
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Jan 14 16:10:22 2022 -0500
http_inspect: http_version_match uses msg section version id
Tom Peters (thopeter) [Mon, 24 Jan 2022 16:01:51 +0000 (16:01 +0000)]
Pull request #3244: BUG #719044: Snort 3 incorrectly normalizing URIs of webroot directory traversals
Merge in SNORT/snort3 from ~MDAGON/snort3:webroot to master
Squashed commit of the following:
commit
d9a691f462e1c50462d2f8a5b950912285ae8cd6
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Jan 10 16:23:39 2022 -0500
http_inspect: webroot traversal
Tom Peters (thopeter) [Thu, 20 Jan 2022 22:08:58 +0000 (22:08 +0000)]
Pull request #3240: http_inspect: correct comment regarding header splitting rules
Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp161 to master
Squashed commit of the following:
commit
a45b01a2e7310d59c53a00c12d6c2077188fc80e
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Jan 19 17:21:04 2022 -0500
http_inspect: correct comment regarding header splitting rules
Shravan Rangarajuvenkata (shrarang) [Thu, 20 Jan 2022 18:09:35 +0000 (18:09 +0000)]
Pull request #3241: appid: do not delay detection of SMB service for the sake of version detection
Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_smb_early_detect to master
Squashed commit of the following:
commit
5e6f1ac35b1fbca5d112430f5626cc239742e026
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Jan 19 23:35:22 2022 -0500
appid: do not delay detection of SMB service for the sake of version detection
Mike Stepanek (mstepane) [Thu, 20 Jan 2022 16:46:30 +0000 (16:46 +0000)]
Pull request #3238: Copyright: Update year to 2022
Merge in SNORT/snort3 from ~NIHDESAI/snort3:happy_new_year_2022 to master
Squashed commit of the following:
commit
47346abba4bd3c517ff6ccfb586a332900e56805
Author: ND <nihdesai@sinkhole.esl.cisco.com>
Date: Tue Jan 18 14:25:20 2022 -0500
Copyright: Update year to 2022
Masud Hasan (mashasan) [Wed, 19 Jan 2022 21:44:24 +0000 (21:44 +0000)]
Pull request #3237: Single finish2
Merge in SNORT/snort3 from ~SMINUT/snort3:single_finish2 to master
Squashed commit of the following:
commit
56d6b7e2091d7752f955af1a2d4cc97c18e19bd0
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Jan 13 20:15:50 2022 -0500
stream_tcp: ensure that we call splitter finish() only once per flow, per direction
Shanmugam S (shanms) [Wed, 19 Jan 2022 06:02:17 +0000 (06:02 +0000)]
Pull request #3190: Quic: Quic stream dependent changes
Merge in SNORT/snort3 from ~KBHANDAN/snort3:quic to master
Squashed commit of the following:
commit
11114860690bc12e4fcfe410ce5406d207db08e2
Author: sunimukh <sunimukh@cisco.com>
Date: Tue Nov 23 23:23:49 2021 +0530
Quic: Quic stream dependent changes
Tom Peters (thopeter) [Wed, 19 Jan 2022 00:00:43 +0000 (00:00 +0000)]
Pull request #3236: BUG #722376 http_inspect: 0.9 request lines not forwarded to detection
Merge in SNORT/snort3 from ~MDAGON/snort3:zero_9 to master
Squashed commit of the following:
commit
cfaa855d126e0038f390642f1f255fec8da2f327
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Jan 13 14:32:52 2022 -0500
http_inspect: forward 0.9 request lines to detection
Ron Dempster (rdempste) [Thu, 13 Jan 2022 14:29:13 +0000 (14:29 +0000)]
Pull request #3205: Move global inspectors and selectors to the policy map
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:global to master
Squashed commit of the following:
commit
3e62d9c7bf8bfaddb89e9b9419efd08d78a9a7bb
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Dec 7 11:06:41 2021 -0500
policy: add a file_policy to the network policy and use it
commit
0b136c2654fa7d4ffadcb5ad3b080e723bc43bc2
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Dec 3 16:19:22 2021 -0500
main: move policy selector and flow tracking from snort config to policy map
commit
69d9c2d07434a6ebe0968231f9ad503b43a0a1f4
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Dec 3 16:18:11 2021 -0500
main: only add policies to the user policy map at the end of table processing
commit
20377e6bd1f74bbe37c615ce4b4aacf3c401c8c7
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Dec 3 16:16:04 2021 -0500
control: fix macro definitions
Mike Stepanek (mstepane) [Wed, 12 Jan 2022 17:22:12 +0000 (17:22 +0000)]
Pull request #3232: wizard: remove extra semicolon
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:rem_semicol to master
Squashed commit of the following:
commit
a69f31fea7fae9c1367e683da67f01bf46ee7189
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Wed Jan 12 11:51:26 2022 +0200
wizard: remove extra semicolon
Steve Chew (stechew) [Wed, 12 Jan 2022 16:02:06 +0000 (16:02 +0000)]
Pull request #3233: build: generate and tag 3.1.20.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.20.0 to master
Squashed commit of the following:
commit
399ab61e2785c6f8c1b6f0580b9b2d718e4f4942
Author: Steve Chew <stechew@cisco.com>
Date: Wed Jan 12 09:21:56 2022 -0500
build: generate and tag 3.1.20.0
Mike Stepanek (mstepane) [Tue, 11 Jan 2022 23:22:47 +0000 (23:22 +0000)]
Pull request #3228: stream_tcp: fix PDU buffer overflow on fallback
Merge in SNORT/snort3 from ~VHORBATO/snort3:def_reassm_overflow to master
Squashed commit of the following:
commit
97a97f3dc033732bb92b802a10bb20f71623c82c
Author: russ <rucombs@cisco.com>
Date: Sun Dec 19 10:41:02 2021 -0500
stream_tcp: limit reassembly size for AtomSplitter
Thanks to barosch78 and DAKOIT for their help in the process of finding the root cause.
Mike Stepanek (mstepane) [Tue, 11 Jan 2022 22:50:35 +0000 (22:50 +0000)]
Pull request #3224: wizard: make curses follow max_search_depth
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:curs_max_sear to master
Squashed commit of the following:
commit
9a12b1cfb8f359fe9eed43131a8bff3961d60d60
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Thu Dec 16 12:08:42 2021 +0200
wizard: make max_search_depth applicably for curses
Tom Peters (thopeter) [Mon, 10 Jan 2022 19:46:58 +0000 (19:46 +0000)]
Pull request #3218: US #684704: http_inspect: improve version processing
Merge in SNORT/snort3 from ~MDAGON/snort3:version to master
Squashed commit of the following:
commit
678d5e1729f67abcbe05886aefc60485ff7e9d27
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Nov 30 15:57:27 2021 -0500
http_inspect: version update, http_version_match rule option
Tom Peters (thopeter) [Fri, 7 Jan 2022 18:12:29 +0000 (18:12 +0000)]
Pull request #3230: stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user
Merge in SNORT/snort3 from ~KATHARVE/snort3:hext to master
Squashed commit of the following:
commit
2eda9ec4fa6b39f1ae9a11183e9900d72437da59
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Dec 21 15:47:52 2021 -0500
stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user
Mike Stepanek (mstepane) [Thu, 6 Jan 2022 11:44:44 +0000 (11:44 +0000)]
Pull request #3223: Enhanced JavaScript normalizer doc updates
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_dealias to master
Squashed commit of the following:
commit
7ad6621c147fb068c308ec8c3c8e4ece4bbcf8f9
Author: dkyrylov <dkyrylov@cisco.com>
Date: Thu Dec 16 16:15:39 2021 +0200
doc: update JavaScript normalization docs
Add references to the enhanced javascript normalizer
in builtin alerts;
Clarify limits in js_norm_identifier_depth;
Reword ECMAScript related paragraph in dev_notes;
Add de-aliasing to http_inspect and dev_notes;
Cleanup and reword option descriptions.
Tom Peters (thopeter) [Wed, 22 Dec 2021 17:00:41 +0000 (17:00 +0000)]
Pull request #3227: http2_inspect: hardening
Merge in SNORT/snort3 from ~THOPETER/snort3:h2i23 to master
Squashed commit of the following:
commit
74e4038907b3f282fb03262caa3376caf19002e5
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Dec 21 14:21:22 2021 -0500
http2_inspect: hardening
Shravan Rangarajuvenkata (shrarang) [Tue, 21 Dec 2021 23:02:59 +0000 (23:02 +0000)]
Pull request #3226: appid: make peg counts consistent with what is reported to external components
Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_stats to master
Squashed commit of the following:
commit
45601fb546e99d0f26d557408682f94c7c88e157
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Dec 10 13:06:57 2021 -0500
appid: make peg counts consistent with what is reported to external components
Tom Peters (thopeter) [Tue, 21 Dec 2021 19:48:32 +0000 (19:48 +0000)]
Pull request #3225: BUG #719540: Hitting assert while reading config where dnp3_ind has an extra space after opening "
Merge in SNORT/snort3 from ~MDAGON/snort3:parse_assert to master
Squashed commit of the following:
commit
dcb79d812ff190776680815b8dcff6b79c9ca7de
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Dec 17 15:27:48 2021 -0500
dnp3, gtp, file_type: fix assert while parsing string param
Shravan Rangarajuvenkata (shrarang) [Fri, 17 Dec 2021 00:44:13 +0000 (00:44 +0000)]
Pull request #3222: appid: update appid api to include ssh in the list of service inspectors that need inspection
Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_ssh_inspection_needed to master
Squashed commit of the following:
commit
f1abc98a2de81509845b3d7d3e8bc99d3277ff04
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Dec 16 12:56:49 2021 -0500
appid: update appid api to include ssh in the list of service inspectors that need inspection
Tom Peters (thopeter) [Thu, 16 Dec 2021 23:24:15 +0000 (23:24 +0000)]
Pull request #3203: http2_inspect: don't send data frames to the http stream splitter when it's not expecting them
Merge in SNORT/snort3 from ~KATHARVE/snort3:h2_unexpected_data_frames to master
Squashed commit of the following:
commit
ca74f8065c003468325bfd4cfab69d3bb19de67e
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Dec 1 11:41:51 2021 -0500
http2_inspect: don't send data frames to the http stream splitter when it's not expecting them
Masud Hasan (mashasan) [Thu, 16 Dec 2021 20:00:07 +0000 (20:00 +0000)]
Pull request #3216: stream_tcp: Skip seglist gap in post-ack mode if data is acked beyond the gap
Merge in SNORT/snort3 from ~MASHASAN/snort3:post_ack_gap2 to master
Squashed commit of the following:
commit
9cf27746cc85718d6273cdf061814fdbf51f8479
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Nov 29 18:19:08 2021 -0500
stream_tcp: Skip seglist gap in post-ack mode if data is acked beyond the gap
Shravan Rangarajuvenkata (shrarang) [Wed, 15 Dec 2021 14:41:40 +0000 (14:41 +0000)]
Pull request #3214: appid: changes to handle SNI in efp event.
Merge in SNORT/snort3 from ~PRBHALER/snort3:quic_meta to master
Squashed commit of the following:
commit
4d0950cfc918aec9104ca349d5dfa16150b5b202
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Fri Dec 10 15:38:16 2021 +0530
appid: handle SNI in efp event.
Mike Stepanek (mstepane) [Wed, 15 Dec 2021 14:10:35 +0000 (14:10 +0000)]
Pull request #3221: build: generate and tag 3.1.19.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.19.0 to master
Squashed commit of the following:
commit
e76365d934a248a4053e7e6c0d503f09d87ef6af
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Dec 15 05:37:21 2021 -0500
build: generate and tag 3.1.19.0
Mike Stepanek (mstepane) [Wed, 15 Dec 2021 10:11:39 +0000 (10:11 +0000)]
Pull request #3220: parser: fix missing-prototypes warning in parse_ports.cc
Merge in SNORT/snort3 from ~VHORBATO/snort3:parser_warn to master
Squashed commit of the following:
commit
b55c952067ba84eb5392c6538b01a2fad32c9b1a
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Dec 15 09:46:41 2021 +0200
parser: fix missing-prototypes warning in parse_ports.cc
Shravan Rangarajuvenkata (shrarang) [Tue, 14 Dec 2021 20:38:57 +0000 (20:38 +0000)]
Pull request #3189: Roll AppId's SSH detector into SSH service inspector
Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_ssh to master
Squashed commit of the following:
commit
49d2ca8ea4b6b75607dc2169a41d0efff2490354
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Nov 30 23:11:23 2021 -0500
framework, appid: generate NO_SERVICE event when no inspector can be attached to a flow; wait for the event in appid before declaring service as unknown for the flow
commit
7cfa805c36bae248f12dde37a4cdc073bd24a797
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Nov 30 17:14:55 2021 -0500
appid: remove hard-coded SSH client patterns which are available as part of ODP
commit
a9cdcc3457b03bfa5f37e5bd2c6ae252c11fe247
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Nov 30 14:59:27 2021 -0500
appid, ssh: Roll AppId's SSH detector into SSH service inspector
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 19:40:36 +0000 (19:40 +0000)]
Pull request #3210: perf_monitor: periodically update telemetry data during thread's idle mode
Merge in SNORT/snort3 from ~SVLASIUK/snort3:perf_mon to master
Squashed commit of the following:
commit
481156c654cf73ba797febd0608cd8fd9bd8cc8e
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Thu Dec 9 15:58:52 2021 +0200
managers: continue inspectors probe when packet has disable_inspect flag
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 16:37:52 +0000 (16:37 +0000)]
Pull request #3217: Refactoring JS normalizer tests.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_utest_refactor to master
Squashed commit of the following:
commit
9ed93df3d297cb83ed90adcfffd470fb2213eeae
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Dec 14 16:16:42 2021 +0200
utils: update JS normalizer unit tests
Common configurations are moved to a single place.
A variable with a list of ignored words is renamed.
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 16:20:22 +0000 (16:20 +0000)]
Pull request #3204: snort2lua: fix conversion of variable sets
Merge in SNORT/snort3 from ~VHORBATO/snort3:snort2lua_variable_sets to master
Squashed commit of the following:
commit
be7fda807ef950888e6a0a60aa191afc6bc0cd44
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Dec 14 15:19:48 2021 +0200
parser: fix parsing of portsets
commit
de2580df2b80d2a7af35263337adde967b09ba76
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Dec 14 15:18:52 2021 +0200
snort2lua: fix conversion of variable sets
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 13:48:34 +0000 (13:48 +0000)]
Pull request #3191: JS config options renamed.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_opt_rename to master
Squashed commit of the following:
commit
b5b282b913c81862ccb49d4ba1517daaf04d30af
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Dec 7 21:14:44 2021 +0200
lua: configure a list of JS ignored IDs in default_http_inspect table
In snort.lua the http_inspect gets its configuration from default_http_inspect.
commit
bb10c13a80cdc0ea1dcbc0943ec89b45b23d2ce7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 30 16:23:47 2021 +0200
http_inspect: rename js normalization options
Options follow:
js_normalization_depth -> js_norm_bytes_depth
js_norm_built_in_ident -> js_norm_ident_ignore
default_js_norm_built_in_ident -> default_js_norm_ident_ignore
commit
3a32db4eba31b2571f3e8f98d3ec731a34fc61d8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 30 15:53:28 2021 +0200
utils: place init/deinit routine under a single function
commit
d643e38681ea1acad8f0ff7226715dba878f508c
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Nov 29 13:21:28 2021 +0200
build: move flex options to the template file
Keep all code-generator related options in the original file.
CLI option '-Ca' resides, because only this option extends DFA table size,
which is absolutely needed to translate all the rules from original file.
(See set_up_initial_allocations() in flex/src/main.c).
Directive 'full' also adds '-Cr' (no performance changes).
Mike Stepanek (mstepane) [Mon, 13 Dec 2021 20:30:13 +0000 (20:30 +0000)]
Pull request #3209: Javascript de-aliasing
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_norm_dealias to master
Squashed commit of the following:
commit
5e04885d2ea2c5a56a9c4c501070ff5abfcde21d
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed Nov 17 18:39:08 2021 +0200
http_inspect: add JavaScript builtin de-aliasing
Bhargava Jandhyala (bjandhya) [Mon, 13 Dec 2021 11:32:18 +0000 (11:32 +0000)]
Pull request #3213: file_api: Handling file_data
Merge in SNORT/snort3 from ~VKAMBALA/snort3:user_file_data to master
Squashed commit of the following:
commit
c3eed73709c95f65054f1643ee2e0455e8d5717a
Author: krishnakanth <vkambala@cisco.com>
Date: Fri Dec 10 17:36:29 2021 +0530
file_api: Handling file_data
Tom Peters (thopeter) [Fri, 10 Dec 2021 22:22:08 +0000 (22:22 +0000)]
Pull request #3198: BUG #715019: Hitting assert - HttpMsgBody::clean_partial
Merge in SNORT/snort3 from ~MDAGON/snort3:fix_assert to master
Squashed commit of the following:
commit
9ef0fdf7550edbd6c328438681abba6efab59ec7
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Nov 30 15:55:31 2021 -0500
http_inspect: use correct detect_length for partial inspection cleanup
Tom Peters (thopeter) [Fri, 10 Dec 2021 20:41:06 +0000 (20:41 +0000)]
Pull request #3208: http_inspect/http2_inspect: refuse midstream pickups
Merge in SNORT/snort3 from ~THOPETER/snort3:h2i22 to master
Squashed commit of the following:
commit
75298d3ab6f3e4b977a80b04a542899d64f3e6e7
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Nov 19 15:57:32 2021 -0500
http_inspect/http2_inspect: refuse midstream pickups
Tom Peters (thopeter) [Fri, 10 Dec 2021 18:28:17 +0000 (18:28 +0000)]
Pull request #3196: vlan: implement vlan encode function
Merge in SNORT/snort3 from ~SBAIGAL/snort3:vlan_encode to master
Squashed commit of the following:
commit
827bea7bfc67403762cec0424767d822f147419b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Dec 1 15:32:36 2021 -0500
vlan: implement vlan encode function
Pranav Bhalerao (prbhaler) [Fri, 10 Dec 2021 09:56:02 +0000 (09:56 +0000)]
Pull request #3201: mime: Adding the support for vba macro data extraction of MS office files transferred over mime protocols
Merge in SNORT/snort3 from ~AMARNAYA/snort3:mime_vba to master
Squashed commit of the following:
commit
d185bb6c0c8921949acb7137fc7f0a30a837d4f4
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Wed Dec 1 18:57:26 2021 +0000
mime: adding the support for vba macro data extraction of MS office files transferred over mime protocols
Masud Hasan (mashasan) [Thu, 9 Dec 2021 19:41:34 +0000 (19:41 +0000)]
Pull request #3173: loggers: Fixing truncated alert_syslog messages
Merge in SNORT/snort3 from ~ALLEWI/snort3:truncated_alert_syslog to master
Squashed commit of the following:
commit
92bbe04935c7fafa61d77c7f109d1e0dc0ff16f9
Author: allewi@cisco.com <allewi@cisco.com>
Date: Tue Nov 16 10:55:58 2021 -0500
loggers: Fixing truncated alert_syslog messages
Mike Stepanek (mstepane) [Wed, 8 Dec 2021 18:14:18 +0000 (18:14 +0000)]
Pull request #3200: utils: (js_tokenizer) fixup in states adjustment
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_states_adjustment_fix to master
Squashed commit of the following:
commit
05ac203e5388a0e4cae715cd0e25d6bb46dad66a
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Dec 6 11:35:37 2021 +0200
utils: fix state adjustment in JS Tokenizer
The state before EOF ought to be cleaned up during states adjustment.
Add test coverage.
Russ Combs (rucombs) [Wed, 8 Dec 2021 15:31:35 +0000 (15:31 +0000)]
Pull request #3197: daq: sort --daq-list output by module name
Merge in SNORT/snort3 from ~RUCOMBS/snort3:daq_list to master
Squashed commit of the following:
commit
713ac22525d91453869509423f5ae08fcea7d61d
Author: russ <rucombs@cisco.com>
Date: Fri Nov 26 09:15:32 2021 -0500
daq: sort --daq-list output by module name
Russ Combs (rucombs) [Tue, 7 Dec 2021 12:09:58 +0000 (12:09 +0000)]
Pull request #3202: cmake: fix CMP0115 Warning
Merge in SNORT/snort3 from ~SHASLAD/snort3:fix_CMP0115 to master
Squashed commit of the following:
commit
4f33340e63579e2412b2dda17c294d9fcbbdff46
Author: Shashi Lad <shaslad@cisco.com>
Date: Mon Dec 6 20:57:13 2021 -0500
cmake: fix CMP0115 Warning
Russ Combs (rucombs) [Mon, 6 Dec 2021 12:01:04 +0000 (12:01 +0000)]
Pull request #3195: Suppressions
Merge in SNORT/snort3 from ~RUCOMBS/snort3:suppressions to master
Squashed commit of the following:
commit
31b54def9246a74832e9738c959dfc0f9d0bb5c2
Author: russ <rucombs@cisco.com>
Date: Thu Dec 2 10:14:27 2021 -0500
build: clean up some cppcheck style issues
commit
b1b17796b9f24c5666af92f2f6939da9decd5020
Author: russ <rucombs@cisco.com>
Date: Wed Dec 1 09:45:46 2021 -0500
build: add cppcheck suppressions for unusedFunctions
Start migrating suppressions from an external file to source comments.
Only functions that are actually called (and reported as covered) are
candidates for suppression. In this case, we have Lua FFI and STL
overrides.
Mike Stepanek (mstepane) [Fri, 3 Dec 2021 14:06:32 +0000 (14:06 +0000)]
Pull request #3199: Compilation fix with GCC5
Merge in SNORT/snort3 from ~OSERHIIE/snort3:gcc5_compile_fix to master
Squashed commit of the following:
commit
d1b153c75fe8ca2de7d86f8078c482b23af5fa00
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Dec 3 02:46:58 2021 -0500
utils: (JSTokenizer) fix braces initialization compilation error (gcc5)
Masud Hasan (mashasan) [Thu, 2 Dec 2021 19:25:39 +0000 (19:25 +0000)]
Pull request #3179: Stream splitter c
Merge in SNORT/snort3 from ~SMINUT/snort3:stream_splitter_c to master
Squashed commit of the following:
commit
2b537e6d3946a89abf9287644d1fb834bff8c4cc
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Nov 19 14:40:53 2021 -0500
stream: add PKT_MORE_TO_FLUSH flag and use it in TcpReassembler::scan_data_post_ack() to signal AtomSplitter whether to flush or not
commit
59c24cb2b51268496d5818d4ab27e2929503e6b9
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Nov 15 14:37:59 2021 -0500
rpc: remove RpcSplitter altogether and use LogSplitter instead
commit
b46a53d6200460ee1de5bd2f7531b729fce63fc6
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Nov 5 09:21:33 2021 -0400
stream: fix issue with atom splitter not returning FLUSH
commit
057931ddd0a9a85d4f8316cdb843113e82031774
Author: russ <rucombs@cisco.com>
Date: Mon Oct 25 08:48:42 2021 -0400
stream_tcp: remove unnecessary special adjustment methods
Lokesh Bevinamarad (lbevinam) [Thu, 2 Dec 2021 14:08:26 +0000 (14:08 +0000)]
Pull request #3159: dce_smb: Added new smb counters
Merge in SNORT/snort3 from ~BSACHDEV/snort3:telemetry_stats to master
Squashed commit of the following:
commit
c6103f3edb46ae51386a067aaf3261ebc826bead
Author: bsachdev <bsachdev@cisco.com>
Date: Fri Aug 27 11:16:42 2021 -0400
dce_smb: Added new smb counters
Signed-off-by: bsachdev <bsachdev@cisco.com>
Bhargava Jandhyala (bjandhya) [Thu, 2 Dec 2021 07:16:40 +0000 (07:16 +0000)]
Pull request #3193: file_api: Added null check for user file data
Merge in SNORT/snort3 from ~BSACHDEV/snort3:file_changes to master
Squashed commit of the following:
commit
34a2a0a7f372e3614024a8dddad9b58d7c46c99d
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Dec 1 12:10:02 2021 -0500
file_api: Added null check for user file data
Signed-off-by: bsachdev <bsachdev@cisco.com>
Shravan Rangarajuvenkata (shrarang) [Wed, 1 Dec 2021 17:10:02 +0000 (17:10 +0000)]
Pull request #3192: build: generate and tag 3.1.18.0
Merge in SNORT/snort3 from ~SHRARANG/snort3:build_3.1.18.0 to master
Squashed commit of the following:
commit
a1f754fcf71262366edc5fedcc5eab0913c9eb9f
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Dec 1 10:27:51 2021 -0500
build: generate and tag 3.1.18.0
Russ Combs (rucombs) [Wed, 1 Dec 2021 00:51:04 +0000 (00:51 +0000)]
Pull request #3090: Memory Update
Merge in SNORT/snort3 from ~RUCOMBS/snort3:memory_update to master
Squashed commit of the following:
commit
e73251f15db58127483e40965607a4e6979c762b
Author: russ <rucombs@cisco.com>
Date: Wed Oct 27 12:11:15 2021 -0400
framework: update base API version to 11
commit
062ffceeb9c4a07e489d27df0441dafa902d5264
Author: russ <rucombs@cisco.com>
Date: Mon Oct 25 10:02:43 2021 -0400
dev_notes.txt: fix miscellaneous typos
commit
8b260d2acd412de1c8ab81425d92d28a5a299295
Author: russ <rucombs@cisco.com>
Date: Fri Sep 24 16:01:14 2021 -0400
perf_monitor: allow constraint seconds = 0
commit
28f796f0bfa37c1f7615fcec1f7b9e7ba160afc2
Author: russ <rucombs@cisco.com>
Date: Wed Sep 15 15:51:39 2021 -0400
doc: remove mention of Automake
commit
400f023d9b32f41da626e8395e04fd3f84b12b0a
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 15:38:31 2021 -0400
hyperscan: disable bogus unit test leak warnings
commit
12d481d4fffa17863cf71062ada9c48a3ced20d1
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 15:37:58 2021 -0400
memory: update dev notes
commit
681bc7b114ca8f43b40f3fc80f765fb7d099aacc
Author: russ <rucombs@cisco.com>
Date: Tue Sep 28 13:16:36 2021 -0400
memory: add max rss to verbose memory output
commit
6f84a31028243b06dcfbefc0bfa1148874ae5045
Author: russ <rucombs@cisco.com>
Date: Sun Sep 26 09:02:21 2021 -0400
memory: add support for jemalloc
commit
56dec3b93254e6e2d9418f9ee289679cf7c099f7
Author: russ <rucombs@cisco.com>
Date: Fri Jul 16 09:29:57 2021 -0400
memory: refactoring
commit
e6831dcfd9c3ad5f84263e5e0a2880e2c700b3ee
Author: russ <rucombs@cisco.com>
Date: Wed Sep 15 10:15:13 2021 -0400
memory: remove explicit allocation tracking
commit
368f41fcf637f6cd1a6802ea98986c1d8b78d467
Author: russ <rucombs@cisco.com>
Date: Thu Jul 8 15:00:38 2021 -0400
memory: fix accounting issues
1. Ensure that all memory stats are accumulated last so stats are not
skewed by later accumulations.
2. Delete the start up swappers in the main thread so packet allocation
tracking is consistent.
commit
371947cc47592f616705c868c33d3f4b4606c35c
Author: russ <rucombs@cisco.com>
Date: Thu Jul 8 15:00:15 2021 -0400
memory: refactor pruning and update unit tests
commit
b69c623ea64629f61f3e656b1d37f400546b5a4d
Author: russ <rucombs@cisco.com>
Date: Wed Jul 7 15:42:54 2021 -0400
memory: free space per DAQ message, not per allocation
commit
afe9ae7cb5cfd16fcf5ad16293655a8d895615bc
Author: russ <rucombs@cisco.com>
Date: Wed Jul 7 11:53:47 2021 -0400
memory: move mem_stats to MemoryCap
commit
074a491ea51029fef7d613ff7170b1318836437a
Author: russ <rucombs@cisco.com>
Date: Tue Jul 6 23:31:07 2021 -0400
build: update configure options
Replace --disable-memory-manager with --enable-memory-overloads.
Add --enable-memory-profiler to track memory use by modules.
Add --enable-rule-profiler to profile rule option as with other modules.
Add --enable-deep-profiling for multi-level profile buckets.
commit
06d367bc9dabbd25eb8a9f1e060aaf91256adfd6
Author: russ <rucombs@cisco.com>
Date: Wed Sep 15 10:02:41 2021 -0400
memory: add original overload manager
commit
327de6f23af8ada2786f9f286cee06528967e217
Author: russ <rucombs@cisco.com>
Date: Thu Jul 1 12:10:25 2021 -0400
memory: expand profile report field widths
Mike Stepanek (mstepane) [Tue, 30 Nov 2021 21:49:59 +0000 (21:49 +0000)]
Pull request #3163: JavaScript scope tracking
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_vars to master
Squashed commit of the following:
commit
7931ba587607cd89ae2efee2c53403d04ab21bef
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Nov 11 20:06:58 2021 +0200
doc: update user/http_inspect.txt with http_inspect.js_norm_max_scope_depth option description
commit
3d8c9c1e4a577196366a847998ef717b8db03fe9
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Nov 11 20:05:56 2021 +0200
doc: update builtin_subs.txt with EVENT_JS_SCOPE_NEST_OVERFLOW alert
commit
178e5b656222c0f3e72589344950cc4886a130d3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Nov 11 20:04:27 2021 +0200
http_inspect: update dev_notes.txt
commit
0d103f24002233f51c4aa9cbba18a1b0b5483509
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Oct 25 11:43:25 2021 +0300
utils: (JSNormalizer) add program scope tracking and alias resolution
Add JavaScript program scope tracking. The scope term includes all JavaScript
program scope types: GLOBAL, FUNCTION, BLOCK, OBJECT. Every scope is represented
by a separate object on a stack with its own identifiers mapping hash table,
connected together in a list.
Add variable definition type identification.
Add support for alias names resolution with respect to the current program scope.
Add trace messages for scope tracking
Add two config options:
http_inspect.js_norm_max_bracket_depth - bracket scope nesting limit
http_inspect.js_norm_max_scope_depth - program scope nesting limit
Add two built-in alerts:
119:271 - bracket nesting overflow
119:274 - scope nesting overflow
Add unit tests coverage:
scope tracking
alias resolution
split over multiple PDUs
error handling
commit
aef1de2489928f47af8c4345d745378c340ed8f1
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Nov 8 11:19:36 2021 +0200
utils: (JSNormalizer) rework the split over multiple chunks behavior
Avoid normalization of the input bytes that were already normalized
Update unit test cases due to rework in the split over chunks behavior
Add unit tests coverage for combined output after several normalizations
Russ Combs (rucombs) [Tue, 30 Nov 2021 21:39:53 +0000 (21:39 +0000)]
Pull request #3142: framework: add a traffic policy and data bus to the network policy to be able to support multiple tenants and add a selector inspector to select a config file for each tenant
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:tenant to master
Squashed commit of the following:
commit
c998980c574e3da4fd7fafc79e03fbb538a18a2a
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Nov 4 17:34:54 2021 -0400
framework: add support for multiple tenant
Add a traffic policy and data bus to the network policy to be able to support
multiple tenants and add a selector inspector to select a config file for each
tenant.
Tom Peters (thopeter) [Tue, 30 Nov 2021 17:29:53 +0000 (17:29 +0000)]
Pull request #3176: US 684353: http_inspect: number of header lines rule option
Merge in SNORT/snort3 from ~MDAGON/snort3:hdrs_num2 to master
Squashed commit of the following:
commit
6e4ab5896b6911913dfff1a681516f90938f5326
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Aug 3 15:55:26 2021 -0400
http_inspect: new rule options num_headers, num_trailers
Mike Stepanek (mstepane) [Mon, 29 Nov 2021 12:43:04 +0000 (12:43 +0000)]
Pull request #3188: Fix Debian10.32 unit tests.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_32 to master
Squashed commit of the following:
commit
4e2e3de3c279ddc44460fab87adb0f1f2812ccf9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Nov 25 09:47:03 2021 +0200
helpers: fix stream unit test on 32 bit platforms
Pranav Bhalerao (prbhaler) [Fri, 26 Nov 2021 05:05:44 +0000 (05:05 +0000)]
Pull request #3187: vba: Fixing buffer overflow in ole parser
Merge in SNORT/snort3 from ~VIGNVISW/snort3:vba_bufoverflow to master
Squashed commit of the following:
commit
b39fed887c6aed62fbf47a42a77b2b1501340e89
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Wed Nov 24 02:23:41 2021 -0500
vba: Fixing buffer overflow in ole parser
Pranav Bhalerao (prbhaler) [Fri, 26 Nov 2021 05:03:08 +0000 (05:03 +0000)]
Pull request #3181: ips_options: creating LiteralSearch object for vba decompression at the time of snort initialization
Merge in SNORT/snort3 from ~AMARNAYA/snort3:fix_searcher to master
Squashed commit of the following:
commit
20191e9a84c6b1b73d0a589f54c7aab53fb94d91
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Nov 23 08:02:30 2021 +0000
ips_options: creating LiteralSearch object for vba decompression at the time of snort initialization
Mike Stepanek (mstepane) [Thu, 25 Nov 2021 04:11:36 +0000 (04:11 +0000)]
Pull request #3185: wizard: change default value of max_search_depth from 64 to 8192
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_new_default_value to master
Squashed commit of the following:
commit
a40490adbbe9ae7126581f9ea53ccfe633d517b0
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Fri Oct 29 18:52:20 2021 +0300
wizard: change default value of max_search_depth from 64 to 8192
Ron Dempster (rdempste) [Wed, 24 Nov 2021 21:19:00 +0000 (21:19 +0000)]
Pull request #3183: file_api: file_data changes
Merge in SNORT/snort3 from ~VKAMBALA/snort3:file_info to master
Squashed commit of the following:
commit
d8e4a5692a09e7394f410060dfb8017564421cac
Author: krishnakanth <vkambala@cisco.com>
Date: Tue Nov 16 04:53:00 2021 -0500
file_api: file_data changes
Tom Peters (thopeter) [Wed, 24 Nov 2021 19:46:34 +0000 (19:46 +0000)]
Pull request #3186: BUG #713275: Asserting in Http2StreamSplitter with live http2 traffic
Merge in SNORT/snort3 from ~MDAGON/snort3:discard_padding to master
Squashed commit of the following:
commit
a1630ebd88c1a1e7e3cb8430af2891ac6f8621a5
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 22 17:02:13 2021 -0500
http2_inspect: discard with padding
Russ Combs (rucombs) [Wed, 24 Nov 2021 17:42:22 +0000 (17:42 +0000)]
Pull request #3182: doc: updated module usage and inspector types in the dev guide
Merge in SNORT/snort3 from ~RUCOMBS/snort3:doc_devel to master
Squashed commit of the following:
commit
23d309942fa1c44dffeed965b4ffa4fee4c15e3d
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Nov 23 16:09:34 2021 -0500
doc: updated module usage and inspector types in the dev guide
Russ Combs (rucombs) [Wed, 24 Nov 2021 16:26:05 +0000 (16:26 +0000)]
Pull request #3184: stream_tcp: delete unused unit test cruft
Merge in SNORT/snort3 from ~RUCOMBS/snort3:dead_code_2 to master
Squashed commit of the following:
commit
c62e9004b421bb8e9d9745441be754fa2a0df722
Author: russ <rucombs@cisco.com>
Date: Wed Nov 24 08:22:15 2021 -0500
stream_tcp: delete unused unit test cruft
Russ Combs (rucombs) [Wed, 24 Nov 2021 16:21:01 +0000 (16:21 +0000)]
Pull request #3175: Wizard Updates for Talos
Merge in SNORT/snort3 from ~RUCOMBS/snort3:ff_ff to master
Squashed commit of the following:
commit
472d7f7b3c90c3229ee7f9ef1a4750e1bd26ae06
Author: russ <rucombs@cisco.com>
Date: Sun Nov 21 08:05:51 2021 -0500
wizard: add patterns to match unknown HTTP and SIP methods
commit
494a587f21fcfbceb8b95bb859082dad8290013e
Author: russ <rucombs@cisco.com>
Date: Fri Nov 19 11:07:32 2021 -0500
wizard: remove telnet IAC pattern
Mike Stepanek (mstepane) [Wed, 24 Nov 2021 12:59:44 +0000 (12:59 +0000)]
Pull request #3178: Value::get_long(), replacing with platform-independent type
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_32_64 to master
Squashed commit of the following:
commit
5faafb2d57279064269cb3a58d1b136fd3742d44
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 19 16:12:50 2021 +0200
framework: replace Value::get_long() with a platform-independent type
projects / thirdparty / snort3.git / log
