]>
git.ipfire.org Git - thirdparty/snort3.git/log
Mike Stepanek (mstepane) [Tue, 16 Jul 2019 16:09:02 +0000 (12:09 -0400)]
Merge pull request #1675 in SNORT/snort3 from ~SMINUT/snort3:stack_size to master
Squashed commit of the following:
commit
51c4290811365b46aca3d7e5ef3b6985060c9bce
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Jul 15 09:47:03 2019 -0400
pcre: cap the pcre_match_limit_recursion based on the stack size available.
Davis McPherson (davmcphe) [Mon, 15 Jul 2019 18:06:50 +0000 (14:06 -0400)]
Merge pull request #1673 in SNORT/snort3 from ~DERAMADA/snort3:revert_stash_changes to master
Squashed commit of the following:
commit
0cacc8ab500b966c9d23ec819255f4bb77f94b7c
Author: deramada <deramada@cisco.com>
Date: Fri Jul 12 11:23:12 2019 -0400
Revert "Merge pull request #1593 in SNORT/snort3 from ~DERAMADA/snort3:appid_stash_store to master"
This reverts commit
1880af5f2b31ed968fc4a790384720d560acec1c .
Mike Stepanek (mstepane) [Mon, 15 Jul 2019 15:23:09 +0000 (11:23 -0400)]
Merge pull request #1658 in SNORT/snort3 from ~THOPETER/snort3:nhttp122 to master
Squashed commit of the following:
commit
db33060f5d83ad0b2a625abd8287df6073469f84
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Jul 11 13:35:16 2019 -0400
http_inspect: perf improvements
commit
37f170ddc1320c6d3bb3eff11a80cd2c21bff1c0
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Jun 7 10:22:43 2019 -0400
http_inspect: send headers to detection separately
Russ Combs (rucombs) [Mon, 15 Jul 2019 14:01:02 +0000 (10:01 -0400)]
Merge pull request #1649 in SNORT/snort3 from ~STECHEW/snort3:noack_policy1 to master
Squashed commit of the following:
commit
96cde40bbaef426256e5d5607c4f042033df22a9
Author: Steve Chew <stechew@cisco.com>
Date: Tue Jun 18 04:23:40 2019 -0400
stream_tcp: Add no-ack policy to handle flows that have no ACKs for data.
no_ack: Purge segment list withouth waiting for ack when using no_ack feature.
updated purge segment list fix for no_ack feature
updated some comments
Mike Stepanek (mstepane) [Fri, 12 Jul 2019 17:14:05 +0000 (13:14 -0400)]
Merge pull request #1667 in SNORT/snort3 from ~MDAGON/snort3:hpack_string to master
Squashed commit of the following:
commit
74d40186fe6b3dd1207eb70e621e966de29051df
Author: mdagon <mdagon@cisco.com>
Date: Wed Jul 3 12:04:12 2019 -0400
http2: hpack string decode
Michael Altizer (mialtize) [Fri, 12 Jul 2019 16:16:03 +0000 (12:16 -0400)]
Merge pull request #1672 in SNORT/snort3 from ~MASHASAN/snort3:host_tracker_warnings to master
Squashed commit of the following:
commit
3c652147665c5381f469165409a4c4c8caf59eb2
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Jul 12 10:49:49 2019 -0400
host_cache: Closing va_list after usage using va_end
Mike Stepanek (mstepane) [Thu, 11 Jul 2019 10:51:54 +0000 (06:51 -0400)]
Merge pull request #1665 in SNORT/snort3 from ~MASHASAN/snort3:host_cache_dump to master
Squashed commit of the following:
commit
363786e572c5274704c3c34355e5e01c694082ca
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Jul 3 09:08:41 2019 -0400
host_cache: Adding command and config option to dump hosts
George Koikara (gkoikara) [Fri, 5 Jul 2019 04:40:20 +0000 (00:40 -0400)]
Merge pull request #1623 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_eof to master
Squashed commit of the following:
commit
af18eb5c0005d65a1c4879d74dbfa80f736e81b8
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Fri May 17 07:01:05 2019 -0400
stream: add convenient method for flow deletion
Russ Combs (rucombs) [Thu, 4 Jul 2019 18:21:22 +0000 (14:21 -0400)]
Merge pull request #1660 in SNORT/snort3 from ~BRASTULT/snort3:talos_tweak_fix to master
Squashed commit of the following:
commit
1e557dca3a03f375d932d3ba14bed27aea7957ad
Author: Brandon Stultz <brastult@cisco.com>
Date: Sun Jun 30 19:12:46 2019 -0400
talos.lua: various fixes for command line usage
- lua: optionally include local.rules in talos tweak, set snaplen
- main: move talos tweak settings to lua, set default pcap-filter
- parser: fix -R by clearing includer when parsing s_aux_rules
- packet_io: set default pcap-filter
russ [Thu, 4 Jul 2019 18:26:52 +0000 (14:26 -0400)]
Squashed commit of the following:
commit
90bacc16fa036bd678c47a51898a0e247a4659cf
Author: russ <rucombs@cisco.com>
Date: Thu Jul 4 10:32:46 2019 -0400
profiler: include onload/offload efforts in mpse
commit
280854ff2229555fb893a409a62725d31ed403ed
Author: russ <rucombs@cisco.com>
Date: Wed Jul 3 21:52:09 2019 -0400
detection: reduce hard number of contexts to work with pcap default
commit
8eb020e4470c568039b89e12ae29f5b8a625cec3
Author: russ <rucombs@cisco.com>
Date: Wed Jul 3 12:25:53 2019 -0400
profiler: refactor
commit
656e280fc09d1d06c379dfc94fe2b905b79ba03c
Author: russ <rucombs@cisco.com>
Date: Sun Jun 30 13:54:38 2019 -0400
profiler: implement general exclusion
The profiler module has been reworked for performance and accuracy.
There is now a single level (default build) and no need to specify
exclusions. When a new scope is entered, the existing scope if any
is paused and then resumed when the new scope exits. The "total"
root is now implemented internally and fixed at total packets and
total runtime. The difference from that and the sum of all root
children is given in other.
Mike Stepanek (mstepane) [Tue, 2 Jul 2019 17:24:36 +0000 (13:24 -0400)]
Merge pull request #1659 in SNORT/snort3 from ~MDAGON/snort3:hpack_int to master
Squashed commit of the following:
commit
1aa88db8a750eb3efc4a66b0483cb515a60d613e
Author: mdagon <mdagon@cisco.com>
Date: Thu Jun 20 16:42:53 2019 -0400
http2: decode HPACK uint
Steve Chew (stechew) [Tue, 2 Jul 2019 16:13:20 +0000 (12:13 -0400)]
Merge pull request #1656 in SNORT/snort3 from ~SBAIGAL/snort3:ignore_vlan to master
Squashed commit of the following:
commit
59ee334a4e7e69b19bd8a25e8462b2a2005a0534
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Jun 25 14:04:58 2019 -0400
codec: add support of ignore_vlan flag from daq header
updated to skip vlan header process when ignore_vlan flag was set
Michael Altizer (mialtize) [Mon, 1 Jul 2019 19:53:12 +0000 (15:53 -0400)]
Merge pull request #1662 in SNORT/snort3 from ~DERAMADA/snort3:fix_flow_stash_header to master
Squashed commit of the following:
commit
afb1391d7e42c5ffad9e74f34452ed2fe9a4585a
Author: deramada <deramada@cisco.com>
Date: Mon Jul 1 14:26:30 2019 -0400
appid: fix header order in appid_session
commit
12bd60e2cb543727d0a55ddb94d96415d262378a
Author: deramada <deramada@cisco.com>
Date: Mon Jul 1 14:23:48 2019 -0400
flow: remove config.h from flow_stash_keys
Mike Stepanek (mstepane) [Mon, 1 Jul 2019 14:15:54 +0000 (10:15 -0400)]
Merge pull request #1593 in SNORT/snort3 from ~DERAMADA/snort3:appid_stash_store to master
Squashed commit of the following:
commit
51382ddd1e26171b1a1ca0973ff950d1e073aa5c
Author: deramada <deramada@cisco.com>
Date: Mon Apr 29 15:49:05 2019 -0400
appid: use stash to store flow attributes
russ [Sun, 30 Jun 2019 04:04:55 +0000 (00:04 -0400)]
Squashed commit of the following:
commit
f1e74ea89089c180ee2ed823daa009d19954b922
Author: russ <rucombs@cisco.com>
Date: Sat Jun 29 17:49:25 2019 -0400
profiler: convert ips options to use optional profiles
Avoid the perf hit and double counting (with rule_eval) for detection
options with normal builds. Not deleted since it could be helpful
to see individual options in some cases despite the issues. Due to a
bug, this is commented out but should be made a build option once
fixed.
commit
b06b0aebed47a2f8676346e4a7c3dcb2dd522f75
Author: russ <rucombs@cisco.com>
Date: Thu Jun 27 10:28:44 2019 -0400
profiler: split out paf from stream_tcp
PAF (Protocol Aware Flushing) is the delegation by stream_tcp of flush point
determination by service inspectors which encapsulate PDU analysis. This
change splits out the scanning portion of the PAF interface. Reassembly
will be dealt with later. http_inspect will be the biggest contributor to
PAF since it front-loads considerable to the scanning phase.
commit
9dfdc6c399eddd925185e4a0e1dbeec1df91ba5d
Author: russ <rucombs@cisco.com>
Date: Wed Jun 26 21:36:37 2019 -0400
profiler: track DAQ message receives and finalizes
commit
8ec66593d58130bca89071a2d4a2a0429af57223
Author: russ <rucombs@cisco.com>
Date: Wed Jun 26 17:28:57 2019 -0400
profiler: eliminate deep profiling
Deep profiling creates broken totals, impacts performance, and is not a
good substitute for actual profiling with gprof etc. Furthermore, shallow
profiling (ie a single bucket per component and subsystem) provides enough
information to tune Snort effectively.
Russ Combs (rucombs) [Fri, 28 Jun 2019 03:44:43 +0000 (23:44 -0400)]
Merge pull request #1657 in SNORT/snort3 from ~BRASTULT/snort3:fast_pattern_fix to master
Squashed commit of the following:
commit
af403f7092a7a4f2d71a70b7a5d8d75cb23b80f3
Author: Brandon Stultz <brastult@cisco.com>
Date: Tue Jun 25 11:42:42 2019 -0400
detection: on PDUs change search order to set check_ports correctly
George Koikara (gkoikara) [Thu, 27 Jun 2019 15:31:07 +0000 (11:31 -0400)]
Merge pull request #1642 in SNORT/snort3 from ~KBHANDAN/snort3:ha to master
Squashed commit of the following:
commit
2ba9df6b36c5f614106d178f3ab2d56d399640e4
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Tue Jun 11 07:49:28 2019 -0400
flow: Fixes for DAQ-backed HA implementation
George Koikara (gkoikara) [Thu, 27 Jun 2019 10:02:43 +0000 (06:02 -0400)]
Merge pull request #1597 in SNORT/snort3 from ~POAWASTH/snort3:HA to master
Squashed commit of the following:
commit
ec4a4fbf906685e5ed48e9b8d9a2b37848ac16f9
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon Jun 3 04:25:04 2019 -0400
high_availability: high availability support in Snort2Lua
commit
921d334faceea4b4b3d0050a809f6b27add2b43f
Merge:
f33a1a3b0d fc765be03d
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Thu Jun 20 01:02:06 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
f33a1a3b0d6c129a5ed60fa840cd135155151340
Merge:
8f33e02bbf 0f1bfa63a2
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Tue Jun 18 01:30:18 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
8f33e02bbf85b66976c9b033c76d60975feea419
Merge:
ef5462a197 5f54ed99ca
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon Jun 17 01:47:17 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
ef5462a19724068d4f30ab47145a111e1398a449
Merge:
354a0f43b3 728c88e590
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed Jun 12 01:52:57 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
354a0f43b30341dc8bbc0feeae7ee7f11289976c
Merge:
05771d2a9d 2a063bd7fc
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon Jun 3 04:26:16 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
05771d2a9d7fabe20dbef9998346ac2d932b84ee
Merge:
ea74ebefe4 35d4b98423
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri May 24 14:22:51 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
ea74ebefe459505932e9633ecc58acf86f72afb1
Merge:
b05e64d3f4 514211db93
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri May 24 04:42:35 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
b05e64d3f4c7e0be9946a6b94ef38227a5b93962
Merge:
fd54dd4c67 683220535f
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon May 20 13:24:12 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
fd54dd4c67b610c1fb2b9a8fee809c49e6275fac
Merge:
3be4b6fd38 91d81bb4c4
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 15 01:18:15 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
3be4b6fd38ba5133795559ed5a696912d11fbf76
Merge:
49e4495f9d 2c994c4987
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri May 10 02:29:14 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
49e4495f9d094c0978465aef4694a0689cc9331b
Merge:
7875fdda54 51c6942a68
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 8 00:42:12 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
7875fdda543729688243daf17d28ab1de9a5291a
Merge:
0bf526d1f8 42f72b3882
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon May 6 11:36:04 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
0bf526d1f8b4c02bed19fd6a649c70268ec5ff00
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 1 13:09:08 2019 -0400
Revert "ha: Precommit for snort2lua Changes"
This reverts commit
b26b0b5b6f08b641b49c4ac4cc7c1e426a362ca1 .
commit
3bb98944144ae4d780ec26fa77e81f2ed9f06f84
Merge:
b26b0b5b6f a62e18d8c1
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 1 12:46:20 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
b26b0b5b6f08b641b49c4ac4cc7c1e426a362ca1
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 1 12:40:48 2019 -0400
ha: Precommit for snort2lua Changes
Mike Stepanek (mstepane) [Wed, 26 Jun 2019 22:39:52 +0000 (18:39 -0400)]
Merge pull request #1655 in SNORT/snort3 from ~AMSATHYA/snort3:identity_plugin to master
Squashed commit of the following:
commit
c02b0069cf999ed917432358ee7df8c5734b0bf0
Author: haow3 <haow3@cisco.com>
Date: Mon Jun 24 12:56:26 2019 -0400
flow: Extend stash to support uint32_t and make it SO_PUBLIC
russ [Mon, 24 Jun 2019 04:22:04 +0000 (00:22 -0400)]
Squashed commit of the following:
commit
46b75614846523b09bc3f0381aa23c74c4b4037c
Author: russ <rucombs@cisco.com>
Date: Fri Jun 21 22:17:05 2019 -0400
ips: refactor fast pattern searching
commit
ca549ab88276c9c1032be231ce6ab4be331c9920
Author: russ <rucombs@cisco.com>
Date: Fri Jun 21 22:16:22 2019 -0400
detection: allocate scratch after configuration
commit
1db4b7941c9b0e700f6b8c76a4718649d546678a
Author: russ <rucombs@cisco.com>
Date: Wed Jun 19 12:21:49 2019 -0400
detection: immediately onload after offloading when running regression tests
commit
aecdde54894b4e2f9eddf1e641964ef1c1dac749
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 09:44:36 2019 -0400
detection: use offload_threads = N with -z = 1
commit
bbe6eb1f255d190b6fa08fe6d9471681a430a165
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 21:26:34 2019 -0400
analyzer: 1024 contexts max is a better default until configurable
commit
45c29b39d7bdbdd3f7271d120899e14f67f8d40a
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 09:45:08 2019 -0400
detection: start offload threads before packet threads are pinned
commit
f5788a9b17cea3545c05932d365c5736c1de5b54
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 09:41:41 2019 -0400
mpse: api init and print methods are optional
commit
619b7846de7cbd1d5962c92850ba855e3ce586d6
Author: russ <rucombs@cisco.com>
Date: Sat Jun 1 13:48:43 2019 -0400
ips: add missing non-fast-pattern warning
commit
05fd308f43484b2ed79a6a9d646aa203d2d1ffdd
Author: russ <rucombs@cisco.com>
Date: Sat Jun 1 13:47:59 2019 -0400
stream_tcp: fix non-deep detect profile exclusion
commit
d141982727775c23eb0503550b4b89e77d3971a3
Author: russ <rucombs@cisco.com>
Date: Fri May 31 16:32:29 2019 -0400
snort: remove out-of-date Snort 2 version from -V
Mike Stepanek (mstepane) [Wed, 19 Jun 2019 17:26:39 +0000 (13:26 -0400)]
Merge pull request #1651 in SNORT/snort3 from ~MSTEPANE/snort3:build_257 to master
Squashed commit of the following:
commit
60a75f5d4889e6c193971c7652469265789073f2
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Jun 19 10:55:04 2019 -0400
doc: Update docs for build 257
commit
a82da3a50629a33ba8a6e94e4c8bda0bce461dac
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Jun 19 09:10:13 2019 -0400
build: 257
Russ Combs (rucombs) [Tue, 18 Jun 2019 23:26:17 +0000 (19:26 -0400)]
Merge pull request #1645 in SNORT/snort3 from ~RUCOMBS/snort3:regex_fix to master
Squashed commit of the following:
commit
f71a95925c043dba6f2fca7dc36480794618ea36
Author: russ <rucombs@cisco.com>
Date: Sat Jun 15 20:39:34 2019 -0400
regex: fix repeated search offset
Mike Stepanek (mstepane) [Tue, 18 Jun 2019 19:14:30 +0000 (15:14 -0400)]
Merge pull request #1646 in SNORT/snort3 from ~MASHASAN/snort3:rna_pub_sub to master
Squashed commit of the following:
commit
02d777186b7b42185154fa7d5d149ee17a2ce59a
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Jun 17 14:41:32 2019 -0400
rna: Renaming peg counts and adding a warning when config changes
commit
d0a8a2c0fd70edf12a1e59bbd0b39bb71dffb7d3
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Jun 17 04:09:05 2019 -0400
rna: Implementing event-driven RNA inspections
Michael Altizer (mialtize) [Tue, 18 Jun 2019 14:16:29 +0000 (10:16 -0400)]
Merge pull request #1647 in SNORT/snort3 from ~MIALTIZE/snort3:doc_daq to master
Squashed commit of the following:
commit
f30be1a8530d4f0df06b7f3a2b7e1aa997b24260
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Jun 17 12:02:53 2019 -0400
doc: Update documentation to reflect post-DAQng reality
commit
6257bc3094a93d5015bacca04534e3e3c2f47a5e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Jun 17 09:35:40 2019 -0400
doc: Remove perpetually out-of-date copy of LibDAQ's README
Mike Stepanek (mstepane) [Mon, 17 Jun 2019 19:15:06 +0000 (15:15 -0400)]
Merge pull request #1644 in SNORT/snort3 from ~KATHARVE/snort3:ips_policies_bug to master
Squashed commit of the following:
commit
6153c7a79d13ab80939e7763d083c966029bccfd
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Jun 12 12:04:54 2019 -0400
detection: fix creation of service map to use ips policy id
Mike Stepanek (mstepane) [Mon, 17 Jun 2019 17:25:59 +0000 (13:25 -0400)]
Merge pull request #1648 in SNORT/snort3 from ~MASHASAN/snort3:doc_rna to master
Squashed commit of the following:
commit
708062a3468c2b54e7fa7c25da1727c507159db8
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Jun 17 12:59:25 2019 -0400
rna: Fixing doc build failure due to asciidoc format issue
Russ Combs (rucombs) [Mon, 17 Jun 2019 00:49:06 +0000 (20:49 -0400)]
Merge pull request #1603 in SNORT/snort3 from ~BRASTULT/snort3:fp_detect_fix to master
Squashed commit of the following:
commit
4ab32a7ec9d864cf0f2874a40df203b256434769
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri May 10 01:18:44 2019 -0400
detection: on PDUs search TCP/UDP portgroups even when user_mode services exist
Russ Combs (rucombs) [Sun, 16 Jun 2019 14:59:35 +0000 (10:59 -0400)]
Merge pull request #1628 in SNORT/snort3 from ~BBANTWAL/snort3:pegcounts to master
Squashed commit of the following:
commit
46120f09f1374a79a945dcf8c14bcdaf70a16c8c
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Jun 11 10:15:18 2019 -0400
adding stats for offloader busy
commit
98821ce7200c8f1fd72476e264bc4f782a74dfd6
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Jun 4 12:41:48 2019 -0400
adding pegcounts for context chain suspends
commit
b71215b8870e26706d2a93336dcb2be03f4012a7
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Jun 4 09:53:47 2019 -0400
detection: adding pegcounts for fallback, offload failures
commit
1ad6aa682e0d3f6faf9fb91256f322c089f754d9
Author: russ <rucombs@cisco.com>
Date: Sat Jun 1 15:54:10 2019 -0400
detection: add peg for onload wait conditions
Russ Combs (rucombs) [Sun, 16 Jun 2019 14:57:58 +0000 (10:57 -0400)]
Merge pull request #1636 in SNORT/snort3 from ~BRASTULT/snort3:relative_so to master
Squashed commit of the following:
commit
578047fa73a2e1485920e81061f7f0aeb229a592
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri Jun 7 14:22:06 2019 -0400
ips_options: add relative parameter to so option
Russ Combs (rucombs) [Wed, 12 Jun 2019 15:57:38 +0000 (11:57 -0400)]
Merge pull request #1616 in SNORT/snort3 from ~STECHEW/snort3:finalize_packet to master
Squashed commit of the following:
commit
04aeec5d6e2c2285419a5a9e7eff8d1ed0a2787f
Author: Steve Chew <stechew@cisco.com>
Date: Mon May 20 21:19:33 2019 -0400
analyzer: publish finalize packet event before calling finalize_message.
Mike Stepanek (mstepane) [Wed, 12 Jun 2019 12:48:03 +0000 (08:48 -0400)]
Merge pull request #1643 in SNORT/snort3 from ~MIREDDEN/snort3:smtp_fix to master
Squashed commit of the following:
commit
6cbb3b865482a90da05f150f584a457e37209f39
Author: Mike Redden <miredden@cisco.com>
Date: Wed Jun 12 07:53:18 2019 -0400
smtp: Fix handle_header_line and normalize_data unit tests
Michael Altizer (mialtize) [Wed, 12 Jun 2019 03:31:44 +0000 (23:31 -0400)]
Merge pull request #1619 in SNORT/snort3 from ~MIALTIZE/snort3:ha_daq to master
Squashed commit of the following:
commit
5aacc37644226329a02dc2637093c457614b351d
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Jun 10 17:43:32 2019 -0400
flow: Implement storing and importing HA data via DAQ IOCTLs
This involved significant refactoring of the Flow HA code and added many
peg counts to the module. Export FlowHAClient, HighAvailabilityManager,
and FlowHAState in flow/ha.h. Specify that HA time parameters are in
seconds. The useless HA module unit tests were removed in the process.
commit
9fec6bc1993d35969c9aca4198ec0865ef7597e5
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Jun 7 14:32:18 2019 -0400
check: Fix missing semicolons on CHECK calls
commit
fb6e8988fd3790f54c790110150b965a3abb456b
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue May 28 12:30:33 2019 -0400
build: Fix unused parameter warnings in unit tests
Steve Chew (stechew) [Tue, 11 Jun 2019 18:45:06 +0000 (14:45 -0400)]
Merge pull request #1635 in SNORT/snort3 from ~SBAIGAL/snort3:icmp_u2log_fix to master
Squashed commit of the following:
commit
4aadd43f4a78c1e78ef2c1847098f090b6502108
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Jun 7 15:51:43 2019 -0400
icmp4: verify checksum before the type validation
Mike Stepanek (mstepane) [Tue, 11 Jun 2019 16:31:36 +0000 (12:31 -0400)]
Merge pull request #1641 in SNORT/snort3 from ~MASHASAN/snort3:inspector_null_check to master
Squashed commit of the following:
commit
7104df70e6370eb212c787186011ebd6148594d8
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Jun 10 22:41:19 2019 -0400
stream_ip: Checking null inspector while updating session
Mike Stepanek (mstepane) [Tue, 11 Jun 2019 14:58:04 +0000 (10:58 -0400)]
Merge pull request #1640 in SNORT/snort3 from ~MDAGON/snort3:smtp_fix to master
Squashed commit of the following:
commit
5aae8d1c8a125cc53a58efcee29035739a666d7a
Author: mdagon <mdagon@cisco.com>
Date: Wed Jun 5 11:36:13 2019 -0400
smtp: pass packet pointer instead of nullptr to SMTP_CopyToAltBuffer
Mike Stepanek (mstepane) [Thu, 6 Jun 2019 20:12:26 +0000 (16:12 -0400)]
Merge pull request #1629 in SNORT/snort3 from ~THOPETER/snort3:nhttp121 to master
Squashed commit of the following:
commit
1d76e71bc035d419559cdb56b39eee2c3309f39b
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Jun 4 16:49:41 2019 -0400
http_inspect: test tool enhancement
Michael Altizer (mialtize) [Tue, 4 Jun 2019 15:12:44 +0000 (11:12 -0400)]
Merge pull request #1618 in SNORT/snort3 from ~SBAIGAL/snort3:perf_mon_analyzer_fix to master
Squashed commit of the following:
commit
ad4244beb09c4a56e10c6751c0ae51bd81fdeaa2
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue May 28 09:29:19 2019 -0400
perf_mon: removed flow_ip_handler from PerfMonitor
Keep the ip event handler at databus, disable ip tracker from a thread will not lead to delete ip data handler from databus
Mike Stepanek (mstepane) [Tue, 4 Jun 2019 14:31:39 +0000 (10:31 -0400)]
Merge pull request #1621 in SNORT/snort3 from ~THOPETER/snort3:merge4 to master
Squashed commit of the following:
commit
67ff9e50695a75b8fe2e9505620b091f624aef16
Author: Tom Peters <thopeter@cisco.com>
Date: Mon May 13 16:28:57 2019 -0400
http_inspect/stream: accelerated blocking
Mike Stepanek (mstepane) [Mon, 3 Jun 2019 20:38:59 +0000 (16:38 -0400)]
Merge pull request #1622 in SNORT/snort3 from ~MASHASAN/snort3:rna_framework to master
Squashed commit of the following:
commit
d49a2affbec8e24f642ce811c10141cf19435dda
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed May 29 12:37:25 2019 -0400
rna: Introducing barebone RNA module and inspector
Shravan Rangarajuvenkata (shrarang) [Mon, 3 Jun 2019 20:06:02 +0000 (16:06 -0400)]
Merge pull request #1620 in SNORT/snort3 from ~SATHIRKA/snort3:icmp_bruteforce to master
Squashed commit of the following:
commit
d6298c44470c752ccdbd2abd098814e7b36a27e5
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu May 23 14:24:42 2019 -0400
appid: Protocol based detection for non-TCP non-UDP traffic.
Mike Stepanek (mstepane) [Mon, 3 Jun 2019 20:02:00 +0000 (16:02 -0400)]
Merge pull request #1627 in SNORT/snort3 from ~MIREDDEN/snort3:stream_tcp_timestamp to master
Squashed commit of the following:
commit
7770b59dee8e8b3d7b93b8dfadbe21a33c746eb5
Author: Mike Redden <miredden@cisco.com>
Date: Wed May 29 15:57:18 2019 -0400
stream: Do not validate timestamp until peer timestamp is set
Michael Altizer (mialtize) [Mon, 3 Jun 2019 18:05:33 +0000 (14:05 -0400)]
Merge pull request #1624 in SNORT/snort3 from ~BBANTWAL/snort3:fix_async_http to master
Squashed commit of the following:
commit
84367e7e76a1f3bea145a3520fe729e099e0ac1a
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue May 28 12:24:11 2019 -0400
http_inspect: stop clearing http data snapshots from ips contexts on flow deletion
Michael Altizer (mialtize) [Fri, 31 May 2019 15:20:34 +0000 (11:20 -0400)]
Merge pull request #1617 in SNORT/snort3 from ~BBANTWAL/snort3:offload_memstats_fix to master
Squashed commit of the following:
commit
f10682ce0c9e034bef3d3a42a3e2fcebe0c94691
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri May 24 17:06:38 2019 -0400
flow: check if flow is actually deleted before updating memstats
Mike Stepanek (mstepane) [Fri, 24 May 2019 12:49:45 +0000 (08:49 -0400)]
Merge pull request #1614 in SNORT/snort3 from ~KATHARVE/snort3:disable_builtin to master
Squashed commit of the following:
commit
7f281ab48cb16fbc99f619c1ae72841c0886bb85
Author: Katura Harvey <katharve@cisco.com>
Date: Mon May 20 17:49:40 2019 -0400
detection: fix check for disabled rules
Shravan Rangarajuvenkata (shrarang) [Thu, 23 May 2019 14:59:25 +0000 (10:59 -0400)]
Merge pull request #1608 in SNORT/snort3 from ~KAMURTHI/snort3:BitTorrent-Fix to master
Squashed commit of the following:
commit
4adad8bc5649000bb5d8ca10f933389d441ad20a
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Thu May 9 16:16:46 2019 -0400
appid: support for dynamic host cache lookup-based app detection.
Mike Stepanek (mstepane) [Wed, 22 May 2019 20:41:32 +0000 (16:41 -0400)]
Merge pull request #1615 in SNORT/snort3 from ~NIHDESAI/snort3:build_256 to master
Squashed commit of the following:
commit
68d6c61b35320abc1301d55a0bac95d57e25ec3c
Author: Nihal Desai <nihdesai@cisco.com>
Date: Wed May 22 13:42:31 2019 -0400
build: generate build 256
Mike Stepanek (mstepane) [Mon, 20 May 2019 17:30:52 +0000 (13:30 -0400)]
Merge pull request #1607 in SNORT/snort3 from ~SMINUT/snort3:filters_xhash_peg to master
Squashed commit of the following:
commit
6182a08ddbac76285aad2bd3194282f5402075da
Author: Silviu Minut <sminut@cisco.com>
Date: Wed May 15 09:40:34 2019 -0400
filters: add peg count for when the thd_runtime XHash table gets full.
Tom Peters (thopeter) [Fri, 17 May 2019 14:42:51 +0000 (10:42 -0400)]
Merge pull request #1610 in SNORT/snort3 from ~SBAIGAL/snort3:perfmon_event_fix to master
Squashed commit of the following:
commit
a3fcf0a70b39bf05ed8ed9f204fd88a42fd8ea81
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed May 15 13:51:26 2019 -0400
perf_mon: add real timestamp to empty perf_stats data; updated dbus default subscription code and perf_mon event subscirption code to resolve memory leak and invalid event subscription from reloading; moved flow_ip_tracker to thread local
Tom Peters (thopeter) [Wed, 15 May 2019 18:39:44 +0000 (14:39 -0400)]
Merge pull request #1604 in SNORT/snort3 from ~KATHARVE/snort3:disable_inspection_in_drop_flow to master
Squashed commit of the following:
commit
991d611b02b5bb0ad494b29e6914ac649cca581c
Author: Katura Harvey <katharve@cisco.com>
Date: Tue May 7 18:53:02 2019 -0400
stream: disable inspection of flow on reset
Tom Peters (thopeter) [Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)]
Merge pull request #1602 in SNORT/snort3 from ~SMINUT/snort3:appid_fuzz to master
Squashed commit of the following:
commit
dd95d711880a5401e8486fd2d59ad8a85a5fa5c5
Author: Silviu Minut <sminut@cisco.com>
Date: Fri May 10 15:58:53 2019 -0400
http_inspect: fix status_code_num bug in HttpMsgHeader::update_flow() that leads to assert on input.length()>0 in norm_decimal_integer.
Tom Peters (thopeter) [Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)]
Merge pull request #1601 in SNORT/snort3 from ~MIREDDEN/snort3:remove_sticky_buffer_duplicates to master
Squashed commit of the following:
commit
3d998ed0f4e1faab5372d33decc333d666b6fa57
Author: Mike Redden <miredden@cisco.com>
Date: Wed May 8 14:27:34 2019 -0400
snort2lua: Remove sticky buffer duplicates
Mike Stepanek (mstepane) [Thu, 9 May 2019 16:53:50 +0000 (12:53 -0400)]
Merge pull request #1592 in SNORT/snort3 from ~SMINUT/snort3:event_filter_memcap to master
Squashed commit of the following:
commit
2da9b2b60b98cf6c2bb901d6cfab0871fed0ce7f
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Apr 30 13:23:35 2019 -0400
filters: make thd_runtime and rf_hash thread local and allocate them from thread init rather than from Module::end().
Mike Stepanek (mstepane) [Tue, 7 May 2019 17:25:19 +0000 (13:25 -0400)]
Merge pull request #1600 in SNORT/snort3 from ~DDAHIPHA/snort3:fd_leak_fixes to master
Squashed commit of the following:
commit
f6c664bc51a374308a82e13395cfb87f12621ef6
Author: Devendra Dahiphale <ddahipha@cisco.com>
Date: Tue May 7 13:23:18 2019 -0400
main: Fix File Descriptor leaks
Mike Stepanek (mstepane) [Tue, 7 May 2019 15:28:03 +0000 (11:28 -0400)]
Merge pull request #1594 in SNORT/snort3 from ~MASHASAN/snort3:per_mon_leak to master
Squashed commit of the following:
commit
f7d0fe1dab2a07f15a87177844c79419c72ca8b1
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri May 3 11:23:59 2019 -0400
perf_monitor: Fixing heap-use-after-free after reload failure
Tom Peters (thopeter) [Mon, 6 May 2019 21:01:49 +0000 (17:01 -0400)]
Merge pull request #1599 in SNORT/snort3 from ~KATHARVE/snort3:uniformity_rule_state to master
Squashed commit of the following:
commit
b5dbbf67ffbef7a7f0afcf0fa68083339bea3c2b
Author: Katura Harvey <katharve@cisco.com>
Date: Wed May 1 09:52:43 2019 -0400
Uniformity: Update the rule_state value to yes or no
Tom Peters (thopeter) [Mon, 6 May 2019 20:54:33 +0000 (16:54 -0400)]
Merge pull request #1598 in SNORT/snort3 from ~MIREDDEN/snort3:port_scan_memcap to master
Squashed commit of the following:
commit
300ad4844bc61bfacbb746ce036018ae211b7777
Author: Mike Redden <miredden@cisco.com>
Date: Mon May 6 13:46:13 2019 -0400
port_scan: Change minimum memcap value to 1024 to avoid divide by zero crash
Michael Altizer [Mon, 6 May 2019 17:32:37 +0000 (13:32 -0400)]
main: Include analyzer.h in snort.cc
Michael Altizer [Fri, 31 Aug 2018 18:40:41 +0000 (14:40 -0400)]
DAQng: Port Snort and its DAQ modules to DAQ3
Michael Altizer [Sat, 16 Mar 2019 23:31:44 +0000 (19:31 -0400)]
Revert "Merge pull request #1535 in SNORT/snort3 from ~SHRARANG/snort3:set_priv_ptr_for_pdu to master"
This reverts commit
cdae58b2fde31057795c04185d22d2b7e9e916ef .
Michael Altizer [Sun, 5 May 2019 16:00:15 +0000 (12:00 -0400)]
packet_io: Refactor the Trough a bit
Russ Combs (rucombs) [Sat, 4 May 2019 16:23:41 +0000 (12:23 -0400)]
Merge pull request #1595 in SNORT/snort3 from ~RUCOMBS/snort3:build_255 to master
Squashed commit of the following:
commit
5dc88fa07e26e6332fcc681e8d6e7ff0321e712e
Author: Russ Combs <rucombs@cisco.com>
Date: Fri May 3 18:34:44 2019 -0400
build: generate and tag build 255
Russ Combs (rucombs) [Sat, 4 May 2019 16:23:08 +0000 (12:23 -0400)]
Merge pull request #1589 in SNORT/snort3 from ~RUCOMBS/snort3:doc_include to master
Squashed commit of the following:
commit
c2a60f4a03b15a9c423d50ca27f9b645c65afb18
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Apr 29 18:07:24 2019 -0400
doc: explain include logic
Michael Altizer (mialtize) [Tue, 30 Apr 2019 15:40:05 +0000 (11:40 -0400)]
Merge pull request #1591 in SNORT/snort3 from ~MIALTIZE/snort3:static_analysis to master
Squashed commit of the following:
commit
b1dd6db8cc79cc8b0881f508f1c1679165aa92b1
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Apr 24 15:39:22 2019 -0400
piglet_plugins: Don't try to memset SigInfo
commit
846cd74233e2e6de40528e364bb10b5be8421848
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Apr 22 13:02:37 2019 -0400
tcp_connector: Fix memory leak in receive overrun scenario
commit
f168872f04abdc26d1ebcb7bc43977b0ecd8bc4e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Apr 22 12:49:41 2019 -0400
appid: Add assertion to pop3 detector to quiet the static analyzer
commit
7d190cd75022d2cc4e0400e10406c7a182504566
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Apr 22 12:36:37 2019 -0400
module_manager: Fix potential null deref in module parameter dumping
Russ Combs (rucombs) [Mon, 29 Apr 2019 21:42:31 +0000 (17:42 -0400)]
Merge pull request #1588 in SNORT/snort3 from ~RUCOMBS/snort3:includer to master
Squashed commit of the following:
commit
62464559e2ebd8b9739db1ea8c10907bc6830aeb
Author: russ <rucombs@cisco.com>
Date: Sat Apr 27 16:03:45 2019 -0400
ips: add includer for better relative path support
Michael Altizer [Fri, 26 Apr 2019 20:45:18 +0000 (16:45 -0400)]
build: generate and tag build 254
russ [Thu, 25 Apr 2019 03:32:11 +0000 (23:32 -0400)]
Squashed commit of the following:
commit
552e1aa03b669531521d01ce40fa8fbb0a1215ae
Author: russ <rucombs@cisco.com>
Date: Wed Apr 24 11:14:17 2019 -0400
build: remove unused cruft; clean up KMap
commit
f69abdece93f196911a01ea7cae502cea2d49874
Author: russ <rucombs@cisco.com>
Date: Mon Apr 22 13:02:28 2019 -0400
file_type: remove redundant error message
commit
cae5d0ddbe8b94bace3de56929e2ff14834f3a29
Author: russ <rucombs@cisco.com>
Date: Fri Apr 19 21:33:03 2019 -0400
config: replace working dir overrides with --include-path
Tom Peters (thopeter) [Wed, 24 Apr 2019 21:44:11 +0000 (17:44 -0400)]
Merge pull request #1586 in SNORT/snort3 from ~KATHARVE/snort3:remove_histogram_comment to master
Squashed commit of the following:
commit
3e8b8b74d24b518199b988c5ff21ccbfb995336d
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Apr 19 19:40:34 2019 -0400
snort2lua: fix histogram option change comment
Mike Stepanek (mstepane) [Wed, 24 Apr 2019 19:10:45 +0000 (15:10 -0400)]
Merge pull request #1572 in SNORT/snort3 from ~DDAHIPHA/snort3:dev_large_fd_segfault to master
Squashed commit of the following:
commit
bcc34f2893948bf0ed49d563d576e4abf0e45626
Author: Devendra Dahiphale <ddahipha@cisco.com>
Date: Tue Apr 23 15:00:15 2019 -0400
main: Use epoll(for linux systems) instead of select to get rid of limit on fd-set-size and for time efficiency
Tom Peters (thopeter) [Mon, 22 Apr 2019 20:19:24 +0000 (16:19 -0400)]
Merge pull request #1583 in SNORT/snort3 from ~MIREDDEN/snort3:int_range_check to master
Squashed commit of the following:
commit
389a46587625947d2f6a771e06739513c342b655
Author: Mike Redden <miredden@cisco.com>
Date: Thu Apr 18 07:35:11 2019 -0400
snort2lua: Integer parameter range check
Russ Combs (rucombs) [Fri, 19 Apr 2019 18:36:03 +0000 (14:36 -0400)]
Merge pull request #1585 in SNORT/snort3 from ~RUCOMBS/snort3:mainz to master
Squashed commit of the following:
commit
908ec9dc090b12b4d788385fe82c3d866d5c4f50
Author: russ <rucombs@cisco.com>
Date: Fri Apr 19 11:51:28 2019 -0400
test: remove cruft
Tom Peters (thopeter) [Fri, 19 Apr 2019 18:24:18 +0000 (14:24 -0400)]
Merge pull request #1582 in SNORT/snort3 from ~MDAGON/snort3:rm_inspector_ptr to master
Squashed commit of the following:
commit
08accc17ea648f31d2f1972af76508ea5465aaf2
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Apr 4 09:25:01 2019 -0400
appid: remove inspector reference from detectors
Russ Combs (rucombs) [Fri, 19 Apr 2019 16:50:21 +0000 (12:50 -0400)]
Merge pull request #1584 in SNORT/snort3 from ~RUCOMBS/snort3:context to master
Squashed commit of the following:
commit
a62c0c1e09e2dd640ac8c3511c5c4ea416baaa78
Author: russ <rucombs@cisco.com>
Date: Thu Apr 18 15:02:09 2019 -0400
context: only clear ids_in_use in dtor
Russ Combs (rucombs) [Thu, 18 Apr 2019 14:30:01 +0000 (10:30 -0400)]
Merge pull request #1581 in SNORT/snort3 from ~RUCOMBS/snort3:tweakz to master
Squashed commit of the following:
commit
743a8e8c10cac70fd9cde12da4fb4bb09f76b6d2
Author: russ <rucombs@cisco.com>
Date: Wed Apr 17 20:50:13 2019 -0400
Lua: update tweaks per latest include changes
Russ Combs (rucombs) [Thu, 18 Apr 2019 00:12:37 +0000 (20:12 -0400)]
Merge pull request #1579 in SNORT/snort3 from ~MIALTIZE/snort3:misc_fixes to master
Squashed commit of the following:
commit
d7a95b1ffbc9d5624eec6487b4190aca2eb870ab
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Apr 17 16:17:41 2019 -0400
build: Remove perpetually stale reference to lua_plugffi.h
commit
57d3b9bbec7694a892616c81221f4733e6592114
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Oct 16 01:35:50 2018 -0400
log_pcap, packet_capture: Don't try to use a DAQ pkthdr as a PCAP pkthdr
This is not forward-compatible and generally bad practice. Build the
PCAP pkthdr manually instead.
commit
bae93a9ced6e132a0c4bbd8eb078ef39d7dc40cf
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Apr 16 18:31:03 2019 -0400
analyzer: Print pause indicator from analyzer threads
commit
a82a42d59d9058be8202f1b567e2174073e9ef6e
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Apr 9 14:56:27 2019 -0400
stream_tcp: Try to work with a cleaner Packet when purging at shutdown
Russ Combs (rucombs) [Wed, 17 Apr 2019 19:30:27 +0000 (15:30 -0400)]
Merge pull request #1580 in SNORT/snort3 from ~RUCOMBS/snort3:build_253 to master
Squashed commit of the following:
commit
9aaeea54ba6a8d1d0f43ba62fd8d5b5b38301ee3
Author: russ <rucombs@cisco.com>
Date: Wed Apr 17 15:01:30 2019 -0400
build: generate and tag build 253
commit
ea566c80783dd1f43b4dbee6a08c142a26d5aa3b
Author: russ <rucombs@cisco.com>
Date: Wed Apr 17 15:02:14 2019 -0400
cppcheck: remove unused code and related cruft
Tom Peters (thopeter) [Wed, 17 Apr 2019 18:54:21 +0000 (14:54 -0400)]
Merge pull request #1575 in SNORT/snort3 from ~BRASTULT/snort3:mime_decomp_multi to master
Squashed commit of the following:
commit
ed039047233cce49a43669e8e17d10920b4bec05
Author: Brandon Stultz <brastult@cisco.com>
Date: Thu Apr 11 11:39:54 2019 -0400
mime: fix decompression for multiple files
russ [Wed, 17 Apr 2019 01:29:44 +0000 (21:29 -0400)]
Squashed commit of the following:
commit
a7e771a2fafea7cb9d184b9ab08d0d436de91819
Author: russ <rucombs@cisco.com>
Date: Tue Apr 16 09:27:28 2019 -0400
build: fix lua_plugffi.h make error
commit
561738d9ffc7b6491b618187affe51b379389681
Author: russ <rucombs@cisco.com>
Date: Mon Apr 15 10:02:53 2019 -0400
Lua: remove dependency on SNORT_LUA_PATH
commit
6e0cb4c41a389ef6f084ef82c0155acc888f1786
Author: russ <rucombs@cisco.com>
Date: Wed Apr 10 15:54:43 2019 -0400
parser: update include file handling
Unify Lua and rule include handling of relative paths to search in this order:
relative to working directory, relative to the including file, and if that
fails relative to the -c conf. The precedence allows overrides and supports
processing non-local configurations.
Mike Stepanek (mstepane) [Tue, 16 Apr 2019 20:11:06 +0000 (16:11 -0400)]
Merge pull request #1578 in SNORT/snort3 from ~MASHASAN/snort3:excess_max_sessions to master
Squashed commit of the following:
commit
0f8c59bf66e5fb22a20a884d86a069deaf79f715
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Apr 15 22:08:16 2019 -0400
flow_cache: Pruning one stream when excess pruning skips even if max_sessions is reached
Russ Combs (rucombs) [Sat, 13 Apr 2019 15:58:34 +0000 (11:58 -0400)]
Merge pull request #1577 in SNORT/snort3 from ~RUCOMBS/snort3:optionz to master
Squashed commit of the following:
commit
bdef92d85c5ca745f34b013e3b970db41db95122
Author: russ <rucombs@cisco.com>
Date: Sat Apr 13 01:11:35 2019 -0400
doc: remove mention of obsolete LUA_PATH and required snort_config library
commit
fd6e7aab7c852c82fc5247d864e54e6c852c174b
Author: russ <rucombs@cisco.com>
Date: Sat Apr 13 00:20:47 2019 -0400
Lua: build-time stringify Lua files for use as C++ variables
commit
0a54f6e497855af5cf3e8abcf26e13471618ecbf
Author: russ <rucombs@cisco.com>
Date: Fri Apr 12 21:19:01 2019 -0400
Lua: internalize snort_config.lua dependency
This change eliminates the need to require('snort_config') in snort.lua.
Instead, the file is built into Snort and directly injected into the
Lua states before loading chunks. Similarly, internal defaults are
handled the same for the top-level (eg -c) config file. Handling
defaults in this way ensures that automatically activated builtin
modules don't rely on separate C++ initializations and doesn't require
additional code.
commit
33b4714afee826843edac5e78accf04a4ec9a520
Author: russ <rucombs@cisco.com>
Date: Thu Apr 11 13:02:39 2019 -0400
Lua: apply the necessary builtin defaults from one place
commit
a61926cd22264fc13f1afd598158c770c3df1f54
Author: russ <rucombs@cisco.com>
Date: Thu Apr 11 13:01:52 2019 -0400
parser: fix defaults for alerts.order and network.checksum_eval
Russ Combs (rucombs) [Fri, 12 Apr 2019 02:04:06 +0000 (22:04 -0400)]
Merge pull request #1576 in SNORT/snort3 from ~BRASTULT/snort3:readdir_fix to master
Squashed commit of the following:
commit
4a75e6c93019765a716eb97e8e9d270f4f4b66dc
Author: Brandon Stultz <brastult@cisco.com>
Date: Thu Apr 11 21:11:07 2019 -0400
helpers: directory: use readdir instead of readdir_r
Michael Altizer (mialtize) [Thu, 11 Apr 2019 14:34:42 +0000 (10:34 -0400)]
Merge pull request #1554 in SNORT/snort3 from ~BBANTWAL/snort3:ftp_telnet_fix to master
Squashed commit of the following:
commit
f58bec4438aa335dd6141a62b1409c5d3eda171f
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Mar 18 23:51:50 2019 -0400
ftptelnet: use the normalized telnet buffer to alert telnet on ftp command channel, flush on ftp encrypted data boundaries, check for telnet at the start of the ftp packet
Tom Peters (thopeter) [Wed, 10 Apr 2019 20:51:55 +0000 (16:51 -0400)]
Merge pull request #1574 in SNORT/snort3 from ~NIHDESAI/snort3:build_252 to master
Squashed commit of the following:
commit
514ffa6b2c65173321e8548a1924100a7b62fd80
Author: Nihal Desai <nihdesai@cisco.com>
Date: Wed Apr 10 04:05:50 2019 -0400
build: generate and tag build 252
Michael Altizer (mialtize) [Tue, 9 Apr 2019 23:23:55 +0000 (19:23 -0400)]
Merge pull request #1573 in SNORT/snort3 from ~MIALTIZE/snort3:cppcheck_cleanup to master
Squashed commit of the following:
commit
fdbec61b49b670ce9b989b6b48aba844f6c557b2
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 12:52:13 2019 -0400
stream_ip: Fix some sign comparison and val-never-used issues in defrag
commit
e9b23a5a11f182bd39b965387f0c89dbc9d2f525
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 12:45:39 2019 -0400
sfip: Switch test debug flag to a cpp macro
commit
c007faf4cc92dd726643c0db25d80595e7ea52b7
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 12:43:14 2019 -0400
stream_tcp: Fix shadowed variable when profiling deeply
commit
157b86050f92c9b8e2c5b8a15d648b98f269f234
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 12:40:57 2019 -0400
sip: Give SipSplitterUT a proper copy constructor
commit
136f8e27e2e7c64a9ce69f863485accb5e155201
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 01:01:34 2019 -0400
http_inspect: Give HttpTestInput a destructor to clean up its file handle
commit
05042d60a741ef58aa29164ccd164740d7fb92e3
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 00:53:41 2019 -0400
dce_rpc: Fix const cast warnings in dce_smb2
commit
96b0d5fa47ec75ecd1633fc791620efa0053f445
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 00:46:48 2019 -0400
sfrt: Reduce variable scope in _dir_remove_less_specific()
commit
97349bea2c2feaa8720c1f4ae7c188c42c50ebec
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 00:05:53 2019 -0400
sfip: Reduce variable scopes in sf_ipvar
commit
e845b11895234406ca49f05691f16aa59cb1f2e3
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 00:03:12 2019 -0400
http_inspect: Fix val-never-used warning in check_oversize_dir()
commit
0da57f68b476ffc7e21dde50c23b3fb2ef735b23
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Apr 5 00:02:36 2019 -0400
ftp_telnet: Fix potential NULL pointer arithmetic in check_ftp()
commit
2e031f385815f68eb4593fcd70c0195d1cce9c60
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:50:24 2019 -0400
ftp_telnet: Fix val-never-used warning in DoNextFormat()
commit
2109923caab495d186439e2ef90a92d87f247da2
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:43:39 2019 -0400
port_scan: Reduce variable scope in configuration
commit
23479a1b23a7437517ba6869c5e2c95ca48c49ef
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:42:22 2019 -0400
packet_tracer: Pass filename string parameter by reference
commit
b568c8ac6dcca0265eac8e7e030929700080a82e
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:40:10 2019 -0400
normalize: Remove redundant check during configuration
commit
ffb8b99771b023d476f77fb62baf63e967ad3206
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:36:52 2019 -0400
perf_monitor: Pass ModuleConfig string parameter by reference
commit
85c0f251a0a48dfcfffaf1916842f3ed8758b82e
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:33:45 2019 -0400
appid: Reduce variable scope in service_rpc
commit
3703dd34e882a2f5f2e4f08b960574db97d75e98
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:31:38 2019 -0400
appid: Reduce variable scope in service_mdns
commit
7e812350757fed73046dfb503ec1b1853572ce45
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:27:12 2019 -0400
appid: Fix NetworkSet compilation on big-endian systems
commit
0822e9772599bfb271874d7ff4c3f4a019cad8ce
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:17:48 2019 -0400
log: Fix potential NULL pointer arithmetic warning in log_text
commit
8b91170713267d0bbcf69267400a6b99830adaa4
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 4 23:09:53 2019 -0400
codecs/ipv4: Use struct in_addr when calling inet_ntop()
... and 4 more commits
Michael Altizer (mialtize) [Tue, 9 Apr 2019 21:42:34 +0000 (17:42 -0400)]
Merge pull request #1531 in SNORT/snort3 from ~STECHEW/snort3:daq_retry3 to master
Squashed commit of the following:
commit
f33b4040c35afc9809a0b7902764d61d9b56a3c2
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 27 02:02:59 2019 +0530
stream: set retransmit flag.
commit
7de134a1caac546342abd0ed928a5b18ca9a6df4
Author: Steve Chew <stechew@cisco.com>
Date: Thu Mar 21 03:22:23 2019 +0530
u2spewfoo: update due to re-ording of retry action.
commit
32361ffa3a697e41cbfae701d4ae11afc0a49ca0
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 20 21:28:35 2019 +0530
packet_io: Due to re-ordering, need to add entry for retry in act_str.
commit
8618472dadc2f160d801b12f80b3646e69354404
Author: Steve Chew <stechew@cisco.com>
Date: Tue Mar 19 06:37:12 2019 +0530
file_api: use timersub_ms, updates to packettracer logs.
commit
01b6e4f2ace3a78568612e76784484a209320d89
Author: Steve Chew <stechew@cisco.com>
Date: Thu Mar 14 01:06:37 2019 +0530
packet_io: re-order ACT_RETRY to be before ACT_DROP.
commit
092a415aa0ee3a4531341f3636586c7c9dd6435d
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 13 18:16:13 2019 +0530
file_api: use more generic form of timercmp and fix timersub call.
commit
6a63b7f0b19dbe65106ae216fcd9bfdfbde4db93
Author: Steve Chew <stechew@cisco.com>
Date: Sat Mar 9 02:43:47 2019 +0530
file_api: If configured, reset session when lookup times out.
commit
4d00d8ee8a082d8f72df12ca2d0d20c36c7d9cd1
Author: Steve Chew <stechew@cisco.com>
Date: Fri Mar 8 23:46:19 2019 +0530
file_api: Make expiration timers more granular.
commit
67b047bcc5318c927472cd37384a06363f115c28
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 6 22:39:51 2019 +0530
file_api: Add timer to limit how long we want for pending file lookup.
commit
8580f1e4b427c58525de7dd2803e4bdaebe6c5a1
Author: Steve Chew <stechew@cisco.com>
Date: Fri Mar 1 06:56:57 2019 +0530
packet_io: Changes to allow daq retries to work properly.
Mike Stepanek (mstepane) [Tue, 9 Apr 2019 17:33:56 +0000 (13:33 -0400)]
Merge pull request #1569 in SNORT/snort3 from ~MASHASAN/snort3:tp_config_path to master
Squashed commit of the following:
commit
da74dfd4ea9c7b2bfe51156c83cb0e4cf77ac987
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Apr 2 09:18:00 2019 -0400
snort2lua: Adding support for appid tp_config_path conversion
Russ Combs (rucombs) [Tue, 9 Apr 2019 13:33:49 +0000 (09:33 -0400)]
Merge pull request #1571 in SNORT/snort3 from ~RUCOMBS/snort3:wcochran53 to master
Squashed commit of the following:
commit
4c3045b03aaafc429c017dbffd3887c7031773b4
Author: russ <rucombs@cisco.com>
Date: Sun Apr 7 22:09:02 2019 -0400
offload: simplify zero byte bypass
commit
4b038913ceb7598ec61f6bef1b0b5b156ab013f6
Author: William Cochrane <w.cochrane@titan-ic.com>
Date: Tue Mar 26 12:14:29 2019 +0000
offload: Framework changes to support polling for completed
batch searches
When a batch search is issued, currently we poll to
determine if that batch has completed its search.
This change facilitates polling to return any batch
that has completed its search.
commit
65a967dd7731286ba101a144d428554e9ad75cc0
Author: William Cochrane <w.cochrane@titan-ic.com>
Date: Fri Mar 22 16:25:36 2019 +0000
mpse: Adding performance profiling stats to Mpse batch search
The Mpse batch search function does not have any
performance profiling so this function is now wrapped
to facilitate the addition of performance stats
commit
9140669833d97bd5f8e9ada4e2868576e82e5622
Author: William Cochrane <w.cochrane@titan-ic.com>
Date: Thu Mar 21 18:00:34 2019 +0000
detection: Don't send zero size searches to the regex offloader
If a batch search request had nothing in it to be
searched for there is no purpose in sending it to
the offloader
commit
6f1b0ad1baa1a784d70403ef9786ca396d9ba850
Author: William Cochrane <w.cochrane@titan-ic.com>
Date: Thu Mar 21 17:23:27 2019 +0000
detection: Ensure offload search engine started with appropriate regex offloader
If the offload_search_method is not specified then by
default it will be the same as the normal search_method.
If this search method is an async mpse it needs started
using the MpseRegexOffload offloader otherwise it needs
started using the ThreadRegexOffload offloader
Russ Combs (rucombs) [Mon, 8 Apr 2019 22:15:17 +0000 (18:15 -0400)]
Merge pull request #1570 in SNORT/snort3 from ~RUCOMBS/snort3:rule_state to master
Squashed commit of the following:
commit
8af3fc4d5d0e7d1a6ac213cf92635b4dba74b500
Author: russ <rucombs@cisco.com>
Date: Sat Apr 6 11:32:27 2019 -0400
rules: remove cruft from tree nodes
commit
f1190a2475f7b560c3016b4a0d8801c276846e6f
Author: russ <rucombs@cisco.com>
Date: Fri Apr 5 11:30:40 2019 -0400
rule_state: rule_state: do not require rules in all policies
Tom Peters (thopeter) [Thu, 4 Apr 2019 19:46:52 +0000 (15:46 -0400)]
Merge pull request #1568 in SNORT/snort3 from ~SBAIGAL/snort3:mime_filename to master
Squashed commit of the following:
commit
c8ba2e41d3bbf7c8a7664ca65539026e1cc1510b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Mar 29 14:46:32 2019 -0400
file_api: add extract filename to FileFlow from mime header
Tom Peters (thopeter) [Thu, 4 Apr 2019 17:55:46 +0000 (13:55 -0400)]
Merge pull request #1560 in SNORT/snort3 from ~MIREDDEN/snort3:raw_data_conversion to master
Squashed commit of the following:
commit
e79c9266e5324907de4d5cd730cc4934331b706e
Author: Mike Redden <miredden@cisco.com>
Date: Tue Mar 26 15:58:55 2019 -0400
snort2lua: Convert rawbytes to raw_data sticky buffer
Mike Stepanek (mstepane) [Thu, 4 Apr 2019 15:28:52 +0000 (11:28 -0400)]
Merge pull request #1567 in SNORT/snort3 from ~SMINUT/snort3:stash_publish to master
Squashed commit of the following:
commit
85edf32e438e758638f26c854eb0b81edfdbc0d6
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Mar 29 16:06:09 2019 -0400
flow: stash publish event.
flow: unit test for stash publish.
flow: address reviewers comments and add one more test to check that a handler is not getting stash events that it's not listening to.
flow: add the override keyword to some member function to keep cppcheck happy.
Russ Combs (rucombs) [Tue, 2 Apr 2019 02:08:25 +0000 (22:08 -0400)]
Merge pull request #1520 in SNORT/snort3 from ~RUCOMBS/snort3:so_rulez to master
Squashed commit of the following:
commit
f07cb92074a0874b6f64008dcafd3ba716de877a
Author: russ <rucombs@cisco.com>
Date: Sat Mar 30 14:03:48 2019 -0400
so rules: fixup shutdown sequencing
commit
01db8beda055da0ac1f936d4252670cd185a6ec3
Author: russ <rucombs@cisco.com>
Date: Sun Feb 17 13:06:34 2019 -0500
so rules: use stub strictly as a key
commit
498dec668e51bdeaf9ddcb91767099f2e79b3ff8
Author: russ <rucombs@cisco.com>
Date: Sat Feb 16 11:53:51 2019 -0500
so rules: make plain stubs same as protected
Russ Combs (rucombs) [Mon, 1 Apr 2019 03:53:48 +0000 (23:53 -0400)]
Merge pull request #1561 in SNORT/snort3 from ~RUCOMBS/snort3:build_251 to master
Squashed commit of the following:
commit
fee3b901d26c6e60bf00d7e205b2d819c40bea78
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Mar 31 02:00:29 2019 -0400
doc: update default manuals
commit
ccde7e61569f60e8b0216e9a0252ad9f1ff2dffd
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Mar 29 17:18:25 2019 -0400
build: generate and tag build 251
commit
aab8ef499785065115554f39b284ab1808cb3d1e
Author: russ <rucombs@cisco.com>
Date: Sun Mar 31 00:34:55 2019 -0400
doc: fixup markup escapes
Russ Combs (rucombs) [Mon, 1 Apr 2019 00:36:56 +0000 (20:36 -0400)]
Merge pull request #1501 in SNORT/snort3 from ~VIROEMER/snort3:ssl_count_disabled to master
Squashed commit of the following:
commit
feadce72ee24492a12455f0bd2c765554e339d65
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Wed Jan 30 14:53:31 2019 -0500
ssl: Count calls to disable_content for ssl sessions
Russ Combs (rucombs) [Sun, 31 Mar 2019 23:57:09 +0000 (19:57 -0400)]
Merge pull request #1562 in SNORT/snort3 from ~NIHDESAI/snort3:flow_fix to master
Squashed commit of the following:
commit
64a3be8975133ead29b22aa49ca3598c9e6077ed
Author: Nihal Desai <nihdesai@cisco.com>
Date: Fri Mar 29 12:08:23 2019 -0400
file: Infinite loop in FileFlows::get_file_policy
Michael Altizer (mialtize) [Sun, 31 Mar 2019 05:23:43 +0000 (01:23 -0400)]
Merge pull request #1563 in SNORT/snort3 from ~MIALTIZE/snort3:safec to master
Squashed commit of the following:
commit
e71b6d78753ce9d363c87fd451bea6bb23e6a07d
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Mar 30 15:50:25 2019 -0400
safec: Update to work with modern versions of LibSafeC
Tested with LibSafeC v30122018 3.4.
LibSafeC is currently incompatible with Clang.
- See: https://github.com/rurban/safeclib/issues/58
Michael Altizer (mialtize) [Sun, 31 Mar 2019 02:24:27 +0000 (22:24 -0400)]
Merge pull request #1564 in SNORT/snort3 from ~MIALTIZE/snort3:catch_update to master
Squashed commit of the following:
commit
9ac51566888dbb7463947b9b802974d02f75724f
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 11 02:11:20 2019 -0400
catch: Update to Catch v2.7.0
Michael Altizer (mialtize) [Sat, 30 Mar 2019 22:25:36 +0000 (18:25 -0400)]
Merge pull request #1565 in SNORT/snort3 from ~MIALTIZE/snort3:policy_true_false to master
Squashed commit of the following:
commit
4bd25a96d51859bfb7cda72561fce93869f82dcd
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Mar 30 16:39:30 2019 -0400
policy: Rename TRUE/FALSE to ENABLE/DISABLED
Works around awkward C-style usage situations where TRUE/FALSE are
defined and used.
Michael Altizer (mialtize) [Fri, 29 Mar 2019 15:32:49 +0000 (11:32 -0400)]
Merge pull request #1545 in SNORT/snort3 from ~CWAXMAN/snort3:rule_state to master
Squashed commit of the following:
commit
323e859c920a3edbb522200a408a47aaabb74e34
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Mar 12 15:21:40 2019 -0400
detection, snort2lua: added global rule state options for legacy conversions
commit
b5cb6f3f9a17fb2df26c86475e305946edaaef5c
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Mar 8 15:36:25 2019 -0500
detection: fixed incorrect log messages
commit
eb438448160d41867d5e68a890cea627a04c88fb
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Feb 26 08:28:52 2019 -0500
rule_state: added default rule state to ips policy
commit
6eec505eb1af7357584eb7a18a49fde409b5e1a3
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Feb 25 15:41:08 2019 -0500
rule_state: add rtn but disable if block is set on non-inline deployment
commit
52b20be073639ba0f1b75a0943c6b595f81b7318
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Feb 18 12:27:48 2019 -0500
rule_state: added per-ips-policy rule states
Tom Peters (thopeter) [Wed, 27 Mar 2019 17:21:20 +0000 (13:21 -0400)]
Merge pull request #1550 in SNORT/snort3 from ~BRASTULT/snort3:mime_decomp to master
Squashed commit of the following:
commit
8c90afe003ccdf8367cfdc75bb10b9bac6d0d396
Author: Brandon Stultz <brastult@cisco.com>
Date: Mon Mar 4 19:59:41 2019 -0500
mime: add file decompression
Tom Peters (thopeter) [Tue, 26 Mar 2019 14:56:12 +0000 (10:56 -0400)]
Merge pull request #1532 in SNORT/snort3 from ~NIHDESAI/snort3:snort2lua_zones to master
Squashed commit of the following:
commit
ab76f0b0b651553f40675e5d33511a968ec35a16
Author: Nihal Desai <nihdesai@cisco.com>
Date: Fri Mar 1 07:22:06 2019 -0500
snort2lua: combining multiple zone in one binder rule
projects / thirdparty / snort3.git / log
