]>
git.ipfire.org Git - thirdparty/snort3.git/log
Russ Combs (rucombs) [Thu, 14 Dec 2017 19:43:51 +0000 (14:43 -0500)]
Merge pull request #1086 in SNORT/snort3 from rusage to master
Squashed commit of the following:
commit
833250653e7df0242f9ae239445c76576a4220ad
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Dec 14 11:49:48 2017 -0500
cpu_tracker: fall back to RUSAGE_SELF if RUSAGE_THREAD is not defined
thanks to Fabrice Fontaine fontaine.fabrice@gmail.com
Hui Cao (huica) [Wed, 13 Dec 2017 18:40:37 +0000 (13:40 -0500)]
Merge pull request #1084 in SNORT/snort3 from file_pending to master
Squashed commit of the following:
commit
d469965dd4064a5a3d96154e9e60ddd7819c0c97
Author: huica <huica@cisco.com>
Date: Thu Dec 7 12:56:00 2017 -0500
File api: support file verdict delay during signature lookup
Russ Combs (rucombs) [Fri, 8 Dec 2017 22:32:54 +0000 (17:32 -0500)]
Merge pull request #1083 in SNORT/snort3 from appid_foo to master
Squashed commit of the following:
commit
cfeb653e4d5bc599cd5ccf11f5935f1f21dee1a5
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Dec 8 13:11:31 2017 -0500
reputation: tweak warning message
commit
8f8d56020559c0c388f932bf8886ea31f1bcad44
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Dec 8 10:15:51 2017 -0500
appid: tweak warnings and errors
commit
fccbb5a85c09a1bd817834b59c2c77a53f8fadab
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Dec 8 09:54:51 2017 -0500
appid: close all Lua states when thread exits
Hui Cao (huica) [Thu, 7 Dec 2017 17:47:25 +0000 (12:47 -0500)]
Merge pull request #1081 in SNORT/snort3 from fw_file to master
Squashed commit of the following:
commit
4c6479b2146dbb65db38bf6ff90365ea54cfc0c8
Author: huica <huica@cisco.com>
Date: Wed Dec 6 11:40:38 2017 -0500
File API: move file verdict enforcement out of file policy
commit
f872a9dddf17ea051baa445af34f49e0d095cb1b
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Tue Dec 5 14:37:15 2017 -0500
file_api: Set the FileContext verdict, not a local verdict
Michael Altizer (mialtize) [Thu, 7 Dec 2017 15:12:29 +0000 (10:12 -0500)]
Merge pull request #1082 in SNORT/snort3 from resume_crash to master
Squashed commit of the following:
commit
57d317a56fe910cffdf95db9c60fcc57f9a1e109
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Dec 6 11:42:37 2017 -0500
shell: fixed crash when issuing control commands
Russ Combs (rucombs) [Tue, 5 Dec 2017 19:20:28 +0000 (14:20 -0500)]
Merge pull request #1080 in SNORT/snort3 from perf_updates to master
Squashed commit of the following:
commit
65669627dff6ccb90b538b1c5e07d2925581913c
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon Dec 4 10:33:17 2017 -0500
appid: gracefully handle failed Lua state instantiation
Thanks to Noah Dietrich <noah_dietrich@86penny.org> for reporting the issue.
commit
a3d48e52104443ce59f3fde68cbc3f8a78e0d81d
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun Dec 3 07:56:48 2017 -0500
stream_tcp: instantiate wizard only when needed
commit
4f6233016b11867d891442aa64f225b141e73e89
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun Dec 3 07:44:18 2017 -0500
wizard: activate profiler support
commit
c519ec8dcec66895cde5cb94f2e7b8a1a3ed2c2e
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 09:30:19 2017 -0500
stream_tcp: remove empty default state action
commit
7f01a87a79af851e094d31bea354bec07947ca74
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 07:35:28 2017 -0500
stream_tcp: delete superfluous memsets to zero
commit
61cb33c86c0f17fc7557ab2f5fac875305feee57
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 07:21:43 2017 -0500
binder: fix ingress / egress test
commit
a0977edf046daf0f81c089d7b947026e1be1f0af
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 07:19:48 2017 -0500
binder: minor perf and readability tweaks
commit
900a384a1f717c3462c4fb501f3ff936d2457a2f
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 06:19:11 2017 -0500
doc: fix type in style section
commit
d2cf8344480c920640d8ed7d9f1e5130130dffc8
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 06:17:37 2017 -0500
stream_*: separate session profiler data from flow cache profiler data
commit
442ff33c4404a72316581191afdbc1f1dae4eb70
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 06:16:23 2017 -0500
http_inspect: add profiler support
commit
9f7a09de65d87f1cc729a4ab8b953b42478c2453
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 06:14:20 2017 -0500
binder: activate profiler support
commit
59cb28ad5c312799c870617cf59e553667ca4569
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Dec 2 06:13:25 2017 -0500
profiler: fix focus of eventq
Hui Cao (huica) [Fri, 1 Dec 2017 19:33:51 +0000 (14:33 -0500)]
Merge pull request #1078 in SNORT/snort3 from file_magic1 to master
Squashed commit of the following:
commit
547c1f71af8b4e377dcc494d4788822d9f919715
Author: Steve Chew <stechew@cisco.com>
Date: Thu Nov 30 12:01:21 2017 -0500
Handle groups. Fix warning.
commit
ab4332ab35b2d6526c99a2716f856c53f428f9d0
Author: Steve Chew <stechew@cisco.com>
Date: Wed Nov 29 21:51:39 2017 -0500
Snort2Lua: Convert file_magic.conf to Lua format.
Tom Peters (thopeter) [Fri, 1 Dec 2017 18:17:24 +0000 (13:17 -0500)]
Merge pull request #1079 in SNORT/snort3 from wlan_arp_spoof to master
Squashed commit of the following:
commit
5af6f5d36aba1867e9176c837dd0248a3b64dfd8
Author: Steven Baigal <sbaigal@cisco.com>
Date: Tue Nov 21 16:30:42 2017 -0500
codec: added wlan support for arp_spoof
Hui Cao (huica) [Thu, 30 Nov 2017 21:13:49 +0000 (16:13 -0500)]
Merge pull request #1077 in SNORT/snort3 from file_log to master
Squashed commit of the following:
commit
d63f4e2f48c8dbd92496ccb99e8c0a9a39f9cc56
Author: huica <huica@cisco.com>
Date: Wed Nov 29 15:31:37 2017 -0500
File policy: add support for file event logging
Russ Combs (rucombs) [Mon, 27 Nov 2017 20:57:11 +0000 (15:57 -0500)]
Merge pull request #1075 in SNORT/snort3 from misc_update to master
Squashed commit of the following:
commit
f5ec7aa483757573d3f99486a3dbfce9ce39de4a
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon Nov 27 13:40:36 2017 -0500
stream_ip: fix non-frag counting
commit
b8712168a7f0bb744ecd46fcbf4b934b3798e770
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon Nov 27 08:50:41 2017 -0500
ips options: error if lookup fails due to bad case, typos, etc.
thanks to Noah Dietrich <noah_dietrich@86penny.org> for reporting the issue
commit
30ea59db4a0b0e50985e5740f8ff4f0be9dd06ae
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon Nov 27 08:14:59 2017 -0500
alert_json: tcp_ack, tcp_seq, and tcp_win are (base 10) integers
commit
ad40486ab8ddfa1584df015792624caeb14dbd63
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun Nov 26 08:04:47 2017 -0500
stream: change tcp idle timeout to 3600 to match 2.X nominal timeout
commit
0436867d413467160d37597f196f8f661d62c885
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 24 16:18:53 2017 -0500
port_scan: fix flow checks
port_scan: add alert_all to make alerting on all events in window optional
Hui Cao (huica) [Tue, 21 Nov 2017 20:45:25 +0000 (15:45 -0500)]
Merge pull request #1073 in SNORT/snort3 from fw_file to master
Squashed commit of the following:
commit
92fa39b99e9e0726b465fd9656f8f04881a6f7e2
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Mon Nov 20 14:50:17 2017 -0500
target_based: Install header
Russ Combs (rucombs) [Tue, 21 Nov 2017 15:30:17 +0000 (10:30 -0500)]
Merge pull request #1074 in SNORT/snort3 from json_update to master
Squashed commit of the following:
commit
b77eea3ec6a9545d4ca359b1586467cfd4ebcd9f
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Tue Nov 21 08:33:22 2017 -0500
snort2lua: tweak const name for clarity (internal)
commit
714bb45f048ba47c0ad766edec21ab6813bc78fd
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Tue Nov 21 07:45:22 2017 -0500
rules: default msg = "no msg in rule"
commit
9eba78b7f2d3bb4e89fba2b2f0fb95beb754857f
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Tue Nov 21 07:44:00 2017 -0500
alert_csv: various fixes to match alert_json
eth_len: changed to decimal format
msg: remove extra quotes
seconds: new decimal field for unix-style timestamp
commit
2244c7d12ceb18e93aaa7ed449e134a42e1eb3fc
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Tue Nov 21 07:40:30 2017 -0500
alert_json: various fixes; thanks to Noah Dietrich <noah_dietrich@86penny.org> for reporting the issues
eth_len: changed to decimal format
eth_type: changed to string format (hex value)
msg: remove extra quotes
seconds: new decimal field for unix-style timestamp
Tom Peters (thopeter) [Tue, 21 Nov 2017 13:59:24 +0000 (08:59 -0500)]
Merge pull request #1072 in SNORT/snort3 from bad_proto to master
Squashed commit of the following:
commit
20af9d0ab77ccb53d6dfad97e9c31a559c0eea4b
Author: Steven Baigal <sbaigal@cisco.com>
Date: Fri Nov 10 11:22:46 2017 -0500
US265613, updated MIPv6 codec and merged cd_pim.cc, cd_swpie.cc and cd_sun_ud.cc to cd_bad_proto.cc
Russ Combs (rucombs) [Mon, 20 Nov 2017 17:10:12 +0000 (12:10 -0500)]
Merge pull request #1069 in SNORT/snort3 from nss_0 to master
Squashed commit of the following:
commit
83cd94521652ab6349bcbce59f24e4137ff199eb
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Nov 18 08:30:40 2017 -0500
soid: allow stub to contain any or all options
--rule-to-*: use whole soid arg as suffix to rule and len identifiers; make static
commit
141d6fb80625a69cd7ab232e7d5a8ef2450b6eeb
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 17 15:46:28 2017 -0500
snort2lua: future proof --bind-wizard binding order
commit
0cab5c8f91bc553444c52375e18cf1ca6a8a280d
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 17 13:49:34 2017 -0500
snort: do not dlclose plugins at shutdown during REG_TEST to avoid borked backtraces from LeakSanitizer
commit
ee4de247f8944df42539a4ee6bb2bcc210d86de5
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon Nov 13 09:00:58 2017 -0500
snort2lua: no sticky buffer for relative pcre
commit
e154eea548013235536b4dd160c915762925bdae
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun Nov 12 21:37:45 2017 -0500
memory: no stats output unless configured
commit
17d93dca22c4770d710cf74926da105dee586d23
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun Nov 12 19:36:08 2017 -0500
inspection: default policy mode depends on adaptor mode
commit
86c5792850916faa149d3ae2407331801e420df2
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun Nov 12 08:20:07 2017 -0500
stream_size: fix snort2lua to_client, to_server conversion and eval packet checks
commit
d5cc4f29811b090a673a8fe51c3f165a468c645c
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Nov 11 19:37:31 2017 -0500
snort2lua: urilen:<> --> bufferlen:<=>
commit
03525a245f6ad14da647ba7c8d2266391fb40524
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Nov 11 17:27:20 2017 -0500
dce: use service names from rules (dce_smb = netbios-ssn; dce_tcp / dce_udp = dcerpc)
commit
3f65c4e31799bd288705dfc6c055a15e5c06871b
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sat Nov 11 17:25:46 2017 -0500
http_inspect: use configured max_pdu as base target reassembly size
commit
204f4e7b98e1cc10d0aeb8900efab0bacba43ed1
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 10 22:25:26 2017 -0500
wizard: abort if no match
commit
1e2a90d557d083ac973ae7327223b9b2dfc026eb
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 10 22:24:40 2017 -0500
stream_user: clear splitter properly
commit
66e7626080c53090f433bc8fd1ab291974623ae6
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 10 15:34:25 2017 -0500
normalizer: fix enable checks
commit
4febd24b53d2cb4ce4806072618389ad71b75f63
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 9 08:44:20 2017 -0500
byte_test: fix string bounds check
commit
f4c0bddbfb04a56551a3dd911aa8be3d0d23e849
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 9 08:14:56 2017 -0500
conf: remove OPTIONS from SIP and HTTP spells to avoid confusion with RTSP
conf: remove client to server spells for FTP, IMAP, POP, and SMTP to avoid false pickups
commit
f4cfb26f69b360743e728268c154a085a20e7980
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 9 08:12:12 2017 -0500
detection: fix option tree looping issue
Russ Combs (rucombs) [Fri, 17 Nov 2017 21:31:22 +0000 (16:31 -0500)]
Merge pull request #1071 in SNORT/snort3 from appid_http_disco_state to master
Squashed commit of the following:
commit
9e99c3f473209630b888abebfc4910ca2c6b1583
Author: davis mcpherson <davmcphe.cisco.com>
Date: Fri Nov 17 09:03:29 2017 -0500
appid: patch to update the appid discovery state when an http event results in setting of the service id for a flow
suppress warnings for valid case statement fall throughs
only update session flags and discovery state if service id actually set to http
Russ Combs (rucombs) [Fri, 17 Nov 2017 18:30:18 +0000 (13:30 -0500)]
Merge pull request #1070 in SNORT/snort3 from control to master
Squashed commit of the following:
commit
c1710fa94273e1214dc33c6b9f96f58fa3991a99
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 17 11:27:32 2017 -0500
snort2lua: --bind-wizard will add a trailing binding to the default wizard in each binder
commit
ffb30e0afd477b7ad39e5de0a01e05187ac85d81
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 17 06:28:20 2017 -0500
wizard: usage is inspect
commit
8b205c88d42ccff8ca43c4e04f75c7791816bf9a
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri Nov 17 00:25:31 2017 -0500
binder: add FIXIT re creating default bindings when the wizard is not configured
commit
fc5f8fb0b6bc8d2f8901d9ef33cf93ee3b25755c
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 16 20:47:29 2017 -0500
stream_tcp: ignore flush requests on unitialized sessions (early abort condition)
commit
ddcd4ca4e23b1804b17d0f2b493399fd10639e16
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 16 18:39:12 2017 -0500
snort2lua: remove when udp from binding to support tcp too
commit
2f2f5ce79e11b1f1529ca36dde51a9e20976016c
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 16 16:43:41 2017 -0500
sip: use log splitter for tcp
commit
feb60347c7ea4698a9bf14f1ab4f4df9c1732f7b
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 16 18:44:53 2017 -0500
control: process flow first
commit
0d9ae3a95a4342a377b49dfc5b8f6d12fab5949b
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu Nov 16 06:34:34 2017 -0500
control: must execute from default policy only
Michael Altizer (mialtize) [Tue, 14 Nov 2017 22:34:25 +0000 (17:34 -0500)]
Merge pull request #1068 in SNORT/snort3 from catch_update to master
Squashed commit of the following:
commit
7f61eca448a3122a298b7fc902410694b6119017
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Nov 14 13:36:20 2017 -0500
cppcheck: More miscellaneous fixes, mostly for new Catch
commit
5d6a5227484720e246359065cb10550491fcfd63
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Nov 14 11:57:51 2017 -0500
catch: Update to Catch v2.0.1
Russ Combs (rucombs) [Sat, 11 Nov 2017 00:03:24 +0000 (19:03 -0500)]
Merge pull request #1067 in SNORT/snort3 from nhttp94 to master
Squashed commit of the following:
commit
1d481067ff873cfe564548a19ac8c6be02a5705f
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Nov 7 12:56:17 2017 -0500
http_inspect: fix bugs related to stream interaction
Hui Cao (huica) [Fri, 10 Nov 2017 15:25:36 +0000 (10:25 -0500)]
Merge pull request #1065 in SNORT/snort3 from file_capture to master
Squashed commit of the following:
commit
a60557e4ebd8902d958815437055189045d17045
Author: huica <huica@cisco.com>
Date: Wed Nov 8 16:36:28 2017 -0500
Add interface to access file info from file capture
Michael Altizer (mialtize) [Thu, 9 Nov 2017 19:31:56 +0000 (14:31 -0500)]
Merge pull request #1066 in SNORT/snort3 from arch_build to master
Squashed commit of the following:
commit
caee2b742e14c5d9c81ca5905abde232db0248c3
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Nov 9 13:43:44 2017 -0500
build: fixed missing include
Russ Combs (rucombs) [Thu, 9 Nov 2017 15:14:03 +0000 (10:14 -0500)]
Merge pull request #1064 in SNORT/snort3 from data_bus to master
Squashed commit of the following:
commit
efce000170d14faf340d37e27259766696c6eb43
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed Nov 8 18:00:57 2017 -0500
data_bus: also publish to default policy
commit
17c3950345166a04012760293ffc601d2feab35c
Author: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed Nov 8 17:10:58 2017 -0500
data_bus: refactor basic access for pub / sub
Hui Cao (huica) [Wed, 8 Nov 2017 19:11:03 +0000 (14:11 -0500)]
Merge pull request #1063 in SNORT/snort3 from file_config to master
Squashed commit of the following:
commit
44272839902cf52fd831d84d487d564c4a3b534a
Author: huica <huica@cisco.com>
Date: Wed Nov 8 13:13:39 2017 -0500
add back the ref count for file config
Michael Altizer [Wed, 8 Nov 2017 03:10:50 +0000 (22:10 -0500)]
build: Fix included header breakage from relative parsing merge
Michael Altizer (mialtize) [Tue, 7 Nov 2017 23:43:14 +0000 (18:43 -0500)]
Merge pull request #1061 in SNORT/snort3 from relative_files to master
Squashed commit of the following:
commit
a6c60b9518f79884144a702fdc4b0e5c87f4bb6f
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Nov 1 16:22:31 2017 -0400
parsing: resolve paths from the current config directory instead of process directory
Hui Cao (huica) [Tue, 7 Nov 2017 17:04:14 +0000 (12:04 -0500)]
Merge pull request #1062 in SNORT/snort3 from file_api_fw to master
Squashed commit of the following:
commit
49a45a058c9a86b51050f4068a5aa5e631a1555b
Author: huica <huica@cisco.com>
Date: Fri Nov 3 16:49:47 2017 -0400
File policy and file config update to allow user define customized file
policy through file api
Tom Peters (thopeter) [Mon, 6 Nov 2017 22:18:57 +0000 (17:18 -0500)]
Merge pull request #1059 in SNORT/snort3 from realip to master
Squashed commit of the following:
commit
5bcd29db69fb205855053f36b823131d2a63a372
Author: Steven Baigal <sbaigal@cisco.com>
Date: Thu Oct 26 16:18:03 2017 -0400
added reading real IP/Port from DAQ
Russ Combs (rucombs) [Fri, 3 Nov 2017 17:57:47 +0000 (13:57 -0400)]
Merge pull request #1060 in SNORT/snort3 from sfrt_unused to master
Squashed commit of the following:
commit
af2e008e6e63045f2d94f0fc1413806fe9fa02a0
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Nov 3 09:29:13 2017 -0400
sfrt: remove cruft and reformat header
Hui Cao (huica) [Fri, 3 Nov 2017 15:06:28 +0000 (11:06 -0400)]
Merge pull request #1057 in SNORT/snort3 from rename_hashs to master
Squashed commit of the following:
commit
7554b9b3f0a0894cb525548436916385b7a95f56
Author: Victor Roemer <viroemer@cisco.com>
Date: Fri Nov 3 08:14:06 2017 -0400
fix build
commit
22610f0d5112c6d2d7996712c0f24dff4a8ca87d
Author: Victor Roemer <viroemer@cisco.com>
Date: Thu Nov 2 12:41:23 2017 -0400
detection: rename ServiceInfo to SignatureServiceInfo
commit
1b0538ac5321fb801e6710041b8073a830433106
Author: Victor Roemer <viroemer@cisco.com>
Date: Tue Oct 31 17:10:37 2017 -0400
hash: Rename SFGHASH, SFXHASH, SFHASHFCN to something resonable
Michael Altizer (mialtize) [Thu, 2 Nov 2017 17:29:28 +0000 (13:29 -0400)]
Merge pull request #1049 in SNORT/snort3 from norm_test to master
Squashed commit of the following:
commit
f090e0dd005bde5fcb6303ae6781426fda3cb44f
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Oct 27 13:13:12 2017 -0400
fixed build of several dyanmic modules on OSX / clang
commit
62b7ba4bca0c88afe6521a4cf444718125656e86
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Oct 25 15:45:07 2017 -0400
cd_pbb, alert_json: fixed build issues on OSX with clang
commit
8701c0f859bcba2797d52f2998013ff1ec71896f
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Oct 27 12:18:57 2017 -0400
snort2lua: added inspection uuid
commit
20c0dba9d13fb1b7d81073bd87605fb61d16ebf6
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Oct 17 11:31:52 2017 -0400
snort2lua: added na_policy_mode. added ability amend tables if created.
commit
31356c8c8110c618b3d9d469cf0ee3a9963ace50
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Oct 16 15:29:23 2017 -0400
snort2lua: added normalize_tcp: ftp
commit
f11fb08f1c08d72e921274086ba0d8739ac24b83
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Oct 27 10:17:48 2017 -0400
autoconf: fixed uuid library inclusion on OSX
commit
bcbc9f517ab8f2bbefe9ec3e42447160e467964a
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Oct 25 17:12:39 2017 -0400
policy, cmake: fixed uuid build issues on OSX
commit
be8d14bb54f88120e6422421812cf05f3cadf92a
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Oct 13 17:33:18 2017 -0400
policy, normalizer: added test mode and reorganized policies. added inspection policy config.
Michael Altizer (mialtize) [Thu, 2 Nov 2017 17:28:34 +0000 (13:28 -0400)]
Merge pull request #1058 in SNORT/snort3 from sfdaq_init to master
Squashed commit of the following:
commit
100e98d49b5fbbea27de362097d5e306f0cfe436
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Nov 2 12:51:15 2017 -0400
sfdaq: Explicitly initialize more fields in SFDAQInstance constructor
Hui Cao (huica) [Thu, 2 Nov 2017 13:47:02 +0000 (09:47 -0400)]
Merge pull request #1055 in SNORT/snort3 from logger_rename1 to master
Squashed commit of the following:
commit
573911db9fa1578da00da8418d501d025dfeb302
Author: Steve Chew <stechew@cisco.com>
Date: Mon Oct 30 16:56:05 2017 -0400
AppId: return false from is_third_party_appid_available when no third party module is available.
Russ Combs (rucombs) [Tue, 31 Oct 2017 16:21:15 +0000 (12:21 -0400)]
Merge pull request #1056 in SNORT/snort3 from 240 to master
Squashed commit of the following:
commit
11ebc4e36ac87df3570355077336b949e432e0b5
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 31 08:08:58 2017 -0400
build: bump build to 240
commit
af3cdca7657de35e9c3876d4a93dc70522f9f14a
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 31 09:22:16 2017 -0400
ChangeLog: update for build 240
commit
938cc37229b52d82b4bb738a53083489f8ce9aad
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 31 08:20:45 2017 -0400
doc: update default manuals
commit
fa3c6c2b3f2cc982b5f88cb279859b1009caea89
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Oct 30 21:26:14 2017 -0400
cppcheck: add missing copy ctor and assignment oper as default or delete
Russ Combs (rucombs) [Mon, 30 Oct 2017 20:58:46 +0000 (16:58 -0400)]
Merge pull request #1054 in SNORT/snort3 from crc_cppcheck to master
Squashed commit of the following:
commit
80f5dfd68a2315a3d95a5a5b5ba4db3432798181
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Oct 30 13:35:10 2017 -0400
cppcheck: more scope reduction
commit
d0c67534b4b471c2a6ec74b36a0c98874b4bd0db
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Oct 29 16:49:43 2017 -0400
cppcheck: fix a few warnings
commit
e25a24bc7f7ae97844e5d08096335168bde7ccff
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Oct 29 13:34:20 2017 -0400
warnings: use fallthrough comments
commit
896fd132ca162ded29243968fe12249c7ea45923
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Oct 29 12:24:34 2017 -0400
memory: fix xcode print format warning
commit
aeb9f6caa227f9e05c2737b07d21689d30359529
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Oct 27 22:36:08 2017 -0400
content: fix relative loop condition
commit
6f95a732b68652d32ac9aded68e47b4fd8ead55b
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Oct 27 09:01:39 2017 -0400
cd_icmp6: fix encoded cksum calculation
commit
e9e945ca1f37a6274c24cc7cc9e602aa5d0fea58
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Oct 27 07:28:05 2017 -0400
appid: fix build warning
commit
4b29f5d7702575335a687d2debd023c6bca16990
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Oct 25 21:26:56 2017 -0400
active: fix packet modify vs resize handling
commit
79ca752e85edae2d623143b3458ba4ebdfa98f80
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Oct 25 21:05:31 2017 -0400
cppcheck: reduce variable scopes
commit
58e172c5fa9c15bcd82ab4a8bedc7755d5e0ecab
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Oct 25 21:04:47 2017 -0400
cppcheck: fix non-style issues
commit
1ba4c8614b1dd9701fa817aad1396a8f058ff037
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Oct 25 12:25:27 2017 -0400
manual: fix some typos
Hui Cao (huica) [Fri, 27 Oct 2017 13:01:56 +0000 (09:01 -0400)]
Merge pull request #1053 in SNORT/snort3 from logger_rename1 to master
Squashed commit of the following:
commit
6e84b6c43e6899f03978e982b280e5972b87f15a
Author: Steve Chew <stechew@cisco.com>
Date: Thu Oct 26 18:29:49 2017 -0400
snort2lua: changed name of firewall_logging to sfunified2_logger.
Russ Combs (rucombs) [Thu, 26 Oct 2017 01:52:10 +0000 (21:52 -0400)]
Merge pull request #1052 in SNORT/snort3 from appid_missed_commit_of_appid_stats_fix to master
Squashed commit of the following:
commit
b9e6ac8a1ffaae7eb038faa64ec868b4a40b3309
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Oct 23 21:51:19 2017 -0400
fix appid statistics counts to verify id is valid and also add a count for unknown app id (should not happen)
Russ Combs (rucombs) [Tue, 24 Oct 2017 22:00:06 +0000 (18:00 -0400)]
Merge pull request #1048 in SNORT/snort3 from appid_get_inspector_no_mas to master
Squashed commit of the following:
commit
20c0eab95890d1027e4cc1de348616f21ef6547a
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Oct 23 21:51:19 2017 -0400
fix appid statistics counts to verify id is valid and also add a count for unknown app id (should not happen)
commit
b125a3db7994f7ae59790544e2d235f16b862fbb
Author: davis mcpherson <davmcphe@cisco.com>
Date: Sat Oct 21 16:34:27 2017 -0400
refactor Lua app detectors to eliminate need for multipl inheritance
commit
7018a0ea007728f8aa0792e39d8f7491090d96b1
Author: davis mcpherson <davmcphe.cisco.com>
Date: Wed Oct 18 13:19:24 2017 -0400
refactor appid to eliminate need to call get_inspector method
refactor appid so that detectors, discovery handlers, etc. have a pointer to the AppId inspector or config instance when they need it
refactor unit tests to work with changes to appid inspector handle management
use static_cast instead of dynamic_cast to cast lua detector object to its correct type
Russ Combs (rucombs) [Mon, 23 Oct 2017 21:41:11 +0000 (17:41 -0400)]
Merge pull request #1051 in SNORT/snort3 from open_src to master
Squashed commit of the following:
commit
eb56254894817a715032fc9161c3a0285b4cfaba
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Oct 23 13:15:11 2017 -0400
snort2lua: fix null char in -? output
commit
a84fbd68b2082f6818966abea6aca43ad91823bf
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 19:32:56 2017 -0400
target: add rule option to indicate target of attack
commit
ad7589ba1442c93a86e1e2b133af82799ae52337
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 16:31:28 2017 -0400
snort_defaults.lua: update default servers and ports
commit
f80268f92c24bbed9e21bb03fbcd0519400f9b92
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 16:00:04 2017 -0400
configure: disable stdlog by default
commit
e14ea8392862c32b5a5012fca03e617e6de48ccc
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 13:07:58 2017 -0400
http_inspect: handle borked reassembly gracefully; thanks to João Soares <joaopsys@gmail.com> for reporting the issue
commit
cc1c3402063f12600bffd4be3297c020e8fca334
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 10:52:56 2017 -0400
ips_option: remove legacy detection_defines.h
commit
80b7f8bb66362195acc1c04157e49f86c8945c20
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 10:43:05 2017 -0400
ips_option: eval returns enum
commit
55f92ae1a3aa2da984a00eb5b37bdfaafcde3367
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 08:53:03 2017 -0400
sfxhash: cleanup keyops decl
commit
24f8c897db1be10d8eaec8d1f5b5243ead89bc11
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 21 08:20:22 2017 -0400
pcre: fix relative search with ^
commit
dca57bb73a7e20b280e1518d6636daa371026c0b
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Oct 20 18:13:10 2017 -0400
cd_pflog: fix comments; thanks to Markus Lude <markus.lude@gmx.de> for the 2X patch
commit
a10d3dff7e897e0e16ba2a7934b4e1bfab0ae096
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Oct 19 11:46:10 2017 -0400
alert_json: initial json event logger
commit
06b91c5c14911368269261a95f75c600a5b0a2fb
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Oct 19 10:02:32 2017 -0400
cd_pbb: initial version of codec for 802.1ah; thanks to jan hugo prins
<jhp@jhprins.org> for reporting the issue.
commit
6df4f9f712512c434926befee43b7105bca551d3
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 17 22:10:20 2017 -0400
style: remove leading and trailing underscores from header guards
commit
53c13fa1d9213269130ed25ceeb1ea80e84fcfaf
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 17 22:06:19 2017 -0400
snort2lua: cleanup up message formats
commit
f629a90bec0879188ff81e80d92bc347321298e1
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 17 22:01:43 2017 -0400
snort2lua: logto is not supported
commit
971a38879cb51a0e80737f760b65fea4943e3ce4
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 17 09:49:45 2017 -0400
wscale: add extra rule option to check tcp window scaling
commit
63d26b54802a9fcffb7714944bd5ada610b27de6
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 17 09:48:20 2017 -0400
mss: add extra rule option to check mss
Hui Cao (huica) [Fri, 20 Oct 2017 15:01:15 +0000 (11:01 -0400)]
Merge pull request #1050 in SNORT/snort3 from firewall_cleanup4 to master
Squashed commit of the following:
commit
93989353af61ea25e9b36c9e7a658d5d1b8b2275
Author: Steve Chew <stechew@cisco.com>
Date: Fri Oct 20 00:48:32 2017 -0400
Snort2lua: No longer allow vlan or mpls logging to be turned off.
Hui Cao (huica) [Fri, 20 Oct 2017 14:46:07 +0000 (10:46 -0400)]
Merge pull request #1042 in SNORT/snort3 from policy_version1 to master
Squashed commit of the following:
commit
88e9d5b60af1c6599fb396810255b4e92a932873
Author: Steve Chew <stechew@cisco.com>
Date: Fri Oct 13 20:54:59 2017 -0400
IpsPolicy: added uuid field to IPS policy for firewall usage.
Hui Cao (huica) [Wed, 18 Oct 2017 18:56:41 +0000 (14:56 -0400)]
Merge pull request #1047 in SNORT/snort3 from missing-commit to master
Squashed commit of the following:
commit
5700aa850f41f735105b3c3a8bc6c10796796059
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Tue Oct 17 14:11:47 2017 -0400
snort: prevent linker from optimizing out code used by external users
Russ Combs (rucombs) [Wed, 18 Oct 2017 18:40:12 +0000 (14:40 -0400)]
Merge pull request #1039 in SNORT/snort3 from it_control to master
Squashed commit of the following:
commit
3add48e8026be96032f8d257729c84de0adfe42d
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 17 07:15:54 2017 -0400
inspector_manager: cleanup
commit
ccc7243718c0945517b2abed3904e6c8d0ea332d
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Oct 14 09:47:47 2017 -0400
inspectors: tweak dispatch logic for optimal control
commit
9e8396d8937a5875a3a299e118ab8b2efc393d1a
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 10 11:43:52 2017 -0400
appid: handle sip events before packets
commit
8be99056f8be259392ec72cf57050658c5db4580
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 10 07:38:24 2017 -0400
inspectors: remove cruft
commit
2245f6c55f243fa04c44273a3aa283f16a322381
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Oct 9 21:20:21 2017 -0400
inspectors: packet types do not eval defragged packets
commit
a0635f1279f99ba1cb27626a1df7c516da470487
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Oct 8 10:00:50 2017 -0400
inspectors: add control type and ensure appid is run ahead of other controls
Tom Peters (thopeter) [Wed, 18 Oct 2017 17:50:56 +0000 (13:50 -0400)]
Merge pull request #1046 in SNORT/snort3 from nhttp93 to master
Squashed commit of the following:
commit
8964af3ce07990e4f30562a64ddc4ba0bc9303d7
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Oct 10 12:10:01 2017 -0400
http_inspect: true IP enhancements
Michael Altizer (mialtize) [Tue, 17 Oct 2017 23:21:10 +0000 (19:21 -0400)]
Merge pull request #1044 in SNORT/snort3 from catch-update to master
Squashed commit of the following:
commit
bea7c6f4b881ee359e4b6ec3723da079fd85fe2b
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 21:41:37 2017 -0400
catch: Clean up some more test REQUIREs
commit
391feec2e8da530dda0df8d107595d0e28c8f3c3
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 21:07:16 2017 -0400
lua: Add missing REQUIREs in LuaStack Catch tests
commit
695b07072bc7c5651632d31bb58107613e113f88
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 21:03:10 2017 -0400
framework: Add default initializers to Range
This silences some Clang analyzer uninitialized memory warnings.
commit
1c692642f05d55cc2d6e222b31b646e31103d99e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 21:00:04 2017 -0400
build: Emit compile_commands.json in CMake builds for clang-tidy
commit
fe3c96d92ee52b8b501b6b18e001510e8eedc50d
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 20:14:09 2017 -0400
appid: Reorganize AppIdHttpSession to minimize padding
commit
a7795211e32e43cf3b549df5f2285c8eabe17cbc
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 20:06:17 2017 -0400
main: Fix potential memory leak when queuing Analyzer Commands
commit
3e3ced83ca69936b0c839a1004aa305634cfc552
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 15:17:47 2017 -0400
flow: Use an empty SfIp for the fixed ICMP router address
commit
bd8e9ba61b6c17f451edf9a8cdb843655bc648c2
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 13:48:07 2017 -0400
build: Include clang diagnostics and analyzer in clang-tidy config
commit
e4cffedfaa87295373969582dbc8448b8f7e5b03
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 13:47:47 2017 -0400
build: clang-tidy pass against extras
commit
1731e7832aa86862e3a9dff03b79809f728c866b
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 13:33:10 2017 -0400
build: Fix 'make dist' in extras
commit
8599d95c1f769dfa58079b7776eda26d7d95564c
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 16 13:18:14 2017 -0400
build: Another pass to clean up some more clang-tidy warnings
commit
d2882ff72e02c581da8748e0e1ed6529a0bfd22d
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Oct 14 13:26:24 2017 -0400
u2spewfoo: Fix build on FreeBSD
commit
9f5cc9882c61d782d7a4948d67bb4828f6832ad5
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Oct 14 13:25:21 2017 -0400
catch: Update to Catch v1.10.0
Tom Peters (thopeter) [Tue, 17 Oct 2017 19:02:20 +0000 (15:02 -0400)]
Merge pull request #1041 in SNORT/snort3 from appid_expected_flags to master
Squashed commit of the following:
commit
9a864d715e10135267025197ab618414ac03ce5f
Author: snorty <mdagon@cisco.com>
Date: Tue Oct 3 12:19:27 2017 -0400
Appid: take into account the direction of the parent flow when setting expected flow flags
Tom Peters (thopeter) [Tue, 17 Oct 2017 19:02:03 +0000 (15:02 -0400)]
Merge pull request #1043 in SNORT/snort3 from daq_tunnel to master
Squashed commit of the following:
commit
940e83dcc968adf1ea4cd29c745a4dbff35b1993
Author: Steven Baigal <sbaigal@cisco.com>
Date: Wed Oct 11 15:36:37 2017 -0400
US131276 allow DAQ to set the tunnel bypass flags
Hui Cao (huica) [Tue, 17 Oct 2017 17:52:59 +0000 (13:52 -0400)]
Merge pull request #1045 in SNORT/snort3 from missing-commit to master
Squashed commit of the following:
commit
ecb69d6b1314c8cab5964f878158ebda893c1372
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Tue Oct 17 11:39:54 2017 -0400
logger: u2_packet.c was moved to log
Hui Cao (huica) [Tue, 17 Oct 2017 13:53:59 +0000 (09:53 -0400)]
Merge pull request #1040 in SNORT/snort3 from expose-u2_packet to master
Squashed commit of the following:
commit
2439da6fc82c8876a4fe846b19a673689fc905d2
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Mon Oct 16 13:26:24 2017 +0000
cleanup
commit
6f8aa06a3e92190ba72613f0b61a31371322484a
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Fri Oct 13 09:23:14 2017 -0400
Move u2_packet.cc
commit
c30de3bca9f2f70dcdc43e10b8a0324976b2b16c
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Wed Oct 11 10:17:13 2017 -0400
build: remove u2_packet.h from loggers/Makefile.am
commit
504f0e68d6d929e0991bf1a16d03347d247237fa
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date: Wed Oct 11 08:28:39 2017 -0400
log: Make U2PseudoHeader a public interface
Tom Peters (thopeter) [Thu, 12 Oct 2017 14:54:53 +0000 (10:54 -0400)]
Merge pull request #1028 in SNORT/snort3 from doc_portscan_copy to master
Squashed commit of the following:
commit
49b104835f5288b70832e12277bebd8025660510
Author: Steven Baigal <sbaigal@cisco.com>
Date: Tue Sep 26 15:54:31 2017 -0400
adding port scan to manual
Michael Altizer (mialtize) [Tue, 10 Oct 2017 23:06:08 +0000 (19:06 -0400)]
Merge pull request #1038 in SNORT/snort3 from unsupported_rule_opts to master
Squashed commit of the following:
commit
65bf747af341c6deb9ed4ddb3f6b9389bbb4e23f
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 9 19:43:24 2017 -0400
snort2lua: Some header cleanups
commit
d783df2741b7e75287432c52a3fc18be7822de59
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 9 19:42:24 2017 -0400
snort2lua: Correctly identify ftpbounce and sameip as unsupported rule options
Hui Cao (huica) [Tue, 10 Oct 2017 20:09:10 +0000 (16:09 -0400)]
Merge pull request #1032 in SNORT/snort3 from firewall_policy1 to master
Squashed commit of the following:
commit
12ad32c9eb5c099ca86c6a149c1b4ae0e6872dfb
Author: Steve Chew <stechew@cisco.com>
Date: Wed Oct 4 02:08:55 2017 -0400
Added public APIs to set and check IPS policies based on user_id.
Michael Altizer (mialtize) [Mon, 9 Oct 2017 23:41:13 +0000 (19:41 -0400)]
Merge pull request #1035 in SNORT/snort3 from binder_network to master
Squashed commit of the following:
commit
041547dffaf5917fe101a9a810e88ded96169ea6
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Oct 9 10:39:04 2017 -0400
ftp_server: changed ftp_server usage to INSPECT
commit
856b3a7fcce40f00db1d46e0a275f5d67dc4ba1d
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Oct 6 14:52:57 2017 -0400
binder: fixed nets check falling through on failure
commit
cbaa8d55b0bb4951de69b3ac09e787854719ce4c
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Oct 5 17:29:10 2017 -0400
ModuleManager: don't let context modules be configured if a network policy does not exist
commit
23abcc667ce19e27074c2e63edf830c2652b3f7a
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Oct 5 17:05:12 2017 -0400
snort2lua: added ips-policy-pattern. config binding adds ips and network for ips policy matches.
commit
a072c09b513b2674e5c40ec4263e75e85d51e410
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Oct 4 16:45:16 2017 -0400
binder: added network policy selection
Tom Peters (thopeter) [Mon, 9 Oct 2017 15:13:21 +0000 (11:13 -0400)]
Merge pull request #1036 in SNORT/snort3 from tunnel_225582 to master
Squashed commit of the following:
commit
e9cc0d0af2059cb6aa589d8818bf4cac54738620
Author: Steven Baigal <sbaigal@cisco.com>
Date: Tue Oct 3 14:59:25 2017 -0400
updated DAQ stats to include retry verdict peg count
commit
37cf28a584f43f093fbeec23baa9429257427304
Author: Steven Baigal <sbaigal@cisco.com>
Date: Mon Sep 25 15:14:23 2017 -0400
added tunnel bypass for IP 4IN4, IP 6IN6, GRE and MPLS
Tom Peters (thopeter) [Mon, 9 Oct 2017 14:32:51 +0000 (10:32 -0400)]
Merge pull request #1037 in SNORT/snort3 from nhttp92 to master
Squashed commit of the following:
commit
e4eedc6d287ad3a66e5e47f5bf2144fb417669d1
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 4 14:15:14 2017 -0400
http_inspect: add random increment to message body division points
stream: random increment fix
Michael Altizer (mialtize) [Fri, 6 Oct 2017 21:00:39 +0000 (17:00 -0400)]
Merge pull request #1031 in SNORT/snort3 from binder_zones to master
Squashed commit of the following:
commit
08bd025019ff9a61a035fc9f8faa99d48bc6f132
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Oct 6 10:46:02 2017 -0400
fixed build issues on OSX
commit
5bb5412170ab5c01714a71fd01b762883899e71d
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Oct 3 15:47:59 2017 -0400
snort2lua: removed port dce proxy bindings to fix http_inspect conflicts
commit
54a5be5daf20ce10fc404b92d897b3a4c700dd1d
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Sep 29 12:12:55 2017 -0400
snort2lua: added nap.rules zone translation
commit
c09df9d2a008f0e319f697de41dd86cc14396657
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Oct 5 08:56:05 2017 -0400
binder: check interface on packet instead of flow
commit
b6f365f960d42b97ebf7b396508699e0c2670b09
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Sep 28 15:37:13 2017 -0400
binder: added zones
Tom Peters (thopeter) [Fri, 6 Oct 2017 16:12:59 +0000 (12:12 -0400)]
Merge pull request #1034 in SNORT/snort3 from if2assert_251800 to master
Squashed commit of the following:
commit
d1f2850d339775f8277838e434ca3d2c515c2e1f
Author: Steven Baigal <sbaigal@cisco.com>
Date: Wed Oct 4 12:43:25 2017 -0400
changed if(> 0) to assert(> 0) for all concurrent_sessions peg counts
Michael Altizer (mialtize) [Thu, 5 Oct 2017 19:25:18 +0000 (15:25 -0400)]
Merge pull request #1030 in SNORT/snort3 from cleanup to master
Squashed commit of the following:
commit
f35eaf6b9fc5d654dd428ca0ea99a0e17eddb8b1
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Oct 5 13:53:35 2017 -0400
build: Add an initial clang-tidy configuration
commit
9a07c7fcdd9b3dfeffb0c34eecd870c1b073b51d
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Oct 5 14:01:10 2017 -0400
build: Second pass of clang-tidy's modernize-use-equals-default
commit
36d9894e859ce7d7fb5ffdaebd3848d1f934f960
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 4 10:45:16 2017 -0400
build: Remove all default destructor declarations
commit
e6d34a254be93625da190a5909a7d0a01c4ecabb
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 2 19:55:24 2017 -0400
build: Fix linking against external libiconv with autotools
commit
1eed9487c95085deba42c18dd093f9796d6c6131
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Oct 1 12:40:26 2017 -0400
build: More redundancy cleanups
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)" -checks='-*,readability-redundant-*'
-fix.
commit
6b73e322fba1e252770fd9dc4e4d62f5b71c0642
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Oct 1 12:28:35 2017 -0400
build: Remove redundant declarations
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)"
-checks='-*,readability-redundant-declaration' -fix.
commit
09715d923afad0592f23dea741cca11a1a1fbf78
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Oct 1 12:23:56 2017 -0400
build: Remove redundant flow control statements
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)"
-checks='-*,readability-redundant-control-flow' -fix.
commit
37c2e606b84aef1f765657b6bd1405ce96c124e6
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Oct 1 12:19:38 2017 -0400
build: Make some more function parameters const
Informed by un-clang-tidy.py -header-filter="$(realpath ..)"
-checks='-*,readability-non-const-parameter'.
commit
92b7fd10c4d0ddd521df092592bfc18e9044d4d6
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Oct 1 11:52:38 2017 -0400
build: Do not use size() to check containers for emptiness
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)"
-checks='-*,readability-container-size-empty' -fix.
commit
198636c4663f59bbdae5e5624a0c802fa2b3c8db
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Oct 1 11:43:12 2017 -0400
build: Do not use compare() for pure string equality tests
Informed by run-clang-tidy.py -header-filter="$(realpath ..)"
-checks='-*,misc-string-compare'.
commit
497609441dd1f626434f6f039b57730bc2a3a7b4
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 17:08:47 2017 -0400
build: Improve macro safety with parentheses
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)" -checks='-*,misc-macro-parentheses'
-fix.
commit
a44cdadf99bcb6ee0b12641ddb16d9ab04451629
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 16:48:30 2017 -0400
build: Fix a couple instances of undefined memset behavior
Reported by run-clang-tidy.py -header-filter="$(realpath ..)"
-checks='-*,bugprone-*'.
commit
cae0cc697d7a4614ad24c9f253193a6cbd37f4e1
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 16:26:05 2017 -0400
build: Some language performance cleanups suggested by Clang
Informed by run-clang-tidy.py -header-filter="$(realpath ..)"
-checks='-*,performance-*' -fix
commit
79c3b608e997e440de2c22e6d9ef1e1189994f8b
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 16:17:30 2017 -0400
build: Make more string arguments into const references
commit
b20e1e7ed64757efde9711c2c773915f749714ec
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 15:24:57 2017 -0400
build: Modernize code with =default for special member functions
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)" -checks='-*,modernize-use-equals-default
-fix
commit
cf3d5440d22465b26b33ef15777bc1fa9d01dbc5
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 14:27:49 2017 -0400
build: Modernize code with boolean literals
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)" -checks='-*,modernize-use-bool-literals'
-fix
commit
63ba30a1d8e17a8296078931a0ae6980ac09204b
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 14:21:18 2017 -0400
build: Modernize code by removing redundant void args
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)"
-checks='-*,modernize-redundant-void-arg'
commit
8b011f9ac133492facc66223f6b9ad8b07bd7943
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 14:16:11 2017 -0400
build: Modernize code with make_shared conversion
Generated automatically with run-clang-tidy.py
-header-filter="$(realpath ..)" -checks='-*,modernize-make-shared' -fix.
commit
7e20f0fa31915690207bbdff886414ca280e7e91
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 12:30:50 2017 -0400
build: Fix many warnings reported by Clang 5
commit
32b8843706f549c911091c36a3408c913f9360a5
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 14:07:33 2017 -0400
build: Header cleanup (feat. clang-tidy)
Assisted by run-clang-tidy.py -header-filter="$(realpath ..)"
-checks='-*,modernize-deprecated-headers' -fix.
commit
4f9a94abcc40f12f9424384082e4fdcc250c6152
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 12:55:40 2017 -0400
build: Modernize code with virtual/override/final cleanups
Generated automatically with run-clang-tidy.py -header-filter='.*'
-checks='-*,modernize-use-override' -fix.
commit
678d1f53b78f400c5b1915d74353ded1399cd101
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Sep 30 12:38:56 2017 -0400
build: Modernize code with nullptr conversion
Generated automatically with run-clang-tidy.py -header-filter='.*'
-checks='-*,modernize-use-nullptr' -fix.
Tom Peters (thopeter) [Wed, 4 Oct 2017 18:34:31 +0000 (14:34 -0400)]
Merge pull request #1033 in SNORT/snort3 from appid_failing_reg_tests to master
Squashed commit of the following:
commit
c4acd3948029d51d4ae934b1517e1e5ab4627b7e
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Oct 2 08:32:40 2017 -0400
service applications detected by port only were not be counted, this patch adds stat increment for service detections for this scenario
Tom Peters (thopeter) [Tue, 3 Oct 2017 14:43:18 +0000 (10:43 -0400)]
Merge pull request #1029 in SNORT/snort3 from appid_ftp_fix to master
Squashed commit of the following:
commit
56913ed293e26aa97b4e2942b8797dfb214699a7
Author: snorty <mdagon@cisco.com>
Date: Thu Sep 28 12:01:11 2017 -0400
Appid ftp: create exptected flow immediately after PORT command for active mode
Michael Altizer (mialtize) [Fri, 29 Sep 2017 15:53:42 +0000 (11:53 -0400)]
Merge pull request #1027 in SNORT/snort3 from snort2lua_ims to master
Squashed commit of the following:
commit
9fe6d6a02b6e82834cbfd2f0c1ebf85f04c066ab
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Sep 28 13:52:59 2017 -0400
appid: Fix performance issues reported by cppcheck
commit
aafb9275f17aa4ef91250402751ee80185f41c68
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Sep 28 13:49:44 2017 -0400
memory: Align allocator metadata such that returned memory is also max_align_t-aligned
commit
feca8e5d4dbd0a08854f534287d2a45b98fd3a5d
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Sep 28 01:13:27 2017 -0400
build: Clean up a few ICC 2018 and GCC 7 warnings
commit
9532792af8405365856ee56b0c6416c0c231bc4d
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Sep 28 01:09:29 2017 -0400
build: Add NORETURN_ASSERT to tag functions that will always assert
commit
4df0a1d9f5079474d46f757b28c3621157d8d05b
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Sep 28 00:29:36 2017 -0400
uboat,fbstreamer: Fix issues reported by cppcheck
commit
2152f1ab13736173c7bd3d029fa5294a4b22edfd
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Sep 28 00:21:55 2017 -0400
snort2lua: Fix various issues reported by cppcheck
commit
d2fa14de02578809294926a981c70d9a4554f0cf
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Sep 27 15:30:37 2017 -0400
snort2lua: Fix initialization order in Converter constructor
commit
26ae4d24ab624c4d0874ae0ab9ca97587d339cde
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Sep 20 16:29:59 2017 -0400
log/messages: Redirect stderr to syslog as well
commit
39bd64bee437f935650af17ac39f6bbbd6c840ac
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Sep 20 12:38:00 2017 -0400
snort2lua: Implement firewall preproc and sfunified2 output conversions
Michael Altizer (mialtize) [Wed, 27 Sep 2017 18:07:27 +0000 (14:07 -0400)]
Merge pull request #1023 in SNORT/snort3 from s2l_nap to master
Squashed commit of the following:
commit
5e656382f62b51480b5b1c363e16d53a8ed985d1
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Sep 26 08:53:33 2017 -0400
snort2lua: refactored TableApi
commit
89e936eabcd80bb3a866b92a94aa1fb8671ec6fe
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Sep 21 17:08:30 2017 -0400
snort2lua: fixed extra whitespace generation
commit
1d886319fb648154b5f72ac5613cb71de19c927d
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Sep 20 08:52:46 2017 -0400
snort2lua: added nap_selector support
Tom Peters (thopeter) [Tue, 26 Sep 2017 19:21:55 +0000 (15:21 -0400)]
Merge pull request #1026 in SNORT/snort3 from nhttp91 to master
Squashed commit of the following:
commit
f19b7390fe12eac6f9b3525a181384e353dae217
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Sep 25 17:02:31 2017 -0400
http_inspect: test tool improvements
Russ Combs (rucombs) [Mon, 25 Sep 2017 23:38:06 +0000 (19:38 -0400)]
Merge pull request #1022 in SNORT/snort3 from snort_daq_packet_retry to master
Squashed commit of the following:
commit
c5eaf9f5a8d381a829df5e159eae3fed26309171
Author: davis mcpherson <davmcphe.cisco.com>
Date: Thu Aug 10 15:01:28 2017 -0400
implement snort support for DAQ_VERDICT_RETRY feature
add reg test inspector to facilitate regression testing, initially for the daq packet retry feature
add reg test inspector service to facilated regression testing of snort++
limit check of chp match strings to clear to the ones that may have actually been set during chp processing
Tom Peters (thopeter) [Mon, 25 Sep 2017 19:33:35 +0000 (15:33 -0400)]
Merge pull request #1019 in SNORT/snort3 from readme_email to master
Squashed commit of the following:
commit
d0b5a5444cb4f89b8d00a0335bf9d32a23f86a50
Author: Steven Baigal <sbaigal@cisco.com>
Date: Wed Sep 20 15:28:36 2017 -0400
added POP, IMAP and SMTP to user manual features
Tom Peters (thopeter) [Mon, 25 Sep 2017 17:54:32 +0000 (13:54 -0400)]
Merge pull request #1025 in SNORT/snort3 from nhttp90 to master
Squashed commit of the following:
commit
43ec1af54b6fc6cacf77da97e687fc6f1877f83a
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Sep 14 13:17:29 2017 -0400
http_inspect, stream: HTTP headers no longer avoid detection when message unexpectedly
ends after status line or headers
Michael Altizer (mialtize) [Mon, 25 Sep 2017 16:03:16 +0000 (12:03 -0400)]
Merge pull request #1017 in SNORT/snort3 from binder_direction to master
Squashed commit of the following:
commit
4cd912df8cfa19769b83058243cd227bf24a693b
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Sep 19 10:35:10 2017 -0400
Binder: allow src and dst specifications for ports and nets
Tom Peters (thopeter) [Mon, 25 Sep 2017 15:12:14 +0000 (11:12 -0400)]
Merge pull request #1024 in SNORT/snort3 from appid_rtp_test to master
Squashed commit of the following:
commit
f7991c80e3f45ecac034bcf707b406f7f382e85f
Author: snorty <mdagon@cisco.com>
Date: Fri Sep 22 13:58:54 2017 -0400
Remove blank lines
commit
be685b9241b9c77e605ee8af700752fa66ec9fd6
Author: snorty <mdagon@cisco.com>
Date: Fri Sep 22 10:46:38 2017 -0400
Fix typo
commit
63ae375359c37be88f31e3f39183293aa7c8e930
Author: snorty <mdagon@cisco.com>
Date: Wed Sep 13 14:31:35 2017 -0400
Appid RTP flow flags (changes commented out)+ small fix
Russ Combs (rucombs) [Fri, 22 Sep 2017 13:41:53 +0000 (09:41 -0400)]
Merge pull request #1021 in SNORT/snort3 from firewall_memleak1 to master
Squashed commit of the following:
commit
25d9fcb917501bd63ed0b46633803c66a0ad4c71
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 21 15:25:33 2017 -0400
Return nullptr from ApplicationDescriptor get funcs when string is empty.
Russ Combs (rucombs) [Fri, 22 Sep 2017 13:41:28 +0000 (09:41 -0400)]
Merge pull request #1006 in SNORT/snort3 from smb_unicode_fname to master
Squashed commit of the following:
commit
aec151308a6b538db68baddeec1a09b956849993
Author: snorty <mdagon@cisco.com>
Date: Wed Sep 20 17:40:48 2017 -0400
Missed 2 files
commit
31c622a7fba16becbf5f6b24ce490e4a36cecb78
Author: snorty <mdagon@cisco.com>
Date: Tue Sep 19 15:19:46 2017 -0400
Additional changes from Michael's branch - cmake changes for iconv + additional improvements
commit
3758b4d8604c1b1fafce1138942b8f8f20c58ec3
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 15 14:47:57 2017 -0400
build: Import iconv autotools logic from gnulib
commit
ef23d1dabc7326091010988a6e0aa0cb936bcc5f
Author: mdagon <mdagon@cisco.com>
Date: Mon Jul 24 10:29:15 2017 -0400
SMB unicode filename support
1. iconv is used for translating UTF16-LE file names to UTF8.
2. Smb will add BOM to file name in case it is Unicode.
3. Translation will be done in file_api during logging.
4. Active response was updated to keep the same format of the original file name.
5. File api was updated to use pipe-delimited hex for file names:
printable text will show up as plain text and any 8-bit chars as hex
6. Full file name, including path, will be logged, instead of only the file name
7. NHI will send raw uri instead of normalized uri to file api
Russ Combs (rucombs) [Thu, 21 Sep 2017 13:54:47 +0000 (09:54 -0400)]
Merge pull request #1020 in SNORT/snort3 from typos to master
Squashed commit of the following:
commit
764e7cd1cfa055c6d0e92a0af6ed2727ec925317
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Sep 21 08:37:40 2017 -0400
spell check: fix typos in comments
Russ Combs (rucombs) [Wed, 20 Sep 2017 18:05:41 +0000 (14:05 -0400)]
Merge pull request #1014 in SNORT/snort3 from policy_split to master
Squashed commit of the following:
commit
0770342be4f4da6ec65d0719ba97b39d6f96b464
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Sep 19 11:26:00 2017 -0400
unified2: implemented ips, network, and inspection policy id logging
commit
c2ecc2df0f84a87bc9ed76b7815096013fda8c55
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Sep 18 13:04:16 2017 -0400
appid pop3, appid imap: fixed missing include
commit
c01713fbe13151f5b9d2f7519f916a104eb5e3fd
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Sep 14 13:06:20 2017 -0400
snort2lua: config policy_id converts to when ips_policy_id
This is an interim support to generate loadable configs until
proper ips / network / inspection differentiation is added.
commit
22147f8cd90ec44794aa3089fbc5308d86a20339
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Sep 14 11:35:11 2017 -0400
Shell: force default policies for shells not from binder
commit
b50ea6e9dfff279c80427fd806341d578f32feca
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Aug 30 13:50:19 2017 -0400
Binder, Flow, PolicyMap, Shell: enabled policy splitting by type
Hui Cao (huica) [Tue, 19 Sep 2017 19:55:25 +0000 (15:55 -0400)]
Merge pull request #1016 in SNORT/snort3 from appid1 to master
Squashed commit of the following:
commit
b158a2712ae7a41e8b2fac760358c209f6378a0d
Author: Steve Chew <stechew@cisco.com>
Date: Fri Sep 15 18:06:20 2017 -0400
Install the appid_api.h header to be used by FirewallInspector module.
Russ Combs (rucombs) [Tue, 19 Sep 2017 18:00:57 +0000 (14:00 -0400)]
Merge pull request #1018 in SNORT/snort3 from appid_broke_cmake to master
Squashed commit of the following:
commit
3a7c7be3c9f97243ae4c4e8e868acc6e028704c1
Author: davis mcpherson <davmcphe.cisco.com>
Date: Tue Sep 19 12:14:54 2017 -0400
ad appid_peg_counts.cc to lib dependency list for appid http event unit tests
Michael Altizer (mialtize) [Mon, 18 Sep 2017 14:49:44 +0000 (10:49 -0400)]
Merge pull request #1015 in SNORT/snort3 from log_id_offset to master
Squashed commit of the following:
commit
c2acd9a9e3389c7ef48ac593ffebfc8b4d4b530e
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 15 12:27:05 2017 -0400
thread: Add logging directory ID offset controlled by --id-offset option
Tom Peters (thopeter) [Thu, 14 Sep 2017 20:33:10 +0000 (16:33 -0400)]
Merge pull request #1013 in SNORT/snort3 from nhttp89 to master
Squashed commit of the following:
commit
5823a745323181eea49a7accc3dce9db76a131aa
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Sep 11 17:19:02 2017 -0400
http_inspect: alphabetical ordering of rule options
Tom Peters (thopeter) [Thu, 14 Sep 2017 18:26:26 +0000 (14:26 -0400)]
Merge pull request #1008 in SNORT/snort3 from appid_enhance_stats to master
Squashed commit of the following:
commit
1c37bb2c08789f3f49c8d38bddbdfafd58cea9d2
Author: davis mcpherson <davmcphe.cisco.com>
Date: Sun Sep 3 16:47:04 2017 -0400
appid: this commit implements several enhancements to AppId peg counts
1) the entries in the appMapping.data file are used to dynamically
generate a vector of the PegInfo and PegCounts for each application that AppId can
detect. These dynamically generated pegs are merged with a table of
static pegs for counts of other AppId events worth noting and the
combined table returned to Module when it queries for PegInfo and
PegCounts. The application name from each entry is used as the label
for the peg counts and to construct the help string. For each id a
count is maintained for service, client, user, payload, and misc
detections.
2) Since the dynamic table can not be built until AppId is configured
the Module class was modified to not make the calls to collect PegInfo
and initialize the peg count data structures as each module is added.
Instead the call to do this is done from Snort::init after Inspectors
have been configured.
3) AppId now increments its detection counts in the base class method
that is call for each type of detected app (service, client, payload,
user, misc) and is only incremented when the id of the detected app is
different the current setting for that type.
4) refactor AppIdSession to create a new class ApplicationDescriptor and
derived classes for each application id type (client and user info are
maintained by a single class). These classes maintain the
id and related state for each type have the logic for updating the state
and the detection counts when appropriate.
5) Create new class AppIdPegCounts to manage the PegInfo and PegCounts
tables and functions for incrementing the peg statistics
Miscellaneous updates:
- numerous updates to improve compliance with coding standards and
improve readability
- use AppId enum type for all variables and paremeters that represent an
application id
- appid_stats_counter.cc no longer need and has been deleted
- numerous instances of redundant calls to set AppId session state
information have been removed
- update appid unit tests to work with stats enhancements
- update appid regression tests to work with stats enhancements
move detectors configured state variable to AppIdPegCounts class, add method to set it true when detectors are loaded
move AppId peg count enums into AppIdPegCounts class
Tom Peters (thopeter) [Tue, 12 Sep 2017 20:10:06 +0000 (16:10 -0400)]
Merge pull request #1010 in SNORT/snort3 from sfipvar to master
Squashed commit of the following:
commit
ab4b16bd7105fd064071f251dd72ee00918ec263
Author: Steven Baigal <sbaigal@cisco.com>
Date: Fri Sep 8 15:50:00 2017 -0400
Made Improvements to SFIPVar list performance and added unit test cases
Tom Peters (thopeter) [Tue, 12 Sep 2017 19:58:06 +0000 (15:58 -0400)]
Merge pull request #1012 in SNORT/snort3 from file_lib_fix to master
Squashed commit of the following:
commit
7ac239558ebe5f37a6e96efa3e5ab01f39bfee7f
Author: Steven Baigal <sbaigal@cisco.com>
Date: Tue Sep 12 13:35:55 2017 -0400
refix the fix on valgrind error for null terminator overwritten issue
Michael Altizer (mialtize) [Mon, 11 Sep 2017 21:05:14 +0000 (17:05 -0400)]
Merge pull request #1011 in SNORT/snort3 from file_lib_fix to master
Squashed commit of the following:
commit
e23f9254f747db77ad1263800810cb2cd3ae9715
Author: Steven Baigal <sbaigal@cisco.com>
Date: Mon Sep 11 15:08:58 2017 -0400
Fixed a valgrind error -- null terminator overwritten when length equals 8
Tom Peters (thopeter) [Mon, 11 Sep 2017 17:15:10 +0000 (13:15 -0400)]
Merge pull request #1009 in SNORT/snort3 from nhttp88 to master
Squashed commit of the following:
commit
ff9037908b697cda3c847d25a91427526a7305d6
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Sep 8 15:35:46 2017 -0400
http_inspect: added http_raw_buffer rule option
Russ Combs [Sun, 10 Sep 2017 02:36:17 +0000 (22:36 -0400)]
Squashed commit of the following:
commit
929661c23d43af57f00a98a9df5046960187d526
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Sep 9 10:04:58 2017 -0400
build: fix noreturn and unused warnings
commit
03230ffb0c7b45800f8368a4009dbb5b82b34671
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Sep 9 15:29:47 2017 -0400
memory: patch around allocation tracking issue
commit
9436ba425e2fa1669ef35046d4a1337b33068652
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Sep 9 10:03:27 2017 -0400
memory: remove canary from production builds to reduce overhead
commit
7fadd3d35b6c19fb42e3809db384db4828497f7e
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Sep 4 18:28:25 2017 -0400
memory: output basic startup heap stats
Russ Combs (rucombs) [Sat, 9 Sep 2017 15:00:00 +0000 (11:00 -0400)]
Merge pull request #1005 in SNORT/snort3 from rule_dependencies to master
Squashed commit of the following:
commit
acc68fe935fed33c263f355d08320c770bb06cdb
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Aug 25 16:21:58 2017 -0400
sip: sip_method can use data from any sip inspector of any inspection policy
Tom Peters (thopeter) [Fri, 8 Sep 2017 14:27:09 +0000 (10:27 -0400)]
Merge pull request #1007 in SNORT/snort3 from nhttp87 to master
Squashed commit of the following:
commit
811c4224c6f048f55319a95efef7402a3f079b10
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Aug 30 14:26:08 2017 -0400
http_inspect support for u2 extra data logging
Tom Peters (thopeter) [Tue, 5 Sep 2017 20:25:04 +0000 (16:25 -0400)]
Merge pull request #1003 in SNORT/snort3 from appid_lua_detectors to master
Squashed commit of the following:
commit
d6a01cdeb7716a02aeb45007cba39d928d223675
Author: davis mcpherson <davmcphe.cisco.com>
Date: Tue Aug 29 08:05:04 2017 -0400
hard code use of 'ac_full' as search method for search engine for appid
select 'ac_full' as search method for appid for now as it is the only one that supports 'find_all', also force enable dfa flag in search engine, improve encapsulation of appid pattern match service class
Russ Combs (rucombs) [Fri, 1 Sep 2017 17:25:44 +0000 (13:25 -0400)]
Merge pull request #1004 in SNORT/snort3 from xcode to master
Squashed commit of the following:
commit
657e650852af9bc8a0c39dc986aa94edc1364f21
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Sep 1 09:02:29 2017 -0400
analyzer: fix possible leak upon appid info table entry dup
commit
ade6ed67f5602ffca18447d0b0ac1ad67da4fcd9
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Sep 1 08:50:07 2017 -0400
analyzer: fix possible memory leak in side channel
commit
27a9d0a40ec991b938d1f801b32e7fb9fb507ea8
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Aug 31 19:46:22 2017 -0400
analyzer: fix missing braces around subobj initialization in flow key
Russ Combs (rucombs) [Thu, 31 Aug 2017 16:53:59 +0000 (12:53 -0400)]
Merge pull request #1002 in SNORT/snort3 from sum_stuff to master
Squashed commit of the following:
commit
322d34f0cc28f97723877caa123853b9c93929b8
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Aug 29 09:58:51 2017 -0400
doc: add module usage and peg count type
commit
fc9228831b4d5947e5f79470c5ce2aab1b178c16
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Aug 29 09:37:08 2017 -0400
modules: add usage designating global, context, inspect, or detect policy applicability
commit
71854c80f788d5419488cd08329b12284c427a5a
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Aug 28 20:42:55 2017 -0400
stats: use peg info to accumulate by type
commit
8ce4e18e7035c13101663aa429ae3004824bc7d5
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Aug 27 19:16:12 2017 -0400
pegs: add count type to info
commit
84348164529f752b20e5cad3e507454192332e4b
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Aug 19 15:48:21 2017 -0400
snort2lua: search_engine.split_any_any now defaults to true
commit
2b4a49c31e965c6d493c3683fc8a0f1283f45656
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Aug 19 15:23:14 2017 -0400
snort: -T does not compile mpse; --mem-check does
Hui Cao (huica) [Tue, 29 Aug 2017 19:49:12 +0000 (15:49 -0400)]
Merge pull request #1001 in SNORT/snort3 from unified4 to master
Squashed commit of the following:
commit
b7a3b06b5d87fdbe3a920d0f96469b2131c9146a
Author: Steve Chew <stechew@cisco.com>
Date: Tue Aug 29 08:50:17 2017 -0400
Install sfdaq.h and application_ids.h needed by Firewall changes.
Tom Peters (thopeter) [Tue, 29 Aug 2017 19:21:11 +0000 (15:21 -0400)]
Merge pull request #1000 in SNORT/snort3 from appid_lua_api to master
Squashed commit of the following:
commit
7b72de2271ba9a9e6d1ff5d6482a4c61911bb76c
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Aug 28 13:55:44 2017 -0400
fix memory leak in http pattern matching, minor cleanups
Tom Peters (thopeter) [Mon, 28 Aug 2017 20:38:09 +0000 (16:38 -0400)]
Merge pull request #995 in SNORT/snort3 from peg_max_conc_p2 to master
Squashed commit of the following:
commit
92c5a4145ce11a5610b88afb3120a75d3354178e
Author: Steven Baigal <sbaigal@cisco.com>
Date: Fri Aug 11 15:40:19 2017 -0400
add peg count for max concurrent sessions - part2
Tom Peters (thopeter) [Mon, 28 Aug 2017 15:57:54 +0000 (11:57 -0400)]
Merge pull request #999 in SNORT/snort3 from icmp6_key to master
Squashed commit of the following:
commit
e32554194296dd73fe13ed6bf9b7754d0d988d67
Author: Steven Baigal <sbaigal@cisco.com>
Date: Tue Aug 22 13:23:06 2017 -0400
Updated to support associating router solicit/reply packets to a single session
Russ Combs (rucombs) [Fri, 25 Aug 2017 12:54:58 +0000 (08:54 -0400)]
Merge pull request #998 in SNORT/snort3 from nhttp86-cleanups to master
Squashed commit of the following:
commit
b408bba53c50afc7f7235ea914bbac87dadb3b71
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Aug 24 14:09:05 2017 -0400
.
commit
8ee92a53acf58c2dfc829add2c663de2ba4419a6
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Jul 25 11:37:43 2017 -0400
NHI bug fix plus cleaned up a bunch of stuff.
Russ Combs (rucombs) [Fri, 25 Aug 2017 12:39:46 +0000 (08:39 -0400)]
Merge pull request #997 in SNORT/snort3 from port_table_cruft to master
Squashed commit of the following:
commit
d52c5cac7ed64dc56f80f2b78f10e065c88d1320
Author: Victor Roemer <viroemer@cisco.com>
Date: Wed Aug 23 15:42:04 2017 -0400
snort: disallow invalid port range !:65535 (!any)
commit
dd620176da4daaccee9a56827f00d2a0e73bcfd3
Author: Victor Roemer <viroemer@cisco.com>
Date: Wed Aug 23 15:01:02 2017 -0400
snort: remove port object cruft
Michael Altizer (mialtize) [Mon, 21 Aug 2017 22:11:58 +0000 (18:11 -0400)]
Merge pull request #996 in SNORT/snort3 from warnings to master
Squashed commit of the following:
commit
74780ac195a4bd913c9eda6a0c6d9d14698f431d
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Aug 18 16:16:13 2017 -0400
build: Clean up some more compiler warnings and remove spurious tabs
Russ Combs [Sat, 19 Aug 2017 02:24:02 +0000 (22:24 -0400)]
Squashed commit of the following:
commit
ee787c62ce89880b0dd6a0b2df06886f0e171e3b
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Aug 18 20:54:07 2017 -0400
snort2lua: fix borked build broke by binder order
Michael Altizer (mialtize) [Fri, 18 Aug 2017 20:47:49 +0000 (16:47 -0400)]
Merge pull request #991 in SNORT/snort3 from binder_order to master
Squashed commit of the following:
commit
0a44cace2f0cb9798caf59a9f6aba64f21c73de3
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Aug 14 12:19:28 2017 -0400
snort2lua: enforced ordering to bindings in binder table
commit
4d9a66aefe11ea13f20d2468fccfd140cb18df09
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Aug 10 17:56:35 2017 -0400
snort2lua: removed dead code
Tom Peters (thopeter) [Fri, 18 Aug 2017 19:22:27 +0000 (15:22 -0400)]
Merge pull request #993 in SNORT/snort3 from nhttp85 to master
Squashed commit of the following:
commit
f9f1973bb5bd6e38b5b2b974bb202396f048cb6f
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Aug 1 14:11:54 2017 -0400
http_inspect: create message sections with body data that has been dechunked and unzipped but not otherwise nortmalized.
Russ Combs (rucombs) [Fri, 18 Aug 2017 14:53:04 +0000 (10:53 -0400)]
Merge pull request #994 in SNORT/snort3 from elk to master
Squashed commit of the following:
commit
573659a4166f5e1c9583383d7bf0bddbee4472a5
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Aug 17 15:22:54 2017 -0400
csv: updates
commit
d566f6bb98497dd76baea1b88f451509a7291b96
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Aug 17 15:11:50 2017 -0400
b64: updates
commit
c25181487233e22511dcd7d5c2f06ba2ad6cf5a2
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Aug 16 13:45:31 2017 -0400
appid: convert appid_stats.log from u2 to csv
commit
c882db6d3c1901bb3f42e38f733cb70632f3139e
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Aug 16 11:48:23 2017 -0400
configure: add --disable-stdlog for cases where logging alerts to file descriptor 3 is unhelpful
commit
6d3c8c3d4c365e8d99866ada71ecc1b039e2c00b
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Aug 16 11:22:48 2017 -0400
cleanup: remove rogue HAVE_CONFIG_H from includes
commit
d302999d9e784d6a6e2fe8e18514be33b2a3d470
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Aug 16 11:17:54 2017 -0400
appid: tweak help for instance_id
commit
2b135326f84f4047aaef5336c7bc31948607d1d5
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Aug 14 12:56:28 2017 -0400
stream_tcp: ensure max pdu is flushed by default splitter
commit
7f5eb5649c0f7012c518b5197c77c4b320407841
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Aug 13 20:39:22 2017 -0400
unified2: log buffers as cooked packets with legacy events
commit
946b93bdb7aa35d23b259cb769e2eac940254ad7
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Aug 13 07:32:07 2017 -0400
build: fix unused parameter warning
commit
4c7e0c61a43102c803c34ca22fe919e2998a941b
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Aug 12 16:05:10 2017 -0400
conf: fix default classification capitalization
commit
a9ccc441b02898f6c9e6471404ced30a1f17f312
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Aug 13 07:28:57 2017 -0400
alert_csv: add vlan and mpls options
commit
666b46fd3a976da03840aedf93f5522a639e0de9
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Aug 12 10:25:32 2017 -0400
alert_csv: add b64_data, rename dgm_len to pkt_len
commit
64889ec87c4a8c953742a7a828d968334439ef48
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Aug 12 10:24:04 2017 -0400
loggers: add base64 encoder based on libb64 from devolve
commit
dfb8e204bcc8d6232b51fdd47ef91ac5d4609f8d
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Aug 11 22:32:17 2017 -0400
alert_csv: add class, priority, and service options
commit
c39d12177bf9a4f304a2801dca1c4edb9b3b8f18
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Aug 11 22:32:01 2017 -0400
loggers: use standard year/mon/day format
Russ Combs (rucombs) [Thu, 17 Aug 2017 17:59:29 +0000 (13:59 -0400)]
Merge pull request #990 in SNORT/snort3 from port_reload_performance_fixes_2 to master
Squashed commit of the following:
commit
8c1d83e9188cc38480fbfc99c363608ecd4ca93b
Author: Victor Roemer <viroemer@cisco.com>
Date: Thu Aug 17 08:58:02 2017 -0400
snort: Use Debug::enable for runtime check
commit
1c5791908d3e286db0d25b57a1c9d556aad14883
Author: Victor Roemer <viroemer@cisco.com>
Date: Wed Aug 16 14:36:05 2017 -0400
snort: more review comments
commit
b6c48d7096add2a9cc0df8af0b7877996b7ab470
Author: Victor Roemer <viroemer@cisco.com>
Date: Wed Aug 16 09:20:15 2017 -0400
snort3: update based on review comments
commit
e1bd664d7cfd6766e98ddb39e715ceab2879d678
Author: Victor Roemer <viroemer@cisco.com>
Date: Tue Aug 15 15:57:05 2017 -0400
snort: move debug code into the ifdef DEBUG
commit
1b1350a638cac3355ba0bb80d99298e8f7fd59e6
Author: Victor Roemer <viroemer@cisco.com>
Date: Fri Aug 11 15:45:54 2017 -0400
search_engines: only add state to queue once
commit
16069bfce5ffe09d5a52531cf32da305cf28d8d1
Author: Victor Roemer <viroemer@cisco.com>
Date: Thu Aug 10 13:31:09 2017 -0400
snort: remove duplicate function declaration
commit
42a2156b3b08232fd6032a7c27d3558fb29dcee2
Author: Victor Roemer <viroemer@cisco.com>
Date: Mon Aug 7 18:21:54 2017 -0400
snort: port the optimized port table compilation from 2.9.12
Incomplete port of port, some things require reworking since PortObjectItem changed so much in Snort3
Russ Combs (rucombs) [Wed, 16 Aug 2017 02:07:31 +0000 (22:07 -0400)]
Merge pull request #992 in SNORT/snort3 from rm_peg_count_assert to master
Squashed commit of the following:
commit
2d9ac5528e31a1cf146d22c6b8f42cbedcfd440a
Author: Steven Baigal <sbaigal@cisco.com>
Date: Tue Aug 15 18:46:59 2017 -0400
changed concurrent_sessions stats assert() to if()
Tom Peters (thopeter) [Tue, 15 Aug 2017 16:30:51 +0000 (12:30 -0400)]
Merge pull request #988 in SNORT/snort3 from max_cocurr_session_peg to master
Squashed commit of the following:
commit
86a1cc3153f86bdc73d168ac16dd414f842e8010
Author: Steven Baigal <sbaigal@cisco.com>
Date: Thu Aug 10 16:17:10 2017 -0400
Added peg count for max concurrent sessions to service inspectors
Russ Combs (rucombs) [Mon, 14 Aug 2017 20:28:10 +0000 (16:28 -0400)]
Merge pull request #989 in SNORT/snort3 from pause_fix to master
Squashed commit of the following:
commit
22cbf9fe707272c9549ec81125fec4fbc69d961e
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri Aug 11 13:34:12 2017 -0400
main: Fix pause command issued from command line to accept control commands while in paused state
commit
8519c9d98ebc9375e66234de9aa3a6d108d27fd8
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri Aug 11 12:46:48 2017 -0400
main: Fix pause command issued from command line to accept control commands while in paused state
projects / thirdparty / snort3.git / log
