From 2187e2488ef372402ae90cc55ea1d1bba23e00d0 Mon Sep 17 00:00:00 2001 From: "Priyanka Bangalore Gurudev (prbg)" Date: Mon, 21 Apr 2025 15:29:07 +0000 Subject: [PATCH] Pull request #4706: build: generate and tag 3.7.3.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.7.3.0 to master Squashed commit of the following: commit f76d18521571fb953de123b540e13d0082937a73 Author: Priyanka Gurudev Date: Sun Apr 20 11:49:44 2025 -0400 build: generate and tag 3.7.3.0 --- CMakeLists.txt | 2 +- ChangeLog.md | 26 ++++++++++++++++++++++++++ doc/reference/snort_reference.text | 26 +++++++++++++++++++++----- doc/upgrade/snort_upgrade.text | 2 +- doc/user/snort_user.text | 19 ++++++++++++++++--- 5 files changed, 65 insertions(+), 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c20226af8..fb5e608a8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 7) -set (VERSION_PATCH 2) +set (VERSION_PATCH 3) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 4077c6530..063b5482d 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,29 @@ +2025-04-20: 3.7.3.0 + +* appid: added caching for dns detector +* appid: fixed unknown payload case for domain fronting +* control: fix data race in ControlConn touch method +* dns: handle multi transaction-IDs in single DNS-UDP flow +* extractor: enable TSV(Tab-Separated Values) formatting +* extractor: extend dns logging +* extractor: fix static checker warning +* extractor: make parsing more strict +* extractor: simplify CSV logger implementation and add configurable delimiter +* filters: initialize struct fields when instance is defined +* flow: fix coverity SWAPPED ARGUMENTS and Y2K38_SAFETY issues +* helpers: validate input from conf file to verify port number string is valid digits +* host_tracker: recode while loop to avoid bogus coverity infinite loop warning +* http2_inspect: added settings_max_frame_size parameter and built-in rule 121:44 to check for max frame size +* http: initialize class member variables in the ctor +* ips_options: allocate large buffer for base64 decode from heap instead of on stack +* loggers: allocate large buffer for writing unified2 extra data from heap instead of stack +* main: added show_snort_packet_latency() help command support +* main: do not collect configurations for utility shells +* main: redirect stdin, stdout, stderr to /dev/null with the freopen system call +* main: refactor signal handling switch statement, return codes and FatalError +* managers: use std::move to pass shared ptr to new owner to avoid a copy +* packet_capture: rename pcaps and change default values + 2025-03-30: 3.7.2.0 * appid: added flag to inspect out-of-order packets diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 1eb2b411b..13585ae90 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.7.2.0 2025-03-30 22:14:23 EDT TST +Revision 3.7.3.0 2025-04-20 11:40:57 EDT TST --------------------------------------------------------------------- @@ -1799,6 +1799,7 @@ Commands: logging * snort.show_config_generation(): show loaded configuration ID * snort.show_snort_cpu(): show snort cpu usage + * snort.show_snort_packet_latency(): show snort packet latency data * snort.pause(): suspend packet processing * snort.resume(pkt_num): continue packet processing. If number of packets is specified, will resume for n packets and pause @@ -3625,7 +3626,7 @@ Instance Type: global Configuration: * enum extractor.formatting = csv: output format for extractor { - csv | json } + csv | tsv | json } * string extractor.connector: output destination for extractor * enum extractor.time = unix: output format for timestamp values { snort | snort_yy | unix | unix_s | unix_us } @@ -3925,6 +3926,9 @@ Configuration: * int http2_inspect.concurrent_streams_limit = 100: Maximum number of concurrent streams allowed in a single HTTP/2 flow { 100:1000 } + * int http2_inspect.settings_max_frame_size = 16777215: Maximum + allowed value for settings frame SETTINGS_MAX_FRAME_SIZE { + 16384:16777215 } Rules: @@ -3990,6 +3994,8 @@ Rules: * 121:42 (http2_inspect) too many unacknowledged settings * 121:43 (http2_inspect) setting acknowledgment without actual settings + * 121:44 (http2_inspect) settings frame size greater than + settings_max_frame_size Peg counts: @@ -4861,7 +4867,7 @@ Configuration: packet headers * string packet_capture.capture_path: directory path to capture pcaps - * int packet_capture.max_packet_count = 1000000: cap the number of + * int packet_capture.max_packet_count = 0: cap the number of packets per thread { 0:max32 } Commands: @@ -9917,7 +9923,7 @@ libraries see the Getting Started section of the manual. * enum extractor.default_filter = pick: default action for protocol with no filter provided { pick | skip } * enum extractor.formatting = csv: output format for extractor { - csv | json } + csv | tsv | json } * string extractor.protocols[].fields: specify fields to log * string extractor.protocols[].on_events: specify events to log * enum extractor.protocols[].service: service to extract from { @@ -10108,6 +10114,9 @@ libraries see the Getting Started section of the manual. * int http2_inspect.concurrent_streams_limit = 100: Maximum number of concurrent streams allowed in a single HTTP/2 flow { 100:1000 } + * int http2_inspect.settings_max_frame_size = 16777215: Maximum + allowed value for settings frame SETTINGS_MAX_FRAME_SIZE { + 16384:16777215 } * implied http_cookie.request: match against the cookie from the request message even when examining the response * implied http_cookie.with_body: option is no longer used and will @@ -10614,7 +10623,7 @@ libraries see the Getting Started section of the manual. capturing * int packet_capture.group = -1: group filter to use for packet capturing { -1:32767 } - * int packet_capture.max_packet_count = 1000000: cap the number of + * int packet_capture.max_packet_count = 0: cap the number of packets per thread { 0:max32 } * string packet_capture.tenants: comma-separated tenants filter to use for packet capturing @@ -14750,6 +14759,12 @@ More than 6 unacknowledged settings frames. Unexpected settings ACK. +121:44 (http2_inspect) settings frame size greater than +settings_max_frame_size + +SETTINGS_MAX_FRAME_SIZE value sent in HTTP/2 settings frame is +greater than maximum value, as configured by settings_max_frame_size. + 122:1 (port_scan) TCP portscan Basic one host to one host TCP portscan where multiple TCP ports are @@ -16399,6 +16414,7 @@ alert is raised by the enhanced JavaScript normalizer. logging * snort.show_config_generation(): show loaded configuration ID * snort.show_snort_cpu(): show snort cpu usage + * snort.show_snort_packet_latency(): show snort packet latency data * snort.pause(): suspend packet processing * snort.resume(pkt_num): continue packet processing. If number of packets is specified, will resume for n packets and pause diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index ff1af9d3b..a06172753 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.7.2.0 2025-03-30 22:15:00 EDT TST +Revision 3.7.3.0 2025-04-20 11:41:49 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 92c180895..1645015fe 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.7.2.0 2025-03-30 22:14:35 EDT TST +Revision 3.7.3.0 2025-04-20 11:41:15 EDT TST --------------------------------------------------------------------- @@ -4817,6 +4817,12 @@ concurrently in a single HTTP/2 flow. The default and minimum configurable value is 100. It can be configured up to a maximum of 1000. +5.11.2.2. settings_max_frame_size + +This sets the maximum allowed value for settings frame +SETTINGS_MAX_FRAME_SIZE. The default and max value is 16777215. The +minimum configurable value is 16384. + 5.11.3. Detection rules Since HTTP/2 traffic is processed through the HTTP inspector, all of @@ -5974,10 +5980,17 @@ Fields supported for DNS: * RA - A boolean, denotes the availability of recursive query support at the server * Z - A 3 bit integer set to 0 unless DNSSEC is used (see RFC 2535) - * answers - The list of answers to the query, only A and AAAA types - are currently supported + * answers - The list of answers to the query + * TTLs - The list of caching intervals for the corresponding + answers * rejected - A boolean, true when the server responds with an error code and no query + * auth - The list of authoritative responses + * addl - The list of additional responses + +In the answers, auth, and addl lists the decoding of the following RR +types is supported: A, AAAA, CNAME, DS, MX, NS, NSEC, PTR, RRSIG, +SOA, TXT Fields supported for connection: -- 2.47.3