Merge pull request #2250 in SNORT/snort3 from ~RUCOMBS/snort3:aimless to master
Squashed commit of the following:
commit
a88d8e5e36e9c9bdb18261b3fb9994f018d8b76e
Author: russ <rucombs@cisco.com>
Date: Thu Jun 18 12:50:04 2020 -0400
max_detect: detained inspection disabled pending further work
commit
e0a6c905a965853d6739177c528d2c3cfd317ff2
Author: russ <rucombs@cisco.com>
Date: Wed Jun 17 01:32:16 2020 -0400
snort: fix --dump-rule-meta with ips.states
commit
df44b9f9fdcc708d23b99e4dd6d4bd250ee73bc5
Author: russ <rucombs@cisco.com>
Date: Mon Jun 8 10:45:04 2020 -0400
detection: remove unused code
commit
947fb40131cf9b671bd63c9202dca0eac013bd1d
Author: russ <rucombs@cisco.com>
Date: Sun Jun 7 11:53:19 2020 -0400
regex: convert to same syntax as pcre plus fast_pattern option
commit
74fb07f83cb7eca507a9b0708078f1ab0e8f8c21
Author: russ <rucombs@cisco.com>
Date: Sat Jun 6 21:10:41 2020 -0400
mpse: remove unused pattern trimming support
commit
b3c00fbe13508a83763d06dfe583c76ab6af0763
Author: russ <rucombs@cisco.com>
Date: Sat Jun 6 00:40:59 2020 -0400
ips: update detection trees for earliest header checks
commit
07816e253eeba09240df1abc80386303ddbcc691
Author: russ <rucombs@cisco.com>
Date: Fri Jun 5 03:09:28 2020 -0400
ips: refactor fast pattern selection.
Enable content, regex, and sd_pattern options to be deduplicated.
commit
4e671b312dc3d168b48a48a7c8709eaf5cb125c5
Author: russ <rucombs@cisco.com>
Date: Mon Jun 1 08:53:01 2020 -0400
tweaks: updates for efficacy and performance
commit
5fc59bd0061a52750b57ff6cdf9e9d23b1da10f4
Author: russ <rucombs@cisco.com>
Date: Sat May 30 10:43:41 2020 -0400
appid: use configured search method for multi-pattern matching
commit
838255f2b79c8504a96f0f2d2000c83088b024ab
Author: russ <rucombs@cisco.com>
Date: Wed Jun 3 01:04:03 2020 -0400
ips: add http fast pattern buffers
These additional fast pattern buffers are supported:
http_raw_uri http_raw_header http_stat_code http_stat_msg http_cookie http_method
The current implementation handles them somewhat generically, so other
inspectors can provide a method or a stat_code buffer too. A future
iteration will make these buffers extensible.
commit
e8b52034c1735e2fa95911967753eec47f6ded26
Author: russ <rucombs@cisco.com>
Date: Sat May 30 19:34:58 2020 -0400
ips: add ips service vs buffer checks; add missing services
commit
822d67423914d137399d20a6fc7a462eb138c491
Author: russ <rucombs@cisco.com>
Date: Fri May 29 12:20:06 2020 -0400
ips: minimize port group construction for any-any and bidirectional rules
commit
e719dad994e1e1f65601bf439ef61dae5f904d66
Author: russ <rucombs@cisco.com>
Date: Tue May 26 13:07:58 2020 -0400
ips: enable non-service rules when service is detected
Do fast pattern searches for port groups after service groups.
Also, search_engine.detect_raw_tcp is applied to rules w/ or w/o a fast
pattern (previously, erroneously, only fast-pattern rules). In addition,
this no longer applies to flows w/o a service inspector. Such flows act
as if detect_raw_tcp is true regardless of setting.
commit
f11be51de012d6b6f290484329675c5bc5a7d077
Author: russ <rucombs@cisco.com>
Date: Tue May 19 22:09:48 2020 -0400
snort_defaults.lua: remove unused AIM_SERVERS var
projects / thirdparty / snort3.git / commit
