+19/12/20 - build 267
+
+-- appid: Adding command for third-party reload
+-- appid: cleanup unused code
+-- binder: assitant gadget support.
+-- build: Const-ify reference arguments as suggested by cppcheck
+-- catch: Add infrastructure for standalone Catch unit tests
+-- catch: Update to Catch v2.11.0
+-- codec: Added GRE::encode method
+-- control: Convert IdleProcessing unit tests to standalone Catch
+-- dce_rpc: Convert HTTP proxy and server splitter unit tests to standalone Catch
+-- file_api: When multiple files are processed simultaneously per flow, store the files on the
+ flow, not in the cache. Don't cache files until the signature has been computed
+-- file_magic: add file magic for .jar, .rar, .alz, .egg, .hwp and .swf files
+-- framework: Convert parameter and range unit tests to standalone Catch
+-- gtp: alerts should be raised for missing TEID in gtp msg
+-- helpers: Convert Base64Encoder unit tests to standalone Catch
+-- http2_inspect: add Stream class
+-- http2_inspect: parse settings frames
+-- http_inspect: support limited response depth
+-- ips: do not use includer for any rules file includes
+-- ips: fix --show-file-codes for inclusion from -c file
+-- lru_cache_shared: added find_else_insert to add user managed objects to the cache
+-- lua: Convert LuaStack unit tests to standalone Catch
+-- lua: Link lua_stack_test against libdl to handle the static luajit case
+-- packet_capture: ignore PDUs and defragged packets, include non-IP packets
+-- perf_monitor: Convert CSV, FBS, and JSON formatter unit tests to standalone Catch
+-- perf_monitor: tuning for flow_ip_memcap on reload
+-- profiler: Convert MemoryContext and ProfilerStatsTable unit tests to standalone Catch
+-- reload: fix issue where resource tuning was not being called when in idle context
+-- rule_state: allow empty tables
+-- search_engine: fix expected count of MPSEs when offloading
+-- sfip: Convert SfIp unit tests to standalone Catch
+-- sfip: Use REG_TEST-style IP stringification for standalone Catch tests
+-- stream_tcp: fix TcpState post increment operator to stop increment at max value (and use
+ correct max value)
+-- stream_tcp: refactor stream_tcp initialization to create reassemblers during plugin init
+-- stream_tcp: refactor to initialize tcp normalizers during plugin init
+-- stream/tcp: Remove some unused Catch includes
+-- time: Convert periodic and stopwatch unit tests to standalone Catch
+-- utils: Convert bitop unit tests to standalone Catch
+
19/12/04 - build 266
-- appid: Add new pattern to pop3, don't concatenate ssl certs, use openssl-1.1 compliant APIs
<div class="literalblock">\r
<div class="content">\r
<pre><code> ,,_ -*> Snort++ <*-\r
-o" )~ Version 3.0.0 (Build 266)\r
+o" )~ Version 3.0.0 (Build 267)\r
'''' By Martin Roesch & The Snort Team\r
http://snort.org/contact#team\r
Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.\r
It enables Snort to more quickly detect and block response messages\r
containing malicious JavaScript. As this feature involves actively blocking\r
traffic it is designed for use with inline mode operation (-Q).</p></div>\r
-<div class="paragraph"><p>This feature only functions with response_depth = -1 (unlimited). This\r
-limitation will be removed in a future version.</p></div>\r
<div class="paragraph"><p>This feature is off by default. detained_inspection = true will activate\r
it.</p></div>\r
</div>\r
<strong>appid.disable_debug</strong>(): disable appid debugging\r
</p>\r
</li>\r
+<li>\r
+<p>\r
+<strong>appid.reload_third_party</strong>(): reload appid third-party module\r
+</p>\r
+</li>\r
</ul></div>\r
<div class="paragraph"><p>Peg counts:</p></div>\r
<div class="ulist"><ul>\r
</li>\r
<li>\r
<p>\r
+int <strong>file_id.max_files_per_flow</strong> = 32: maximal number of files able to be concurrently processed per flow { 1:max53 }\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
bool <strong>file_id.enable_type</strong> = true: enable type ID\r
</p>\r
</li>\r
</p>\r
</li>\r
</ul></div>\r
+<div class="paragraph"><p>Rules:</p></div>\r
+<div class="ulist"><ul>\r
+<li>\r
+<p>\r
+<strong>150:1</strong> (file_id) file not processed due to per flow limit\r
+</p>\r
+</li>\r
+</ul></div>\r
<div class="paragraph"><p>Peg counts:</p></div>\r
<div class="ulist"><ul>\r
<li>\r
<strong>file_id.cache_failures</strong>: number of file cache add failures (sum)\r
</p>\r
</li>\r
+<li>\r
+<p>\r
+<strong>file_id.files_not_processed</strong>: number of files not processed due to per-flow limit (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>file_id.max_concurrent_files</strong>: maximum files processed concurrently on a flow (max)\r
+</p>\r
+</li>\r
</ul></div>\r
</div>\r
<div class="sect2">\r
<strong>143:3</strong> (gtp_inspect) information elements are out of order\r
</p>\r
</li>\r
+<li>\r
+<p>\r
+<strong>143:4</strong> (gtp_inspect) TEID is missing\r
+</p>\r
+</li>\r
</ul></div>\r
<div class="paragraph"><p>Peg counts:</p></div>\r
<div class="ulist"><ul>\r
</li>\r
<li>\r
<p>\r
-<strong>121:9</strong> (http2_inspect) HTTP/2 request missing required header field\r
+<strong>121:8</strong> (http2_inspect) HTTP/2 request missing required header field\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>121:9</strong> (http2_inspect) HTTP/2 response has no status code\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>121:10</strong> (http2_inspect) invalid HTTP/2 header field\r
</p>\r
</li>\r
<li>\r
<p>\r
-<strong>121:10</strong> (http2_inspect) HTTP/2 response has no status code\r
+<strong>121:11</strong> (http2_inspect) error in HTTP/2 settings frame\r
</p>\r
</li>\r
<li>\r
<p>\r
-<strong>121:11</strong> (http2_inspect) invalid HTTP/2 header field\r
+<strong>121:12</strong> (http2_inspect) unknown parameter in HTTP/2 settings frame\r
</p>\r
</li>\r
</ul></div>\r
<div class="ulist"><ul>\r
<li>\r
<p>\r
-<strong>perf_monitor.packets</strong>: total packets (sum)\r
+<strong>perf_monitor.packets</strong>: total packets processed by performance monitor (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>perf_monitor.total_frees</strong>: total flows pruned or freed by performance monitor (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>perf_monitor.reload_frees</strong>: flows freed on reload with changed memcap (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>perf_monitor.alloc_prunes</strong>: flows pruned on allocation of IP flows (sum)\r
</p>\r
</li>\r
</ul></div>\r
</li>\r
<li>\r
<p>\r
+<strong>stream.reload_tuning_idle</strong>: number of times stream resource tuner called while idle (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>stream.reload_tuning_packets</strong>: number of times stream resource tuner called while processing packets (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
<strong>stream.reload_total_adds</strong>: number of flows added by config reloads (sum)\r
</p>\r
</li>\r
</li>\r
<li>\r
<p>\r
+int <strong>file_id.max_files_per_flow</strong> = 32: maximal number of files able to be concurrently processed per flow { 1:max53 }\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
int <strong>file_id.show_data_depth</strong> = 100: print this many octets { 0:max53 }\r
</p>\r
</li>\r
</li>\r
<li>\r
<p>\r
+<strong>file_id.files_not_processed</strong>: number of files not processed due to per-flow limit (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>file_id.max_concurrent_files</strong>: maximum files processed concurrently on a flow (max)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
<strong>file_id.total_file_data</strong>: number of file data bytes processed (sum)\r
</p>\r
</li>\r
</li>\r
<li>\r
<p>\r
-<strong>perf_monitor.packets</strong>: total packets (sum)\r
+<strong>perf_monitor.alloc_prunes</strong>: flows pruned on allocation of IP flows (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>perf_monitor.packets</strong>: total packets processed by performance monitor (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>perf_monitor.reload_frees</strong>: flows freed on reload with changed memcap (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>perf_monitor.total_frees</strong>: total flows pruned or freed by performance monitor (sum)\r
</p>\r
</li>\r
<li>\r
</li>\r
<li>\r
<p>\r
+<strong>stream.reload_tuning_idle</strong>: number of times stream resource tuner called while idle (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>stream.reload_tuning_packets</strong>: number of times stream resource tuner called while processing packets (sum)\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
<strong>stream_tcp.client_cleanups</strong>: number of times data from server was flushed when session released (sum)\r
</p>\r
</li>\r
</li>\r
<li>\r
<p>\r
-<strong>146</strong>: file_id\r
+<strong>148</strong>: cip\r
</p>\r
</li>\r
<li>\r
<p>\r
-<strong>148</strong>: cip\r
+<strong>149</strong>: s7commplus\r
</p>\r
</li>\r
<li>\r
<p>\r
-<strong>149</strong>: s7commplus\r
+<strong>150</strong>: file_id\r
</p>\r
</li>\r
<li>\r
</li>\r
<li>\r
<p>\r
-<strong>121:9</strong> (http2_inspect) HTTP/2 request missing required header field\r
+<strong>121:8</strong> (http2_inspect) HTTP/2 request missing required header field\r
</p>\r
</li>\r
<li>\r
<p>\r
-<strong>121:10</strong> (http2_inspect) HTTP/2 response has no status code\r
+<strong>121:9</strong> (http2_inspect) HTTP/2 response has no status code\r
</p>\r
</li>\r
<li>\r
<p>\r
-<strong>121:11</strong> (http2_inspect) invalid HTTP/2 header field\r
+<strong>121:10</strong> (http2_inspect) invalid HTTP/2 header field\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>121:11</strong> (http2_inspect) error in HTTP/2 settings frame\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
+<strong>121:12</strong> (http2_inspect) unknown parameter in HTTP/2 settings frame\r
</p>\r
</li>\r
<li>\r
</li>\r
<li>\r
<p>\r
+<strong>143:4</strong> (gtp_inspect) TEID is missing\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
<strong>144:1</strong> (modbus) length in Modbus MBAP header does not match the length needed for the given function\r
</p>\r
</li>\r
</li>\r
<li>\r
<p>\r
+<strong>150:1</strong> (file_id) file not processed due to per flow limit\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
<strong>175:1</strong> (domain_filter) configured domain detected\r
</p>\r
</li>\r
</li>\r
<li>\r
<p>\r
+<strong>appid.reload_third_party</strong>(): reload appid third-party module\r
+</p>\r
+</li>\r
+<li>\r
+<p>\r
<strong>host_cache.dump</strong>(file_name): dump host cache\r
</p>\r
</li>\r
<div id="footer">\r
<div id="footer-text">\r
Last updated\r
- 2019-12-04 10:58:36 EST\r
+ 2019-12-20 13:13:48 EST\r
</div>\r
</div>\r
</body>\r
Snorty
,,_ -*> Snort++ <*-
-o" )~ Version 3.0.0 (Build 266)
+o" )~ Version 3.0.0 (Build 267)
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.
involves actively blocking traffic it is designed for use with inline
mode operation (-Q).
-This feature only functions with response_depth = -1 (unlimited).
-This limitation will be removed in a future version.
-
This feature is off by default. detained_inspection = true will
activate it.
* appid.enable_debug(proto, src_ip, src_port, dst_ip, dst_port):
enable appid debugging
* appid.disable_debug(): disable appid debugging
+ * appid.reload_third_party(): reload appid third-party module
Peg counts:
in bytes { 8:max53 }
* int file_id.max_files_cached = 65536: maximal number of files
cached in memory { 8:max53 }
+ * int file_id.max_files_per_flow = 32: maximal number of files able
+ to be concurrently processed per flow { 1:max53 }
* bool file_id.enable_type = true: enable type ID
* bool file_id.enable_signature = true: enable signature
calculation
* int file_id.verdict_delay = 0: number of queries to return final
verdict { 0:max53 }
+Rules:
+
+ * 150:1 (file_id) file not processed due to per flow limit
+
Peg counts:
* file_id.total_files: number of files processed (sum)
* file_id.total_file_data: number of file data bytes processed
(sum)
* file_id.cache_failures: number of file cache add failures (sum)
+ * file_id.files_not_processed: number of files not processed due to
+ per-flow limit (sum)
+ * file_id.max_concurrent_files: maximum files processed
+ concurrently on a flow (max)
9.17. file_log
* 143:1 (gtp_inspect) message length is invalid
* 143:2 (gtp_inspect) information element length is invalid
* 143:3 (gtp_inspect) information elements are out of order
+ * 143:4 (gtp_inspect) TEID is missing
Peg counts:
* 121:5 (http2_inspect) unexpected HTTP/2 continuation frame
* 121:6 (http2_inspect) misformatted HTTP/2 traffic
* 121:7 (http2_inspect) HTTP/2 connection preface does not match
- * 121:9 (http2_inspect) HTTP/2 request missing required header
+ * 121:8 (http2_inspect) HTTP/2 request missing required header
field
- * 121:10 (http2_inspect) HTTP/2 response has no status code
- * 121:11 (http2_inspect) invalid HTTP/2 header field
+ * 121:9 (http2_inspect) HTTP/2 response has no status code
+ * 121:10 (http2_inspect) invalid HTTP/2 header field
+ * 121:11 (http2_inspect) error in HTTP/2 settings frame
+ * 121:12 (http2_inspect) unknown parameter in HTTP/2 settings frame
Peg counts:
Peg counts:
- * perf_monitor.packets: total packets (sum)
+ * perf_monitor.packets: total packets processed by performance
+ monitor (sum)
+ * perf_monitor.total_frees: total flows pruned or freed by
+ performance monitor (sum)
+ * perf_monitor.reload_frees: flows freed on reload with changed
+ memcap (sum)
+ * perf_monitor.alloc_prunes: flows pruned on allocation of IP flows
+ (sum)
9.31. pop
* stream.expected_pruned: number of expected flows pruned (sum)
* stream.expected_overflows: number of expected cache overflows
(sum)
+ * stream.reload_tuning_idle: number of times stream resource tuner
+ called while idle (sum)
+ * stream.reload_tuning_packets: number of times stream resource
+ tuner called while processing packets (sum)
* stream.reload_total_adds: number of flows added by config reloads
(sum)
* stream.reload_total_deletes: number of flows deleted by config
seconds { 0:max31 }
* int file_id.max_files_cached = 65536: maximal number of files
cached in memory { 8:max53 }
+ * int file_id.max_files_per_flow = 32: maximal number of files able
+ to be concurrently processed per flow { 1:max53 }
* int file_id.show_data_depth = 100: print this many octets {
0:max53 }
* int file_id.signature_depth = 10485760: stop signature at this
out of local memory (sum)
* file_connector.messages: total messages (sum)
* file_id.cache_failures: number of file cache add failures (sum)
+ * file_id.files_not_processed: number of files not processed due to
+ per-flow limit (sum)
+ * file_id.max_concurrent_files: maximum files processed
+ concurrently on a flow (max)
* file_id.total_file_data: number of file data bytes processed
(sum)
* file_id.total_files: number of files processed (sum)
* packet_capture.captured: packets matching dumped after matching
filter (sum)
* packet_capture.processed: packets processed against filter (sum)
- * perf_monitor.packets: total packets (sum)
+ * perf_monitor.alloc_prunes: flows pruned on allocation of IP flows
+ (sum)
+ * perf_monitor.packets: total packets processed by performance
+ monitor (sum)
+ * perf_monitor.reload_frees: flows freed on reload with changed
+ memcap (sum)
+ * perf_monitor.total_frees: total flows pruned or freed by
+ performance monitor (sum)
* pop.b64_attachments: total base64 attachments decoded (sum)
* pop.b64_decoded_bytes: total base64 decoded bytes (sum)
* pop.concurrent_sessions: total concurrent pop sessions (now)
(sum)
* stream.reload_total_deletes: number of flows deleted by config
reloads (sum)
+ * stream.reload_tuning_idle: number of times stream resource tuner
+ called while idle (sum)
+ * stream.reload_tuning_packets: number of times stream resource
+ tuner called while processing packets (sum)
* stream_tcp.client_cleanups: number of times data from server was
flushed when session released (sum)
* stream_tcp.closing: number of sessions currently closing (now)
* 143: gtp_inspect
* 144: modbus
* 145: dnp3
- * 146: file_id
* 148: cip
* 149: s7commplus
+ * 150: file_id
* 175: domain_filter
* 256: dpx
* 121:5 (http2_inspect) unexpected HTTP/2 continuation frame
* 121:6 (http2_inspect) misformatted HTTP/2 traffic
* 121:7 (http2_inspect) HTTP/2 connection preface does not match
- * 121:9 (http2_inspect) HTTP/2 request missing required header
+ * 121:8 (http2_inspect) HTTP/2 request missing required header
field
- * 121:10 (http2_inspect) HTTP/2 response has no status code
- * 121:11 (http2_inspect) invalid HTTP/2 header field
+ * 121:9 (http2_inspect) HTTP/2 response has no status code
+ * 121:10 (http2_inspect) invalid HTTP/2 header field
+ * 121:11 (http2_inspect) error in HTTP/2 settings frame
+ * 121:12 (http2_inspect) unknown parameter in HTTP/2 settings frame
* 122:1 (port_scan) TCP portscan
* 122:2 (port_scan) TCP decoy portscan
* 122:3 (port_scan) TCP portsweep
* 143:1 (gtp_inspect) message length is invalid
* 143:2 (gtp_inspect) information element length is invalid
* 143:3 (gtp_inspect) information elements are out of order
+ * 143:4 (gtp_inspect) TEID is missing
* 144:1 (modbus) length in Modbus MBAP header does not match the
length needed for the given function
* 144:2 (modbus) Modbus protocol ID is non-zero
match the length needed for the given S7commplus function
* 149:2 (s7commplus) S7commplus protocol ID is non-zero
* 149:3 (s7commplus) reserved S7commplus function code in use
+ * 150:1 (file_id) file not processed due to per flow limit
* 175:1 (domain_filter) configured domain detected
* 256:1 (dpx) too much data sent to port
* appid.enable_debug(proto, src_ip, src_port, dst_ip, dst_port):
enable appid debugging
* appid.disable_debug(): disable appid debugging
+ * appid.reload_third_party(): reload appid third-party module
* host_cache.dump(file_name): dump host cache
* packet_capture.enable(filter): dump raw packets
* packet_capture.disable(): stop packet dump
// //
//-----------------------------------------------//
-#define BUILD_NUMBER 266
+#define BUILD_NUMBER 267
#ifndef EXTRABUILD
#define BUILD STRINGIFY_MX(BUILD_NUMBER)
projects / thirdparty / snort3.git / commitdiff
