Pull request #3837: build: generate and tag 3.1.61.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.61.0 to master

Squashed commit of the following:

commit 9f172e7f667828e6ddce5ccd9b26e802a3db4ce6
Author: Priyanka Gurudev <prbg@cisco.com>
Date:   Thu May 4 22:36:42 2023 -0400

    build: generate and tag 3.1.61.0

diff --git a/CMakeLists.txt b/CMakeLists.txt
index bba681a397a65345749e8cf82ee9a3944f9af6e6..8aa50f15044e0579b140efd9a8ae03953376b459 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ project (snort CXX C)
 
 set (VERSION_MAJOR 3)
 set (VERSION_MINOR 1)
-set (VERSION_PATCH 60)
+set (VERSION_PATCH 61)
 set (VERSION_SUBLEVEL 0)
 set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
 

diff --git a/ChangeLog.md b/ChangeLog.md
index 5fe04dfcaa895c40c0ecd7ac428909bcfbc0c355..cc65270db7f3b89a06f10da1f768ea341c37c62b 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,20 @@
+2023-05-04: 3.1.61.0
+
+* appid: appIdPegCounters thread data handling refactored to prevent data races
+* appid: ensure that TP SSL detection is not overwrite SMTPS service and client in a starttls session
+* appid: validate data size of SSL certificate record before parsing
+* build: remove unused header. Thanks to Rui Chen for reporting the issue.
+* cmake: update sed call. Thanks to graysky for reporting the issue.
+* flow: defensive fix to prevent crash if flow->prev is nullptr.
+* flow, hash, stream: add a free list node count that is output as a peg count
+* managers: check main SnortConfig pointer in InspectorManager::get_inspector() to avoid memory bad access calls
+* memory: fix memory pruning race condition and bail on reap failure
+* memory: provide a default value for pointers if the module has not been initialized
+* profiler: add shell commands
+* profiler: move profiler module to separate files
+* snort: add show_config_generation() command
+* stream_tcp: populate TCP pseudopackets with VLAN ids in TCP reassembler to avoid issues with secondary flow creation / expected flow cache
+
 2023-04-20: 3.1.60.0
 
 * appid: fixed TSAN warnings

diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text
index 9b11efb5e322e3faf7c566e5c3f2ec2e7ddaf7f3..9ef3c64605a3c727790d4a0582c6b3af0853d96b 100644 (file)
--- a/doc/reference/snort_reference.text
+++ b/doc/reference/snort_reference.text
@@ -8,7 +8,7 @@ Snort 3 Reference Manual
 The Snort Team
 
 Revision History
-Revision 3.1.60.0 2023-04-20 15:35:36 EDT TST
+Revision 3.1.61.0 2023-05-04 22:13:01 EDT TST
 
 ---------------------------------------------------------------------
 
@@ -1098,7 +1098,12 @@ Peg counts:
     (now)
   * memory.reap_attempts: attempts to reclaim memory (now)
   * memory.reap_failures: failures to reclaim memory (now)
-  * memory.pruned: total amount of memory pruned (now)
+  * memory.reap_aborts: abort pruning before target due to process
+    under limit (now)
+  * memory.reap_decrease: total amount of the decrease in thread
+    memory while process over limit (now)
+  * memory.reap_increase: total amount of the increase in thread
+    memory while process over limit (now)
 
 
 2.20. network
@@ -1317,6 +1322,13 @@ Configuration:
     | checks | avg_check | total_time | matches | no_matches | 
     avg_match | avg_no_match }
 
+Commands:
+
+  * profiler.rule_start(): enable rule profiler
+  * profiler.rule_stop(): disable rule profiler
+  * profiler.rule_status(): print rule profiler status
+  * profiler.rule_dump(): print rule statistics
+
 
 2.27. rate_filter
 
@@ -1706,8 +1718,9 @@ Commands:
     policy
   * snort.reload_daq(): reload daq module
   * snort.reload_hosts(filename): load a new hosts table
-  * snort.log_command(command, logging): enabled or disable logging
-    of a command
+  * snort.log_command(command, logging): enable or disable command
+    logging
+  * snort.show_config_generation(): show loaded configuration ID
   * snort.pause(): suspend packet processing
   * snort.resume(pkt_num): continue packet processing. If number of
     packets is specified, will resume for n packets and pause
@@ -5586,6 +5599,8 @@ Peg counts:
   * stream.reload_offloaded_deletes: number of offloaded flows
     deleted by config reloads (sum)
   * stream.current_flows: current number of flows in cache (now)
+  * stream.current_free_flows: current number of free flows in cache
+    (now)
   * stream.uni_flows: number of uni flows in cache (now)
   * stream.uni_ip_flows: number of uni ip flows in cache (now)
 
@@ -11659,11 +11674,16 @@ libraries see the Getting Started section of the manual.
     threads (now)
   * memory.epochs: number of memory updates (now)
   * memory.max_in_use: maximum memory used (max)
-  * memory.pruned: total amount of memory pruned (now)
+  * memory.reap_aborts: abort pruning before target due to process
+    under limit (now)
   * memory.reap_attempts: attempts to reclaim memory (now)
   * memory.reap_cycles: number of actionable over-limit conditions
     (now)
+  * memory.reap_decrease: total amount of the decrease in thread
+    memory while process over limit (now)
   * memory.reap_failures: failures to reclaim memory (now)
+  * memory.reap_increase: total amount of the increase in thread
+    memory while process over limit (now)
   * memory.start_up_use: memory used before packet processing (now)
   * mem_test.packets: total packets (sum)
   * mms.concurrent_sessions: total concurrent MMS sessions (now)
@@ -11997,6 +12017,8 @@ libraries see the Getting Started section of the manual.
   * ssl.sessions_ignored: total sessions ignore (sum)
   * ssl.unrecognized_records: total unrecognized records (sum)
   * stream.current_flows: current number of flows in cache (now)
+  * stream.current_free_flows: current number of free flows in cache
+    (now)
   * stream.excess_prunes: sessions pruned due to excess (sum)
   * stream.expected_flows: total expected flows created within snort
     (sum)
@@ -15542,6 +15564,10 @@ alert is raised by the enhanced JavaScript normalizer.
     host pairs
   * perf_monitor.show_flow_ip_profiling(): show status of statistics
     on host pairs
+  * profiler.rule_start(): enable rule profiler
+  * profiler.rule_stop(): disable rule profiler
+  * profiler.rule_status(): print rule profiler status
+  * profiler.rule_dump(): print rule statistics
   * reputation.reload(): reload reputation data
   * rna.dump_macs(): dump rna’s internal MAC trackers
   * rna.delete_mac_host(mac): delete a MAC from rna’s MAC cache
@@ -15562,8 +15588,9 @@ alert is raised by the enhanced JavaScript normalizer.
     policy
   * snort.reload_daq(): reload daq module
   * snort.reload_hosts(filename): load a new hosts table
-  * snort.log_command(command, logging): enabled or disable logging
-    of a command
+  * snort.log_command(command, logging): enable or disable command
+    logging
+  * snort.show_config_generation(): show loaded configuration ID
   * snort.pause(): suspend packet processing
   * snort.resume(pkt_num): continue packet processing. If number of
     packets is specified, will resume for n packets and pause

diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text
index 3ee9fd69a7dd66b72f38f7f4df577ee4c165e137..2dd2792b51b1e38f896b3d4d79c4d78ab4815c37 100644 (file)
--- a/doc/upgrade/snort_upgrade.text
+++ b/doc/upgrade/snort_upgrade.text
@@ -8,7 +8,7 @@ Snort 3 Upgrade Manual
 The Snort Team
 
 Revision History
-Revision 3.1.60.0 2023-04-20 15:36:43 EDT TST
+Revision 3.1.61.0 2023-05-04 22:14:07 EDT TST
 
 ---------------------------------------------------------------------
 

diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text
index eeb14ebd41ed5b9ec306b997ad5f0843abf8446f..4523752c56b20dfd260dd03c75651539616fd3ea 100644 (file)
--- a/doc/user/snort_user.text
+++ b/doc/user/snort_user.text
@@ -8,7 +8,7 @@ Snort 3 User Manual
 The Snort Team
 
 Revision History
-Revision 3.1.60.0 2023-04-20 15:35:58 EDT TST
+Revision 3.1.61.0 2023-05-04 22:13:23 EDT TST
 
 ---------------------------------------------------------------------