The Snort Team
Revision History
-Revision 3.1.33.0 2022-06-30 07:50:31 EDT TST
+Revision 3.1.34.0 2022-07-07 11:57:12 EDT TST
---------------------------------------------------------------------
* int ips.id = 0: correlate unified2 events with configuration {
0:65535 }
* string ips.include: snort rules and includes
- * string ips.includer: for internal use; where includes are
- included from { (optional) }
* enum ips.mode: set policy mode { tap | inline | inline-test }
* bool ips.obfuscate_pii = false: mask all but the last 4
characters of credit card and social security numbers
rules w/o stubs
* int ips.id = 0: correlate unified2 events with configuration {
0:65535 }
- * string ips.includer: for internal use; where includes are
- included from { (optional) }
* string ips.include: snort rules and includes
* enum ips.mode: set policy mode { tap | inline | inline-test }
* bool ips.obfuscate_pii = false: mask all but the last 4
121:38 (http2_inspect) HTTP/2 non-Data frame longer than 63780 bytes
-HTTP/2 non-Data frame longer than 63780 bytes
+HTTP/2 non-Data frame longer than 63780 bytes. For HEADERS and
+PUSH_PROMISE frames this includes the size of any following
+continuation frames.
121:39 (http2_inspect) not HTTP/2 traffic or unrecoverable HTTP/2
protocol error
The Snort Team
Revision History
-Revision 3.1.33.0 2022-06-30 07:50:20 EDT TST
+Revision 3.1.34.0 2022-07-07 11:58:00 EDT TST
---------------------------------------------------------------------
change -> config 'daq_dir' ==> 'daq.module_dirs'
change -> config 'detection_filter' ==> 'alerts.detection_filter_memcap'
change -> config 'enable_deep_teredo_inspection' ==> 'udp.deep_teredo_inspection'
+change -> config 'enable_mpls_overlapping_ip' ==> 'packets.mpls_agnostic'
change -> config 'event_filter' ==> 'alerts.event_filter_memcap'
change -> config 'max_attribute_hosts' ==> 'attribute_table.max_hosts'
change -> config 'max_attribute_services_per_host' ==> 'attribute_table.max_services_per_host'
change -> daq_mode: 'config daq_mode:' ==> 'mode'
change -> daq_var: 'config daq_var:' ==> 'variables'
change -> detection: 'ac' ==> 'ac_full'
-change -> detection: 'ac-banded' ==> 'ac_banded'
+change -> detection: 'ac-banded' ==> 'ac_full'
change -> detection: 'ac-bnfa' ==> 'ac_bnfa'
change -> detection: 'ac-bnfa-nq' ==> 'ac_bnfa'
change -> detection: 'ac-bnfa-q' ==> 'ac_bnfa'
change -> detection: 'ac-nq' ==> 'ac_full'
change -> detection: 'ac-q' ==> 'ac_full'
-change -> detection: 'ac-sparsebands' ==> 'ac_sparse_bands'
+change -> detection: 'ac-sparsebands' ==> 'ac_full'
change -> detection: 'ac-split' ==> 'ac_full'
change -> detection: 'ac-split' ==> 'split_any_any'
-change -> detection: 'ac-std' ==> 'ac_std'
-change -> detection: 'acs' ==> 'ac_sparse'
+change -> detection: 'ac-std' ==> 'ac_full'
+change -> detection: 'acs' ==> 'ac_full'
change -> detection: 'bleedover-port-limit' ==> 'bleedover_port_limit'
change -> detection: 'debug-print-fast-pattern' ==> 'show_fast_patterns'
change -> detection: 'intel-cpm' ==> 'hyperscan'
change -> detection: 'max-pattern-len' ==> 'max_pattern_len'
change -> detection: 'no_stream_inserts' ==> 'detect_raw_tcp'
change -> detection: 'search-method' ==> 'search_method'
-change -> detection: 'search-optimize' ==> 'search_optimize'
change -> detection: 'split-any-any' ==> 'split_any_any = true by default'
change -> detection: 'split-any-any' ==> 'split_any_any'
change -> dnp3: 'ports' ==> 'bindings'
change -> reputation: 'shared_mem' ==> 'list_dir'
change -> sfportscan: 'proto' ==> 'protos'
change -> sfportscan: 'scan_type' ==> 'scan_types'
+change -> sip: 'max_requestName_len' ==> 'max_request_name_len'
change -> sip: 'ports' ==> 'bindings'
change -> smtp: 'ports' ==> 'bindings'
change -> ssh: 'server_ports' ==> 'bindings'
deleted -> config 'disable_inline_init_failopen'
deleted -> config 'disable_ipopt_alerts'
deleted -> config 'disable_ipopt_drops'
+deleted -> config 'disable_replace'
deleted -> config 'disable_tcpopt_alerts'
deleted -> config 'disable_tcpopt_drops'
deleted -> config 'disable_tcpopt_experimental_alerts'
deleted -> config 'enable_decode_oversized_drops'
deleted -> config 'enable_gtp'
deleted -> config 'enable_ipopt_drops'
+deleted -> config 'enable_mpls_multicast'
deleted -> config 'enable_tcpopt_drops'
deleted -> config 'enable_tcpopt_experimental_drops'
deleted -> config 'enable_tcpopt_obsolete_drops'
deleted -> config 'sflog_unified2'
deleted -> config 'sidechannel'
deleted -> config 'so_rule_memcap'
+deleted -> config 'stateful'
deleted -> csv: '<filename> can no longer be specific'
deleted -> csv: 'default'
deleted -> csv: 'trheader'
deleted -> detection: 'mwm'
+deleted -> detection: 'search-optimize is always true'
deleted -> dnp3: 'disabled'
deleted -> dnp3: 'memcap'
deleted -> dns: 'enable_experimental_types'
deleted -> full: '<filename> can no longer be specific'
deleted -> http_inspect: 'detect_anomalous_servers'
deleted -> http_inspect: 'disabled'
+deleted -> http_inspect: 'fast_blocking'
+deleted -> http_inspect: 'normalize_random_nulls_in_text'
deleted -> http_inspect: 'proxy_alert'
deleted -> http_inspect_server: 'allow_proxy_use'
deleted -> http_inspect_server: 'enable_cookie'
deleted -> stream5_tcp: 'log_asymmetric_traffic'
deleted -> stream5_tcp: 'policy noack'
deleted -> stream5_tcp: 'policy unknown'
+deleted -> stream5_tcp: 'use_static_footprint_sizes'
deleted -> stream5_udp: 'ignore_any_rules'
deleted -> tcpdump: '<filename> can no longer be specific'
deleted -> test: 'file'
projects / thirdparty / snort3.git / commitdiff
