+2023-10-10: 3.1.72.0
+
+* active: added API for printing delayed action string
+* appid: support to get correct http session based on stream_id
+* control: allow one command at a time
+* dce_rpc: using reset_using_rpkt() inline to what is there in eval() of SMB inspector code as well
+* flow_cache: added protocol base LRU caches
+* helpers: increase buffer space for function names, allow printing truncated names
+* http_inspect: clear fake headers snapshot for 0.9 response
+* http_inspect: run detection on failed utf decoding
+* memory: change NOW type counts to SUM type, where necessary
+* packet_io: fix daq stats
+* stream_tcp: accept 1 byte of trimmed probe data after zero window
+* stream_tcp: update rcv_nxt appropriately for each segment
+* tcp: timeout for embryonic and idle session
+
2023-09-25: 3.1.71.0
* appid, http_inspect, http2_inspect: create appid session if not present in decrypt event handler, add message section as part of StreamFlowIntf for httpx
The Snort Team
Revision History
-Revision 3.1.71.0 2023-09-25 07:40:20 EDT TST
+Revision 3.1.72.0 2023-10-10 22:54:49 EDT TST
---------------------------------------------------------------------
* daq.analyzed: total packets analyzed from DAQ (sum)
* daq.dropped: packets dropped (sum)
* daq.filtered: packets filtered out (sum)
- * daq.outstanding: packets unprocessed (sum)
+ * daq.outstanding: packets unprocessed (now)
+ * daq.outstanding_max: maximum of packets unprocessed (max)
* daq.injected: active responses or replacements (sum)
* daq.allow: total allow verdicts (sum)
* daq.block: total block verdicts (sum)
* memory.start_up_use: memory used before packet processing (now)
* memory.cur_in_use: current memory used (now)
* memory.max_in_use: maximum memory used (max)
- * memory.epochs: number of memory updates (now)
+ * memory.epochs: number of memory updates (sum)
* memory.allocated: total amount of memory allocated by packet
threads (now)
* memory.deallocated: total amount of memory deallocated by packet
threads (now)
* memory.reap_cycles: number of actionable over-limit conditions
- (now)
- * memory.reap_attempts: attempts to reclaim memory (now)
- * memory.reap_failures: failures to reclaim memory (now)
+ (sum)
+ * memory.reap_attempts: attempts to reclaim memory (sum)
+ * memory.reap_failures: failures to reclaim memory (sum)
* memory.reap_aborts: abort pruning before target due to process
- under limit (now)
+ under limit (sum)
* memory.reap_decrease: total amount of the decrease in thread
- memory while process over limit (now)
+ memory while process over limit (sum)
* memory.reap_increase: total amount of the increase in thread
- memory while process over limit (now)
+ memory while process over limit (sum)
* memory.app_all: total bytes allocated by application (now)
* memory.active: total bytes allocated in active pages (now)
* memory.resident: maximum bytes physically resident (now)
* int stream_tcp.session_timeout = 180: session tracking timeout {
1:max31 }
* bool stream_tcp.track_only = false: disable reassembly if true
+ * int stream_tcp.embryonic_timeout = 30: Non-established connection
+ timeout { 1:max31 }
+ * int stream_tcp.idle_timeout = 3600: session deletion on idle {
+ 1:max31 }
Rules:
given range { 0: }
* int stream.tcp_cache.idle_timeout = 3600: maximum inactive time
before retiring session tracker { 1:max32 }
+ * int stream_tcp.embryonic_timeout = 30: Non-established connection
+ timeout { 1:max31 }
* int stream_tcp.flush_factor = 0: flush upon seeing a drop in
segment size after given number of non-decreasing segments {
0:65535 }
+ * int stream_tcp.idle_timeout = 3600: session deletion on idle {
+ 1:max31 }
* int stream_tcp.max_pdu = 16384: maximum reassembled PDU size {
1460:32768 }
* int stream_tcp.max_window = 0: maximum allowed TCP window {
lack of DAQ support (sum)
* daq.other_messages: messages received from DAQ with unrecognized
message type (sum)
- * daq.outstanding: packets unprocessed (sum)
+ * daq.outstanding_max: maximum of packets unprocessed (max)
+ * daq.outstanding: packets unprocessed (now)
* daq.pcaps: total files and interfaces processed (max)
* daq.received: total packets received from DAQ (sum)
* daq.replace: total replace verdicts (sum)
* memory.cur_in_use: current memory used (now)
* memory.deallocated: total amount of memory deallocated by packet
threads (now)
- * memory.epochs: number of memory updates (now)
+ * memory.epochs: number of memory updates (sum)
* memory.max_in_use: maximum memory used (max)
* memory.reap_aborts: abort pruning before target due to process
- under limit (now)
- * memory.reap_attempts: attempts to reclaim memory (now)
+ under limit (sum)
+ * memory.reap_attempts: attempts to reclaim memory (sum)
* memory.reap_cycles: number of actionable over-limit conditions
- (now)
+ (sum)
* memory.reap_decrease: total amount of the decrease in thread
- memory while process over limit (now)
- * memory.reap_failures: failures to reclaim memory (now)
+ memory while process over limit (sum)
+ * memory.reap_failures: failures to reclaim memory (sum)
* memory.reap_increase: total amount of the increase in thread
- memory while process over limit (now)
+ memory while process over limit (sum)
* memory.resident: maximum bytes physically resident (now)
* memory.retained: total bytes not returned to OS (now)
* memory.start_up_use: memory used before packet processing (now)
projects / thirdparty / snort3.git / commitdiff
