+2023-07-30: 3.1.67.0
+
+* appid: do not raise SMTP response overflow IPS alert on SSL traffic
+* appid: SSL regex pattern implementation
+* build: fix cstdint related clearlinux errors
+* build: fix issues with local build
+* build: fix type resolution for OSX build environment
+* control: fix descriptor polling implementation (POSIX)
+* control: follow code style and formatting
+* detection: service_extension config
+* flow: fix ha_test use of stack variable
+* flow: make sure cpputest mock objects are initialized
+* ips_options: remove FIXIT comment from sd_pattern
+* lua: change cip binder rule from 22222 to 2222 (thanks to animator-ra on GitHub for this fix).
+* main: increase the user policy id range to 0 - 2^64-1
+* perf_mon: continue even when pegcounts can't be resolved
+* profiler: handle reload scenarios and tsan issues
+* profiler: remove interdependency with time and memory for accumulation
+* profiler: shell commands for time profiler
+* ssl: extract common name in the SSL certificate using openssl apis
+* ssl: parse and publish server common name from server certificate
+* ssl: remove wildcard character from common name string extracted from ssl certificate
+* style: fix whitespace
+
2023-07-14: 3.1.66.0
* appid: cache Complex HTTP Pattern glossary before detectors reload
The Snort Team
Revision History
-Revision 3.1.66.0 2023-07-14 16:06:42 EDT TST
+Revision 3.1.67.0 2023-07-30 09:54:39 EDT TST
---------------------------------------------------------------------
some speed during config reading)
* int detection.max_continuations_per_flow = 1024: maximum number
of continuations stored simultaneously on the flow { 0:65535 }
+ * string detection.service_extension[].service: service to perform
+ extension for
+ * string detection.service_extension[].extend_to
+ [].extend_to_service: service to extend to
Peg counts:
Configuration:
* int inspection.id = 0: correlate policy and events with other
- items in configuration { 0:65535 }
+ items in configuration { 0:max64 }
* string inspection.uuid: correlate events by uuid
* enum inspection.mode = inline-test: set policy mode { inline |
inline-test }
* bool ips.enable_builtin_rules = false: enable events from builtin
rules w/o stubs
* int ips.id = 0: correlate unified2 events with configuration {
- 0:65535 }
+ 0:max64 }
* string ips.include: snort rules and includes
* enum ips.mode: set policy mode { tap | inline | inline-test }
* bool ips.obfuscate_pii = true: mask all but the last 4 characters
* multi network.checksum_eval = all: checksums to verify { all | ip
| noip | tcp | notcp | udp | noudp | icmp | noicmp | none }
* int network.id = 0: correlate unified2 events with configuration
- { 0:max32 }
+ { 0:18446744073709551614 }
* int network.min_ttl = 1: alert / normalize packets with lower TTL
/ hop limit (you must enable rules and / or normalization also) {
1:255 }
* profiler.rule_status(): print rule profiler status
* profiler.rule_dump(output): print rule statistics in table or
json format (json format prints dates as Unix epoch)
+ * profiler.module_start(): enable module time profiling
+ * profiler.module_stop(): disable module time profiling
+ * profiler.module_dump(): print module time profiling statistics
+ * profiler.module_status(): show module time profiler status
2.27. rate_filter
overrides when pattern matching (ie ignore /O)
* bool detection.pcre_to_regex = false: enable the use of regex
instead of pcre for compatible expressions
+ * string detection.service_extension[].extend_to
+ [].extend_to_service: service to extend to
+ * string detection.service_extension[].service: service to perform
+ extension for
* bool dnp3.check_crc = false: validate checksums in DNP3 link
layer frames
* string dnp3_func.~: match DNP3 function code or name
* int imap.uu_decode_depth = -1: Unix-to-Unix decoding depth (-1 no
limit) { -1:65535 }
* int inspection.id = 0: correlate policy and events with other
- items in configuration { 0:65535 }
+ items in configuration { 0:max64 }
* int inspection.max_aux_ip = 16: maximum number of auxiliary IPs
per flow to detect and save (-1 = disable, 0 = detect but don’t
save, 1+ = save in FIFO manner) { -1:127 }
* bool ips.enable_builtin_rules = false: enable events from builtin
rules w/o stubs
* int ips.id = 0: correlate unified2 events with configuration {
- 0:65535 }
+ 0:max64 }
* string ips.include: snort rules and includes
* enum ips.mode: set policy mode { tap | inline | inline-test }
* bool ips.obfuscate_pii = true: mask all but the last 4 characters
* multi network.checksum_eval = all: checksums to verify { all | ip
| noip | tcp | notcp | udp | noudp | icmp | noicmp | none }
* int network.id = 0: correlate unified2 events with configuration
- { 0:max32 }
+ { 0:18446744073709551614 }
* int network.layers = 40: the maximum number of protocols that
Snort can correctly decode { 3:255 }
* int network.max_ip6_extensions = 0: the maximum number of IP6
* profiler.rule_status(): print rule profiler status
* profiler.rule_dump(output): print rule statistics in table or
json format (json format prints dates as Unix epoch)
+ * profiler.module_start(): enable module time profiling
+ * profiler.module_stop(): disable module time profiling
+ * profiler.module_dump(): print module time profiling statistics
+ * profiler.module_status(): show module time profiler status
* reputation.reload(): reload reputation data
* rna.dump_macs(): dump rna’s internal MAC trackers
* rna.delete_mac_host(mac): delete a MAC from rna’s MAC cache
projects / thirdparty / snort3.git / commitdiff
