From: Michael Altizer (mialtize) Date: Wed, 15 Jul 2020 17:18:55 +0000 (+0000) Subject: Merge pull request #2331 in SNORT/snort3 from ~MSTEPANE/snort3:3_0_2_build_2 to master X-Git-Tag: 3.0.2-2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ecc3db7ce87ce660cdf772673aa92dee52c5ae9;p=thirdparty%2Fsnort3.git Merge pull request #2331 in SNORT/snort3 from ~MSTEPANE/snort3:3_0_2_build_2 to master Squashed commit of the following: commit a5a8831003f9a69391a06e4488e9314adc96e140 Author: Mike Stepanek Date: Wed Jul 15 08:27:56 2020 -0400 build: generate and tag 3.0.2 build 2 --- diff --git a/ChangeLog b/ChangeLog index c3b6211b8..d6b5c1367 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,29 @@ +2020/07/15 - 3.0.2 build 2 + +-- appid: Moving thread local ODP stuff to a new class +-- binder: delete obsolete network_policy parsing code +-- build: Fix static analyzer complaints about unused stored values +-- daq: Fix calculation of outstanding packets stat to properly use the delta +-- dce_rpc: adding support for multiple smbv2 sessions for same tcp connection +-- dce_rpc: Invalid endpoint mapper message +-- dce_rpc: SMB ID invalid memory access +-- http_inspect: send MIME full message body for file processing +-- main: add config options --ignore-warn-rules and --ignore-warn-flowbits to snort module +-- mime: mime no longer overwrites file_data buffer for http packets +-- smtp: generate SSL_SEARCH_ABANDONED event when no STARTTLS is detected +-- smtp: support opportunistic SSL/TLS switch over +-- stream_tcp: coding style improvements +-- stream_tcp: eliminate direct references to the Packet* wherevever possible within the TCP state + machine context +-- stream_tcp: eliminate use of STREAM_INSERT_OK as return code, it conveyed no useful information + and was ultimately unused +-- stream_tcp: implement meta-ack pseudo packet as thread local that is reused on each meta-ack TSD +-- stream_tcp: implement support for processing meta-ack information when present +-- stream_tcp: meta-ack from daq is in network order not host, remove conversion from host to + network +-- stream_tcp: process meta-ack info in any flush policy mode +-- trace: add support for DAQ trace filtering + 2020/07/06 - 3.0.2 build 1 -- appid: Appid coverity issues diff --git a/doc/snort_manual.html b/doc/snort_manual.html index ba52b11cf..342fbbcf7 100644 --- a/doc/snort_manual.html +++ b/doc/snort_manual.html @@ -782,7 +782,7 @@ asciidoc.install(2); 
 ,,_     -*> Snort++ <*-
-o"  )~   Version 3.0.2 (Build 1)
+o"  )~   Version 3.0.2 (Build 2)
  ''''    By Martin Roesch & The Snort Team
          http://snort.org/contact#team
          Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
@@ -6918,7 +6918,8 @@ on a flow that packet is related. By default filtering is disabled.
src_ip - match all packets with a flow that has this client IP address (passed as a string) src_port - match all packets with a flow that has this source port dst_ip - match all packets with a flow that has this server IP address (passed as a string) -dst_port - match all packets with a flow that has this destination port +dst_port - match all packets with a flow that has this destination port +match - boolean flag to enable/disable whether constraints will ever match (enabled by default)

The following lines placed in snort.lua will enable all trace messages for detection filtered by ip_proto, dst_ip, src_port and dst_port:

@@ -6939,6 +6940,25 @@ detection filtered by ip_proto, dst_ip, src_port and dst_port:

} } +

To create constraints that will never successfully match, set the match +parameter to false. This is useful for situations where one is relying on +external packet filtering from the DAQ module, or for preventing all trace +messages in the context of a packet. The following is an example of such +configuration:

+
+
+
trace =
+{
+    modules =
+    {
+        snort = { all = 1 }
+    },
+    constraints =
+    {
+        match = false
+    }
+}
+

Trace module - configuring trace output method

@@ -9665,6 +9685,16 @@ implied snort.--id-zero: use id prefix / subdirectory even with

  • +implied snort.--ignore-warn-flowbits: ignore warnings about flowbits that are checked but not set and vice-versa +

    +
    • +
  • +

    +implied snort.--ignore-warn-rules: ignore warnings about duplicate rules and rule parsing issues +

    +
    • +
  • +

    string snort.--include-path: <path> where to find Lua and rule included files; searched before current or config directories

    • @@ -10109,6 +10139,11 @@ string suppress[].ip: restrict suppression to thes

    • +int trace.modules.latency.all: enable all trace options { 0:255 } +

      +
      • +
    • +

      int trace.modules.detection.all: enable all trace options { 0:255 }

      • @@ -10154,67 +10189,62 @@ int trace.modules.detection.tag: enable tag trace logging { 0:2

    • -int trace.modules.stream_user.all: enable all trace options { 0:255 } -

      -
      • -
    • -

      -int trace.modules.stream_ip.all: enable all trace options { 0:255 } +int trace.modules.stream.all: enable all trace options { 0:255 }

    • -int trace.modules.stream.all: enable all trace options { 0:255 } +int trace.modules.gtp_inspect.all: enable all trace options { 0:255 }

    • -int trace.modules.snort.all: enable all trace options { 0:255 } +int trace.modules.stream_user.all: enable all trace options { 0:255 }

    • -int trace.modules.snort.main: enable main trace logging { 0:255 } +int trace.modules.dce_smb.all: enable all trace options { 0:255 }

    • -int trace.modules.snort.inspector_manager: enable inspector manager trace logging { 0:255 } +int trace.modules.decode.all: enable all trace options { 0:255 }

    • -int trace.modules.dce_smb.all: enable all trace options { 0:255 } +int trace.modules.dce_udp.all: enable all trace options { 0:255 }

    • -int trace.modules.dce_udp.all: enable all trace options { 0:255 } +int trace.modules.appid.all: enable all trace options { 0:255 }

    • -int trace.modules.latency.all: enable all trace options { 0:255 } +int trace.modules.snort.all: enable all trace options { 0:255 }

    • -int trace.modules.wizard.all: enable all trace options { 0:255 } +int trace.modules.snort.main: enable main trace logging { 0:255 }

    • -int trace.modules.gtp_inspect.all: enable all trace options { 0:255 } +int trace.modules.snort.inspector_manager: enable inspector manager trace logging { 0:255 }

    • -int trace.modules.appid.all: enable all trace options { 0:255 } +int trace.modules.stream_ip.all: enable all trace options { 0:255 }

    • -int trace.modules.decode.all: enable all trace options { 0:255 } +int trace.modules.wizard.all: enable all trace options { 0:255 }

    • @@ -10244,6 +10274,11 @@ int trace.constraints.dst_port: destination port filter { 0:655

    • +bool trace.constraints.match = true: use constraints to filter traces +

      +
      • +
    • +

      enum trace.output: output method for trace log messages { stdout | syslog }

      • @@ -11852,11 +11887,6 @@ string binder[].use.ips_policy: use ips policy fro

    • -string binder[].use.network_policy: deprecated, ignored by binder -

      -
      • -
    • -

      string binder[].use.service: override automatic service identification

      • @@ -12112,6 +12142,16 @@ string dce_smb.smb_invalid_shares: SMB shares to alert on bool dce_smb.smb_legacy_mode = false: inspect only SMBv1

      +
    • +

      +int dce_smb.smb_max_credit = 8192: Maximum number of outstanding request { 1:65536 } +

      +
      • +
    • +

      +int dce_smb.memcap = 8388608: Memory utilization limit on smb { 512:maxSZ } +

      +

    Rules:

      @@ -12495,37 +12535,272 @@ bool dce_smb.smb_legacy_mode = false: inspect only SMBv1

    • -dce_smb.smbv2_create: total number of SMBv2 create packets seen (sum) +dce_smb.v2_setup: total number of SMBv2 setup packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_setup_err_resp: total number of SMBv2 setup error response packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_setup_inv_str_sz: total number of SMBv2 setup packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_setup_resp_hdr_err: total number of SMBv2 setup response packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_cnct: total number of SMBv2 tree connect packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_cnct_err_resp: total number of SMBv2 tree connect error response packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_cnct_ignored: total number of SMBv2 setup response packets ignored due to failure in creating tree tracker (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_cnct_inv_str_sz: total number of SMBv2 tree connect packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_cnct_resp_hdr_err: total number of SMBv2 tree connect response packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt: total number of SMBv2 create packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_err_resp: total number of SMBv2 create error response packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_inv_file_data: total number of SMBv2 create request packets ignored due to error in getting file name (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_inv_str_sz: total number of SMBv2 create packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_resp_hdr_err: total number of SMBv2 create response packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_req_hdr_err: total number of SMBv2 create request packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_rtrkr_misng: total number of SMBv2 create response packets ignored due to missing create request tracker (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_req_ipc: total number of SMBv2 create request packets ignored as share type is IPC (sum) +

      +
      • +
    • +

      +dce_smb.v2_crt_tree_trkr_misng: total number of SMBv2 create response packets ignored due to missing tree tracker (sum) +

      +
      • +
    • +

      +dce_smb.v2_wrt: total number of SMBv2 write packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_wrt_err_resp: total number of SMBv2 write error response packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_wrt_ignored: total number of SMBv2 write packets ignored due to missing trackers or invalid share type (sum) +

      +
      • +
    • +

      +dce_smb.v2_wrt_inv_str_sz: total number of SMBv2 write packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_wrt_req_hdr_err: total number of SMBv2 write request packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_read: total number of SMBv2 read packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_read_err_resp: total number of SMBv2 read error response packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_read_ignored: total number of SMBv2 write packets ignored due to missing trackers or invalid share type (sum) +

      +
      • +
    • +

      +dce_smb.v2_read_inv_str_sz: total number of SMBv2 read packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_read_rtrkr_misng: total number of SMBv2 read response packets ignored due to missing read request tracker (sum) +

      +
      • +
    • +

      +dce_smb.v2_read_resp_hdr_err: total number of SMBv2 read response packets ignored due to corrupted header (sum)

    • -dce_smb.smbv2_write: total number of SMBv2 write packets seen (sum) +dce_smb.v2_read_req_hdr_err: total number of SMBv2 read request packets ignored due to corrupted header (sum)

    • -dce_smb.smbv2_read: total number of SMBv2 read packets seen (sum) +dce_smb.v2_stinf: total number of SMBv2 set info packets seen (sum)

    • -dce_smb.smbv2_set_info: total number of SMBv2 set info packets seen (sum) +dce_smb.v2_stinf_err_resp: total number of SMBv2 set info error response packets seen (sum)

    • -dce_smb.smbv2_tree_connect: total number of SMBv2 tree connect packets seen (sum) +dce_smb.v2_stinf_ignored: total number of SMBv2 set info packets ignored due to missing trackers or invalid share type (sum)

    • -dce_smb.smbv2_tree_disconnect: total number of SMBv2 tree disconnect packets seen (sum) +dce_smb.v2_stinf_inv_str_sz: total number of SMBv2 set info packets seen with invalid structure size (sum)

    • -dce_smb.smbv2_close: total number of SMBv2 close packets seen (sum) +dce_smb.v2_stinf_req_ftrkr_misng: total number of SMBv2 set info request packets ignored due to missing file tracker (sum) +

      +
      • +
    • +

      +dce_smb.v2_stinf_req_hdr_err: total number of SMBv2 set info request packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_cls: total number of SMBv2 close packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_cls_err_resp: total number of SMBv2 close error response packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_cls_ignored: total number of SMBv2 close packets ignored due to missing trackers or invalid share type (sum) +

      +
      • +
    • +

      +dce_smb.v2_cls_inv_str_sz: total number of SMBv2 close packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_cls_req_ftrkr_misng: total number of SMBv2 close request packets ignored due to missing file tracker (sum) +

      +
      • +
    • +

      +dce_smb.v2_cls_req_hdr_err: total number of SMBv2 close request packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_discn: total number of SMBv2 tree disconnect packets seen (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_discn_ignored: total number of SMBv2 tree disconnect packets ignored due to missing trackers or invalid share type (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_discn_inv_str_sz: total number of SMBv2 tree disconnect packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_tree_discn_req_hdr_err: total number of SMBv2 tree disconnect request packets ignored due to corrupted header (sum) +

      +
      • +
    • +

      +dce_smb.v2_logoff: total number of SMBv2 logoff (sum) +

      +
      • +
    • +

      +dce_smb.v2_logoff_inv_str_sz: total number of SMBv2 logoff packets seen with invalid structure size (sum) +

      +
      • +
    • +

      +dce_smb.v2_hdr_err: total number of SMBv2 packets seen with corrupted hdr (sum) +

      +
      • +
    • +

      +dce_smb.v2_bad_next_cmd_offset: total number of SMBv2 packets seen with invalid next command offset (sum) +

      +
      • +
    • +

      +dce_smb.v2_extra_file_data_err: total number of SMBv2 packets seen with where file data beyond file size is observed (sum) +

      +
      • +
    • +

      +dce_smb.v2_inv_file_ctx_err: total number of times null file context are seen resulting in not being able to set file size (sum) +

      +
      • +
    • +

      +dce_smb.v2_msgs_uninspected: total number of SMBv2 packets seen where command is not being inspected (sum) +

      +
      • +
    • +

      +dce_smb.v2_cmpnd_req_lt_crossed: total number of SMBv2 packets seen where compound requests exceed the smb_max_compound limit (sum)

    • @@ -18253,6 +18528,11 @@ bool stream_tcp.track_only = false: disable reassembly if true

    • +stream_tcp.meta_acks: number of meta acks processed (sum) +

      +
      • +
    • +

      stream_tcp.packets_held: number of packets held (sum)

      • @@ -25458,6 +25738,16 @@ these libraries see the Getting Started section of the manual.

  • +--ignore-warn-flowbits ignore warnings about flowbits that are checked but not set and vice-versa +

    +
    • +
  • +

    +--ignore-warn-rules ignore warnings about duplicate rules and rule parsing issues +

    +
    • +
  • +

    --include-path <path> where to find Lua and rule included files; searched before current or config directories

    • @@ -26098,11 +26388,6 @@ string binder[].use.name: symbol name (defaults to

  • -string binder[].use.network_policy: deprecated, ignored by binder -

    -
    • -
  • -

    string binder[].use.service: override automatic service identification

    • @@ -26663,6 +26948,11 @@ int dce_smb.max_frag_len = 65535: maximum fragment size for def

  • +int dce_smb.memcap = 8388608: Memory utilization limit on smb { 512:maxSZ } +

    +
    • +
  • +

    enum dce_smb.policy = WinXP: target based policy to use { Win2000 | WinXP | WinVista | Win2003 | Win2008 | Win7 | Samba | Samba-3.0.37 | Samba-3.0.22 | Samba-3.0.20 }

    • @@ -26708,6 +26998,11 @@ int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255

  • +int dce_smb.smb_max_credit = 8192: Maximum number of outstanding request { 1:65536 } +

    +
    • +
  • +

    multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 | v2 | all }

    • @@ -29888,6 +30183,16 @@ implied snort.--id-zero: use id prefix / subdirectory even with

  • +implied snort.--ignore-warn-flowbits: ignore warnings about flowbits that are checked but not set and vice-versa +

    +
    • +
  • +

    +implied snort.--ignore-warn-rules: ignore warnings about duplicate rules and rule parsing issues +

    +
    • +
  • +

    string snort.-i: <iface>… list of interfaces

    • @@ -30778,6 +31083,11 @@ int trace.constraints.ip_proto: numerical IP protocol ID filter

  • +bool trace.constraints.match = true: use constraints to filter traces +

    +
    • +
  • +

    string trace.constraints.src_ip: source IP address filter

    • @@ -31518,37 +31828,272 @@ interval wscale.~range: check if TCP window scale is in given r

  • -dce_smb.smbv2_close: total number of SMBv2 close packets seen (sum) +dce_smb.v2_bad_next_cmd_offset: total number of SMBv2 packets seen with invalid next command offset (sum) +

    +
    • +
  • +

    +dce_smb.v2_cls_err_resp: total number of SMBv2 close error response packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_cls_ignored: total number of SMBv2 close packets ignored due to missing trackers or invalid share type (sum) +

    +
    • +
  • +

    +dce_smb.v2_cls_inv_str_sz: total number of SMBv2 close packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_cls_req_ftrkr_misng: total number of SMBv2 close request packets ignored due to missing file tracker (sum) +

    +
    • +
  • +

    +dce_smb.v2_cls_req_hdr_err: total number of SMBv2 close request packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_cls: total number of SMBv2 close packets seen (sum)

  • -dce_smb.smbv2_create: total number of SMBv2 create packets seen (sum) +dce_smb.v2_cmpnd_req_lt_crossed: total number of SMBv2 packets seen where compound requests exceed the smb_max_compound limit (sum)

  • -dce_smb.smbv2_read: total number of SMBv2 read packets seen (sum) +dce_smb.v2_crt_err_resp: total number of SMBv2 create error response packets seen (sum)

  • -dce_smb.smbv2_set_info: total number of SMBv2 set info packets seen (sum) +dce_smb.v2_crt_inv_file_data: total number of SMBv2 create request packets ignored due to error in getting file name (sum)

  • -dce_smb.smbv2_tree_connect: total number of SMBv2 tree connect packets seen (sum) +dce_smb.v2_crt_inv_str_sz: total number of SMBv2 create packets seen with invalid structure size (sum)

  • -dce_smb.smbv2_tree_disconnect: total number of SMBv2 tree disconnect packets seen (sum) +dce_smb.v2_crt_req_hdr_err: total number of SMBv2 create request packets ignored due to corrupted header (sum)

  • -dce_smb.smbv2_write: total number of SMBv2 write packets seen (sum) +dce_smb.v2_crt_req_ipc: total number of SMBv2 create request packets ignored as share type is IPC (sum) +

    +
    • +
  • +

    +dce_smb.v2_crt_resp_hdr_err: total number of SMBv2 create response packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_crt_rtrkr_misng: total number of SMBv2 create response packets ignored due to missing create request tracker (sum) +

    +
    • +
  • +

    +dce_smb.v2_crt: total number of SMBv2 create packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_crt_tree_trkr_misng: total number of SMBv2 create response packets ignored due to missing tree tracker (sum) +

    +
    • +
  • +

    +dce_smb.v2_extra_file_data_err: total number of SMBv2 packets seen with where file data beyond file size is observed (sum) +

    +
    • +
  • +

    +dce_smb.v2_hdr_err: total number of SMBv2 packets seen with corrupted hdr (sum) +

    +
    • +
  • +

    +dce_smb.v2_inv_file_ctx_err: total number of times null file context are seen resulting in not being able to set file size (sum) +

    +
    • +
  • +

    +dce_smb.v2_logoff_inv_str_sz: total number of SMBv2 logoff packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_logoff: total number of SMBv2 logoff (sum) +

    +
    • +
  • +

    +dce_smb.v2_msgs_uninspected: total number of SMBv2 packets seen where command is not being inspected (sum) +

    +
    • +
  • +

    +dce_smb.v2_read_err_resp: total number of SMBv2 read error response packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_read_ignored: total number of SMBv2 write packets ignored due to missing trackers or invalid share type (sum) +

    +
    • +
  • +

    +dce_smb.v2_read_inv_str_sz: total number of SMBv2 read packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_read_req_hdr_err: total number of SMBv2 read request packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_read_resp_hdr_err: total number of SMBv2 read response packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_read_rtrkr_misng: total number of SMBv2 read response packets ignored due to missing read request tracker (sum) +

    +
    • +
  • +

    +dce_smb.v2_read: total number of SMBv2 read packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_setup_err_resp: total number of SMBv2 setup error response packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_setup_inv_str_sz: total number of SMBv2 setup packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_setup_resp_hdr_err: total number of SMBv2 setup response packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_setup: total number of SMBv2 setup packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_stinf_err_resp: total number of SMBv2 set info error response packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_stinf_ignored: total number of SMBv2 set info packets ignored due to missing trackers or invalid share type (sum) +

    +
    • +
  • +

    +dce_smb.v2_stinf_inv_str_sz: total number of SMBv2 set info packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_stinf_req_ftrkr_misng: total number of SMBv2 set info request packets ignored due to missing file tracker (sum) +

    +
    • +
  • +

    +dce_smb.v2_stinf_req_hdr_err: total number of SMBv2 set info request packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_stinf: total number of SMBv2 set info packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_cnct_err_resp: total number of SMBv2 tree connect error response packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_cnct_ignored: total number of SMBv2 setup response packets ignored due to failure in creating tree tracker (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_cnct_inv_str_sz: total number of SMBv2 tree connect packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_cnct_resp_hdr_err: total number of SMBv2 tree connect response packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_cnct: total number of SMBv2 tree connect packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_discn_ignored: total number of SMBv2 tree disconnect packets ignored due to missing trackers or invalid share type (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_discn_inv_str_sz: total number of SMBv2 tree disconnect packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_discn_req_hdr_err: total number of SMBv2 tree disconnect request packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_tree_discn: total number of SMBv2 tree disconnect packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_wrt_err_resp: total number of SMBv2 write error response packets seen (sum) +

    +
    • +
  • +

    +dce_smb.v2_wrt_ignored: total number of SMBv2 write packets ignored due to missing trackers or invalid share type (sum) +

    +
    • +
  • +

    +dce_smb.v2_wrt_inv_str_sz: total number of SMBv2 write packets seen with invalid structure size (sum) +

    +
    • +
  • +

    +dce_smb.v2_wrt_req_hdr_err: total number of SMBv2 write request packets ignored due to corrupted header (sum) +

    +
    • +
  • +

    +dce_smb.v2_wrt: total number of SMBv2 write packets seen (sum)

  • @@ -34048,6 +34593,11 @@ interval wscale.~range: check if TCP window scale is in given r

  • +stream_tcp.meta_acks: number of meta acks processed (sum) +

    +
    • +
  • +

    stream_tcp.overlaps: overlapping segments queued (sum)

    • @@ -40383,7 +40933,7 @@ Adding/removing stream_* inspectors if stream was already configured diff --git a/doc/snort_manual.pdf b/doc/snort_manual.pdf index 8b7eb8bcf..f16145a92 100644 Binary files a/doc/snort_manual.pdf and b/doc/snort_manual.pdf differ diff --git a/doc/snort_manual.text b/doc/snort_manual.text index 8ca3b0cd6..1a9a60b2b 100644 --- a/doc/snort_manual.text +++ b/doc/snort_manual.text @@ -409,7 +409,7 @@ Table of Contents Snorty ,,_ -*> Snort++ <*- -o" )~ Version 3.0.2 (Build 1) +o" )~ Version 3.0.2 (Build 2) '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved. @@ -5328,6 +5328,7 @@ src_ip - match all packets with a flow that has this client IP address (passed a src_port - match all packets with a flow that has this source port dst_ip - match all packets with a flow that has this server IP address (passed as a string) dst_port - match all packets with a flow that has this destination port +match - boolean flag to enable/disable whether constraints will ever match (enabled by default) The following lines placed in snort.lua will enable all trace messages for detection filtered by ip_proto, dst_ip, src_port and @@ -5348,6 +5349,24 @@ trace = } } +To create constraints that will never successfully match, set the +match parameter to false. This is useful for situations where one is +relying on external packet filtering from the DAQ module, or for +preventing all trace messages in the context of a packet. The +following is an example of such configuration: + +trace = +{ + modules = + { + snort = { all = 1 } + }, + constraints = + { + match = false + } +} + 5.17.4. Trace module - configuring trace output method There is a capability to configure the output method for trace @@ -6909,6 +6928,10 @@ Configuration: logdir instead of instance filename prefix * implied snort.--id-zero: use id prefix / subdirectory even with one packet thread + * implied snort.--ignore-warn-flowbits: ignore warnings about + flowbits that are checked but not set and vice-versa + * implied snort.--ignore-warn-rules: ignore warnings about + duplicate rules and rule parsing issues * string snort.--include-path: where to find Lua and rule included files; searched before current or config directories * implied snort.--list-buffers: output available inspection buffers @@ -7080,6 +7103,7 @@ Usage: global Configuration: + * int trace.modules.latency.all: enable all trace options { 0:255 } * int trace.modules.detection.all: enable all trace options { 0:255 } * int trace.modules.detection.detect_engine: enable detection @@ -7098,23 +7122,22 @@ Configuration: logging { 0:255 } * int trace.modules.detection.tag: enable tag trace logging { 0:255 } + * int trace.modules.stream.all: enable all trace options { 0:255 } + * int trace.modules.gtp_inspect.all: enable all trace options { + 0:255 } * int trace.modules.stream_user.all: enable all trace options { 0:255 } - * int trace.modules.stream_ip.all: enable all trace options { 0:255 - } - * int trace.modules.stream.all: enable all trace options { 0:255 } + * int trace.modules.dce_smb.all: enable all trace options { 0:255 } + * int trace.modules.decode.all: enable all trace options { 0:255 } + * int trace.modules.dce_udp.all: enable all trace options { 0:255 } + * int trace.modules.appid.all: enable all trace options { 0:255 } * int trace.modules.snort.all: enable all trace options { 0:255 } * int trace.modules.snort.main: enable main trace logging { 0:255 } * int trace.modules.snort.inspector_manager: enable inspector manager trace logging { 0:255 } - * int trace.modules.dce_smb.all: enable all trace options { 0:255 } - * int trace.modules.dce_udp.all: enable all trace options { 0:255 } - * int trace.modules.latency.all: enable all trace options { 0:255 } + * int trace.modules.stream_ip.all: enable all trace options { 0:255 + } * int trace.modules.wizard.all: enable all trace options { 0:255 } - * int trace.modules.gtp_inspect.all: enable all trace options { - 0:255 } - * int trace.modules.appid.all: enable all trace options { 0:255 } - * int trace.modules.decode.all: enable all trace options { 0:255 } * int trace.constraints.ip_proto: numerical IP protocol ID filter { 0:255 } * string trace.constraints.src_ip: source IP address filter @@ -7122,6 +7145,8 @@ Configuration: * string trace.constraints.dst_ip: destination IP address filter * int trace.constraints.dst_port: destination port filter { 0:65535 } + * bool trace.constraints.match = true: use constraints to filter + traces * enum trace.output: output method for trace log messages { stdout | syslog } @@ -7975,7 +8000,6 @@ Configuration: * string binder[].use.inspection_policy: use inspection policy from given file * string binder[].use.ips_policy: use ips policy from given file - * string binder[].use.network_policy: deprecated, ignored by binder * string binder[].use.service: override automatic service identification * string binder[].use.type: select module for binding @@ -8122,6 +8146,10 @@ Configuration: (-1 = disabled, 0 = unlimited) { -1:32767 } * string dce_smb.smb_invalid_shares: SMB shares to alert on * bool dce_smb.smb_legacy_mode = false: inspect only SMBv1 + * int dce_smb.smb_max_credit = 8192: Maximum number of outstanding + request { 1:65536 } + * int dce_smb.memcap = 8388608: Memory utilization limit on smb { + 512:maxSZ } Rules: @@ -8239,18 +8267,111 @@ Peg counts: * dce_smb.max_outstanding_requests: total smb maximum outstanding requests (sum) * dce_smb.files_processed: total smb files processed (sum) - * dce_smb.smbv2_create: total number of SMBv2 create packets seen + * dce_smb.v2_setup: total number of SMBv2 setup packets seen (sum) + * dce_smb.v2_setup_err_resp: total number of SMBv2 setup error + response packets seen (sum) + * dce_smb.v2_setup_inv_str_sz: total number of SMBv2 setup packets + seen with invalid structure size (sum) + * dce_smb.v2_setup_resp_hdr_err: total number of SMBv2 setup + response packets ignored due to corrupted header (sum) + * dce_smb.v2_tree_cnct: total number of SMBv2 tree connect packets + seen (sum) + * dce_smb.v2_tree_cnct_err_resp: total number of SMBv2 tree connect + error response packets seen (sum) + * dce_smb.v2_tree_cnct_ignored: total number of SMBv2 setup + response packets ignored due to failure in creating tree tracker (sum) - * dce_smb.smbv2_write: total number of SMBv2 write packets seen + * dce_smb.v2_tree_cnct_inv_str_sz: total number of SMBv2 tree + connect packets seen with invalid structure size (sum) + * dce_smb.v2_tree_cnct_resp_hdr_err: total number of SMBv2 tree + connect response packets ignored due to corrupted header (sum) + * dce_smb.v2_crt: total number of SMBv2 create packets seen (sum) + * dce_smb.v2_crt_err_resp: total number of SMBv2 create error + response packets seen (sum) + * dce_smb.v2_crt_inv_file_data: total number of SMBv2 create + request packets ignored due to error in getting file name (sum) + * dce_smb.v2_crt_inv_str_sz: total number of SMBv2 create packets + seen with invalid structure size (sum) + * dce_smb.v2_crt_resp_hdr_err: total number of SMBv2 create + response packets ignored due to corrupted header (sum) + * dce_smb.v2_crt_req_hdr_err: total number of SMBv2 create request + packets ignored due to corrupted header (sum) + * dce_smb.v2_crt_rtrkr_misng: total number of SMBv2 create response + packets ignored due to missing create request tracker (sum) + * dce_smb.v2_crt_req_ipc: total number of SMBv2 create request + packets ignored as share type is IPC (sum) + * dce_smb.v2_crt_tree_trkr_misng: total number of SMBv2 create + response packets ignored due to missing tree tracker (sum) + * dce_smb.v2_wrt: total number of SMBv2 write packets seen (sum) + * dce_smb.v2_wrt_err_resp: total number of SMBv2 write error + response packets seen (sum) + * dce_smb.v2_wrt_ignored: total number of SMBv2 write packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_wrt_inv_str_sz: total number of SMBv2 write packets + seen with invalid structure size (sum) + * dce_smb.v2_wrt_req_hdr_err: total number of SMBv2 write request + packets ignored due to corrupted header (sum) + * dce_smb.v2_read: total number of SMBv2 read packets seen (sum) + * dce_smb.v2_read_err_resp: total number of SMBv2 read error + response packets seen (sum) + * dce_smb.v2_read_ignored: total number of SMBv2 write packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_read_inv_str_sz: total number of SMBv2 read packets + seen with invalid structure size (sum) + * dce_smb.v2_read_rtrkr_misng: total number of SMBv2 read response + packets ignored due to missing read request tracker (sum) + * dce_smb.v2_read_resp_hdr_err: total number of SMBv2 read response + packets ignored due to corrupted header (sum) + * dce_smb.v2_read_req_hdr_err: total number of SMBv2 read request + packets ignored due to corrupted header (sum) + * dce_smb.v2_stinf: total number of SMBv2 set info packets seen (sum) - * dce_smb.smbv2_read: total number of SMBv2 read packets seen (sum) - * dce_smb.smbv2_set_info: total number of SMBv2 set info packets - seen (sum) - * dce_smb.smbv2_tree_connect: total number of SMBv2 tree connect + * dce_smb.v2_stinf_err_resp: total number of SMBv2 set info error + response packets seen (sum) + * dce_smb.v2_stinf_ignored: total number of SMBv2 set info packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_stinf_inv_str_sz: total number of SMBv2 set info + packets seen with invalid structure size (sum) + * dce_smb.v2_stinf_req_ftrkr_misng: total number of SMBv2 set info + request packets ignored due to missing file tracker (sum) + * dce_smb.v2_stinf_req_hdr_err: total number of SMBv2 set info + request packets ignored due to corrupted header (sum) + * dce_smb.v2_cls: total number of SMBv2 close packets seen (sum) + * dce_smb.v2_cls_err_resp: total number of SMBv2 close error + response packets seen (sum) + * dce_smb.v2_cls_ignored: total number of SMBv2 close packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_cls_inv_str_sz: total number of SMBv2 close packets + seen with invalid structure size (sum) + * dce_smb.v2_cls_req_ftrkr_misng: total number of SMBv2 close + request packets ignored due to missing file tracker (sum) + * dce_smb.v2_cls_req_hdr_err: total number of SMBv2 close request + packets ignored due to corrupted header (sum) + * dce_smb.v2_tree_discn: total number of SMBv2 tree disconnect packets seen (sum) - * dce_smb.smbv2_tree_disconnect: total number of SMBv2 tree - disconnect packets seen (sum) - * dce_smb.smbv2_close: total number of SMBv2 close packets seen + * dce_smb.v2_tree_discn_ignored: total number of SMBv2 tree + disconnect packets ignored due to missing trackers or invalid + share type (sum) + * dce_smb.v2_tree_discn_inv_str_sz: total number of SMBv2 tree + disconnect packets seen with invalid structure size (sum) + * dce_smb.v2_tree_discn_req_hdr_err: total number of SMBv2 tree + disconnect request packets ignored due to corrupted header (sum) + * dce_smb.v2_logoff: total number of SMBv2 logoff (sum) + * dce_smb.v2_logoff_inv_str_sz: total number of SMBv2 logoff + packets seen with invalid structure size (sum) + * dce_smb.v2_hdr_err: total number of SMBv2 packets seen with + corrupted hdr (sum) + * dce_smb.v2_bad_next_cmd_offset: total number of SMBv2 packets + seen with invalid next command offset (sum) + * dce_smb.v2_extra_file_data_err: total number of SMBv2 packets + seen with where file data beyond file size is observed (sum) + * dce_smb.v2_inv_file_ctx_err: total number of times null file + context are seen resulting in not being able to set file size + (sum) + * dce_smb.v2_msgs_uninspected: total number of SMBv2 packets seen + where command is not being inspected (sum) + * dce_smb.v2_cmpnd_req_lt_crossed: total number of SMBv2 packets + seen where compound requests exceed the smb_max_compound limit (sum) * dce_smb.concurrent_sessions: total concurrent sessions (now) * dce_smb.max_concurrent_sessions: maximum concurrent sessions @@ -10429,6 +10550,7 @@ Peg counts: * stream_tcp.syn_acks: number of syn-ack packets (sum) * stream_tcp.resets: number of reset packets (sum) * stream_tcp.fins: number of fin packets (sum) + * stream_tcp.meta_acks: number of meta acks processed (sum) * stream_tcp.packets_held: number of packets held (sum) * stream_tcp.held_packet_rexmits: number of retransmits of held packets (sum) @@ -15129,6 +15251,10 @@ these libraries see the Getting Started section of the manual. of instance filename prefix * --id-zero use id prefix / subdirectory even with one packet thread + * --ignore-warn-flowbits ignore warnings about flowbits that are + checked but not set and vice-versa + * --ignore-warn-rules ignore warnings about duplicate rules and + rule parsing issues * --include-path where to find Lua and rule included files; searched before current or config directories * --list-buffers output available inspection buffers @@ -15368,7 +15494,6 @@ these libraries see the Getting Started section of the manual. given file * string binder[].use.ips_policy: use ips policy from given file * string binder[].use.name: symbol name (defaults to type) - * string binder[].use.network_policy: deprecated, ignored by binder * string binder[].use.service: override automatic service identification * string binder[].use.type: select module for binding @@ -15541,6 +15666,8 @@ these libraries see the Getting Started section of the manual. per signature per flow * int dce_smb.max_frag_len = 65535: maximum fragment size for defragmentation { 1514:65535 } + * int dce_smb.memcap = 8388608: Memory utilization limit on smb { + 512:maxSZ } * enum dce_smb.policy = WinXP: target based policy to use { Win2000 | WinXP | WinVista | Win2003 | Win2008 | Win7 | Samba | Samba-3.0.37 | Samba-3.0.22 | Samba-3.0.20 } @@ -15556,6 +15683,8 @@ these libraries see the Getting Started section of the manual. * bool dce_smb.smb_legacy_mode = false: inspect only SMBv1 * int dce_smb.smb_max_chain = 3: SMB max chain size { 0:255 } * int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255 } + * int dce_smb.smb_max_credit = 8192: Maximum number of outstanding + request { 1:65536 } * multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 | v2 | all } * bool dce_tcp.disable_defrag = false: disable DCE/RPC @@ -16673,6 +16802,10 @@ these libraries see the Getting Started section of the manual. logdir instead of instance filename prefix * implied snort.--id-zero: use id prefix / subdirectory even with one packet thread + * implied snort.--ignore-warn-flowbits: ignore warnings about + flowbits that are checked but not set and vice-versa + * implied snort.--ignore-warn-rules: ignore warnings about + duplicate rules and rule parsing issues * string snort.-i: … list of interfaces * string snort.--include-path: where to find Lua and rule included files; searched before current or config directories @@ -16974,6 +17107,8 @@ these libraries see the Getting Started section of the manual. } * int trace.constraints.ip_proto: numerical IP protocol ID filter { 0:255 } + * bool trace.constraints.match = true: use constraints to filter + traces * string trace.constraints.src_ip: source IP address filter * int trace.constraints.src_port: source port filter { 0:65535 } * int trace.modules.appid.all: enable all trace options { 0:255 } @@ -17204,19 +17339,112 @@ these libraries see the Getting Started section of the manual. reassembled (sum) * dce_smb.smb_server_segs_reassembled: total smb server segments reassembled (sum) - * dce_smb.smbv2_close: total number of SMBv2 close packets seen + * dce_smb.v2_bad_next_cmd_offset: total number of SMBv2 packets + seen with invalid next command offset (sum) + * dce_smb.v2_cls_err_resp: total number of SMBv2 close error + response packets seen (sum) + * dce_smb.v2_cls_ignored: total number of SMBv2 close packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_cls_inv_str_sz: total number of SMBv2 close packets + seen with invalid structure size (sum) + * dce_smb.v2_cls_req_ftrkr_misng: total number of SMBv2 close + request packets ignored due to missing file tracker (sum) + * dce_smb.v2_cls_req_hdr_err: total number of SMBv2 close request + packets ignored due to corrupted header (sum) + * dce_smb.v2_cls: total number of SMBv2 close packets seen (sum) + * dce_smb.v2_cmpnd_req_lt_crossed: total number of SMBv2 packets + seen where compound requests exceed the smb_max_compound limit + (sum) + * dce_smb.v2_crt_err_resp: total number of SMBv2 create error + response packets seen (sum) + * dce_smb.v2_crt_inv_file_data: total number of SMBv2 create + request packets ignored due to error in getting file name (sum) + * dce_smb.v2_crt_inv_str_sz: total number of SMBv2 create packets + seen with invalid structure size (sum) + * dce_smb.v2_crt_req_hdr_err: total number of SMBv2 create request + packets ignored due to corrupted header (sum) + * dce_smb.v2_crt_req_ipc: total number of SMBv2 create request + packets ignored as share type is IPC (sum) + * dce_smb.v2_crt_resp_hdr_err: total number of SMBv2 create + response packets ignored due to corrupted header (sum) + * dce_smb.v2_crt_rtrkr_misng: total number of SMBv2 create response + packets ignored due to missing create request tracker (sum) + * dce_smb.v2_crt: total number of SMBv2 create packets seen (sum) + * dce_smb.v2_crt_tree_trkr_misng: total number of SMBv2 create + response packets ignored due to missing tree tracker (sum) + * dce_smb.v2_extra_file_data_err: total number of SMBv2 packets + seen with where file data beyond file size is observed (sum) + * dce_smb.v2_hdr_err: total number of SMBv2 packets seen with + corrupted hdr (sum) + * dce_smb.v2_inv_file_ctx_err: total number of times null file + context are seen resulting in not being able to set file size (sum) - * dce_smb.smbv2_create: total number of SMBv2 create packets seen + * dce_smb.v2_logoff_inv_str_sz: total number of SMBv2 logoff + packets seen with invalid structure size (sum) + * dce_smb.v2_logoff: total number of SMBv2 logoff (sum) + * dce_smb.v2_msgs_uninspected: total number of SMBv2 packets seen + where command is not being inspected (sum) + * dce_smb.v2_read_err_resp: total number of SMBv2 read error + response packets seen (sum) + * dce_smb.v2_read_ignored: total number of SMBv2 write packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_read_inv_str_sz: total number of SMBv2 read packets + seen with invalid structure size (sum) + * dce_smb.v2_read_req_hdr_err: total number of SMBv2 read request + packets ignored due to corrupted header (sum) + * dce_smb.v2_read_resp_hdr_err: total number of SMBv2 read response + packets ignored due to corrupted header (sum) + * dce_smb.v2_read_rtrkr_misng: total number of SMBv2 read response + packets ignored due to missing read request tracker (sum) + * dce_smb.v2_read: total number of SMBv2 read packets seen (sum) + * dce_smb.v2_setup_err_resp: total number of SMBv2 setup error + response packets seen (sum) + * dce_smb.v2_setup_inv_str_sz: total number of SMBv2 setup packets + seen with invalid structure size (sum) + * dce_smb.v2_setup_resp_hdr_err: total number of SMBv2 setup + response packets ignored due to corrupted header (sum) + * dce_smb.v2_setup: total number of SMBv2 setup packets seen (sum) + * dce_smb.v2_stinf_err_resp: total number of SMBv2 set info error + response packets seen (sum) + * dce_smb.v2_stinf_ignored: total number of SMBv2 set info packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_stinf_inv_str_sz: total number of SMBv2 set info + packets seen with invalid structure size (sum) + * dce_smb.v2_stinf_req_ftrkr_misng: total number of SMBv2 set info + request packets ignored due to missing file tracker (sum) + * dce_smb.v2_stinf_req_hdr_err: total number of SMBv2 set info + request packets ignored due to corrupted header (sum) + * dce_smb.v2_stinf: total number of SMBv2 set info packets seen (sum) - * dce_smb.smbv2_read: total number of SMBv2 read packets seen (sum) - * dce_smb.smbv2_set_info: total number of SMBv2 set info packets + * dce_smb.v2_tree_cnct_err_resp: total number of SMBv2 tree connect + error response packets seen (sum) + * dce_smb.v2_tree_cnct_ignored: total number of SMBv2 setup + response packets ignored due to failure in creating tree tracker + (sum) + * dce_smb.v2_tree_cnct_inv_str_sz: total number of SMBv2 tree + connect packets seen with invalid structure size (sum) + * dce_smb.v2_tree_cnct_resp_hdr_err: total number of SMBv2 tree + connect response packets ignored due to corrupted header (sum) + * dce_smb.v2_tree_cnct: total number of SMBv2 tree connect packets seen (sum) - * dce_smb.smbv2_tree_connect: total number of SMBv2 tree connect + * dce_smb.v2_tree_discn_ignored: total number of SMBv2 tree + disconnect packets ignored due to missing trackers or invalid + share type (sum) + * dce_smb.v2_tree_discn_inv_str_sz: total number of SMBv2 tree + disconnect packets seen with invalid structure size (sum) + * dce_smb.v2_tree_discn_req_hdr_err: total number of SMBv2 tree + disconnect request packets ignored due to corrupted header (sum) + * dce_smb.v2_tree_discn: total number of SMBv2 tree disconnect packets seen (sum) - * dce_smb.smbv2_tree_disconnect: total number of SMBv2 tree - disconnect packets seen (sum) - * dce_smb.smbv2_write: total number of SMBv2 write packets seen - (sum) + * dce_smb.v2_wrt_err_resp: total number of SMBv2 write error + response packets seen (sum) + * dce_smb.v2_wrt_ignored: total number of SMBv2 write packets + ignored due to missing trackers or invalid share type (sum) + * dce_smb.v2_wrt_inv_str_sz: total number of SMBv2 write packets + seen with invalid structure size (sum) + * dce_smb.v2_wrt_req_hdr_err: total number of SMBv2 write request + packets ignored due to corrupted header (sum) + * dce_smb.v2_wrt: total number of SMBv2 write packets seen (sum) * dce_tcp.alter_context_responses: total connection-oriented alter context responses (sum) * dce_tcp.alter_contexts: total connection-oriented alter contexts @@ -17893,6 +18121,7 @@ these libraries see the Getting Started section of the manual. * stream_tcp.max_packets_held: maximum number of packets held simultaneously (max) * stream_tcp.memory: current memory in use (now) + * stream_tcp.meta_acks: number of meta acks processed (sum) * stream_tcp.overlaps: overlapping segments queued (sum) * stream_tcp.packets_held: number of packets held (sum) * stream_tcp.partial_fallbacks: count of fallbacks from assigned diff --git a/src/main/build.h b/src/main/build.h index 46eb73211..ac84188a7 100644 --- a/src/main/build.h +++ b/src/main/build.h @@ -12,7 +12,7 @@ // // //-----------------------------------------------// -#define BUILD_NUMBER 1 +#define BUILD_NUMBER 2 #ifndef EXTRABUILD #define BUILD STRINGIFY_MX(BUILD_NUMBER)