From: Priyanka Bangalore Gurudev (prbg) Date: Wed, 8 May 2024 01:32:13 +0000 (+0000) Subject: Pull request #4309: build: generate and tag 3.1.85.0 X-Git-Tag: 3.2.1.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b38689890dad21751aee1e8f596000b0e2e4e71;p=thirdparty%2Fsnort3.git Pull request #4309: build: generate and tag 3.1.85.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.85.0 to master Squashed commit of the following: commit ab0da173702879f47dacb75432271916a5fb7468 Author: Priyanka Gurudev Date: Mon May 6 22:52:42 2024 -0400 build: generate and tag 3.1.85.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 366fef785..56824d191 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 84) +set (VERSION_PATCH 85) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index ec17051c0..0e4852cf1 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,23 @@ +2024-05-06: 3.1.85.0 + +* anaylzer, framework: add a data bus method to publish to all network policies and use it for idle +* appid: add http url regex patterns +* appid: appid CPU Profiler Table and CLI +* appid: disable appid cpu profiler +* detection: clear inspector data before flow_data +* detection: fix postponed rule evaluation with recall presence +* file_api: fix incorrect data size being passed to IPS engine for file type detection +* flow: connection profiling feature +* flow: fix unit test for debian +* main: update usage of a deprecated hwloc macro. Thanks to teicors for reporting the issue! +* stream_tcp: add reassembler class for missed_3whs +* stream_tcp: change drop reason issuer to stream +* stream_tcp: drop packet with invalid sequence number if inspection policy is inline and fix sequence number comparisons +* stream_tcp: implement an asymmetric flow (one-way traffic) mode for reassembly that purges flushed segments immediately (no waiting for ack that will never come) +* stream_tcp: support for asymmetric normalization +* stream_tcp: track offset into data buffer due to overlaps with state variable on the TCP segment node +* utils: move file specific functions from perfmonitor to utils + 2024-04-08: 3.1.84.0 * appid: enhanced appid config parsing diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 6a930d7b1..2eb570605 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.84.0 2024-04-08 22:48:07 EDT TST +Revision 3.1.85.0 2024-05-06 22:48:20 EDT TST --------------------------------------------------------------------- @@ -901,7 +901,7 @@ Configuration: | bsd | bsd_right | last | windows | solaris } * enum hosts[].tcp_policy: TCP reassembly policy { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | - hpux10 | windows | win_2003 | vista | proxy } + hpux10 | windows | win_2003 | vista | proxy | asymmetric } * string hosts[].services[].name: service identifier * enum hosts[].services[].proto = tcp: IP protocol { tcp | udp } * port hosts[].services[].port: port number @@ -2600,6 +2600,9 @@ Commands: * appid.reload_third_party(): reload appid third-party module * appid.reload_detectors(): reload appid detectors * appid.print_appid_config(): print appid configs + * appid.show_cpu_profiler_stats(appid): show appid cpu profiling + stats + * appid.show_cpu_profiler_status(): show appid cpu profiling status Peg counts: @@ -5851,7 +5854,7 @@ Configuration: * enum stream_tcp.policy = bsd: determines operating system characteristics like reassembly { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | hpux10 | - windows | win_2003 | vista | proxy } + windows | win_2003 | vista | proxy | asymmetric } * bool stream_tcp.reassemble_async = true: queue data for reassembly before traffic is seen in both directions * int stream_tcp.require_3whs = -1: don’t track midstream sessions @@ -6010,6 +6013,10 @@ Peg counts: normalization policy (sum) * stream_tcp.full_retransmits: number of fully retransmitted segments (sum) + * stream_tcp.flush_on_asymmetric_flow: number of flushes on + asymmetric flows (sum) + * stream_tcp.asymmetric_flows: number of completed flows having + one-way traffic only (sum) 5.52. stream_udp @@ -9659,7 +9666,7 @@ libraries see the Getting Started section of the manual. * enum hosts[].services[].proto = tcp: IP protocol { tcp | udp } * enum hosts[].tcp_policy: TCP reassembly policy { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | - hpux10 | windows | win_2003 | vista | proxy } + hpux10 | windows | win_2003 | vista | proxy | asymmetric } * addr host_tracker[].ip: hosts address / cidr * port host_tracker[].services[].port: port number * enum host_tracker[].services[].proto: IP protocol { ip | tcp | @@ -11000,7 +11007,7 @@ libraries see the Getting Started section of the manual. * enum stream_tcp.policy = bsd: determines operating system characteristics like reassembly { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | hpux10 | - windows | win_2003 | vista | proxy } + windows | win_2003 | vista | proxy | asymmetric } * int stream_tcp.queue_limit.max_bytes = 4194304: don’t queue more than given bytes per session and direction, 0 = unlimited { 0:max32 } @@ -12233,6 +12240,8 @@ libraries see the Getting Started section of the manual. tuner called while processing packets (sum) * stream.stale_prunes: sessions pruned due to stale connection (sum) + * stream_tcp.asymmetric_flows: number of completed flows having + one-way traffic only (sum) * stream_tcp.client_cleanups: number of times data from server was flushed when session released (sum) * stream_tcp.closing: number of sessions currently closing (now) @@ -12252,6 +12261,8 @@ libraries see the Getting Started section of the manual. * stream_tcp.exceeded_max_segs: number of times the maximum queued segment limit was reached (sum) * stream_tcp.fins: number of fin packets (sum) + * stream_tcp.flush_on_asymmetric_flow: number of flushes on + asymmetric flows (sum) * stream_tcp.full_retransmits: number of fully retransmitted segments (sum) * stream_tcp.gaps: missing data between PDUs (sum) @@ -15749,6 +15760,9 @@ alert is raised by the enhanced JavaScript normalizer. * appid.reload_third_party(): reload appid third-party module * appid.reload_detectors(): reload appid detectors * appid.print_appid_config(): print appid configs + * appid.show_cpu_profiler_stats(appid): show appid cpu profiling + stats + * appid.show_cpu_profiler_status(): show appid cpu profiling status * host_cache.dump(file_name): dump host cache * host_cache.delete_host(host_ip): delete host from host cache * host_cache.delete_network_proto(host_ip, proto): delete network diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index ce9f0f8e4..f3a65689c 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.84.0 2024-04-08 22:49:12 EDT TST +Revision 3.1.85.0 2024-05-06 22:49:28 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 2e5d0b511..ebaac2ad3 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.84.0 2024-04-08 22:48:29 EDT TST +Revision 3.1.85.0 2024-05-06 22:48:43 EDT TST ---------------------------------------------------------------------