From: Tom Peters (thopeter) Date: Wed, 10 Apr 2019 20:51:55 +0000 (-0400) Subject: Merge pull request #1574 in SNORT/snort3 from ~NIHDESAI/snort3:build_252 to master X-Git-Tag: 3.0.0-252 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c729502b969b30c071d05f73457605a0f2036d4;p=thirdparty%2Fsnort3.git Merge pull request #1574 in SNORT/snort3 from ~NIHDESAI/snort3:build_252 to master Squashed commit of the following: commit 514ffa6b2c65173321e8548a1924100a7b62fd80 Author: Nihal Desai Date: Wed Apr 10 04:05:50 2019 -0400 build: generate and tag build 252 --- diff --git a/ChangeLog b/ChangeLog index 77f159a11..0307e4c0f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,69 @@ +19/04/10 - build 252 + +-- appid: Fix NetworkSet compilation on big-endian systems +-- appid: Reduce variable scope in service_mdns +-- appid: Reduce variable scope in service_rpc +-- codecs/ipv4: Use struct in_addr when calling inet_ntop() +-- dce_rpc: Fix const cast warnings in dce_smb2 +-- detection: Don't send zero size searches to the regex offloader + If a batch search request had nothing in it to be + searched for there is no purpose in sending it to + the offloader +-- detection: Ensure offload search engine started with appropriate regex offloader + If the offload_search_method is not specified then by + default it will be the same as the normal search_method. + If this search method is an async mpse it needs started + using the MpseRegexOffload offloader otherwise it needs + started using the ThreadRegexOffload offloader +-- file_api: add extract filename to FileFlow from mime header +-- file_api: Add timer to limit how long we want for pending file lookup. +-- file_api: If configured, reset session when lookup times out. +-- file_api: Make expiration timers more granular. +-- file_api: use more generic form of timercmp and fix timersub call. +-- file_api: use timersub_ms, updates to packettracer logs. +-- flow: add the override keyword to some member function to keep cppcheck happy. +-- flow: add test to check that a handler is not getting stash events that it's not listening to. +-- flow: stash publish event. +-- flow: unit test for stash publish. +-- ftp_telnet: Fix potential NULL pointer arithmetic in check_ftp() +-- ftp_telnet: Fix val-never-used warning in DoNextFormat() +-- http_inspect: Fix val-never-used warning in check_oversize_dir() +-- http_inspect: Give HttpTestInput a destructor to clean up its file handle +-- log: Fix potential NULL pointer arithmetic warning in log_text +-- mpse: Adding performance profiling stats to Mpse batch search + The Mpse batch search function does not have any + performance profiling so this function is now wrapped + to facilitate the addition of performance stats +-- normalize: Remove redundant check during configuration +-- offload: simplify zero byte bypass +-- offload: Framework changes to support polling for completed + batch searches + When a batch search is issued, currently we poll to + determine if that batch has completed its search. + This change facilitates polling to return any batch + that has completed its search. +-- packet_io: Changes to allow daq retries to work properly. +-- packet_io: add entry for retry in act_str due to re-ordering. +-- packet_io: re-order ACT_RETRY to be before ACT_DROP. +-- packet_tracer: Pass filename string parameter by reference +-- perf_monitor: Pass ModuleConfig string parameter by reference +-- port_scan: Reduce variable scope in configuration +-- rule_state: rule_state: do not require rules in all policies +-- rules: remove cruft from tree nodes +-- sfip: Reduce variable scopes in sf_ipvar +-- sfip: Switch test debug flag to a cpp macro +-- sfrt: Reduce variable scope in _dir_remove_less_specific() +-- sip: Give SipSplitterUT a proper copy constructor +-- snort2lua: Adding support for appid tp_config_path conversion +-- snort2lua: Convert rawbytes to raw_data sticky buffer +-- so rules: fixup shutdown sequencing +-- so rules: make plain stubs same as protected +-- so rules: use stub strictly as a key +-- stream: set retransmit flag. +-- stream_ip: Fix sign comparison and val-never-used issues in defrag +-- stream_tcp: Fix shadowed variable when profiling deeply +-- u2spewfoo: update due to re-ording of retry action. + 19/03/31 - build 251 -- ActionManager: actions are tracked per packet for accurate packet suspension diff --git a/doc/snort_manual.html b/doc/snort_manual.html index dec31cadd..1b536e64b 100644 --- a/doc/snort_manual.html +++ b/doc/snort_manual.html @@ -782,7 +782,7 @@ asciidoc.install(2); 
 ,,_     -*> Snort++ <*-
-o"  )~   Version 3.0.0 (Build 251) from 2.9.11
+o"  )~   Version 3.0.0 (Build 252) from 2.9.11
  ''''    By Martin Roesch & The Snort Team
          http://snort.org/contact#team
          Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.
@@ -8411,12 +8411,12 @@ string references[].url: where this reference is d
 
    
 
  • 
 
    
-enum rule_state.([0-9]+):([0-9]+).action = inherit: apply action if rule matches or inherit from rule definition { log | pass | alert | drop | block | reset | inherit }
+enum rule_state.([0-9]+):([0-9]+)[].action = inherit: apply action if rule matches or inherit from rule definition { log | pass | alert | drop | block | reset | inherit }
 
    
 
    • 
 
  • 
 
    
-enum rule_state.([0-9]+):([0-9]+).enable = inherit: enable or disable rule in current ips policy or use default defined by ips policy { false | true | inherit }
+enum rule_state.([0-9]+):([0-9]+)[].enable = inherit: enable or disable rule in current ips policy or use default defined by ips policy { false | true | inherit }
 
    
 
    • 
 

@@ -27417,12 +27417,12 @@ string rpc.~ver: version number or * for any
 
 
  • 
 
    
-enum rule_state.([0-9]+):([0-9]+).action = inherit: apply action if rule matches or inherit from rule definition { log | pass | alert | drop | block | reset | inherit }
+enum rule_state.([0-9]+):([0-9]+)[].action = inherit: apply action if rule matches or inherit from rule definition { log | pass | alert | drop | block | reset | inherit }
 
    
 
    • 
 
  • 
 
    
-enum rule_state.([0-9]+):([0-9]+).enable = inherit: enable or disable rule in current ips policy or use default defined by ips policy { false | true | inherit }
+enum rule_state.([0-9]+):([0-9]+)[].enable = inherit: enable or disable rule in current ips policy or use default defined by ips policy { false | true | inherit }
 
    
 
    • 
 
  • 
@@ -38219,7 +38219,7 @@ Adding/removing stream_* inspectors if stream was already configured
 
 
diff --git a/doc/snort_manual.pdf b/doc/snort_manual.pdf
index 7b4cb160a..9627e309a 100644
Binary files a/doc/snort_manual.pdf and b/doc/snort_manual.pdf differ
diff --git a/doc/snort_manual.text b/doc/snort_manual.text
index 74017de65..0a6f106e3 100644
--- a/doc/snort_manual.text
+++ b/doc/snort_manual.text
@@ -387,7 +387,7 @@ Table of Contents
 Snorty
 
  ,,_     -*> Snort++ <*-
-o"  )~   Version 3.0.0 (Build 251) from 2.9.11
+o"  )~   Version 3.0.0 (Build 252) from 2.9.11
  ''''    By Martin Roesch & The Snort Team
          http://snort.org/contact#team
          Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.
@@ -6127,10 +6127,10 @@ Usage: detect
 
 Configuration:
 
-  * enum rule_state.([0-9]+):([0-9]+).action = inherit: apply action
-    if rule matches or inherit from rule definition { log | pass |
-    alert | drop | block | reset | inherit }
-  * enum rule_state.([0-9]+):([0-9]+).enable = inherit: enable or
+  * enum rule_state.([0-9]+):([0-9]+)[].action = inherit: apply
+    action if rule matches or inherit from rule definition { log |
+    pass | alert | drop | block | reset | inherit }
+  * enum rule_state.([0-9]+):([0-9]+)[].enable = inherit: enable or
     disable rule in current ips policy or use default defined by ips
     policy { false | true | inherit }
 
@@ -15261,10 +15261,10 @@ these libraries see the Getting Started section of the manual.
   * int rpc.~app: application number { 0:max32 }
   * string rpc.~proc: procedure number or * for any
   * string rpc.~ver: version number or * for any
-  * enum rule_state.([0-9]+):([0-9]+).action = inherit: apply action
-    if rule matches or inherit from rule definition { log | pass |
-    alert | drop | block | reset | inherit }
-  * enum rule_state.([0-9]+):([0-9]+).enable = inherit: enable or
+  * enum rule_state.([0-9]+):([0-9]+)[].action = inherit: apply
+    action if rule matches or inherit from rule definition { log |
+    pass | alert | drop | block | reset | inherit }
+  * enum rule_state.([0-9]+):([0-9]+)[].enable = inherit: enable or
     disable rule in current ips policy or use default defined by ips
     policy { false | true | inherit }
   * string sd_pattern.~pattern: The pattern to search for
diff --git a/src/main/build.h b/src/main/build.h
index 7403da4da..88484ad3a 100644
--- a/src/main/build.h
+++ b/src/main/build.h
@@ -12,7 +12,7 @@
 //                                               //
 //-----------------------------------------------//
 
-#define BUILD_NUMBER 251
+#define BUILD_NUMBER 252
 
 #ifndef EXTRABUILD
 #define BUILD STRINGIFY_MX(BUILD_NUMBER)