From: Priyanka Bangalore Gurudev (prbg) Date: Sat, 6 May 2023 19:16:24 +0000 (+0000) Subject: Pull request #3837: build: generate and tag 3.1.61.0 X-Git-Tag: 3.1.61.0^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7723002a5aea33e22a6aa3ca28c835bb69f85de4;p=thirdparty%2Fsnort3.git Pull request #3837: build: generate and tag 3.1.61.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.61.0 to master Squashed commit of the following: commit 9f172e7f667828e6ddce5ccd9b26e802a3db4ce6 Author: Priyanka Gurudev Date: Thu May 4 22:36:42 2023 -0400 build: generate and tag 3.1.61.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index bba681a39..8aa50f150 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 60) +set (VERSION_PATCH 61) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 5fe04dfca..cc65270db 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,20 @@ +2023-05-04: 3.1.61.0 + +* appid: appIdPegCounters thread data handling refactored to prevent data races +* appid: ensure that TP SSL detection is not overwrite SMTPS service and client in a starttls session +* appid: validate data size of SSL certificate record before parsing +* build: remove unused header. Thanks to Rui Chen for reporting the issue. +* cmake: update sed call. Thanks to graysky for reporting the issue. +* flow: defensive fix to prevent crash if flow->prev is nullptr. +* flow, hash, stream: add a free list node count that is output as a peg count +* managers: check main SnortConfig pointer in InspectorManager::get_inspector() to avoid memory bad access calls +* memory: fix memory pruning race condition and bail on reap failure +* memory: provide a default value for pointers if the module has not been initialized +* profiler: add shell commands +* profiler: move profiler module to separate files +* snort: add show_config_generation() command +* stream_tcp: populate TCP pseudopackets with VLAN ids in TCP reassembler to avoid issues with secondary flow creation / expected flow cache + 2023-04-20: 3.1.60.0 * appid: fixed TSAN warnings diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 9b11efb5e..9ef3c6460 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.60.0 2023-04-20 15:35:36 EDT TST +Revision 3.1.61.0 2023-05-04 22:13:01 EDT TST --------------------------------------------------------------------- @@ -1098,7 +1098,12 @@ Peg counts: (now) * memory.reap_attempts: attempts to reclaim memory (now) * memory.reap_failures: failures to reclaim memory (now) - * memory.pruned: total amount of memory pruned (now) + * memory.reap_aborts: abort pruning before target due to process + under limit (now) + * memory.reap_decrease: total amount of the decrease in thread + memory while process over limit (now) + * memory.reap_increase: total amount of the increase in thread + memory while process over limit (now) 2.20. network @@ -1317,6 +1322,13 @@ Configuration: | checks | avg_check | total_time | matches | no_matches | avg_match | avg_no_match } +Commands: + + * profiler.rule_start(): enable rule profiler + * profiler.rule_stop(): disable rule profiler + * profiler.rule_status(): print rule profiler status + * profiler.rule_dump(): print rule statistics + 2.27. rate_filter @@ -1706,8 +1718,9 @@ Commands: policy * snort.reload_daq(): reload daq module * snort.reload_hosts(filename): load a new hosts table - * snort.log_command(command, logging): enabled or disable logging - of a command + * snort.log_command(command, logging): enable or disable command + logging + * snort.show_config_generation(): show loaded configuration ID * snort.pause(): suspend packet processing * snort.resume(pkt_num): continue packet processing. If number of packets is specified, will resume for n packets and pause @@ -5586,6 +5599,8 @@ Peg counts: * stream.reload_offloaded_deletes: number of offloaded flows deleted by config reloads (sum) * stream.current_flows: current number of flows in cache (now) + * stream.current_free_flows: current number of free flows in cache + (now) * stream.uni_flows: number of uni flows in cache (now) * stream.uni_ip_flows: number of uni ip flows in cache (now) @@ -11659,11 +11674,16 @@ libraries see the Getting Started section of the manual. threads (now) * memory.epochs: number of memory updates (now) * memory.max_in_use: maximum memory used (max) - * memory.pruned: total amount of memory pruned (now) + * memory.reap_aborts: abort pruning before target due to process + under limit (now) * memory.reap_attempts: attempts to reclaim memory (now) * memory.reap_cycles: number of actionable over-limit conditions (now) + * memory.reap_decrease: total amount of the decrease in thread + memory while process over limit (now) * memory.reap_failures: failures to reclaim memory (now) + * memory.reap_increase: total amount of the increase in thread + memory while process over limit (now) * memory.start_up_use: memory used before packet processing (now) * mem_test.packets: total packets (sum) * mms.concurrent_sessions: total concurrent MMS sessions (now) @@ -11997,6 +12017,8 @@ libraries see the Getting Started section of the manual. * ssl.sessions_ignored: total sessions ignore (sum) * ssl.unrecognized_records: total unrecognized records (sum) * stream.current_flows: current number of flows in cache (now) + * stream.current_free_flows: current number of free flows in cache + (now) * stream.excess_prunes: sessions pruned due to excess (sum) * stream.expected_flows: total expected flows created within snort (sum) @@ -15542,6 +15564,10 @@ alert is raised by the enhanced JavaScript normalizer. host pairs * perf_monitor.show_flow_ip_profiling(): show status of statistics on host pairs + * profiler.rule_start(): enable rule profiler + * profiler.rule_stop(): disable rule profiler + * profiler.rule_status(): print rule profiler status + * profiler.rule_dump(): print rule statistics * reputation.reload(): reload reputation data * rna.dump_macs(): dump rna’s internal MAC trackers * rna.delete_mac_host(mac): delete a MAC from rna’s MAC cache @@ -15562,8 +15588,9 @@ alert is raised by the enhanced JavaScript normalizer. policy * snort.reload_daq(): reload daq module * snort.reload_hosts(filename): load a new hosts table - * snort.log_command(command, logging): enabled or disable logging - of a command + * snort.log_command(command, logging): enable or disable command + logging + * snort.show_config_generation(): show loaded configuration ID * snort.pause(): suspend packet processing * snort.resume(pkt_num): continue packet processing. If number of packets is specified, will resume for n packets and pause diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 3ee9fd69a..2dd2792b5 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.60.0 2023-04-20 15:36:43 EDT TST +Revision 3.1.61.0 2023-05-04 22:14:07 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index eeb14ebd4..4523752c5 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.60.0 2023-04-20 15:35:58 EDT TST +Revision 3.1.61.0 2023-05-04 22:13:23 EDT TST ---------------------------------------------------------------------