From: Michael Altizer
Date: Fri, 26 Apr 2019 20:45:18 +0000 (-0400)
Subject: build: generate and tag build 254
X-Git-Tag: 3.0.0-254
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c9a1f22de4596d80a6958f3c542a4986efc8c91;p=thirdparty%2Fsnort3.git
build: generate and tag build 254
---
diff --git a/ChangeLog b/ChangeLog
index d487770ee..65c270af9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+19/04/26 - build 254
+
+-- analyzer: Print pause indicator from analyzer threads
+-- appid: remove inspector reference from detectors
+-- build: Remove perpetually stale reference to lua_plugffi.h
+-- build: remove unused cruft; clean up KMap
+-- config: replace working dir overrides with --include-path
+-- context: only clear ids_in_use in dtor
+-- file_type: remove redundant error message
+-- log_pcap, packet_capture: Don't try to use a DAQ pkthdr as a PCAP pkthdr
+-- Lua: update tweaks per latest include changes
+-- main: Use epoll (for linux systems) instead of select to get rid of limit on fd-set-size and for
+ time efficiency
+-- snort2lua: fix histogram option change comment
+-- snort2lua: Integer parameter range check
+-- stream_tcp: Try to work with a cleaner Packet when purging at shutdown
+-- test: remove cruft
+
19/04/17 - build 253
-- build: delete unused code called out by cppcheck
diff --git a/doc/snort_manual.html b/doc/snort_manual.html
index 1b536e64b..03414af31 100644
--- a/doc/snort_manual.html
+++ b/doc/snort_manual.html
@@ -782,7 +782,7 @@ asciidoc.install(2);
,,_ -*> Snort++ <*-
-o" )~ Version 3.0.0 (Build 252) from 2.9.11
+o" )~ Version 3.0.0 (Build 254) from 2.9.11
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.
@@ -1064,20 +1064,6 @@ done with Lua, so your old conf won’t work as is. Rules are still text
based but with syntax tweaks, so your 2.X rules must be fixed up. However,
snort2lua will help you convert your conf and rules to the new format.
-
Environment
-
LUA_PATH must be set based on your install:
-
-
-
LUA_PATH=$install_prefix/include/snort/lua/\?.lua\;\;
-
-
SNORT_LUA_PATH must be set to load auxiliary configuration files if you use
-the default snort.lua. For example:
-
-
-
export SNORT_LUA_PATH=$install_prefix/etc/snort
-
-
-
Command Line
A simple command line might look like this:
@@ -2237,13 +2223,7 @@ To build with g++ on OS X where clang is installed, do this first:
Running
-
First set up the environment:
-
-
-
export LUA_PATH=$my_path/include/snort/lua/\?.lua\;\;
-export SNORT_LUA_PATH=$my_path/etc/snort/
-
-
+
Common Errors
-
FATAL: snort_config is required
-
PANIC: unprotected error in call to Lua API (cannot open
snort_defaults.lua: No such file or directory)
@@ -2707,16 +2675,6 @@ Uninstall gperftools 2.5 provided by the distribution and install gperftools
Snort install directory. Additionally, it is assumed that "$my_path/bin"
is in your PATH.
-
Environment
-
LUA_PATH is used directly by Lua to load and run required libraries.
-SNORT_LUA_PATH is used by Snort to load supplemental configuration files.
-
-
-
export LUA_PATH=$my_path/include/snort/lua/\?.lua\;\;
-export SNORT_LUA_PATH=$my_path/etc/snort
-
-
-
Help
@@ -3369,32 +3327,6 @@ will reduce performance.
based on a specific HTTP header:
-
require("snort_config")
-
-
-
-
dir = os.getenv('SNORT_LUA_PATH')
-
-
-
-
if ( not dir ) then
- dir = '.'
-end
-
-
-
-
dofile(dir .. '/snort_defaults.lua')
-
-
-
-
local_rules =
-[[
-block http ( msg:"openAppId: test content match for app http";
-content:"X-Header: malicious"; sid:18760; rev:4; )
-]]
-
-
@@ -3428,6 +3360,14 @@ content:"X-Header: malicious"; sid:18760; rev:4; )
+
local_rules =
+[[
+block http ( msg:"openAppId: test content match for app http";
+content:"X-Header: malicious"; sid:18760; rev:4; )
+]]
+
+
+
ips =
{
rules = local_rules,
@@ -7088,7 +7028,7 @@ bool alerts.log_references = false: include rule references in
-string alerts.order = pass drop alert log: change the order of rule action application
+string alerts.order = pass reset block drop alert log: change the order of rule action application
@@ -8046,7 +7986,7 @@ multi network.checksum_drop = none: drop if checksum is bad { a
-multi network.checksum_eval = none: checksums to verify { all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none }
+multi network.checksum_eval = all: checksums to verify { all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none }
@@ -8774,7 +8714,7 @@ int snort.-z = 1: <count> maximum number of packet thread
-implied snort.--alert-before-pass: process alert, drop, sdrop, or reject before pass; default is pass before alert, drop,…
+implied snort.--alert-before-pass: evaluate alert rules before pass rules; default is pass rules first
@@ -8919,6 +8859,11 @@ implied snort.--id-zero: use id prefix / subdirectory even with
+string snort.--include-path: <path> where to find Lua and rule included files; searched before current or config directories
+
+
+
+
implied snort.--list-buffers: output available inspection buffers
@@ -8984,11 +8929,6 @@ implied snort.--pause: wait for resume/quit command before proc
-implied snort.--parsing-follows-files: parse relative paths from the perspective of the current configuration file
-
-
-
-
string snort.--pcap-file: <file> file that contains a list of pcaps to read - read mode is implied
@@ -9079,6 +9019,11 @@ implied snort.--shell: enable the interactive command line
+implied snort.--show-file-codes: indicate how files are located: A=absolute and W, F, C which are relative to the working directory, including file, and config file respectively
+
+
+
+
implied snort.--show-plugins: list module and plugin versions
@@ -9104,12 +9049,12 @@ implied snort.--talos: enable Talos inline rule test mode (same
-implied snort.--treat-drop-as-alert: converts drop, sdrop, and reject rules into alert rules during startup
+implied snort.--treat-drop-as-alert: converts drop, block, and reset rules into alert rules when loaded
-implied snort.--treat-drop-as-ignore: use drop, sdrop, and reject rules to ignore session traffic when not inline
+implied snort.--treat-drop-as-ignore: use drop, block, and reset rules to ignore session traffic when not inline
@@ -23391,16 +23336,6 @@ these libraries see the Getting Started section of the manual.
-LUA_PATH: you must export as follows so LuaJIT can find required
- files.
-
-
-
-
LUA_PATH=$install_dir/include/snort/lua/\?.lua\;\;
-
-
-
-
SNORT_IGNORE: the list of symbols Snort should ignore when parsing the
Lua conf. Unknown symbols not in SNORT_IGNORE will cause warnings with
--warn-unknown or fatals with --warn-unknown --pedantic.
@@ -23408,12 +23343,6 @@ these libraries see the Getting Started section of the manual.
-SNORT_LUA_PATH: an optional path where Snort can find supplemental conf
- files such as classification.lua.
-
-
-
-
SNORT_PROMPT: the character sequence that is printed at startup,
shutdown, and in the shell. The default is the mini-pig: o")~ .
@@ -23617,7 +23546,7 @@ these libraries see the Getting Started section of the manual.
---alert-before-pass process alert, drop, sdrop, or reject before pass; default is pass before alert, drop,…
+--alert-before-pass evaluate alert rules before pass rules; default is pass rules first
@@ -23762,6 +23691,11 @@ these libraries see the Getting Started section of the manual.
+--include-path <path> where to find Lua and rule included files; searched before current or config directories
+
+
+
+
--list-buffers output available inspection buffers
@@ -23827,11 +23761,6 @@ these libraries see the Getting Started section of the manual.
---parsing-follows-files parse relative paths from the perspective of the current configuration file
-
-
-
-
--pcap-file <file> file that contains a list of pcaps to read - read mode is implied
@@ -23922,6 +23851,11 @@ these libraries see the Getting Started section of the manual.
+--show-file-codes indicate how files are located: A=absolute and W, F, C which are relative to the working directory, including file, and config file respectively
+
+
+
+
--show-plugins list module and plugin versions
@@ -23947,12 +23881,12 @@ these libraries see the Getting Started section of the manual.
---treat-drop-as-alert converts drop, sdrop, and reject rules into alert rules during startup
+--treat-drop-as-alert converts drop, block, and reset rules into alert rules when loaded
---treat-drop-as-ignore use drop, sdrop, and reject rules to ignore session traffic when not inline
+--treat-drop-as-ignore use drop, block, and reset rules to ignore session traffic when not inline
@@ -24172,7 +24106,7 @@ bool alerts.log_references = false: include rule references in
-string alerts.order = pass drop alert log: change the order of rule action application
+string alerts.order = pass reset block drop alert log: change the order of rule action application
@@ -26417,7 +26351,7 @@ multi network.checksum_drop = none: drop if checksum is bad { a
-multi network.checksum_eval = none: checksums to verify { all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none }
+multi network.checksum_eval = all: checksums to verify { all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none }
@@ -27797,7 +27731,7 @@ enum smtp.xlink2state = alert: enable/disable xlink2state alert
-implied snort.--alert-before-pass: process alert, drop, sdrop, or reject before pass; default is pass before alert, drop,…
+implied snort.--alert-before-pass: evaluate alert rules before pass rules; default is pass rules first
@@ -28002,6 +27936,11 @@ string snort.-i: <iface>… list of interfaces
+string snort.--include-path: <path> where to find Lua and rule included files; searched before current or config directories
+
+
+
+
port snort.-j: <port> to listen for Telnet connections
@@ -28107,11 +28046,6 @@ string snort.-?: <option prefix> output matching command
-implied snort.--parsing-follows-files: parse relative paths from the perspective of the current configuration file
-
-
-
-
implied snort.--pause: wait for resume/quit command before processing packets/terminating
@@ -28232,6 +28166,11 @@ implied snort.--shell: enable the interactive command line
+implied snort.--show-file-codes: indicate how files are located: A=absolute and W, F, C which are relative to the working directory, including file, and config file respectively
+
+
+
+
implied snort.--show-plugins: list module and plugin versions
@@ -28277,12 +28216,12 @@ implied snort.--trace: turn on main loop debug trace
-implied snort.--treat-drop-as-alert: converts drop, sdrop, and reject rules into alert rules during startup
+implied snort.--treat-drop-as-alert: converts drop, block, and reset rules into alert rules when loaded
-implied snort.--treat-drop-as-ignore: use drop, sdrop, and reject rules to ignore session traffic when not inline
+implied snort.--treat-drop-as-ignore: use drop, block, and reset rules to ignore session traffic when not inline
@@ -34948,7 +34887,6 @@ change -> stream5_global: 'max_ip' ==> 'max_sessions'
change -> stream5_global: 'max_tcp' ==> 'max_sessions'
change -> stream5_global: 'max_udp' ==> 'max_sessions'
change -> stream5_global: 'min_response_seconds' ==> 'min_interval'
-change -> stream5_global: 'prune_log_max' ==> 'histogram'
change -> stream5_global: 'tcp_cache_nominal_timeout' ==> 'pruning_timeout'
change -> stream5_global: 'tcp_cache_pruning_timeout' ==> 'idle_timeout'
change -> stream5_global: 'udp_cache_nominal_timeout' ==> 'idle_timeout'
@@ -38219,7 +38157,7 @@ Adding/removing stream_* inspectors if stream was already configured