From: Russ Combs (rucombs) Date: Thu, 14 Jan 2021 14:53:06 +0000 (+0000) Subject: Merge pull request #2699 in SNORT/snort3 from ~MIALTIZE/snort3:version to master X-Git-Tag: 3.1.0.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94a0867671079d8d19797218dfc89e6e308691b1;p=thirdparty%2Fsnort3.git Merge pull request #2699 in SNORT/snort3 from ~MIALTIZE/snort3:version to master Squashed commit of the following: commit fde481c81ff3499cd9b5cf8f18557a4801378021 Author: Michael Altizer Date: Wed Jan 13 12:57:23 2021 -0500 build: Generate and tag 3.1.0 commit d8ba67eba1dac5e7e6ef19b02d252c4f1f6985f4 Author: Michael Altizer Date: Wed Jan 13 12:57:23 2021 -0500 build: Add support for version sublevel and build via CMake The sublevel version in CMakeLists.txt acts as a fourth digit for the version. It is expected to be 0 in the master branch in all but the rarest cases. The VERSION_BUILD CMake variable can be defined and used by an external build system for artifact tracking. If a build number is not manually defined, all mention of build numbers will be stripped from Snort's output. To set VERSION_BUILD from configure_cmake.sh, the SNORT_BUILD_NUMBER variable is used from the command line options. Note: A build number of 0 will be ignored and treated as though it was not set. commit 8dff1244a18d88b2f2f3da7241f335d7f97159ed Author: Michael Altizer Date: Wed Jan 13 12:57:23 2021 -0500 stream_tcp: Remove obsolete flush_data_ready() function --- diff --git a/CMakeLists.txt b/CMakeLists.txt index fbc5a88a6..a7219cd37 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,9 +2,14 @@ cmake_minimum_required (VERSION 3.4.3) project (snort CXX C) set (VERSION_MAJOR 3) -set (VERSION_MINOR 0) -set (VERSION_PATCH 3) -set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}") +set (VERSION_MINOR 1) +set (VERSION_PATCH 0) +set (VERSION_SUBLEVEL 0) +set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") + +if (DEFINED VERSION_BUILD) + set (BUILD "${VERSION_BUILD}") +endif () set (CMAKE_CXX_STANDARD 14) set (CMAKE_CXX_STANDARD_REQUIRED ON) @@ -79,9 +84,13 @@ add_custom_target(uninstall string(TOUPPER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_UPPER) message(" -------------------------------------------------------- -${CMAKE_PROJECT_NAME} version ${VERSION} - +-------------------------------------------------------") +if (DEFINED BUILD) + message("${CMAKE_PROJECT_NAME} version ${VERSION} build ${BUILD}") +else() + message("${CMAKE_PROJECT_NAME} version ${VERSION}") +endif() +message(" Install options: prefix: ${CMAKE_INSTALL_PREFIX} includes: ${CMAKE_INSTALL_FULL_INCLUDEDIR}/${INSTALL_SUFFIX} diff --git a/ChangeLog b/ChangeLog index 2389fdb94..66dfd7508 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,29 @@ +2021/01/13 - 3.1.0.0 + +-- appid: Store stats in map +-- appid: Tear down third-party when appid gets disabled +-- build: Add support for version sublevel and build via CMake +-- dce_rpc: Handle Flow from File inspection +-- host_cache: Add command to output host_cache usage, pegs, and memcap +-- http2_inspect: Add total_bytes peg to track HTTP/2 data bytes inspected +-- http_inspect: Abort on HTTP/2 connection preface +-- http_inspect: Add total_bytes peg to track HTTP data bytes inspected +-- http_inspect: Alert on truncated chunked and content-length message bodies +-- http_inspect: Support stretch for Http2 +-- log: Reuse TextLog buffer for a large data + Thanks to Chris White for reporting the issue. +-- packet_io: IDS mode should not give blacklist verdict for Intrusion event +-- rna: Fix version, vendor and user string comparison at maximum length +-- rna: Perform appropriate filter check based on the event type +-- rna: Revert rna performance optimizations +-- rpc_decode: Implement adjust_to_fit for RPC splitter +-- stream_tcp: Delete redundant calls to check if the tcp packet contains a data payload +-- stream_tcp: Fix issues causing overrun of the pdu reassembly buffer, make splitters + authoritative of size of the reassembled pdu +-- stream_tcp: On midstream pickup, when first packet is a data segment, set flag on talker tracker + to reinit seglist base seg on first received data packet +-- stream_tcp: Remove obsolete flush_data_ready() function + 2020/12/20 - 3.0.3 build 6 -- active: Fix falling back on using raw IP for active responses when no device is specified diff --git a/config.cmake.h.in b/config.cmake.h.in index 94c416ee8..d50c6cff1 100644 --- a/config.cmake.h.in +++ b/config.cmake.h.in @@ -20,6 +20,9 @@ /* Version number of package */ #define VERSION "@VERSION@" +/* Build number for this build */ +#cmakedefine BUILD "@BUILD@" + /* see configure.ac for the purpose of API_OPTIONS */ /* there is no cmake magic yet to configure this */ /* but luckily it is not yet needed */ diff --git a/configure_cmake.sh b/configure_cmake.sh index d9e24c246..f95fbf7ef 100755 --- a/configure_cmake.sh +++ b/configure_cmake.sh @@ -116,15 +116,17 @@ Optional Packages: --with-uuid-libraries=DIR libuuid library directory -Some influential environment variables: - SIGNAL_SNORT_RELOAD= - set the SIGNAL_SNORT_RELOAD value - SIGNAL_SNORT_DUMP_STATS - set the SIGNAL_SNORT_DUMP_STATS value - SIGNAL_SNORT_ROTATE_STATS - set the SIGNAL_SNORT_ROTATE_STATS value - SIGNAL_SNORT_READ_ATTR_TBL - set the SIGNAL_SNORT_READ_ATTR_TBL value +Some influential variable definitions: + SIGNAL_SNORT_RELOAD= + override the signal used to reload configuration (default: SIGHUP) + SIGNAL_SNORT_DUMP_STATS= + override the signal used to dump run-time statistics (default: SIGUSR1) + SIGNAL_SNORT_ROTATE_STATS= + override the signal used to force rotation of stats files (default: SIGUSR2) + SIGNAL_SNORT_READ_ATTR_TBL= + override the signal used to reload the host attributes table (default: SIGURG) + SNORT_BUILD_NUMBER= + define a build number for this build of Snort " sourcedir="$( cd "$( dirname "$0" )" && pwd )" @@ -437,6 +439,9 @@ while [ $# -ne 0 ]; do SIGNAL_SNORT_READ_ATTR_TBL=*) append_cache_entry SIGNAL_SNORT_READ_ATTR_TBL STRING $optarg ;; + SNORT_BUILD_NUMBER=*) + append_cache_entry VERSION_BUILD STRING $optarg + ;; *) echo "Invalid option '$1'. Try $0 --help to see available options." exit 1 diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index aff106e73..4c229ffdd 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.0.3 (Build 6) 2020-12-20 13:38:32 EST TST +Revision 3.1.0.0 2021-01-13 13:25:56 EST TST --------------------------------------------------------------------- @@ -776,6 +776,7 @@ Commands: from host * host_cache.delete_client(host_ip, id, service, version): delete client from host + * host_cache.get_stats(): get current host cache usage and pegs Peg counts: @@ -3613,6 +3614,8 @@ Peg counts: dynamic table (max) * http2_inspect.max_concurrent_files: maximum concurrent file transfers per HTTP/2 connection (max) + * http2_inspect.total_bytes: total HTTP/2 data bytes inspected + (sum) 5.24. http_inspect @@ -3827,6 +3830,9 @@ Rules: message completed * 119:259 (http_inspect) malformed HTTP Content-Disposition filename parameter + * 119:260 (http_inspect) HTTP Content-Length message body was + truncated + * 119:261 (http_inspect) HTTP chunked message body was truncated Peg counts: @@ -3877,6 +3883,7 @@ Peg counts: pipelined requests (sum) * http_inspect.pipelined_requests: total requests placed in a pipeline (sum) + * http_inspect.total_bytes: total HTTP data bytes inspected (sum) 5.25. imap @@ -10668,6 +10675,8 @@ these libraries see the Getting Started section of the manual. sessions (max) * http2_inspect.max_table_entries: maximum entries in an HTTP/2 dynamic table (max) + * http2_inspect.total_bytes: total HTTP/2 data bytes inspected + (sum) * http_inspect.chunked: chunked message bodies (sum) * http_inspect.concurrent_sessions: total concurrent http sessions (now) @@ -10709,6 +10718,7 @@ these libraries see the Getting Started section of the manual. HTTP responses (sum) * http_inspect.ssl_srch_abandoned_early: total SSL search abandoned too soon (sum) + * http_inspect.total_bytes: total HTTP data bytes inspected (sum) * http_inspect.trace_requests: TRACE requests inspected (sum) * http_inspect.uri_coding: URIs with character coding problems (sum) @@ -11642,6 +11652,9 @@ these libraries see the Getting Started section of the manual. message completed * 119:259 (http_inspect) malformed HTTP Content-Disposition filename parameter + * 119:260 (http_inspect) HTTP Content-Length message body was + truncated + * 119:261 (http_inspect) HTTP chunked message body was truncated * 121:1 (http2_inspect) invalid flag set on HTTP/2 frame * 121:2 (http2_inspect) HPACK integer value has leading zeros * 121:3 (http2_inspect) HTTP/2 stream initiated with invalid stream @@ -11976,6 +11989,7 @@ these libraries see the Getting Started section of the manual. from host * host_cache.delete_client(host_ip, id, service, version): delete client from host + * host_cache.get_stats(): get current host cache usage and pegs * packet_capture.enable(filter): dump raw packets * packet_capture.disable(): stop packet dump * packet_tracer.enable(proto, src_ip, src_port, dst_ip, dst_port): diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 876bb1596..f0e146ab4 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.0.3 (Build 6) 2020-12-20 13:38:24 EST TST +Revision 3.1.0.0 2021-01-13 13:25:45 EST TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 68865b749..44a6627d1 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.0.3 (Build 6) 2020-12-20 13:38:24 EST TST +Revision 3.1.0.0 2021-01-13 13:25:45 EST TST --------------------------------------------------------------------- diff --git a/src/helpers/process.cc b/src/helpers/process.cc index c3cd080c1..4d701b2ad 100644 --- a/src/helpers/process.cc +++ b/src/helpers/process.cc @@ -39,9 +39,9 @@ #include "log/messages.h" #include "main.h" -#include "main/build.h" #include "main/oops_handler.h" #include "main/snort_config.h" +#include "utils/cpp_macros.h" #include "utils/stats.h" #include "utils/util.h" @@ -276,7 +276,11 @@ static void oops_handler(int signal) } SigSafePrinter ssp(STDERR_FILENO); ssp.printf("\nSnort (PID %u) caught fatal signal: %s\n", getpid(), sigstr); +#ifdef BUILD ssp.printf("Version: " VERSION " Build " BUILD "\n\n"); +#else + ssp.printf("Version: " VERSION "\n\n"); +#endif #ifdef HAVE_LIBUNWIND // Try to pretty-print a stack trace using libunwind to traverse the stack. diff --git a/src/main/CMakeLists.txt b/src/main/CMakeLists.txt index 95aa8a465..680d861a9 100644 --- a/src/main/CMakeLists.txt +++ b/src/main/CMakeLists.txt @@ -27,7 +27,6 @@ add_library (main OBJECT analyzer.cc analyzer.h analyzer_command.cc - build.h help.cc help.h modules.cc diff --git a/src/main/bootstrap.lua b/src/main/bootstrap.lua index e1d5af714..0a659260c 100644 --- a/src/main/bootstrap.lua +++ b/src/main/bootstrap.lua @@ -137,6 +137,7 @@ function create_sandbox_env() SNORT_MAJOR_VERSION = SNORT_MAJOR_VERSION, SNORT_MINOR_VERSION = SNORT_MINOR_VERSION, SNORT_PATCH_VERSION = SNORT_PATCH_VERSION, + SNORT_SUBLEVEL_VERSION = SNORT_SUBLEVEL_VERSION, tweaks = tweaks, } diff --git a/src/main/build.h b/src/main/build.h deleted file mode 100644 index 8cfb88209..000000000 --- a/src/main/build.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef BUILD_H -#define BUILD_H - -#include "utils/cpp_macros.h" - -//-----------------------------------------------// -// ____ _ // -// / ___| _ __ ___ _ __| |_ _ _ // -// \___ \| '_ \ / _ \| '__| __|| |_ _| |_ // -// ___) | | | | (_) | | | ||_ _|_ _| // -// |____/|_| |_|\___/|_| \__||_| |_| // -// // -//-----------------------------------------------// - -#define BUILD_NUMBER 6 - -#ifndef EXTRABUILD -#define BUILD STRINGIFY_MX(BUILD_NUMBER) -#else -#define BUILD STRINGIFY_MX(PPCAT_MX(BUILD_NUMBER, EXTRABUILD)) -#endif - -#endif - diff --git a/src/main/shell.cc b/src/main/shell.cc index c66cab452..c08b07bb2 100644 --- a/src/main/shell.cc +++ b/src/main/shell.cc @@ -39,7 +39,6 @@ #include "parser/parser.h" #include "utils/stats.h" -#include "build.h" #include "lua_bootstrap.h" #include "lua_finalize.h" @@ -55,6 +54,7 @@ static const char* versions[] = { "SNORT_MAJOR_VERSION", "SNORT_MINOR_VERSION", "SNORT_PATCH_VERSION", + "SNORT_SUBLEVEL_VERSION", nullptr }; @@ -62,7 +62,11 @@ static void install_version_strings(lua_State* L) { assert(versions[0]); +#ifdef BUILD lua_pushstring(L, VERSION "-" BUILD); +#else + lua_pushstring(L, VERSION); +#endif lua_setglobal(L, versions[0]); std::istringstream vs(VERSION); diff --git a/src/main/snort.cc b/src/main/snort.cc index 30647d189..4680e30fb 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -83,7 +83,6 @@ #include "control_mgmt.h" #endif -#include "build.h" #include "snort_config.h" #include "thread_config.h" @@ -127,7 +126,11 @@ void Snort::init(int argc, char** argv) SnortConfig::set_conf(snort_cmd_line_conf); LogMessage("--------------------------------------------------\n"); +#ifdef BUILD LogMessage("%s Snort++ %s-%s\n", get_prompt(), VERSION, BUILD); +#else + LogMessage("%s Snort++ %s\n", get_prompt(), VERSION); +#endif LogMessage("--------------------------------------------------\n"); #ifdef PIGLET diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index b318cbf9d..bf31e3560 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -91,19 +91,6 @@ uint32_t TcpReassembler::get_pending_segment_count(TcpReassemblerState& trs, uns return n; } -bool TcpReassembler::flush_data_ready(TcpReassemblerState& trs) -{ - // needed by stream_reassemble:action disable; can fire on rebuilt - // packets, yanking the splitter out from under us :( - if ( !trs.tracker->is_reassembly_enabled() ) - return false; - - if ( (trs.tracker->get_flush_policy() == STREAM_FLPOLICY_ON_DATA) || trs.tracker->is_splitter_paf() ) - return ( is_segment_pending_flush(trs) ); - - return ( get_pending_segment_count(trs, 2) > 1 ); // FIXIT-L return false? -} - bool TcpReassembler::next_no_gap(const TcpSegmentNode& tsn) { return tsn.next and (tsn.next->i_seq == tsn.i_seq + tsn.i_len); diff --git a/src/stream/tcp/tcp_reassembler.h b/src/stream/tcp/tcp_reassembler.h index 04c88f868..36abe19d4 100644 --- a/src/stream/tcp/tcp_reassembler.h +++ b/src/stream/tcp/tcp_reassembler.h @@ -59,7 +59,6 @@ protected: virtual void insert_segment_in_empty_seglist(TcpReassemblerState&, TcpSegmentDescriptor&); virtual void insert_segment_in_seglist(TcpReassemblerState&, TcpSegmentDescriptor&); virtual uint32_t get_pending_segment_count(TcpReassemblerState&, unsigned max); - bool flush_data_ready(TcpReassemblerState&); int trim_delete_reassembly_segment(TcpReassemblerState&, TcpSegmentNode*, uint32_t flush_seq); void queue_reassembly_segment(TcpReassemblerState&, TcpSegmentNode* prev, TcpSegmentNode*); void init_overlap_editor(TcpReassemblerState&, TcpSegmentDescriptor&); diff --git a/src/utils/util.cc b/src/utils/util.cc index e6c02ac0f..d61330ced 100644 --- a/src/utils/util.cc +++ b/src/utils/util.cc @@ -58,7 +58,6 @@ extern "C" { #include #include "log/messages.h" -#include "main/build.h" #include "main/snort_config.h" #include "packet_io/sfdaq.h" #include "protocols/packet.h" // For NUM_IP_PROTOS @@ -75,7 +74,11 @@ using namespace snort; * Store interesting data in memory that would not otherwise be visible * in a CORE(5) file ***************************************************************************/ -#define SNORT_VERSION_STRING ("### Snort Version " VERSION " Build " BUILD "\n") +#ifdef BUILD + #define SNORT_VERSION_STRING ("### Snort Version " VERSION " Build " BUILD "\n") +#else + #define SNORT_VERSION_STRING ("### Snort Version " VERSION "\n") +#endif #define SNORT_VERSION_STRLEN sizeof(SNORT_VERSION_STRING) char __snort_version_string[SNORT_VERSION_STRLEN]; @@ -96,7 +99,11 @@ int DisplayBanner() LogMessage("\n"); LogMessage(" ,,_ -*> Snort++ <*-\n"); +#ifdef BUILD LogMessage(" o\" )~ Version %s (Build %s)\n", VERSION, BUILD); +#else + LogMessage(" o\" )~ Version %s\n", VERSION); +#endif LogMessage(" '''' By Martin Roesch & The Snort Team\n"); LogMessage(" http://snort.org/contact#team\n"); LogMessage(" Copyright (C) 2014-2020 Cisco and/or its affiliates."