From: Michael Altizer (mialtize) Date: Mon, 16 Nov 2020 19:01:49 +0000 (+0000) Subject: Merge pull request #2620 in SNORT/snort3 from ~MIALTIZE/snort3:3_0_3_build_5 to master X-Git-Tag: 3.0.3-5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9b241bfae3d3d6990bc552ea9fafd541433794b;p=thirdparty%2Fsnort3.git Merge pull request #2620 in SNORT/snort3 from ~MIALTIZE/snort3:3_0_3_build_5 to master Squashed commit of the following: commit 8e5ce3384dd09812f970867573d0b7dae26327cf Author: Michael Altizer Date: Mon Nov 16 12:05:34 2020 -0500 build: Generate and tag 3.0.3 build 5 commit 392ec3ea76e567eeb8805312a577d3d0e10a0bc4 Author: Michael Altizer Date: Wed Nov 4 11:43:54 2020 -0500 flow: Flesh out swap_roles() to swap more client/server fields --- diff --git a/ChangeLog b/ChangeLog index 94b6767b7..e9deef480 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,40 @@ +2020/11/16 - 3.0.3 build 5 + +-- appid: Add unit test to verify HA data for flow unmonitored by appid +-- appid: Handle cppcheck warnings +-- appid: Prefix http/2 decrypted urls with https:// +-- appid: Support client login failure event +-- flow: Do not remove the flow during pruning/reload during IPS event with block action +-- flow: Flesh out swap_roles() to swap more client/server fields +-- flow: Set client initiated flag based on DAQ reverse flow flag, track on syn config, and syn-ack + packet +-- ftp: Handle FTP detection when ftp data segment size changes +-- host_tracker: Ignore IP family when comparing SfIp keys in the host cache +-- http2_inspect: Data frame redesign +-- http2_inspect: Multi-segment reassemble discard bug fix +-- http2_inspect: Perform hpack decoding on push_promise frames +-- http2_inspect: Refactor data cutter +-- http2_inspect: Refactor scan() +-- http2_inspect: Remove const cast +-- http2_inspect: Send push_promise frames through http_inspect +-- ips_options: Don't move cursor in byte_math +-- main: Set up logging flags globally to avoid dependencies on a particular SnortConfig object +-- payload_injector: Refactoring +-- payload_injector: Remove content length and connection for HTTP/2 +-- rna: Add command to delete MAC hosts and protos +-- rna: Delete payloads when clients, services are deleted; add unit tests +-- rna: Discover banner on service version or response events +-- rna: Don't process packet in eval if eth bit not set +-- rna: Log src mac from packet containing CDP message when host type change event is generated +-- rna: Support banner discovery +-- rna: Support change service event with null version and vendor +-- rna: Support user login failure discovery +-- smtp: Make sure the ssl search abandoned flag is preserved for reset +-- stream_tcp: Remove redundant/unneeded asserts that check if tcp event is for a meta-ack + psuedo-packet +-- thread_config: Show thread ID when logging binding information +-- trace: Add missing packet information to some of the messages + 2020/10/27 - 3.0.3 build 4 -- actions: Add support to react for HTTP/2 diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 53151f511..a6f92de77 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.0.3 (Build 4) 2020-10-27 14:24:13 EDT TST +Revision 3.0.3 (Build 5) 2020-11-16 12:11:59 EST TST --------------------------------------------------------------------- @@ -3500,6 +3500,10 @@ Peg counts: * ftp_server.ssl_search_abandoned: total SSL search abandoned (sum) * ftp_server.ssl_srch_abandoned_early: total SSL search abandoned too soon (sum) + * ftp_server.pkt_segment_size_changed: total number of FTP data + packets with segment size change (sum) + * ftp_server.flow_segment_size_changed: total number of FTP + sessions with segment size change (sum) 5.22. gtp_inspect @@ -4596,6 +4600,9 @@ Configuration: Commands: * rna.dump_macs(): dump rna’s internal MAC trackers + * rna.delete_mac_host(mac): delete a MAC from rna’s MAC cache + * rna.delete_mac_host_proto(mac, proto): delete a protocol + associated with a MAC host Peg counts: @@ -10527,8 +10534,12 @@ these libraries see the Getting Started section of the manual. * ftp_data.packets: total packets (sum) * ftp_server.concurrent_sessions: total concurrent FTP sessions (now) + * ftp_server.flow_segment_size_changed: total number of FTP + sessions with segment size change (sum) * ftp_server.max_concurrent_sessions: maximum concurrent FTP sessions (max) + * ftp_server.pkt_segment_size_changed: total number of FTP data + packets with segment size change (sum) * ftp_server.ssl_search_abandoned: total SSL search abandoned (sum) * ftp_server.ssl_srch_abandoned_early: total SSL search abandoned too soon (sum) @@ -11918,6 +11929,9 @@ these libraries see the Getting Started section of the manual. * perf_monitor.show_flow_ip_profiling(): show status of statistics on host pairs * rna.dump_macs(): dump rna’s internal MAC trackers + * rna.delete_mac_host(mac): delete a MAC from rna’s MAC cache + * rna.delete_mac_host_proto(mac, proto): delete a protocol + associated with a MAC host * snort.show_plugins(): show available plugins * snort.delete_inspector(inspector): delete an inspector from the default policy diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 7e086b430..d452943ec 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.0.3 (Build 4) 2020-10-27 14:24:05 EDT TST +Revision 3.0.3 (Build 5) 2020-11-16 12:11:50 EST TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 7d632c30a..55c827d33 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.0.3 (Build 4) 2020-10-27 14:24:05 EDT TST +Revision 3.0.3 (Build 5) 2020-11-16 12:11:50 EST TST --------------------------------------------------------------------- diff --git a/src/flow/flow.cc b/src/flow/flow.cc index a3d724e20..1cd14a7a3 100644 --- a/src/flow/flow.cc +++ b/src/flow/flow.cc @@ -537,9 +537,14 @@ void Flow::set_service(Packet* pkt, const char* new_service) void Flow::swap_roles() { - flags.client_initiated = !flags.client_initiated; - std::swap(client_ip, server_ip); - std::swap(client_port, server_port); std::swap(flowstats.client_pkts, flowstats.server_pkts); std::swap(flowstats.client_bytes, flowstats.server_bytes); + std::swap(mpls_client, mpls_server); + std::swap(client_ip, server_ip); + std::swap(client_intf, server_intf); + std::swap(client_group, server_group); + std::swap(client_port, server_port); + std::swap(inner_client_ttl, inner_server_ttl); + std::swap(outer_client_ttl, outer_server_ttl); + flags.client_initiated = !flags.client_initiated; } diff --git a/src/main/build.h b/src/main/build.h index 58355b176..63325a081 100644 --- a/src/main/build.h +++ b/src/main/build.h @@ -12,7 +12,7 @@ // // //-----------------------------------------------// -#define BUILD_NUMBER 4 +#define BUILD_NUMBER 5 #ifndef EXTRABUILD #define BUILD STRINGIFY_MX(BUILD_NUMBER)