From: Priyanka Bangalore Gurudev (prbg) Date: Mon, 21 Jul 2025 20:08:07 +0000 (+0000) Subject: Pull request #4825: build: generate and tag 3.9.2.0 X-Git-Tag: 3.9.2.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fmaster;p=thirdparty%2Fsnort3.git Pull request #4825: build: generate and tag 3.9.2.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.2.0 to master Squashed commit of the following: commit 4d97754a635517d3a9fea202b4efb8656dced60e Author: Priyanka Gurudev Date: Sun Jul 20 23:19:55 2025 -0400 build: generate and tag 3.9.2.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 98fbcb669..110797ddf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 9) -set (VERSION_PATCH 1) +set (VERSION_PATCH 2) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 4a4293342..65f410768 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,18 @@ +2025-07-20: 3.9.2.0 + +* build: fix comparison of empty integers. Thanks to Hatix Ntsoa. +* cip: cip inspector fallback functionality +* extractor: modify JSON Formatter to improve performance +* file_api: multi instance snort related file cache sharing +* flow: watchdog kick in dump flow summary +* hash: ensure that find_else_create functions set is_new field in all cases +* hash: return cache size from remove so new size check can be atomic +* http_inspect: parameter name change from partial_depth to partial_depth_body +* http_param: clear body http_param after each flush +* main: do not start Analyzer if codec manager doesn't match any codec +* modbus: modbus paf abort +* stream_tcp: separate logs and counters for left and right invalid sequence numbers + 2025-06-29: 3.9.1.0 * appid: appid_debug_test and critical log fix diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 0ee6b0486..3b3bddd47 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.9.1.0 2025-06-29 23:11:37 EDT TST +Revision 3.9.2.0 2025-07-20 23:16:33 EDT TST --------------------------------------------------------------------- @@ -4081,8 +4081,8 @@ Configuration: bytes to examine (-1 no limit) { -1:max53 } * int http_inspect.response_depth = -1: maximum response message body bytes to examine (-1 no limit) { -1:max53 } - * int http_inspect.partial_depth = 0: maximum request body to send - to early detection (0 disabled, -1 no limit) { -1:16384 } + * int http_inspect.partial_depth_body = 0: maximum request body to + send to early detection (0 disabled, -1 no limit) { -1:16384 } * bool http_inspect.unzip = true: decompress gzip and deflate message bodies * int http_inspect.maximum_host_length = -1: maximum allowed length @@ -6237,8 +6237,10 @@ Peg counts: * stream_tcp.discards: tcp packets discarded (sum) * stream_tcp.discards_skipped: tcp packet discards skipped due to normalization disabled (sum) - * stream_tcp.invalid_seq_num: tcp packets received with an invalid - sequence number (sum) + * stream_tcp.invalid_seq_left: tcp packets received that fall to + the left of the current TCP window (spurious retransmits) (sum) + * stream_tcp.invalid_seq_right: tcp packets received that fall to + the right of the current TCP window (sum) * stream_tcp.invalid_ack: tcp packets received with an invalid ack number (sum) * stream_tcp.no_flags_set: tcp packets received with no TCP flags @@ -10262,8 +10264,8 @@ libraries see the Getting Started section of the manual. encodings in response bodies * int http_inspect.oversize_dir_length = 300: maximum length for URL directory { 1:65535 } - * int http_inspect.partial_depth = 0: maximum request body to send - to early detection (0 disabled, -1 no limit) { -1:16384 } + * int http_inspect.partial_depth_body = 0: maximum request body to + send to early detection (0 disabled, -1 no limit) { -1:16384 } * bool http_inspect.percent_u = false: normalize %uNNNN and %UNNNN encodings * bool http_inspect.plus_to_space = true: replace + with when @@ -12960,8 +12962,10 @@ libraries see the Getting Started section of the manual. * stream_tcp.internal_events: 135:X events generated (sum) * stream_tcp.invalid_ack: tcp packets received with an invalid ack number (sum) - * stream_tcp.invalid_seq_num: tcp packets received with an invalid - sequence number (sum) + * stream_tcp.invalid_seq_left: tcp packets received that fall to + the left of the current TCP window (spurious retransmits) (sum) + * stream_tcp.invalid_seq_right: tcp packets received that fall to + the right of the current TCP window (sum) * stream_tcp.keep_alive_probes: number of tcp keep-alive probes (sum) * stream_tcp.max_bytes_exceeded_hole: number of times max bytes diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 9eca87725..a997741d8 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.9.1.0 2025-06-29 23:12:18 EDT TST +Revision 3.9.2.0 2025-07-20 23:17:26 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index d891c74ea..b9e9331d1 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.9.1.0 2025-06-29 23:11:50 EDT TST +Revision 3.9.2.0 2025-07-20 23:16:51 EDT TST --------------------------------------------------------------------- @@ -4094,21 +4094,21 @@ consumes somewhat more of the sensor’s resources. This feature is off by default. script_detection = true will activate it. -5.10.3.4. partial_depth +5.10.3.4. partial_depth_body Partial depth detection is a feature that enables Snort to more quickly detect and block malicious requests. It is configured by the -partial_depth parameter which can take values in the range -1-16384 -bytes. The feature is enabled by setting partial_depth to some non -zero value. When the feature is enabled and either, the number of -bytes received in the request body is below the value specified by -partial_depth, or partial_depth is set to -1, unlimited; it -immediately forwards the available part of the message body for early -detection. This enables earlier threat detection but consumes -somewhat more of the sensor’s resources. - -This feature is turned off by default by setting partial_depth = 0. -To activate it, set partial_depth to the desired value. +partial_depth_body parameter which can take values in the range +-1-16384 bytes. The feature is enabled by setting partial_depth_body +to some non zero value. When the feature is enabled and either, the +number of bytes received in the request body is below the value +specified by partial_depth_body, or partial_depth_body is set to -1, +unlimited; it immediately forwards the available part of the message +body for early detection. This enables earlier threat detection but +consumes somewhat more of the sensor’s resources. + +This feature is turned off by default by setting partial_depth_body = +0. To activate it, set partial_depth_body to the desired value. 5.10.3.5. gzip