]>
git.ipfire.org Git - thirdparty/snort3.git/log
Tom Peters (thopeter) [Mon, 10 Jan 2022 19:46:58 +0000 (19:46 +0000)]
Pull request #3218: US #684704: http_inspect: improve version processing
Merge in SNORT/snort3 from ~MDAGON/snort3:version to master
Squashed commit of the following:
commit
678d5e1729f67abcbe05886aefc60485ff7e9d27
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Nov 30 15:57:27 2021 -0500
http_inspect: version update, http_version_match rule option
Tom Peters (thopeter) [Fri, 7 Jan 2022 18:12:29 +0000 (18:12 +0000)]
Pull request #3230: stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user
Merge in SNORT/snort3 from ~KATHARVE/snort3:hext to master
Squashed commit of the following:
commit
2eda9ec4fa6b39f1ae9a11183e9900d72437da59
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Dec 21 15:47:52 2021 -0500
stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user
Mike Stepanek (mstepane) [Thu, 6 Jan 2022 11:44:44 +0000 (11:44 +0000)]
Pull request #3223: Enhanced JavaScript normalizer doc updates
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_dealias to master
Squashed commit of the following:
commit
7ad6621c147fb068c308ec8c3c8e4ece4bbcf8f9
Author: dkyrylov <dkyrylov@cisco.com>
Date: Thu Dec 16 16:15:39 2021 +0200
doc: update JavaScript normalization docs
Add references to the enhanced javascript normalizer
in builtin alerts;
Clarify limits in js_norm_identifier_depth;
Reword ECMAScript related paragraph in dev_notes;
Add de-aliasing to http_inspect and dev_notes;
Cleanup and reword option descriptions.
Tom Peters (thopeter) [Wed, 22 Dec 2021 17:00:41 +0000 (17:00 +0000)]
Pull request #3227: http2_inspect: hardening
Merge in SNORT/snort3 from ~THOPETER/snort3:h2i23 to master
Squashed commit of the following:
commit
74e4038907b3f282fb03262caa3376caf19002e5
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Dec 21 14:21:22 2021 -0500
http2_inspect: hardening
Shravan Rangarajuvenkata (shrarang) [Tue, 21 Dec 2021 23:02:59 +0000 (23:02 +0000)]
Pull request #3226: appid: make peg counts consistent with what is reported to external components
Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_stats to master
Squashed commit of the following:
commit
45601fb546e99d0f26d557408682f94c7c88e157
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Dec 10 13:06:57 2021 -0500
appid: make peg counts consistent with what is reported to external components
Tom Peters (thopeter) [Tue, 21 Dec 2021 19:48:32 +0000 (19:48 +0000)]
Pull request #3225: BUG #719540: Hitting assert while reading config where dnp3_ind has an extra space after opening "
Merge in SNORT/snort3 from ~MDAGON/snort3:parse_assert to master
Squashed commit of the following:
commit
dcb79d812ff190776680815b8dcff6b79c9ca7de
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Dec 17 15:27:48 2021 -0500
dnp3, gtp, file_type: fix assert while parsing string param
Shravan Rangarajuvenkata (shrarang) [Fri, 17 Dec 2021 00:44:13 +0000 (00:44 +0000)]
Pull request #3222: appid: update appid api to include ssh in the list of service inspectors that need inspection
Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_ssh_inspection_needed to master
Squashed commit of the following:
commit
f1abc98a2de81509845b3d7d3e8bc99d3277ff04
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Dec 16 12:56:49 2021 -0500
appid: update appid api to include ssh in the list of service inspectors that need inspection
Tom Peters (thopeter) [Thu, 16 Dec 2021 23:24:15 +0000 (23:24 +0000)]
Pull request #3203: http2_inspect: don't send data frames to the http stream splitter when it's not expecting them
Merge in SNORT/snort3 from ~KATHARVE/snort3:h2_unexpected_data_frames to master
Squashed commit of the following:
commit
ca74f8065c003468325bfd4cfab69d3bb19de67e
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Dec 1 11:41:51 2021 -0500
http2_inspect: don't send data frames to the http stream splitter when it's not expecting them
Masud Hasan (mashasan) [Thu, 16 Dec 2021 20:00:07 +0000 (20:00 +0000)]
Pull request #3216: stream_tcp: Skip seglist gap in post-ack mode if data is acked beyond the gap
Merge in SNORT/snort3 from ~MASHASAN/snort3:post_ack_gap2 to master
Squashed commit of the following:
commit
9cf27746cc85718d6273cdf061814fdbf51f8479
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Nov 29 18:19:08 2021 -0500
stream_tcp: Skip seglist gap in post-ack mode if data is acked beyond the gap
Shravan Rangarajuvenkata (shrarang) [Wed, 15 Dec 2021 14:41:40 +0000 (14:41 +0000)]
Pull request #3214: appid: changes to handle SNI in efp event.
Merge in SNORT/snort3 from ~PRBHALER/snort3:quic_meta to master
Squashed commit of the following:
commit
4d0950cfc918aec9104ca349d5dfa16150b5b202
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Fri Dec 10 15:38:16 2021 +0530
appid: handle SNI in efp event.
Mike Stepanek (mstepane) [Wed, 15 Dec 2021 14:10:35 +0000 (14:10 +0000)]
Pull request #3221: build: generate and tag 3.1.19.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.19.0 to master
Squashed commit of the following:
commit
e76365d934a248a4053e7e6c0d503f09d87ef6af
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Dec 15 05:37:21 2021 -0500
build: generate and tag 3.1.19.0
Mike Stepanek (mstepane) [Wed, 15 Dec 2021 10:11:39 +0000 (10:11 +0000)]
Pull request #3220: parser: fix missing-prototypes warning in parse_ports.cc
Merge in SNORT/snort3 from ~VHORBATO/snort3:parser_warn to master
Squashed commit of the following:
commit
b55c952067ba84eb5392c6538b01a2fad32c9b1a
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Dec 15 09:46:41 2021 +0200
parser: fix missing-prototypes warning in parse_ports.cc
Shravan Rangarajuvenkata (shrarang) [Tue, 14 Dec 2021 20:38:57 +0000 (20:38 +0000)]
Pull request #3189: Roll AppId's SSH detector into SSH service inspector
Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_ssh to master
Squashed commit of the following:
commit
49d2ca8ea4b6b75607dc2169a41d0efff2490354
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Nov 30 23:11:23 2021 -0500
framework, appid: generate NO_SERVICE event when no inspector can be attached to a flow; wait for the event in appid before declaring service as unknown for the flow
commit
7cfa805c36bae248f12dde37a4cdc073bd24a797
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Nov 30 17:14:55 2021 -0500
appid: remove hard-coded SSH client patterns which are available as part of ODP
commit
a9cdcc3457b03bfa5f37e5bd2c6ae252c11fe247
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Nov 30 14:59:27 2021 -0500
appid, ssh: Roll AppId's SSH detector into SSH service inspector
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 19:40:36 +0000 (19:40 +0000)]
Pull request #3210: perf_monitor: periodically update telemetry data during thread's idle mode
Merge in SNORT/snort3 from ~SVLASIUK/snort3:perf_mon to master
Squashed commit of the following:
commit
481156c654cf73ba797febd0608cd8fd9bd8cc8e
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Thu Dec 9 15:58:52 2021 +0200
managers: continue inspectors probe when packet has disable_inspect flag
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 16:37:52 +0000 (16:37 +0000)]
Pull request #3217: Refactoring JS normalizer tests.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_utest_refactor to master
Squashed commit of the following:
commit
9ed93df3d297cb83ed90adcfffd470fb2213eeae
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Dec 14 16:16:42 2021 +0200
utils: update JS normalizer unit tests
Common configurations are moved to a single place.
A variable with a list of ignored words is renamed.
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 16:20:22 +0000 (16:20 +0000)]
Pull request #3204: snort2lua: fix conversion of variable sets
Merge in SNORT/snort3 from ~VHORBATO/snort3:snort2lua_variable_sets to master
Squashed commit of the following:
commit
be7fda807ef950888e6a0a60aa191afc6bc0cd44
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Dec 14 15:19:48 2021 +0200
parser: fix parsing of portsets
commit
de2580df2b80d2a7af35263337adde967b09ba76
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Dec 14 15:18:52 2021 +0200
snort2lua: fix conversion of variable sets
Mike Stepanek (mstepane) [Tue, 14 Dec 2021 13:48:34 +0000 (13:48 +0000)]
Pull request #3191: JS config options renamed.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_opt_rename to master
Squashed commit of the following:
commit
b5b282b913c81862ccb49d4ba1517daaf04d30af
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Dec 7 21:14:44 2021 +0200
lua: configure a list of JS ignored IDs in default_http_inspect table
In snort.lua the http_inspect gets its configuration from default_http_inspect.
commit
bb10c13a80cdc0ea1dcbc0943ec89b45b23d2ce7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 30 16:23:47 2021 +0200
http_inspect: rename js normalization options
Options follow:
js_normalization_depth -> js_norm_bytes_depth
js_norm_built_in_ident -> js_norm_ident_ignore
default_js_norm_built_in_ident -> default_js_norm_ident_ignore
commit
3a32db4eba31b2571f3e8f98d3ec731a34fc61d8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 30 15:53:28 2021 +0200
utils: place init/deinit routine under a single function
commit
d643e38681ea1acad8f0ff7226715dba878f508c
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Nov 29 13:21:28 2021 +0200
build: move flex options to the template file
Keep all code-generator related options in the original file.
CLI option '-Ca' resides, because only this option extends DFA table size,
which is absolutely needed to translate all the rules from original file.
(See set_up_initial_allocations() in flex/src/main.c).
Directive 'full' also adds '-Cr' (no performance changes).
Mike Stepanek (mstepane) [Mon, 13 Dec 2021 20:30:13 +0000 (20:30 +0000)]
Pull request #3209: Javascript de-aliasing
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_norm_dealias to master
Squashed commit of the following:
commit
5e04885d2ea2c5a56a9c4c501070ff5abfcde21d
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed Nov 17 18:39:08 2021 +0200
http_inspect: add JavaScript builtin de-aliasing
Bhargava Jandhyala (bjandhya) [Mon, 13 Dec 2021 11:32:18 +0000 (11:32 +0000)]
Pull request #3213: file_api: Handling file_data
Merge in SNORT/snort3 from ~VKAMBALA/snort3:user_file_data to master
Squashed commit of the following:
commit
c3eed73709c95f65054f1643ee2e0455e8d5717a
Author: krishnakanth <vkambala@cisco.com>
Date: Fri Dec 10 17:36:29 2021 +0530
file_api: Handling file_data
Tom Peters (thopeter) [Fri, 10 Dec 2021 22:22:08 +0000 (22:22 +0000)]
Pull request #3198: BUG #715019: Hitting assert - HttpMsgBody::clean_partial
Merge in SNORT/snort3 from ~MDAGON/snort3:fix_assert to master
Squashed commit of the following:
commit
9ef0fdf7550edbd6c328438681abba6efab59ec7
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Nov 30 15:55:31 2021 -0500
http_inspect: use correct detect_length for partial inspection cleanup
Tom Peters (thopeter) [Fri, 10 Dec 2021 20:41:06 +0000 (20:41 +0000)]
Pull request #3208: http_inspect/http2_inspect: refuse midstream pickups
Merge in SNORT/snort3 from ~THOPETER/snort3:h2i22 to master
Squashed commit of the following:
commit
75298d3ab6f3e4b977a80b04a542899d64f3e6e7
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Nov 19 15:57:32 2021 -0500
http_inspect/http2_inspect: refuse midstream pickups
Tom Peters (thopeter) [Fri, 10 Dec 2021 18:28:17 +0000 (18:28 +0000)]
Pull request #3196: vlan: implement vlan encode function
Merge in SNORT/snort3 from ~SBAIGAL/snort3:vlan_encode to master
Squashed commit of the following:
commit
827bea7bfc67403762cec0424767d822f147419b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Dec 1 15:32:36 2021 -0500
vlan: implement vlan encode function
Pranav Bhalerao (prbhaler) [Fri, 10 Dec 2021 09:56:02 +0000 (09:56 +0000)]
Pull request #3201: mime: Adding the support for vba macro data extraction of MS office files transferred over mime protocols
Merge in SNORT/snort3 from ~AMARNAYA/snort3:mime_vba to master
Squashed commit of the following:
commit
d185bb6c0c8921949acb7137fc7f0a30a837d4f4
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Wed Dec 1 18:57:26 2021 +0000
mime: adding the support for vba macro data extraction of MS office files transferred over mime protocols
Masud Hasan (mashasan) [Thu, 9 Dec 2021 19:41:34 +0000 (19:41 +0000)]
Pull request #3173: loggers: Fixing truncated alert_syslog messages
Merge in SNORT/snort3 from ~ALLEWI/snort3:truncated_alert_syslog to master
Squashed commit of the following:
commit
92bbe04935c7fafa61d77c7f109d1e0dc0ff16f9
Author: allewi@cisco.com <allewi@cisco.com>
Date: Tue Nov 16 10:55:58 2021 -0500
loggers: Fixing truncated alert_syslog messages
Mike Stepanek (mstepane) [Wed, 8 Dec 2021 18:14:18 +0000 (18:14 +0000)]
Pull request #3200: utils: (js_tokenizer) fixup in states adjustment
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_states_adjustment_fix to master
Squashed commit of the following:
commit
05ac203e5388a0e4cae715cd0e25d6bb46dad66a
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Dec 6 11:35:37 2021 +0200
utils: fix state adjustment in JS Tokenizer
The state before EOF ought to be cleaned up during states adjustment.
Add test coverage.
Russ Combs (rucombs) [Wed, 8 Dec 2021 15:31:35 +0000 (15:31 +0000)]
Pull request #3197: daq: sort --daq-list output by module name
Merge in SNORT/snort3 from ~RUCOMBS/snort3:daq_list to master
Squashed commit of the following:
commit
713ac22525d91453869509423f5ae08fcea7d61d
Author: russ <rucombs@cisco.com>
Date: Fri Nov 26 09:15:32 2021 -0500
daq: sort --daq-list output by module name
Russ Combs (rucombs) [Tue, 7 Dec 2021 12:09:58 +0000 (12:09 +0000)]
Pull request #3202: cmake: fix CMP0115 Warning
Merge in SNORT/snort3 from ~SHASLAD/snort3:fix_CMP0115 to master
Squashed commit of the following:
commit
4f33340e63579e2412b2dda17c294d9fcbbdff46
Author: Shashi Lad <shaslad@cisco.com>
Date: Mon Dec 6 20:57:13 2021 -0500
cmake: fix CMP0115 Warning
Russ Combs (rucombs) [Mon, 6 Dec 2021 12:01:04 +0000 (12:01 +0000)]
Pull request #3195: Suppressions
Merge in SNORT/snort3 from ~RUCOMBS/snort3:suppressions to master
Squashed commit of the following:
commit
31b54def9246a74832e9738c959dfc0f9d0bb5c2
Author: russ <rucombs@cisco.com>
Date: Thu Dec 2 10:14:27 2021 -0500
build: clean up some cppcheck style issues
commit
b1b17796b9f24c5666af92f2f6939da9decd5020
Author: russ <rucombs@cisco.com>
Date: Wed Dec 1 09:45:46 2021 -0500
build: add cppcheck suppressions for unusedFunctions
Start migrating suppressions from an external file to source comments.
Only functions that are actually called (and reported as covered) are
candidates for suppression. In this case, we have Lua FFI and STL
overrides.
Mike Stepanek (mstepane) [Fri, 3 Dec 2021 14:06:32 +0000 (14:06 +0000)]
Pull request #3199: Compilation fix with GCC5
Merge in SNORT/snort3 from ~OSERHIIE/snort3:gcc5_compile_fix to master
Squashed commit of the following:
commit
d1b153c75fe8ca2de7d86f8078c482b23af5fa00
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Dec 3 02:46:58 2021 -0500
utils: (JSTokenizer) fix braces initialization compilation error (gcc5)
Masud Hasan (mashasan) [Thu, 2 Dec 2021 19:25:39 +0000 (19:25 +0000)]
Pull request #3179: Stream splitter c
Merge in SNORT/snort3 from ~SMINUT/snort3:stream_splitter_c to master
Squashed commit of the following:
commit
2b537e6d3946a89abf9287644d1fb834bff8c4cc
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Nov 19 14:40:53 2021 -0500
stream: add PKT_MORE_TO_FLUSH flag and use it in TcpReassembler::scan_data_post_ack() to signal AtomSplitter whether to flush or not
commit
59c24cb2b51268496d5818d4ab27e2929503e6b9
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Nov 15 14:37:59 2021 -0500
rpc: remove RpcSplitter altogether and use LogSplitter instead
commit
b46a53d6200460ee1de5bd2f7531b729fce63fc6
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Nov 5 09:21:33 2021 -0400
stream: fix issue with atom splitter not returning FLUSH
commit
057931ddd0a9a85d4f8316cdb843113e82031774
Author: russ <rucombs@cisco.com>
Date: Mon Oct 25 08:48:42 2021 -0400
stream_tcp: remove unnecessary special adjustment methods
Lokesh Bevinamarad (lbevinam) [Thu, 2 Dec 2021 14:08:26 +0000 (14:08 +0000)]
Pull request #3159: dce_smb: Added new smb counters
Merge in SNORT/snort3 from ~BSACHDEV/snort3:telemetry_stats to master
Squashed commit of the following:
commit
c6103f3edb46ae51386a067aaf3261ebc826bead
Author: bsachdev <bsachdev@cisco.com>
Date: Fri Aug 27 11:16:42 2021 -0400
dce_smb: Added new smb counters
Signed-off-by: bsachdev <bsachdev@cisco.com>
Bhargava Jandhyala (bjandhya) [Thu, 2 Dec 2021 07:16:40 +0000 (07:16 +0000)]
Pull request #3193: file_api: Added null check for user file data
Merge in SNORT/snort3 from ~BSACHDEV/snort3:file_changes to master
Squashed commit of the following:
commit
34a2a0a7f372e3614024a8dddad9b58d7c46c99d
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Dec 1 12:10:02 2021 -0500
file_api: Added null check for user file data
Signed-off-by: bsachdev <bsachdev@cisco.com>
Shravan Rangarajuvenkata (shrarang) [Wed, 1 Dec 2021 17:10:02 +0000 (17:10 +0000)]
Pull request #3192: build: generate and tag 3.1.18.0
Merge in SNORT/snort3 from ~SHRARANG/snort3:build_3.1.18.0 to master
Squashed commit of the following:
commit
a1f754fcf71262366edc5fedcc5eab0913c9eb9f
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Dec 1 10:27:51 2021 -0500
build: generate and tag 3.1.18.0
Russ Combs (rucombs) [Wed, 1 Dec 2021 00:51:04 +0000 (00:51 +0000)]
Pull request #3090: Memory Update
Merge in SNORT/snort3 from ~RUCOMBS/snort3:memory_update to master
Squashed commit of the following:
commit
e73251f15db58127483e40965607a4e6979c762b
Author: russ <rucombs@cisco.com>
Date: Wed Oct 27 12:11:15 2021 -0400
framework: update base API version to 11
commit
062ffceeb9c4a07e489d27df0441dafa902d5264
Author: russ <rucombs@cisco.com>
Date: Mon Oct 25 10:02:43 2021 -0400
dev_notes.txt: fix miscellaneous typos
commit
8b260d2acd412de1c8ab81425d92d28a5a299295
Author: russ <rucombs@cisco.com>
Date: Fri Sep 24 16:01:14 2021 -0400
perf_monitor: allow constraint seconds = 0
commit
28f796f0bfa37c1f7615fcec1f7b9e7ba160afc2
Author: russ <rucombs@cisco.com>
Date: Wed Sep 15 15:51:39 2021 -0400
doc: remove mention of Automake
commit
400f023d9b32f41da626e8395e04fd3f84b12b0a
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 15:38:31 2021 -0400
hyperscan: disable bogus unit test leak warnings
commit
12d481d4fffa17863cf71062ada9c48a3ced20d1
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 15:37:58 2021 -0400
memory: update dev notes
commit
681bc7b114ca8f43b40f3fc80f765fb7d099aacc
Author: russ <rucombs@cisco.com>
Date: Tue Sep 28 13:16:36 2021 -0400
memory: add max rss to verbose memory output
commit
6f84a31028243b06dcfbefc0bfa1148874ae5045
Author: russ <rucombs@cisco.com>
Date: Sun Sep 26 09:02:21 2021 -0400
memory: add support for jemalloc
commit
56dec3b93254e6e2d9418f9ee289679cf7c099f7
Author: russ <rucombs@cisco.com>
Date: Fri Jul 16 09:29:57 2021 -0400
memory: refactoring
commit
e6831dcfd9c3ad5f84263e5e0a2880e2c700b3ee
Author: russ <rucombs@cisco.com>
Date: Wed Sep 15 10:15:13 2021 -0400
memory: remove explicit allocation tracking
commit
368f41fcf637f6cd1a6802ea98986c1d8b78d467
Author: russ <rucombs@cisco.com>
Date: Thu Jul 8 15:00:38 2021 -0400
memory: fix accounting issues
1. Ensure that all memory stats are accumulated last so stats are not
skewed by later accumulations.
2. Delete the start up swappers in the main thread so packet allocation
tracking is consistent.
commit
371947cc47592f616705c868c33d3f4b4606c35c
Author: russ <rucombs@cisco.com>
Date: Thu Jul 8 15:00:15 2021 -0400
memory: refactor pruning and update unit tests
commit
b69c623ea64629f61f3e656b1d37f400546b5a4d
Author: russ <rucombs@cisco.com>
Date: Wed Jul 7 15:42:54 2021 -0400
memory: free space per DAQ message, not per allocation
commit
afe9ae7cb5cfd16fcf5ad16293655a8d895615bc
Author: russ <rucombs@cisco.com>
Date: Wed Jul 7 11:53:47 2021 -0400
memory: move mem_stats to MemoryCap
commit
074a491ea51029fef7d613ff7170b1318836437a
Author: russ <rucombs@cisco.com>
Date: Tue Jul 6 23:31:07 2021 -0400
build: update configure options
Replace --disable-memory-manager with --enable-memory-overloads.
Add --enable-memory-profiler to track memory use by modules.
Add --enable-rule-profiler to profile rule option as with other modules.
Add --enable-deep-profiling for multi-level profile buckets.
commit
06d367bc9dabbd25eb8a9f1e060aaf91256adfd6
Author: russ <rucombs@cisco.com>
Date: Wed Sep 15 10:02:41 2021 -0400
memory: add original overload manager
commit
327de6f23af8ada2786f9f286cee06528967e217
Author: russ <rucombs@cisco.com>
Date: Thu Jul 1 12:10:25 2021 -0400
memory: expand profile report field widths
Mike Stepanek (mstepane) [Tue, 30 Nov 2021 21:49:59 +0000 (21:49 +0000)]
Pull request #3163: JavaScript scope tracking
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_vars to master
Squashed commit of the following:
commit
7931ba587607cd89ae2efee2c53403d04ab21bef
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Nov 11 20:06:58 2021 +0200
doc: update user/http_inspect.txt with http_inspect.js_norm_max_scope_depth option description
commit
3d8c9c1e4a577196366a847998ef717b8db03fe9
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Nov 11 20:05:56 2021 +0200
doc: update builtin_subs.txt with EVENT_JS_SCOPE_NEST_OVERFLOW alert
commit
178e5b656222c0f3e72589344950cc4886a130d3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Nov 11 20:04:27 2021 +0200
http_inspect: update dev_notes.txt
commit
0d103f24002233f51c4aa9cbba18a1b0b5483509
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Oct 25 11:43:25 2021 +0300
utils: (JSNormalizer) add program scope tracking and alias resolution
Add JavaScript program scope tracking. The scope term includes all JavaScript
program scope types: GLOBAL, FUNCTION, BLOCK, OBJECT. Every scope is represented
by a separate object on a stack with its own identifiers mapping hash table,
connected together in a list.
Add variable definition type identification.
Add support for alias names resolution with respect to the current program scope.
Add trace messages for scope tracking
Add two config options:
http_inspect.js_norm_max_bracket_depth - bracket scope nesting limit
http_inspect.js_norm_max_scope_depth - program scope nesting limit
Add two built-in alerts:
119:271 - bracket nesting overflow
119:274 - scope nesting overflow
Add unit tests coverage:
scope tracking
alias resolution
split over multiple PDUs
error handling
commit
aef1de2489928f47af8c4345d745378c340ed8f1
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Nov 8 11:19:36 2021 +0200
utils: (JSNormalizer) rework the split over multiple chunks behavior
Avoid normalization of the input bytes that were already normalized
Update unit test cases due to rework in the split over chunks behavior
Add unit tests coverage for combined output after several normalizations
Russ Combs (rucombs) [Tue, 30 Nov 2021 21:39:53 +0000 (21:39 +0000)]
Pull request #3142: framework: add a traffic policy and data bus to the network policy to be able to support multiple tenants and add a selector inspector to select a config file for each tenant
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:tenant to master
Squashed commit of the following:
commit
c998980c574e3da4fd7fafc79e03fbb538a18a2a
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Nov 4 17:34:54 2021 -0400
framework: add support for multiple tenant
Add a traffic policy and data bus to the network policy to be able to support
multiple tenants and add a selector inspector to select a config file for each
tenant.
Tom Peters (thopeter) [Tue, 30 Nov 2021 17:29:53 +0000 (17:29 +0000)]
Pull request #3176: US 684353: http_inspect: number of header lines rule option
Merge in SNORT/snort3 from ~MDAGON/snort3:hdrs_num2 to master
Squashed commit of the following:
commit
6e4ab5896b6911913dfff1a681516f90938f5326
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Aug 3 15:55:26 2021 -0400
http_inspect: new rule options num_headers, num_trailers
Mike Stepanek (mstepane) [Mon, 29 Nov 2021 12:43:04 +0000 (12:43 +0000)]
Pull request #3188: Fix Debian10.32 unit tests.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_32 to master
Squashed commit of the following:
commit
4e2e3de3c279ddc44460fab87adb0f1f2812ccf9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Nov 25 09:47:03 2021 +0200
helpers: fix stream unit test on 32 bit platforms
Pranav Bhalerao (prbhaler) [Fri, 26 Nov 2021 05:05:44 +0000 (05:05 +0000)]
Pull request #3187: vba: Fixing buffer overflow in ole parser
Merge in SNORT/snort3 from ~VIGNVISW/snort3:vba_bufoverflow to master
Squashed commit of the following:
commit
b39fed887c6aed62fbf47a42a77b2b1501340e89
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Wed Nov 24 02:23:41 2021 -0500
vba: Fixing buffer overflow in ole parser
Pranav Bhalerao (prbhaler) [Fri, 26 Nov 2021 05:03:08 +0000 (05:03 +0000)]
Pull request #3181: ips_options: creating LiteralSearch object for vba decompression at the time of snort initialization
Merge in SNORT/snort3 from ~AMARNAYA/snort3:fix_searcher to master
Squashed commit of the following:
commit
20191e9a84c6b1b73d0a589f54c7aab53fb94d91
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Nov 23 08:02:30 2021 +0000
ips_options: creating LiteralSearch object for vba decompression at the time of snort initialization
Mike Stepanek (mstepane) [Thu, 25 Nov 2021 04:11:36 +0000 (04:11 +0000)]
Pull request #3185: wizard: change default value of max_search_depth from 64 to 8192
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_new_default_value to master
Squashed commit of the following:
commit
a40490adbbe9ae7126581f9ea53ccfe633d517b0
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Fri Oct 29 18:52:20 2021 +0300
wizard: change default value of max_search_depth from 64 to 8192
Ron Dempster (rdempste) [Wed, 24 Nov 2021 21:19:00 +0000 (21:19 +0000)]
Pull request #3183: file_api: file_data changes
Merge in SNORT/snort3 from ~VKAMBALA/snort3:file_info to master
Squashed commit of the following:
commit
d8e4a5692a09e7394f410060dfb8017564421cac
Author: krishnakanth <vkambala@cisco.com>
Date: Tue Nov 16 04:53:00 2021 -0500
file_api: file_data changes
Tom Peters (thopeter) [Wed, 24 Nov 2021 19:46:34 +0000 (19:46 +0000)]
Pull request #3186: BUG #713275: Asserting in Http2StreamSplitter with live http2 traffic
Merge in SNORT/snort3 from ~MDAGON/snort3:discard_padding to master
Squashed commit of the following:
commit
a1630ebd88c1a1e7e3cb8430af2891ac6f8621a5
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 22 17:02:13 2021 -0500
http2_inspect: discard with padding
Russ Combs (rucombs) [Wed, 24 Nov 2021 17:42:22 +0000 (17:42 +0000)]
Pull request #3182: doc: updated module usage and inspector types in the dev guide
Merge in SNORT/snort3 from ~RUCOMBS/snort3:doc_devel to master
Squashed commit of the following:
commit
23d309942fa1c44dffeed965b4ffa4fee4c15e3d
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Nov 23 16:09:34 2021 -0500
doc: updated module usage and inspector types in the dev guide
Russ Combs (rucombs) [Wed, 24 Nov 2021 16:26:05 +0000 (16:26 +0000)]
Pull request #3184: stream_tcp: delete unused unit test cruft
Merge in SNORT/snort3 from ~RUCOMBS/snort3:dead_code_2 to master
Squashed commit of the following:
commit
c62e9004b421bb8e9d9745441be754fa2a0df722
Author: russ <rucombs@cisco.com>
Date: Wed Nov 24 08:22:15 2021 -0500
stream_tcp: delete unused unit test cruft
Russ Combs (rucombs) [Wed, 24 Nov 2021 16:21:01 +0000 (16:21 +0000)]
Pull request #3175: Wizard Updates for Talos
Merge in SNORT/snort3 from ~RUCOMBS/snort3:ff_ff to master
Squashed commit of the following:
commit
472d7f7b3c90c3229ee7f9ef1a4750e1bd26ae06
Author: russ <rucombs@cisco.com>
Date: Sun Nov 21 08:05:51 2021 -0500
wizard: add patterns to match unknown HTTP and SIP methods
commit
494a587f21fcfbceb8b95bb859082dad8290013e
Author: russ <rucombs@cisco.com>
Date: Fri Nov 19 11:07:32 2021 -0500
wizard: remove telnet IAC pattern
Mike Stepanek (mstepane) [Wed, 24 Nov 2021 12:59:44 +0000 (12:59 +0000)]
Pull request #3178: Value::get_long(), replacing with platform-independent type
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_32_64 to master
Squashed commit of the following:
commit
5faafb2d57279064269cb3a58d1b136fd3742d44
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 19 16:12:50 2021 +0200
framework: replace Value::get_long() with a platform-independent type
Russ Combs (rucombs) [Tue, 23 Nov 2021 21:34:24 +0000 (21:34 +0000)]
Pull request #3160: Dead code
Merge in SNORT/snort3 from ~RUCOMBS/snort3:dead_code to master
Squashed commit of the following:
commit
4822f91965a6219c28d2786d02a1d302a23cd2db
Author: russ <rucombs@cisco.com>
Date: Wed Nov 10 09:00:16 2021 -0500
utils: reduce flex generation of unused js normalizer code
commit
be2f17d4a46e4461094d7bf1a4c6ace4aad49471
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 22:51:29 2021 -0500
appid: exclude stubs from coverage
commit
787e0ab1671fc9c3f7aebf6f022731acdcd5e43f
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 16:00:05 2021 -0500
stream_user: refactor, remove cruft
commit
87c9afe6b700e32ffdb11a3f14d7e716cefe76d1
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 12:47:58 2021 -0500
rna: refactor unit test stubs
commit
7b18a15516928e54df078a95e23d2c728d23519e
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 12:44:47 2021 -0500
search_engines: remove unused test code
commit
6428b1fe7286fafd5b263fd26cc93714687cad3c
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 15:20:25 2021 -0500
reputation: remove unused sfrt code
commit
192adfc363122d0e192bb4c931521542829b5035
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 14:07:55 2021 -0500
piglets: refactor support code
commit
c75c67c9979d58f32101aa041fbc2212e4a9429d
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 13:36:14 2021 -0500
alert_sf_socket: remove obselete logger
commit
c8681a19ffd3c9184d7670a19f3ad7be55255f70
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 11:57:24 2021 -0500
build: remove config.h from headers
commit
5b102d96778edb30a10767f6d9e07d0fc859352a
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 07:05:33 2021 -0500
unified2: remove cruft
commit
a42e9e174445af49633dcbcfec39cef73a53f7d2
Author: russ <rucombs@cisco.com>
Date: Sun Nov 7 05:47:39 2021 -0500
stream_tcp: remove unused unit test code
commit
bb40e0e171418955f025d1db6485f1e08a6dc9c2
Author: russ <rucombs@cisco.com>
Date: Fri Nov 5 15:24:11 2021 -0400
build: remove unreachable code
Mike Stepanek (mstepane) [Tue, 23 Nov 2021 19:10:01 +0000 (19:10 +0000)]
Pull request #3174: Switch FlexLexer to batch mode.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:flex_batch to master
Squashed commit of the following:
commit
4cb787d5a367bb775fee452a828d8cfc67c78b43
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 12 15:59:53 2021 +0200
utils: do output adjustment in case of carryover
commit
facc72c26fd8d001effa2970579eee9c5705dd23
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Oct 11 17:13:06 2021 +0300
utils: enable batch mode for Flex
New options engaged: -Caf -8 'batch' 'never-interactive'
Pranav Bhalerao (prbhaler) [Tue, 23 Nov 2021 03:05:49 +0000 (03:05 +0000)]
Pull request #3170: http_inspect: Storing ole data in msg_body
Merge in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_CSCwa20585 to master
Squashed commit of the following:
commit
d87b2ece8def9c857d29df967934418cda85b897
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Wed Nov 17 04:47:56 2021 -0500
http_inspect: Storing ole data in msg_body
Mike Stepanek (mstepane) [Mon, 22 Nov 2021 14:38:54 +0000 (14:38 +0000)]
Pull request #3177: Crunch warning.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:warning_fix to master
Squashed commit of the following:
commit
cd5723264c63ca00476d258ec6f4ab9aa25b4750
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Nov 22 14:11:02 2021 +0200
utils: pass an address into memset instead of object
Tom Peters (thopeter) [Fri, 19 Nov 2021 20:13:10 +0000 (20:13 +0000)]
Pull request #3167: Fixes for abort issues
Merge in SNORT/snort3 from ~KATHARVE/snort3:abort_issues to master
Squashed commit of the following:
commit
3a43d1e4887d820be2886edaa3185a5c8975fa5d
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 15 11:32:41 2021 -0500
http_inspect: update comments for asserts in eval and clear
commit
3ccf3b7e0f9c4b453f56015b52aeb16c1ed747c0
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 15 11:27:37 2021 -0500
stream_tcp: only fallback if stream splitter aborted and don't keep processing fragments after MagicSplitter returned STOP
commit
6731a11f9bf7b5de9c5e348d0f1311dd6a376ba9
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 27 20:05:38 2021 -0400
framework: don't call a gadget's eval() or clear() after its stream splitter aborted
commit
3c60508fca0b13f14f55632b35d1ca84ea134e57
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 15 11:22:41 2021 -0500
http_inspect: fix total_bytes peg count
Mike Stepanek (mstepane) [Fri, 19 Nov 2021 14:02:33 +0000 (14:02 +0000)]
Pull request #3169: Reset Normalizer's context when new script starts
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_buffers_fix to master
Squashed commit of the following:
commit
bdee3121765f854f41e2a46b9a2a557408314fab
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 16 11:18:33 2021 +0200
utils: reset Normalizer context when new script starts
Since Normalizer context are no longer recreated for each new script started,
a method to reset internal state was added.
If a script continues in the next chunk, then context is not reset,
but is being prepared to process the new chunk as a continuation.
Russ Combs (rucombs) [Thu, 18 Nov 2021 15:09:18 +0000 (15:09 +0000)]
Pull request #3168: catch: update catch to v2.13.7
Merge in SNORT/snort3 from ~SHASLAD/snort3:catch_update to master
Squashed commit of the following:
commit
37e358c3aa01e8b260f0fc56e3d03e01e18d3eb3
Author: Shashi Lad <shaslad@cisco.com>
Date: Mon Nov 15 14:42:09 2021 -0500
catch: update catch to v2.13.7
Mike Stepanek (mstepane) [Wed, 17 Nov 2021 21:15:17 +0000 (21:15 +0000)]
Pull request #3144: doc: update wizard's information
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_testing to master
Squashed commit of the following:
commit
4465a1347f1ec17336c5751f111d6fe87f7df3c9
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Tue Nov 2 16:24:30 2021 +0200
doc: update wizard documentation
Steve Chew (stechew) [Wed, 17 Nov 2021 19:52:12 +0000 (19:52 +0000)]
Pull request #3171: build: generate and tag 3.1.17.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.17.0 to master
Squashed commit of the following:
commit
86b337f041adc1b307500a992316b46acf93539b
Author: Steve Chew <stechew@cisco.com>
Date: Wed Nov 17 13:28:17 2021 -0500
build: generate and tag 3.1.17.0
Russ Combs (rucombs) [Tue, 16 Nov 2021 00:46:54 +0000 (00:46 +0000)]
Pull request #3165: detection: ensure PDUs indicate parent when available
Merge in SNORT/snort3 from ~RUCOMBS/snort3:packet_parent to master
Squashed commit of the following:
commit
75d45c3311339e0550b5262bf907ccecf4c3f2f4
Author: russ <rucombs@cisco.com>
Date: Sun Nov 14 07:36:43 2021 -0500
detection: ensure PDUs indicate parent when available
Pranav Bhalerao (prbhaler) [Fri, 12 Nov 2021 08:45:19 +0000 (08:45 +0000)]
Pull request #3162: ips_option: Enabling trace for vba_data options and fixing memory leak while extracting vba_data
Merge in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_CSCwa12304 to master
Squashed commit of the following:
commit
4dce4794eea4a63b0fe8c77907d24aaed3e198d3
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Thu Nov 11 03:04:44 2021 -0500
ips_option: Enabling trace for vba_data options and fixing memory leak while extracting vba_data
Tom Peters (thopeter) [Thu, 11 Nov 2021 00:22:05 +0000 (00:22 +0000)]
Pull request #3161: dnp3: update builtin rule description
Merge in SNORT/snort3 from ~SBAIGAL/snort3:dnp3_text to master
Squashed commit of the following:
commit
4b6692d19bbdcf905073b2103b6c060a5e0a773b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Nov 10 13:26:06 2021 -0500
dnp3: update builtin rule description
Tom Peters (thopeter) [Wed, 10 Nov 2021 21:26:33 +0000 (21:26 +0000)]
Pull request #3148: doc: update builtin alerts description for portscan
Merge in SNORT/snort3 from ~SBAIGAL/snort3:doc_ps to master
Squashed commit of the following:
commit
f50e6d859449137debf8152c986516a1d8b1aa4d
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Nov 5 15:50:02 2021 -0400
doc: update builtin alerts description for portscan
Tom Peters (thopeter) [Wed, 10 Nov 2021 21:09:06 +0000 (21:09 +0000)]
Pull request #3150: doc: update builtin rule documentation for http_inspect
Merge in SNORT/snort3 from ~KATHARVE/snort3:builtin_doc to master
Squashed commit of the following:
commit
834350f442dda769a1a9bfab87945624f1b3b0a2
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Nov 5 11:17:07 2021 -0400
doc: update builtin rule documentation for http_inspect
Tom Peters (thopeter) [Wed, 10 Nov 2021 20:50:53 +0000 (20:50 +0000)]
Pull request #3157: US 708162: Timebox: Built-in rule documentation - back orifice
Merge in SNORT/snort3 from ~MDAGON/snort3:bo_doc to master
Squashed commit of the following:
commit
3fb00bd44ee93c4bf67a99d7a01e82ae00687432
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 8 17:01:17 2021 -0500
doc: back orifice builtin rules
Tom Peters (thopeter) [Wed, 10 Nov 2021 19:11:10 +0000 (19:11 +0000)]
Pull request #3139: BUG #705517 Http2HeadersFrame::clear is looking at server side stream state for push promise
Merge in SNORT/snort3 from ~MDAGON/snort3:push_promise2 to master
Squashed commit of the following:
commit
f57c8f53f1fdfef5a73320471b8ef4369fba6f70
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Oct 25 14:52:44 2021 -0400
http2_inspect: push promise error state check
Tom Peters (thopeter) [Wed, 10 Nov 2021 17:59:11 +0000 (17:59 +0000)]
Pull request #3127: BUG #704687: Hitting assert while processing partial trailer truncated immediately after the frame header
Merge in SNORT/snort3 from ~MDAGON/snort3:trailer to master
Squashed commit of the following:
commit
b5b4daddd2f0f0fcc5b7841aa27fca2b49a94aa1
Author: Maya Dagon <mdagon@cisco.com>
Date: Wed Oct 20 16:46:41 2021 -0400
http2_inspect: truncated trailers without frame data
Tom Peters (thopeter) [Wed, 10 Nov 2021 17:21:38 +0000 (17:21 +0000)]
Pull request #3155: doc: update builtin alerts description for dnp3
Merge in SNORT/snort3 from ~SBAIGAL/snort3:doc_dnp3 to master
Squashed commit of the following:
commit
961b0103065d94673d7c4ca38461996c51c6daa4
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Nov 8 17:20:24 2021 -0500
doc: update builtin alerts description for dnp3
Mike Stepanek (mstepane) [Wed, 10 Nov 2021 15:03:43 +0000 (15:03 +0000)]
Pull request #3152: Dynamic buffer for trace internal data.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:trace_buffer to master
Squashed commit of the following:
commit
4d5bebcb0fa5835d931bca3ec994f2c71029b20b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 5 22:20:04 2021 +0200
main: use dynamic buffer on demand in trace print functions
Pranav Bhalerao (prbhaler) [Wed, 10 Nov 2021 02:41:50 +0000 (02:41 +0000)]
Pull request #3156: doc: updated builtin rules documentation for ssh.
Merge in SNORT/snort3 from ~PRBHALER/snort3:ssh_doc to master
Squashed commit of the following:
commit
988ed22936d24059f72d801c6a7dd026fa339eb4
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Tue Nov 9 13:47:50 2021 +0530
doc: updated builtin rules documentation for ssh.
Tom Peters (thopeter) [Tue, 9 Nov 2021 22:37:45 +0000 (22:37 +0000)]
Pull request #3158: doc: update builtin alerts description for modbus, HTTP/2
Merge in SNORT/snort3 from ~MDAGON/snort3:http2_modbus_doc to master
Squashed commit of the following:
commit
ba26a40fba66819c257ea4e8ed318ef0b9d320e4
Author: Maya Dagon <mdagon@cisco.com>
Date: Wed Nov 3 15:34:48 2021 -0400
doc: update builtin alerts description for modbus, HTTP/2
Tom Peters (thopeter) [Tue, 9 Nov 2021 22:35:48 +0000 (22:35 +0000)]
Pull request #3154: US 708162: Timebox: Built-in rule documentation - arp_spoof
Merge in SNORT/snort3 from ~MDAGON/snort3:arp_builtins to master
Squashed commit of the following:
commit
d30a49cf87f55af799a2bf8a0bf6003cf0df38e0
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 8 14:19:07 2021 -0500
doc: arp_spoof builtins
Lokesh Bevinamarad (lbevinam) [Tue, 9 Nov 2021 09:38:27 +0000 (09:38 +0000)]
Pull request #3153: doc: spell correction
Merge in SNORT/snort3 from ~SMULKA/snort3:doc to master
Squashed commit of the following:
commit
c4053513cbeeb4d122cee27f54b11a5b948f14a2
Author: smulka <smulka@cisco.com>
Date: Mon Nov 8 13:47:47 2021 -0500
doc: spell correction
Lokesh Bevinamarad (lbevinam) [Mon, 8 Nov 2021 06:42:16 +0000 (06:42 +0000)]
Pull request #3137: doc: update builtin rules documentation for dce_smb, dce_tcp, dce_udp, rpc_decode
Merge in SNORT/snort3 from ~SMULKA/snort3:doc to master
Squashed commit of the following:
commit
641343a5a13fb2ea4df60bbfe1d09c36bcb7509d
Author: smulka <smulka@cisco.com>
Date: Sun Oct 24 16:48:03 2021 -0400
doc: update builtin rules documentation for dce_smb, dce_tcp, dce_udp, rpc_decode
Steve Chew (stechew) [Fri, 5 Nov 2021 21:47:40 +0000 (21:47 +0000)]
Pull request #3149: u2spewfoo: Fixed incorrect usage line.
Merge in SNORT/snort3 from ~STECHEW/snort3:u2spewfoo_usage to master
Squashed commit of the following:
commit
a8e194062b59b69749f1a9d38fd60fd8a3a52bf2
Author: Steve Chew <stechew@cisco.com>
Date: Fri Nov 5 16:11:14 2021 -0400
u2spewfoo: Fixed incorrect usage line.
Tom Peters (thopeter) [Fri, 5 Nov 2021 19:38:52 +0000 (19:38 +0000)]
Pull request #3138: Hpack refactor2
Merge in SNORT/snort3 from ~KATHARVE/snort3:hpack-refactor2 to master
Squashed commit of the following:
commit
3649ca44dbce29d22cbd296556816658d4f00b25
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Oct 28 16:59:41 2021 -0400
http2_inspect: http1_header buffer always created immediately after decode_headers
Shravan Rangarajuvenkata (shrarang) [Fri, 5 Nov 2021 18:29:18 +0000 (18:29 +0000)]
Pull request #3147: appid: restore the log of reload detectors complete message
Merge in SNORT/snort3 from ~SBAIGAL/snort3:reload_log_patch to master
Squashed commit of the following:
commit
ef7e572e265cff4af2a4375c5d469ea6016c455b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Nov 5 10:34:49 2021 -0400
appid: restore the log of reload detectors complete message
Tom Peters (thopeter) [Thu, 4 Nov 2021 16:40:25 +0000 (16:40 +0000)]
Pull request #3145: http2_inspect: hardening
Merge in SNORT/snort3 from ~THOPETER/snort3:h2i20 to master
Squashed commit of the following:
commit
a271d65b5f0146e0101b6aac999ae890dcc29235
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Oct 19 18:44:34 2021 -0400
http2_inspect: hardening
Russ Combs (rucombs) [Wed, 3 Nov 2021 16:37:59 +0000 (16:37 +0000)]
Pull request #3141: detection: add allow_missing_so_rules
Merge in SNORT/snort3 from ~RUCOMBS/snort3:allow_missing_so_rules to master
Squashed commit of the following:
commit
2ad1178e988cef483957cc27644ec6e7f70a1253
Author: russ <rucombs@cisco.com>
Date: Wed Nov 3 10:14:11 2021 -0400
build: remove HAVE_HYPERSCAN conditional from installed header
Installed headers can't have conditional struct members since plugins
don't have config.h. In this case the hyperscan-related variables are
now always present.
commit
4d5aa95485dfd13ebad9cec518b92dfedf0b89dd
Author: russ <rucombs@cisco.com>
Date: Thu Oct 28 09:39:33 2021 -0400
detection: add allow_missing_so_rules
By default, missing SO rules cause an error. Set this to true to report
warnings instead. This is helpful when your rule package is out of date.
This should not be enabled in a production environment.
Mike Stepanek (mstepane) [Wed, 3 Nov 2021 13:54:40 +0000 (13:54 +0000)]
Pull request #3143: build: generate and tag 3.1.16.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.16.0 to master
Squashed commit of the following:
commit
bd3e6adee22d5c51855b2964f8b039217cd92efe
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Nov 3 07:36:43 2021 -0400
build: generate and tag 3.1.16.0
Steve Chew (stechew) [Wed, 3 Nov 2021 12:51:59 +0000 (12:51 +0000)]
Pull request #3115: doc: updated remaininig builtin rules documentation
Merge in SNORT/snort3 from ~ALLEWI/snort3:doc_builtin_updates_2 to master
Squashed commit of the following:
commit
c5c86e773cb9f6cb9f33aeb31f8475c7d3e51963
Author: alewis (allewi) <allewi@cisco.com>
Date: Mon Oct 18 21:49:19 2021 -0400
doc: updated remaininig builtin rules documentation
Mike Stepanek (mstepane) [Tue, 2 Nov 2021 19:41:32 +0000 (19:41 +0000)]
Pull request #3129: Handling of PDUs disorder for inline/external JavaScript normalization
Merge in SNORT/snort3 from ~SVLASIUK/snort3:js_pdu_disorder to master
Squashed commit of the following:
commit
529713b1874e9c23516290dae9b3ed80a80276c9
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Fri Oct 22 17:06:50 2021 +0300
http_inspect: handle PDUs disorder for inline/external JavaScript normalization
Tom Peters (thopeter) [Tue, 2 Nov 2021 17:21:33 +0000 (17:21 +0000)]
Pull request #3130: ssl: disable inspection on alert only at fatal level
Merge in SNORT/snort3 from ~SBAIGAL/snort3:ssl_alert_fix to master
Squashed commit of the following:
commit
fc567298456a798da12318c18c78c35f69cf868e
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Oct 25 09:44:11 2021 -0400
ssl: disable inspection on alert only at fatal level
remove SO_PUBLIC from SSL_decode, since it is only called from inside snort
Mike Stepanek (mstepane) [Tue, 2 Nov 2021 14:12:46 +0000 (14:12 +0000)]
Pull request #3128: JS Normalization: single pass processing
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:spp to master
Squashed commit of the following:
commit
f09974f5dca6d48223f441e61ccd1b7676fd64e2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Oct 22 15:55:56 2021 +0300
utils: correct Normalizer's output upon the next scan
The output stream buffer was updated with a special-case code to speed up
getting the output size.
commit
0f66f7491fcd07c44934a4a473d26354dd39a859
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Oct 18 16:23:35 2021 +0300
http_inspect: eliminate cumulative js data processing
Input data is fed by portions (script_detection, chunked HTTP) to JSNormalizer.
Output data is accumulated in output stream buffer, which resides in
JSNormalizer context. Accumulated output data is deleted at the end of PDU.
commit
7fe0cc81badb99a2a732c74cddc1aa042e40cbd2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Oct 15 16:50:09 2021 +0300
utils: add get methods to peek in internal buffer
Tom Peters (thopeter) [Fri, 29 Oct 2021 19:33:28 +0000 (19:33 +0000)]
Merge pull request #3135 in SNORT/snort3 from ~KATHARVE/snort3:hpack-refactor to master
Squashed commit of the following:
commit
c6891e039474b8ce2b2c0f318fe2dd053bac550b
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 27 10:41:52 2021 -0400
http2_inspect: refactor decoded_headers_buffer for hpack decoding
Tom Peters (thopeter) [Fri, 29 Oct 2021 18:25:31 +0000 (18:25 +0000)]
Merge pull request #3133 in SNORT/snort3 from ~KATHARVE/snort3:http_zip_decomp to master
Squashed commit of the following:
commit
eb7b2596fc637c46f2bcda85c222818cf47bed44
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Oct 22 11:03:25 2021 -0400
http_inspect: file decompression improvements
Mike Stepanek (mstepane) [Fri, 29 Oct 2021 17:42:37 +0000 (17:42 +0000)]
Merge pull request #3140 in SNORT/snort3 from ~VHORBATO/snort3:fix_wempty-body_master to master
Squashed commit of the following:
commit
94e9caa22eb12303af0ee3de95370a43eeecea4b
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Oct 29 16:51:49 2021 +0300
flow: fix warning in flow_cache.cc
Mike Stepanek (mstepane) [Thu, 28 Oct 2021 23:26:22 +0000 (23:26 +0000)]
Merge pull request #3134 in SNORT/snort3 from ~VHORBATO/snort3:uni_list_fix to master
Squashed commit of the following:
commit
207aca5fe21b8c09ce9d0f5c0dfca3b571356e69
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Oct 26 09:37:55 2021 +0300
flow: use the same pkt_type to link and unlink unidirectional flows
Use Flow::key::pkt_type instead of Flow::pkt_type, which is set later and
might not be available at link_uni time.
Traces enabled for the 'stream' module.
Shanmugam S (shanms) [Thu, 28 Oct 2021 11:03:00 +0000 (11:03 +0000)]
Merge pull request #3132 in SNORT/snort3 from ~SHANMS/snort3:snort_docs to master
Squashed commit of the following:
commit
ad05b63adb63cba7d4451ebb8dd85268d854579d
Author: shanms <shanms@cisco.com>
Date: Wed Oct 27 07:28:01 2021 +0000
doc: updated builtin rules documentation for gtp module
Pranav Bhalerao (prbhaler) [Thu, 28 Oct 2021 10:41:14 +0000 (10:41 +0000)]
Merge pull request #3136 in SNORT/snort3 from ~PRBHALER/snort3:sip to master
Squashed commit of the following:
commit
6bd401c5853e4fbab89657ebd585b3eae74806de
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Wed Oct 27 17:26:38 2021 +0530
sip: track memory for sip sessions.
Pranav Bhalerao (prbhaler) [Wed, 27 Oct 2021 12:42:02 +0000 (12:42 +0000)]
Merge pull request #3120 in SNORT/snort3 from ~GSAMBYAL/snort3:SIP_rules to master
Squashed commit of the following:
commit
c98a183b9427e732a968cf7337f8ea5aec29d9ac
Author: garima sambyal <gsambyal@cisco.com>
Date: Wed Oct 20 03:48:53 2021 -0400
doc: SIP built-in rule documentation.
Steve Chew (stechew) [Wed, 27 Oct 2021 10:41:14 +0000 (10:41 +0000)]
Merge pull request #3101 in SNORT/snort3 from ~RAMANKS/snort3:geneve to master
Squashed commit of the following:
commit
4d417498e15e097d5f1b7cdcfe8dca253784a5f5
Author: Raman Krishnan <ramanks@cisco.com>
Date: Mon Oct 11 22:53:34 2021 -0700
codec: geneve: injected packets should have geneve port in outer udp header
Pranav Bhalerao (prbhaler) [Wed, 27 Oct 2021 10:11:38 +0000 (10:11 +0000)]
Merge pull request #3123 in SNORT/snort3 from ~KDEWANGA/snort3:snort3_builtinrules to master
Squashed commit of the following:
commit
e74ef4b2ed150f09990fd2d88d1746850a14b394
Author: kdewanga <kdewanga@cisco.com>
Date: Thu Oct 21 06:20:10 2021 +0000
doc: updated builtin rules documentation for dns module
Pranav Bhalerao (prbhaler) [Wed, 27 Oct 2021 06:56:08 +0000 (06:56 +0000)]
Merge pull request #3119 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_doc to master
Squashed commit of the following:
commit
28f58c1f68a57cc589cc1a8dd24d7d5e5fd45968
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Wed Oct 20 03:20:52 2021 -0400
doc: updated builtin rules documentation for ftp-telnet
Shravan Rangarajuvenkata (shrarang) [Wed, 27 Oct 2021 02:31:41 +0000 (02:31 +0000)]
Merge pull request #3131 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_init_mem_optimization to master
Squashed commit of the following:
commit
3463c2fe5d7af7e5b54790e31164c5ec834be778
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Oct 26 15:11:48 2021 -0400
appid: during initialization, skip loading of Lua detectors that don't have validate function
Shravan Rangarajuvenkata (shrarang) [Tue, 26 Oct 2021 18:40:33 +0000 (18:40 +0000)]
Merge pull request #3116 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_client_app_detect_types to master
Squashed commit of the following:
commit
f3a0f5e68a64507125b1acce375ebaf7c708c063
Author: cljudge <cljudge@cisco.com>
Date: Thu Oct 7 04:55:54 2021 -0400
appid: provide API to give client_app_detection_type
Tom Peters (thopeter) [Tue, 26 Oct 2021 17:19:13 +0000 (17:19 +0000)]
Merge pull request #3107 in SNORT/snort3 from ~SBAIGAL/snort3:reload_debug_logs to master
Squashed commit of the following:
commit
a3b8308a9465c46127a77588774e81fcc6eb6357
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Sep 24 16:11:09 2021 -0400
reload: add logs to track reload process
swapper: moved out reload progress flag to reload tracker
Russ Combs (rucombs) [Mon, 25 Oct 2021 22:48:35 +0000 (22:48 +0000)]
Merge pull request #3122 in SNORT/snort3 from ~RUCOMBS/snort3:hyper_serial to master
Squashed commit of the following:
commit
9daf5f9c73643d751835d24790aab34c9382f338
Author: russ <rucombs@cisco.com>
Date: Wed Oct 13 14:19:08 2021 -0400
detection: refactor mpse serialization
commit
5b0ab03288a64707313c5f3f4f1214df235556c1
Author: russ <rucombs@cisco.com>
Date: Wed Oct 13 10:19:58 2021 -0400
detection: rename PortGroup to the more apt RuleGroup (and related)
PortGroup is a legacy name that predates service. RuleGroups are a
collection of rules based on port (port, src|dst|any, #) or service
(service, c2s|s2c).
commit
47fa569f433c9c0ae034693c0caf76cfec65a89c
Author: russ <rucombs@cisco.com>
Date: Wed Oct 13 10:12:01 2021 -0400
detection: replace PortGroup::alloc/free with ctor/dtor
commit
412073be22c8d8da0f7b532351bb377465186aad
Author: russ <rucombs@cisco.com>
Date: Mon Oct 11 15:33:47 2021 -0400
search_engine: support port group serialization
commit
181e18b47f0a49a5a39dda02a44dc4f9702a3f97
Author: russ <rucombs@cisco.com>
Date: Mon Oct 11 09:43:20 2021 -0400
ips: correct fast pattern port group counts
commit
edbeadd92064f02a0f7690f14805cb037ecbd980
Author: russ <rucombs@cisco.com>
Date: Sun Oct 10 12:57:52 2021 -0400
mpse: add md5 check to deserialization
commit
2dc6cde03deddcf2af26626fee5075e957d06fa9
Author: russ <rucombs@cisco.com>
Date: Thu Oct 7 10:24:09 2021 -0400
hyperscan: sort patterns for dump / load stability
commit
8fcc0ac4b79fe51e8d2a76484dc05238069b331b
Author: russ <rucombs@cisco.com>
Date: Thu Oct 7 07:53:37 2021 -0400
search_engine: support hyperscan serialization
Dump hyperscan databases for service rule groups to the given directory
with --dump-rule-databases. They can be reloaded with
search_engine.rule_db_dir. This does not serialize port group databases.
Mike Stepanek (mstepane) [Mon, 25 Oct 2021 16:11:11 +0000 (16:11 +0000)]
Merge pull request #3079 in SNORT/snort3 from ~YVELYKOZ/snort3:glob_several_packets to master
Squashed commit of the following:
commit
b768e09bc0b09ea3aac32b88eaf3b53c2e035e39
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Mon Sep 13 20:34:15 2021 +0300
wizard: update globbing and max_pattern
In order to support globbing over several packets, was added state-variable that contain middle state of pattern.
Max_pattern now applying per flow instead of pre segment.
Max_pattern was renamed to max_search_depth.
Fixed bug with reentering wizard after tcp_hits.
Shravan Rangarajuvenkata (shrarang) [Mon, 25 Oct 2021 15:05:31 +0000 (15:05 +0000)]
Merge pull request #3126 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_out_of_mem to master
Squashed commit of the following:
commit
6ab78b0fdd275b475a568dc68e6ea4e03ef0383a
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Oct 22 16:08:04 2021 -0400
appid: in packet threads, skip loading of detectors that don't have validate function on reload
Shravan Rangarajuvenkata (shrarang) [Thu, 21 Oct 2021 20:11:35 +0000 (20:11 +0000)]
Merge pull request #3110 in SNORT/snort3 from ~KAMURTHI/snort3:built-in-rules to master
Squashed commit of the following:
commit
f5220aa24e5c0db8102197dadcb608016907165b
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Fri Oct 15 00:30:25 2021 -0400
doc: update built-in rule doc for SMTP, IMAP and POP inspectors.
Russ Combs (rucombs) [Thu, 21 Oct 2021 16:12:09 +0000 (16:12 +0000)]
Merge pull request #3121 in SNORT/snort3 from ~SMINUT/snort3:init_scale_fix to master
Squashed commit of the following:
commit
30e99be7b9374ba90e30313b69f1a8a141a0caf5
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Oct 20 12:03:50 2021 -0400
stream_tcp: fix init_wscale() to take into account the DECODE_TCP_WS flag
tcp: remove the probably obsolete __GNUC__ block from TcpOption::next()
tcp: stop on the EOL option in TcpOptIteratorIter::operator++()
Shravan Rangarajuvenkata (shrarang) [Thu, 21 Oct 2021 14:26:19 +0000 (14:26 +0000)]
Merge pull request #3124 in SNORT/snort3 from ~SHRARANG/snort3:build_3.1.15.0 to master
Squashed commit of the following:
commit
25e2620f58e6bf75802d7dca3b8e0e65a95f3721
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Thu Oct 21 08:33:52 2021 -0400
build: generate and tag 3.1.15.0
projects / thirdparty / snort3.git / log
