]>
git.ipfire.org Git - thirdparty/snort3.git/log
Steve Chew (stechew) [Wed, 19 Oct 2022 16:20:12 +0000 (16:20 +0000)]
Pull request #3588: Add stateful signature evaluation
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:stateful_signature_evaluation to master
Squashed commit of the following:
commit
8477617f494ffebae8c95ad6456c7ce3b630b34b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Apr 18 19:27:53 2022 +0300
detection: add stateful signature evaluation
If an IPS option sets the cursor beyond the current buffer size,
an evaluation state will be stored on the flow.
Rule evaluation will resume later, when enough data from the buffer become available.
Key updates/features:
* buffers supported: pkt_data, file_data, js_data
* a rule fired on the current packet doesn't create continuations
* continuations are droppped on config reload
* a few peg counters added
* rule variables are transferred to the continuation
* rule latency supported
Continuation tracks stream source for the following buffers:
pkt_data -- TCP payload data with respect to flow direction
js_data -- JavaScript text combined within the same HTTP request/response
file_data -- file's data within the same file (context)
Now a leaf node can have children, which are flowbit setters moved to the very end.
If an inspector sends PDU with data prepended from previous PDUs,
Continuations will be dropped, because data chunks cannot be concatenated.
Currently, http_inspect http2_inspect can present accumulated data
in file_data and js_data buffers.
Steve Chew (stechew) [Wed, 19 Oct 2022 14:07:24 +0000 (14:07 +0000)]
Pull request #3536: US #762655 detection: target service http rules to specific message sections - Part 5
Merge in SNORT/snort3 from ~MDAGON/snort3:proto_5 to master
Squashed commit of the following:
commit
83ef46f4c04816c433d40af59cda244aaacde1b2
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Mar 21 16:39:24 2022 -0400
http_inspect: remove rule option timing features
Tom Peters (thopeter) [Tue, 18 Oct 2022 19:51:00 +0000 (19:51 +0000)]
Pull request #3616: http_inspect: maximum_pipelined_requests
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:pipeline to master
Squashed commit of the following:
commit
fb53e1c4acacf776a7c20658dd638318c4ecfd2a
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Sep 30 16:41:01 2022 -0400
http_inspect: maximum_pipelined_requests
Pull request #3623: utils: Add possibility to process keywords as identifiers
Merge in SNORT/snort3 from ~ANOROKH/snort3:js_bracket_mismatch to master
Squashed commit of the following:
commit
5e2066e75b0a7e8db2e148e356638ec4060fc84d
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date: Thu Oct 13 14:11:33 2022 +0300
utils: add possibility to process keywords as identifiers
* added JavaScript scope property to track an object body,
* process keywords as identifiers, if they were used as name function or object member,
*'catch' and finally' were added to ignore list, so they would not normalized as function identifiers,
* added unit tests to cover changes
* 'function' isn't supporting as object member because of anonymous function peculiarities
Pull request #3618: lua: add sensitive data rules
Merge in SNORT/snort3 from ~ASERBENI/snort3:sd_rules to master
Squashed commit of the following:
commit
741e150f8b4f542080b7c16dac283e3394afe142
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Tue Oct 4 15:45:01 2022 +0300
lua: add sensitive data rules
Rules include sd_pattern option with the following built-in patterns used: credit_card, us_social, us_social_nodashes, email, us_phone.
The rule set supports following services: http, smtp, ftp-data, imap, pop3.
Shanmugam S (shanms) [Fri, 14 Oct 2022 12:29:03 +0000 (12:29 +0000)]
Pull request #3614: appid: return APP_ID_NONE only if hsession is not present for http3
Merge in SNORT/snort3 from ~SHIKV/snort3:appid_ss to master
Squashed commit of the following:
commit
c366852482ce8e0580a64055896220e07c57fe99
Author: shibin k v <shikv@cisco.com>
Date: Tue Oct 4 10:44:05 2022 +0000
appid: return APP_ID_NONE only if hsession is not present for http3
Pull request #3566: s7commplus: adding wizard support for s7commplus
Merge in SNORT/snort3 from ~JRITTLE/snort3:s7comm_inspector_curse to master
Squashed commit of the following:
commit
03fe0712ecc431aff21c1ce2ff95ed416dcc3733
Author: Jared Rittle <jared@machine.local>
Date: Wed Aug 10 00:04:27 2022 -0400
s7commplus: adding wizard support for s7commplus
Tom Peters (thopeter) [Mon, 10 Oct 2022 19:00:07 +0000 (19:00 +0000)]
Pull request #3605: http_inspect: improved MIME processing
Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp167 to master
Squashed commit of the following:
commit
d383065b2a4a030102b7b8464320f68b97cf5fa7
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Aug 4 16:14:48 2022 -0400
http_inspect: inspect multiple MIME attachments per message section
commit
084cbf53d63c61a97ed55f2e13523ab2fb249a2e
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jun 13 16:00:52 2022 -0400
http_inspect: MIME partial inspections
Ron Dempster (rdempste) [Mon, 10 Oct 2022 15:07:25 +0000 (15:07 +0000)]
Pull request #3615: Reputation
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reputation to master
Squashed commit of the following:
commit
8570cbe9d6a889c4393efd885ee0365d5820fc24
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Sep 12 14:29:20 2022 -0400
reputation: added profiling to the event handlers
commit
6641fdf35ecadf53d9f7114fd54ef9e04c5f3712
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Aug 19 16:21:26 2022 -0400
flow, reputation, protocols: remove reputation information from packet and flow
commit
67b9574c7c955cd4022a94f592c326295e9e03f0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Aug 18 16:45:49 2022 -0400
reputation: refactor event generation for matches
Steven Baigal (sbaigal) [Thu, 6 Oct 2022 18:55:14 +0000 (18:55 +0000)]
Pull request #3612: reputation: fix for array indexing error when searching for reputation file entries
Merge in SNORT/snort3 from ~ALLEWI/snort3:multiple_reputation_entries to master
Squashed commit of the following:
commit
e336be1e0cbde17d4fcc00605ccfacfa4147fd48
Author: albert lewis <allewi@cisco.com>
Date: Mon Oct 3 12:56:51 2022 -0400
reputation: fix for array indexing error when searching for reputation file entries
Steve Chew (stechew) [Thu, 6 Oct 2022 16:08:36 +0000 (16:08 +0000)]
Pull request #3617: build: generate and tag 3.1.43.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.43.0 to master
Squashed commit of the following:
commit
fd52699dda4b42879d7fc5fbe24a27893a911ff0
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Oct 5 15:41:09 2022 -0400
build: generate and tag 3.1.43.0
Pull request #3611: actions: fix rewrite nullptr log crash
Merge in SNORT/snort3 from ~ASERBENI/snort3:act_crash to master
Squashed commit of the following:
commit
2d65237dbeb6cdd1239964fd856b036d3cabc9a7
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Mon Oct 3 16:41:53 2022 +0300
actions: fix action logging for suppressed events
Tom Peters (thopeter) [Tue, 4 Oct 2022 16:23:16 +0000 (16:23 +0000)]
Pull request #3608: allowed and disallowed methods
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:method to master
Squashed commit of the following:
commit
62f3acf8011d7002eca476b34764e12f8a60edb5
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu Aug 18 11:19:30 2022 -0400
http_inspect: allowed and disallowed methods
Ron Dempster (rdempste) [Tue, 4 Oct 2022 12:58:59 +0000 (12:58 +0000)]
Pull request #3609: reputation, sfrt: refactor reputation to remove global variables
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reputation to master
Squashed commit of the following:
commit
ab363a193b3f5cc0696d3641050894b256b25712
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Sep 29 13:41:26 2022 -0400
reputation, sfrt: refactor reputation to remove global variables
Moved the segment_mem global variables and code into a new sfrt RtTable
class.
Created a parser class that holds the RtTable class during parsing.
Ron Dempster (rdempste) [Fri, 30 Sep 2022 22:28:10 +0000 (22:28 +0000)]
Pull request #3599: detection: refactor set next packet to use the dummy active object when there is no packet
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:flush_active to master
Squashed commit of the following:
commit
e9c711082f06c49a1859fb4adcd4eb35831dc30d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Sep 20 11:01:54 2022 -0400
detection: refactor set next packet to use the dummy active object when there is no packet
Ron Dempster (rdempste) [Fri, 30 Sep 2022 22:27:01 +0000 (22:27 +0000)]
Pull request #3600: flow: disable inspection for and HA flow unless the state is setup or inspect
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:ha to master
Squashed commit of the following:
commit
c948d9a71e22815c01847c104881758f24be4964
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed Sep 21 15:41:21 2022 -0400
flow: disable inspection for and HA flow unless the state is setup or inspect
Steven Baigal (sbaigal) [Fri, 30 Sep 2022 15:33:50 +0000 (15:33 +0000)]
Pull request #3607: appid : updating devnotes for first packet API
Merge in SNORT/snort3 from ~UMASHARM/snort3:dev_notes to master
Squashed commit of the following:
commit
2b7b7a40aca9ee785c048b5504d8e8c2bc30861e
Author: Umang Sharma <umasharm@cisco.com>
Date: Thu Sep 29 13:34:23 2022 -0400
appid : addressing review comments
commit
ab17fa0aa9c94bc4b90db9ac2f2be08d488076c4
Author: Umang Sharma <umasharm@cisco.com>
Date: Thu Sep 29 11:39:07 2022 -0400
appid : addressing review comments
commit
1238c12482f1d8b1436193b648151286e3fa3b44
Author: Umang Sharma <umasharm@cisco.com>
Date: Thu Sep 29 11:35:52 2022 -0400
appid : addressing review comments
commit
6693b4f0513bd183356ea285996c9d83f8e8a12a
Author: Umang Sharma <umasharm@cisco.com>
Date: Thu Sep 29 10:48:39 2022 -0400
appid : addressing review comments
commit
189d356ca4cee29452306d300afc6af1fc129658
Author: Umang Sharma <umasharm@cisco.com>
Date: Wed Sep 28 19:50:20 2022 -0400
appid : updating devnotes for first packet API
Tom Peters (thopeter) [Tue, 27 Sep 2022 15:19:44 +0000 (15:19 +0000)]
Pull request #3601: http2_inspect: std::list - remove indirection from stream list
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:vtune_test2 to master
Squashed commit of the following:
commit
1539d242a59d76adcccd50fd95197df634dbbdd5
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu Sep 22 16:37:47 2022 -0400
http2_inspect: std::list - remove indirection from stream list
Shanmugam S (shanms) [Mon, 26 Sep 2022 13:37:09 +0000 (13:37 +0000)]
Pull request #3595: appid: handle http3
Merge in SNORT/snort3 from ~SHIKV/snort3:h3_appid to master
Squashed commit of the following:
commit
5a3b5213ebe21081b27d9c38cebd29844e8f9068
Author: shibin k v <shikv@cisco.com>
Date: Thu Sep 22 10:29:58 2022 +0000
appid: return appid set by eve for http/3 if no hsession is present, but prefer hsession appid over eve
commit
e6a449351595e205d4793d3fa132be23b5266b8e
Author: shibin k v <shikv@cisco.com>
Date: Mon Sep 19 20:49:37 2022 +0000
appid: handle multistream http protocols(http2,http3) together
Steve Chew (stechew) [Fri, 23 Sep 2022 18:26:32 +0000 (18:26 +0000)]
Pull request #3598: build: generate and tag 3.1.42.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.42.0 to master
Squashed commit of the following:
commit
5f916d972339048112609681b377f0507b014a24
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Sep 22 14:48:03 2022 -0400
build: generate and tag 3.1.42.0
Pull request #3591: Content retry fix
Merge in SNORT/snort3 from ~VHORBATO/snort3:content_retry_fix to master
Squashed commit of the following:
commit
2c16faf29f2f400e1439a46ad9e533cf99dc46c7
Author: Vitalii <vhorbato@cisco.com>
Date: Thu Sep 15 19:03:29 2022 +0300
parser: remove platform dependency from parse_int function
commit
906ae2b9be21e7c1bc6916da9bac2dfddfb443b1
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Sep 21 10:51:59 2022 +0300
ips_options: rollback changes causing content not to match when out of data start boundary
Pull request #3596: ips_options: set ips.obfuscate_pii to true by default
Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_masking to master
Squashed commit of the following:
commit
0df025c604ca7bb36e02b3a70c32b8463cfb5ba6
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Sep 19 22:28:55 2022 +0300
ips_options: change ips.obfuscate_pii to be true by default
Sreeja Athirkandathil Narayanan (sathirka) [Wed, 21 Sep 2022 03:20:20 +0000 (03:20 +0000)]
Pull request #3510: appid : A custom lua detector api to map ip and port to appids on the first packet.
Merge in SNORT/snort3 from ~UMASHARM/snort3:POC_FirstPkt to master
Squashed commit of the following:
commit
7bc2782effcc61941091f0bce53640cc3c85c293
Author: Umang Sharma <umasharm@cisco.com>
Date: Tue Jul 12 06:31:29 2022 -0400
appid: A custom lua detector api to map ip and port to appids on the first packet
Pull request #3593: Wizard: client_first option deprecated
Merge in SNORT/snort3 from ~ANOROKH/snort3:doc_wiz_deprec to master
Squashed commit of the following:
commit
6a684948e243332335f4633460c0286c562eeab3
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date: Mon Sep 19 15:08:31 2022 +0300
wizard: deprecate client_first option
Ron Dempster (rdempste) [Tue, 20 Sep 2022 14:09:36 +0000 (14:09 +0000)]
Pull request #3594: reputation: use the thread specific reputation data for aux ip event
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:rep_aux_event to master
Squashed commit of the following:
commit
ce7e6e4e9882ff1866a0a2dbe81c4dd2e9e9787d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Sep 19 09:33:17 2022 -0400
reputation: use the thread specific reputation data for aux ip event
Steven Baigal (sbaigal) [Tue, 20 Sep 2022 14:01:49 +0000 (14:01 +0000)]
Pull request #3592: memory: fix typo in peg counter help text
Merge in SNORT/snort3 from ~AKAYAMBU/snort3:memorypegs to master
Squashed commit of the following:
commit
b6663aba460444a11d2cc1e6bb4e94f52ad98892
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date: Sat Sep 17 16:40:43 2022 -0400
memory: fix typo in peg counter help text
Sreeja Athirkandathil Narayanan (sathirka) [Tue, 20 Sep 2022 07:34:00 +0000 (07:34 +0000)]
Pull request #3590: doc: added smtp rule 124:17
Merge in SNORT/snort3 from ~BSACHDEV/snort3:smtp_rule to master
Squashed commit of the following:
commit
13423e7715ceec76dfd8fd04b35bc7bd73a4d5b4
Author: bsachdev <bsachdev@cisco.com>
Date: Thu Sep 15 15:37:09 2022 -0400
doc: added smtp rule 124:17
Pull request #3589: JavaScript Normalizer: remove open tag alert in literals
Merge in SNORT/snort3 from ~ANOROKH/snort3:js_fix_otag_alert to master
Squashed commit of the following:
commit
1644b13faeabf1f758dd71cc80a9edf24ab84275
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date: Wed Sep 14 11:01:32 2022 +0300
utils: remove alert for an opening tag in string literals
Sreeja Athirkandathil Narayanan (sathirka) [Fri, 16 Sep 2022 14:08:04 +0000 (14:08 +0000)]
Pull request #3554: appid: Appid service detection prioritized over third party detection
Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_detection_priority_over_third_party to master
Squashed commit of the following:
commit
2f4ea7dbd8954544fb63c9e76f0d9b5e81b9c8bf
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Aug 5 04:47:34 2022 -0400
appid: Appid service detection prioritized over third party detection
Steven Baigal (sbaigal) [Thu, 15 Sep 2022 14:57:53 +0000 (14:57 +0000)]
Pull request #3585: netflow: evaluate all matching netflow rules, not just the first match
Merge in SNORT/snort3 from ~MMATIRKO/snort3:nf_rule_eval to master
Squashed commit of the following:
commit
b600d2774896b5e35232dff280d995626fae0599
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Sep 7 17:09:21 2022 -0400
netflow: evaluate all matching netflow rules, not just the first match
Shanmugam S (shanms) [Thu, 15 Sep 2022 07:32:50 +0000 (07:32 +0000)]
Pull request #3548: HTTP/3 inspector implementation support
Merge in SNORT/snort3 from ~ABHPAL/snort3:h3 to master
Squashed commit of the following:
commit
18d340b34fb619533c4a8d1722cd57f823d817ba
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Aug 25 16:21:19 2022 +0530
parser: add implicit http3 to http ips options otn
commit
b38f067a20e4503d29916be966919fafee71d3c7
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Aug 25 16:20:14 2022 +0530
stream: export support for creating udp session
commit
6f3f7109f8f3c8b0c3299a2aec7c58508a000840
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Aug 25 16:18:56 2022 +0530
detection: add http3 to http ips buffers
commit
254ccfed242e89b5780407691c5b9fff69684be4
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:54:39 2022 +0530
flow: abstract class added to work on stream based connections
commit
d2b82a8feccd6ac3c37aa202ec58c505714f7546
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:53:56 2022 +0530
pub_sub: handle httpx(2,3) traffic
commit
9bf0c34a118bd4f3dba8052ee141be1a86eea237
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:52:55 2022 +0530
payload_injector: accomodate httpx(2,3) stream id values
commit
32e13e3f1f534f5632264e3e0d1d9f1f921c74b8
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:52:06 2022 +0530
rna: handle httpx(2,3) traffic
commit
c3ad5f625c98a337d2bf5b51742075d1d5b07c23
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:51:23 2022 +0530
appid: handle http event for httpx(2,3) traffic
commit
b7e9927040da7d01ebb3dbed0b256340a5bf4f94
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:50:20 2022 +0530
http2_inspect: updated with abstracted httpx(2,3) flags
commit
d27580f9f0666ec765c90347a34ccad619effcb0
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Jul 14 15:48:46 2022 +0530
http_inspect: abstract inspection of httpx(2,3)
Tom Peters (thopeter) [Wed, 14 Sep 2022 22:13:11 +0000 (22:13 +0000)]
Pull request #3582: Header length rule options
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:header_length to master
Squashed commit of the following:
commit
95bfb786b9c1cc5912a90e0aeaf1ea57f1532b4b
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Aug 31 12:16:43 2022 -0400
http_inspect: http_max_header_line and http_max_trailer_line rule options
Sreeja Athirkandathil Narayanan (sathirka) [Wed, 14 Sep 2022 16:50:16 +0000 (16:50 +0000)]
Pull request #3579: appid: Added a snort config to control client-process mapping
Merge in SNORT/snort3 from ~BSACHDEV/snort3:client_process_mapping to master
Squashed commit of the following:
commit
ce7051260b852b09a4a0a27d2375f90f2a0ea66d
Author: bsachdev <bsachdev@cisco.com>
Date: Tue Aug 16 14:41:36 2022 -0400
appid: Added a snort config to control client-process mapping
Sreeja Athirkandathil Narayanan (sathirka) [Tue, 13 Sep 2022 15:05:17 +0000 (15:05 +0000)]
Pull request #3574: appid: Cache support for unproccesed ssl packets
Merge in SNORT/snort3 from ~OSTEPANO/snort3:tls_caching_appid to master
Squashed commit of the following:
commit
c33bc414f214ea557ccaf188c53387e7de33f6f4
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Tue Jul 12 09:29:51 2022 -0400
appid: Cache support for unprocessed ssl packets
Pull request #3581: ips_options: content retry
Merge in SNORT/snort3 from ~ASERBENI/snort3:russ_content_retry to master
Squashed commit of the following:
commit
25963f71586de50ed65369b8823a3bd3e2513d98
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Sep 13 15:33:25 2022 +0300
trace: ips variables are dumped as hex
commit
0efc6a4894c4b65e7b872236b4d8c7bc63e362cd
Author: russ <rucombs@cisco.com>
Date: Mon Aug 15 21:00:31 2022 -0400
content: fix retry
This deprecates the 2nd/"orig" cursor argument to retry.
The existing Cursor.delta member provides the required information.
The use of byte_extract variables is also fixed for content.
Those valuse are used as sizes or offsets and can not be negative.
commit
f32ed3f56ce9dab991d7951c9c9107fe83137323
Author: russ <rucombs@cisco.com>
Date: Tue Aug 16 11:40:40 2022 -0400
ips: trace all node evaluations
Iterative evaluations due to retry were not previously traced.
Pull request #3583: detection: add option to reduce rtns by port values
Merge in SNORT/snort3 from ~VHORBATO/snort3:rtn_deduplication to master
Squashed commit of the following:
commit
e111df05dfd6598100f5140f07d8326f41d68c74
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Sep 6 18:04:23 2022 +0300
detection: add option to reduce rtns by port values
Tom Peters (thopeter) [Fri, 9 Sep 2022 20:17:33 +0000 (20:17 +0000)]
Pull request #3576: http_inspect: Investigate if we can refactor rule options using ranges/2
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:derive_range_option to master
Squashed commit of the following:
commit
ae50bb122b87ef5fc32bc06536f4d556ed082c78
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Aug 16 14:41:45 2022 -0400
http_inspect: rework range rule options
Steve Chew (stechew) [Fri, 9 Sep 2022 06:35:57 +0000 (06:35 +0000)]
Pull request #3584: build: generate and tag 3.1.41.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.41.0 to master
Squashed commit of the following:
commit
c2679ae40b120ee4d17b04612422d1bcbd5093d1
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Sep 7 15:34:40 2022 -0400
build: generate and tag 3.1.41.0
Pull request #3575: sd_pattern: add and improve built-in patterns
Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_new_patterns to master
Squashed commit of the following:
commit
7671add3259b33398e783c5b58c3c262737824f4
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Aug 26 19:58:51 2022 +0300
sd_pattern: add and improve built-in patterns
Pull request #3572: utils: Rewrite normalizer unit tests
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_unit_demacro to master
Squashed commit of the following:
commit
5aec814cf4c7bf82ddc5458dd2d807f8414137f3
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Jun 6 13:14:46 2022 +0300
utils: refactor JS normalizer unit tests
Steven Baigal (sbaigal) [Fri, 2 Sep 2022 20:43:31 +0000 (20:43 +0000)]
Pull request #3577: netflow: log even when some info is missing
Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_fixes to master
Squashed commit of the following:
commit
7bcc8ee0ea2e5fe807751e42ebc4fc21d795a450
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Aug 18 11:45:36 2022 -0400
netflow: log even when not all info is present
Sreeja Athirkandathil Narayanan (sathirka) [Fri, 2 Sep 2022 17:51:10 +0000 (17:51 +0000)]
Pull request #3578: file_id: Update Office Documents rules
Merge in SNORT/snort3 from ~AGIURGIU/snort3:update_office_docs to master
Squashed commit of the following:
commit
56bc735801d80ef0216017dbc4234085bdd10b8d
Author: Alexandru Giurgiu <agiurgiu@cisco.com>
Date: Tue Aug 23 09:29:49 2022 +0300
file_id: Update Office Documents rules
Ron Dempster (rdempste) [Thu, 1 Sep 2022 15:34:15 +0000 (15:34 +0000)]
Pull request #3573: Const changes
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:const_changes to master
Squashed commit of the following:
commit
49533a8a6b24ba425331b874f32326666bb3b6e0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Aug 19 13:29:40 2022 -0400
stream: free flow data, if flow is blocked
commit
3634e7e499ca310d8b3a92938682098d5e0aeba8
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Aug 18 16:45:24 2022 -0400
framework, rna, pub_sub: make data bus get_packet method a const
commit
47beb51ab6055c7bdac4594a2aceed0d96128471
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Aug 18 16:42:05 2022 -0400
stream: use a const packet to populate the flow key
commit
546c8888f600b139a7877e47b75d469ed3752824
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Aug 18 16:40:44 2022 -0400
flow: update flow statistics before processing a flow
Sreeja Athirkandathil Narayanan (sathirka) [Mon, 29 Aug 2022 16:51:57 +0000 (16:51 +0000)]
Pull request #3568: appid: send intermediate messages for appid reload commands to the socket
Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_reload_time to master
Squashed commit of the following:
commit
9b2753eccce757696fba1d90ea1c9b2c639ec781
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Aug 15 13:16:42 2022 -0400
appid: send intermediate messages for appid reload commands to the socket
Bhargava Jandhyala (bjandhya) [Fri, 26 Aug 2022 15:19:08 +0000 (15:19 +0000)]
Pull request #3558: file_api: corrected the formatting of File Statistics output
Merge in SNORT/snort3 from ~UMUNNIKR/snort3:file_stats_dump to master
Squashed commit of the following:
commit
9855f3c445eefa957649c76a9ed4426fba042a43
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Mon Aug 15 15:35:57 2022 +0530
file_api: corrected the formatting of File Statistics output
Russ Combs (rucombs) [Thu, 25 Aug 2022 19:09:38 +0000 (19:09 +0000)]
Pull request #3569: build: generate and tag 3.1.40.0
Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.40.0 to master
Squashed commit of the following:
commit
87252bdadd41d0fe90a95319dd25688c43adf299
Author: russ <rucombs@cisco.com>
Date: Thu Aug 25 10:08:50 2022 -0400
build: generate and tag 3.1.40.0
Shanmugam S (shanms) [Wed, 24 Aug 2022 05:04:19 +0000 (05:04 +0000)]
Pull request #3549: crashhandler: Crashandler signal handling path Fix
Merge in SNORT/snort3 from ~MSONEJA/snort3:crash_handler_fix to master
Squashed commit of the following:
commit
c880afa890d8b451968f1dd7aa895ccbaf57f689
Author: msoneja <msoneja@cisco.com>
Date: Wed Aug 10 11:36:34 2022 +0000
helpers: make install_oops_handle and remove_oops_handle so_public, install process.h and sigsafe.h
Steven Baigal (sbaigal) [Tue, 23 Aug 2022 17:14:05 +0000 (17:14 +0000)]
Pull request #3564: daq: Remove duplicate entries from static module list
Merge in SNORT/snort3 from ~AKAYAMBU/snort3:daqcmakefix to master
Squashed commit of the following:
commit
9bd81840fdec5361257a729c0c54e70c39cd126c
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date: Fri Aug 19 11:41:19 2022 -0400
daq: Remove duplicate entries from static module list
thanks to GitHub user raging-loon for reporting the issue
Tom Peters (thopeter) [Mon, 22 Aug 2022 07:34:29 +0000 (07:34 +0000)]
Pull request #3562: http_inspect: add doc for http_num_cookies
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:doc_num_cookies to master
Squashed commit of the following:
commit
e83e4def10dd889341a635c28c2b80a2db0afcd2
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu Aug 18 10:50:14 2022 -0400
http_inspect: add doc for http_num_cookies
Pull request #3550: utils: Add ext_script checks to </script> tokens
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_norm_end_tag to master
Squashed commit of the following:
commit
0450c203be60a18457f4cab5882b80e0cacfc256
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed Aug 10 15:06:34 2022 +0300
utils: allow closing tag in external scripts
An appropriate built-in alert will be generated without
stopping the normalization.
Tom Peters (thopeter) [Thu, 18 Aug 2022 16:42:02 +0000 (16:42 +0000)]
Pull request #3563: Github PR 266 - fix typo in stream dev_notes
Merge in SNORT/snort3 from ~MDAGON/snort3:stream_dev to master
Squashed commit of the following:
commit
ed618e05176036128dace4e2a8a4053e1670442c
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Aug 18 11:28:00 2022 -0400
stream: typo in dev_notes, fix by RobinLanglois
Pull request #3559: http_inspect: add more identifiers to js_norm lists
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:js_ident_upd to master
Squashed commit of the following:
commit
ccd9e35e96370cecdfbeb53a6ec980d506cd6b86
Author: Vitalii <vhorbato@cisco.com>
Date: Thu Aug 4 13:57:34 2022 +0300
http_inspect: add more identifiers to js_norm lists
Tom Peters (thopeter) [Wed, 17 Aug 2022 23:52:41 +0000 (23:52 +0000)]
Pull request #3555: http_inspect: parameters for header alerts
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:header_params to master
Squashed commit of the following:
commit
beed48e8b60e9631ff9001b79db3dfd9df3e4285
Author: Adrian Mamolea <admamole@cisco.com>
Date: Mon Aug 8 17:06:08 2022 -0400
http_inspect: parameters for header alerts
Sreeja Athirkandathil Narayanan [Tue, 2 Aug 2022 17:54:37 +0000 (13:54 -0400)]
appid: activate appid debug object before printing logs from http event handler
Adrian Mamolea [Wed, 3 Aug 2022 19:14:42 +0000 (15:14 -0400)]
http_inspect: http_num_cookies rule option
russ [Wed, 3 Aug 2022 16:39:05 +0000 (12:39 -0400)]
doc: add section on commit messages to the dev guide
russ [Wed, 27 Jul 2022 18:05:53 +0000 (14:05 -0400)]
hyperscan: add warning when deserialization fails that includes error code
russ [Mon, 25 Jul 2022 20:20:26 +0000 (16:20 -0400)]
ffi: add get_module_version(name, type) for conditional config
russ [Fri, 22 Jul 2022 12:27:47 +0000 (08:27 -0400)]
ip_proto: enable match on PDUs
russ [Tue, 19 Jul 2022 17:41:42 +0000 (13:41 -0400)]
help: enclose --help-config string defaults in single quotes
russ [Mon, 18 Jul 2022 19:55:42 +0000 (15:55 -0400)]
telnet: use the same splitter as ftp_server
russ [Fri, 15 Jul 2022 18:32:18 +0000 (14:32 -0400)]
vlan: add configurable TPIDs
russ [Fri, 15 Jul 2022 16:11:27 +0000 (12:11 -0400)]
parameter: add int_list
russ [Fri, 15 Jul 2022 15:48:22 +0000 (11:48 -0400)]
parameter: simplify multi validation
russ [Fri, 8 Jul 2022 12:13:57 +0000 (08:13 -0400)]
ChangeLog: change to md format
russ [Wed, 6 Jul 2022 15:14:58 +0000 (11:14 -0400)]
style: change max line length to 120 including \n
russ [Tue, 5 Jul 2022 16:09:52 +0000 (12:09 -0400)]
doc: specify parallelization in make in tutorial
russ [Tue, 5 Jul 2022 16:03:22 +0000 (12:03 -0400)]
gid: upper bound changed to match event_filter and rate_filter implementation limits
Ron Dempster (rdempste) [Fri, 5 Aug 2022 14:37:00 +0000 (10:37 -0400)]
reputation: make reputation handle flow setup, reloaded, and packet without flow events
Ron Dempster (rdempste) [Fri, 5 Aug 2022 14:38:01 +0000 (10:38 -0400)]
managers: only publish the reloaded flow event for existing flows with an old policy
Ron Dempster (rdempste) [Wed, 3 Aug 2022 18:08:12 +0000 (14:08 -0400)]
appid: do not clear client version when deleting appid session data
Ron Dempster (rdempste) [Wed, 3 Aug 2022 18:07:17 +0000 (14:07 -0400)]
flow: fix deferred trust for trust followed by defer
Steve Chew [Wed, 10 Aug 2022 16:08:56 +0000 (12:08 -0400)]
build: generate and tag 3.1.39.0
Oleksandr Serhiienko [Thu, 4 Aug 2022 09:51:17 +0000 (12:51 +0300)]
utils: fix JS split to reflect tokens correction and re-normalization
Steven Baigal (sbaigal) [Wed, 3 Aug 2022 18:27:14 +0000 (14:27 -0400)]
cmake: add --enable-luajit-static option to enable LuaJit linked statically
Juweria Ali Imran [Mon, 1 Aug 2022 14:45:06 +0000 (10:45 -0400)]
rna: Added log message for missing 'rna.conf' path
Pull request #3542: ips_options: remove obfuscate_pii caching in sd_pattern option
Merge in SNORT/snort3 from ~VHORBATO/snort3:pii_cache to master
Squashed commit of the following:
commit
38ecd019f507df15b9411a265099f81f7dc307b9
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Aug 3 17:18:27 2022 +0300
ips_options: remove obfuscate_pii caching in sd_pattern option
Pull request #3537: JS Normalizer: Escaped JavaScript Identifiers
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_unescape_ident to master
Squashed commit of the following:
commit
2b192d53735b7f6b346c17581adc28c1ee395b56
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Aug 1 11:16:11 2022 +0300
utils: fix compilation warning [-Wcomma]
commit
ad2285d11ea0b1408937a7688179e7d65946031f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Aug 1 11:15:00 2022 +0300
utils: validate escaped JavaScript identifiers
Michael Matirko [Mon, 25 Jul 2022 15:51:17 +0000 (11:51 -0400)]
netflow: pass a flag if the initiator and responder were swapped
Maya Dagon [Mon, 1 Aug 2022 14:46:11 +0000 (10:46 -0400)]
http_inspect: request and response shouldn't be available for pkt_data
Ron Dempster (rdempste) [Mon, 1 Aug 2022 21:54:10 +0000 (17:54 -0400)]
main, managers: remove the reload_module command
Pull request #3532: parser: remove 138 from builtin GID exceptions
Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_exc to master
Squashed commit of the following:
commit
2ae8f773e1afbc889c69fc283b28d9f3d31e1825
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Jul 25 13:43:35 2022 +0300
parser: remove 138 from builtin GID exceptions
russ [Thu, 28 Jul 2022 13:44:42 +0000 (09:44 -0400)]
build: generate and tag 3.1.38.0
Adrian Mamolea [Tue, 19 Jul 2022 18:34:22 +0000 (14:34 -0400)]
http2_inspect: add support for GOAWAY frames
Sreeja Athirkandathil Narayanan [Thu, 7 Jul 2022 17:29:33 +0000 (13:29 -0400)]
appid: restart inspection for ssl session inside http tunnel
Pull request #3520: Fix tsan warning
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_tsan_warning to master
Squashed commit of the following:
commit
2b4ebd297a3b7088f6b4ba46e1b12698d876423f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Sat Jul 16 18:41:34 2022 +0300
utils: add static initialization of norm_names
commit
217831f9c1de3ea40bde105c7efc92e742447941
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Mon Jul 18 15:20:58 2022 +0300
http_inspect: remove dependency of JS normalization depth on HTTP depth
Pull request #3511: detection: fix the bug with qualified events
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:detection_child_bug to master
Squashed commit of the following:
commit
5e7bd568b6dd21556bcb305f5f02366e374877ee
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Wed Jul 6 18:52:38 2022 +0300
detection: separate the branch/leaf result to different variables
Evaluation function's return value is for branch results,
while the flag in eval_data is for leaf results.
Pull request #3525: http_inspect: script tag type check
Merge in SNORT/snort3 from ~ASERBENI/snort3:script_mime to master
Squashed commit of the following:
commit
8b16e57c27cc3ce8dfce56fbe29a8876f8eadb2d
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Fri Jul 22 13:10:35 2022 +0300
http_inspect: add more explicit js type values to otag type check
Vitalii [Fri, 15 Jul 2022 14:54:43 +0000 (17:54 +0300)]
snort2lua: change the conversion of sensitive data rules
Pull request #3527: JavaScript Normalizer: normalize JavaScript after opening tag
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_fix_otag to master
Squashed commit of the following:
commit
28534c108a56e40b76310a6076820739b82e7e4a
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Jul 19 20:53:56 2022 +0300
utils: continue JS normalization after opening tag seen
* utils: normalize JavaScript after any opening tag seen
* utils: re-normalize explicit opening tag by common rules
* utils: throw opening tag built-in alert for inline scripts only
* utils: remove opening tag return code
* http_inspect: do not stop normalization in case of opening script tag
* http_inspect: update trace messages
Steven Baigal (sbaigal) [Fri, 22 Jul 2022 22:04:02 +0000 (22:04 +0000)]
Pull request #3528: stream: Removed all instances of 'cap_weight' config parameter
Merge in SNORT/snort3 from ~JALIIMRA/snort3:cap_weight to master
Squashed commit of the following:
commit
a84b7ca578ed80e247a64ef8fa729623c0a740b9
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Jul 18 16:17:20 2022 -0400
stream: Removed all instances of 'cap_weight' config parameter
stream: Removed macro references for 'cap_weight' config parameter
Tom Peters (thopeter) [Fri, 22 Jul 2022 19:55:27 +0000 (19:55 +0000)]
Pull request #3516: http2_inspect: add support for PRIORITY frames
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:priority_frames to master
Squashed commit of the following:
commit
fb64edf07d7b0506cc32513b58612eb8cc57adb1
Author: Adrian Mamolea <admamole@cisco.com>
Date: Mon Jul 11 12:20:07 2022 -0400
http2_inspect: add support for PRIORITY frames
Tom Peters (thopeter) [Fri, 22 Jul 2022 18:20:21 +0000 (18:20 +0000)]
Pull request #3506: http_inspect directly calls detection
Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp164 to master
Squashed commit of the following:
commit
0b70bc4f11ef4639ef8fa5cd33bcfd9b0d80b57d
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jun 27 13:19:09 2022 -0400
http_inspect: directly call detection
commit
792288626c150c068752c053d2de20d39845c74b
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Jul 5 16:15:35 2022 -0400
http2_inspect: Interface to http_inspect now uses real reassembled packet
Ron Dempster (rdempste) [Thu, 21 Jul 2022 17:06:55 +0000 (17:06 +0000)]
Pull request #3521: pub_sub: add definitions for ssl block and block with reset messages
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:event_driven_xff to master
Squashed commit of the following:
commit
94cd95079f8377ae56dc8b2750afcbe539f09476
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Jul 15 07:42:53 2022 -0400
pub_sub: add definitions for ssl block and block with reset messages
Sreeja Athirkandathil Narayanan (sathirka) [Wed, 20 Jul 2022 21:53:07 +0000 (21:53 +0000)]
Pull request #3524: appid: set persistent flag for sunrpc expected session
Merge in SNORT/snort3 from ~SATHIRKA/snort3:persistent_flag_sunrpc_ff to master
Squashed commit of the following:
commit
16568a1b61156bc63a96accb373e42f53b9e75e6
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Jul 18 13:32:32 2022 -0400
appid: set persistent flag for sunrpc expected session
Sreeja Athirkandathil Narayanan (sathirka) [Wed, 20 Jul 2022 20:47:45 +0000 (20:47 +0000)]
Pull request #3514: appid: send more packets to third-party for FTP user name extraction
Merge in SNORT/snort3 from ~BSACHDEV/snort3:ftp_uname to master
Squashed commit of the following:
commit
e6475795888c007ad66de2985bfc6fbef482561d
Author: bsachdev <bsachdev@cisco.com>
Date: Mon Jul 11 16:51:50 2022 -0400
appid: send more packets to third-party for FTP user name extraction
Russ Combs (rucombs) [Tue, 19 Jul 2022 10:42:26 +0000 (10:42 +0000)]
Pull request #3522: build: generate and tag 3.1.37.0
Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.37.0 to master
Squashed commit of the following:
commit
8c50976531c3012679e8c982d32e1b8f1689ad80
Author: russ <rucombs@cisco.com>
Date: Mon Jul 18 16:27:54 2022 -0400
build: generate and tag 3.1.37.0
Pull request #3518: utils: fix Unicode LS PS handling in JavaScript
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_fix_lsps to master
Squashed commit of the following:
commit
0a5bd2f42ba011e233b4e4cef21e7530f005b97f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Jul 14 13:58:19 2022 +0300
utils: fix Unicode LS PS handling in JavaScript
Steven Baigal (sbaigal) [Fri, 15 Jul 2022 17:39:14 +0000 (17:39 +0000)]
Pull request #3504: print LogMessage in reputation only when in verbose mode
Merge in SNORT/snort3 from ~ALLEWI/snort3:print_reputation_verbose to master
Squashed commit of the following:
commit
75b02e22b601500d660eb342215159b5e1bc5551
Author: allewi@cisco.com <allewi@cisco.com>
Date: Wed Jul 6 17:43:49 2022 -0400
reputation: print LogMessage in reputation only when in verbose mode
Steve Chew (stechew) [Thu, 14 Jul 2022 19:10:34 +0000 (19:10 +0000)]
Pull request #3517: build: generate and tag 3.1.36.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.36.0 to master
Squashed commit of the following:
commit
62aaa4fecbcb95dfcaa548907ab43cc0bb48f3df
Author: Steve Chew <stechew@cisco.com>
Date: Thu Jul 14 13:56:24 2022 -0400
build: generate and tag 3.1.36.0
projects / thirdparty / snort3.git / log
