git.ipfire.org Git - thirdparty/snort3.git/log

Pull request #4981: build: generate and tag 3.9.7.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.7.0 to master

Squashed commit of the following:

commit d15630e1075770f7fc4973a6a822195e7e0630d7
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Nov 5 22:32:31 2025 -0500

build: generate and tag 3.9.7.0

Pull request #4925: appid: SNI and CNAME patterns matching fix

Merge in SNORT/snort3 from ~AMILASH/snort3:cname_sni_pattern_matching to master

Squashed commit of the following:

commit 6b2ac4841f641790fce314bb369289009b977907
Author: Artur <amilash@cisco.com>
Date: Tue Sep 30 08:08:56 2025 -0400

appid: SNI and CNAME patterns matching fix

Pull request #4970: stream: remove lock on extra_data_log as it is only changed at Analyzer startup

Merge in SNORT/snort3 from ~MMATIRKO/snort3:xtra_no_lock to master

Squashed commit of the following:

commit a59a788ca121a1df8bd111eec08b19e7437dad6b
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Nov 3 09:49:45 2025 -0500

stream: remove lock on extra_data_log as it is only changed at Analyzer startup

Pull request #4893: http_inspect: waf buffers

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:log_buffers to master

Squashed commit of the following:

commit c2b242a909c4bd36d03b4b16f9c267857ce27580
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Sep 2 12:32:45 2025 -0400

http_inspect: add waf buffers

Pull request #4967: appid: suppress false positive coverity warning

Merge in SNORT/snort3 from ~AAVILASE/snort3:suppress_coverity_warning to master

Squashed commit of the following:

commit 3f45980bf43e944f4eddc181965360fb3671102d
Author: Andres Avila <aavilase@cisco.com>
Date: Thu Oct 30 11:04:40 2025 -0400

appid: suppress false positive coverity warning

Pull request #4966: appid: fix ssh service detection on mid-stream sessions

Merge in SNORT/snort3 from ~YEFURMAN/snort3:ssh_service_detection_fix to master

Squashed commit of the following:

commit 21a4f27f6cda49e6b176f6ae1461d24db1a28611
Author: yefurman <yefurman@cisco.com>
Date: Fri Oct 24 09:49:36 2025 -0400

appid: fix ssh service detection with dropped packets

Pull request #4945: memory, filters: resolve coverity and TSAN issues

Merge in SNORT/snort3 from ~MMATIRKO/snort3:coverity_calamity to master

Squashed commit of the following:

commit 696a51e6dad7ca1c6351831ca2b08899538346b5
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Oct 9 13:52:36 2025 -0400

    memory: resolve race condition on global stats

    filters: resolve lock issues, 2k38 issues in rate_filter and sfthd

    stream: add additional lock/unlock when we do extra_data_log

    perf_monitor: don't decrement index if already zero

    appid: fix printf args

    perf_monitor: fix minor issue with int overflow

    ha: guard against negative shift

    codec: fix byte math, codec coverity issues

    rna: use std::move on RnaTracker to move instead of copying

    snort2lua: use std::move where possible

    stream, loggers: use std::move where possible

    sfthd: fix issues with printf type specifier, cppcheck issues

    detection_engine: use const where possible

Pull request #4933: ssl: SSL extractor event

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ssl_metadata_extractor to master

Squashed commit of the following:

commit 45a8012221075eb0d84589631d543b9151d25c95
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Sep 11 04:42:20 2025 -0400

ssl: SSL extractor event

Pull request #4946: appid: solve coverity warnings

Merge in SNORT/snort3 from ~AAVILASE/snort3:address_coverity_warnings to master

Squashed commit of the following:

commit b100d38c8fbf510e5e6daf9f4b5cfe37de1d8352
Author: Andres Avila <aavilase@cisco.com>
Date: Thu Oct 16 10:33:30 2025 -0400

appid: solve coverity warnings

Pull request #4950: appid: add multi-stream support for DNS

Merge in SNORT/snort3 from ~SHIKV/snort3:doh_multi_stream to master

Squashed commit of the following:

commit e46e9809c787162b84bdd9147a27cde496cd8714
Author: shibin k v <shikv@cisco.com>
Date: Tue Oct 21 04:00:46 2025 -0500

appid: add multi-stream support for DNS

Pull request #4951: iec104: data size checks for pointer operations

Merge in SNORT/snort3 from ~OSTEPANO/snort3:iec_coverity to master

Squashed commit of the following:

commit dc00f009a3007ba2d9b5d7ff33e123f49413b643
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Tue Oct 21 06:01:08 2025 -0400

iec104: data size checks for pointer operations

Pull request #4940: dce_rpc: checking out of bounds

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_dcesmb_oob to master

Squashed commit of the following:

commit a81f44c4ed3c9867580b49cd0877798cefa7dffb
Author: ashutosh <ashugup3@cisco.com>
Date: Thu Oct 9 12:17:10 2025 +0530

dce_rpc: checking out of bounds

Pull request #4884: flow: add new flow prune reason

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:flow_release to master

Squashed commit of the following:

commit c6c4c580d3aa46a09b9063b08347c6071de631f6
Author: rshafiq <rshafiq@cisco.com>
Date: Tue Aug 26 16:51:20 2025 -0400

flow: new pegs and packet tracer log for flow prune

Pull request #4954: s7commplus: out of bounds check during decode

Merge in SNORT/snort3 from ~AAVILASE/snort3:s7commplus_out_bounds_check to master

Squashed commit of the following:

commit 946cf17ece70bdf2899053099dca70e93fd7d9b5
Author: Andres Avila <aavilase@cisco.com>
Date: Tue Oct 21 10:12:21 2025 -0400

s7commplus: out of bounds check during decode

Pull request #4833: snort_ml: add mpse and lru cache

Merge in SNORT/snort3 from ~BRASTULT/snort3:snort_ml_pipeline to master

Squashed commit of the following:

commit 1f51dd1bee92a4995d960561b59a72e1a8903b53
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Jul 25 13:46:00 2025 -0400

    build: only enable libml for supported versions

commit 47a789fc3b637f95b11ba0b154af53440ed5b2f2
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Jul 25 13:32:01 2025 -0400

    snort_ml: add mpse and lru cache

commit 7c74729080cc2f1095dbbeee8e98bbbda00accf9
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Sep 5 17:00:03 2025 -0400

    hash: add FNV-1a hash

Pull request #4942: pop: fixing oob in pop_paf search_for_command

Merge in SNORT/snort3 from ~DKOLOMII/snort3:pop_oob_fix to master

Squashed commit of the following:

commit f06464862b154bd1742a19bdb330348519017da4
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Wed Oct 15 11:35:39 2025 -0400

pop: fixing oob in pop_paf search_for_command

Pull request #4948: log: Increase max length of LogMessage output.

Merge in SNORT/snort3 from ~STECHEW/snort3:log_message_size to master

Squashed commit of the following:

commit aed76bcfc3177ab2d806380029e5b2e75ed60a8b
Author: Steve Chew <stechew@cisco.com>
Date: Sun Oct 19 14:37:14 2025 -0400

log: Increase max length of LogMessage output.

Pull request #4941: imap: parse_command oob fix

Merge in SNORT/snort3 from ~DKOLOMII/snort3:imap_oob_fix to master

Squashed commit of the following:

commit fd69fd0e106da891013f471051c06cd357bba5ac
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Wed Oct 15 10:12:23 2025 -0400

imap: parse_command oob fix

Pull request #4947: mp_data_bus: fixing coverity issues

Merge in SNORT/snort3 from ~UMASHARM/snort3:mpdbus_coverity to master

Squashed commit of the following:

commit 0d1fa67aa85e084c72dbe5f161e551c0455ed14f
Author: Umang Sharma <umasharm@cisco.com>
Date: Thu Oct 16 11:55:05 2025 -0400

mp_data_bus: fixing coverity issues

Pull request #4923: stream_tcp: enhance rst validation to follow RFC 5961 recommendations

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_rst_handling to master

Squashed commit of the following:

commit f355fb9799470aae71c2f6b13cea98d981e0ba68
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Tue Sep 9 11:58:15 2025 -0400

    stream_tcp: enhance rst validation to follow RFC 5961 recommendations, default all modern OSes to use this validation algorithm
                add PegCounts to track all outcomes when validating RST packets
                clean up code that was redundantly setting flags/state

Pull request #4939: appid: ignore arcserve so dcerpc protocol is used when syncing to flow service

Merge in SNORT/snort3 from ~AAVILASE/snort3:arcserve_dcerpc_intrusion_fix to master

Squashed commit of the following:

commit f183fca9b4fff875c7ab8b75096340408b5db2a1
Author: Andres Avila <aavilase@cisco.com>
Date: Mon Oct 13 20:37:56 2025 -0400

appid: ignore arcserve so dcerpc protocol is used when syncing to flow service

Pull request #4936: appid: more restrictive checks for DNS client detection

Merge in SNORT/snort3 from ~OSTEPANO/snort3:dns_udp_detector to master

Squashed commit of the following:

commit 12ff8b2092daa3f17b78dfd42bdb16ec7f208589
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Oct 8 09:50:19 2025 -0400

appid: more restrictive checks for DNS client detection

Pull request #4915: http_inspect: partial inpection on start line

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:part_rl to master

Squashed commit of the following:

commit 0499b6ce50885ba6544ddf8202cf52a25b57a9ee
Author: Adrian Mamolea <admamole@cisco.com>
Date: Mon Sep 15 12:45:22 2025 -0400

http_inspect: partial inpection on start line

Pull request #4930: js_norm: prevent memory leak when temp buffer was processing

Merge in SNORT/snort3 from ~YCHALOV/snort3:js_norm_mem_leak to master

Squashed commit of the following:

commit c5b89ffcfbc304527f38d1e5ef2eb5d02e3bbcd5
Author: Yurii Chalov <ychalov@cisco.com>
Date: Fri Oct 3 14:39:02 2025 +0200

js_norm: prevent memory leak when temp buffer was processing

Pull request #4888: appid: fix high inspected packets count

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_high_inspected_packets_count to master

Squashed commit of the following:

commit bab6b11b314c1cf6545add72eef8bd51e97c399f
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Tue Sep 9 12:09:23 2025 -0400

appid: fix high inspected packets count

Pull request #4896: Doh initial

Merge in SNORT/snort3 from ~SHIKV/snort3:doh_initial to master

Squashed commit of the following:

commit bf26dd87ba5532b379784ff8f4c8b7dee26b8001
Author: shibin k v <shikv@cisco.com>
Date:   Thu Sep 18 11:44:41 2025 -0500

    stream_tcp: copy all layers from original packet during pseudo packet creation

commit b16a92f10481ad99d4196e80c8bed0fb67262e96
Author: shibin k v <shikv@cisco.com>
Date:   Wed Sep 3 07:56:16 2025 -0500

    appid, http_inspect, dns: add support for DNS over HTTPS and DNS over QUIC

Pull request #4934: build: generate and tag 3.9.6.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.6.0 to master

Squashed commit of the following:

commit 1b21169577bb692a0c0ea99f1e58fbf5c6d679ca
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Mon Oct 6 12:46:18 2025 -0400

build: generate and tag 3.9.6.0

Pull request #4921: decompress: added check for mini_fat_persector to not to be zero

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_decompress_dividebyzero to master

Squashed commit of the following:

commit a0d4a7be7d1f6b3bc64c11356c21a182d542ab37
Author: ashutosh <ashugup3@cisco.com>
Date: Fri Oct 3 14:50:53 2025 +0530

decompress: added check for mini_fat_persector to not to be zero

Pull request #4908: quic advanced logging

Merge in SNORT/snort3 from ~BMORRIS2/snort3:quic_events to master

Squashed commit of the following:

commit 92a10ddfbb99ddeff8e13c96c8ffab6bf9c995ea
Author: Brian Morris <bmorris2@cisco.com>
Date: Tue Sep 30 11:12:06 2025 -0500

pub_sub: add quic logging events

Pull request #4926: main: add message when unable to set affinity

Merge in SNORT/snort3 from ~MMATIRKO/snort3:proc_error_msg to master

Squashed commit of the following:

commit 21b3ff6037338932101226b997dd65220ace78cf
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Sep 30 10:33:59 2025 -0400

main: add message when unable to set affinity

Pull request #4924: appid: retain shadow traffic status after reload detectors

Merge in SNORT/snort3 from ~AAVILASE/snort3:retain_st_state_after_reload to master

Squashed commit of the following:

commit 084ec7699094f59a8d32653e8f9d2fff286b3d0c
Author: Andres Avila <aavilase@cisco.com>
Date: Mon Sep 29 20:49:02 2025 -0400

appid: retain the shadow traffic status after detector reload

Pull request #4920: flow: continue retrying when the retry processing is still pending.

Merge in SNORT/snort3 from ~STECHEW/snort3:retry_still_pending to master

Squashed commit of the following:

commit 135d27bbdfe077633ee897663cc3f7fac507a7ba
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 25 15:40:26 2025 -0400

flow: continue retrying when the retry processing is still pending.

Pull request #4919: appid: nntp validate data loop fix

Merge in SNORT/snort3 from ~DKOLOMII/snort3:nntp_loop_fix to master

Squashed commit of the following:

commit ceb7f626ad0b09cb6bc264261868d716a50dcd46
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Tue Sep 30 09:37:27 2025 -0400

appid: fixing loop inside nntp validate data

Pull request #4914: Unified batched logger

Merge in SNORT/snort3 from ~JALIIMRA/snort3:unified_batched_logger to master

Squashed commit of the following:

commit de7b21ebe1c04d596eb93501a8e28dd429892c85
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Sun Aug 31 08:02:00 2025 -0400

log: use batched logger for all kinds of log messages in prod when log_buffer config enabled

Pull request #4916: stream: do not clear a session on a rebuilt packet

Merge in SNORT/snort3 from ~JALIIMRA/snort3:rebuilt_packet_check to master

Squashed commit of the following:

commit 419853bf07117f2560b50a3f18ff9e9d41f461a1
Author: Juweria Ali Imran <jaliimra@shaslad-ws.cisco.com>
Date: Thu Sep 18 22:56:40 2025 -0400

stream: do not clear a session on a rebuilt packet

Pull request #4918: appid: standardize variable types in user data map unit test

Merge in SNORT/snort3 from ~OSTEPANO/snort3:user_data_map_type_fix to master

Squashed commit of the following:

commit c43642c5064a7dd9d19218666822c55d31b18160
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Sep 24 07:06:45 2025 -0400

appid: standardize variable types in user data map unit test

Pull request #4912: memory: sum global MemoryModule stats during sum_stats to avoid data race and fix perf_mon issues

Merge in SNORT/snort3 from ~MMATIRKO/snort3:mem_stats3 to master

Squashed commit of the following:

commit 7e73ec3e4a1d1b4e87839d748e86d014b4cccc3d
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Sep 16 10:33:59 2025 -0400

    memory: combine main and first pkt thread memory stats; resolve race condition

commit b846e6c2d758b2905e848c8004539e8b2a9af2a0
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Sep 16 09:54:46 2025 -0400

    Revert "Pull request #4194: memory: prevent data race between main and packet threads"

    This reverts commit 37bcc63e957bff0ef7103363126a4df8e3259626.

Pull request #4903: dce-rpc: proper proto-bits not set in DCE2_GetRpkt which causes assertion fail in u2 logger

Merge in SNORT/snort3 from ~OFEDORYC/snort3:dce-rpc-proper-proto-bits to master

Squashed commit of the following:

commit 42a55ac05273a04b923e9fc43e3de949cd5573ea
Author: ofedoryc <ofedoryc@cisco.com>
Date: Thu Sep 11 05:27:30 2025 -0400

dce-rpc: proper proto-bits not set in DCE2_GetRpkt which causes assertion fail in u2 logger

Pull request #4898: actions: fix integer underflow in ips_actions pegcount aggregation

Merge in SNORT/snort3 from ~VTRON/snort3:fix_action_counters_underflow to master

Squashed commit of the following:

commit 4f2076d35fb802e4abb2dc45e6f7fb2a9fbd1f70
Author: Vitalii Tron <vtron@cisco.com>
Date: Tue Sep 9 12:37:02 2025 -0400

actions: fix integer underflow in ips_actions pegcount aggregation

Pull request #4870: dce_rpc: fix to avoid integer overflow of stub_data size.

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq75359 to master

Squashed commit of the following:

commit 9f35b30fb11712b2c518da751b66ebebb611a846
Author: ashutosh <ashugup3@cisco.com>
Date: Sat Sep 13 12:55:25 2025 +0530

dce_rpc: reassembling out of bounds packets

Pull request #4904: appid: fixed crash in stats manager

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_uaf_reload to master

Squashed commit of the following:

commit 25e2f0fa875bb0b472cf43db411e6c695f7ea2ac
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Thu Sep 11 08:31:20 2025 -0400

appid: fixed crash in stats manager

Pull request #4895: appid: add setUserDetectorDataItem lua detector API

Merge in SNORT/snort3 from ~OSTEPANO/snort3:user_data_lua to master

Squashed commit of the following:

commit 37c1d2245679348f43b571307d9bb50a4ae96e91
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Sep 4 10:34:36 2025 -0400

appid: add setUserDetectorDataItem lua detector API

Pull request #4900: codecs: fix encode for pppoe and ppp

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:pppoe to master

Squashed commit of the following:

commit 4ef9bddc76477afe8f05e6367991852ba6b4ba48
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Sep 10 11:08:15 2025 -0400

codecs: fix encode for pppoe and ppp

Pull request #4880: decompress: Fixed VBA decompression unhandled mem alloc exception

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq23369 to master

Squashed commit of the following:

commit 8030f6c95bc15dad06a4b52d71f7a2b37f9d9603
Author: ashutosh <ashugup3@cisco.com>
Date: Tue Aug 26 12:28:53 2025 +0530

decompress: Fixed VBA decompression unhandled mem alloc exception

Pull request #4906: Fix trace n-tuple for rebuilt packet.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:trace_ntuple_pdu to master

Squashed commit of the following:

commit a9d670044b9f086ab2793e13ea1d19ddc48caae4
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Sep 15 11:23:46 2025 +0300

    trace: print n-tuple for other packet types with IP layer set

    IP layer (and addresses) can be set not only for pure TCP and UDP.

Pull request #4869: dce_rpc: Fix for Use-After-Free: Clearing rule options before freeing the buffer

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq75339 to master

Squashed commit of the following:

commit f6431e912bd6c32c207ea85be11989564d2804ea
Author: ashutosh <ashugup3@cisco.com>
Date: Mon Sep 8 00:58:32 2025 +0530

dce_rpc: Clear rule options before freeing the buffer

Pull request #4910: http_inspect,pub_sub: Provide an API in HttpEvent to find whether the HTTP response is using a supported encoding type.

Merge in SNORT/snort3 from ~STECHEW/snort3:has_unsupported_encoding to master

Squashed commit of the following:

commit 47f2a9f7e3c594da9d12da174042652342f0b0ec
Author: Steve Chew <stechew@cisco.com>
Date: Mon Sep 15 17:24:39 2025 -0400

http_inspect,pub_sub: Provide an API in HttpEvent to find whether the HTTP response is using a supported encoding type.

Pull request #4853: appid: fix http content processing

Merge in SNORT/snort3 from ~DKOLOMII/snort3:http_content_reinspect_fix to master

Squashed commit of the following:

commit 6f3ab2c866f6a2ea69454d23a59e54fe6b56c15a
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Fri Aug 8 09:11:23 2025 -0400

appid: fix http content processing

Pull request #4905: control: Fix potential buffer overrun by properly checking return of vsnprintf.

Merge in SNORT/snort3 from ~STECHEW/snort3:control_conn_respond_bug_fix to master

Squashed commit of the following:

commit 8c04e793d1502869dac4066323a68ec82ae54bae
Author: Steve Chew <stechew@cisco.com>
Date: Sun Sep 14 19:05:18 2025 -0400

control: Fix potential buffer overrun by properly checking return of vsnprintf.

Pull request #4885: stream_tcp: do not generate established event on RST if 3whs is not complete

Merge in SNORT/snort3 from ~JALIIMRA/snort3:conn_event_est to master

Squashed commit of the following:

commit 60c8aacab33e8ce080bfb2b509a928f0a7ab4dc3
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Wed Aug 27 09:05:32 2025 -0400

stream_tcp: do not generate established event on RST if 3whs is not complete

Pull request #4892: file_api: file cache sharing to use ref count for file inspector

Merge in SNORT/snort3 from ~SHINAGPA/snort3:mp_file_fix to master

Squashed commit of the following:

commit 0b966c02fef4f384c8fb5537cb81a15ea12f969e
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Wed Sep 3 18:48:32 2025 +0530

file_api: file cache sharing to use ref count for file inspector

Pull request #4872: s7comm: added stream splitter abort checks

Merge in SNORT/snort3 from ~OSTEPANO/snort3:s7_splitter to master

Squashed commit of the following:

commit 9b5693da71faf7dc68d1ef55f219ede6f4c54128
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Aug 14 05:14:39 2025 -0400

s7comm: added stream splitter abort checks

Pull request #4889: snort: resolve coverity warnings in host_tracker and module_manager

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:fix_coverity_issues to master

Squashed commit of the following:

commit 006b980c53eebe5453e173373461340f47743686
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Mon Sep 1 15:14:57 2025 -0400

    module_manager: use std::move to improve performance when assigning string variables
                    add comment to suppress coverity false positive on string assignment

    host_tracker: iterate over network protocol vectors with reverse iterators instead of while loop

    host_tracker: acquire lock on host tracker cache before read access of member variables

Pull request #4890: decoder: improved decoding fails error message on tracer

Merge in SNORT/snort3 from ~OFEDORYC/snort3:gtp-improved-logs to master

Squashed commit of the following:

commit d5b51d1f8e9d088b99a5f72c9a90606c67bd081e
Author: ofedoryc <ofedoryc@cisco.com>
Date: Wed Sep 3 06:22:20 2025 -0400

decoder: improved decoding fails error message on tracer

Pull request #4882: file_api: Block Archive file during FTPS transfer

Merge in SNORT/snort3 from ~SHINAGPA/snort3:file_ftps_fix to master

Squashed commit of the following:

commit 2665b8645cc3a2ddbaedff10cb0b00a8f5e3e49d
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Tue Aug 26 15:07:35 2025 +0530

file_api: set file size when file size is middle and data flushed

Pull request #4894: build: generate and tag 3.9.5.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.5.0 to master

Squashed commit of the following:

commit 53c1e55430e2903cd0b7ff0f43b66209d183ddb7
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Sep 3 21:40:01 2025 -0400

build: generate and tag 3.9.5.0

Pull request #4855: http_inspect: partial inspection for headers

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:part_header2 to master

Squashed commit of the following:

commit f75941d810813f2aba755e0b6acfd11d377f3387
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Jun 20 14:58:10 2025 -0400

http_inspect: partial inspection for headers

Pull request #4878: protocols: add sanity checks for tcp and ipv4 options to prevent out-of-buffer access

Merge in SNORT/snort3 from ~NLYSYCHK/snort3:tcp_options to master

Squashed commit of the following:

commit 3cd74355cb44339cc3e8ffe318ed3c90534f24f6
Author: Nataliia Lysychkina <nlysychk@cisco.com>
Date: Thu Aug 21 17:26:23 2025 +0530

protocols: add sanity checks for tcp and ipv4 options to prevent out-of-buffer access

Pull request #4852: file_api: clear file meta group before setting it during deploy config

Merge in SNORT/snort3 from ~SHINAGPA/snort3:file_reload_fix to master

Squashed commit of the following:

commit 3487f9375dbe15d9d9b596806f69cbecd567be90
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Fri Aug 8 13:26:08 2025 +0530

file_api: clear file meta group before setting it during deploy config

Pull request #4874: ssl: fix unit test for OpenSSL v3+

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ssl_utest to master

Squashed commit of the following:

commit 5b2f280d0734172061d2049c5652a724ce230db9
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Tue Aug 19 10:31:42 2025 -0400

ssl: fix unit test for OpenSSL v3+

Pull request #4840: appid: move tls metadata handling into single place

Merge in SNORT/snort3 from ~OSTEPANO/snort3:tls_imprv to master

Squashed commit of the following:

commit 68b50c2c38dc6f372ef7a046f1584b289faeb3d7
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Sun Jun 22 08:51:42 2025 -0400

appid: move tls metadata handling into single place

Pull request #4875: http_inspect: publish OPPORTUNISTIC_TLS

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:o_tls to master

Squashed commit of the following:

commit 93e0c8d216c85fdbcdf1a33bc71c7ca5e785f99c
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Aug 19 15:46:22 2025 -0400

http_inspect: publish OPPORTUNISTIC_TLS

Pull request #4873: flow: clear flow ref in pkt on stale flow cleanup

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:stale_flow to master

Squashed commit of the following:

commit 7b40b1ea05c04f00f4abdae0b8a83bb42daaf801
Author: rshafiq <rshafiq@cisco.com>
Date: Tue Aug 19 11:17:00 2025 -0400

flow: clear flow ref in pkt on stale flow cleanup

Pull request #4867: appid: first packet API fixes for using asd instead of odp

Merge in SNORT/snort3 from ~UMASHARM/snort3:firstpktapi_microsoftintune to master

Squashed commit of the following:

commit 5fab9921282122a75757f7deca5a70235e8790c9
Author: Umang Sharma <umasharm@cisco.com>
Date: Fri Aug 15 11:06:40 2025 -0400

appid: first packet API fixes for using asd instead of odp

Pull request #4862: mp_dbus: make MPDataBusModule stats thread safe

Merge in SNORT/snort3 from ~OSTEPANO/snort3:mp_pubsub_global_stats to master

Squashed commit of the following:

commit 79442cdcc3c66b180d404771122f541d2e613542
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Aug 14 08:15:46 2025 -0400

mp_dbus: make MPDataBusModule stats thread safe

Pull request #4871: decompress: add unit test for vba decompression infinite loops fix

Merge in SNORT/snort3 from ~SRAMDENI/snort3:vba_decompress_infinite_loops_fix_ut to master

Squashed commit of the following:

commit 3eba7810fe5b61c4f34caee8755a451fb2aaf5dc
Author: sramdeni <sramdeni@cisco.com>
Date: Tue Aug 19 15:32:07 2025 +0530

decompress: add unit test for vba decompression infinite loops fix

Pull request #4866: decompress : unit test for snort 3 vba decompression divide-by-zero crasher fix

Merge in SNORT/snort3 from ~SRAMDENI/snort3:divide_by_zero_crasher_fix_ut to master

Squashed commit of the following:

commit 88af776caee8260b7d2287186b3bfc7a20536119
Author: sramdeni <sramdeni@cisco.com>
Date: Wed Aug 13 23:26:56 2025 +0530

decompress : added unit test for vba decompress divide-by-zero fix

Pull request #4865: decompress: add unit test for Snort3 VBA decompression integer overflow and OOB read fix

Merge in SNORT/snort3 from ~SRAMDENI/snort3:vba_decompress_integer_overflow_ut to master

Squashed commit of the following:

commit 5869286876a78fefd25c45a5a229fdb7a6633997
Author: sramdeni <sramdeni@cisco.com>
Date: Fri Aug 15 18:09:07 2025 +0530

decompress: add unit test for Snort3 VBA decompression integer overflow and OOB read fix

Pull request #4730: watchdog: replace watchdog command with atomic kcking from packet threads

Merge in SNORT/snort3 from ~SBAIGAL/snort3:watchdog_fix to master

Squashed commit of the following:

commit 2d7d9b64fdd00ab2f5961c8e5168453eaa3e5e82
Author: Steven Baigal <sbaigal@cisco.com>
Date: Thu May 1 10:25:56 2025 -0400

watchdog: replace watchdog command with atomic kcking from packet threads

Pull request #4861: codecs: override default encode for ciscometadata codec

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:ciscometadata to master

Squashed commit of the following:

commit a695befd8ce2c65c0540107f7bb30f23abd85a92
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Aug 13 15:47:17 2025 -0400

codecs: override default encode for ciscometadata codec

Pull request #4857: helpers: add syscall to flush new data written by SigSafePrinter to disk

Merge in SNORT/snort3 from ~VSHPYRKA/snort3:unwind_bt_flush_enhance to master

Squashed commit of the following:

commit adef60447da7ee3f4d5b0a5becd14fb030907bf5
Author: Volodymyr Shpyrka <vshpyrka@cisco.com>
Date: Tue Aug 12 08:37:01 2025 -0400

helpers: add syscall to flush new data written by SigSafePrinter to disk

Pull request #4864: control: fix heap-use-after-free in is_local

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_asan_ctrlcon to master

Squashed commit of the following:

commit 1dd64671ac9c82c79988c4e9798b360a33b1e1de
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Mon Aug 11 10:18:40 2025 -0400

control: fix heap-use-after-free in is_local

Pull request #4863: appid: fix multiple mdns issues

Merge in SNORT/snort3 from ~BHRYNIV/snort3:multiple_mdns_fixes to master

Squashed commit of the following:

commit 3852ed0f166c5f4d69fa73912f3a6a46f91a2c96
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Jul 23 10:57:12 2025 -0400

appid: fix multiple mdns issues

Pull request #4808: imap: abort fallback functionality

Merge in SNORT/snort3 from ~UMASHARM/snort3:imap_abort to master

Squashed commit of the following:

commit 4dac91772f004283b3ea40ab1428def2483adf7a
Author: Umang Sharma <umasharm@cisco.com>
Date: Tue Jun 10 15:10:21 2025 -0400

imap: abort fallback functionality

Pull request #4858: build: generate and tag 3.9.4.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.4.0 to master

Squashed commit of the following:

commit 86cfcf8f85aca3474cacfb694be75ad4e6fe5fae
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue Aug 12 11:01:09 2025 -0400

build: generate and tag 3.9.4.0

Pull request #4856: build: generate and tag 3.9.3.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.3.0 to master

Squashed commit of the following:

commit 47b2f71fdae20b6e6db08434adf26f9909b3cc0b
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Sun Aug 10 20:24:47 2025 -0400

build: generate and tag 3.9.3.0

Pull request #4741: stream_tcp: fix issues with skipping seglist holes in ids mode

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:ids_skip_seglist_holes_fix to master

Squashed commit of the following:

commit 3590f4bed9550af66f9260739fd66bf218146c3f
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Sun May 11 17:59:09 2025 -0400

    stream_tcp: fix issues with skipping seglist holes in ids mode

    stream_tcp: add splitter restart function, restart when hole skipped by AtomSplitter

    stream_tcp: when reassembly is disable/ignored update rcv_nxt to left edge of first hole or to end of seglist
                if no holes on each received data segment

commit 8c00c0a46628f4d5240478029530cb5227152f26
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Fri Jun 13 08:11:19 2025 -0400

    snort3: add build directory and vscode workspace config file to git ignore list

Pull request #4848: appid: out-of-range readings fix

Merge in SNORT/snort3 from ~OSTEPANO/snort3:misc_out_of_range to master

Squashed commit of the following:

commit 3a72fb5d4060e7c0d5aa4b2a7f326cf70d7ea567
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Jul 30 08:26:34 2025 -0400

appid: out-of-range readings fix

Pull request #4727: smtp/pop/imap file_cache retry/retransmit fix.

Merge in SNORT/snort3 from ~VIIZHYK/snort3:smtp_pop_imap_id_fix to master

Squashed commit of the following:

commit c52a1e457a7780106d391a56416e355a132ac000
Author: viizhyk <viizhyk@cisco.com>
Date: Tue Aug 5 10:15:56 2025 -0400

service_inspectors: Added random base file id generation for imap/pop/smtp.

Pull request #4849: packet_tracer: file output will not be using batched logger

Merge in SNORT/snort3 from ~SBAIGAL/snort3:batchlog_file to master

Squashed commit of the following:

commit 2f1655e862c30edf80985997f22805027952e2bc
Author: Steven Baigal <sbaigal@cisco.com>
Date: Mon Aug 4 19:08:24 2025 -0400

packet_tracer: file output will not be using batched logger

Pull request #4843: build: enable exporting compile commands

Merge in SNORT/snort3 from ~MSTEPANE/snort3:export_compile_commands to master

Squashed commit of the following:

commit 247085b9aad6834ab92cdc504ab64edd764deb3f
Author: mstepane <mstepane@cisco.com>
Date: Thu Jul 31 09:00:48 2025 -0400

build: enable exporting compile commands

Pull request #4845: detection: fix compile warnings in detection_options.cc

Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_detection_options_warns to master

Squashed commit of the following:

commit 74dd5e90015dc7f2528f97b1e90f6a9235de2d61
Author: anorokh <anorokh@cisco.com>
Date: Thu Jul 31 19:29:04 2025 +0300

detection: fix compile warnings in detection_options.cc

Pull request #4832: appid: fix ASAN issue in AppIdHttpSession::set_req_body_field

Merge in SNORT/snort3 from ~DZIKRATY/snort3:fix_asan_issue to master

Squashed commit of the following:

commit 6769d89cff774a17cb6b28ccedefaa928b874228
Author: Denys Zikratyi -X (dzikraty - SOFTSERVE INC at Cisco) <dzikraty@cisco.com>
Date: Thu Jul 24 04:39:28 2025 -0400

appid: fix ASAN issue in AppIdHttpSession::set_req_body_field

Pull request #4842: appid: accounting for tmp offset in RPC

Merge in SNORT/snort3 from ~DKOLOMII/snort3:rpc_out_of_bounds to master

Squashed commit of the following:

commit 6b1ebc797bafa30f4b5447b8b5bdc2a132ae6bf5
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Thu Jul 31 10:22:07 2025 -0400

appid: accounting for tmp offset in RPC

Pull request #4816: main: notify DAQ via ioctl message when a packet is injected

Merge in SNORT/snort3 from ~NIRMVENK/snort3:ioctl to master

Squashed commit of the following:

commit 8e71d15e6b3c45f7aa429c4ca17ba023a84ace48
Author: Nirmala Subbaiah <nirmvenk@cisco.com>
Date: Tue Jul 15 14:05:04 2025 -0400

main: notify DAQ via ioctl message when a packet is injected

Pull request #4835: file_api: multi-process snort file cache crash fix

Merge in SNORT/snort3 from ~SHINAGPA/snort3:mp_file_fix to master

Squashed commit of the following:

commit b72873ff0d9785dad40e2fd293aab1c697b10c06
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Mon Jul 28 16:17:08 2025 +0530

file_api: multi-process snort file cache crash fix

Pull request #4837: helpers: ring uses atomic

Merge in SNORT/snort3 from ~UMASHARM/snort3:ring_atomic to master

Squashed commit of the following:

commit 8fb651860ecc4da16bb2aaed5728cc64bbd91573
Author: Umang Sharma <umasharm@cisco.com>
Date: Fri Jul 25 02:56:46 2025 -0400

helpers: RingLogic framework updated to use atomic than volatile

Pull request #4831: appid: Getting Packet from event than from DetectionEngine

Merge in SNORT/snort3 from ~UMASHARM/snort3:CSCwq03149_Fix to master

Squashed commit of the following:

commit b9a0565c730a042cd33dc42c3fc0b2c92a8c41a0
Author: Umang Sharma <umasharm@cisco.com>
Date: Wed Jul 23 11:44:21 2025 -0400

appid: getting packet from event than from detectionengine

Pull request #4827: Refactoring of detection engine core functionality

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:de_core_refactoring to master

Squashed commit of the following:

commit a48bafe1be6519781d05d7bee502fdcb1549b8b8
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Tue Jul 22 12:51:27 2025 +0300

    detection: update the authors

commit e76f8104df4aae15979cdc502ae32e9b12773c67
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Fri Apr 4 14:54:05 2025 +0300

    detection: extract children-related evaluation logic into separated functions

commit 2375d55ec15a2ff0a7457b945bdbd437e29a9184
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Aug 29 11:27:49 2024 +0300

    detection: extract current node evaluation logic into separated function

Pull request #4824: appid: rpc integer overflow fix

Merge in SNORT/snort3 from ~DKOLOMII/snort3:rpc_overflow to master

Squashed commit of the following:

commit 7ada722c1d6c4833b80f6dce2bf973ce7f687396
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Wed Jul 30 09:56:45 2025 -0400

appid: rpc integer overflow fix

Pull request #4839: olefile: fixed issue check

Merge in SNORT/snort3 from ~SRAMDENI/snort3:issue_check_fix to master

Squashed commit of the following:

commit b9d62df48cca889b95e15ef3de16e234ee4c0a14
Author: sramdeni <sramdeni@cisco.com>
Date: Tue Jul 29 16:48:21 2025 +0530

olefile : fixed cpp_check errors, issue_check warning and addressed comments

Pull request #4798: appid: combined host pattern matchers

Merge in SNORT/snort3 from ~OSTEPANO/snort3:http_ssl_patterns to master

Squashed commit of the following:

commit 64b25c73eff1ebb4f36cd31091ce63ac0343da0a
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Jul 3 06:33:38 2025 -0400

appid: combined host pattern matchers

Pull request #4807: "Fixed Snort 3 VBA decompression divide-by-zero crasher"

Merge in SNORT/snort3 from ~SRAMDENI/snort3:master to master

Squashed commit of the following:

commit 404452dc857887b4a86c98156f18817ef5d6c5a8
Author: sramdeni <sramdeni@cisco.com>
Date: Mon Jul 14 15:37:42 2025 +0530

fileole_vba : Fixed snort 3 vba decompression divide-by-zero crasher

Pull request #4814: fixed the issue of Snort 3 VBA decompression infinite loops

Merge in SNORT/snort3 from ~SRAMDENI/snort3:bugfix/CSCwq23372_master to master

Squashed commit of the following:

commit 6dd2508053a4e1a6471d49d993f300788879fc0b
Author: sramdeni <sramdeni@cisco.com>
Date: Tue Jul 15 16:10:14 2025 +0530

olefile_vba : fixed the issue of Snort 3 VBA decompression infinite loops

Pull request #4819: Fixed issue Snort 3 VBA decompression read OOBs due to integer overflows

Merge in SNORT/snort3 from ~SRAMDENI/snort3:CSCwq23380_master to master

Squashed commit of the following:

commit 881e7e702d1e1893b120eaad91449d3aa2b1e038
Author: sramdeni <sramdeni@cisco.com>
Date: Wed Jul 16 18:16:50 2025 +0530

olefile_vba : Fixed issue Snort 3 VBA decompression read OOBs due to integer overflows

Pull request #4680: logger: add batched logger to improve performance

Merge in SNORT/snort3 from ~SBAIGAL/snort3:newlog to master

Squashed commit of the following:

commit 3234f22b1c8c442884e594566d8973b2df532733
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Wed Jul 23 14:26:25 2025 -0400

    logger: add cpu affinity for log writer thread

commit 109903ad2a7b428e4f99a8b035dad085d8c9e785
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Wed Mar 26 14:56:13 2025 -0400

    logger: add batched logger to improve packet_tracer output performace

Pull request #4823: Appid: Rpc exception handling

Merge in SNORT/snort3 from ~DKOLOMII/snort3:rpc_exception_handling to master

Squashed commit of the following:

commit ffafe7bfa059888acb7b4d794ab7496dccdf9490
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Wed Jul 23 06:45:44 2025 -0400

appid: prevent out_of_range and invalid_argument in rpc

Pull request #4815: http_inspect: add peg count for when published body has hit the requested max size

Merge in SNORT/snort3 from ~MSTEPANE/snort3:peg_client_body_depth to master

Squashed commit of the following:

commit 1ae5a159d08006a673e388e84b00c9773d0373df
Author: mstepane <mstepane@cisco.com>
Date: Mon Jul 14 10:39:16 2025 -0400

http_inspect: add peg count for when published body has hit the requested max size

Pull request #4829: appid: fix out-of-bounds caused by strncat in identify_user_agent

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_user_agent_out_of_bound to master

Squashed commit of the following:

commit d47746bb6f35558637d3bac4f3de466c259f511f
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Thu Jul 17 14:04:53 2025 -0400

appid: fix out-of-bounds caused by strncat in identify_user_agent

Pull request #4812: dce_rpc: Checked for integer overflow of smb_hdr + next_command_offset

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_CSCwq01518 to master

Squashed commit of the following:

commit cd37485cf03f03520636b8d6ba5b0f1e0f0022e1
Author: ashutosh <ashugup3@cisco.com>
Date: Tue Jul 15 12:48:49 2025 +0530

dce_rpc: Checked for integer overflow of smb_hdr + next_command_offset