git.ipfire.org Git - thirdparty/snort3.git/log

Pull request #3687: appid: appid_detector_builder.sh addPortPatternService call fixed

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_detector_builder_fix to master

Squashed commit of the following:

commit 176b01a35d7947d4d33819333078a275697a9e21
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Dec 1 07:57:37 2022 -0500

appid: appid_detector_builder.sh addPortPatternService call fixed

Pull request #3677: appid: Do not reset session data when built-in discovery is not done

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_ftp_detection_over_navl to master

Squashed commit of the following:

commit 63cc4b95e86420c3cdec20719286bd10f069fe01
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Nov 30 06:28:54 2022 -0500

appid: Do not reset session data when built-in discovery is not done

Pull request #3693: js_norm: update PDF tokenizer to use glue input streambuf

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_pdf_fixup to master

Squashed commit of the following:

commit a1ea7641078ab9622838882605cfd2ffbf012e84
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Dec 5 15:08:20 2022 +0100

    js_norm: fix pdf_tokenizer_test on FreeBSD platform

commit af4be627c44f45dcae8fc24fe085ff4c03d972bf
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Dec 5 15:05:54 2022 +0100

    js_norm: update PDF tokenizer to use glue input streambuf

        * js_norm: update PDF tokenizer EOF rule to cover all starting conditions
        * http_inspect: update PDF JSNorm to use istreambuf_glue

Pull request #3685: geneve: If daq has the capability, do not bypass geneve tunnel

Merge in SNORT/snort3 from ~RAMANKS/snort3:geneve to master

Squashed commit of the following:

commit 169354f17567c641331058dfde01b03934790486
Author: Raman Krishnan <ramanks@cisco.com>
Date: Tue Nov 29 16:07:44 2022 -0800

geneve: If daq has the capability, do not bypass geneve tunnel

Pull request #3684: wizard: remove client_first option

Merge in SNORT/snort3 from ~ANOROKH/snort3:wiz_opt_rm to master

Squashed commit of the following:

commit 5e9be384bc45d5bc6f3147d2450d6cf2b27bde54
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date:   Mon Nov 28 17:20:59 2022 +0200

    wizard: remove client_first option

    * removed client_first from documentation

Pull request #3688: build: generate and tag 3.1.48.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.48.0 to master

Squashed commit of the following:

commit 05c2278739aabab6a68040bfd928a86f2b60ce74
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Dec 1 11:59:03 2022 -0500

build: generate and tag 3.1.48.0

Pull request #3658: Established event

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:established_event to master

Squashed commit of the following:

commit 38c51afab570fba0dff01bfe8f334b04632b74a1
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Oct 13 10:52:10 2022 -0400

flow, stream: added code to track and event for one-sided TCP sessions and generate an event for established or one-sided flows

Pull request #3668: process: Watchdog to abort snort when multiple packet thread becomes unresponsive

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:snortWatchdogEnhancement to master

Squashed commit of the following:

commit 242c3a800c4c72a72c81db304e03e1254ac53eaf
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Wed Nov 16 06:39:52 2022 -0500

process: Watchdog to abort snort when multiple packet thread becomes unresponsive

Pull request #3679: http_inspect: add decompression failure check before normalization

Merge in SNORT/snort3 from ~ASERBENI/snort3:jsn_decomp to master

Squashed commit of the following:

commit 0afc327eebcf120f34fc67e336fc2ffee73afaaf
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Nov 23 12:44:07 2022 +0200

http_inspect: add decompression failure check before normalization

Pull request #3678: appid: Fixed addition of duplicate entries in app_info_table

Merge in SNORT/snort3 from ~BSACHDEV/snort3:apptablefix to master

Squashed commit of the following:

commit 51e60c3e20024038a9c24366aca543730f21293b
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Nov 23 12:40:45 2022 -0500

appid: Fixed addition of duplicate entries in app_info_table

Pull request #3660: stream: add logic to ensure metaACKs cause flushing

Merge in SNORT/snort3 from ~JALIIMRA/snort3:meta_ack_flush to master

Squashed commit of the following:

commit e108a08265012b8341d1baf06bab2d6f6da3c8a0
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Nov 7 16:34:38 2022 -0500

stream: add logic to ensure metaACKs cause flushing

Pull request #3680: doc: update JavaScript normalization user manual for PDF

Merge in SNORT/snort3 from ~OSERHIIE/snort3:doc_js_pdf to master

Squashed commit of the following:

commit bdd3301378adad84600c19ef14af5b8d651cac97
Author: dkyrylov <dkyrylov@cisco.com>
Date: Thu Nov 24 16:00:52 2022 +0200

doc: update user/js_norm.txt for PDF

Pull request #3681: js_norm: implement Enhanced JS Normalization for PDF

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_pdf to master

Squashed commit of the following:

commit 343d3c517880d059532dfc803feae254ef491cd7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Nov 8 17:53:51 2022 +0200

    js_norm: implement Enhanced JS Normalization for PDF

        * js_norm: implement JS extractor from PDF
        * js_norm: add unit tests for JS extractor from PDF
        * js_norm: update dev_notes
        * http_inspect: implement JS from PDF normalizer
        * http_inspect: update dev_notes

Pull request #3682: smb: handling smb duplicate sessions

Merge in SNORT/snort3 from ~BJANDHYA/snort3:pcap_test to master

Squashed commit of the following:

commit 6009316bdbe079c62494b1bcf8a8b9f72e3df393
Author: Bhargava Jandhyala <bjandhya@cisco.com>
Date: Thu Sep 1 02:24:57 2022 -0400

smb: handling smb duplicate sessions

Pull request #3672: appid: Make appid availability independent from TP state

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_availability_without_navl to master

Squashed commit of the following:

commit 4649cdf312728e5d7b60648b9f154da43a268adf
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Nov 17 08:09:36 2022 -0500

appid: Make appid availability independent from TP state

Pull request #3661: flow: add an event for retry packets

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:retry_event to master

Squashed commit of the following:

commit db8fdde4cdffb84cae3af426ed19c6b371eff14f
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Oct 25 17:09:44 2022 -0400

flow: add an event for retry packets

Pull request #3673: IPS options: mismatched option keeps cursor intact

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_negation_handling to master

Squashed commit of the following:

commit 5c65144c0dc2126e58aecd2148ac2c09d3645bbd
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Nov 17 18:52:18 2022 +0200

    ips_option: keep cursor intact for a negated hash mismatched

commit 02eb93f9bfea0bf4d657de2aa3b94a714f4cdc52
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Nov 17 17:12:37 2022 +0200

    ips_option: keep cursor intact for a negated content mismatched

Pull request #3674: js_norm: add CMake command for noreturn attribute in LexerError

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_module_fix to master

Squashed commit of the following:

commit c7331f2da7b88e955bdbf06cc635e6007524a89f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Thu Nov 17 12:51:20 2022 +0100

    js_norm: use FLEX macro to build parser

commit a5b99c366582d785951e9dfa130d65d7eefc7fc4
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Nov 21 15:03:27 2022 +0100

    cmake: add FLEX build macro

Pull request #3676: doc: update sensitive data documentation

Merge in SNORT/snort3 from ~ASERBENI/snort3:doc_sensitive_data to master

Squashed commit of the following:

commit 7315c77a527fc4d3e16b1590953ca67bfe8f934b
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Fri Nov 18 17:39:39 2022 +0200

    doc: update sensitive data documentation

    Added more examples for built-in patterns obfuscation, threshold being per packet.
    Updated statement about needing hyperscan.

Pull request #3669: snort: fix deferred trust trigger

Merge in SNORT/snort3 from XTLS/snort3:osiryi_retry_whitelist_fix to master

Squashed commit of the following:

commit 8c454ad2416715be673406a15927fce7ad8048d0
Author: Oleksandr Siryi <osiryi@cisco.com>
Date:   Wed Nov 16 12:56:51 2022 +0200

    flow: fix deferred trust clear when packet is dropped

    Should only clear due to ACT_BLOCK and not ACT_DROP, so check session_was_blocked instead of packet_was_dropped

Pull request #3654: http_inspect: remove port from xff header

Merge in SNORT/snort3 from ~ABHRAWAT/snort3:xff_port to master

Squashed commit of the following:

commit 303ea6d9c86555861cb1e7af7fe771b7b5168293
Author: abhrawat <abhrawat@cisco.com>
Date: Sun Nov 6 14:32:13 2022 +0000

http_inspect: remove port from xff header

Pull request #3663: appid: Added config for logging alpn service mappings

Merge in SNORT/snort3 from ~BSACHDEV/snort3:alpn_service to master

Squashed commit of the following:

commit 707eb376b25536ef398532d0466aa0c9ade171af
Author: bsachdev <bsachdev@cisco.com>
Date: Thu Nov 10 10:40:12 2022 -0500

appid: Added config for logging alpn service mappings

Pull request #3659: flow: added an event to allow post processing of new expected flows

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:expected_flows to master

Squashed commit of the following:

commit 0e0addce6885fcd71a01c1a81e632542ac4ac128
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Oct 13 10:50:22 2022 -0400

flow: added an event to allow post processing of new expected flows

Pull request #3670: build: generate and tag 3.1.47.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.47.0 to master

Squashed commit of the following:

commit fe159caeea79e73e48063207c5b0a8cf70594ee2
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Nov 16 21:49:48 2022 -0500

build: generate and tag 3.1.47.0

Pull request #3620: Move Enhanced JS Normalizer from NHI to a standalone component

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_module to master

Squashed commit of the following:

commit 2678dac41df3f2862e165ccce92ab70598dad0ff
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 10 13:20:11 2022 +0300

    http_inspect: move Enhanced JS Normalizer from NHI to a standalone component

        * http_inspect: remove Enhanced JavaScript Normalizer from NHI
        * utils: move JavaScript Normalizer to js_norm component, including unit tests
        * js_norm: implement standalone Enhanced JavaScript Normalizer
        * ips_options: implement js_data IPS option
        * lua: remove default_http_inspect, add default_js_norm

Pull request #3621: Doc updates: move Enhanced JS Normalizer from NHI to a standalone component

Merge in SNORT/snort3 from ~OSERHIIE/snort3:doc_js_module to master

Squashed commit of the following:

commit da8da5ac9b34f6917ade0e7d2036119c90fe10c3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Tue Aug 30 12:53:32 2022 +0200

    doc: add JavaScript Normalization section to user manual

commit 9b3f22bc70d9dc2e35cf2521dad22dd504b5cac0
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Tue Aug 30 11:26:31 2022 +0200

    doc: add js_norm alerts to builtin_stubs.txt

Pull request #3667: smtp: Do not accumulate cmds across policies and reloads.

Merge in SNORT/snort3 from ~STECHEW/snort3:slow_reload_fix to master

Squashed commit of the following:

commit 12055a3409f2373424b8e1c0cd418f654e27bc4d
Author: Steve Chew <stechew@cisco.com>
Date: Tue Nov 15 13:29:18 2022 -0500

smtp: Do not accumulate cmds across policies and reloads. Avoids memory and performance problem.

Pull request #3666: stream: add info about the splitter lifetime to dev_notes

Merge in SNORT/snort3 from ~VHORBATO/snort3:doc_stream_splitter to master

Squashed commit of the following:

commit 56b229c22e0dda99808e23939928a1ab88366226
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Nov 15 10:51:22 2022 +0200

stream: add info about the splitter lifetime to dev_notes

Pull request #3656: stream: avoid double deletion of StreamSplitter in tcp_session

Merge in SNORT/snort3 from ~VHORBATO/snort3:stream_bug to master

Squashed commit of the following:

commit 9d52b64858fff1873db2710897e0a8e5032956d1
Author: Vitalii <vhorbato@cisco.com>
Date:   Fri Nov 11 11:02:09 2022 +0200

    wizard: remove inspector's ref counter increments from MagicSplitter

commit c3ca8620aefd3a2800102d37241c88309f192924
Author: Vitalii <vhorbato@cisco.com>
Date:   Fri Nov 11 11:01:07 2022 +0200

    stream: remove splitter from session before inspectors

commit 44301b945ec9c77e11121e022b6cab941f7cbbd5
Author: Vitalii <vhorbato@cisco.com>
Date:   Fri Nov 4 11:59:06 2022 +0200

    stream: set splitter only on initialized tcp sessions or if midstream sessions are allowed

Pull request #3665: main: Update to improve performance by making packet tracer checks before calling function.

Merge in SNORT/snort3 from ~STECHEW/snort3:improve_packet_dump to master

Squashed commit of the following:

commit 02022fff536a86af52b7a28d7a66bc80899c8b4a
Author: Steve Chew <stechew@cisco.com>
Date: Mon Nov 14 10:23:06 2022 -0500

main: Update to improve performance by making packet tracer checks before calling function.

Pull request #3662: Master stream: ignore flushing from meta-ack if sent after FIN

Merge in SNORT/snort3 from ~JALIIMRA/snort3:master_ma_after_fin to master

Squashed commit of the following:

commit f6818718191ac312df3c8cdc6ab980374163c20d
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Thu Nov 10 10:20:42 2022 -0500

stream: ignore flushing from meta-ack if sent after FIN

Pull request #3657: netflow: implement deferred trust, cleanup

Merge in SNORT/snort3 from ~MMATIRKO/snort3:nf_trust to master

Squashed commit of the following:

commit 8d15aa644c9a00f98c627dfde8815c2d8c5677f1
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Oct 31 15:48:26 2022 -0400

netflow: implement deferred trust, cleanup

Pull request #3651: http_inspect: subdivide dev_notes

Merge in SNORT/snort3 from ~DMOISEIE/snort3:doc_dev_notes to master

Squashed commit of the following:

commit 04ccffe59f406025ad126ed2015e35be21c86c91
Author: Dmytro Moiseienko -X (dmoiseie - SOFTSERVE INC at Cisco) <dmoiseie@cisco.com>
Date: Tue Nov 1 16:24:25 2022 +0200

http_inspect: subdivide dev_notes into topics

Pull request #3646: main: Dump packet trace after publishing finalize event since verdict could be modified.

Merge in SNORT/snort3 from ~STECHEW/snort3:move_packet_trace_after_finalize to master

Squashed commit of the following:

commit 98bdf68786445cf2d0ba4993550196295a8957ff
Author: Steve Chew <stechew@cisco.com>
Date: Sun Oct 30 23:15:59 2022 -0400

main: Dump packet trace after publishing finalize event since verdict could be modified.

Pull request #3606: appid: service, client and payload detection by lua detectors and third-party when first packet re-inspection is enabled

Merge in SNORT/snort3 from ~UMASHARM/snort3:navl_fix to master

Squashed commit of the following:

commit 94a51e06a4c12f0732d200e9f26a97e485dfe60c
Author: Umang Sharma <umasharm@cisco.com>
Date: Wed Sep 28 08:34:11 2022 -0400

appid: service, client and payload detection by lua detectors and third-party when first packet re-inspection is enabled

Pull request #3653: appid: NTP detection improvements

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ntp_detection_fix to master

Squashed commit of the following:

commit 8830778cda84c976cbb27c5e146d6833eb6238ef
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Nov 4 05:43:33 2022 -0400

appid: NTP detection improvements

Pull request #3635: Allow ACT_TRUST to be used as a delayed action.

Merge in SNORT/snort3 from XTLS/snort3:osiryi_ddnd_no_tracker_main to master

Squashed commit of the following:

commit 5ddf1f2bb8d63d084752d34fc72d66ba1ec87e57
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:59:22 2022 -0400

    packet_io: The most strict delayed action takes precedence.

commit 9044167d9c016ee04b577adffdacad1689a47877
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:56:43 2022 -0400

    packet_io: Allow ACT_TRUST to be used as a delayed action.

Pull request #3652: appid: add a changed bit for discovery finished

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:appid_finished to master

Squashed commit of the following:

commit 9b441546e2dd71c296276dd2cdf7bd88945ab9a1
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 31 18:24:28 2022 -0400

appid: add a changed bit for discovery finished

Pull request #3655: build: generate and tag 3.1.46.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.46.0 to master

Squashed commit of the following:

commit a52e843f4354300a9ca301a6f37b1bf4efec0a4d
Author: Steve Chew <stechew@cisco.com>
Date: Sun Nov 6 23:50:43 2022 -0500

build: generate and tag 3.1.46.0

Pull request #3636: appid: check for empty patterns in lua detector api input

Merge in SNORT/snort3 from ~SATHIRKA/snort3:input_pattern_validation to master

Squashed commit of the following:

commit 5694e52be7a3860125f88019ff089b890f7c8d0b
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Oct 24 11:49:09 2022 -0400

appid: check for empty patterns in lua detector api input

Pull request #3650: http_inspect: add override to destructor

Merge in SNORT/snort3 from ~THOPETER/snort3:issue_fix to master

Squashed commit of the following:

commit 24ab14e54f8071b8b81036c46d310329da32e329
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Nov 1 11:12:48 2022 -0400

http_inspect: add override to destructor

Pull request #3638: main: add dependencies versions table to lua sandbox

Merge in SNORT/snort3 from ~ASERBENI/snort3:lua_ext_dep_table to master

Squashed commit of the following:

commit f888a1732033745fbb977d5c9be844afd9b527a6
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Mon Oct 24 12:49:16 2022 +0300

    main: add variables to lua environment

    Added SNORT_DEP_VERSIONS table with snort devendencies versions.
    Added SNORT_BUILD variable with snort build number.

Pull request #3631: detection: add config option for SSE

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_config_upd to master

Squashed commit of the following:

commit d23f48662ab0de026d4d84a482d4d9641ccee981
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Fri Oct 7 13:17:03 2022 +0300

detection: add config option for SSE

Pull request #3647: ports: enable checks in debug build only

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_po_po2 to master

Squashed commit of the following:

commit 14b1e9922e153058837ad4eab1d0a80bccc5dd97
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 1 11:19:27 2022 +0200

ports: enable checks in debug build only

Pull request #3640: doc: Adds more details about handling rejection

Merge in SNORT/snort3 from ~LCZARNIK/snort3:doc_unreachable to master

Squashed commit of the following:

commit 65438651b394c150803993b910e6578c8602569e
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date: Thu Oct 27 13:26:58 2022 -0400

doc: specified which packages are sent on rejection

Pull request #3628: helpers: fix duplicate scratch_handler entry created by HyperScratchAllocator

Merge in SNORT/snort3 from ~BRASTULT/snort3:hyper_scratch_fix to master

Squashed commit of the following:

commit 00a3129e7c345dff322a8d0de6fa47499bf4f23c
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Oct 21 15:30:36 2022 -0400

    http_inspect: move LiteralSearch::setup for http_param to its module

commit 942fa0ca625efe7b62338cd3a927628390e3dcc6
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Oct 21 15:28:26 2022 -0400

    helpers: fix duplicate scratch_handler

Pull request #3643: ports: align fields of PortObject and PortObject2

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_port_object to master

Squashed commit of the following:

commit 44b3c6115e248071e3258e148b82fc99ce25eefb
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Oct 28 15:57:05 2022 +0300

    ports: align fields of PortObject and PortObject2

    A static check added.

Pull request #3641: doc: add information about handling multiple detection in SSE

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:doc_sse_mult_proc_upd to master

Squashed commit of the following:

commit 6e8e6fffd54702cad4487ea5b54f2715b0c85f48
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Thu Oct 27 16:46:20 2022 +0300

doc: add information about handling multiple detection in SSE

Pull request #3630: detection: ignore back up of vars on node with 1 child

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_ips_w_constr to master

Squashed commit of the following:

commit 1ea313ec8cc86bc2461e2132b09f4a863e112f40
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Tue Oct 25 14:56:18 2022 +0300

detection: skip a rule variable copy for a single-branched node

Pull request #3639: netflow: if LAST_SWITCHED isn't provided, use packet time

Merge in SNORT/snort3 from ~MMATIRKO/snort3:nf_timestamp to master

Squashed commit of the following:

commit d7d56537ca9c9318ff1aa22a6ee8e8d2ec2bc12e
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Oct 27 10:44:26 2022 -0400

netflow: if LAST_SWITCHED isn't provided, use packet time

Pull request #3637: parser: improve port_object hash function

Merge in SNORT/snort3 from ~VHORBATO/snort3:rtn_hash_fix to master

Squashed commit of the following:

commit 2d4ffd9c1da97b19a40c41909133ef961686f317
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Oct 11 16:09:48 2022 +0300

parser: improve port_object hash function

Pull request #3625: appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete

Merge in SNORT/snort3 from ~SATHIRKA/snort3:url_rule_matching to master

Squashed commit of the following:

commit f77afe9166c78bd765d6dd04bb0cfe471726fe6a
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Oct 10 14:26:09 2022 -0400

appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete

Pull request #3632: build: generate and tag 3.1.45.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.45.0 to master

Squashed commit of the following:

commit 350a7e00d57621b16594504adb8672c8b0740865
Author: Steve Chew <stechew@cisco.com>
Date: Tue Oct 25 10:59:04 2022 -0400

build: generate and tag 3.1.45.0

Pull request #3627: Fix for IPS context generation ID.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_context_num to master

Squashed commit of the following:

commit 38089067c06c360c60bf48d2d142e993c50813bd
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Oct 21 18:06:08 2022 +0300

detection: check Pig run number in node state conditions

Pull request #3626: build: generate and tag 3.1.44.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.44.0 to master

Squashed commit of the following:

commit cc0cda03fe812924cc365ea30aff312e945cb367
Author: Steve Chew <stechew@cisco.com>
Date: Thu Oct 20 09:11:36 2022 -0400

build: generate and tag 3.1.44.0

Pull request #3588: Add stateful signature evaluation

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:stateful_signature_evaluation to master

Squashed commit of the following:

commit 8477617f494ffebae8c95ad6456c7ce3b630b34b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Apr 18 19:27:53 2022 +0300

    detection: add stateful signature evaluation

    If an IPS option sets the cursor beyond the current buffer size,
    an evaluation state will be stored on the flow.
    Rule evaluation will resume later, when enough data from the buffer become available.

    Key updates/features:
    * buffers supported: pkt_data, file_data, js_data
    * a rule fired on the current packet doesn't create continuations
    * continuations are droppped on config reload
    * a few peg counters added
    * rule variables are transferred to the continuation
    * rule latency supported

    Continuation tracks stream source for the following buffers:
    pkt_data -- TCP payload data with respect to flow direction
    js_data -- JavaScript text combined within the same HTTP request/response
    file_data -- file's data within the same file (context)

    Now a leaf node can have children, which are flowbit setters moved to the very end.

    If an inspector sends PDU with data prepended from previous PDUs,
    Continuations will be dropped, because data chunks cannot be concatenated.
    Currently, http_inspect http2_inspect can present accumulated data
    in file_data and js_data buffers.

Pull request #3536: US #762655 detection: target service http rules to specific message sections - Part 5

Merge in SNORT/snort3 from ~MDAGON/snort3:proto_5 to master

Squashed commit of the following:

commit 83ef46f4c04816c433d40af59cda244aaacde1b2
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Mar 21 16:39:24 2022 -0400

http_inspect: remove rule option timing features

Pull request #3616: http_inspect: maximum_pipelined_requests

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:pipeline to master

Squashed commit of the following:

commit fb53e1c4acacf776a7c20658dd638318c4ecfd2a
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Sep 30 16:41:01 2022 -0400

http_inspect: maximum_pipelined_requests

Pull request #3623: utils: Add possibility to process keywords as identifiers

Merge in SNORT/snort3 from ~ANOROKH/snort3:js_bracket_mismatch to master

Squashed commit of the following:

commit 5e2066e75b0a7e8db2e148e356638ec4060fc84d
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date:   Thu Oct 13 14:11:33 2022 +0300

    utils: add possibility to process keywords as identifiers

        * added JavaScript scope property to track an object body,
        * process keywords as identifiers, if they were used as name function or object member,
        *'catch' and finally' were added to ignore list, so they would not normalized as function identifiers,
        * added unit tests to cover changes
        * 'function' isn't supporting as object member because of anonymous function peculiarities

Pull request #3618: lua: add sensitive data rules

Merge in SNORT/snort3 from ~ASERBENI/snort3:sd_rules to master

Squashed commit of the following:

commit 741e150f8b4f542080b7c16dac283e3394afe142
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Tue Oct 4 15:45:01 2022 +0300

    lua: add sensitive data rules

    Rules include sd_pattern option with the following built-in patterns used: credit_card, us_social, us_social_nodashes, email, us_phone.
    The rule set supports following services: http, smtp, ftp-data, imap, pop3.

Pull request #3614: appid: return APP_ID_NONE only if hsession is not present for http3

Merge in SNORT/snort3 from ~SHIKV/snort3:appid_ss to master

Squashed commit of the following:

commit c366852482ce8e0580a64055896220e07c57fe99
Author: shibin k v <shikv@cisco.com>
Date: Tue Oct 4 10:44:05 2022 +0000

appid: return APP_ID_NONE only if hsession is not present for http3

Pull request #3566: s7commplus: adding wizard support for s7commplus

Merge in SNORT/snort3 from ~JRITTLE/snort3:s7comm_inspector_curse to master

Squashed commit of the following:

commit 03fe0712ecc431aff21c1ce2ff95ed416dcc3733
Author: Jared Rittle <jared@machine.local>
Date: Wed Aug 10 00:04:27 2022 -0400

s7commplus: adding wizard support for s7commplus

Pull request #3605: http_inspect: improved MIME processing

Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp167 to master

Squashed commit of the following:

commit d383065b2a4a030102b7b8464320f68b97cf5fa7
Author: Tom Peters <thopeter@cisco.com>
Date:   Thu Aug 4 16:14:48 2022 -0400

    http_inspect: inspect multiple MIME attachments per message section

commit 084cbf53d63c61a97ed55f2e13523ab2fb249a2e
Author: Tom Peters <thopeter@cisco.com>
Date:   Mon Jun 13 16:00:52 2022 -0400

    http_inspect: MIME partial inspections

Pull request #3615: Reputation

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reputation to master

Squashed commit of the following:

commit 8570cbe9d6a889c4393efd885ee0365d5820fc24
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Mon Sep 12 14:29:20 2022 -0400

    reputation: added profiling to the event handlers

commit 6641fdf35ecadf53d9f7114fd54ef9e04c5f3712
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Aug 19 16:21:26 2022 -0400

    flow, reputation, protocols: remove reputation information from packet and flow

commit 67b9574c7c955cd4022a94f592c326295e9e03f0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Aug 18 16:45:49 2022 -0400

    reputation: refactor event generation for matches

Pull request #3612: reputation: fix for array indexing error when searching for reputation file entries

Merge in SNORT/snort3 from ~ALLEWI/snort3:multiple_reputation_entries to master

Squashed commit of the following:

commit e336be1e0cbde17d4fcc00605ccfacfa4147fd48
Author: albert lewis <allewi@cisco.com>
Date: Mon Oct 3 12:56:51 2022 -0400

reputation: fix for array indexing error when searching for reputation file entries

Pull request #3617: build: generate and tag 3.1.43.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.43.0 to master

Squashed commit of the following:

commit fd52699dda4b42879d7fc5fbe24a27893a911ff0
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Oct 5 15:41:09 2022 -0400

build: generate and tag 3.1.43.0

Pull request #3611: actions: fix rewrite nullptr log crash

Merge in SNORT/snort3 from ~ASERBENI/snort3:act_crash to master

Squashed commit of the following:

commit 2d65237dbeb6cdd1239964fd856b036d3cabc9a7
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Mon Oct 3 16:41:53 2022 +0300

actions: fix action logging for suppressed events

Pull request #3608: allowed and disallowed methods

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:method to master

Squashed commit of the following:

commit 62f3acf8011d7002eca476b34764e12f8a60edb5
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu Aug 18 11:19:30 2022 -0400

http_inspect: allowed and disallowed methods

Pull request #3609: reputation, sfrt: refactor reputation to remove global variables

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reputation to master

Squashed commit of the following:

commit ab363a193b3f5cc0696d3641050894b256b25712
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Sep 29 13:41:26 2022 -0400

    reputation, sfrt: refactor reputation to remove global variables

    Moved the segment_mem global variables and code into a new sfrt RtTable
    class.
    Created a parser class that holds the RtTable class during parsing.

Pull request #3599: detection: refactor set next packet to use the dummy active object when there is no packet

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:flush_active to master

Squashed commit of the following:

commit e9c711082f06c49a1859fb4adcd4eb35831dc30d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Sep 20 11:01:54 2022 -0400

detection: refactor set next packet to use the dummy active object when there is no packet

Pull request #3600: flow: disable inspection for and HA flow unless the state is setup or inspect

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:ha to master

Squashed commit of the following:

commit c948d9a71e22815c01847c104881758f24be4964
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed Sep 21 15:41:21 2022 -0400

flow: disable inspection for and HA flow unless the state is setup or inspect

Pull request #3607: appid : updating devnotes for first packet API

Merge in SNORT/snort3 from ~UMASHARM/snort3:dev_notes to master

Squashed commit of the following:

commit 2b7b7a40aca9ee785c048b5504d8e8c2bc30861e
Author: Umang Sharma <umasharm@cisco.com>
Date:   Thu Sep 29 13:34:23 2022 -0400

    appid : addressing review comments

commit ab17fa0aa9c94bc4b90db9ac2f2be08d488076c4
Author: Umang Sharma <umasharm@cisco.com>
Date:   Thu Sep 29 11:39:07 2022 -0400

    appid : addressing review comments

commit 1238c12482f1d8b1436193b648151286e3fa3b44
Author: Umang Sharma <umasharm@cisco.com>
Date:   Thu Sep 29 11:35:52 2022 -0400

    appid : addressing review comments

commit 6693b4f0513bd183356ea285996c9d83f8e8a12a
Author: Umang Sharma <umasharm@cisco.com>
Date:   Thu Sep 29 10:48:39 2022 -0400

    appid : addressing review comments

commit 189d356ca4cee29452306d300afc6af1fc129658
Author: Umang Sharma <umasharm@cisco.com>
Date:   Wed Sep 28 19:50:20 2022 -0400

    appid : updating devnotes for first packet API

Pull request #3601: http2_inspect: std::list - remove indirection from stream list

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:vtune_test2 to master

Squashed commit of the following:

commit 1539d242a59d76adcccd50fd95197df634dbbdd5
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu Sep 22 16:37:47 2022 -0400

http2_inspect: std::list - remove indirection from stream list

Pull request #3595: appid: handle http3

Merge in SNORT/snort3 from ~SHIKV/snort3:h3_appid to master

Squashed commit of the following:

commit 5a3b5213ebe21081b27d9c38cebd29844e8f9068
Author: shibin k v <shikv@cisco.com>
Date:   Thu Sep 22 10:29:58 2022 +0000

    appid: return appid set by eve for http/3 if no hsession is present, but prefer hsession appid over eve

commit e6a449351595e205d4793d3fa132be23b5266b8e
Author: shibin k v <shikv@cisco.com>
Date:   Mon Sep 19 20:49:37 2022 +0000

    appid: handle multistream http protocols(http2,http3) together

Pull request #3598: build: generate and tag 3.1.42.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.42.0 to master

Squashed commit of the following:

commit 5f916d972339048112609681b377f0507b014a24
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Sep 22 14:48:03 2022 -0400

build: generate and tag 3.1.42.0

Pull request #3591: Content retry fix

Merge in SNORT/snort3 from ~VHORBATO/snort3:content_retry_fix to master

Squashed commit of the following:

commit 2c16faf29f2f400e1439a46ad9e533cf99dc46c7
Author: Vitalii <vhorbato@cisco.com>
Date:   Thu Sep 15 19:03:29 2022 +0300

    parser: remove platform dependency from parse_int function

commit 906ae2b9be21e7c1bc6916da9bac2dfddfb443b1
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Sep 21 10:51:59 2022 +0300

    ips_options: rollback changes causing content not to match when out of data start boundary

Pull request #3596: ips_options: set ips.obfuscate_pii to true by default

Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_masking to master

Squashed commit of the following:

commit 0df025c604ca7bb36e02b3a70c32b8463cfb5ba6
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Sep 19 22:28:55 2022 +0300

ips_options: change ips.obfuscate_pii to be true by default

Pull request #3510: appid : A custom lua detector api to map ip and port to appids on the first packet.

Merge in SNORT/snort3 from ~UMASHARM/snort3:POC_FirstPkt to master

Squashed commit of the following:

commit 7bc2782effcc61941091f0bce53640cc3c85c293
Author: Umang Sharma <umasharm@cisco.com>
Date: Tue Jul 12 06:31:29 2022 -0400

appid: A custom lua detector api to map ip and port to appids on the first packet

Pull request #3593: Wizard: client_first option deprecated

Merge in SNORT/snort3 from ~ANOROKH/snort3:doc_wiz_deprec to master

Squashed commit of the following:

commit 6a684948e243332335f4633460c0286c562eeab3
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date: Mon Sep 19 15:08:31 2022 +0300

wizard: deprecate client_first option

Pull request #3594: reputation: use the thread specific reputation data for aux ip event

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:rep_aux_event to master

Squashed commit of the following:

commit ce7e6e4e9882ff1866a0a2dbe81c4dd2e9e9787d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Sep 19 09:33:17 2022 -0400

reputation: use the thread specific reputation data for aux ip event

Pull request #3592: memory: fix typo in peg counter help text

Merge in SNORT/snort3 from ~AKAYAMBU/snort3:memorypegs to master

Squashed commit of the following:

commit b6663aba460444a11d2cc1e6bb4e94f52ad98892
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date: Sat Sep 17 16:40:43 2022 -0400

memory: fix typo in peg counter help text

Pull request #3590: doc: added smtp rule 124:17

Merge in SNORT/snort3 from ~BSACHDEV/snort3:smtp_rule to master

Squashed commit of the following:

commit 13423e7715ceec76dfd8fd04b35bc7bd73a4d5b4
Author: bsachdev <bsachdev@cisco.com>
Date: Thu Sep 15 15:37:09 2022 -0400

doc: added smtp rule 124:17

Pull request #3589: JavaScript Normalizer: remove open tag alert in literals

Merge in SNORT/snort3 from ~ANOROKH/snort3:js_fix_otag_alert to master

Squashed commit of the following:

commit 1644b13faeabf1f758dd71cc80a9edf24ab84275
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date: Wed Sep 14 11:01:32 2022 +0300

utils: remove alert for an opening tag in string literals

Pull request #3554: appid: Appid service detection prioritized over third party detection

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_detection_priority_over_third_party to master

Squashed commit of the following:

commit 2f4ea7dbd8954544fb63c9e76f0d9b5e81b9c8bf
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Aug 5 04:47:34 2022 -0400

appid: Appid service detection prioritized over third party detection

Pull request #3585: netflow: evaluate all matching netflow rules, not just the first match

Merge in SNORT/snort3 from ~MMATIRKO/snort3:nf_rule_eval to master

Squashed commit of the following:

commit b600d2774896b5e35232dff280d995626fae0599
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Sep 7 17:09:21 2022 -0400

netflow: evaluate all matching netflow rules, not just the first match

Pull request #3548: HTTP/3 inspector implementation support

Merge in SNORT/snort3 from ~ABHPAL/snort3:h3 to master

Squashed commit of the following:

commit 18d340b34fb619533c4a8d1722cd57f823d817ba
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Aug 25 16:21:19 2022 +0530

    parser: add implicit http3 to http ips options otn

commit b38f067a20e4503d29916be966919fafee71d3c7
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Aug 25 16:20:14 2022 +0530

    stream: export support for creating udp session

commit 6f3f7109f8f3c8b0c3299a2aec7c58508a000840
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Aug 25 16:18:56 2022 +0530

    detection: add http3 to http ips buffers

commit 254ccfed242e89b5780407691c5b9fff69684be4
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:54:39 2022 +0530

    flow: abstract class added to work on stream based connections

commit d2b82a8feccd6ac3c37aa202ec58c505714f7546
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:53:56 2022 +0530

    pub_sub: handle httpx(2,3) traffic

commit 9bf0c34a118bd4f3dba8052ee141be1a86eea237
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:52:55 2022 +0530

    payload_injector: accomodate httpx(2,3) stream id values

commit 32e13e3f1f534f5632264e3e0d1d9f1f921c74b8
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:52:06 2022 +0530

    rna: handle httpx(2,3) traffic

commit c3ad5f625c98a337d2bf5b51742075d1d5b07c23
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:51:23 2022 +0530

    appid: handle http event for httpx(2,3) traffic

commit b7e9927040da7d01ebb3dbed0b256340a5bf4f94
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:50:20 2022 +0530

    http2_inspect: updated with abstracted httpx(2,3) flags

commit d27580f9f0666ec765c90347a34ccad619effcb0
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu Jul 14 15:48:46 2022 +0530

    http_inspect: abstract inspection of httpx(2,3)

Pull request #3582: Header length rule options

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:header_length to master

Squashed commit of the following:

commit 95bfb786b9c1cc5912a90e0aeaf1ea57f1532b4b
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Aug 31 12:16:43 2022 -0400

http_inspect: http_max_header_line and http_max_trailer_line rule options

Pull request #3579: appid: Added a snort config to control client-process mapping

Merge in SNORT/snort3 from ~BSACHDEV/snort3:client_process_mapping to master

Squashed commit of the following:

commit ce7051260b852b09a4a0a27d2375f90f2a0ea66d
Author: bsachdev <bsachdev@cisco.com>
Date: Tue Aug 16 14:41:36 2022 -0400

appid: Added a snort config to control client-process mapping

Pull request #3574: appid: Cache support for unproccesed ssl packets

Merge in SNORT/snort3 from ~OSTEPANO/snort3:tls_caching_appid to master

Squashed commit of the following:

commit c33bc414f214ea557ccaf188c53387e7de33f6f4
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Tue Jul 12 09:29:51 2022 -0400

appid: Cache support for unprocessed ssl packets

Pull request #3581: ips_options: content retry

Merge in SNORT/snort3 from ~ASERBENI/snort3:russ_content_retry to master

Squashed commit of the following:

commit 25963f71586de50ed65369b8823a3bd3e2513d98
Author: Vitalii <vhorbato@cisco.com>
Date:   Tue Sep 13 15:33:25 2022 +0300

    trace: ips variables are dumped as hex

commit 0efc6a4894c4b65e7b872236b4d8c7bc63e362cd
Author: russ <rucombs@cisco.com>
Date:   Mon Aug 15 21:00:31 2022 -0400

    content: fix retry

    This deprecates the 2nd/"orig" cursor argument to retry.
    The existing Cursor.delta member provides the required information.

    The use of byte_extract variables is also fixed for content.
    Those valuse are used as sizes or offsets and can not be negative.

commit f32ed3f56ce9dab991d7951c9c9107fe83137323
Author: russ <rucombs@cisco.com>
Date:   Tue Aug 16 11:40:40 2022 -0400

    ips: trace all node evaluations

    Iterative evaluations due to retry were not previously traced.

Pull request #3583: detection: add option to reduce rtns by port values

Merge in SNORT/snort3 from ~VHORBATO/snort3:rtn_deduplication to master

Squashed commit of the following:

commit e111df05dfd6598100f5140f07d8326f41d68c74
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Sep 6 18:04:23 2022 +0300

detection: add option to reduce rtns by port values

Pull request #3576: http_inspect: Investigate if we can refactor rule options using ranges/2

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:derive_range_option to master

Squashed commit of the following:

commit ae50bb122b87ef5fc32bc06536f4d556ed082c78
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Aug 16 14:41:45 2022 -0400

http_inspect: rework range rule options

Pull request #3584: build: generate and tag 3.1.41.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.41.0 to master

Squashed commit of the following:

commit c2679ae40b120ee4d17b04612422d1bcbd5093d1
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Sep 7 15:34:40 2022 -0400

build: generate and tag 3.1.41.0

Pull request #3575: sd_pattern: add and improve built-in patterns

Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_new_patterns to master

Squashed commit of the following:

commit 7671add3259b33398e783c5b58c3c262737824f4
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Aug 26 19:58:51 2022 +0300

sd_pattern: add and improve built-in patterns

Pull request #3572: utils: Rewrite normalizer unit tests

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_unit_demacro to master

Squashed commit of the following:

commit 5aec814cf4c7bf82ddc5458dd2d807f8414137f3
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Jun 6 13:14:46 2022 +0300

utils: refactor JS normalizer unit tests

Pull request #3577: netflow: log even when some info is missing

Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_fixes to master

Squashed commit of the following:

commit 7bcc8ee0ea2e5fe807751e42ebc4fc21d795a450
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Aug 18 11:45:36 2022 -0400

netflow: log even when not all info is present

Pull request #3578: file_id: Update Office Documents rules

Merge in SNORT/snort3 from ~AGIURGIU/snort3:update_office_docs to master

Squashed commit of the following:

commit 56bc735801d80ef0216017dbc4234085bdd10b8d
Author: Alexandru Giurgiu <agiurgiu@cisco.com>
Date: Tue Aug 23 09:29:49 2022 +0300

file_id: Update Office Documents rules

Pull request #3573: Const changes

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:const_changes to master

Squashed commit of the following:

commit 49533a8a6b24ba425331b874f32326666bb3b6e0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Aug 19 13:29:40 2022 -0400

    stream: free flow data, if flow is blocked

commit 3634e7e499ca310d8b3a92938682098d5e0aeba8
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Aug 18 16:45:24 2022 -0400

    framework, rna, pub_sub: make data bus get_packet method a const

commit 47beb51ab6055c7bdac4594a2aceed0d96128471
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Aug 18 16:42:05 2022 -0400

    stream: use a const packet to populate the flow key

commit 546c8888f600b139a7877e47b75d469ed3752824
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Aug 18 16:40:44 2022 -0400

    flow: update flow statistics before processing a flow

Pull request #3568: appid: send intermediate messages for appid reload commands to the socket

Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_reload_time to master

Squashed commit of the following:

commit 9b2753eccce757696fba1d90ea1c9b2c639ec781
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Aug 15 13:16:42 2022 -0400

appid: send intermediate messages for appid reload commands to the socket

Pull request #3558: file_api: corrected the formatting of File Statistics output

Merge in SNORT/snort3 from ~UMUNNIKR/snort3:file_stats_dump to master

Squashed commit of the following:

commit 9855f3c445eefa957649c76a9ed4426fba042a43
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Mon Aug 15 15:35:57 2022 +0530

file_api: corrected the formatting of File Statistics output