]>
git.ipfire.org Git - thirdparty/snort3.git/log
Mike Stepanek (mstepane) [Thu, 2 Jun 2022 20:30:08 +0000 (20:30 +0000)]
Pull request #3451: netflow: fix build on MacOS
Merge in SNORT/snort3 from ~OSERHIIE/snort3:macos_build_fix to master
Squashed commit of the following:
commit
4ced378fa0217bd475d7e3fbdb96d7cfa9f8c4c3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Jun 1 13:51:33 2022 +0300
netflow: fix build on MacOS
This commit adds explicit type casting for ConfigLogger::log_value()
function call which accepts number of size_t type as an argument.
The reason is that on MacOS with Homebrew GCC 7.5.0 it cannot resolve
the call with size_t type to one of the overloads with int parameters.
Masud Hasan (mashasan) [Thu, 2 Jun 2022 17:57:14 +0000 (17:57 +0000)]
Pull request #3452: main: adding null check for scratch handler
Merge in SNORT/snort3 from ~SATHIRKA/snort3:scratch_update_crash to master
Squashed commit of the following:
commit
d8fd27401bdbf748a8edc353123e775295bc87b5
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue May 31 13:53:45 2022 -0400
main: adding null check for scratch handler
Mike Stepanek (mstepane) [Thu, 2 Jun 2022 16:02:45 +0000 (16:02 +0000)]
Pull request #3453: build: generate and tag 3.1.31.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.31.0 to master
Squashed commit of the following:
commit
30438385b5666040f82386851063c163ac9983fc
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Jun 1 13:43:46 2022 -0400
build: generate and tag 3.1.31.0
Mike Stepanek (mstepane) [Tue, 31 May 2022 17:03:11 +0000 (17:03 +0000)]
Pull request #3425: http_inspect: Check for empty decompressed file body for JSN
Merge in SNORT/snort3 from ~ASERBENI/snort3:pdu_miss to master
Squashed commit of the following:
commit
bebdb26c20002a96c5073d407889806864b21665
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Mon May 16 13:45:43 2022 +0300
http_inspect: change js processed data tracking
Masud Hasan (mashasan) [Tue, 31 May 2022 16:26:13 +0000 (16:26 +0000)]
Pull request #3442: appid: Added lock_guard to prevent data race on reload
Merge in SNORT/snort3 from ~OSTEPANO/snort3:tasan_appid_reload to master
Squashed commit of the following:
commit
5af9c9ad1b0ed389fb35d0d3cfff45dae3df46a8
Author: ostepano <ostepano@cisco.com>
Date: Tue May 24 09:15:25 2022 -0400
appid: Added lock_guard to prevent data race on reload
Mike Stepanek (mstepane) [Tue, 31 May 2022 14:59:10 +0000 (14:59 +0000)]
Pull request #3437: Fix config option handling for suppress module
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_config_option_handling_for_suppress_module to master
Squashed commit of the following:
commit
099db62ee3f27240572b9007f3365e4e9e768bae
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Sun May 15 17:00:51 2022 +0300
filters: add correct handling of by_src and by_dst
Thanks to Albert O'Balsam for reporting the bug.
Mike Stepanek (mstepane) [Tue, 31 May 2022 14:52:35 +0000 (14:52 +0000)]
Pull request #3441: JSN: disabled 119:267 alert for single line comments
Merge in SNORT/snort3 from ~ASERBENI/snort3:comment_end_tag to master
Squashed commit of the following:
commit
3b00f92820e2e658e1d1088aadf0a2155da86a14
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed May 25 14:24:06 2022 +0300
utils: allow script closing tag in single-line comments
A closing tag placed in a single line comment will end the inline script
Mike Stepanek (mstepane) [Tue, 31 May 2022 14:41:24 +0000 (14:41 +0000)]
Pull request #3447: perf_monitor: fix timestamp for idle processing
Merge in SNORT/snort3 from ~OSERHIIE/snort3:bug_CSCvx76013 to master
Squashed commit of the following:
commit
48030fe21edd2181ff9c642b9f43f75ce965ef28
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri May 27 10:12:26 2022 +0300
perf_monitor: fix timestamp for idle processing
This change provides a fix for the case when traffic has been stopped
somewhere in the middle of reporting interval.
If it happens, reporting falls into idle processing and still makes
records in time but logged timestamp value is wrong since it was not
updated for trackers since the last packet gone.
Subsequent time intervals are fine.
Bhargava Jandhyala (bjandhya) [Tue, 31 May 2022 11:12:31 +0000 (11:12 +0000)]
Pull request #3444: dce_rpc: converting tree tracker to shared ptr
Merge in SNORT/snort3 from ~UMUNNIKR/snort3:tree_tracker_shared_ptr to master
Squashed commit of the following:
commit
7e04875cd7ad8cb7122469b985fe8f02575dba4d
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Tue May 17 12:11:41 2022 +0530
dce_rpc: converting tree tracker to shared ptr
Masud Hasan (mashasan) [Fri, 27 May 2022 19:36:44 +0000 (19:36 +0000)]
Pull request #3439: netflow: Enforcing memcap for record and template LRU caches
Merge in SNORT/snort3 from ~MASHASAN/snort3:netflow_memcap to master
Squashed commit of the following:
commit
bc2f0391d2011a359c8c1b238e222b305cd60db3
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu May 26 23:51:59 2022 -0400
host_tracker: Renaming generic files and classes
commit
bf7c31fd580de06f7c8311cd7e1fc3c91b7c5f4e
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed May 18 14:50:13 2022 -0400
netflow: Enforcing memcap for session record and template LRU caches
Mike Stepanek (mstepane) [Fri, 27 May 2022 16:47:05 +0000 (16:47 +0000)]
Pull request #3431: http_inspect: add handling of binary and octal integers to JS Normalizer
Merge in SNORT/snort3 from ~VHORBATO/snort3:js_int_lit to master
Squashed commit of the following:
commit
2e3b8040edc18c5410c5a055eace0199a3135189
Author: Vitalii <vhorbato@cisco.com>
Date: Thu May 19 12:44:06 2022 +0300
http_inspect: add handling of binary, octal and big integers to JS Normalizer
Pranav Bhalerao (prbhaler) [Fri, 27 May 2022 12:49:07 +0000 (12:49 +0000)]
Pull request #3446: Revert "Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands"
Merge in SNORT/snort3 from ~ABHPAL/snort3:CSCwb69096 to master
Squashed commit of the following:
commit
543b5c6781025866bc7e43fa6df1d14aaf904759
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Fri May 27 16:15:41 2022 +0530
Revert "Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands"
This reverts commit
48d73d26f5d8c4307f98588a96cf4bc1a7da275f .
Masud Hasan (mashasan) [Thu, 26 May 2022 18:37:05 +0000 (18:37 +0000)]
Pull request #3434: hyperscan: reallocate hyperscan scratch space when patterns are reloaded during appid detector reload
Merge in SNORT/snort3 from ~SATHIRKA/snort3:scratch_update to master
Squashed commit of the following:
commit
d320d2fa108197eb0a5c78776a79b695dfe46ab7
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed May 11 14:38:03 2022 -0400
hyperscan: reallocate hyperscan scratch space when patterns are reloaded during appid detector reload
Tom Peters (thopeter) [Thu, 26 May 2022 15:57:54 +0000 (15:57 +0000)]
Pull request #3443: US 750083 http2_inspect: add alert for too long non-DATA frame
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:alert_long_no_data_frame to master
Squashed commit of the following:
commit
59b023f3586ae55d751a4d282f572f3276fa0cdc
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri May 20 17:13:11 2022 -0400
http2_inspect: add alert and infraction for non-Data frame too long
Mike Stepanek (mstepane) [Wed, 25 May 2022 16:52:43 +0000 (16:52 +0000)]
Pull request #3427: docs: JS Normalizer: track constructed objects
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_class_track to master
Squashed commit of the following:
commit
94a5709811b971bdec31035b9970866143914e07
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed May 18 14:20:14 2022 +0300
doc: add class track description to user doc
Mike Stepanek (mstepane) [Wed, 25 May 2022 16:52:10 +0000 (16:52 +0000)]
Pull request #3423: JS Normalizer: track constructed objects
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_class_track to master
Squashed commit of the following:
commit
07d5248871f13bddbcaf96f9b16e05e6c3c3d6f8
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed May 4 17:30:17 2022 +0300
utils: Add keyword new support and object tracking
Pranav Bhalerao (prbhaler) [Wed, 25 May 2022 16:24:50 +0000 (16:24 +0000)]
Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands
Merge in SNORT/snort3 from ~ABHPAL/snort3:CSCwb69096 to master
Squashed commit of the following:
commit
022cac22e695b9c37e52665ea19a7fdd23f19cf5
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu May 5 12:09:16 2022 +0530
ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands
Russ Combs (rucombs) [Tue, 24 May 2022 17:49:09 +0000 (17:49 +0000)]
Pull request #3438: appid: do not delete third-party connection when third-party reload is in progress and the context swap is not complete
Merge in SNORT/snort3 from ~SATHIRKA/snort3:reload_tp_conn_delete to master
Squashed commit of the following:
commit
25910d3f6cce13f41c8115013306b588bbd50afe
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu May 19 18:21:37 2022 -0400
appid: do not delete third-party connection when third-party reload is in progress and the context swap is not complete
Mike Stepanek (mstepane) [Tue, 24 May 2022 14:30:17 +0000 (14:30 +0000)]
Pull request #3428: JS Norm: Check Content-Type
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_content_type to master
Squashed commit of the following:
commit
457cf486d8846108cb3cda7ea9bf99aaae4c5985
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue May 17 22:59:38 2022 +0300
http_inspect: implement general approach of checking Content-Type header
Adding a general approach of checking Content-Type header values.
Comparison uses normalized header value and returns appropriate
code value if matched. The headers comparison is strict and precise.
Additional header parameters, like charset, are ignored. Comparison
happens against MIME type/subtupe only.
commit
79fae25f1bf59d6bcf34f2f6b92a2b8666ee830d
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue May 17 13:29:09 2022 +0300
http_inspect: add Content-Type header validation for Enhanced JS Normalizer
Avoid lookup for Inline JavaScript if media-type is not of HTML type.
Accepted media-types follows:
* application/xhtml+xml
* text/html
If Content-Type header is not specified, default media-type will be
application/octet-stream which is not allowed. The normalization
will be skipped.
Tom Peters (thopeter) [Fri, 20 May 2022 01:09:52 +0000 (01:09 +0000)]
Pull request #3411: http_inspect: added field for raw_body
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:new_field_for_raw_body_w_depth to master
Squashed commit of the following:
commit
ecfe918412a0ac3914b649f5f4eb8d8d57d88a62
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed May 4 15:59:54 2022 -0400
http_inspect: added field for raw_body
Steve Chew (stechew) [Thu, 19 May 2022 21:26:26 +0000 (21:26 +0000)]
Pull request #3436: build: generate and tag 3.1.30.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.30.0 to master
Squashed commit of the following:
commit
5403acd8e7a4072702b809f0b4302570032728e3
Author: Steve Chew <stechew@cisco.com>
Date: Thu May 19 00:33:25 2022 -0400
build: generate and tag 3.1.30.0
Mike Stepanek (mstepane) [Thu, 19 May 2022 00:15:27 +0000 (00:15 +0000)]
Pull request #3426: Remove unused features
Merge in SNORT/snort3 from ~RUCOMBS/snort3:remove_unused_features to master
Squashed commit of the following:
commit
6e087ec5641a96c764b08a6de0fb87efec477f41
Author: russ <rucombs@cisco.com>
Date: Mon May 16 15:49:16 2022 -0400
piglets: remove unused test harness
commit
ab27ed002ccca3d6cd3bf480608f434bade93483
Author: russ <rucombs@cisco.com>
Date: Mon May 16 14:55:14 2022 -0400
perf_monitor: remove unused flatbuffers support
Tom Peters (thopeter) [Wed, 18 May 2022 19:42:05 +0000 (19:42 +0000)]
Pull request #3429: BUG #750965: Double free while processing mime
Merge in SNORT/snort3 from ~MDAGON/snort3:mime_fix to master
Squashed commit of the following:
commit
cd063a4521c381e26ccbd5e7bf958889ea1bba40
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue May 17 17:10:01 2022 -0400
mime: set partial_header to null after deletion
Mike Stepanek (mstepane) [Wed, 18 May 2022 11:33:23 +0000 (11:33 +0000)]
Pull request #3424: JS Normalizer: check content decoding
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_content_encoding to master
Squashed commit of the following:
commit
4fc6db8e507415d6feb50ae8691f0daba6492b8d
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Sun May 15 23:24:24 2022 +0300
http_inspect: avoid sending compressed data to JS normalizer
Masud Hasan (mashasan) [Wed, 18 May 2022 03:30:31 +0000 (03:30 +0000)]
Pull request #3417: stream: refactor flush_queued_segments
Merge in SNORT/snort3 from ~SMINUT/snort3:russ_flush to master
Squashed commit of the following:
commit
2dc7bba89aaa9dabf74b8ab930aadc948a02d54c
Author: Silviu Minut <sminut@cisco.com>
Date: Tue May 17 08:02:26 2022 -0400
stream_tcp: add null check for get_current_wire_packet() in dce too
commit
d70012d0605e1949b4f300300af33ac1dc2d86f0
Author: Silviu Minut <sminut@cisco.com>
Date: Tue May 10 18:46:22 2022 -0400
stream_tcp: provide a context and a wire packet where needed, when calling into reassembly from outside regular processing (handle_timeouts)
commit
3828703345b5dd3a0c213481e02938c0425f6c14
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Apr 29 17:36:04 2022 -0400
stream: refactor flush_queued_segments
Russ Combs (rucombs) [Tue, 17 May 2022 11:23:39 +0000 (11:23 +0000)]
Pull request #3413: build: Update dependent libdaq version to 3.0.7
Merge in SNORT/snort3 from ~PRBG/snort3:update_min_libdaq_version to master
Squashed commit of the following:
commit
7190ff171d721ec8a17b45ab0a71a3676a903031
Author: âPriyanka <prbg@cisco.com>
Date: Wed May 4 16:42:41 2022 -0400
build: Update dependent libdaq version to 3.0.7
Mike Stepanek (mstepane) [Mon, 16 May 2022 16:42:12 +0000 (16:42 +0000)]
Pull request #3422: JS Normalizer: regex char groups parsing
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex_char_set to master
Squashed commit of the following:
commit
bfac8f0bb9e69f89c289ab39b53b096d3b515219
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri May 13 16:38:36 2022 +0300
utils: fix regex char classes parsing
Inside a character set only few characters retain a special meaning.
Mike Stepanek (mstepane) [Mon, 16 May 2022 12:11:19 +0000 (12:11 +0000)]
Pull request #3421: JS Normalizer: regex literal detection
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_sc_regex_op to master
Squashed commit of the following:
commit
6282b69c758f5aee95bf88c412fd0d8ed15d4240
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri May 13 14:29:19 2022 +0300
utils: allow regex literals after operator
Mike Stepanek (mstepane) [Fri, 13 May 2022 15:23:46 +0000 (15:23 +0000)]
Pull request #3419: doc: User documentation update for obfuscate_pii and --help-module
Merge in SNORT/snort3 from ~PRBG/snort3:doc_update_help_and_usage to master
Squashed commit of the following:
commit
f6293a0d79293afa35d44555c1abb2175b3b120f
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu May 12 12:15:35 2022 -0400
doc: update clone link in README. Thanks to billchenchina.
commit
1838326a7c37672ff85cc97f5cb4e13dfd6a3781
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue May 10 14:20:44 2022 -0400
doc: user documentation update for obfuscate_pii and --help-module
Mike Stepanek (mstepane) [Fri, 13 May 2022 15:23:06 +0000 (15:23 +0000)]
Pull request #3420: JavaScript Normalizer: add Latin-1 decoding of JavaScript unescape-like functions
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_unescape_latin_1 to master
Squashed commit of the following:
commit
aee1c83bfea39d7bd219eb7aecd5255dca2d470f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed May 11 13:07:41 2022 +0300
utils: add Latin-1 decoding of JavaScript unescape-like functions
Mike Stepanek (mstepane) [Wed, 11 May 2022 18:20:47 +0000 (18:20 +0000)]
Pull request #3418: JS Normalizer: A Source Field Availability
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_input_check to master
Squashed commit of the following:
commit
33b91f2ba4c20d634ec0bab28b76f46bdb0e5efc
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue May 10 14:48:58 2022 +0300
http_inspect: check if input available before JavaScript normalization
Mike Stepanek (mstepane) [Wed, 11 May 2022 13:53:47 +0000 (13:53 +0000)]
Pull request #3415: http_inspect: add ignoring defined object properties for Enchanced JS normalizer
Merge in SNORT/snort3 from ~VHORBATO/snort3:js_prop_ignore to master
Squashed commit of the following:
commit
eb135f3e3ccfec12f622f9d2770a5f2175a0fc52
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Apr 29 12:51:52 2022 +0300
http_inspect: add ignoring defined object properties for Enchanced JS normalizer
Masud Hasan (mashasan) [Tue, 10 May 2022 19:46:57 +0000 (19:46 +0000)]
Pull request #3393: snort3: remove SMB detection from service_netbios.cc
Merge in SNORT/snort3 from ~CLJUDGE/snort3:snort3_downgrade_smb_detection to master
Squashed commit of the following:
commit
b4486b0c80ad1991d00f99dc6df64131b8be861b
Author: Clifford Judge <cljudge@cisco.com>
Date: Mon Apr 25 10:24:09 2022 -0400
snort3: remove SMB detection from service_netbios.cc
Mike Stepanek (mstepane) [Tue, 10 May 2022 15:12:29 +0000 (15:12 +0000)]
Pull request #3402: Handle optional quotes
Merge in SNORT/snort3 from ~VHORBAN/snort3:handle_optional_quotes_graceflly to master
Squashed commit of the following:
commit
d3f04e4d0f9311610c09d83f6b3392bdf4d349bd
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Fri Apr 22 18:08:13 2022 +0300
framework: add method to get unquoted string from configuration value
Mike Stepanek (mstepane) [Tue, 10 May 2022 11:10:02 +0000 (11:10 +0000)]
Pull request #3416: wizard: fix code style
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:fix_up_code_style to master
Squashed commit of the following:
commit
4103d16df893987b729caf1dc649de82b58fbda0
Author: Yehor <egor1velikogon@gmail.com>
Date: Thu May 5 21:43:30 2022 +0300
wizard: fix code style
Following code style aspects was covered:
1. Space after 'if', 'for', 'while', 'switch' and space between braces
2. Newline before mentioned keyword.
3. Newline before 'return'.
4. Adding const to func if applicable.
George Koikara (gkoikara) [Mon, 9 May 2022 10:50:51 +0000 (10:50 +0000)]
Pull request #3368: http2_inspect: Templatize variable length integer decoding of integer and string
Merge in SNORT/snort3 from ~ABHPAL/snort3:h3 to master
Squashed commit of the following:
commit
ba690edfc9d454ec8764a855fc110d071e1b0c4b
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Apr 7 22:57:51 2022 +0530
http2_inspect: Templatize variable length integer decoding of integer and string
Mike Stepanek (mstepane) [Fri, 6 May 2022 17:51:06 +0000 (17:51 +0000)]
Pull request #3412: Hardening JS Normalizer.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_unescape_tracking to master
Squashed commit of the following:
commit
8120cbb49d9ba15b395cc9eb64b7766fb466f5f9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 4 19:54:30 2022 +0300
utils: turn debug-build assertion into a product-build code
This removes a redundant assert and adds a test to show that such input could be handled.
Lokesh Bevinamarad (lbevinam) [Thu, 5 May 2022 06:54:20 +0000 (06:54 +0000)]
Pull request #3403: smb: handling file context cleanup
Merge in SNORT/snort3 from ~UMUNNIKR/snort3:smb_mem_corrupt_fix to master
Squashed commit of the following:
commit
c7ce156cfa51ff1fda4d65b3b8f90c3783c77652
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Mon May 2 10:19:50 2022 +0530
smb: handling file context cleanup
Russ Combs (rucombs) [Wed, 4 May 2022 15:36:05 +0000 (15:36 +0000)]
Pull request #3397: stream_tcp, pop: add sync_on_start method to StreamSplitter
Merge in SNORT/snort3 from ~RUCOMBS/snort3:sync_on_start to master
Squashed commit of the following:
commit
fcd5a8de59569044555cc7d8bd987506767e53f3
Author: russ <rucombs@cisco.com>
Date: Tue Apr 26 14:28:15 2022 -0400
stream_tcp, pop: add sync_on_start method to StreamSplitter
This is used to force a flush of data from the client when the wizard
identifies a flow by data from the server. The new virtual defaults
to false and pop overrides to true to handle the case where jumpy
clients send a command before the server greeting. Other, similar
overrides are anticipated.
Mike Stepanek (mstepane) [Wed, 4 May 2022 14:31:50 +0000 (14:31 +0000)]
Pull request #3409: build: generate and tag 3.1.29.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.29.0 to master
Squashed commit of the following:
commit
53e0cb3ca6389c8d3a11ee0f623c2cc88af34a6d
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed May 4 07:19:08 2022 -0400
build: generate and tag 3.1.29.0
Ron Dempster (rdempste) [Mon, 2 May 2022 18:06:56 +0000 (18:06 +0000)]
Pull request #3406: flow, side_channel, utils: fix clang issues
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:fix_issues to master
Squashed commit of the following:
commit
ed8b5e927b8e6aafb9b58b85f596a49c647054b0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon May 2 10:12:21 2022 -0400
flow, side_channel, utils: fix clang issues
Mike Stepanek (mstepane) [Mon, 2 May 2022 10:49:18 +0000 (10:49 +0000)]
Pull request #3395: wizard: update glob storage due to shared memory
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_mt_fix to master
Squashed commit of the following:
commit
f9159d44d44a9def929b308cc9167bfd354bd99f
Author: Yehor <egor1velikogon@gmail.com>
Date: Tue Apr 19 17:44:47 2022 +0300
wizard: update glob storage due to shared memory
Pranav Bhalerao (prbhaler) [Sat, 30 Apr 2022 02:30:17 +0000 (02:30 +0000)]
Pull request #3383: appid: add alpn matchers
Merge in SNORT/snort3 from ~PRBHALER/snort3:quic_alpn to master
Squashed commit of the following:
commit
77be6266b97de2535006e3ecaa2dc84c8202aefd
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Mon Apr 4 22:16:02 2022 +0530
appid: add alpn matchers
Ron Dempster (rdempste) [Fri, 29 Apr 2022 20:27:35 +0000 (20:27 +0000)]
Pull request #3331: Tenant id
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:tenant_id to master
Squashed commit of the following:
commit
49bcaac681921062b79be6e17ffc319a9d7f831b
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Apr 28 17:02:22 2022 -0400
flow: change the padding and bits in the flow key to make it more clear
commit
76553e101331382ee5e7daca82fb34e513fbb23d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed Apr 27 12:18:04 2022 -0400
dce_rpc: update address space id in the smb keys
commit
3d78363477fcfe1c866ff62d73eb3a6a9970b3cf
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Mar 22 12:04:08 2022 -0400
flow: add inline cppcheck suppressions
commit
f54d8a3cc078023a153b576e78583569dfd4bbb6
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Mar 21 13:13:19 2022 -0400
flow, network_inspectors, policy_selectors, stream: make address space id 32 bits and add a tenant id to the daq header
Ron Dempster (rdempste) [Fri, 29 Apr 2022 19:40:06 +0000 (19:40 +0000)]
Pull request #3401: main: update analyzer command log message to copy the variable arguments before using them for the remote response
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:va_list to master
Squashed commit of the following:
commit
97b88140885310f3b48bde24cc3770eb73ab68c5
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Apr 29 10:22:19 2022 -0400
main: update analyzer command log message to copy the variable arguments before using them for the remote response
Tom Peters (thopeter) [Fri, 29 Apr 2022 18:10:53 +0000 (18:10 +0000)]
Pull request #3399: Rule text updates
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:rule_text_updates to master
Squashed commit of the following:
commit
feb97b0a72375cac3e6a9b3a655ff6721a47965b
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Apr 27 12:35:18 2022 -0400
doc: rule text updates
George Koikara (gkoikara) [Fri, 29 Apr 2022 14:36:20 +0000 (14:36 +0000)]
Pull request #3333: http_inspect: install header files, create SO_PUBLIC base class for HttpStreamSplitter and HttpInspect
Merge in SNORT/snort3 from ~SHIKV/snort3:h3_initial to master
Squashed commit of the following:
commit
f027a9fa26ff3ee219eb3ed4717a90056c01a0f7
Author: shibin k v <shikv@cisco.com>
Date: Wed Mar 30 11:19:21 2022 +0000
http_inspect: install header files, create a virtual base class for http_inspect and http_stream_splitter
Tom Peters (thopeter) [Thu, 28 Apr 2022 15:32:43 +0000 (15:32 +0000)]
Pull request #3396: Http mime depth
Merge in SNORT/snort3 from ~KATHARVE/snort3:http_mime_depth to master
Squashed commit of the following:
commit
0a8379db6e1fa866ddc327409324e2ef094f0fa1
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Apr 20 12:21:33 2022 -0400
http_inspect: move mime processing outside of file and detect depth
Steve Chew (stechew) [Mon, 25 Apr 2022 16:53:44 +0000 (16:53 +0000)]
Pull request #3392: build: generate and tag 3.1.28.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.28.0 to master
Squashed commit of the following:
commit
ae3c9a8e96c8040f01a7a34821dac54ba578aab8
Author: Steve Chew <stechew@cisco.com>
Date: Mon Apr 25 10:39:44 2022 -0400
build: generate and tag 3.1.28.0
Steve Chew (stechew) [Fri, 22 Apr 2022 22:30:26 +0000 (22:30 +0000)]
Pull request #3391: mms: initialize BerElement
Merge in SNORT/snort3 from ~KATHARVE/snort3:mms_cppcheck to master
Squashed commit of the following:
commit
1e1b2363d1283c763c1a5d1b2eab6534673f14c3
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Apr 22 15:57:32 2022 -0400
mms: add check that BerElement argument isn't null before calling BerReader::read
Steve Chew (stechew) [Fri, 22 Apr 2022 20:02:32 +0000 (20:02 +0000)]
Pull request #3390: mms: Moved creation of TpktFlowData inspector ID to process init.
Merge in SNORT/snort3 from ~STECHEW/snort3:mms_splitter_fix to master
Squashed commit of the following:
commit
6bbabe07e02408a0f007d6a4cd9c470aa8a6b68b
Author: Steve Chew <stechew@cisco.com>
Date: Fri Apr 22 15:48:50 2022 -0400
mms: Moved creation of TpktFlowData inspector ID to process init.
Masud Hasan (mashasan) [Thu, 21 Apr 2022 19:20:11 +0000 (19:20 +0000)]
Pull request #3385: netflow: Framework for netflow V5 and V9 events
Merge in SNORT/snort3 from ~MASHASAN/snort3:netflow_event2 to master
Squashed commit of the following:
commit
9320cdc01f9ace6dec235274b38e3115381e5a19
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Apr 18 08:22:53 2022 -0400
netflow: Framework for netflow V5 and V9 events
Tom Peters (thopeter) [Thu, 21 Apr 2022 16:14:16 +0000 (16:14 +0000)]
Pull request #3360: mime: handle MIME header lines split between inspection sections and improve folded header line processing
Merge in SNORT/snort3 from ~KATHARVE/snort3:mime_header_parsing_copy to master
Squashed commit of the following:
commit
37fe918d4680d3c0528937889fa7a73f1a650db8
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Mar 28 10:48:51 2022 -0400
mime: handle MIME header lines split between inspection sections and improve folded header line processing
Mike Stepanek (mstepane) [Thu, 21 Apr 2022 15:59:14 +0000 (15:59 +0000)]
Pull request #3386: events: add action logging to the event
Merge in SNORT/snort3 from ~VHORBATO/snort3:events_upd to master
Squashed commit of the following:
commit
68bc9987e0c57edc1aae1bb18fb88a29529d1ca7
Author: Vitalii <vhorbato@cisco.com>
Date: Sun Apr 3 13:45:25 2022 +0300
events: add action logging to the event
packet_io: add rewrite action logging
Mike Stepanek (mstepane) [Thu, 21 Apr 2022 15:56:36 +0000 (15:56 +0000)]
Pull request #3384: doc : Update user manual and dev_notes for default binder
Merge in SNORT/snort3 from ~VHORBAN/snort3:doc_update_default_binder_info to master
Squashed commit of the following:
commit
19a85009ceda81bf170a6b7728089f9f4f274f25
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Tue Apr 19 18:07:03 2022 +0300
doc: add clarification on default bindings in developer notes and user notes
Russ Combs (rucombs) [Thu, 21 Apr 2022 12:27:01 +0000 (12:27 +0000)]
Pull request #3373: ips_bag2
Merge in SNORT/snort3 from ~RUCOMBS/snort3:ips_bag2 to master
Squashed commit of the following:
commit
faebae4e783ceb1e110663326756a87ba83510fe
Author: russ <rucombs@cisco.com>
Date: Thu Apr 14 11:26:01 2022 -0400
mms_data: make a fast pattern buffer
Also some minor refactoring of related framework code.
commit
aca6b04e9c610ecff216e28c549176a1f5962aa4
Author: russ <rucombs@cisco.com>
Date: Tue Apr 12 13:31:08 2022 -0400
ips_options: eliminate obsolete RULE_OPTION_TYPE_BUFFER_*
commit
75469d9cb9528a1952390d961a32199653678a3e
Author: russ <rucombs@cisco.com>
Date: Mon Apr 11 16:26:00 2022 -0400
conf: add cip and s7commplus to the default snort.lua
commit
ed2856e6e08ef74187dda09c095177f8fd5fcd18
Author: russ <rucombs@cisco.com>
Date: Sun Apr 10 16:03:51 2022 -0400
raw_data: only search pkt_data if no alt buffer or raw_data rules included in group
commit
f3d69b64eba4a520d2d782f2b4507ddb4f42d7f3
Author: russ <rucombs@cisco.com>
Date: Sat Apr 9 22:13:44 2022 -0400
detection: remove now obsolete get buf support
The only remaining inspection buffer provided by multiple inspectors
is vba_data. pkt_data and file_data are pushed to the detection engine.
alt_data is pushed as well but is used where pkt_data is used. All other
buffers are provided by solely by individual inspector ips options.
(http2 just internally uses http_* buffers.)
commit
f79e200c64a8de929764cded5dc10f8022fd429b
Author: russ <rucombs@cisco.com>
Date: Fri Apr 8 18:27:40 2022 -0400
ips: eliminate direct dependence on get_fp_buf of all ibt (by using rule options)
commit
e54fa287fd110a6d7634ed22d9fcd43297b6490c
Author: russ <rucombs@cisco.com>
Date: Fri Apr 8 06:08:01 2022 -0400
service inspectors: update fast pattern access
commit
9d6477ebb015e2ddfdcf80aece115da3d21867b0
Author: russ <rucombs@cisco.com>
Date: Fri Apr 8 02:59:57 2022 -0400
detection: rearrange startup rule counts
commit
d22ea5aeda36790a229a24226e9a5a5c509fc057
Author: russ <rucombs@cisco.com>
Date: Thu Apr 7 15:49:47 2022 -0400
ips: eliminate PM_TYPE_* to make fast pattern buffers generic
commit
a49cd8f04e54c86228e45e3316c2f06769782fe2
Author: russ <rucombs@cisco.com>
Date: Wed Apr 6 16:52:20 2022 -0400
detection: add missing fast pattern buffer translations
commit
1ba179ea66d4050f3c57bd1d3fcc884106b08409
Author: russ <rucombs@cisco.com>
Date: Tue Apr 5 17:53:12 2022 -0400
inspectors: add / update api buffer lists
commit
127236881855c6230d413acdbae95320fbacf80c
Author: russ <rucombs@cisco.com>
Date: Tue Apr 5 17:52:12 2022 -0400
bufferlen: add missing relative override
commit
774a078e38b90fa610d70a3663383a260d8361f9
Author: russ <rucombs@cisco.com>
Date: Mon Apr 4 10:09:04 2022 -0400
ips_options: fix cursor action type overrides
commit
07fbe66bba3a81f4f8dbe3e8dcb4a351b22344b1
Author: russ <rucombs@cisco.com>
Date: Mon Apr 4 08:41:42 2022 -0400
detection: make CursorActionType generic
commit
c7063241d67718633e5c533ea49ab9defd736f1e
Author: russ <rucombs@cisco.com>
Date: Mon Apr 4 07:18:46 2022 -0400
detection: map buffers to services
commit
0837fc34448a36c6a817491c916cda319e335112
Author: russ <rucombs@cisco.com>
Date: Sun Apr 3 07:13:10 2022 -0400
ips: further limit port group rules
Rules with buffers that imply services go only in service groups.
commit
eba1ff1bad596d1222b1dc934235ad29c929445a
Author: russ <rucombs@cisco.com>
Date: Sun Apr 3 07:10:30 2022 -0400
content: auto no-case non-alpha patterns
Steve Chew (stechew) [Wed, 20 Apr 2022 21:49:22 +0000 (21:49 +0000)]
Pull request #3389: host_cache: fix unit test broken on some platforms
Merge in SNORT/snort3 from ~SMINUT/snort3:host_cache_test_fix to master
Squashed commit of the following:
commit
f15830798d33af96629bfac0ead75ee2cd743209
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Apr 20 10:59:58 2022 -0400
host_cache: fix unit test broken on some platforms
Masud Hasan (mashasan) [Tue, 19 Apr 2022 17:19:55 +0000 (17:19 +0000)]
Pull request #3378: Peg counts for bytes and number of items in use for various caches
Merge in SNORT/snort3 from ~SMINUT/snort3:memory_pegs_now to master
Squashed commit of the following:
commit
b229d5b046d97cba62377ea028f0a4892c1cd82a
Author: Silviu Minut <sminut@cisco.com>
Date: Sun Apr 17 08:40:40 2022 -0400
module_manager: fix memory pegs display issue during packet processing, while also correctly computing the memory pegs in Analyzer::term
commit
ac3e69171f9a9dc5e13bbe416418893ed791f1ee
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Mar 28 18:04:19 2022 -0400
stream: add current_flows, uni_flows and uni_ip_flows peg counts
commit
014af9aa055dffae340d7e789258535ba820cf40
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Mar 24 20:54:28 2022 -0400
appid: add bytes_in_use and items_in_use peg counts
commit
b23c2063e089dfd6388bab6ff68737d9b94f706e
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Mar 24 19:35:12 2022 -0400
host_cache: bytes_in_use and items_in_use peg counts
Russ Combs (rucombs) [Tue, 19 Apr 2022 13:49:44 +0000 (13:49 +0000)]
Pull request #3381: framework: make Cursor SO_PUBLIC
Merge in SNORT/snort3 from ~KATHARVE/snort3:cursor_so_public to master
Squashed commit of the following:
commit
e207201c711459aea2eea09b796000d421b2ce93
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Apr 18 16:01:55 2022 -0400
framework: make Cursor SO_PUBLIC
Masud Hasan (mashasan) [Tue, 19 Apr 2022 12:49:26 +0000 (12:49 +0000)]
Pull request #3382: smtp: SMTPData initialization changed from memset to constructor
Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtp_structure_initializer to master
Squashed commit of the following:
commit
60fb39c75b9b86611d80d78ce96858d8e40a062a
Author: ostepano <ostepano@cisco.com>
Date: Mon Apr 18 17:10:40 2022 -0400
smtp: SMTPData initialization changed from memset to constructor
Bhargava Jandhyala (bjandhya) [Mon, 18 Apr 2022 06:26:33 +0000 (06:26 +0000)]
Pull request #3365: dce_rpc: Handling only named ioctls for smb
Merge in SNORT/snort3 from ~BSACHDEV/snort3:dce_ss_crash_2 to master
Squashed commit of the following:
commit
1d77d1119629f9cd241577206b5bb64328b548fd
Author: bsachdev <bsachdev@cisco.com>
Date: Sun Mar 20 23:51:38 2022 -0400
dce_rpc: Handling only named ioctls for smb
Signed-off-by: bsachdev <bsachdev@cisco.com>
Tom Peters (thopeter) [Fri, 15 Apr 2022 19:28:53 +0000 (19:28 +0000)]
Pull request #3207: Mms service inspector
Merge in SNORT/snort3 from ~JRITTLE/snort3:mms_service_inspector to master
Squashed commit of the following:
commit
748bd178828da9d67a303ee24971f03ff0bc7e4f
Author: jrittle <jrittle@cisco.com>
Date: Fri Jul 2 14:04:54 2021 -0400
mms: adding new service inspector for the IEC61850 MMS protocol
Tom Peters (thopeter) [Fri, 15 Apr 2022 19:19:29 +0000 (19:19 +0000)]
Pull request #3248: mms: adding mms documentation to the snort3 manual
Merge in SNORT/snort3 from ~JRITTLE/snort3:doc_mms_service_inspector to master
Squashed commit of the following:
commit
9901175198be7125a8fdabb1fc3c0e36a3046400
Author: jrittle <jrittle@cisco.com>
Date: Mon Dec 6 19:21:36 2021 -0500
mms: adding manual updates for the new service inspector for the IEC61850 MMS protocol
Ron Dempster (rdempste) [Fri, 15 Apr 2022 15:26:44 +0000 (15:26 +0000)]
Pull request #3371: Fix most of the perf drop from multi-tenant code
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:perf to master
Squashed commit of the following:
commit
c14d36a3e41f083d4a80199b22b40b601166419f
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Apr 11 09:58:36 2022 -0400
flow: only select policies when deleting flow data if there is a policy selector
commit
c38b0b61f1a9b8a7e359ff81a5468a59567a5260
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Sun Apr 10 16:26:12 2022 -0400
flow, snort_config: change service back to a pointer and add a method to return a non-volatile pointer for service
commit
a9b120ee80a12c64e59f475f56db4477ffc88c08
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Apr 7 11:14:26 2022 -0400
flow: use a flag instead off shared pointer use count for has service check
commit
429fa43a6346f6e67e2ddb98238e2fc1f340aaa3
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Apr 1 12:32:23 2022 -0400
flow, managers, binder: only publish flow state reloaded event from internal execute
commit
4f2429b5140895ea377a49029e387f5b509de5ca
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Mar 31 14:09:29 2022 -0400
main: check policy exists instead of index when setting network policy
by id
Masud Hasan (mashasan) [Fri, 15 Apr 2022 12:22:48 +0000 (12:22 +0000)]
Pull request #3377: appid: ssl service detection for segmented server hello done
Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_validate_bug to master
Squashed commit of the following:
commit
c7658c09fd53b9e72ce900d671d21ea3e960de66
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Apr 11 12:49:24 2022 -0400
appid: ssl service detection for segmented server hello done
Mike Stepanek (mstepane) [Thu, 14 Apr 2022 13:50:56 +0000 (13:50 +0000)]
Pull request #3374: An update for parser dev notes.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:doc_ips to master
Squashed commit of the following:
commit
bd52c251919b13e11d0019407621b60ad64ab0c7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Apr 13 15:31:20 2022 +0300
parser: update dev notes
Mike Stepanek (mstepane) [Wed, 13 Apr 2022 10:43:05 +0000 (10:43 +0000)]
Pull request #3361: binder: Add binder action handling on service change
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:binder_flow_change_action to master
Squashed commit of the following:
commit
b57a7773c54c8c65f35d19a7f4c596e6a1ddad5c
Author: dkyrylov <dkyrylov@cisco.com>
Date: Fri Apr 1 16:40:44 2022 +0300
binder: add binder actions to flow reassignment
Thanks to Meridoff for the original report of the issue.
Mike Stepanek (mstepane) [Tue, 12 Apr 2022 16:43:53 +0000 (16:43 +0000)]
Pull request #3369: SfIp: Follow up for warning suppression
Merge in SNORT/snort3 from ~ASERBENI/snort3:sfip_warn_suppress to master
Squashed commit of the following:
commit
f036849106353c02ceabf795e655cb298664a4fb
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Thu Apr 7 13:49:28 2022 +0300
sfip: improve warning suppression
Masud Hasan (mashasan) [Tue, 12 Apr 2022 15:10:40 +0000 (15:10 +0000)]
Pull request #3330: smtp: STARTTLS command injection event processing
Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtp_starttls_command_injection_alert to master
Squashed commit of the following:
commit
73e2e3cef812a0a9e93b327ef0c9d713ba9e8c27
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Mon Mar 21 11:01:55 2022 -0400
smtp: STARTTLS command injection event processing
Russ Combs (rucombs) [Tue, 12 Apr 2022 14:59:40 +0000 (14:59 +0000)]
Pull request #3363: ftp: splitter and inspector fixes
Merge in SNORT/snort3 from ~BRASTULT/snort3:ftp_splitter_fix to master
Squashed commit of the following:
commit
5dae1d6e2ad7c446d8f1ff565de6730e47fb4eab
Author: Brandon Stultz <brastult@cisco.com>
Date: Tue Apr 5 03:39:36 2022 -0400
ftp: fix FTP response parsing
commit
08fdc2b94f137b87caca64e66ecae33f2e696329
Author: Brandon Stultz <brastult@cisco.com>
Date: Tue Apr 5 00:54:37 2022 -0400
ftp: flush FTP cmds ending in just carriage return
Mike Stepanek (mstepane) [Tue, 12 Apr 2022 12:29:06 +0000 (12:29 +0000)]
Pull request #3370: JS stack limit.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex_grp_limit to master
Squashed commit of the following:
commit
07c377d4a4c4e3aea177047747fbe61fcf1a4b27
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Apr 11 11:43:30 2022 +0300
utils: limit JS regex stack size
The 'http_inspect.js_norm_max_tmpl_nest' configuration option controls the limit.
Steve Chew (stechew) [Mon, 11 Apr 2022 18:56:33 +0000 (18:56 +0000)]
Pull request #3332: stream: add can_set_no_ack_mode() api to check if policy allows no-ack mode
Merge in SNORT/snort3 from ~SBAIGAL/snort3:ok2noack to master
Squashed commit of the following:
commit
f0de602d7c910b796ec11da3e1ffd7d42356960c
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Mar 30 21:49:46 2022 -0400
stream: add can_set_no_ack() api to check if policy allows no-ack mode
Mike Stepanek (mstepane) [Fri, 8 Apr 2022 13:06:17 +0000 (13:06 +0000)]
Pull request #3366: An improvment for JS regex literals.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex to master
Squashed commit of the following:
commit
4079a93365262390d6d77144b5ce8b2c29f4d8af
Author: dkyrylov <dkyrylov@cisco.com>
Date: Sun Jul 25 16:13:30 2021 +0300
utils: track groups and escaped symbols in JavaScript regex literals
Mike Stepanek (mstepane) [Thu, 7 Apr 2022 17:53:09 +0000 (17:53 +0000)]
Pull request #3367: build: generate and tag 3.1.27.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.27.0 to master
Squashed commit of the following:
commit
5431b622172ee145af2dbbe6889e87764669d7f1
Author: Mike Stepanek <mstepane@cisco.com>
Date: Thu Apr 7 13:27:04 2022 -0400
build: generate and tag 3.1.27.0
Bhargava Jandhyala (bjandhya) [Wed, 6 Apr 2022 07:26:36 +0000 (07:26 +0000)]
Pull request #3364: file_api: Handling user_file_data cleanup
Merge in SNORT/snort3 from ~UMUNNIKR/snort3:file_bat_bqt to master
Squashed commit of the following:
commit
b41c170a819ad1c542a98cba0708eb25da1d6bf6
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Tue Apr 5 15:42:04 2022 +0530
file_api: Handling user_file_data cleanup
Mike Stepanek (mstepane) [Tue, 5 Apr 2022 16:39:25 +0000 (16:39 +0000)]
Pull request #3359: SfIp: Address of packed member warning suppression
Merge in SNORT/snort3 from ~ASERBENI/snort3:sfip_warn_suppress to master
Squashed commit of the following:
commit
095cc69c2c8b938c7236778764562cc036185360
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Fri Mar 25 13:01:41 2022 +0200
sfip: suppress compiler warning
Tom Peters (thopeter) [Mon, 4 Apr 2022 17:58:14 +0000 (17:58 +0000)]
Pull request #3328: US 697558: http_inspect/http2_inspect: reduce holes in high-volume objects
Merge in SNORT/snort3 from ~MDAGON/snort3:reduce to master
Squashed commit of the following:
commit
9d73d54ad9e3420c100aced5eaa97b6977b147a4
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Mar 25 13:46:47 2022 -0400
http2_inspect: reduce holes in objects
Russ Combs (rucombs) [Fri, 1 Apr 2022 20:39:13 +0000 (20:39 +0000)]
Pull request #3324: Ips bag
Merge in SNORT/snort3 from ~RUCOMBS/snort3:ips_bag to master
Squashed commit of the following:
commit
7f28f5c4cbda2834d6f50ba43eb45a0d34b57abd
Author: russ <rucombs@cisco.com>
Date: Sun Mar 27 14:03:38 2022 -0400
hyperscan: ensure adequate scratch when deserializing
commit
0d4f03134ec1d17101774a9080a3e86dc7cf7a3c
Author: russ <rucombs@cisco.com>
Date: Sat Mar 26 22:26:31 2022 -0400
detection: skip match deduplication for hyperscan
commit
2b5fb8dce61bb23cf190200d6b99419b24bea1f1
Author: russ <rucombs@cisco.com>
Date: Sat Mar 26 15:55:18 2022 -0400
search_engines: ensure SearchTool with hyperscan gets multi-match mode
commit
f50810182e6f1c2900afa9bf7c9a5c1a11f0ec84
Author: russ <rucombs@cisco.com>
Date: Sat Mar 26 14:39:10 2022 -0400
search_engines: add and refactor unit tests
commit
a7af03c532dce85a2d9eae6d3ec89e36f75e439a
Author: russ <rucombs@cisco.com>
Date: Sat Mar 26 10:08:56 2022 -0400
ac_full: refactor api access
commit
8c29afb0e0cac16aa360b659281b7dcaa012b090
Author: russ <rucombs@cisco.com>
Date: Fri Mar 25 23:29:11 2022 -0400
search_engine: always build ac_full since it is a hard default case
SearchTool will use hyperscan if configured else ac_full since that
is the only builtin MPSE that returns all matches.
commit
96f2c0943fc35638f2ee1e611c4e76ba994d0ceb
Author: russ <rucombs@cisco.com>
Date: Fri Mar 25 21:08:59 2022 -0400
search_engine: remove search_optimize parameter (always true)
Also remove broken support for offload from SearchTool.
commit
01271621d4af3bc5dd97ce7fab38887774b7675e
Author: russ <rucombs@cisco.com>
Date: Thu Mar 24 20:33:25 2022 -0400
detection: do not check ips policy when builtin events are queued
Builtin events are for now only checked for the current policy when
dequeued. This allows the policy to be changed after inspection, which
is how Snort 2 does it. This is flawed however and can be fixed by
pairing an ips policy with each nap or just including the builtin rules
and state stubs directly in the nap.
commit
95e6beb3ff36ac35d481265b690bb19e88ea9f64
Author: russ <rucombs@cisco.com>
Date: Thu Mar 24 12:55:54 2022 -0400
detection: minor refactoring of rule header access
commit
676606491ee0f74675deb8df59a0986ffef1e25f
Author: russ <rucombs@cisco.com>
Date: Thu Mar 24 10:21:36 2022 -0400
rate_filter: move to inspection policy
commit
76716c997dadb485e3e2bf4d3011196c61db0821
Author: russ <rucombs@cisco.com>
Date: Sat Mar 19 09:40:51 2022 -0400
alerts: remove obsolete stateful parameter
commit
4bcc7ca6fa19963d21768deee31692453a844322
Author: russ <rucombs@cisco.com>
Date: Fri Mar 18 10:17:31 2022 -0400
ac_full: remove cruft
commit
4cb95706bd2e13085ee7fe4a158f33f1e35804e3
Author: russ <rucombs@cisco.com>
Date: Fri Mar 18 10:00:48 2022 -0400
search_engines: remove the legacy ac_sparse_bands algorithm
commit
57b19a41e7125701e75ea017630a5eeef9f6ecc5
Author: russ <rucombs@cisco.com>
Date: Fri Mar 18 09:53:03 2022 -0400
search_engines: remove the legacy ac_sparse algorithm
commit
36b258d99f0b32f7d46f782bce76ca740f320cfe
Author: russ <rucombs@cisco.com>
Date: Fri Mar 18 09:44:09 2022 -0400
search_engines: remove the legacy ac_banded algorithm
commit
29720b96a3b54702119dfa98bcc1d8b0b82b7c8f
Author: russ <rucombs@cisco.com>
Date: Fri Mar 18 09:33:18 2022 -0400
search_engines: remove the legacy ac_std algorithm
commit
5af3cd8074287bc865563f2e26be17df64fa4046
Author: russ <rucombs@cisco.com>
Date: Sun Mar 13 00:12:12 2022 -0500
detection: override match queue limit for offload
commit
00183d5cc1cb7802e3f2f9a5a9becc3319f76c0f
Author: russ <rucombs@cisco.com>
Date: Sat Mar 12 12:47:59 2022 -0500
ac_std: fix case translation buffer size
commit
20ceb4956bd6eaa2b6165723df7dd833a044f957
Author: russ <rucombs@cisco.com>
Date: Fri Mar 11 19:49:22 2022 -0500
search_engine: remove obsolete warning on max_pattern_len change
commit
be971a82799a9da367f0867970b9a20615f327ee
Author: russ <rucombs@cisco.com>
Date: Fri Mar 11 15:03:54 2022 -0500
search_engine: fix .debug = true output
... and 7 more commits
Masud Hasan (mashasan) [Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)]
Pull request #3336: appid: provide client appid set by encrypted visibility engine to ssl through the ssl appid lookup api
Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_appid_bug to master
Squashed commit of the following:
commit
94dd37f7b2b5af8209556dcdedcc469593785b8c
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 31 13:34:29 2022 -0400
appid: provide client appid set by encrypted visibility engine to ssl through the ssl appid lookup api
Mike Stepanek (mstepane) [Thu, 31 Mar 2022 18:22:07 +0000 (18:22 +0000)]
Pull request #3335: Script opening tag pattern.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_otag to master
Squashed commit of the following:
commit
947e12e2db32df20c1de86abb9e39648697d0b67
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Mar 31 16:20:19 2022 +0300
utils: harden script opening tag sequence
Mike Stepanek (mstepane) [Thu, 31 Mar 2022 16:31:37 +0000 (16:31 +0000)]
Pull request #3334: Opening/closing tags in external scripts.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_oc_tags to master
Squashed commit of the following:
commit
0ee5e10bae28eaed6ef387cb487cf51d102e1b84
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Mar 30 18:38:41 2022 +0300
utils: allow opening/closing tags in external scripts
Tom Peters (thopeter) [Thu, 31 Mar 2022 15:57:20 +0000 (15:57 +0000)]
Pull request #3321: US 670672: O365: Add capability to identify microsoft headers in NHI
Merge in SNORT/snort3 from ~MDAGON/snort3:tenant to master
Squashed commit of the following:
commit
f96fc2a190605055565dd5e7d616884cde125c25
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Mar 24 11:23:57 2022 -0400
http_inspect: support headers Restrict-Access-To-Tenants, Restrict-Access-Context
Mike Stepanek (mstepane) [Wed, 30 Mar 2022 16:03:01 +0000 (16:03 +0000)]
Pull request #3326: JSN: decode String.fromCodePoint() JavaScript function
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_from_code_point to master
Squashed commit of the following:
commit
a4e3c6cad84181fb907ccafec6e4941e4611a927
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Mar 28 13:34:04 2022 +0300
http_inspect: decode String.fromCodePoint() JavaScript function
* utils: add support for supplementary characters in JS Normalizer
* utils: add tracking and decoding of String.fromCodePoint() JavaScript
function in JS Normalizer
* utils: add unit test coverage
* http_inspect: update dev notes
* doc: update user manual
Mike Stepanek (mstepane) [Wed, 30 Mar 2022 12:19:00 +0000 (12:19 +0000)]
Pull request #3327: build: compile against libatomic if present
Merge in SNORT/snort3 from ~OSERHIIE/snort3:libatomic to master
Squashed commit of the following:
commit
720d367bae80b58612840d74a6af2d626ba1e4ad
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Mar 28 21:19:14 2022 +0300
build: compile against libatomic if present
Thanks to W. Michael Petullo <mike@flyn.org>
Mike Stepanek (mstepane) [Tue, 29 Mar 2022 10:27:42 +0000 (10:27 +0000)]
Pull request #3325: JS Normalizer fix.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_fix to master
Squashed commit of the following:
commit
478c1781f4c7385e48b55c7793b40ccb19cae152
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 28 18:38:01 2022 +0300
utils: fix tracking variable when the output buffer is reset
Mike Stepanek (mstepane) [Mon, 28 Mar 2022 12:03:02 +0000 (12:03 +0000)]
Pull request #3322: http_inspect: delete alerts 119:279 and 119:280
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_revert_alerts to master
Squashed commit of the following:
commit
775c6d1df3daf505c2ea338af2942d607661665b
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Mar 23 23:09:13 2022 +0200
http_inspect: delete alerts 119:279 and 119:280
* http_inspect: delete 119:279 and 119:280 alerts, use 119:109 and 119:111 instead
* doc: update builtin_stubs
Mike Stepanek (mstepane) [Mon, 28 Mar 2022 10:59:05 +0000 (10:59 +0000)]
Pull request #3320: JSN: String literals concatenation
Merge in SNORT/snort3 from ~ASERBENI/snort3:string_concat to master
Squashed commit of the following:
commit
34a89bea5e85a417f37bc26aaf859727e3148456
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Fri Mar 11 12:54:48 2022 +0200
utils: add string concatenation for Enchanced JS Normalizer
Ron Dempster (rdempste) [Thu, 24 Mar 2022 17:58:44 +0000 (17:58 +0000)]
Pull request #3319: control, shell: add a command to set the network policy to be used by subsequent commands
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:command to master
Squashed commit of the following:
commit
3c3f144b75ada597b83130c7ce1613934d77b0ff
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Mar 14 08:18:08 2022 -0400
control, shell: add a command to set the network policy to be used by subsequent commands
Mike Stepanek (mstepane) [Thu, 24 Mar 2022 10:16:30 +0000 (10:16 +0000)]
Pull request #3316: Add current packet to http_inspect trace messages
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:trace_js_wizard to master
Squashed commit of the following:
commit
2c079c5afb4165d45cfd269e04d43f2d79883c9b
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Mar 8 15:02:09 2022 +0200
http_inspect: provide current packet to trace
Bhargava Jandhyala (bjandhya) [Thu, 24 Mar 2022 06:03:43 +0000 (06:03 +0000)]
Pull request #3315: dce_rpc: Handling cleanup path and race conditions for dce traffic
Merge in SNORT/snort3 from ~BSACHDEV/snort3:smb_ss_crash_master to master
Squashed commit of the following:
commit
eecf1f19ed1f5f61306fa35a1cbb576bb9666d46
Author: bsachdev <bsachdev@cisco.com>
Date: Mon Mar 7 04:14:37 2022 -0500
dce_rpc: Handling cleanup path and race conditions for dce traffic
Signed-off-by: bsachdev <bsachdev@cisco.com>
Mike Stepanek (mstepane) [Wed, 23 Mar 2022 19:31:39 +0000 (19:31 +0000)]
Pull request #3312: JSN: Unescape Text Processing
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_unescape to master
Squashed commit of the following:
commit
5e79a2a365a4b5b74670d4bfc6f94bcc35f3b2d6
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Mar 18 20:39:48 2022 +0200
utils: fix JS Normalizer benchmark build
commit
8b79a4adbc538ea1b6400486cbe1b82a5369d1af
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Mar 4 22:05:17 2022 +0200
http_inspect: add unescape text processing for Enhanced JS Normalizer
* utils: decode %XX, %uXXXX, \uXX, \uXXXX, \xXX, \u{CHAR_CODE} escape sequences
* utils: decode hexadecimal and decimal code points
* utils: add support for unescape of universal sequences in identifiers,
strings, template literals and regular expressions
* utils: add support for unescape(), decodeURI(), decodeURIComponent() JavaScript
functions
* utils: add support for String.fromCharCode() JavaScript function
* utils: add unit test coverage
* utils: add benchmark test
* http_inspect: enable alert 119:280 - mixed encoding
* http_inspect: update dev notes
* doc: update user manual
Steve Chew (stechew) [Wed, 23 Mar 2022 19:22:41 +0000 (19:22 +0000)]
Pull request #3318: build: generate and tag 3.1.26.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.26.0 to master
Squashed commit of the following:
commit
7e37ddc2a37e5a77476634521664fa9c6c5af527
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 23 12:52:10 2022 -0400
build: generate and tag 3.1.26.0
Shanmugam S (shanms) [Wed, 23 Mar 2022 13:07:58 +0000 (13:07 +0000)]
Pull request #3313: event: add new static member update_and_get_event_id()
Merge in SNORT/snort3 from ~PUNEETKU/snort3:shun_event to master
Squashed commit of the following:
commit
feac3000a18764a324203fd80fadfac3f7f4f8ab
Author: Puneeth Kumar C V <puneetku@cisco.com>
Date: Thu Mar 17 18:48:38 2022 +0530
event: add new static member update_and_get_event_id()
Ron Dempster (rdempste) [Tue, 22 Mar 2022 19:06:38 +0000 (19:06 +0000)]
Pull request #3279: Multi-tenant with reconcile inspectors and reputation with reload command
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reputation to master
Squashed commit of the following:
commit
fb9b349ce3fc2612c4f0bdae6f1e03a511bf9cf7
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Mar 22 11:06:13 2022 -0400
framework: update base API version to 13
commit
877c1e7dcc63499301a8868880831b27ff9bcabe
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Mar 11 07:32:55 2022 -0500
appid: sum stats at tterm and null the thread local stats pointer after delete
commit
d23843bb934a4072c1c15458f9ddf17a95d1d269
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Mar 8 10:16:45 2022 -0500
main: add the control connection to the analyzer command and a method to log a message to both console and the remote connection
commit
aaf890c670f013e8af21c8db345139314084d13e
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Sat Mar 5 13:18:39 2022 -0500
main: fix and reenable the distill_verdict unit test
commit
edc81969f10a390a4a1e6e355906566405778583
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Mar 8 09:37:46 2022 -0500
managers: add get_inspector unit tests
commit
393507e0e4182033f7f726e710516ffc68e95d1d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Feb 25 12:22:24 2022 -0500
policy_selectors: add a method to select policies based on DAQ_FlowStats_t
commit
c85bb3a7b2225efda3e0ade20267746a989f7e01
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Feb 14 12:39:59 2022 -0500
appid: make appid a global inspector
commit
046846e765831debe98886fdf1ce57382db96c75
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Feb 11 10:12:40 2022 -0500
managers: add a faster get_inspectors method
commit
3470d1cb7dfdee60af067f15bba29694e4646ed3
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Jan 14 10:22:17 2022 -0500
inspector, main, inspector_manager: add support for thread local data in inspectors and commands updating reload_id
commit
3d9c2556dbb39220ca26d61e4f2e6e2477b55a22
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Dec 7 15:43:49 2021 -0500
reputation: add a command to reload repuation data
commit
c74d98a34b089d0b86db78cac78c6aaa793c2853
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Dec 21 08:22:14 2021 -0500
flow: make service a shared pointer to handle reload properly
commit
6750746d83d0c82ff3ebe552be43f8d36797c29b
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Dec 16 07:59:30 2021 -0500
managers: move inspection policies into the corresponding network policy
Mike Stepanek (mstepane) [Tue, 22 Mar 2022 14:32:47 +0000 (14:32 +0000)]
Pull request #3311: Multiple Reject actions on a packet.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:ra_fix to master
Squashed commit of the following:
commit
a066f83ec7ed7efa8afa691a9873e8e25f5ec782
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Mar 18 12:13:08 2022 +0200
packet_io: fix active action so the first reset occurred takes effect
commit
2aadec1c5b6a77d4ba32929fb0456001af9438f6
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Mar 17 13:40:02 2022 +0200
actions: set a delayed action on Reject IPS Action hit
commit
2296f7947952811a1a23044272388651249f85d4
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Mar 16 19:14:10 2022 +0200
framework: bump API
commit
10b0c6a86ea416466d50ec4df7c9f72e77d8ed99
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Mar 16 18:51:55 2022 +0200
actions: revert
bf62a22d43bb2d15b7425c5ec3e3118ead470e8d
Pranav Bhalerao (prbhaler) [Tue, 22 Mar 2022 05:22:22 +0000 (05:22 +0000)]
Pull request #3305: http_inspect, mime: VBA macro decompression for HTTP MIME file uploads
Merge in SNORT/snort3 from ~AMARNAYA/snort3:vba_upload to master
Squashed commit of the following:
commit
e03395379f228c35acfbbe8e1777e415182e1140
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Feb 8 16:55:17 2022 +0000
http_inspect, mime: VBA macro decompression for HTTP MIME file uploads
Bhargava Jandhyala (bjandhya) [Mon, 21 Mar 2022 06:44:26 +0000 (06:44 +0000)]
Pull request #3310: file_api: Handling user_file_data cleanup
Merge in SNORT/snort3 from ~VKAMBALA/snort3:user_file_data to master
Squashed commit of the following:
commit
be6525d736b93e5a07d22b76e55800a06532b10a
Author: krishnakanth <vkambala@cisco.com>
Date: Thu Mar 17 17:32:01 2022 +0530
file_api: Handling user_file_data cleanup
Masud Hasan (mashasan) [Fri, 18 Mar 2022 22:49:57 +0000 (22:49 +0000)]
Pull request #3307: analyzer: avoid distilling sticky verdicts
Merge in SNORT/snort3 from ~MASHASAN/snort3:sticky_verdict to master
Squashed commit of the following:
commit
3bac1487b51334c6ed6caf9549d3efb991f03f68
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Mar 11 12:53:49 2022 -0500
analyzer: avoid distilling sticky verdicts
Tom Peters (thopeter) [Fri, 18 Mar 2022 20:54:21 +0000 (20:54 +0000)]
Pull request #3309: stream: reusable stream splitter
Merge in SNORT/snort3 from ~THOPETER/snort3:reusable_splitter to master
Squashed commit of the following:
commit
f46c56042a28b94d8a3c48ac88eaa0cbb2f72ed9
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Mar 15 15:53:46 2022 -0400
stream: reusable stream splitter
Tom Peters (thopeter) [Wed, 16 Mar 2022 21:38:43 +0000 (21:38 +0000)]
Pull request #3306: http_inspect: do file decompression and utf decoding on non-MIME uploads
Merge in SNORT/snort3 from ~KATHARVE/snort3:non_mime_uploads to master
Squashed commit of the following:
commit
5af71a0295291bafdd017fa9468a016ed0dd2cb8
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Mar 11 13:52:10 2022 -0500
http_inspect: do file decompression and utf decoding on non-MIME uploads
projects / thirdparty / snort3.git / log
