]>
git.ipfire.org Git - thirdparty/snort3.git/log
Shravan Rangarajuvenkata (shrarang) [Fri, 9 Apr 2021 13:28:12 +0000 (13:28 +0000)]
Merge pull request #2775 in SNORT/snort3 from ~KAMURTHI/snort3:enable_rna_filter to master
Squashed commit of the following:
commit
40346667badded094e185b7cfb842da63995b23e
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Fri Mar 12 17:51:43 2021 -0500
appid: monitor only the networks specified in rna configuration
Mike Stepanek (mstepane) [Fri, 9 Apr 2021 12:57:13 +0000 (12:57 +0000)]
Merge pull request #2831 in SNORT/snort3 from ~OSERHIIE/snort3:bug_CSCvx77413 to master
Squashed commit of the following:
commit
34425873d946ed92696fcd20f0be7b43803fbb40
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Apr 6 23:54:48 2021 +0300
binder: update flow data inspector on a service change
Mike Stepanek (mstepane) [Wed, 7 Apr 2021 15:04:01 +0000 (15:04 +0000)]
Merge pull request #2832 in SNORT/snort3 from ~SVLASIUK/snort3:doc_script_data to master
Squashed commit of the following:
commit
c4f9eab374102412a2ebe64e8fddc2511d40b1c0
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Wed Apr 7 16:40:48 2021 +0300
doc: add documentation for script_data ips option
Steve Chew (stechew) [Wed, 7 Apr 2021 03:52:00 +0000 (03:52 +0000)]
Merge pull request #2829 in SNORT/snort3 from ~SBAIGAL/snort3:netflow_zone to master
Squashed commit of the following:
commit
2d625d0f1d4ffa8648679d735b5e6895f9278d73
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Apr 6 16:14:01 2021 -0400
netflow: get correct zone info from packet
Tom Peters (thopeter) [Wed, 7 Apr 2021 00:05:55 +0000 (00:05 +0000)]
Merge pull request #2830 in SNORT/snort3 from ~KATHARVE/snort3:nhi_remove_DI to master
Squashed commit of the following:
commit
185ed88e6b45399659b7443a2daf809805d15bdb
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Apr 6 13:25:16 2021 -0400
http_inspect: remove detained inspection config
Mike Stepanek (mstepane) [Tue, 6 Apr 2021 19:53:54 +0000 (19:53 +0000)]
Merge pull request #2828 in SNORT/snort3 from ~SVLASIUK/snort3:doc_js_norm to master
Squashed commit of the following:
commit
a172d99df0ae3acd69e26f884e5cbea40d90cec9
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Apr 6 22:24:15 2021 +0300
doc: revert documentation related to script_data ips option
Shravan Rangarajuvenkata (shrarang) [Tue, 6 Apr 2021 17:24:38 +0000 (17:24 +0000)]
Merge pull request #2827 in SNORT/snort3 from ~SATHIRKA/snort3:reload_tp_core to master
Squashed commit of the following:
commit
c6e4f9fbc002d75c9b352193993f967281271066
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Apr 1 17:45:12 2021 -0400
appid: Delete third-party connections with context only if third-party reload is not in progress
Mike Stepanek (mstepane) [Tue, 6 Apr 2021 15:50:46 +0000 (15:50 +0000)]
Merge pull request #2787 in SNORT/snort3 from ~SVLASIUK/snort3:script_data to master
Squashed commit of the following:
commit
aac9aac7fdda1f5dd7ca37ac32690700156655eb
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Mar 9 15:11:08 2021 +0200
ips_options: add sticky buffer script_data ips option within normalized javascripts payload
Update max value for js_normalization_depth = {-1, max53}
Add mutual exclusion behaviour for js_normalization_depth and normalize_javascript
js_normalization_depth - enables enhanced normalizer
normalize_javascript - enables legacy normalizer
Steve Chew (stechew) [Mon, 5 Apr 2021 22:34:23 +0000 (22:34 +0000)]
Merge pull request #2825 in SNORT/snort3 from ~DERAMADA/snort3:held_pkt_reset to master
Squashed commit of the following:
commit
5480871c0d14c8487fc7a2044f8ce002fc65d2c5
Author: Deepak Ramadass <deramada@cisco.com>
Date: Mon Mar 29 21:14:30 2021 -0400
stream: store held packet SYN
commit
14116e12388e618b28aef80f90e3364b22655f88
Author: Deepak Ramadass <deramada@cisco.com>
Date: Mon Mar 29 21:13:48 2021 -0400
stream: fetch held packet SYN
commit
b38b8d4d69bd0bd09bd2ffcfe69faa470f62b5d7
Author: Deepak Ramadass <deramada@cisco.com>
Date: Mon Mar 29 21:12:00 2021 -0400
codecs: use held packet SYN in Tcp header creation
Shravan Rangarajuvenkata (shrarang) [Mon, 5 Apr 2021 17:39:22 +0000 (17:39 +0000)]
Merge pull request #2826 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_ftp_dont_fail_during_continue to master
Squashed commit of the following:
commit
d0538349f43e27ea7e765b29ad086413678783cb
Author: cljudge <cljudge@cisco.com>
Date: Fri Apr 2 01:03:42 2021 -0400
appid: in continue state for ftp traffic, do not change service to unknown on validation failure
Masud Hasan (mashasan) [Fri, 2 Apr 2021 19:35:34 +0000 (19:35 +0000)]
Merge pull request #2822 in SNORT/snort3 from ~MASHASAN/snort3:iprep_reload to master
Squashed commit of the following:
commit
7f1303b3e1e50a8986acd72989e37bb0d8f9461e
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 20:35:41 2021 -0400
reputation: Registering inspector to the IT_FIRST type
commit
df1ace6dae83f3959acd3a226de38e54f8940957
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 20:11:08 2021 -0400
framework: Adding IT_FIRST inspector type to analyze the first packet of a flow
commit
4be59cff4ad586e556306aa5dba3914d0ccab076
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 15:45:45 2021 -0400
main: Adding reload id to track config/module/policy reloads
Masud Hasan (mashasan) [Fri, 2 Apr 2021 15:10:49 +0000 (15:10 +0000)]
Merge pull request #2824 in SNORT/snort3 from ~SMINUT/snort3:data_purge to master
Squashed commit of the following:
commit
596cd6e63ee19063e7c5fcdba4d930a99af486f9
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Apr 1 16:01:12 2021 -0400
host_tracker: fix bug in set_visibility
Clear HostTracker internal data not only when the visibility gets
turned off, but rather whenever the visibility changes, in order to
allow everything to be rediscovered after a data purge.
Lokesh Bevinamarad (lbevinam) [Thu, 1 Apr 2021 08:45:04 +0000 (08:45 +0000)]
Merge pull request #2804 in SNORT/snort3 from ~SMULKA/snort3:appid_trace to master
Squashed commit of the following:
commit
357d3b90982070f6f39dc65cff521af60aef4906
Author: smulka <smulka@cisco.com>
Date: Mon Mar 22 01:51:28 2021 -0400
packet_tracer: Appid daq trace log
Steve Chew (stechew) [Wed, 31 Mar 2021 22:38:58 +0000 (22:38 +0000)]
Merge pull request #2808 in SNORT/snort3 from ~SBAIGAL/snort3:netflow_cfg to master
Squashed commit of the following:
commit
d895eb631410232976bd389e90a2cd3b2c6650b0
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Mar 23 11:23:12 2021 -0400
netflow: add device list configuration
netflow: add filter matching for v5 decoder
Steve Chew (stechew) [Wed, 31 Mar 2021 12:40:16 +0000 (12:40 +0000)]
Merge pull request #2781 in SNORT/snort3 from ~STECHEW/snort3:ftps_tls_alert to master
Squashed commit of the following:
commit
41c0f9f0404feb00411a381fddc5a4d8b5fe8d2a
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 24 18:40:40 2021 -0400
main: Log holding verdict only if packet was actually held.
commit
f85ee407474f867c021381d2c5dad01676c100a2
Author: Steve Chew <stechew@cisco.com>
Date: Fri Mar 19 09:30:21 2021 -0400
dce_rpc: Fixed prototype mismatch. Smb2Tid doesn't need to be inline.
commit
b1c00248536485223c00d2cd66df1fa236d18673
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 8 13:56:29 2021 -0500
main: Update memcap for detained packets.
commit
9850db7b66e50454048a7744497c057628a07429
Author: Steve Chew <stechew@cisco.com>
Date: Tue Mar 9 18:06:56 2021 -0500
packet_io: If packet has no daq_instance, use thread-local daq_instance.
commit
a0479bf54f4d882e2bd19c4044c3776330be787a
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 8 13:49:00 2021 -0500
stream: Add held packet to retry queue when requested.
commit
2e8c00a0ca58c338491bc3a38ed039cc1baba01a
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 8 02:22:02 2021 -0500
stream: Add partial_flush. Flush one side of flow immediately.
Naveen Gujje (ngujje) [Wed, 31 Mar 2021 05:11:32 +0000 (05:11 +0000)]
Merge pull request #2816 in SNORT/snort3 from ~AJMANDAD/snort3:tracr_proto_bug to master
Squashed commit of the following:
commit
2d8674eb0608149257d1c908db5062829c98ca9e
Author: Ajay Mandadi <ajmandad@cisco.com>
Date: Fri Mar 26 01:12:22 2021 -0400
packet_tracer: fix trace condition for setting IP_PROTO
Signed-off-by: Ajay Mandadi <ajmandad@cisco.com>
Shravan Rangarajuvenkata (shrarang) [Tue, 30 Mar 2021 22:28:43 +0000 (22:28 +0000)]
Merge pull request #2813 in SNORT/snort3 from ~SHRARANG/snort3:appid_invalid_lua to master
Squashed commit of the following:
commit
8e18fcb2c5716b581b9a6ff1b0465ac9a5ae82cf
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Mar 8 18:30:06 2021 -0500
appid: clean up lua stack on C->lua function exit
Tom Peters (thopeter) [Tue, 30 Mar 2021 19:53:18 +0000 (19:53 +0000)]
Merge pull request #2817 in SNORT/snort3 from ~KATHARVE/snort3:h2i_hpack_fix to master
Squashed commit of the following:
commit
baf855dbcfe551ac5a42bec110adf53a958b281f
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Mar 26 14:28:53 2021 -0400
http2_inspect: fix possible read-after-free in hpack decoder
Masud Hasan (mashasan) [Tue, 30 Mar 2021 15:51:20 +0000 (15:51 +0000)]
Merge pull request #2812 in SNORT/snort3 from ~SMINUT/snort3:smbfp_ftd to master
Squashed commit of the following:
commit
dbfa20b6ac750dcc32956ecf5803c7fa0bcb212b
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Mar 24 19:24:42 2021 -0400
rna: add the smb fingerprint processor to the get_or_create / set processor api
Mike Stepanek (mstepane) [Tue, 30 Mar 2021 12:58:28 +0000 (12:58 +0000)]
Merge pull request #2807 in SNORT/snort3 from ~DKYRYLOV/snort3:copyright_update to master
Squashed commit of the following:
commit
95c183b195d6fa6f96c5489f5e9795107c4081bb
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Mar 23 13:41:57 2021 +0200
copyright: Update year to 2021
Michael Altizer (mialtize) [Sat, 27 Mar 2021 18:13:03 +0000 (18:13 +0000)]
Merge pull request #2814 in SNORT/snort3 from ~MIALTIZE/snort3:3_1_3_0 to master
Squashed commit of the following:
commit
80376763f888930cc887eb988326b4fdde38d06c
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Mar 27 11:43:36 2021 -0400
build: Generate and tag 3.1.3.0
This release requires LibDAQ 3.0.2.
Michael Altizer (mialtize) [Fri, 26 Mar 2021 19:20:37 +0000 (19:20 +0000)]
Merge pull request #2800 in SNORT/snort3 from ~BBANTWAL/snort3:ips_actions to master
Squashed commit of the following:
commit
9ea4a671998c7c5270d91ca26ee1cca8228030ff
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri Mar 26 12:08:39 2021 -0400
actions: dynamically construct the default eval order for all the loaded ips actions
commit
39c59c2dd92c4ad3b1ed1d3ac4914c511b5a7edf
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Sun Mar 21 13:07:52 2021 -0400
detection: Update the rtn's listHead to reflect the new action set in the rule state
commit
628648057da9d38fc7c212a209427623700efaa3
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Mar 25 09:48:18 2021 -0400
rate_filter: Get the available ips actions dynamically to configure the new_action
commit
15c13d82d360fc37aa83ebf30dea71b2877b5a14
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Mar 17 12:13:06 2021 -0400
snort_config: Remove is_active_enabled and set_active_enabled functions
commit
fce81b9ed016b3aa118371fec104cc3d62c5109b
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Mar 16 14:26:49 2021 -0400
snort2lua: delete conversion of disable_replace option
commit
13ad5f9b33620576f11483058425fc8b43031acc
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Mar 9 11:33:31 2021 -0500
actions: Make all IPS actions pluggable
* All actions, including the previously "built-in" actions, have been
refactored into a set of equal IPS action plugins. Each IPS action has
an immediate effect and may or may not contain an active response to be
carried out as a delayed action.
* The reset and reject IPS actions have been merged into a single
reject IPS action. The reject IPS action can no longer be built as a
dynamic plugin.
* All IPS actions will be instantiated in a default state in each IPS
policy where they have not been otherwise explicitly configured via a
module.
* The rewrite IPS action is no longer configurable and has lost its
module. Its active response priority has been corrected to AP_MODIFY.
* Rate filter thresholding has been corrected to apply to any IPS
action that drops traffic.
* Rule evaluation action ordering has been expanded to include all
IPS actions, static and dynamic. Dynamic actions will currently default
to the lowest priority.
Tom Peters (thopeter) [Wed, 24 Mar 2021 17:29:48 +0000 (17:29 +0000)]
Merge pull request #2799 in SNORT/snort3 from ~NIHDESAI/snort3:h2_uppercase_check to master
Squashed commit of the following:
commit
a0a75674bd8dd314db8551a187375ab5fbb3bc50
Author: Nihal Desai <nihdesai@cisco.com>
Date: Fri Mar 12 01:28:56 2021 -0500
http2_inspect: alert on uppercase header name encoded in HPACK
Tom Peters (thopeter) [Wed, 24 Mar 2021 16:05:05 +0000 (16:05 +0000)]
Merge pull request #2803 in SNORT/snort3 from ~THOPETER/snort3:nhttp156 to master
Squashed commit of the following:
commit
124ef14653ebd8c95178155ef5fa94d76cb60aa0
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Mar 17 13:46:37 2021 -0400
http_inspect: alert on HTTP/2 upgrade attempts
Pranav Bhalerao (prbhaler) [Wed, 24 Mar 2021 06:41:50 +0000 (06:41 +0000)]
Merge pull request #2805 in SNORT/snort3 from ~KRPRAJAP/snort3:pinhole_serv to master
Squashed commit of the following:
commit
ffc93030a0477fd864452bd5a01efeeef7e0f6e3
Author: Krithika Prajapathi <krprajap@cisco.com>
Date: Mon Mar 22 01:10:09 2021 -0400
log: pinhole serviceability
Masud Hasan (mashasan) [Tue, 23 Mar 2021 20:47:34 +0000 (20:47 +0000)]
Merge pull request #2810 in SNORT/snort3 from ~SMINUT/snort3:smbfp_fix to master
Squashed commit of the following:
commit
3fa6d18e0be33f4ebab458f5f690e3149b3d0b0a
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Mar 23 14:31:33 2021 -0400
rna: rename minor and major data members to avoid compiler warning
Masud Hasan (mashasan) [Tue, 23 Mar 2021 16:17:01 +0000 (16:17 +0000)]
Merge pull request #2792 in SNORT/snort3 from ~SMINUT/snort3:smbfp to master
Squashed commit of the following:
commit
727fcef5b3952eb13f895e3ea8fbb0075c4366d8
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Mar 11 15:43:57 2021 -0500
appid: smb fingerprinting support
rna: smb fingerprint support
Mike Stepanek (mstepane) [Tue, 23 Mar 2021 13:26:15 +0000 (13:26 +0000)]
Merge pull request #2801 in SNORT/snort3 from ~OSHUMEIK/snort3:dup_rtn_with_vars to master
Squashed commit of the following:
commit
2aaa48fd2e09639b937e61533b14d55544cb1355
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Mar 18 12:13:34 2021 +0200
parser: support duped RTN if its header has been changed
Mike Stepanek (mstepane) [Tue, 23 Mar 2021 13:05:23 +0000 (13:05 +0000)]
Merge pull request #2778 in SNORT/snort3 from ~OSERHIIE/snort3:javascript_normalization to master
Squashed commit of the following:
commit
5371730d74442a199d46ed862639172f18437193
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Feb 1 16:01:38 2021 +0200
http_inspect: add JavaScript whitespace normalization
http_inspect: integrate JSNormalizer (whitespace normalizzation) keeping the old one
http_inspect: add normalization_depth config option
utils: add JSNormalizer
cmake: add flex build dependency
doc: update http_inspect feature doc
Michael Altizer (mialtize) [Tue, 23 Mar 2021 01:38:42 +0000 (01:38 +0000)]
Merge pull request #2806 in SNORT/snort3 from ~MIALTIZE/snort3:goodbye_retry to master
Squashed commit of the following:
commit
3f880f91cec15ab7c551962f117a02124ae075d4
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 22 10:32:55 2021 -0400
packet_io: Update for the removal of the RETRY DAQ verdict
Shravan Rangarajuvenkata (shrarang) [Mon, 22 Mar 2021 18:35:40 +0000 (18:35 +0000)]
Merge pull request #2752 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_add_netbios_domain_to_logs to master
Squashed commit of the following:
commit
482176a1c83f2a63941308ec6dbef5f7f2109712
Author: cljudge <cljudge@cisco.com>
Date: Wed Feb 17 04:55:19 2021 -0500
appid: Make netbios domain available through appid api.
Tom Peters (thopeter) [Thu, 18 Mar 2021 15:17:42 +0000 (15:17 +0000)]
Merge pull request #2797 in SNORT/snort3 from ~MDAGON/snort3:detection to master
Squashed commit of the following:
commit
bbfa5a891df785f60d423c84c1c55b125b4c07f0
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Mar 15 16:04:54 2021 -0400
detection: update detection.alert, to be used instead of reputation.total_alerts
Bhagya Tholpady (bbantwal) [Thu, 18 Mar 2021 15:05:50 +0000 (15:05 +0000)]
Merge pull request #2788 in SNORT/snort3 from ~DKYRYLOV/snort3:dump_rule_meta_crash to master
Squashed commit of the following:
commit
01f2233993c744d01935e1fbe9a727555867ad8f
Author: dkyry <dkyrylov@cisco.com>
Date: Wed Mar 10 14:07:21 2021 +0200
detection: Update dump_rule_meta function to only print rules from default ips policy
Masud Hasan (mashasan) [Wed, 17 Mar 2021 20:53:12 +0000 (20:53 +0000)]
Merge pull request #2795 in SNORT/snort3 from ~MMATIRKO/snort3:hostclient_nullptr to master
Squashed commit of the following:
commit
d5789022476a59edec4cfd73eea23d53664cdda2
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Mar 11 15:15:57 2021 -0500
host_tracker: fully populate local hostclient before logging
Bhargava Jandhyala (bjandhya) [Wed, 17 Mar 2021 14:39:07 +0000 (14:39 +0000)]
Merge pull request #2798 in SNORT/snort3 from ~DIPANDIT/snort3:classify to master
Squashed commit of the following:
commit
5927f7dae46a8a82919942171f594320044baf8a
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Wed Mar 17 09:06:47 2021 -0400
dce_rpc: fix warning of empty body
Russ Combs (rucombs) [Tue, 16 Mar 2021 15:57:26 +0000 (15:57 +0000)]
Merge pull request #2790 in SNORT/snort3 from ~RUCOMBS/snort3:stylez to master
Squashed commit of the following:
commit
498f2ec03eda4d563554358acb56da12fa323a33
Author: russ <rucombs@cisco.com>
Date: Thu Mar 11 11:13:08 2021 -0500
style: Change C++ comment NULL to null
To make inappropriate use of NULL vs nullptr easier to spot.
Also, keep MPLS "NULL label" comments since that is normative.
commit
3cf4fc89961d26585a091ca2f04526f3098c9302
Author: russ <rucombs@cisco.com>
Date: Thu Mar 11 10:51:59 2021 -0500
style: Remove unnecessary cruft
commit
e8ec4040b2deabe46d7322191fc4087e92525d8e
Author: russ <rucombs@cisco.com>
Date: Thu Mar 11 10:38:41 2021 -0500
style: Remove unused cruft
Lokesh Bevinamarad (lbevinam) [Tue, 16 Mar 2021 07:55:49 +0000 (07:55 +0000)]
Merge pull request #2737 in SNORT/snort3 from ~DIPANDIT/snort3:classify to master
Squashed commit of the following:
commit
85f29b509d5b53795caffbd55a44991929bac49c
Author: Dipto Pandit <dipandit@cisco.com>
Date: Thu Oct 8 06:55:59 2020 -0400
dce_rpc: refactoring smb code
Changed old C style code to C++ code. Created classes for appropriate
structures and encapsulated the methods. maintained data boundary as
much as possible. Changed file structure to reduce clutter.
Russ Combs (rucombs) [Mon, 15 Mar 2021 19:09:14 +0000 (19:09 +0000)]
Merge pull request #2785 in SNORT/snort3 from ~RUCOMBS/snort3:dash_h to master
Squashed commit of the following:
commit
b929e28aecf5a4b9eb7ab8ccf5266971a53cc7ec
Author: russ <rucombs@cisco.com>
Date: Tue Mar 9 11:23:06 2021 -0500
snort: Add -h to output the help overview (same as --help)
Michael Altizer (mialtize) [Sat, 13 Mar 2021 15:40:16 +0000 (15:40 +0000)]
Merge pull request #2794 in SNORT/snort3 from ~SMULKA/snort3:dtrace_style to master
Squashed commit of the following:
commit
ecc98c4f141de36b9f334933c14247f0b95b2ea2
Author: smulka <smulka@cisco.com>
Date: Thu Mar 11 23:14:21 2021 -0500
packet_tracer: Remove unused pt_timer_start()
Michael Altizer (mialtize) [Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)]
Merge pull request #2771 in SNORT/snort3 from ~KBHANDAN/snort3:pt_shell_nonip to master
Squashed commit of the following:
commit
0e87af6c8591908e68e8e3b60f98ff593566ef96
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Tue Mar 2 11:35:49 2021 -0500
packet_tracer: Do not log non-IP packets when enabled from shell and when a constraint is set
Masud Hasan (mashasan) [Fri, 12 Mar 2021 15:14:19 +0000 (15:14 +0000)]
Merge pull request #2783 in SNORT/snort3 from ~ARMANDAV/snort3:passive to master
Squashed commit of the following:
commit
003c442bf581f1d77a2d17263b57728b132830f2
Author: Arun Mandava <armandav@cisco.com>
Date: Tue Mar 9 09:31:41 2021 -0500
rna: Make discovery filter to use client and server interfaces if they are not DAQ_PKTHDR_UNKNOWN
Pranav Bhalerao (prbhaler) [Fri, 12 Mar 2021 11:48:11 +0000 (11:48 +0000)]
Merge pull request #2782 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_lua to master
Squashed commit of the following:
commit
40ef99ede336f6b2970d1fc42846369a3b986232
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Mon Mar 8 03:48:53 2021 -0500
snort2lua: Fixing lua conversion of http preproc options
Michael Altizer (mialtize) [Thu, 11 Mar 2021 21:10:46 +0000 (21:10 +0000)]
Merge pull request #2791 in SNORT/snort3 from ~MIALTIZE/snort3:3_1_2_0 to master
Squashed commit of the following:
commit
61f2ce2932087540afd85ba847dd164bdb68dd25
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Mar 11 14:53:33 2021 -0500
build: Generate and tag 3.1.2.0
Michael Altizer (mialtize) [Thu, 11 Mar 2021 04:53:24 +0000 (04:53 +0000)]
Merge pull request #2789 in SNORT/snort3 from ~MIALTIZE/snort3:tidy to master
Squashed commit of the following:
commit
a5026537718b6da997ff33e4125e90a250b74486
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Mar 10 16:10:52 2021 -0500
build: Do one more pass of modernizing the C++ code
Mostly generated automatically from clang-tidy using:
- modernize-deprecated-headers
- modernize-redundant-void-arg
- modernize-use-bool-literals
- modernize-use-equals-default
- modernize-use-nullptr
- modernize-use-override
Michael Altizer (mialtize) [Wed, 10 Mar 2021 17:22:20 +0000 (17:22 +0000)]
Merge pull request #2786 in SNORT/snort3 from ~MIALTIZE/snort3:flowstats_style to master
Squashed commit of the following:
commit
29bb7fe503dc2b2a8a87a164717a124368db13df
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 9 21:46:30 2021 -0500
snort: Update for DAQ_FlowStats_t structure and field name changes
Michael Altizer (mialtize) [Tue, 9 Mar 2021 21:49:57 +0000 (21:49 +0000)]
Merge pull request #2784 in SNORT/snort3 from ~MIALTIZE/snort3:frag_off to master
Squashed commit of the following:
commit
764273f3debc314962f1f935e5127cdd679fb5ed
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 9 13:27:53 2021 -0500
ipv4: Correct the calculation for illegal fragment offset checks
Shravan Rangarajuvenkata (shrarang) [Tue, 9 Mar 2021 17:43:27 +0000 (17:43 +0000)]
Merge pull request #2780 in SNORT/snort3 from ~SATHIRKA/snort3:smtps_imaps_fix to master
Squashed commit of the following:
commit
338c24caf91f531338b043703ad2928819768006
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 4 17:07:27 2021 -0500
appid: Use opportunistic tls event to set decryption countdown for SMTP detector; Update IMAP service detector pattern
Shanmugam S (shanms) [Tue, 9 Mar 2021 16:22:13 +0000 (16:22 +0000)]
Merge pull request #2766 in SNORT/snort3 from ~SUNIMUKH/snort3:clear_global_counter to master
Squashed commit of the following:
commit
df425d8fc335ca5891200064f2c03b9b6f7d6892
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Feb 23 17:28:05 2021 -0500
module: Introduced new api to clear global active module counters
Lokesh Bevinamarad (lbevinam) [Tue, 9 Mar 2021 11:26:44 +0000 (11:26 +0000)]
Merge pull request #2763 in SNORT/snort3 from ~SMULKA/snort3:daq_trace to master
Squashed commit of the following:
commit
222b106f98bbade0ad7c89dbf526feea8fd1f46e
Author: smulka <smulka@cisco.com>
Date: Sat Feb 20 15:35:35 2021 -0500
packet_tracer: Added daq buffer to hold daq logs
Michael Altizer (mialtize) [Tue, 9 Mar 2021 03:56:50 +0000 (03:56 +0000)]
Merge pull request #2734 in SNORT/snort3 from ~BRASTULT/snort3:zip_data_desc to master
Squashed commit of the following:
commit
142372710cf9717980b1e2ab14f11c2f7ea5a18d
Author: Brandon Stultz <brastult@cisco.com>
Date: Wed Feb 3 00:23:10 2021 -0500
decompress: add support for streaming ZIPs
Michael Altizer (mialtize) [Tue, 9 Mar 2021 03:01:53 +0000 (03:01 +0000)]
Merge pull request #2729 in SNORT/snort3 from ~MIALTIZE/snort3:compound_codec to master
Squashed commit of the following:
commit
d38e1757de753e33fbd7eb86fdd47e7005367ba4
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 8 17:32:42 2021 -0500
snort_config: Clean up and annotate command line config merge process
commit
7ddcab755604935be48973c78b17ca70a1dc3eb4
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 2 15:30:14 2021 -0500
protocols: Add peg count for decodes that exceeded the max layers
Also, make sure that the alert for doing so only triggers once per
packet being decoded.
commit
4dbd0f9718ee3160864c760632dc8e4611101899
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Feb 2 18:25:29 2021 -0500
protocols: Add initial support for multilayer compound codecs
commit
6903a09c81e02f8dce04becc393edc26c1ce3b48
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Feb 1 12:29:19 2021 -0500
protocols: Consistently encapsulate exported protocol headers in the snort namespace
commit
e4f056d9fb416c0aaab573f6fa8d81c8f58367d1
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Jan 27 13:24:22 2021 -0500
log: Base logging the Ethernet header on proto bits rather than DLT
commit
d80dc65860f76d1f28e8c93dc832d66d65169e3e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Jan 11 20:43:46 2021 -0500
main: Fix accumulating and printing codec stats at run time
Michael Altizer (mialtize) [Mon, 8 Mar 2021 21:44:27 +0000 (21:44 +0000)]
Merge pull request #2744 in SNORT/snort3 from ~MIALTIZE/snort3:mpls to master
Squashed commit of the following:
commit
ee516377468dd17dfb4b1ff370d3912c96b29274
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
mpls: Add next layer autodetection and implement codec logging
The max_mpls_stack_depth and mpls_payload_type parameters of the MPLS
codec module have been renamed to max_stack_depth and payload_type
respectively to cut down on redundancy.
The EXP field in the MPLS header has been renamed to TC (traffic class)
per RFC5462. Previously available MPLS counters have been removed due
to being both inaccurate and not very valuable.
commit
c007bb268c0f94038e07646eb047f2f0659165a5
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
mpls: Refactor mpls.enable_mpls_overlapping_ip into packet.mpls_agnostic
commit
c00686eb8b98ccca8ca61cbd3517733ffe64802a
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
mpls: Remove enable_mpls_multicast option
The option was unused and MPLS multicast support is now always enabled.
commit
8b4edf540f2ac597e954b6edaace9e506d0d603a
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
loggers: Fix excessive byte reordering when printing MPLS labels in CSV and JSON
commit
ec4488602cf3e45ed4b5f7385f7acd9099078205
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
trans_bridge: Lift the log() implementation from the root Ethernet codec
Shravan Rangarajuvenkata (shrarang) [Fri, 5 Mar 2021 23:45:37 +0000 (23:45 +0000)]
Merge pull request #2777 in SNORT/snort3 from ~SHRARANG/snort3:appid_sub_policy to master
Squashed commit of the following:
commit
48ee239ce9197dcf6746dea9e77145e968a14322
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Thu Mar 4 15:37:49 2021 -0500
appid: get uri from http event even when http host is not present
commit
d1f81e06c96812def7e556f563bb011490ce2be4
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Mar 3 17:29:35 2021 -0500
appid: always get appid inspector from default inspection policy
Mike Stepanek (mstepane) [Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)]
Merge pull request #2776 in SNORT/snort3 from ~MDAGON/snort3:rep_peg to master
Squashed commit of the following:
commit
0ac10d96c7da3c9bb9055c3915380f7c5b934726
Author: mdagon <mdagon@cisco.com>
Date: Wed Mar 3 10:03:58 2021 -0500
reputation: add peg count for total alerts
Shanmugam S (shanms) [Fri, 5 Mar 2021 15:52:03 +0000 (15:52 +0000)]
Merge pull request #2757 in SNORT/snort3 from ~SUNIMUKH/snort3:elephant_flow to master
Squashed commit of the following:
commit
b28012491788b2a71dacda895d85fee6a9be3422
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Mon Feb 22 00:42:49 2021 -0500
flow: Add new flag to indicate elephant flow
Bhagya Tholpady (bbantwal) [Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)]
Merge pull request #2770 in SNORT/snort3 from ~SVLASIUK/snort3:doc_ips_states to master
Squashed commit of the following:
commit
1c155320fdadbb0513af094e96f98d034bf91c25
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Mar 2 14:35:09 2021 +0200
doc: update documentation for ips.states
Masud Hasan (mashasan) [Fri, 5 Mar 2021 13:39:42 +0000 (13:39 +0000)]
Merge pull request #2774 in SNORT/snort3 from ~MMATIRKO/snort3:funky_flush to master
Squashed commit of the following:
commit
12979dc9a9035a732d7be73a2a1b0d42000c97b8
Author: russ <rucombs@cisco.com>
Date: Mon Mar 1 10:21:38 2021 -0500
stream_tcp: Ensure flows aren't pruned while processing a PDU
Externally triggered flushes require a new context if a packet is not
already in play. All external flushes require a new packet.
Bhagya Tholpady (bbantwal) [Thu, 4 Mar 2021 23:18:44 +0000 (23:18 +0000)]
Merge pull request #2759 in SNORT/snort3 from ~OSHUMEIK/snort3:cvars to master
Squashed commit of the following:
commit
5a87d044fb559592ece9f0d340f79d1f330b3095
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Feb 16 17:09:05 2021 +0200
detection: use IP and port variables from the targeted policy
Port lists are updated for every duped RTN if its ports have been changed.
Steve Chew (stechew) [Thu, 4 Mar 2021 18:55:08 +0000 (18:55 +0000)]
Merge pull request #2772 in SNORT/snort3 from ~DERAMADA/snort3:ftp_held_pkt_detection to master
Squashed commit of the following:
commit
26c02c56d90d25bcbd9b8e62e1dcf0e12ca991df
Author: Deepak Ramadass <deramada@cisco.com>
Date: Thu Feb 25 11:04:05 2021 -0500
stream: set block pending flag when a flow is dropped
commit
dd01cd19943517c5dcada77d82c3079dd20a2c64
Author: Deepak Ramadass <deramada@cisco.com>
Date: Thu Feb 25 11:03:02 2021 -0500
ftp_telnet: implement init_partial_flush for ftp data
Michael Altizer (mialtize) [Wed, 3 Mar 2021 23:37:15 +0000 (23:37 +0000)]
Merge pull request #2754 in SNORT/snort3 from ~SPADALKA/snort3:perf_tracker_crash to master
Squashed commit of the following:
commit
f5cbcb1e165ad8c3ba18f921c0dd5dc2a656e9d7
Author: Satyajit Padalkar <spadalkar@gmail.com>
Date: Wed Mar 3 16:52:35 2021 -0500
perf_monitor: Fix finalizing JSON output files for trackers
Michael Altizer (mialtize) [Wed, 3 Mar 2021 22:20:58 +0000 (22:20 +0000)]
Merge pull request #2773 in SNORT/snort3 from ~MIALTIZE/snort3:textlog_format to master
Squashed commit of the following:
commit
cc15aa3048a4006dcede48ae2c74292f1185ef44
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 2 13:03:42 2021 -0500
log: Add printf format attribute to TextLog_Print() and clean up the fallout
Shanmugam S (shanms) [Wed, 3 Mar 2021 05:05:45 +0000 (05:05 +0000)]
Merge pull request #2403 in SNORT/snort3 from ~KBHANDAN/snort3:cleanup_cmd_line to master
Squashed commit of the following:
commit
1e5322ae5ba0f32c3af2ccf35d52c637a556ffe2
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Fri Aug 14 16:12:59 2020 -0400
snort_config: remove unnecessary command line options
Shanmugam S (shanms) [Tue, 2 Mar 2021 05:52:03 +0000 (05:52 +0000)]
Merge pull request #2746 in SNORT/snort3 from ~APOORAJ/snort3:portscan_fixit_delimiter to master
Squashed commit of the following:
commit
c4088ca495e7bb1cfb4e244243d43e3878a9de25
Author: Apoorv Raj <apooraj@cisco.com>
Date: Sat Feb 6 17:22:13 2021 -0500
portscan: Fix delimiter for ports in config
Shanmugam S (shanms) [Tue, 2 Mar 2021 05:49:36 +0000 (05:49 +0000)]
Merge pull request #2769 in SNORT/snort3 from ~PUNEETKU/snort3:pkt_cp_chry_pk to master
Squashed commit of the following:
commit
491324ec7ff4267206c353402e932a0fc91a0323
Author: Puneeth Kumar C V <puneetku@cisco.com>
Date: Fri Feb 19 00:32:34 2021 -0500
packet_capture: add group filter for packet capture
Shravan Rangarajuvenkata (shrarang) [Fri, 26 Feb 2021 20:02:45 +0000 (20:02 +0000)]
Merge pull request #2768 in SNORT/snort3 from ~SHRARANG/snort3:appid_cppcheck to master
Squashed commit of the following:
commit
540aa99530d3d7e9ff6282691891553fcb9153da
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Feb 26 12:41:42 2021 -0500
appid: fixes for cppcheck warnings
Steve Chew (stechew) [Fri, 26 Feb 2021 18:06:47 +0000 (18:06 +0000)]
Merge pull request #2747 in SNORT/snort3 from ~SBAIGAL/snort3:perf_ha to master
Squashed commit of the following:
commit
8a93f67c57c000a089e52459f3f6ddd425387a28
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Feb 18 16:31:11 2021 -0500
stream: do not update service from appid to host attributes if nothing is changed
commit
58111934f03848ddb29be00ba9268ca93d801262
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Feb 18 13:40:20 2021 -0500
host_attributes: updated api to reduce use of shared_pointer
commit
678f77983e959ac97e659ceb000dd3bcb4d05baa
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Feb 18 12:43:56 2021 -0500
binder: use service inspector caching to improve get_gadget() performance
Masud Hasan (mashasan) [Fri, 26 Feb 2021 01:31:39 +0000 (01:31 +0000)]
Merge pull request #2760 in SNORT/snort3 from ~MASHASAN/snort3:flush_on_fin_recv to master
Squashed commit of the following:
commit
2eab74e332742c3afbffbdcf2f366a90a7bcd0db
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu Feb 18 22:05:52 2021 -0500
stream_tcp: Flush queued segments when FIN is received
Bhagya Tholpady (bbantwal) [Thu, 25 Feb 2021 15:44:08 +0000 (15:44 +0000)]
Merge pull request #2767 in SNORT/snort3 from ~BBANTWAL/snort3:alias_fix to master
Squashed commit of the following:
commit
aec73724ee2ba89181730c41662031e90ef4232d
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Feb 24 16:55:10 2021 -0500
managers: Perform sanity checks on set_alias() parameters
Mike Stepanek (mstepane) [Thu, 25 Feb 2021 15:03:21 +0000 (15:03 +0000)]
Merge pull request #2764 in SNORT/snort3 from ~JRITTLE/snort3:iec104_trace_fix to master
Squashed commit of the following:
commit
888682bccf55b3b6f93c6d2a023fc295e34b99d6
Author: jrittle <jrittle@cisco.com>
Date: Wed Feb 24 09:40:49 2021 -0500
iec104: additional input sanitization, syntax, and style changes
Mike Stepanek (mstepane) [Wed, 24 Feb 2021 21:47:12 +0000 (21:47 +0000)]
Merge pull request #2765 in SNORT/snort3 from ~JRITTLE/snort3:doc_iec104_service_inspector to master
Squashed commit of the following:
commit
f6e25e62a7ab803c360f168349da23a6f6609db0
Author: jrittle <jrittle@cisco.com>
Date: Mon Feb 22 14:36:01 2021 -0500
iec104: adding documentation for iec104 service inspector
Mike Stepanek (mstepane) [Wed, 24 Feb 2021 02:25:20 +0000 (02:25 +0000)]
Merge pull request #2743 in SNORT/snort3 from ~JRITTLE/snort3:iec104_service_inspector to master
Squashed commit of the following:
commit
4f3019db2c8f24111cbf99e154feb30f1876ef70
Author: jrittle <jrittle@cisco.com>
Date: Tue Feb 23 14:20:42 2021 -0500
iec104: integrating new iec104 protocol service inspector
Shravan Rangarajuvenkata (shrarang) [Wed, 24 Feb 2021 00:56:52 +0000 (00:56 +0000)]
Merge pull request #2762 in SNORT/snort3 from ~SATHIRKA/snort3:optimize_loading_lua_detectors to master
Squashed commit of the following:
commit
38a9cd5cffc0e971391be078f2499f04085e37ae
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Dec 14 16:11:23 2020 -0500
appid: Load lua detectors for packet threads from compiled lua bytecode during detector reload
Bhagya Tholpady (bbantwal) [Tue, 23 Feb 2021 22:57:46 +0000 (22:57 +0000)]
Merge pull request #2741 in SNORT/snort3 from ~BBANTWAL/snort3:binder_aliases to master
Squashed commit of the following:
commit
9ca8c58d0bf04b18e4441bed7e9b61c42c984688
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Feb 10 14:19:28 2021 -0500
managers: enforce strict parsing for binder aliases
1. don't load aliased table when alias type is not known
2. don't load aliased table when alias type is not bindable
3. error and don't load aliased table when alias name is not empty
and alias type is a singleton (global usage)
4. error and don't load aliased table when alias name is a known module
Bhagya Tholpady (bbantwal) [Tue, 23 Feb 2021 19:59:35 +0000 (19:59 +0000)]
Merge pull request #2750 in SNORT/snort3 from ~SVLASIUK/snort3:pcre_relative to master
Squashed commit of the following:
commit
c23a528787f8a0f9d7052e6e0dba7c84b17473ae
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Thu Feb 11 18:29:10 2021 +0200
ips_options: update cursor position for relative pcre
Steve Chew (stechew) [Tue, 23 Feb 2021 15:49:02 +0000 (15:49 +0000)]
Merge pull request #2738 in SNORT/snort3 from ~DERAMADA/snort3:reputation_cleanup to master
Squashed commit of the following:
commit
82c01b1afb0e625f836a7ae09ae0df5098024aff
Author: Deepak Ramadass <deramada@cisco.com>
Date: Wed Feb 10 11:21:08 2021 -0500
reputation: remove redundant terms
Mike Stepanek (mstepane) [Tue, 23 Feb 2021 13:01:41 +0000 (13:01 +0000)]
Merge pull request #2756 in SNORT/snort3 from ~MDAGON/snort3:rst_frame to master
Squashed commit of the following:
commit
54dc3d9568f8cc05da2b84a6457f131bc589912f
Author: mdagon <mdagon@cisco.com>
Date: Fri Jan 22 15:18:07 2021 -0500
http2_inspect: process rst_stream frame
Bhargava Jandhyala (bjandhya) [Mon, 22 Feb 2021 05:16:59 +0000 (05:16 +0000)]
Merge pull request #2751 in SNORT/snort3 from ~DIPANDIT/snort3:smb1_file_api to master
Squashed commit of the following:
commit
2c8805d21d2106d95ea496a320bcf4898bb4e4fe
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Mon Feb 15 04:20:50 2021 -0500
dce_rpc: pass proper file id in file api from smb1
Masud Hasan (mashasan) [Fri, 19 Feb 2021 21:48:27 +0000 (21:48 +0000)]
Merge pull request #2753 in SNORT/snort3 from ~ARMANDAV/snort3:oomkill to master
Squashed commit of the following:
commit
41f16cfa0a59259aabc849b50ac39b16868fed88
Author: Arun Mandava <armandav@cisco.com>
Date: Thu Feb 11 20:50:55 2021 -0500
memory: free memory space while updating allocation
Mike Stepanek (mstepane) [Fri, 19 Feb 2021 19:55:19 +0000 (19:55 +0000)]
Merge pull request #2740 in SNORT/snort3 from ~MDAGON/snort3:chunk_partial to master
Squashed commit of the following:
commit
4549c4b769a5cb8f0cc2535385a1525dcc0da6e1
Author: mdagon <mdagon@cisco.com>
Date: Thu Jan 28 09:12:47 2021 -0500
http_inspect: partial inspection for 0 length chunk
Mike Stepanek (mstepane) [Thu, 18 Feb 2021 20:39:50 +0000 (20:39 +0000)]
Merge pull request #2755 in SNORT/snort3 from ~THOPETER/snort3:di_reversion to master
Squashed commit of the following:
commit
182ae204f53679e1a86031649361399cf757637f
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Feb 18 13:44:19 2021 -0500
http_inspect: temporarily restore detained_inspection parameter
Shravan Rangarajuvenkata (shrarang) [Thu, 18 Feb 2021 19:51:10 +0000 (19:51 +0000)]
Merge pull request #2749 in SNORT/snort3 from ~SHRARANG/snort3:appid_remove_forecast to master
Squashed commit of the following:
commit
8b16b5b54d078478ddffa3b4899b68eda7a4641d
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Feb 12 17:17:55 2021 -0500
appid: remove app forecast method
Mike Stepanek (mstepane) [Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)]
Merge pull request #2745 in SNORT/snort3 from ~MDAGON/snort3:doc_remove_detained to master
Squashed commit of the following:
commit
18a1323b4462d37298071fa023a070b3d2786a7b
Author: mdagon <mdagon@cisco.com>
Date: Fri Feb 12 17:02:33 2021 -0500
doc: remove http detained inspection from user manual
Mike Stepanek (mstepane) [Wed, 17 Feb 2021 12:29:35 +0000 (12:29 +0000)]
Merge pull request #2748 in SNORT/snort3 from ~THOPETER/snort3:nhttp155 to master
Squashed commit of the following:
commit
f6efaf5d3ed10d81275a38931dcaeba00b4564ab
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Feb 15 17:11:57 2021 -0500
http_inspect: remove detained inspection
Mike Stepanek (mstepane) [Fri, 12 Feb 2021 14:08:35 +0000 (14:08 +0000)]
Merge pull request #2742 in SNORT/snort3 from ~THOPETER/snort3:nhttp154 to master
Squashed commit of the following:
commit
9c6dd8194ed2f3549d7731affc566dc7127a4801
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Feb 11 13:35:28 2021 -0500
http_inspect: IPv6 authority in URI
commit
ab9cb850c58828dc3ecebe67c3345019dd5433d6
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Feb 8 11:46:48 2021 -0500
http_inspect: Javascript support cleanup
Michael Altizer (mialtize) [Thu, 11 Feb 2021 19:11:52 +0000 (19:11 +0000)]
Merge pull request #2739 in SNORT/snort3 from ~MIALTIZE/snort3:binder_stuff2 to master
Squashed commit of the following:
commit
b38c4c0fbf677313717ccc289a77cbacb4f047ab
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Feb 9 12:13:25 2021 -0500
ftp_telnet: Respect telnet_cmds config for raising 125:1
commit
9ab2924a28b50726a8d185eaae10990d7b224cb6
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 4 12:35:21 2021 -0500
binder: Apply host attribute table information at the beginning of flow setup
commit
d794f0481b9e1d886fe65ae0cec87e6af33ecd76
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Dec 4 15:26:00 2020 -0500
binder: Use the first match for non-terminal binding usage
commit
76d7cea0d784afcab575a173c57c8a65ac0a6153
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Dec 4 15:13:31 2020 -0500
binder: Clean up std namespace usage
commit
464fd2c44019b3a48c8c44c6b9c7bed82b3dc0b2
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Dec 4 14:51:22 2020 -0500
inspector_manager: Instantiate default binder as long as a wizard or stream are present
commit
7f0be69877ff16e0fc74716c0c73e9850eca1a46
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Dec 3 15:05:37 2020 -0500
module_manager: Enforce interest in global modules only in the default policy
commit
0cacbbc73299aecd52ba1f08700fb996c089a8a0
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Dec 16 13:49:06 2020 -0500
action_manager: Remove unused cached reject action
Bhagya Tholpady (bbantwal) [Thu, 11 Feb 2021 17:30:00 +0000 (17:30 +0000)]
Merge pull request #2733 in SNORT/snort3 from ~OSHUMEIK/snort3:sslv2_curse to master
Squashed commit of the following:
commit
af61d25062a0f28247cd017cd9a2f4269f0655bc
Author: ryanhoff <ryanhoff@cisco.com>
Date: Tue Jan 21 16:55:33 2020 -0500
wizard: add support for sslv2 detection
The curse ignores specs/challenge/session_id length values.
It's up to the inspector to decide about it.
Bhagya Tholpady (bbantwal) [Thu, 11 Feb 2021 17:24:39 +0000 (17:24 +0000)]
Merge pull request #2736 in SNORT/snort3 from ~OSHUMEIK/snort3:default_module_end to master
Squashed commit of the following:
commit
597c069734ebcddf8763bbde18bf4d48adf430ae
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Feb 5 16:00:28 2021 +0200
managers: pass the configuration to default module's end()
Thanks to W. Michael Petullo for reporting the issue.
Shravan Rangarajuvenkata (shrarang) [Tue, 9 Feb 2021 14:11:48 +0000 (14:11 +0000)]
Merge pull request #2735 in SNORT/snort3 from ~SHRARANG/snort3:appid_remove_obsolete_detectors to master
Squashed commit of the following:
commit
37dc196d8111a349c7acb34d2333a70dc1d6fde1
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Feb 5 09:45:23 2021 -0500
appid: remove detectors for obsolete apps - AOL instant messenger and Yahoo messenger
Naveen Gujje (ngujje) [Tue, 9 Feb 2021 08:02:35 +0000 (08:02 +0000)]
Merge pull request #2668 in SNORT/snort3 from ~SUNIMUKH/snort3:clear_counter to master
Squashed commit of the following:
commit
edc690f9464477764c96dbc175411d6e2b0e543f
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Dec 8 03:14:39 2020 -0500
snort: clear snort counter for modules, daq, file_id, appid
Masud Hasan (mashasan) [Mon, 8 Feb 2021 14:36:43 +0000 (14:36 +0000)]
Merge pull request #2727 in SNORT/snort3 from ~SMINUT/snort3:rna_netbios to master
Squashed commit of the following:
commit
b3850b1ddb6329274d502de7c4c7312cf8f0207b
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Jan 29 12:30:22 2021 -0500
rna: discover NetBIOS name
Discover NetBIOS in appid, publish an event and log it in rna.
Naveen Gujje (ngujje) [Fri, 5 Feb 2021 06:05:22 +0000 (06:05 +0000)]
Merge pull request #2662 in SNORT/snort3 from ~APOORAJ/snort3:port_scan_fixes to master
Squashed commit of the following:
commit
27a5e5b0592fe2a2d8102385755223f51edc6f3b
Author: Apoorv Raj <apooraj@cisco.com>
Date: Tue Dec 22 05:05:08 2020 -0500
portscan: fix decoy and distributed scan logic
commit
508c3052a2f17456ca68389722438cd48c78bf5d
Author: Apoorv Raj <apooraj@cisco.com>
Date: Mon Dec 7 02:14:42 2020 -0500
portscan: Fix IP scans not alerting
Mike Stepanek (mstepane) [Thu, 4 Feb 2021 19:24:28 +0000 (19:24 +0000)]
Merge pull request #2732 in SNORT/snort3 from ~THOPETER/snort3:nhttp153 to master
Squashed commit of the following:
commit
3f388128feedc0ece93e4312f48feafb69a1cb4d
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Jan 29 17:11:40 2021 -0500
http_inspect: remove unused events
Masud Hasan (mashasan) [Wed, 3 Feb 2021 15:35:03 +0000 (15:35 +0000)]
Merge pull request #2731 in SNORT/snort3 from ~ARMANDAV/snort3:napbug to master
Squashed commit of the following:
commit
4152a7d9d0d407bcd976cf00c344e3e653d69343
Author: Arun Mandava <armandav@cisco.com>
Date: Mon Feb 1 13:26:24 2021 -0500
stream: always use latest splitter from tracker after paf_check
Bhargava Jandhyala (bjandhya) [Wed, 3 Feb 2021 05:12:00 +0000 (05:12 +0000)]
Merge pull request #2730 in SNORT/snort3 from ~DIPANDIT/snort3:handle_async to master
Squashed commit of the following:
commit
904c98bc58f715b3369622c07fe727e2492d904f
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Fri Jan 29 05:52:41 2021 -0500
dce_rpc: handle async responses in smbv2
Masud Hasan (mashasan) [Tue, 2 Feb 2021 18:28:20 +0000 (18:28 +0000)]
Merge pull request #2718 in SNORT/snort3 from ~MASHASAN/snort3:tcp_dso to master
Squashed commit of the following:
commit
4cc835adb34938ecb1e9c1b9c9e5bf914ed09558
Author: Masud Hasan <mashasan@cisco.com>
Date: Sun Jan 17 20:34:34 2021 -0500
stream_tcp: Supporting data on SYN by default with or without Fast Open option
Shravan Rangarajuvenkata (shrarang) [Mon, 1 Feb 2021 22:36:59 +0000 (22:36 +0000)]
Merge pull request #2728 in SNORT/snort3 from ~SHRARANG/snort3:file_magic_pcap to master
Squashed commit of the following:
commit
b042f7abee48221fa96006d8151d35aab2973e67
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Feb 1 14:33:49 2021 -0500
file_magic: add pattern for pcapng
Shravan Rangarajuvenkata (shrarang) [Mon, 1 Feb 2021 17:05:13 +0000 (17:05 +0000)]
Merge pull request #2724 in SNORT/snort3 from ~AGIURGIU/snort3:pcapng_pattern to master
Squashed commit of the following:
commit
79691dc526824df6b74f77c777572f6810058c74
Author: Alexandru Giurgiu <agiurgiu@cisco.com>
Date: Thu Jan 28 13:10:29 2021 +0200
file_magic: New pattern for pcapng
Mike Stepanek (mstepane) [Fri, 29 Jan 2021 16:27:13 +0000 (16:27 +0000)]
Merge pull request #2721 in SNORT/snort3 from ~KATHARVE/snort3:h2i_stream_limit to master
Squashed commit of the following:
commit
8dc19216a06d0e2b18fc4f02aabc4b2955e2e65e
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Jan 22 14:46:34 2021 -0500
http2_inspect: limit number of concurrent streams
Shravan Rangarajuvenkata (shrarang) [Thu, 28 Jan 2021 20:26:15 +0000 (20:26 +0000)]
Merge pull request #2722 in SNORT/snort3 from ~SATHIRKA/snort3:reload_detectors_response to master
Squashed commit of the following:
commit
6af6fafdf8634b8176bf7dcd040d0014e769aca5
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Jan 26 13:09:14 2021 -0500
appid: Send reloading detectors message to socket immediately
Michael Altizer (mialtize) [Thu, 28 Jan 2021 16:08:58 +0000 (16:08 +0000)]
Merge pull request #2725 in SNORT/snort3 from ~MIALTIZE/snort3:3_1_1_0 to master
Squashed commit of the following:
commit
094794410a5872f3da801bc83644d481489dcfb1
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Jan 28 10:46:22 2021 -0500
build: Generate and tag 3.1.1.0
projects / thirdparty / snort3.git / log
