]>
git.ipfire.org Git - thirdparty/snort3.git/log
Mike Stepanek (mstepane) [Tue, 5 Nov 2019 14:25:08 +0000 (09:25 -0500)]
Merge pull request #1827 in SNORT/snort3 from ~KATHARVE/snort3:h2i_code_coverage to master
Squashed commit of the following:
commit
fb6ef30804b7463b132fac75af68005fe9fce16e
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Oct 28 14:53:03 2019 -0400
http2_inspect: fix bugs in splitting long data frames and padding
Mike Stepanek (mstepane) [Tue, 5 Nov 2019 13:45:10 +0000 (08:45 -0500)]
Merge pull request #1834 in SNORT/snort3 from ~KATHARVE/snort3:remove_fileclose to master
Squashed commit of the following:
commit
8ecbf015c21ae73d85da004aee4938c82742ebd5
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 4 15:54:16 2019 -0500
http_inspect: remove deprecated @fileclose command from test tool
Russ Combs (rucombs) [Mon, 4 Nov 2019 15:15:45 +0000 (10:15 -0500)]
Merge pull request #1825 in SNORT/snort3 from ~RUCOMBS/snort3:talos_alignment to master
Squashed commit of the following:
commit
08d2f79e350a96c4359e7169ff1369e97f86f458
Author: russ <rucombs@cisco.com>
Date: Fri Nov 1 10:22:36 2019 -0400
search_engine: stop searching if queue limit is reached
commit
6e23316f0236958c4656610bdc1bad3a164c1a9f
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 18:46:47 2019 -0400
lua: tweak default conf and add tweaks for various scenarios
Remove perf related configs from default snort.lua. These depend
on the specific deployment.
Add lua files for connectivity, balanced, security, and max detect
which provide an easy way to start tuning your config.
commit
e1bc66e26d8b042153e8c41ba7f05526f4bdab38
Author: russ <rucombs@cisco.com>
Date: Mon Nov 4 07:42:01 2019 -0500
imap, pop, smtp: changed default decode depths to unlimited
commit
d93e7ec438fec3ecbfd404fb33e0f1e5a8283846
Author: russ <rucombs@cisco.com>
Date: Fri Nov 1 10:15:42 2019 -0400
http_inspect: change accelerated_blocking to detained_inspection
commit
8f93239ab64372053cd7c1c1806b03e5b6768e54
Author: russ <rucombs@cisco.com>
Date: Wed Oct 30 07:57:54 2019 -0400
ips_option::enable: fix dynamic plugin build
commit
d803c6f0c428dfd491733db4f18311157a7247d6
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 22:09:28 2019 -0400
detection: negated fast patterns are last choice
commit
1b9bfcaa59a55b43f17817d6a2ad351aab9ec4af
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 13:34:27 2019 -0400
ips: define a builtin GID range to prevent unloaded SIDs from firing on all packets
100 <= GID <= 999 defines a builtin rule range such that SIDs from GIDs in this range
that are configured won't fire unless the module is loaded and configured. This is
helpful when a dynamic plugin is not loaded. It is possible to have builtin GIDs
outside this range, but they may fire inadvertently.
Also, note that "builtin" rules doesn't include just statically linked modules. Any
plugin generator (excluding text rules and SO rules) is considered "builtin".
Exception to the above is granted for the old SDF (138) generator from Snort 2.
Rules for GID 138 may appear as a result of snort2lua or user porting efforts so
it is not considered a builtin rule.
commit
d6f3553be176e7e916c627a2235546d5b0bf99a3
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 11:13:50 2019 -0400
port_scan: increase default memcap to a more reasonable 10M
commit
1ec6e5825939555a5924de522ae5608a49f98c69
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 11:12:07 2019 -0400
telnet: fix check_encrypted help string
commit
b30cebb995019ef83de4d9cd52a9d2f929a006c9
Author: russ <rucombs@cisco.com>
Date: Sat Oct 26 19:43:19 2019 -0400
dce_smb: deprecate config for smb_file_inspection, use smb_file_depth only
commit
147827d7a3228ebabf973ff1a188b13d4f50d939
Author: russ <rucombs@cisco.com>
Date: Tue Oct 22 14:36:07 2019 -0400
normalizer: make tcp.ips defaults to true
Mike Stepanek (mstepane) [Mon, 4 Nov 2019 13:59:47 +0000 (08:59 -0500)]
Merge pull request #1807 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_reload_memcap to master
Squashed commit of the following:
commit
b127a8a89a00336480bdf9cfb6c196c8db8d93ca
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Aug 20 11:40:34 2019 -0400
stream: implement reload resource tuner for stream to adjust the number of flow objects as needed when the stream 'max_flows' configuration option changes
Shravan Rangarajuvenkata (shrarang) [Fri, 1 Nov 2019 17:26:43 +0000 (13:26 -0400)]
Merge pull request #1831 in SNORT/snort3 from ~SATHIRKA/snort3:dns_compression_ptr to master
Squashed commit of the following:
commit
575eea2d85c85fa31aa73ff86d77c3ce85bd54ea
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Oct 31 17:53:36 2019 -0400
appid: Handle DNS responses with compression pointers at last record
Shravan Rangarajuvenkata (shrarang) [Fri, 1 Nov 2019 01:47:54 +0000 (21:47 -0400)]
Merge pull request #1751 in SNORT/snort3 from ~PRDAMODH/snort3:S7COMMPLUS-dev to master
Squashed commit of the following:
commit
c5548d43e80b6dd1534e2e7a218c6bc5e2ff1200
Author: Pradeep Damodharan <prdamodh@cisco.com>
Date: Wed Sep 18 15:54:12 2019 -0400
s7commplus: Initial working version of s7commplus service inspector
Russ Combs (rucombs) [Thu, 31 Oct 2019 20:18:02 +0000 (16:18 -0400)]
Merge pull request #1828 in SNORT/snort3 from ~RUCOMBS/snort3:build_263 to master
Squashed commit of the following:
commit
b1535e331687f558ec09d20be09e74783c9d1e84
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Oct 31 10:30:57 2019 -0400
build: generate and tag build 263
Shravan Rangarajuvenkata (shrarang) [Thu, 31 Oct 2019 14:34:45 +0000 (10:34 -0400)]
Merge pull request #1824 in SNORT/snort3 from ~SHRARANG/snort3:appid_dns_bad_host_name to master
Squashed commit of the following:
commit
c098d77166f81c6d9ec064991d4bf8ddd7b2cea9
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Oct 25 15:06:02 2019 -0400
appid: handle malformed DNS host name
Mike Stepanek (mstepane) [Wed, 30 Oct 2019 16:22:01 +0000 (12:22 -0400)]
Merge pull request #1815 in SNORT/snort3 from ~KATHARVE/snort3:h2i_request_start_line to master
Squashed commit of the following:
commit
2efd67923bc0de65e7282e3a1387884f39279c7b
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Oct 21 09:37:41 2019 -0400
http2_inspect: generate request start line from pseudo-headers
Russ Combs (rucombs) [Tue, 29 Oct 2019 21:06:50 +0000 (17:06 -0400)]
Merge pull request #1787 in SNORT/snort3 from ~BRASTULT/snort3:boyer_moore to master
Squashed commit of the following:
commit
c38c3e1dc80b15da5ebc4423662efffe94b585cd
Author: Brandon Stultz <brastult@cisco.com>
Date: Mon Oct 7 18:29:14 2019 -0400
content: rewrite boyer_moore for performance
Mike Stepanek (mstepane) [Tue, 29 Oct 2019 19:37:26 +0000 (15:37 -0400)]
Merge pull request #1812 in SNORT/snort3 from ~SMINUT/snort3:tcp_reassembler_int2uint to master
Squashed commit of the following:
commit
9ac10d66c206a949d9e7713bffd23ce14f65ef80
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Oct 22 11:41:56 2019 -0400
stream: change int16_t to uint16_t in the signature of TcpReassembler::add_reassembly_segment().
Do not use tsn->next->c_len when setting PKT_PDU_TAIL in TcpReassembler::flush_data_segments().
Steve Chew (stechew) [Mon, 28 Oct 2019 23:56:09 +0000 (19:56 -0400)]
Merge pull request #1813 in SNORT/snort3 from ~RUCOMBS/snort3:conf_loading to master
Squashed commit of the following:
commit
6ccd7795e4be8bd78c937316a7733326676e9f7b
Author: russ <rucombs@cisco.com>
Date: Mon Oct 28 16:05:22 2019 -0400
rule_state: use more accurate error message and other internal fixes
commit
17249d6de69dd6d4f7361052eb3328fae497b2ac
Author: russ <rucombs@cisco.com>
Date: Tue Oct 22 19:30:42 2019 -0400
ips: add states member to allow separate configs for rules and states
commit
ea165938df076947a3afb2c21649536404d66027
Author: russ <rucombs@cisco.com>
Date: Tue Oct 22 19:03:56 2019 -0400
rule_state: restore to facilitate continuous delivery
commit
a05f4fb5201833fb1aff644a2cce0007c72b04fc
Author: russ <rucombs@cisco.com>
Date: Mon Oct 21 08:09:44 2019 -0400
ips_option::enable: default gid = 1 as with text rules
commit
815cb7d64a3261ad22d38d8c3c4ebf692911813b
Author: russ <rucombs@cisco.com>
Date: Mon Oct 21 07:54:32 2019 -0400
ips_option::enable: invalid gid, sid is just a warning
commit
32c5ee376908c23b1dafb87c20b6103e7f902382
Author: russ <rucombs@cisco.com>
Date: Sun Oct 20 09:12:14 2019 -0400
snort: dump gids and sids in sorted order
commit
4106d2784a59f7e2077dcc43966f571d70a48971
Author: russ <rucombs@cisco.com>
Date: Sat Oct 19 10:11:11 2019 -0400
rule_state: replace with rule option enable
The enable option is used in rule stubs that set the state of a rule in the
current ips policy. The rule may have been loaded in the current or any other
ips policy. Text rule stubs are preferred over large LuaJIT tables since the
latter have limit of 64K constants per function and each row consumes one
constant. The stubs have the same rule syntax as text rules and can be defined
in alll the same places (ips.rules, ips.include, snort -R, snort
--stdin-rules). enable may be set to no, yes, or inherit and defaults to yes.
commit
ba221295e607fa5a89dd3ff59d688f43bcddf8e7
Author: russ <rucombs@cisco.com>
Date: Fri Oct 18 10:58:40 2019 -0400
framework: map parameters for faster lookup
commit
39eed8eb4700a4dbca41381b438d48b4a441af55
Author: russ <rucombs@cisco.com>
Date: Thu Oct 17 20:28:12 2019 -0400
rule_state: ensure later entries override first
commit
2094997a2d7c55de3f0af390dc415fb9e6ffa4b9
Author: russ <rucombs@cisco.com>
Date: Wed Oct 16 23:45:31 2019 -0400
style: miscellaneous fixups
commit
d98beb407148807943771e5ff13774bb1f6f2899
Author: Steve Chew <stechew@cisco.com>
Date: Wed Oct 9 11:28:40 2019 -0400
managers: Improve performance by using map instead of list for IPS options.
commit
590e5743d25952dc2259344c9a62df7b7e148d06
Author: Steve Chew <stechew@cisco.com>
Date: Wed Oct 9 01:23:19 2019 -0400
managers: Improve performance by using hash table instead of list for modules.
commit
df0530c469c50383d9da4976c073b02f4d20d051
Author: russ <rucombs@cisco.com>
Date: Mon Oct 14 11:08:39 2019 -0400
help: remove obsoleted require(snort_config) from --dump-defaults output
commit
740b16e3b0d89649f0cf3236a0fcbfc996356235
Author: russ <rucombs@cisco.com>
Date: Mon Oct 14 08:16:51 2019 -0400
rule_state: switch back to standard syntax
commit
8b44fc699329a64409ccb558be8ddc8b23133a54
Author: russ <rucombs@cisco.com>
Date: Mon Oct 14 08:16:21 2019 -0400
lua: do not traverse tables needlessly
Michael Altizer (mialtize) [Mon, 28 Oct 2019 14:09:14 +0000 (10:09 -0400)]
Merge pull request #1822 in SNORT/snort3 from ~SBAIGAL/snort3:databus_utest to master
Squashed commit of the following:
commit
19facb8667cfdbca840d17050e8c0662c72d7c59
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Oct 24 10:48:14 2019 -0400
data_bus: add unit test cases
Steve Chew (stechew) [Fri, 25 Oct 2019 17:31:13 +0000 (13:31 -0400)]
Merge pull request #1739 in SNORT/snort3 from ~BBANTWAL/snort3:mpse_stash_fix to master
Squashed commit of the following:
commit
94b58403014d34f2160aceb3c4d6ab6bfbb89ae0
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Sep 9 12:40:23 2019 -0400
detection: change the hardcoded stash max to configurable one, convert the stash queue to vector, and add new pegcounts for stash overruns
Michael Altizer (mialtize) [Fri, 25 Oct 2019 02:11:24 +0000 (22:11 -0400)]
Merge pull request #1817 in SNORT/snort3 from ~MIALTIZE/snort3:checksum_offsets to master
Squashed commit of the following:
commit
344219c01b7e1e8fe5912018441d29fd8aaf6b44
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Oct 24 12:50:23 2019 -0400
codecs: Relax requirement for DAQ packet decode data offsets when bypassing checksums
Only perform the offset sanity checking during checksum bypass
evaluation if the offset has been explicitly set in the packet decode
data. Otherwise, assume that the relevant checksum validation applies
to the current instance of the protocol.
Michael Altizer (mialtize) [Thu, 24 Oct 2019 22:13:42 +0000 (18:13 -0400)]
Merge pull request #1821 in SNORT/snort3 from ~MASHASAN/snort3:umap_find to master
Squashed commit of the following:
commit
76fd90fe0d4c2d5be45f900600398224ccf3b25f
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu Oct 24 13:38:31 2019 -0400
policy: Avoid unintended insertion of policy into map if it does not exist
Mike Stepanek (mstepane) [Wed, 23 Oct 2019 12:40:46 +0000 (08:40 -0400)]
Merge pull request #1811 in SNORT/snort3 from ~THOPETER/snort3:nhttp128 to master
Squashed commit of the following:
commit
2020c443a5f649cfca30e0957378edb5bfa62ad7
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Oct 18 11:32:15 2019 -0400
http_inspect: test tool single-direction abort fix
Steve Chew (stechew) [Tue, 22 Oct 2019 20:31:36 +0000 (16:31 -0400)]
Merge pull request #1775 in SNORT/snort3 from ~SBAIGAL/snort3:default_pub_subs to master
Squashed commit of the following:
commit
8c7d0ffc284e7fe8e3fba15d0f9eec287b0f847c
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Sep 26 16:06:24 2019 -0400
pub_subs: made default pub_subs policy-independent
Michael Altizer (mialtize) [Tue, 22 Oct 2019 17:50:32 +0000 (13:50 -0400)]
Merge pull request #1810 in SNORT/snort3 from ~SBAIGAL/snort3:dns_thread_local_fix to master
Squashed commit of the following:
commit
10494a848f9757b40c049cc43bede52b5800cca6
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Oct 21 15:43:06 2019 -0400
dns: made changes to make sure DNS parsing is thread safe
Mike Stepanek (mstepane) [Tue, 22 Oct 2019 16:17:26 +0000 (12:17 -0400)]
Merge pull request #1802 in SNORT/snort3 from ~DERAMADA/snort3:h2i_header_decode_error_abort to master
Squashed commit of the following:
commit
e68cab344dfd15d2c1abbfb214409c6c22d0c741
Author: deramada <deramada@cisco.com>
Date: Tue Oct 15 15:40:55 2019 -0400
http2_inspect: abort on header decode error
Russ Combs (rucombs) [Tue, 22 Oct 2019 13:54:56 +0000 (09:54 -0400)]
Merge pull request #1806 in SNORT/snort3 from ~STECHEW/snort3:handle_invalid_acks_v2 to master
Squashed commit of the following:
commit
a8ff46342ba2547b7bef27e529013a047aff6f22
Author: Steve Chew <stechew@cisco.com>
Date: Thu Oct 17 14:47:10 2019 -0400
stream_tcp: If no-ack is on, rewrite ACK value to be the expected ACK.
Shravan Rangarajuvenkata (shrarang) [Tue, 22 Oct 2019 13:24:20 +0000 (09:24 -0400)]
Merge pull request #1808 in SNORT/snort3 from ~SHRARANG/snort3:appid_inferred_svc_versioning to master
Squashed commit of the following:
commit
ca9b2578a0e6377aa4a66edc1358f2652e88ae1d
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Oct 18 16:34:32 2019 -0400
appid: check inferred services in host cache only if there were updates
Shravan Rangarajuvenkata (shrarang) [Fri, 18 Oct 2019 16:25:21 +0000 (12:25 -0400)]
Merge pull request #1803 in SNORT/snort3 from ~SATHIRKA/snort3:userappid_conf to master
Squashed commit of the following:
commit
cdab8058b0bd8ef59923dc978d09e279e5f0b8bc
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Oct 16 11:37:05 2019 -0400
appid: Updating the path to userappid.conf
Michael Altizer (mialtize) [Fri, 18 Oct 2019 13:43:52 +0000 (09:43 -0400)]
Merge pull request #1801 in SNORT/snort3 from ~SMINUT/snort3:retry_packet_daq_instance to master
Squashed commit of the following:
commit
7ffb11965cb72af79bb9b3360a3baa07c1bb873e
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Oct 15 13:37:57 2019 -0400
packet_io: do not retry packets that do not have a daq instance.
Mike Stepanek (mstepane) [Thu, 17 Oct 2019 19:54:44 +0000 (15:54 -0400)]
Merge pull request #1805 in SNORT/snort3 from ~THOPETER/snort3:nhttp127 to master
Squashed commit of the following:
commit
35c95333f95722ba5b344d34c073c3734317adb2
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Oct 17 14:43:45 2019 -0400
http_inspect: add more config initializers
Mike Stepanek (mstepane) [Thu, 17 Oct 2019 19:54:04 +0000 (15:54 -0400)]
Merge pull request #1804 in SNORT/snort3 from ~THOPETER/snort3:http2_variable_split to master
Squashed commit of the following:
commit
13aadca7891842643dc3fcbd4aef7ed396c0b875
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 16 16:59:10 2019 -0400
http2_inspect: stop sharing a variable between scan and reassemble
Mike Stepanek (mstepane) [Thu, 17 Oct 2019 14:41:56 +0000 (10:41 -0400)]
Merge pull request #1798 in SNORT/snort3 from ~KATHARVE/snort3:h2i_static_new to master
Squashed commit of the following:
commit
c7410c95a1982c8c5f9cf4300a5474f4ea595683
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Oct 14 13:00:46 2019 -0400
http2_inspect: decode indexed header fields in the HPACK static table
Mike Stepanek (mstepane) [Tue, 15 Oct 2019 19:29:22 +0000 (15:29 -0400)]
Merge pull request #1800 in SNORT/snort3 from ~NIHDESAI/snort3:ftp_warn to master
Squashed commit of the following:
commit
450926ec637f648f53a007f0dd92e2c940cf702b
Author: Nihal Desai <nihdesai@cisco.com>
Date: Tue Oct 15 02:15:08 2019 -0400
ftp: fix for missing prototype warning
Michael Altizer (mialtize) [Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)]
Merge pull request #1795 in SNORT/snort3 from ~MIALTIZE/snort3:namespace to master
Squashed commit of the following:
commit
9aab09747acdbb68c1f95d6a6b5a7cfd44d9dd32
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 9 16:42:57 2019 -0400
mime: Put MailLogConfig in the snort namespace
commit
f5628e7cbae4b8e68b2f66161e11c7b38fbfe234
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 9 16:42:27 2019 -0400
file_api: Put FileCapture in the snort namespace
commit
cc82c6f0aa7db229675ab4f255892d8efaa109d3
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 9 14:49:12 2019 -0400
build: Clean up snort namespace usage
Steve Chew (stechew) [Mon, 14 Oct 2019 17:36:03 +0000 (13:36 -0400)]
Merge pull request #1794 in SNORT/snort3 from ~STECHEW/snort3:binder_use_snort_config to master
Squashed commit of the following:
commit
b50a46e6042a01c0b9bfeaa451f072bf4f5bd1c3
Author: Steve Chew <stechew@cisco.com>
Date: Fri Oct 11 14:43:41 2019 -0400
binder: Use reloaded snort config when getting inspector.
Mike Stepanek (mstepane) [Mon, 14 Oct 2019 16:19:18 +0000 (12:19 -0400)]
Merge pull request #1796 in SNORT/snort3 from ~THOPETER/snort3:h2i1 to master
Squashed commit of the following:
commit
96da272489408884f09cff1c6c7960b19dcc5a4a
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 9 17:15:58 2019 -0400
http2_inspect: Move HPACK decompression out of stream splitter into a separate class.
Mike Stepanek (mstepane) [Mon, 14 Oct 2019 14:55:33 +0000 (10:55 -0400)]
Merge pull request #1792 in SNORT/snort3 from ~DERAMADA/snort3:h2i_abort_bad_preface to master
Squashed commit of the following:
commit
fbb4311a964018530e8880d0b5080be3238ae2cf
Author: deramada <deramada@cisco.com>
Date: Wed Oct 9 13:39:12 2019 -0400
http2_inspect: Abort on bad connection preface
Mike Stepanek (mstepane) [Mon, 14 Oct 2019 14:21:27 +0000 (10:21 -0400)]
Merge pull request #1782 in SNORT/snort3 from ~NIHDESAI/snort3:ftp_leak to master
Squashed commit of the following:
commit
2cf5fb38604fcb5c90504db35b0b7086dbb120ea
Author: Nihal Desai <nihdesai@cisco.com>
Date: Mon Sep 23 08:17:46 2019 -0400
ftp: catch invalid server command format
Shravan Rangarajuvenkata (shrarang) [Fri, 11 Oct 2019 18:58:19 +0000 (14:58 -0400)]
Merge pull request #1742 in SNORT/snort3 from ~CLJUDGE/snort3:set_payload_unknown_if_no_tls_host to master
Squashed commit of the following:
commit
f06c11626ed3bc09d801b4b589d4c6b9ed51f00a
Author: cljudge <cljudge@cisco.com>
Date: Thu Sep 12 03:13:54 2019 -0400
appid: for ssl sessions, set payload id to unknown after ssl handshake is done if the payload id was not not found
Mike Stepanek (mstepane) [Thu, 10 Oct 2019 18:50:35 +0000 (14:50 -0400)]
Merge pull request #1791 in SNORT/snort3 from ~THOPETER/snort3:http2_cleanup to master
Squashed commit of the following:
commit
a36d5d0cb46a91592a7edbf061f9af4c9ee7beae
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 9 16:47:52 2019 -0400
http2_inspect: cleanup
Mike Stepanek (mstepane) [Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)]
Merge pull request #1784 in SNORT/snort3 from ~DERAMADA/snort3:h2i_discard_conn_preface to master
Squashed commit of the following:
commit
a00aa7fc98836c50c94cdac9d6cab856eba2ffb1
Author: deramada <deramada@cisco.com>
Date: Mon Oct 7 09:07:56 2019 -0400
http2_inspect: discard connection preface
Mike Stepanek (mstepane) [Wed, 9 Oct 2019 17:04:38 +0000 (13:04 -0400)]
Merge pull request #1783 in SNORT/snort3 from ~DAVMCPHE/snort3:packet_object_init to master
Squashed commit of the following:
commit
74aa43b0bc78b8747eb8a65f8f166390bae6e14a
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Oct 7 10:48:34 2019 -0400
packet: ensure all member variables of the Packet class are initialized at instantiation and when an instance is reset
Mike Stepanek (mstepane) [Wed, 9 Oct 2019 14:21:41 +0000 (10:21 -0400)]
Merge pull request #1788 in SNORT/snort3 from ~MSTEPANE/snort3:build_262 to master
Squashed commit of the following:
commit
6c381d2eb2aaf2ba82d7ad0aaab1cd4efb252bf5
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Oct 9 08:37:27 2019 -0400
build: generate and tag build 262
Amarnath Sathyanarayanan (amsathya) [Tue, 8 Oct 2019 22:06:34 +0000 (18:06 -0400)]
Merge pull request #1786 in SNORT/snort3 from ~RUTIAN/snort3:identity to master
Squashed commit of the following:
commit
db0e98c934e4c092a3a7f6f77c75d8da3752c925
Author: Ruiqi Tian <rutian@cisco.com>
Date: Tue Oct 8 11:11:53 2019 -0400
snort2lua: remove identity related options from firewall
Mike Stepanek (mstepane) [Tue, 8 Oct 2019 19:59:19 +0000 (15:59 -0400)]
Merge pull request #1781 in SNORT/snort3 from ~SMINUT/snort3:port_filtering to master
Squashed commit of the following:
commit
2c0edc886d3066a8543de6df6e9fd80cea677905
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 4 16:23:21 2019 -0400
helpers: implement port exclusion in discovery filter.
Mike Stepanek (mstepane) [Tue, 8 Oct 2019 18:17:05 +0000 (14:17 -0400)]
Merge pull request #1735 in SNORT/snort3 from ~DAVMCPHE/snort3:flow_object_allocation to master
Squashed commit of the following:
commit
3b8ffbfb453e155f805ec859198ca08b945d0cdf
Author: davis mcpherson <davmcphe.cisco.com>
Date: Wed Sep 4 10:57:08 2019 -0400
flow: patch to allocate Flow objects individually on demand. Once allocated the Flow objects are reused until snort exits or reload changes the max_flows setting
Steve Chew (stechew) [Tue, 8 Oct 2019 18:09:06 +0000 (14:09 -0400)]
Merge pull request #1770 in SNORT/snort3 from ~BBANTWAL/snort3:snort2lua_port_bindings to master
Squashed commit of the following:
commit
be613587a79866a0f0c462759eb85bb94aea107a
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri Sep 27 02:00:27 2019 -0400
snort2lua: convert snort2 port bindings into snort3 service bindings for inspectors configured in wizard and add --bind-port option to enable port bindings conversion
Mike Stepanek (mstepane) [Tue, 8 Oct 2019 17:54:07 +0000 (13:54 -0400)]
Merge pull request #1768 in SNORT/snort3 from ~KATHARVE/snort3:h2i_decode_string_literals to master
Squashed commit of the following:
commit
c2a9ef959b7ecda8405591d9f53b041b6b06cec1
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Sep 5 08:49:22 2019 -0400
http2_inspect: parse hpack header representations and decode string literals
Michael Altizer (mialtize) [Tue, 8 Oct 2019 15:23:53 +0000 (11:23 -0400)]
Merge pull request #1785 in SNORT/snort3 from ~MIALTIZE/snort3:cksum_alignment to master
Squashed commit of the following:
commit
e4482a20e1e3c5720bd83d999baba9e6baffe5da
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 7 15:13:32 2019 -0400
codecs: Fix checksumming a single byte of unaligned data
Mike Stepanek (mstepane) [Fri, 4 Oct 2019 22:07:38 +0000 (18:07 -0400)]
Merge pull request #1776 in SNORT/snort3 from ~KATHARVE/snort3:h2i_cut_frame_headers to master
Squashed commit of the following:
commit
ae747d91590506059c321c77bbc3eaf803c82b96
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 2 14:15:06 2019 -0400
http2_inspect: cut headers from frame_data buffer
Mike Stepanek (mstepane) [Fri, 4 Oct 2019 18:09:44 +0000 (14:09 -0400)]
Merge pull request #1779 in SNORT/snort3 from ~DERAMADA/snort3:h2i_validate_connection_preface to master
Squashed commit of the following:
commit
7391aa89fb2f7b2c274ec8966c63fa22b2f86b27
Author: deramada <deramada@cisco.com>
Date: Wed Oct 2 15:29:09 2019 -0400
http2_inspect: validate connection preface
Mike Stepanek (mstepane) [Fri, 4 Oct 2019 18:01:56 +0000 (14:01 -0400)]
Merge pull request #1767 in SNORT/snort3 from ~MASHASAN/snort3:zone_fitering to master
Squashed commit of the following:
commit
c4da727760f9b485dd4cc83f936ed70efeeb2225
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Sep 25 07:43:54 2019 -0400
discovery_filter: Supporting zone matching
Russ Combs (rucombs) [Thu, 3 Oct 2019 18:20:27 +0000 (14:20 -0400)]
Merge pull request #1755 in SNORT/snort3 from ~RUCOMBS/snort3:rule_mode to master
Squashed commit of the following:
commit
ea9b22df4fe34ec6b5443de7ad700676cd7ece65
Author: russ <rucombs@cisco.com>
Date: Wed Oct 2 15:07:43 2019 -0400
detection: map file rules to services
alert file and service:file rules will be loaded as if written:
alert * ( service:ftp-data, netbios-ssn, http, pop3, imap, smtp, user )
This only applies to rules w/o services. With file rules folded
into service groups, we can avoid a separate, and usually extra,
file_data search. The 'user' service is required for stream_file
support.
commit
4fc36a4a5813b0e862fd9059c8f409bfe7bd9fee
Author: russ <rucombs@cisco.com>
Date: Thu Sep 26 13:59:46 2019 -0400
detection: update trace to indicate eval task
commit
bab6812cb2fa5596c6cbe3c970c89d599c9814b2
Author: russ <rucombs@cisco.com>
Date: Sun Sep 22 10:45:09 2019 -0400
detection: non-service rules must match on rule header proto
commit
70c9e81d2a87fe01e40e13a400c5a8c6dae29847
Author: russ <rucombs@cisco.com>
Date: Sat Sep 21 19:43:07 2019 -0400
detection: consistently prefer service rules over port rules
commit
2d6092ffce0913a81440dbac11a0aab2c53527c6
Author: russ <rucombs@cisco.com>
Date: Fri Sep 20 15:31:56 2019 -0400
detection: do not split service groups by ip proto to avoid extra searches
commit
5e35f65a17de82034d5e48a2810abd4edd6d2a68
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 21:19:30 2019 -0400
detection: support alert file rules w/o optional services
commit
27d3cf25ecc4727468143df5a3c1a7d881982a27
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 14:36:08 2019 -0400
detection: use reference for signature eval data
commit
6cb9fffea37f2f521365927d5098a2ae2f2b8c8c
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 14:29:04 2019 -0400
detection: remove unnecessary match data from eval context
commit
763aa8a73cd15869b8e6f9de0a7908e28404e65c
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 14:12:20 2019 -0400
detection: remove the inappropriate match tracker from mpse batch setup
commit
e1342b186cf4bb026c1137fce73f7bdebb525291
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 13:43:30 2019 -0400
detection: remove more cruft from match tracker
This breaks alert file rules rules which do not contain services but fixes
the case where alert tcp and alert file coexist in the same FP FSM and
the service match should override port checks. The new breakage must
be fixed differently.
commit
62e271f85b925b7f6eb3b29d68c3459533bf7bfe
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 12:36:05 2019 -0400
detection: remove cruft from match accumulator
Shravan Rangarajuvenkata (shrarang) [Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)]
Merge pull request #1777 in SNORT/snort3 from ~SATHIRKA/snort3:bittorrent_std_port to master
Squashed commit of the following:
commit
149109cf966db56b7b1e9f63cea33dfe0b8c682c
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Oct 2 12:40:10 2019 -0400
appid: Add support for bittorrent detection over standard ports
Steve Chew (stechew) [Thu, 3 Oct 2019 14:17:45 +0000 (10:17 -0400)]
Merge pull request #1771 in SNORT/snort3 from ~STECHEW/snort3:noack_seq_fix to master
Squashed commit of the following:
commit
0f6d170ece2f36aeca31002ef6e7745c42d434a9
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 19 14:54:53 2019 -0400
libtcp: Turn off no-ack mode if packet is out of order.
Mike Stepanek (mstepane) [Thu, 3 Oct 2019 11:57:56 +0000 (07:57 -0400)]
Merge pull request #1778 in SNORT/snort3 from ~THOPETER/snort3:small_seg4 to master
Squashed commit of the following:
commit
916155bb5155a0f6985f0225f0718cba1013a705
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 2 12:06:04 2019 -0400
stream: clean up cppcheck warnings
Michael Altizer (mialtize) [Tue, 1 Oct 2019 18:00:50 +0000 (14:00 -0400)]
Merge pull request #1760 in SNORT/snort3 from ~MIALTIZE/snort3:decode_data to master
Squashed commit of the following:
commit
1d85480c83ac1167b16c01b34c6bc992a86f381e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Sep 16 21:09:22 2019 -0400
codecs: Use checksum validation from DAQ packet decode data when available
Supported protocols include IP, ICMP, ICMPv6, TCP, and UDP.
commit
a42a81e8ca5e9c2950dc0c7762dd1b9cf3d052d4
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Sep 23 17:25:43 2019 -0400
protocols: Remove reference to obsolete DAQ_PKT_FLAG_HW_TCP_CS_GOOD flag
commit
8ffb5eeca3196e783a89f07ff2a1bd13037c2f25
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 16:45:05 2019 -0400
unit-tests: Fix compiler warnings that snuck into CppUTest unit tests
Mike Stepanek (mstepane) [Tue, 1 Oct 2019 14:56:05 +0000 (10:56 -0400)]
Merge pull request #1774 in SNORT/snort3 from ~THOPETER/snort3:small_seg3 to master
Squashed commit of the following:
commit
48284a400a9d8f852f529a5439ab7bf4178756bb
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Sep 27 15:26:18 2019 -0400
stream: clean up update_direction
Mike Stepanek (mstepane) [Mon, 30 Sep 2019 19:40:49 +0000 (15:40 -0400)]
Merge pull request #1773 in SNORT/snort3 from ~MMATIRKO/snort3:lua_whitespace_fix to master
Squashed commit of the following:
commit
5ac2c1b82fda46a734a1de9db83fad8576a4d1d2
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Sep 30 11:41:06 2019 -0400
lua: fixed whitespace to match style guidelines
Mike Stepanek (mstepane) [Mon, 30 Sep 2019 14:38:33 +0000 (10:38 -0400)]
Merge pull request #1772 in SNORT/snort3 from ~MMATIRKO/snort3:luajit_segv_changes to master
Squashed commit of the following:
commit
8c227975324878d84517fba99ae8a4710f24c5ac
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Sep 30 09:41:11 2019 -0400
ips_options: minor code style changes
Mike Stepanek (mstepane) [Fri, 27 Sep 2019 16:32:18 +0000 (12:32 -0400)]
Merge pull request #1769 in SNORT/snort3 from ~THOPETER/snort3:small_seg2 to master
Squashed commit of the following:
commit
9e8b9922d6aa9046b0eaa320af3d35679698060a
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Sep 19 17:04:44 2019 -0400
stream: cleanup
Mike Stepanek (mstepane) [Thu, 26 Sep 2019 19:20:52 +0000 (15:20 -0400)]
Merge pull request #1764 in SNORT/snort3 from ~MMATIRKO/snort3:luajit_segv to master
Squashed commit of the following:
commit
5673dcacb025089db520ffcd8e87bf217ee59f8e
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Sep 24 13:36:00 2019 -0400
lua: Added move constructor and move assignment operator to Lua::State to fix segv (CSCvn22329)
Russ Combs (rucombs) [Thu, 26 Sep 2019 18:04:57 +0000 (14:04 -0400)]
Merge pull request #1744 in SNORT/snort3 from ~BRASTULT/snort3:ber_fix to master
Squashed commit of the following:
commit
c365ed5d5002bd72805b213179b379a536595dfa
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri Sep 13 15:29:17 2019 -0400
utils: prevent integer overflow/underflow when reading BER elements
Steve Chew (stechew) [Wed, 25 Sep 2019 19:00:56 +0000 (15:00 -0400)]
Merge pull request #1765 in SNORT/snort3 from ~STECHEW/snort3:analyzer_pkth to master
Squashed commit of the following:
commit
d4054d8a659c22f5b66bf4b887e7f9812838540d
Author: Steve Chew <stechew@cisco.com>
Date: Tue Sep 24 10:35:09 2019 -0400
analyzer: Move setting pkth to nullptr to after publishing finalize event.
Michael Altizer (mialtize) [Wed, 25 Sep 2019 17:44:53 +0000 (13:44 -0400)]
Merge pull request #1763 in SNORT/snort3 from ~MIALTIZE/snort3:daq_msg_event to master
Squashed commit of the following:
commit
2d87ba3bb1e5352e3a7a3f48692cb9d2f93e5c1f
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Sep 24 08:22:43 2019 -0400
pub_sub: Replace DaqMetaEvent and OtherMessageEvent with DaqMessageEvent
Three events use this new shared event structure: DAQ_SOF_MSG_EVENT,
DAQ_EOF_MSG_EVENT, and DAQ_OTHER_MSG_EVENT.
Additionally, DAQ peg counts were added for SoF and EoF messages
received.
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Sep 2019 21:59:12 +0000 (17:59 -0400)]
Merge pull request #1748 in SNORT/snort3 from ~KAMURTHI/snort3:BT_Proxy to master
Squashed commit of the following:
commit
a4cef99d25b3cc5b4cf06e22175dcebafc7781b9
Author: kani <kamurthi@cisco.com>
Date: Sun Sep 15 20:58:30 2019 -0400
appid: extract forward ip from http tunneled traffic and use it for dynamic host cache lookup
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Sep 2019 19:07:30 +0000 (15:07 -0400)]
Merge pull request #1758 in SNORT/snort3 from ~KAMURTHI/snort3:DNS_QUERY to master
Squashed commit of the following:
commit
0c8de28d008b2812203326458452265f48fffeba
Author: kani <kamurthi@cisco.com>
Date: Mon Sep 23 11:39:21 2019 -0400
Appid: fix populating dns_query for DNS traffic
Steve Chew (stechew) [Tue, 24 Sep 2019 18:01:41 +0000 (14:01 -0400)]
Merge pull request #1753 in SNORT/snort3 from ~BBANTWAL/snort3:snort2lua_base64_data_fix to master
Squashed commit of the following:
commit
231cbf77f0673e00669d6d57410478d6ae1b8955
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Sep 19 13:06:10 2019 -0400
snort2lua: reset the sticky buffer name while converting unchanged sticky rule options and file_data
Michael Altizer (mialtize) [Tue, 24 Sep 2019 16:55:31 +0000 (12:55 -0400)]
Merge pull request #1761 in SNORT/snort3 from ~SBAIGAL/snort3:revert_map_change to master
Squashed commit of the following:
commit
2bd74d091178b75253934e1f51a7bb5bfc9130bf
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Sep 23 20:51:16 2019 -0400
binder: remove global check for stream inspectors and revert module_map changes
Mike Stepanek (mstepane) [Tue, 24 Sep 2019 14:20:05 +0000 (10:20 -0400)]
Merge pull request #1757 in SNORT/snort3 from ~SMINUT/snort3:reload_module_reputation to master
Squashed commit of the following:
commit
7fcf2e12927d6e6511d7d3b03efbbdc2f96ce0a0
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Sep 23 12:54:40 2019 -0400
reputation: prevent reload module crash when reputation is not configured in lua at startup.
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Sep 2019 13:06:44 +0000 (09:06 -0400)]
Merge pull request #1746 in SNORT/snort3 from ~SHRARANG/snort3:appid_detector_callback to master
Squashed commit of the following:
commit
a288bcb656661f879362bb851eb8aba5425c3774
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Sep 16 10:18:56 2019 -0400
appid: add support for Lua detector callback mechanism
Mike Stepanek (mstepane) [Tue, 24 Sep 2019 12:09:44 +0000 (08:09 -0400)]
Merge pull request #1759 in SNORT/snort3 from ~MASHASAN/snort3:doc_rewrite to master
Squashed commit of the following:
commit
5cc735dc0f949db2a177f35e6d45533a54122a8d
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Sep 23 14:12:29 2019 -0400
doc: Adding Snort2Lua note on ips rule action rewrite
Steve Chew (stechew) [Mon, 23 Sep 2019 22:20:16 +0000 (18:20 -0400)]
Merge pull request #1750 in SNORT/snort3 from ~SBAIGAL/snort3:global_service to master
Squashed commit of the following:
commit
678613c91efb1772aa6bec5abcf0c849e99e83cb
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Sep 17 15:52:10 2019 -0400
binder: allow binder to support global level service inspectors
removed unused function get_type()
add module map
Shravan Rangarajuvenkata (shrarang) [Mon, 23 Sep 2019 21:49:10 +0000 (17:49 -0400)]
Merge pull request #1752 in SNORT/snort3 from ~SATHIRKA/snort3:bittorrent_wildcard to master
Squashed commit of the following:
commit
e2525bc26e3155a88b92665efc8fd466daae33eb
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Sep 18 15:58:20 2019 -0400
appid: Add support for wildcard ports in host tracker
Michael Altizer (mialtize) [Mon, 23 Sep 2019 19:02:10 +0000 (15:02 -0400)]
Merge pull request #1745 in SNORT/snort3 from ~BBANTWAL/snort3:expect_cache_fix to master
Squashed commit of the following:
commit
d7228380a4b95305ea45e59b14087af1b9b95a6e
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Sep 12 14:16:13 2019 -0400
flow: check if control packet has a valid daq instance before setting up daq expected flow and add pegcounts for expected flows
Mike Stepanek (mstepane) [Mon, 23 Sep 2019 17:38:12 +0000 (13:38 -0400)]
Merge pull request #1747 in SNORT/snort3 from ~MMATIRKO/snort3:reputation_blacklist_fix to master
Squashed commit of the following:
commit
3f5f03db34f988fee415252cf6fd50b383799ec3
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Sep 11 14:32:25 2019 -0400
reputation: SIDs for source and destination-triggered events added
Mike Stepanek (mstepane) [Mon, 23 Sep 2019 17:36:18 +0000 (13:36 -0400)]
Merge pull request #1749 in SNORT/snort3 from ~SMINUT/snort3:ips_reload to master
Squashed commit of the following:
commit
97392e8fcbcb1397b8c5838f557574da8472cec0
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Sep 17 16:17:24 2019 -0400
managers: add null check in reload_module to prevent crash when trying to reload module that has not been configured.
Mike Stepanek (mstepane) [Fri, 20 Sep 2019 16:40:59 +0000 (12:40 -0400)]
Merge pull request #1754 in SNORT/snort3 from ~THOPETER/snort3:small_seg to master
Squashed commit of the following:
commit
89c55ebeecd380736f5caa3a63a3d18f0835ae49
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Sep 19 11:49:18 2019 -0400
stream: cleanup
Steve Chew (stechew) [Wed, 18 Sep 2019 12:04:57 +0000 (08:04 -0400)]
Merge pull request #1741 in SNORT/snort3 from ~STECHEW/snort3:profiler_output to master
Squashed commit of the following:
commit
623c678d5fc25492f98cd58c27e2c99cbb804552
Author: Steve Chew <stechew@cisco.com>
Date: Tue Sep 10 10:15:16 2019 -0400
profiler: Increase width of checks and alloc fields so values don't run together
Steve Chew (stechew) [Sun, 15 Sep 2019 16:04:45 +0000 (12:04 -0400)]
Merge pull request #1743 in SNORT/snort3 from ~STECHEW/snort3:prune_unis_fix to master
Squashed commit of the following:
commit
544acc5afc312a7aea9c35d726171e52c2edc2d2
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 12 21:50:36 2019 -0400
flow: When walking uni_list stop before reaching head.
Steve Chew (stechew) [Fri, 13 Sep 2019 18:50:05 +0000 (14:50 -0400)]
Merge pull request #1734 in SNORT/snort3 from ~SBAIGAL/snort3:unknown_daq_pkt_evt to master
Squashed commit of the following:
commit
3d5082836611e94807b296bfb9ea0f2321c5a069
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Sep 3 13:52:16 2019 -0400
analyzer: publish other message event for unknown DAQ messages
made updated on comments
made changes based on comments
Michael Altizer [Thu, 12 Sep 2019 23:40:29 +0000 (19:40 -0400)]
build: Generate and tag build 261
Michael Altizer (mialtize) [Tue, 10 Sep 2019 16:53:46 +0000 (12:53 -0400)]
Merge pull request #1740 in SNORT/snort3 from ~SHRARANG/snort3:update_style_guide to master
Squashed commit of the following:
commit
87a8513592b7e3bde471a0c536cdd6e01958b9d5
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Sep 10 09:19:39 2019 -0400
style: update link for google c++ style guide
Mike Stepanek (mstepane) [Tue, 10 Sep 2019 16:31:19 +0000 (12:31 -0400)]
Merge pull request #1733 in SNORT/snort3 from ~SMINUT/snort3:rna_update_timeout to master
Squashed commit of the following:
commit
e082dd186ee53898cb90b31d7b426cd277afd2f1
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Sep 5 12:41:00 2019 -0400
rna: generate an RNA_EVENT_CHANGE when a host is seen after the last log event and the current time is past the update timeout.
rna: lock when returning last_seen and last_event in host tracker and add peg counts for RnaIdleEventHandler.
rna: pass cond_var to the rna log functions, as per snort 2.
rna: make generation of a CHANGE_HOST_UPDATE event from idle, configurable.
rna: change RnaLoggerEvent::cond_var from time_t to void* because SfUnified2LoggerRNA::rna_serialize() already takes a void* as cond_var.
rna: pass host tracker IP address rather than NULL when calling generate_change_host_update from idle.
rna: supress unused variable message in RnaIdleEventHandle::handle().
rna: address reviewers' comments.
Russ Combs (rucombs) [Mon, 9 Sep 2019 22:04:40 +0000 (18:04 -0400)]
Merge pull request #1732 in SNORT/snort3 from ~RUCOMBS/snort3:rule_statez to master
Squashed commit of the following:
commit
8f66afffc52f4eecc0436d23359f2eccd3ff18f2
Author: russ <rucombs@cisco.com>
Date: Wed Sep 4 17:53:18 2019 -0400
doc: add bullets for $var parameter names and maxXX limits.
commit
ff4bca6a07a6b5446332ce0d41272b9299f08998
Author: russ <rucombs@cisco.com>
Date: Wed Sep 4 16:59:12 2019 -0400
rule_state: switch from regex parameter names to simpler parsing
Performance when loading large rule sets (20K+ rules) with regex is unacceptable.
Switch from regex to $var parameter names with name matching delegated to module.
In this case, $gid_sid is used for rule_state["1:23456"] type configurations. As
you might have guessed, $ indicates parameters with variable names.
Mike Stepanek (mstepane) [Mon, 9 Sep 2019 19:53:14 +0000 (15:53 -0400)]
Merge pull request #1738 in SNORT/snort3 from ~THOPETER/snort3:nhttp125 to master
Squashed commit of the following:
commit
66eaee24b9d6e8f3b8073ecd88e4ba9799c80fc3
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jul 8 12:17:04 2019 -0400
http_inspect: accelerated blocking for chunked message bodies
Mike Stepanek (mstepane) [Mon, 9 Sep 2019 16:50:58 +0000 (12:50 -0400)]
Merge pull request #1728 in SNORT/snort3 from ~MASHASAN/snort3:filter_rna_events to master
Squashed commit of the following:
commit
15a663184d9fc02316049b28f071efa7ee986695
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Aug 27 12:30:24 2019 -0400
rna: Support for filtering rna events by host ip
Shravan Rangarajuvenkata (shrarang) [Mon, 9 Sep 2019 16:15:09 +0000 (12:15 -0400)]
Merge pull request #1731 in SNORT/snort3 from ~KAMURTHI/snort3:FTP_multi_split_resp to master
Squashed commit of the following:
commit
cfd2c0bea4045d59846a71a51070047d46dbd708
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Tue Sep 3 16:29:52 2019 -0400
appid: ftp banners on multiple packets with split response code
Michael Altizer (mialtize) [Sat, 7 Sep 2019 14:31:14 +0000 (10:31 -0400)]
Merge pull request #1737 in SNORT/snort3 from ~MIALTIZE/snort3:unversioned_safec to master
Squashed commit of the following:
commit
08aa510f3ae6d74ebd81023b0ef2ecf480d92c9d
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 11:55:17 2019 -0400
safec: Update CMake logic for unversioned LibSafeC pkg-config name
Thanks to Noah Dietrich <noah_dietrich@86penny.org> for reporting the issue.
Michael Altizer (mialtize) [Sat, 7 Sep 2019 14:31:05 +0000 (10:31 -0400)]
Merge pull request #1736 in SNORT/snort3 from ~MIALTIZE/snort3:cppcheck to master
Squashed commit of the following:
commit
dada26623785e41c11f66ce9fb24e0bffebba151
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 10:55:52 2019 -0400
build: Address miscellaneous cppcheck warnings
commit
48e3dffc6605b916b555134c60fb12e5f131ee1f
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 10:34:46 2019 -0400
build: Const-ify reference arguments as suggested by cppcheck
Mike Stepanek (mstepane) [Thu, 5 Sep 2019 14:48:54 +0000 (10:48 -0400)]
Merge pull request #1730 in SNORT/snort3 from ~THOPETER/snort3:ab_stream_fix to master
Squashed commit of the following:
commit
feed2122124b63c3e13561585d63ddcf1d841094
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Sep 3 17:41:31 2019 -0400
stream: fix problem with accelerated blocking partial inspection
Davis McPherson (davmcphe) [Wed, 4 Sep 2019 19:54:05 +0000 (15:54 -0400)]
Merge pull request #1729 in SNORT/snort3 from ~DAVMCPHE/snort3:snort2lua_fix_ignored to master
Squashed commit of the following:
commit
2abe3e6fc16fa0bf6b217dbb72bf05b4b7a2b361
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Sep 3 12:22:37 2019 -0400
snort2lua: only emit max_flows and pruning_timeout options in converted lua file if the option is used in the snort2 conf file
Shravan Rangarajuvenkata (shrarang) [Wed, 4 Sep 2019 19:15:15 +0000 (15:15 -0400)]
Merge pull request #1727 in SNORT/snort3 from ~SATHIRKA/snort3:ssl_api to master
Squashed commit of the following:
commit
9e2b9339305b910ea4c0d7285f1829d5c64716ca
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Aug 30 11:26:03 2019 -0400
appid: Enabled API for SSL to lookup appid
Mike Stepanek (mstepane) [Wed, 4 Sep 2019 12:58:58 +0000 (08:58 -0400)]
Merge pull request #1726 in SNORT/snort3 from ~MMATIRKO/snort3:bidirectional_icmp_ip_udp to master
Squashed commit of the following:
commit
289756992b5a373f05a074032f694528a0916ef7
Author: Michael Matirko <mmatirko@cisco.com>
Date: Fri Aug 30 11:49:44 2019 -0400
rna: support for bidirectional flow with UDP, IP, and ICMP traffic
Michael Altizer (mialtize) [Tue, 3 Sep 2019 13:54:50 +0000 (09:54 -0400)]
Merge pull request #1721 in SNORT/snort3 from ~MIALTIZE/snort3:retry to master
Squashed commit of the following:
commit
5ce3c7346368e240487ad6f7f89534a6c27fdc4d
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Aug 27 12:57:52 2019 -0400
managers: Make InspectorManager::thread_stop() a no-op if thread_init() was never called
This can happen if the DAQ instance start attempt fails and the Analyzer
thread is forced to terminate early.
commit
cadf42eac5fd50c78c471ea6a973b391f7813d7a
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Jul 26 15:53:57 2019 -0400
analyzer: Process retry queue and onloads when no DAQ messages are received
Additionally, limit the retry queue such that messages will be dropped
instead if queuing them would drop the available pool below the batch
size (totally arbitrary) and add retry queue peg counts.
Also, fix the detection packet count (and thus get_packet_number()) to
include retried packets. This does remove the total_from_daq count, which
should be reimplemented in the SFDAQ module peg counts.
Mike Stepanek (mstepane) [Tue, 3 Sep 2019 12:42:25 +0000 (08:42 -0400)]
Merge pull request #1720 in SNORT/snort3 from ~KATHARVE/snort3:http2_framework to master
Squashed commit of the following:
commit
513ce97b05f7efc8d49df200bf7f26bd4bc3afb2
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 30 14:17:29 2019 -0400
modify event enum names and correctly handle preface split multile across tcp packets
commit
f209fca6eaa6825f627d87f76321c41cc95a0ec7
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 30 11:37:22 2019 -0400
fix data length in unit test
commit
b1da12736d0576d1004d8320dcdda6e9e66fccb0
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 22:59:47 2019 -0400
update unit test to avoid adding another spelling exception
commit
687d7c7f9e827c283962d991ef25a738f9c25c82
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 17:19:14 2019 -0400
address more comments
commit
5ee375bae4390516802cef80e69b2da16df1726f
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 17:15:49 2019 -0400
fix bug in scan - it wasn't actually searching until the end of data frames
commit
039c6513104af4116d51e3e72ddf570f581eda90
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 10:36:10 2019 -0400
fix comment
commit
b7f2c09c64a7c6db49351dd53bb2c5f2ebed0215
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Aug 28 10:48:57 2019 -0400
address first batch of comments
commit
559e6de2c803bb2bd09179624ac7b35d59b060f1
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Aug 27 10:42:42 2019 -0400
code cleanup
commit
918fb7e2de8533fb3e9f14f3c5488757abd1be95
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Aug 26 21:19:03 2019 -0400
http2_inspect: send raw encoded headers to detection
Steve Chew (stechew) [Wed, 28 Aug 2019 16:21:24 +0000 (12:21 -0400)]
Merge pull request #1722 in SNORT/snort3 from ~SBAIGAL/snort3:wiz_spell_err to master
Squashed commit of the following:
commit
e114bc47be63d99391eda8cdab62e5a4fd6b0757
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Aug 28 09:34:31 2019 -0400
binder: updated a spelling error from comment
Mike Stepanek (mstepane) [Wed, 28 Aug 2019 14:33:50 +0000 (10:33 -0400)]
Merge pull request #1723 in SNORT/snort3 from ~MSTEPANE/snort3:build_260 to master
Squashed commit of the following:
commit
41a75d86345ce115175322b3697abeb68bda9bda
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Aug 28 09:10:03 2019 -0400
Build 260
Steve Chew (stechew) [Tue, 27 Aug 2019 20:28:22 +0000 (16:28 -0400)]
Merge pull request #1719 in SNORT/snort3 from ~SBAIGAL/snort3:wiz_restart to master
Squashed commit of the following:
commit
614ef5ef2ffb2a683bd8574c5f6a124f42e17544
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Aug 2 14:18:37 2019 -0400
binder: updated change_service event to support service reset via wizard
removed switch to wizard event and use null service to reset
Mike Stepanek (mstepane) [Tue, 27 Aug 2019 15:20:02 +0000 (11:20 -0400)]
Merge pull request #1699 in SNORT/snort3 from ~SMINUT/snort3:host_cache_derived_memcap to master
Squashed commit of the following:
commit
097b3573f23a1ddfc2176d7f2c68ad4fd613e818
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Aug 1 17:01:39 2019 -0400
host_tracker: derive LruCacheSharedMemcap from the general LruCacheShared that trakcs size in bytes, rather than number of items and instantiate host_cache from LruCacheSharedMemcap.
Shravan Rangarajuvenkata (shrarang) [Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)]
Merge pull request #1717 in SNORT/snort3 from ~KAMURTHI/snort3:TLSV13 to master
Squashed commit of the following:
commit
541a74e8d1c6a088dfd9971e433faaefdfcaed83
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Wed Aug 21 07:07:48 2019 -0400
appid: handle 'change cipher spec' in 'server hello' to allow some app detection for tls 1.3 traffic
Mike Stepanek (mstepane) [Mon, 26 Aug 2019 17:05:41 +0000 (13:05 -0400)]
Merge pull request #1703 in SNORT/snort3 from ~MASHASAN/snort3:rna_unified_log to master
Squashed commit of the following:
commit
35a9980eefe2fe7848bd936e77a66d90e8a603a3
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Aug 6 09:30:45 2019 -0400
rna: Support for rna unified2 logging
Mike Stepanek (mstepane) [Mon, 26 Aug 2019 13:33:26 +0000 (09:33 -0400)]
Merge pull request #1716 in SNORT/snort3 from ~KATHARVE/snort3:remove_pkt_data to master
Squashed commit of the following:
commit
616c7aee55b2e0a239577a3c6430ef0a11d13d22
Author: Mike Redden <miredden@cisco.com>
Date: Fri Aug 16 13:25:49 2019 -0400
http2_inspect: Remove pkt_data buffer option
Michael Altizer (mialtize) [Thu, 22 Aug 2019 21:33:17 +0000 (17:33 -0400)]
Merge pull request #1715 in SNORT/snort3 from ~DAVMCPHE/snort3:reload_adjust_cleanup to master
Squashed commit of the following:
commit
e18fe7cb30171778f1fa02e8744f8d16913473e6
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Aug 19 17:43:49 2019 -0400
reload: fix coding style issues, support multiple in progress analyzer commands, support associated AC state for execute method, move reload tune logic for ACSwap to the execute command
Mike Stepanek (mstepane) [Thu, 22 Aug 2019 15:14:19 +0000 (11:14 -0400)]
Merge pull request #1713 in SNORT/snort3 from ~NIHDESAI/snort3:small_segs to master
Squashed commit of the following:
commit
548c72921772fd15d7b263602ab5c6f03ea048ce
Author: russ <rucombs@cisco.com>
Date: Wed Jul 10 15:54:14 2019 -0400
stream_tcp: clear consecutive small segs count upon non-small segs only
projects / thirdparty / snort3.git / log
