git.ipfire.org Git - thirdparty/snort3.git/log

]> git.ipfire.org Git - thirdparty/snort3.git/log

projects / thirdparty / snort3.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Ron Dempster (rdempste) [Wed, 10 May 2023 14:15:40 +0000 (14:15 +0000)]

Pull request #3835: main, managers: set the network policy using the user id during inspector delete

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:np_during_free to master

Squashed commit of the following:

commit aa69ac344a8eecf332d56c11d81a3dd97e11e5eb
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Apr 27 18:12:49 2023 -0400

main, managers: set the network policy using the user id during inspector delete

commit | commitdiff | tree

Ron Dempster (rdempste) [Tue, 9 May 2023 11:52:21 +0000 (11:52 +0000)]

Pull request #3836: protocols,codecs: Decode Geneve variable length options.

Merge in SNORT/snort3 from ~STECHEW/snort3:geneve_update to master

Squashed commit of the following:

commit 6cff0abdd48f869abb22d09f80f4846d88ba7673
Author: Steve Chew <stechew@cisco.com>
Date: Tue May 2 08:55:38 2023 -0400

protocols,codecs: Decode Geneve variable length options.

commit | commitdiff | tree

Ron Dempster (rdempste) [Mon, 8 May 2023 13:02:27 +0000 (13:02 +0000)]

Pull request #3834: http_inspect: add support for file transfer using Partial Content

Merge in SNORT/snort3 from ~VHORBATO/snort3:http_206 to master

Squashed commit of the following:

commit ff945654ffbf658b4c97b051819911db6d3f5fbf
Author: vhorbato <vhorbato@cisco.com>
Date: Thu Apr 27 14:20:03 2023 +0300

http_inspect: add support for file transfer using Partial Content

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Sat, 6 May 2023 19:16:24 +0000 (19:16 +0000)]

Pull request #3837: build: generate and tag 3.1.61.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.61.0 to master

Squashed commit of the following:

commit 9f172e7f667828e6ddce5ccd9b26e802a3db4ce6
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu May 4 22:36:42 2023 -0400

build: generate and tag 3.1.61.0

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 4 May 2023 16:11:21 +0000 (16:11 +0000)]

Pull request #3796: appid: Ensure that TP SSL reinspection is not overwriting SMTPS service

Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtps_tp to master

Squashed commit of the following:

commit f0eb3ab338d9dc0151dcd2a90cad298196c08bd0
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Tue Apr 4 07:24:54 2023 -0400

appid: Ensure that TP SSL detection is not overwrite SMTPS service and client in a starttls session

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Fri, 28 Apr 2023 19:17:03 +0000 (19:17 +0000)]

Pull request #3831: appid: validate data size of SSL certificate record before parsing

Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_validate_crash to master

Squashed commit of the following:

commit 73c6ffdcf155f88b01b7ac8e7070aacc7aa9319c
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Apr 27 13:15:13 2023 -0400

appid: validate data size of SSL certificate record before parsing

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Fri, 28 Apr 2023 17:55:50 +0000 (17:55 +0000)]

Pull request #3803: appid: AppIdPegCounters thread fixes

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_pegs_data_ref to master

Squashed commit of the following:

commit 49fedbbdbfb3e6e06a131f51aefec1603a1b3d83
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Apr 7 12:02:51 2023 -0400

appid: AppIdPegCounters thread data handling refactored to prevent data races

commit | commitdiff | tree

Steven Baigal (sbaigal) [Fri, 28 Apr 2023 17:38:41 +0000 (17:38 +0000)]

Pull request #3825: tcp_reassembler: Fix missing VLAN ids in TCP pseudopkts

Merge in SNORT/snort3 from ~CHSHERWI/snort3:vlan_fix2 to master

Squashed commit of the following:

commit d89e24f57bca7d1f9af03858b5c7069d84039fce
Author: Chris Sherwin <chsherwi@cisco.com>
Date:   Thu Apr 27 15:15:15 2023 -0400

    stream tcp: Populate TCP pseudopackets with VLAN ids in TCP reassembler to avoid
        issues with secondary flow creation / expected flow cache

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Fri, 28 Apr 2023 12:30:57 +0000 (12:30 +0000)]

Pull request #3832: CMake: update sed

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_norm_cmake_sed to master

Squashed commit of the following:

commit c4bd8e8b2c39d96c367bfb6c6e1340c686add726
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Apr 28 12:23:30 2023 +0300

    cmake: update sed call

    Use '|' rather than '+' for sed separator.
    A target name can contain any symbol, for example '+' on OpenWrt.
    Picking '|' as a more common substitution for '/'.

    Thanks to graysky for reporting the issue.

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Fri, 28 Apr 2023 11:33:08 +0000 (11:33 +0000)]

Pull request #3830: Force initalization of thread local variables.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_nullptr_memman to master

Squashed commit of the following:

commit 09db004f568e7d14f81aad4d30533e3f758e6b0c
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Apr 24 14:24:37 2023 +0300

memory: provide a default value for pointers if the module has not been initialized

commit | commitdiff | tree

Steve Chew (stechew) [Thu, 27 Apr 2023 17:34:25 +0000 (17:34 +0000)]

Pull request #3811: main: reset the global s_network_policy pointer at main thread as part of snort cleanup flow

Merge in SNORT/snort3 from ~SVLASIUK/snort3:firewall_hitcount to master

Squashed commit of the following:

commit f6930a067cc2252a15efb9eea16692b7ade6295e
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Thu Apr 13 20:02:46 2023 +0300

managers: check main SnortConfig pointer in InspectorManager::get_inspector() to avoid memory bad access calls

commit | commitdiff | tree

Ron Dempster (rdempste) [Thu, 27 Apr 2023 14:08:35 +0000 (14:08 +0000)]

Pull request #3826: Reap fix master

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reap_fix_master to master

Squashed commit of the following:

commit fcaaf4316971b0f38e170e3d92a98571c184e25a
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Apr 20 14:49:11 2023 -0400

    flow, hash, stream: add a free list node count that is output as a peg count

commit 47a20ab19a85ac3a33787c5ab53a30d15c1208d9
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Wed Apr 19 13:05:52 2023 -0400

    memory: fix memory pruning race condition and bail on reap failure

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Thu, 27 Apr 2023 10:02:57 +0000 (10:02 +0000)]

Pull request #3815: profiler: add shell commands

Merge in SNORT/snort3 from ~ASERBENI/snort3:profiler_shell_commands to master

Squashed commit of the following:

commit 7c951114e3b54775c8f30e889f050f431e170842
Author: Anna Norokh <anorokh@cisco.com>
Date:   Tue Apr 11 13:16:59 2023 +0300

    snort: add show_config_generation() command

commit a12cf4ae89d500160412504e2c1c4a7aea38c665
Author: Anna Norokh <anorokh@cisco.com>
Date:   Tue Apr 11 13:15:46 2023 +0300

    profiler: add shell commands

commit 3d388c55ff0a35776413b41386e5db5b0378545f
Author: vhorbato <vhorbato@cisco.com>
Date:   Wed Feb 15 12:45:52 2023 +0200

    profiler: move profiler module to separate files

commit | commitdiff | tree

Steven Baigal (sbaigal) [Wed, 26 Apr 2023 14:56:07 +0000 (14:56 +0000)]

Pull request #3822: Pull request #592: flow: Defensive fix to prevent crash if flow->prev is nullptr.

Merge in SNORT/snort3 from ~SBAIGAL/snort3:unideffixmaster to master

Squashed commit of the following:

commit d993b3cb09234ca2333fbf370ddbc0f168e5bfc7
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date:   Tue Apr 18 22:47:33 2023 +0000

    Pull request #592: flow: Defensive fix to prevent crash if flow->prev is nullptr.

    Merge in FIREPOWER/snort3 from ~STECHEW/snort3:uni_defensive_fix to release/7.4.0

    * commit '8e476581a05fb61df0138ce30d6a9ebc9d053447':
      flow: Defensive fix to prevent crash if flow->prev is nullptr.

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Sun, 23 Apr 2023 07:14:42 +0000 (07:14 +0000)]

Pull request #3820: build: remove unused header

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:build_malloc_header to master

Squashed commit of the following:

commit 79b926addf2f5e5dabf1700eaae12da0f0099016
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Apr 20 16:34:25 2023 +0300

    build: remove unused header

    Thanks to Rui Chen for reporting the issue.

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Fri, 21 Apr 2023 14:26:54 +0000 (14:26 +0000)]

Pull request #3819: build: generate and tag 3.1.60.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.60.0 to master

Squashed commit of the following:

commit 67777edd17ca59c103144cc572ab9b5165d3ec65
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Apr 20 15:40:28 2023 -0400

build: generate and tag 3.1.60.0

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Tue, 18 Apr 2023 19:31:48 +0000 (19:31 +0000)]

Pull request #3807: appid: Making free_servicematch_list thread local

Merge in SNORT/snort3 from ~OSTEPANO/snort3:csd_pattern_search_crash to master

Squashed commit of the following:

commit d8dc69deffebdb3205b7a11a9e0d35a72223228c
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Apr 14 09:54:00 2023 -0400

appid: Making free_servicematch_list thread local

commit | commitdiff | tree

Brian Morris (bmorris2) [Fri, 14 Apr 2023 16:00:26 +0000 (16:00 +0000)]

Pull request #3809: src: fix broken unit test/tweak define related to previous operator bool fixes

Merge in SNORT/snort3 from ~BMORRIS2/snort3:cppcheck_operator to master

Squashed commit of the following:

commit 255884ac3dd41076a21b901a286fc1de9437abbd
Author: Brian Morris <bmorris2@cisco.com>
Date: Fri Apr 14 14:52:20 2023 +0000

src: fix broken unit test/tweak define related to previous operator bool fixes

commit | commitdiff | tree

Brian Morris (bmorris2) [Thu, 13 Apr 2023 15:34:52 +0000 (15:34 +0000)]

Pull request #3805: src: change a few operator bool functions to named functions

Merge in SNORT/snort3 from ~BMORRIS2/snort3:cppcheck_operator to master

Squashed commit of the following:

commit cf6f1f58a76a597302628847200369d912d890db
Author: Brian Morris <bmorris2@cisco.com>
Date: Wed Apr 12 15:52:18 2023 +0000

src: change a few operator bool functions to named functions

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Wed, 12 Apr 2023 17:46:20 +0000 (17:46 +0000)]

Pull request #3775: appid: Adds logs for memory and pattern count

Merge in SNORT/snort3 from ~LCZARNIK/snort3:appid_logs to master

Squashed commit of the following:

commit b3115951ae0ed617ae5acb715e351c8789f8fba7
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date: Fri Mar 3 10:16:27 2023 -0500

appid: log maxrss difference and pattern count during appid initialization and reload detectors

commit | commitdiff | tree

Ron Dempster (rdempste) [Mon, 10 Apr 2023 19:55:34 +0000 (19:55 +0000)]

Pull request #3801: appid: make ssl app group id lookup set payload and client

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:cert_viz_take_2 to master

Squashed commit of the following:

commit a36b1fbaeb2485a2d9e20354af8062fca368e988
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed Apr 5 17:01:39 2023 -0400

appid: make ssl app group id lookup set payload and client

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Mon, 10 Apr 2023 16:03:02 +0000 (16:03 +0000)]

Pull request #3782: appid: Fixed TSAN warnings

Merge in SNORT/snort3 from ~BSACHDEV/snort3:tsan_warnings_part1 to master

Squashed commit of the following:

commit b2934642d9bf0fcf7d53f6fc80c4540e7a63736c
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Mar 8 09:03:53 2023 -0500

appid: Fixed TSAN warnings

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Fri, 7 Apr 2023 13:56:22 +0000 (13:56 +0000)]

Pull request #3802: build: generate and tag 3.1.59.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.59.0 to master

Squashed commit of the following:

commit c6153096f840bc6a00588b108b1f5aeb0260bc2a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Apr 6 17:21:16 2023 -0400

build: generate and tag 3.1.59.0

commit | commitdiff | tree

Steven Baigal (sbaigal) [Wed, 5 Apr 2023 18:28:42 +0000 (18:28 +0000)]

Pull request #3799: http2_inspect: Snort3 crash due to HTTP2 Stream Re-transmission.

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:http2_reload_fix to master

Squashed commit of the following:

commit eec6509dbafa0d13ddb4bd6fd854ccdd806a1172
Author: rshafiq <rshafiq@cisco.com>
Date: Tue Apr 4 14:37:13 2023 -0400

http2_inspect: make flow data reload safe

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 4 Apr 2023 21:16:56 +0000 (21:16 +0000)]

Pull request #3798: thread_config: add preemptive watchdog kick for flow deletion

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:wdt_flow_deletes to master

Squashed commit of the following:

commit da7e7eeddf30ca011d46949ec76df28480ec331d
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Apr 4 15:35:17 2023 -0400

thread_config: add preemptive watchdog kick for flow deletion

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 4 Apr 2023 19:18:02 +0000 (19:18 +0000)]

Pull request #3797: Revert "Pull request #3790: thread_config: remove message use in wdt"

Merge in SNORT/snort3 from ~SBAIGAL/snort3:revert_wgt1 to master

Squashed commit of the following:

commit 89cecd40161799c1c0afbaf83698cd77af32c172
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Tue Apr 4 14:55:20 2023 -0400

    Revert "Pull request #3790: thread_config: remove message use in wdt"

    This reverts commit 824a06ebdc56f88ec8dfe9c96f31a712e053e00e.

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 4 Apr 2023 18:21:32 +0000 (18:21 +0000)]

Pull request #3790: thread_config: remove message use in wdt

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:wdt_atomic to master

Squashed commit of the following:

commit d963d3fa286084fd2e537c6698ebdbfc0806dc81
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Thu Mar 30 12:46:15 2023 -0400

    watchdog: address comments from Steven

commit 85f9cbf5a6b99f0812ae20a4d004d41b4f02a74a
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Thu Mar 23 09:24:42 2023 -0400

    thread_config: remove message use in wdt

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 4 Apr 2023 15:41:34 +0000 (15:41 +0000)]

Pull request #3793: 7.5.0 Forward-port -- memory: subtract the allocated memory from the thread pruned before comparing to the target

Merge in SNORT/snort3 from ~MMATIRKO/snort3:memory_forward_75 to master

Squashed commit of the following:

commit c1e4fa90a08069e186bdf9717bcb8524b123a220
Author: Steve Chew (stechew) <stechew@cisco.com>
Date:   Wed Mar 29 05:26:48 2023 +0000

    Pull request #554: memory: subtract the allocated memory from the thread pruned before comparing to the target

    Merge in FIREPOWER/snort3 from ~RDEMPSTE/snort3:free_space_allocs to hotfix/7.0.5-DE

    * commit '71b3d000f9788a3ef14f6b9b5a606354623fe58f':
      memory: subtract the allocated memory from the thread pruned before comparing to the target

commit | commitdiff | tree

Shanmugam S (shanms) [Tue, 4 Apr 2023 08:08:02 +0000 (08:08 +0000)]

Pull request #3794: stream: store thread local flow control pointer in global

Merge in SNORT/snort3 from ~KBHANDAN/snort3:crash_dump_flow_control to master

Squashed commit of the following:

commit e6dd384b6ba178393dcf1bd56721b7243646a05f
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Tue Apr 4 10:35:32 2023 +0530

stream: store thread local flow control pointer in global

commit | commitdiff | tree

Bhargava Jandhyala (bjandhya) [Mon, 3 Apr 2023 05:43:40 +0000 (05:43 +0000)]

Pull request #3785: file_api: handling file cache context

Merge in SNORT/snort3 from ~VKAMBALA/snort3:file_context_75 to master

Squashed commit of the following:

commit d2ef60bb3aadead55f22384cc5263882262f40d7
Author: krishnakanth <vkambala@cisco.com>
Date: Tue Mar 21 18:47:29 2023 +0530

file_api: handling file cache context

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Fri, 31 Mar 2023 07:53:47 +0000 (07:53 +0000)]

Pull request #3791: http2_inspect: clear flow stream_intf with flow_data

Merge in SNORT/snort3 from ~VHORBATO/snort3:http2_stream_intf to master

Squashed commit of the following:

commit 6e6662bc009fddcdd8abc4c4d506f8144847b87b
Author: vhorbato <vhorbato@cisco.com>
Date: Fri Mar 24 19:23:41 2023 +0200

http2_inspect: clear flow stream_intf with flow_data

commit | commitdiff | tree

Shanmugam S (shanms) [Fri, 24 Mar 2023 08:10:12 +0000 (08:10 +0000)]

Pull request #3787: flow_cache: Prune multiple flows

Merge in SNORT/snort3 from ~KBHANDAN/snort3:prune_multiple to master

Squashed commit of the following:

commit 2851a29722b096be89b291dc8d2e88dd0764510b
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Thu Mar 23 01:28:22 2023 +0530

flow_cache: Prune multiple flows

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Thu, 23 Mar 2023 01:51:45 +0000 (01:51 +0000)]

Pull request #3786: build: generate and tag 3.1.58.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.58.0 to master

Squashed commit of the following:

commit b84026ea28ab20d03aaff276ced50b9e9fecbc0a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Mar 22 11:50:40 2023 -0400

build: generate and tag 3.1.58.0

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 21 Mar 2023 16:26:01 +0000 (16:26 +0000)]

Pull request #3781: detection: fix queue_limit pegcounter evaluation

Merge in SNORT/snort3 from ~YCHALOV/snort3:snort3_detection_queue_limit to master

Squashed commit of the following:

commit 172915ec46eb9d912f1d6b0a9d9b17cffa3e53e1
Author: Yurii Chalov <ychalov@cisco.com>
Date: Fri Mar 10 10:20:31 2023 +0100

detection: fix queue_limit pegcounter evaluation

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 21 Mar 2023 13:16:27 +0000 (13:16 +0000)]

Pull request #3766: host cache: removed some log to prevent log flooding

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:host_cache_logs to master

Squashed commit of the following:

commit ec6949eab03ba034c9ed416476329e1a6c6ad697
Author: rshafiq <rshafiq@cisco.com>
Date: Thu Feb 16 09:30:46 2023 -0500

host cache: removed some log to prevent log flooding

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 21 Mar 2023 11:40:22 +0000 (11:40 +0000)]

Pull request #3784: js_norm: Initialize normalizer after script was found

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:jsn_perf_fix to master

Squashed commit of the following:

commit a54f7df1a0443a886091118006020608ef3140b6
Author: dkyrylov <dkyrylov@cisco.com>
Date: Fri Mar 17 18:20:46 2023 +0200

js_norm: initialize normalization context only when script is detected

commit | commitdiff | tree

Steven Baigal (sbaigal) [Mon, 20 Mar 2023 14:45:59 +0000 (14:45 +0000)]

Pull request #3783: memory: add shell command to dump heap stats

Merge in SNORT/snort3 from ~SBAIGAL/snort3:memstats to master

Squashed commit of the following:

commit ebe8554f4f5e95c464f08e57393d4fc204b531a0
Author: Steven Baigal <sbaigal@cisco.com>
Date: Wed Mar 15 17:19:35 2023 -0400

memory: add shell command to dump heap stats

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Fri, 17 Mar 2023 18:00:30 +0000 (18:00 +0000)]

Pull request #3780: appid: give precedence to eve detected client over appid when eve_http_client_mapping config is set

Merge in SNORT/snort3 from ~SATHIRKA/snort3:eve_http_process_client_detection to master

Squashed commit of the following:

commit 214fba55d508bd25ecbe05aa55618d17085daada
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 9 11:20:54 2023 -0500

appid: give precedence to eve detected client over appid when eve_http_client_mapping config is set

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Mon, 13 Mar 2023 07:58:20 +0000 (07:58 +0000)]

Pull request #3778: actions: restore rtn check in Actions::alert and add to Actions::log

Merge in SNORT/snort3 from ~ANOROKH/snort3:rtn_check to master

Squashed commit of the following:

commit d969e687476e4f6ca453fa0501691e93dd0b8442
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date: Thu Mar 9 16:00:01 2023 +0200

actions: restore rtn check in Actions::alert and add to Actions::log

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Mon, 13 Mar 2023 07:43:17 +0000 (07:43 +0000)]

Pull request #3777: loggers: fix pcap flushing

Merge in SNORT/snort3 from ~YCHALOV/snort3:snort3_sigsegv to master

Squashed commit of the following:

commit a57f1b0348b5d4262b8c5df81af6ab297a89de98
Author: Yurii Chalov <ychalov@cisco.com>
Date: Mon Mar 6 21:41:35 2023 +0100

loggers: fix pcap flushing

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Mon, 13 Mar 2023 02:14:03 +0000 (02:14 +0000)]

Pull request #3779: Build 3.1.57.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.57.0 to master

Squashed commit of the following:

commit b1ca05cd7d06a3cc4b3cd199ac754527a32bb5b7
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Mar 9 14:03:27 2023 -0500

build: generate and tag 3.1.57.0

commit | commitdiff | tree

Bhargava Jandhyala (bjandhya) [Tue, 7 Mar 2023 16:58:31 +0000 (16:58 +0000)]

Pull request #3690: telnet: added paf based splitter for telnet

Merge in SNORT/snort3 from ~SMANGHAT/snort3:snort_telnet_splitter to master

Squashed commit of the following:

commit 573f28712abe09bbcdd7d693986fffffa7eb6881
Author: Shailendra Manghate <smanghat@cisco.com>
Date:   Tue Mar 7 15:38:22 2023 +0530

    ftp_telnet: updated flushing around subnegotiation parameters

    The splitter will flush after EOL or SE. It will ignore EOL between SB and SE.

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Fri, 3 Mar 2023 12:20:05 +0000 (12:20 +0000)]

Pull request #3772: Hyperscan scratch space.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:mpse_hs_scratch to master

Squashed commit of the following:

commit 84e671286cba6537b4893d2425e0542e008e758a
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Feb 24 22:34:08 2023 +0200

    search_engine: allocate a single shared scratch space

    All threads, compiling mpse database, update the same scratch space sequentially.

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Mon, 27 Feb 2023 13:16:51 +0000 (13:16 +0000)]

Pull request #3769: profiler: add rule time percentage table field

Merge in SNORT/snort3 from ~YCHALOV/snort3:snort_rule_profiler_per to master

Squashed commit of the following:

commit abd4ea019de96d2083c46c0d898e84099a83615e
Author: Yurii Chalov <ychalov@cisco.com>
Date: Fri Feb 17 14:27:11 2023 +0100

profiler: add rule time percentage table field

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Thu, 23 Feb 2023 15:50:35 +0000 (15:50 +0000)]

Pull request #3771: build: generate and tag 3.1.56.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.56.0 to master

Squashed commit of the following:

commit 42baa9b03a8293dac46f75195a512c52ceffa0bc
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Feb 22 20:18:39 2023 -0500

build: generate and tag 3.1.56.0

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 16 Feb 2023 17:10:51 +0000 (17:10 +0000)]

Pull request #3763: appid: merge cname pattern matchers with ssl pattern matchers

Merge in SNORT/snort3 from ~OSTEPANO/snort3:cname_and_cert_merge to master

Squashed commit of the following:

commit 9be16131179eeff287720a474b410885b19cff7a
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Feb 9 10:41:51 2023 -0500

appid: merge cname pattern matchers with ssl pattern matchers

commit | commitdiff | tree

Russ Combs (rucombs) [Sun, 12 Feb 2023 11:13:33 +0000 (11:13 +0000)]

Pull request #3764: configure: fix typo in jemalloc with tcmalloc error message

Merge in SNORT/snort3 from ~RUCOMBS/snort3:mem_config to master

Squashed commit of the following:

commit 7b2c5a1442a406af1869ce7b408fdeeec44a003e
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Feb 9 11:31:56 2023 -0500

configure: fix typo in jemalloc with tcmalloc error message

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Fri, 10 Feb 2023 09:33:19 +0000 (09:33 +0000)]

Pull request #3753: sd_pattern: keep obfuscation blocks per buffer

Merge in SNORT/snort3 from ~ASERBENI/snort3:sd_obfuscation to master

Squashed commit of the following:

commit 0db98b656216676553096952d7df2d815e073627
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Tue Jan 31 11:12:57 2023 +0200

    doc: update sd_pattern docs after obfuscation changes

commit 7699a8338c6d7ec534d648d16cae8fde7947fd3a
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Mon Jan 23 11:26:18 2023 +0200

    sd_pattern: keep obfuscation blocks per buffer

commit | commitdiff | tree

Steven Baigal (sbaigal) [Fri, 10 Feb 2023 01:44:24 +0000 (01:44 +0000)]

Pull request #3756: copyright: update for year 2023

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:copyright_update_year_2023 to master

Squashed commit of the following:

commit 74b7468527b55e3f54b7969b30a7fcb53648fe2c
Author: rshafiq <rshafiq@cisco.com>
Date: Mon Feb 6 15:03:24 2023 -0500

copyright: update for year 2023

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 9 Feb 2023 21:25:29 +0000 (21:25 +0000)]

Pull request #3755: appid: add validation for rpcbind universal address

Merge in SNORT/snort3 from ~SATHIRKA/snort3:rpc_bind_uaddr_validate to master

Squashed commit of the following:

commit fff62286d419f493c0882fb1d94b4f3fe21f843a
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Feb 1 10:29:32 2023 -0500

appid: add validation for rpcbind universal address

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Thu, 9 Feb 2023 03:49:01 +0000 (03:49 +0000)]

Pull request #3761: build: generate and tag 3.1.55.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.55.0 to master

Squashed commit of the following:

commit b8adbca0e683e91cc9aed32bf556420d902395a1
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Feb 8 15:53:28 2023 -0500

build: generate and tag 3.1.55.0

commit | commitdiff | tree

Russ Combs (rucombs) [Tue, 7 Feb 2023 19:25:30 +0000 (19:25 +0000)]

Pull request #3757: build: fix configure_cmake.sh 'too many arguments' error

Merge in SNORT/snort3 from ~RUCOMBS/snort3:jem_tcm to master

Squashed commit of the following:

commit 52e2b486adf8562f5c6578a0ab44d6ce3846dcf2
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Feb 7 10:00:51 2023 -0500

build: fix configure_cmake.sh 'too many arguments' error

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 7 Feb 2023 08:59:44 +0000 (08:59 +0000)]

Pull request #3752: detection: add new pegcount

Merge in SNORT/snort3 from ~YCHALOV/snort3:sse_total_distance to master

Squashed commit of the following:

commit f41962a935ec8edf4de99df43bcc569877afc9f8
Author: Yurii Chalov <ychalov@cisco.com>
Date: Thu Jan 26 13:08:52 2023 +0100

detection: add new pegcount

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Mon, 6 Feb 2023 15:23:07 +0000 (15:23 +0000)]

Pull request #3742: appid: updating lua API to accomodate netbios domain extraction, substring search, and substring index.

Merge in SNORT/snort3 from ~AANTONYK/snort3:netbios_donain_name_detection_on_SMB_traffic to master

Squashed commit of the following:

commit 29bf509e59cc0cdbbbe29e1ffe06ed216202325b
Author: Clifford Judge <cljudge@cisco.com>
Date: Mon Apr 25 10:54:52 2022 -0400

appid: updating lua API to accomodate netbios domain extraction, substring search, and substring index.

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 2 Feb 2023 21:48:58 +0000 (21:48 +0000)]

Pull request #3740: appid: Support for IPv4 and IPv6 subnets for First Packet API

Merge in SNORT/snort3 from ~OSTEPANO/snort3:subnet_first_packet_api to master

Squashed commit of the following:

commit f6bcb8fbe09223f566cafc3a40c3e57c174998e0
Author: Umang Sharma <umasharm@cisco.com>
Date: Fri Dec 9 06:38:37 2022 -0500

appid: Support for IPv4 and IPv6 subnets for First Packet API

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 2 Feb 2023 17:40:52 +0000 (17:40 +0000)]

Pull request #3744: appid: First packet detector creation support

Merge in SNORT/snort3 from ~OSTEPANO/snort3:first_packet_detector_builder to master

Squashed commit of the following:

commit 331b2b15dcb8e7157bb2440bc57d32ebb1c01ce7
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Jan 20 13:05:28 2023 -0500

appid: First packet detector creation support in appid detector builder script

commit | commitdiff | tree

Russ Combs (rucombs) [Thu, 2 Feb 2023 16:12:59 +0000 (16:12 +0000)]

Pull request #3739: stream_tcp: fix passive pickups with missing packets

Merge in SNORT/snort3 from ~RUCOMBS/snort3:tcp_fix to master

Squashed commit of the following:

commit 0da36c1f5a12f6d3d74447fc1afc6409f46d83a9
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 18 10:25:07 2023 -0500

    stream_tcp: fix passive pickups with missing packets

    Thanks to nagmtuc and hedayat for reporting and helping debug the issue.

commit | commitdiff | tree

Steve Chew (stechew) [Thu, 2 Feb 2023 14:33:44 +0000 (14:33 +0000)]

Pull request #3745: ssl: refactor client hello sni parsing

Merge in SNORT/snort3 from ~SVLASIUK/snort3:ch_sni_parser to master

Squashed commit of the following:

commit afe66704e8e0249f023fdd6952092227d1af3e64
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Jan 17 13:25:56 2023 +0200

ssl: refactor ssl client hello parser to be used by appid/ssl inspectors

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Tue, 31 Jan 2023 21:51:15 +0000 (21:51 +0000)]

Pull request #3751: appid: use packet thread's odp context instead of inspector's context for packet processing

Merge in SNORT/snort3 from ~SATHIRKA/snort3:reload_fixes to master

Squashed commit of the following:

commit fb0d3790437f4b3974552ca94aa68b186b282fd2
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Jan 20 10:24:30 2023 -0500

appid: use packet thread's odp context instead of inspector's context for packet processing

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 31 Jan 2023 21:05:39 +0000 (21:05 +0000)]

Pull request #3746: wizard: ensure Wizard is refcounted by MagicSplitter to prevent snort crashes due to memory corruption

Merge in SNORT/snort3 from ~JALIIMRA/snort3:umbrella_splitter_crash to master

Squashed commit of the following:

commit 76e78a72a86f276e1aaac1fa21d2d24d19029351
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Jan 23 14:18:11 2023 -0500

wizard: ensure Wizard is refcounted by MagicSplitter to prevent snort crashes due to memory corruption

commit | commitdiff | tree

Shanmugam S (shanms) [Tue, 31 Jan 2023 16:34:00 +0000 (16:34 +0000)]

Pull request #3748: main: Avoid race conditions when accessing id to tid map

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:fix_race_tid to master

Squashed commit of the following:

commit 0cf251b8ff63df57a9bae11d31ef16b7c3bad3e0
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Tue Jan 24 04:08:15 2023 -0500

main: Avoid race conditions when accessing id to tid map

commit | commitdiff | tree

Priyanka Bangalore Gurudev (prbg) [Thu, 26 Jan 2023 23:03:53 +0000 (23:03 +0000)]

Pull request #3750: build: generate and tag 3.1.54.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.54.0 to master

Squashed commit of the following:

commit 7f4326c7c2ba2cdbaa1494f5df4405dec8fb439d
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Jan 26 13:49:35 2023 -0500

build: generate and tag 3.1.54.0

commit | commitdiff | tree

Steve Chew (stechew) [Wed, 25 Jan 2023 20:05:46 +0000 (20:05 +0000)]

Pull request #3749: build: generate and tag 3.1.53.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.53.0 to master

Squashed commit of the following:

commit cd3d7e926d0e257f69663229a6316f36c7956ff4
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Jan 25 11:37:17 2023 -0500

build: generate and tag 3.1.53.0

commit | commitdiff | tree

Shanmugam S (shanms) [Tue, 24 Jan 2023 17:33:24 +0000 (17:33 +0000)]

Pull request #3747: flow: add stream interface to get parent flow from child flow

Merge in SNORT/snort3 from ~ABHPAL/snort3:h3 to master

Squashed commit of the following:

commit 2ae655a6a07a27f45b6b6ecb23665c0dc40eabb5
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Mon Jan 23 18:08:36 2023 +0530

flow: add stream interface to get parent flow from child flow

commit | commitdiff | tree

Russ Combs (rucombs) [Tue, 24 Jan 2023 14:29:09 +0000 (14:29 +0000)]

Pull request #3738: memory: fix unit test build w/o reg test

Merge in SNORT/snort3 from ~RUCOMBS/snort3:mem_test to master

Squashed commit of the following:

commit 7d7cf735582105210f4d51918b0f83dfadec99cf
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Jan 19 00:04:03 2023 -0500

memory: fix unit test build w/o reg test

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Mon, 23 Jan 2023 16:21:34 +0000 (16:21 +0000)]

Pull request #3741: appid: publish tls host set in eve process event handler only when appid discovery is complete

Merge in SNORT/snort3 from ~SATHIRKA/snort3:quic_tls_host to master

Squashed commit of the following:

commit 47919a2706736d804c76dc493c61441d027e6824
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jan 18 10:33:31 2023 -0500

appid: publish tls host set in eve process event handler only when appid discovery is complete

commit | commitdiff | tree

Steven Baigal (sbaigal) [Thu, 19 Jan 2023 23:33:13 +0000 (23:33 +0000)]

Pull request #3697: memory: Added memusage pegs

Merge in SNORT/snort3 from ~AKAYAMBU/snort3:memusage to master

Squashed commit of the following:

commit 3a41f9cd67876831ce9c501f9fed17675f2e4718
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date: Fri Dec 9 06:56:16 2022 -0500

memory: Added memusage pegs

commit | commitdiff | tree

Bhargava Jandhyala (bjandhya) [Thu, 19 Jan 2023 06:15:38 +0000 (06:15 +0000)]

Pull request #3726: file_api: Handling filedata in multithreading context

Merge in SNORT/snort3 from ~PRERAMA2/snort3:file_data_handling to master

Squashed commit of the following:

commit 7727011a1e1005b8b94365be3d7a6960adf672e8
Author: Preethi Ramachandra <prerama2@cisco.com>
Date: Mon Dec 19 10:30:56 2022 +0530

file_api: Handling filedata in multithreading context

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Wed, 18 Jan 2023 16:37:52 +0000 (16:37 +0000)]

Pull request #3731: fp_create: add showing the search algorithm name

Merge in SNORT/snort3 from ~YCHALOV/snort3:hyperscan to master

Squashed commit of the following:

commit 67b1c5d4412a2cedea75b8396843fc8555a8e59e
Author: Yurii Chalov <ychalov@cisco.com>
Date: Wed Jan 11 20:28:44 2023 +0100

detection: show search algorithm configured

commit | commitdiff | tree

Russ Combs (rucombs) [Wed, 18 Jan 2023 15:17:32 +0000 (15:17 +0000)]

Pull request #3737: build: generate and tag 3.1.52.0

Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.52.0 to master

Squashed commit of the following:

commit 5485284744482ab0ba403836875732fedf1dbfc1
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 18 06:11:25 2023 -0500

build: generate and tag 3.1.52.0

commit | commitdiff | tree

Russ Combs (rucombs) [Tue, 17 Jan 2023 22:34:43 +0000 (22:34 +0000)]

Pull request #3733: Memory Updates

Merge in SNORT/snort3 from ~RUCOMBS/snort3:memory_init to master

Squashed commit of the following:

commit e5194f6de9eb80ce8f47ad114ed13edd440690f1
Author: Russ Combs <rucombs@cisco.com>
Date:   Sun Jan 15 07:10:01 2023 -0500

    memory: add regression test hooks

commit fda0e1eb1a540ee8ad2a2256955d7ded488b5f8d
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Jan 13 18:13:01 2023 -0500

    memory: add final epoch to capture stats

    Also rename bookend methods for clarity.

commit d036355f926eacbde336039bd8eb9c023d836e00
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Jan 13 08:29:45 2023 -0500

    memory: fix init sequence

    Thanks to amishmm and Xiche for reporting and debugging the problem.

commit | commitdiff | tree

Steven Baigal (sbaigal) [Tue, 17 Jan 2023 15:37:55 +0000 (15:37 +0000)]

Pull request #3725: rna: reset host_tracker type when its visibility changes

Merge in SNORT/snort3 from ~MKORNAS/snort3:fix_host_type_events to master

Squashed commit of the following:

commit fcfe6e0c73fe2e542f1f09c68b08c2f2e72d4d07
Author: Mikolaj Kornas <mkornas@cisco.com>
Date: Tue Jan 10 06:09:33 2023 -0500

rna: reset host_tracker type when visibility changes

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Mon, 16 Jan 2023 08:13:37 +0000 (08:13 +0000)]

Pull request #3720: src: fix config parsing issues seen on 32bit systems

Merge in SNORT/snort3 from ~ASERBENI/snort3:32bit_issue to master

Squashed commit of the following:

commit 8137a4fca03573398a89f011ce3e66743b9c4154
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Jan 4 17:15:04 2023 +0200

    src: address numbers parsing related concerns

commit 99895d8af9eb73b5646d54dc063322b910e467ea
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Jan 4 15:35:20 2023 +0200

    framework: add strtoul methods to Value class

commit 8e431851bc5416cb845684108d5a3c0a2407ecc3
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Dec 21 16:48:01 2022 +0200

    framework: change range check types to int64_t

    long may not be enough on 32bit platforms, where it's only 4 bytes long. issue initially found with seq ips option, where a valid value of 3,927,875,496 would be perceived as erroneous because it would not fit in 4 byte signed long (max value is 2,147,483,647)

commit 59fec3d494cc8560754123688c4d9de7e216bbee
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Tue Dec 20 14:38:30 2022 -0500

    dce_rpc: add errno resets during uuid parsing

commit | commitdiff | tree

Steven Baigal (sbaigal) [Fri, 13 Jan 2023 15:27:06 +0000 (15:27 +0000)]

Pull request #3711: netflow: grab the proto off of the netflow record - not the wire packet

Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_proto to master

Squashed commit of the following:

commit bffc80a39a33507892dae4a2575544323a7003a7
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Dec 19 15:12:07 2022 -0500

netflow: grab the proto off of the netflow record - not the wire packet

commit | commitdiff | tree

Steve Chew (stechew) [Fri, 13 Jan 2023 15:10:42 +0000 (15:10 +0000)]

Pull request #3730: main: Fix missing include file that caused build error on some platforms.

Merge in SNORT/snort3 from ~STECHEW/snort3:platforms_build_fix to master

Squashed commit of the following:

commit 9b90590454bbfd43f804baa91deade79c86dd9d8
Author: Steve Chew <stechew@cisco.com>
Date: Thu Jan 12 15:19:38 2023 -0500

main: Fix missing include file that caused build error on some platforms.

commit | commitdiff | tree

Bhargava Jandhyala (bjandhya) [Thu, 12 Jan 2023 13:54:59 +0000 (13:54 +0000)]

Pull request #3721: dcerpc: handling dcerpc over smbv2

Merge in SNORT/snort3 from ~VKAMBALA/snort3:psirt_74 to master

Squashed commit of the following:

commit 460a3b2d63914b1422bf3e7d9452facb6c9dd0c6
Author: krishnakanth <vkambala@cisco.com>
Date: Tue Jan 10 14:55:52 2023 +0530

dcerpc: handling dcerpc over smbv2

commit | commitdiff | tree

Russ Combs (rucombs) [Thu, 12 Jan 2023 13:22:00 +0000 (13:22 +0000)]

Pull request #3714: Event driven fw

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:event_driven_fw to master

Squashed commit of the following:

commit 8c782e76e24166ec8f7fec99f7a532816c238fb3
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Jan 6 15:28:48 2023 -0500

    stream: fix iss and irs and mid-stream sent post processing

commit e4b5df660ddb2422335e26b9aa8b4dd99574c8ad
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 13 19:19:05 2022 -0500

    stream: refactor tcp state machine to handle mid-stream flow and more established cases

commit 239472e8bf5924932871e9443581ef12eb23f471
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 13 19:17:49 2022 -0500

    flow: update flow creation to exclude non-syn packets with no payload

commit | commitdiff | tree

Russ Combs (rucombs) [Thu, 12 Jan 2023 13:14:21 +0000 (13:14 +0000)]

Pull request #3728: build: generate and tag 3.1.51.0

Merge in SNORT/snort3 from ~PRBG/snort3:rel_build_3.1.51.0 to master

Squashed commit of the following:

commit 91cec43b99689a40963a1edbfd64f266851923f9
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Jan 11 19:50:28 2023 -0500

build: generate and tag 3.1.51.0

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 10 Jan 2023 22:57:24 +0000 (22:57 +0000)]

Pull request #3718: lua: add Adobe JavaScript related identifiers to snort_defaults

Merge in SNORT/snort3 from ~VHORBATO/snort3:acrobat_js_ids to master

Squashed commit of the following:

commit afeded685032c8baf29ffad53c07a6b9056d1200
Author: vhorbato <vhorbato@cisco.com>
Date: Fri Jan 6 12:03:42 2023 +0200

lua: add Adobe JavaScript related identifiers to snort_defaults

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 10 Jan 2023 21:34:48 +0000 (21:34 +0000)]

Pull request #3722: Add benchmark tests for PDF parser.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:jsn_pdf_bench to master

Squashed commit of the following:

commit 53ece926c098ed146e9e8e284c506767dabf2c64
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Dec 22 16:02:17 2022 +0200

    js_norm: delete unused method

commit f0c0270b07fa72676a91382cea44ea69baaf5d17
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Dec 21 10:49:36 2022 +0200

    js_norm: tune PDF parser performance

    Decrease data chunk size.

commit 97a247bc3236a27a8a91c9b6067214c5fb9333c3
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Dec 15 15:03:01 2022 +0200

    js_norm: add benchmark tests for PDF parser

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Tue, 10 Jan 2023 15:27:09 +0000 (15:27 +0000)]

Pull request #3683: Cip appid support on snort3

Merge in SNORT/snort3 from ~SUBALU/snort3:Cip_Appid to master

Squashed commit of the following:

commit 4de25c9be46823b572bc9a40365966eb587ad4a4
Author: suriya <subalu@cisco.com>
Date: Mon Dec 19 17:51:22 2022 +0530

appid: add support for cip service, client and payload detection

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 10 Jan 2023 14:25:06 +0000 (14:25 +0000)]

Pull request #3713: js_norm: decode UTF-16BE to UTF-8 for JS in PDF

Merge in SNORT/snort3 from ~OSERHIIE/snort3:jsn_pdf_utf16 to master

Squashed commit of the following:

commit 0687ef21316f44f413bdfe8287d8893ce5138e3c
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Thu Dec 15 15:41:25 2022 +0100

    js_norm: decode UTF-16BE to UTF-8 for JS in PDF

        * js_norm: support UTF-16BE in text strings, hexadecimal strings and streams
        * js_norm: add unit test coverage
        * lua: fixup in snort_defaults.lua

commit | commitdiff | tree

Russ Combs (rucombs) [Fri, 6 Jan 2023 16:43:50 +0000 (16:43 +0000)]

Pull request #3664: memory: use the process total instead of per thread totals to enforce cap

Merge in SNORT/snort3 from ~RUCOMBS/snort3:process_memory to master

Squashed commit of the following:

commit 3d3da0fd75a73eb43fd4aa6b7e8e252b9c6ea1ee
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 4 08:31:40 2023 -0500

    memory: rename manager to overloads to better indicate purpose

commit e343738e2b178002b7e8f63f60cdbe7c512499db
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 4 06:37:34 2023 -0500

    memory: update developer notes

commit 7f374a318e87662c1d7766ffd237d65eb605f60f
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Dec 28 09:01:20 2022 -0500

    memory: update stats regardless of state; add unit tests

commit 71822045d1ed62da660573d2c82a5566ba42967d
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Dec 27 09:33:34 2022 -0500

    memory: delete unnecessary includes

commit cc19d105f6b08a7071978de0681fdf840413967e
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Dec 22 16:02:14 2022 -0500

    memory: refactor jemalloc code and add relevant pegs

commit 7e30c6081c4fb0cac8c55658b50d5abfd14bc977
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Nov 23 13:51:30 2022 -0500

    build: exclude unused memory related sources

commit fc74bce73bd0db2b4fd67872615fd3f0dbf0a916
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Nov 23 12:21:38 2022 -0500

    build: error out if both jemalloc and tcmalloc are configured

commit 0663095ec3344f97cb80a9291bda6ed675edd469
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Nov 23 12:18:18 2022 -0500

    memory: incorporate overloads into profiler

commit 7824486ad5799116da4c825d991fc3d9d8e2738f
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Nov 10 14:03:23 2022 -0500

    memory: use the process total instead of per thread totals to enforce cap

    Since Snort doesn't always free memory in the thread that allocated it,
    switch to a process cap enforcement strategy when using jemalloc. To get
    updated stats.allocated it is necessary to bump the epoch, which can be
    expensive, so it is done by the main thread once per interval ms. If
    over limit, each packet thread will prune one flow per packet until the
    prune_target is reached.

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 5 Jan 2023 18:07:52 +0000 (18:07 +0000)]

Pull request #3715: appid: use packet thread's odp context for future flow creation

Merge in SNORT/snort3 from ~SATHIRKA/snort3:future_flow_odpctxt to master

Squashed commit of the following:

commit e11067b4a8b84060118b0378d65d0ed53c2e35b4
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Dec 19 11:10:07 2022 -0500

appid: use packet thread's odp context for future flow creation

commit | commitdiff | tree

Brian Morris (bmorris2) [Thu, 22 Dec 2022 21:46:28 +0000 (21:46 +0000)]

Pull request #3716: main: fix const issues causing compile warnings

Merge in SNORT/snort3 from XTLS/snort3:fix_const to master

Squashed commit of the following:

commit ea95013da782eb675ac52aa6b022aeaa207bc29f
Author: Brian Morris <bmorris2@cisco.com>
Date: Thu Dec 22 20:02:07 2022 +0000

main: fix const issues causing compile warnings

commit | commitdiff | tree

Shanmugam S (shanms) [Thu, 22 Dec 2022 17:06:57 +0000 (17:06 +0000)]

Pull request #3705: watchdog: Add thread id as well for better identification of unresponsive threads

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:watchdog_tid to master

Squashed commit of the following:

commit c21969d8a3bd28db271f2ee069cec9e1a795c25b
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Fri Dec 16 03:08:01 2022 -0500

watchdog: Print thread id as well for better identification of unresponsive threads

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Wed, 21 Dec 2022 12:40:36 +0000 (12:40 +0000)]

Pull request #3706: lua: fix typo in Sensitive Data classifications name

Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_class_typo to master

Squashed commit of the following:

commit 6b94b248d84c41cf1d22cf80683d6c262d126bc5
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Dec 16 15:20:35 2022 +0200

lua: fix typo in Sensitive Data classifications name

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Tue, 20 Dec 2022 15:25:31 +0000 (15:25 +0000)]

Pull request #3703: appid: do not create snmp future flow for udp reversed traffic

Merge in SNORT/snort3 from ~SATHIRKA/snort3:snmp_ff to master

Squashed commit of the following:

commit cd4c269b5e8dc1f86f982509f373ce1ffe3beb4f
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Dec 13 10:01:31 2022 -0500

appid: do not create snmp future flow for udp reversed session

commit | commitdiff | tree

Russ Combs (rucombs) [Tue, 20 Dec 2022 15:11:56 +0000 (15:11 +0000)]

Pull request #3712: build: generate and tag 3.1.50.0

Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.50.0 to master

Squashed commit of the following:

commit c594bb9d814155ee190501120763279f14825f4f
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Dec 19 15:20:23 2022 -0500

build: generate and tag 3.1.50.0

commit | commitdiff | tree

Russ Combs (rucombs) [Mon, 19 Dec 2022 19:00:38 +0000 (19:00 +0000)]

Pull request #3709: smtp: decline fast-pattern buffer request when flow data is not present

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_flow_data_check to master

Squashed commit of the following:

commit fb6ba7116e92a58b804f9fa752abb9a6afa97e81
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Dec 19 14:26:47 2022 +0200

smtp: decline fast-pattern buffer request when flow data is not present

commit | commitdiff | tree

Russ Combs (rucombs) [Sun, 18 Dec 2022 12:02:27 +0000 (12:02 +0000)]

Pull request #3689: Pub ID

Merge in SNORT/snort3 from ~RUCOMBS/snort3:pub_id to master

Squashed commit of the following:

commit 72426605b4c754c0690325e67335d89feec3c78b
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Dec 12 19:57:46 2022 -0500

    pub_sub: refactor includes

commit 8f875bb0e45eba5399e4b749025db394daa0fa30
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:57:28 2022 -0500

    log_hext: convert to use PubKey

commit 05b2273c2db182b1774d64f46f8e6f10829353f0
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:57:11 2022 -0500

    file_api: convert to use PubKeys

commit 55e2cc8568f9f442b4ece4cf2e63e7ef955c68fb
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:56:41 2022 -0500

    service_inspectors: convert to use Pubkeys

commit b8647d99b13b7bb4a199761f99b7fbbd1ce3648e
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:56:22 2022 -0500

    network_inspectors: convert to use Pubkeys

commit 8a5650828de654a6d42c93d3683ffb15dffef87e
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:55:01 2022 -0500

    http_inspect, http2_inspect: convert to use PubKeys

commit 48f7e79bcab8b7d02a554d38de91e8174e990cd6
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:53:22 2022 -0500

    appid: convert to use PubKeys

commit e2fa0a001c6cf9332f48e75c2e68a91e6e8a487c
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:50:29 2022 -0500

    stream: publish events using PubKey

commit d5984eba1201a7c36a20f1398a7c18f610ef86a2
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:49:58 2022 -0500

    framework: publish intrinsic events using PubKey

commit 2ee586558b895b47eb4378b948bb477ea6620d5f
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:48:46 2022 -0500

    flow: publish events using PubKeys

commit 9f79c1a019eba488573c463263806efa0dc70f6b
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:46:59 2022 -0500

    pub_sub: convert from string keys to PubKeys

commit 736d237a71d611e0b7a4f06832e598835bc31b4c
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:43:58 2022 -0500

    data_bus: require key registration for improved publish performance

commit | commitdiff | tree

Russ Combs (rucombs) [Sat, 17 Dec 2022 22:35:02 +0000 (22:35 +0000)]

Pull request #3691: Fc36

Merge in SNORT/snort3 from ~RUCOMBS/snort3:fc36 to master

Squashed commit of the following:

commit 4f9390f1b2414fb2592055501e47707d7b0bdbf3
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Dec 15 13:53:50 2022 -0500

    pop, imap: gracefully decline buffer requests when flow data is not present

commit 65518cead263c7b8990417fd2acb4ea50577c8a3
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Nov 29 23:22:44 2022 -0500

    alert_fast: fix initialization of http_inspect cheat codes

commit 11496a4b6bb98ee69db9fd6cd5f2c084748242f4
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Nov 29 09:01:20 2022 -0500

    host_cache: simplify dump_file with std::string

commit 6a8994a35402695fe73c7c4a948903d3a94c5d06
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Nov 29 08:58:18 2022 -0500

    host_cache: fix initialization from Lua

commit c009d930c5ddb5d00928dd11fa4cdd33d1aeea04
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Nov 28 16:09:54 2022 -0500

    config: ensure table state is reset when starting a new shell

commit c3ec2dcb0c3ea36ec22ef9ea6e6159a9cc19d45c
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Nov 26 14:57:19 2022 -0500

    talos: fix tweaks for the daq module

commit | commitdiff | tree

Russ Combs (rucombs) [Sat, 17 Dec 2022 22:13:13 +0000 (22:13 +0000)]

Pull request #3704: build: generate and tag 3.1.49.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.49.0 to master

Squashed commit of the following:

commit 98957f0761a73601e6a11f626b8ff975e93c6f7a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Dec 15 16:54:01 2022 -0500

build: generate and tag 3.1.49.0

commit | commitdiff | tree

Steven Baigal (sbaigal) [Wed, 14 Dec 2022 15:18:26 +0000 (15:18 +0000)]

Pull request #3702: stream: ignore PAWS timestamp checks when in no_ack mode

Merge in SNORT/snort3 from ~JALIIMRA/snort3:paws_ts_check to master

Squashed commit of the following:

commit f7307eba55b333bd74d32b466d686176a6edf5f3
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Wed Dec 7 10:26:07 2022 -0500

stream: ignore PAWS timestamp checks when in no_ack mode

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Wed, 14 Dec 2022 14:38:06 +0000 (14:38 +0000)]

Pull request #3696: ips_options: fix offset related bug in byte_test eval()

Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_byte_test to master

Squashed commit of the following:

commit 1ef48b5e9e068f1b67c187635f31fd4f63676379
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date:   Wed Dec 7 17:04:36 2022 +0200

    ips_options: fix offset related bug in byte_test eval()

    * moved truncation of string from ips_byte_test eval() to extract data_extraction(),
      so all byte_ options have the same logic;
    * added unit tests to verify proper work with negative offset
      on the last byte of buffer;
    * added unit tests for all byte_ options to check situation when bytes_to_extract bigger
      then amount of bytes left in the buffer;
    * updated documentation and help option with info about string truncation;

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 13 Dec 2022 18:42:35 +0000 (18:42 +0000)]

Pull request #3701: doc: add decompression mention to js_norm reference

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_pdf_stream to master

Squashed commit of the following:

commit f87c4484534feaca0495aef61aa35564ed1a1f53
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Dec 12 08:54:23 2022 +0200

doc: add decompression mention to js_norm reference

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Tue, 13 Dec 2022 18:42:24 +0000 (18:42 +0000)]

Pull request #3698: js_norm: add PDF stream processing

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_pdf_stream to master

Squashed commit of the following:

commit e4712275b6662de60d9dca67031bf693cfcf896c
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Dec 5 17:31:18 2022 +0200

js_norm: add PDF stream processing

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Mon, 12 Dec 2022 19:22:43 +0000 (19:22 +0000)]

Pull request #3699: doc: update user/js_norm.txt for PDF in email protocols

Merge in SNORT/snort3 from ~OSERHIIE/snort3:doc_jsn_others to master

Squashed commit of the following:

commit ffcf5576295b519ce8c3feb8d35606a42de9aac2
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Dec 8 12:33:48 2022 +0100

doc: update user/js_norm.txt for PDF in email protocols

commit | commitdiff | tree

Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) [Mon, 12 Dec 2022 19:22:15 +0000 (19:22 +0000)]

Pull request #3700: js_norm: add support for email protocols

Merge in SNORT/snort3 from ~OSERHIIE/snort3:jsn_others to master

Squashed commit of the following:

commit ca987f6324421b17f3fd2d0bdd39c6a65e4cda8c
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Dec 2 16:11:01 2022 +0200

    js_norm: add support for email protocols

        * js_norm: move JS PDF normalizer to a common directory
        * js_norm: turn API classes to SO PUBLIC
        * http_inspect: update js_pdf_scripts peg description
        * imap: add JSN for PDF attachments
        * pop: add JSN for PDF attachments
        * smtp: add JSN for PDF attachments
        * update dev_notes

commit | commitdiff | tree

Sreeja Athirkandathil Narayanan (sathirka) [Thu, 8 Dec 2022 16:44:34 +0000 (16:44 +0000)]

Pull request #3692: appid: fixed assert condition for odp_ctxt and odp_thread_local_ctxt

Merge in SNORT/snort3 from ~BSACHDEV/snort3:luafix to master

Squashed commit of the following:

commit 3f1bad59caaea21559a1189d92263fd90da06a9e
Author: bsachdev <bsachdev@cisco.com>
Date: Fri Dec 2 11:43:52 2022 -0500

appid: fixed assert condition for odp_ctxt and odp_thread_local_ctxt

Mirror of https://github.com/snort3/snort3.git