Pull request #4706: build: generate and tag 3.7.3.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.7.3.0 to master

Squashed commit of the following:

commit f76d18521571fb953de123b540e13d0082937a73
Author: Priyanka Gurudev <prbg@cisco.com>
Date:   Sun Apr 20 11:49:44 2025 -0400

    build: generate and tag 3.7.3.0

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c20226af8e0f6c200beb2c71bef4cc8d8d00b9fe..fb5e608a8c1aa0fd95655bc06d08337d2d04433d 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ project (snort CXX C)
 
 set (VERSION_MAJOR 3)
 set (VERSION_MINOR 7)
-set (VERSION_PATCH 2)
+set (VERSION_PATCH 3)
 set (VERSION_SUBLEVEL 0)
 set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
 

diff --git a/ChangeLog.md b/ChangeLog.md
index 4077c6530a1add992b99dcc7cfd5f4415ca42bfd..063b5482d664b52cd98319c83921c4b4f069b00a 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,29 @@
+2025-04-20: 3.7.3.0
+
+* appid: added caching for dns detector
+* appid: fixed unknown payload case for domain fronting
+* control: fix data race in ControlConn touch method
+* dns: handle multi transaction-IDs in single DNS-UDP flow
+* extractor: enable TSV(Tab-Separated Values) formatting
+* extractor: extend dns logging
+* extractor: fix static checker warning
+* extractor: make parsing more strict
+* extractor: simplify CSV logger implementation and add configurable delimiter
+* filters: initialize struct fields when instance is defined
+* flow: fix coverity SWAPPED ARGUMENTS and Y2K38_SAFETY issues
+* helpers: validate input from conf file to verify port number string is valid digits
+* host_tracker: recode while loop to avoid bogus coverity infinite loop warning
+* http2_inspect: added settings_max_frame_size parameter and built-in rule 121:44 to check for max frame size
+* http: initialize class member variables in the ctor
+* ips_options: allocate large buffer for base64 decode from heap instead of on stack
+* loggers: allocate large buffer for writing unified2 extra data from heap instead of stack
+* main: added show_snort_packet_latency() help command support
+* main: do not collect configurations for utility shells
+* main: redirect stdin, stdout, stderr to /dev/null with the freopen system call
+* main: refactor signal handling switch statement, return codes and FatalError
+* managers: use std::move to pass shared ptr to new owner to avoid a copy
+* packet_capture: rename pcaps and change default values
+
 2025-03-30: 3.7.2.0
 
 * appid: added flag to inspect out-of-order packets

diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text
index 1eb2b411b60c553d4715296c06f26cbe287a5e83..13585ae90bfa3f4abc03e3c00b7d9b2c29b6d398 100644 (file)
--- a/doc/reference/snort_reference.text
+++ b/doc/reference/snort_reference.text
@@ -8,7 +8,7 @@ Snort 3 Reference Manual
 The Snort Team
 
 Revision History
-Revision 3.7.2.0 2025-03-30 22:14:23 EDT TST
+Revision 3.7.3.0 2025-04-20 11:40:57 EDT TST
 
 ---------------------------------------------------------------------
 
@@ -1799,6 +1799,7 @@ Commands:
     logging
   * snort.show_config_generation(): show loaded configuration ID
   * snort.show_snort_cpu(): show snort cpu usage
+  * snort.show_snort_packet_latency(): show snort packet latency data
   * snort.pause(): suspend packet processing
   * snort.resume(pkt_num): continue packet processing. If number of
     packets is specified, will resume for n packets and pause
@@ -3625,7 +3626,7 @@ Instance Type: global
 Configuration:
 
   * enum extractor.formatting = csv: output format for extractor { 
-    csv | json }
+    csv | tsv | json }
   * string extractor.connector: output destination for extractor
   * enum extractor.time = unix: output format for timestamp values { 
     snort | snort_yy | unix | unix_s | unix_us }
@@ -3925,6 +3926,9 @@ Configuration:
   * int http2_inspect.concurrent_streams_limit = 100: Maximum number
     of concurrent streams allowed in a single HTTP/2 flow { 100:1000
     }
+  * int http2_inspect.settings_max_frame_size = 16777215: Maximum
+    allowed value for settings frame SETTINGS_MAX_FRAME_SIZE {
+    16384:16777215 }
 
 Rules:
 
@@ -3990,6 +3994,8 @@ Rules:
   * 121:42 (http2_inspect) too many unacknowledged settings
   * 121:43 (http2_inspect) setting acknowledgment without actual
     settings
+  * 121:44 (http2_inspect) settings frame size greater than
+    settings_max_frame_size
 
 Peg counts:
 
@@ -4861,7 +4867,7 @@ Configuration:
     packet headers
   * string packet_capture.capture_path: directory path to capture
     pcaps
-  * int packet_capture.max_packet_count = 1000000: cap the number of
+  * int packet_capture.max_packet_count = 0: cap the number of
     packets per thread { 0:max32 }
 
 Commands:
@@ -9917,7 +9923,7 @@ libraries see the Getting Started section of the manual.
   * enum extractor.default_filter = pick: default action for protocol
     with no filter provided { pick | skip }
   * enum extractor.formatting = csv: output format for extractor { 
-    csv | json }
+    csv | tsv | json }
   * string extractor.protocols[].fields: specify fields to log
   * string extractor.protocols[].on_events: specify events to log
   * enum extractor.protocols[].service: service to extract from { 
@@ -10108,6 +10114,9 @@ libraries see the Getting Started section of the manual.
   * int http2_inspect.concurrent_streams_limit = 100: Maximum number
     of concurrent streams allowed in a single HTTP/2 flow { 100:1000
     }
+  * int http2_inspect.settings_max_frame_size = 16777215: Maximum
+    allowed value for settings frame SETTINGS_MAX_FRAME_SIZE {
+    16384:16777215 }
   * implied http_cookie.request: match against the cookie from the
     request message even when examining the response
   * implied http_cookie.with_body: option is no longer used and will
@@ -10614,7 +10623,7 @@ libraries see the Getting Started section of the manual.
     capturing
   * int packet_capture.group = -1: group filter to use for packet
     capturing { -1:32767 }
-  * int packet_capture.max_packet_count = 1000000: cap the number of
+  * int packet_capture.max_packet_count = 0: cap the number of
     packets per thread { 0:max32 }
   * string packet_capture.tenants: comma-separated tenants filter to
     use for packet capturing
@@ -14750,6 +14759,12 @@ More than 6 unacknowledged settings frames.
 
 Unexpected settings ACK.
 
+121:44 (http2_inspect) settings frame size greater than
+settings_max_frame_size
+
+SETTINGS_MAX_FRAME_SIZE value sent in HTTP/2 settings frame is
+greater than maximum value, as configured by settings_max_frame_size.
+
 122:1 (port_scan) TCP portscan
 
 Basic one host to one host TCP portscan where multiple TCP ports are
@@ -16399,6 +16414,7 @@ alert is raised by the enhanced JavaScript normalizer.
     logging
   * snort.show_config_generation(): show loaded configuration ID
   * snort.show_snort_cpu(): show snort cpu usage
+  * snort.show_snort_packet_latency(): show snort packet latency data
   * snort.pause(): suspend packet processing
   * snort.resume(pkt_num): continue packet processing. If number of
     packets is specified, will resume for n packets and pause

diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text
index ff1af9d3b48ec088d0db92bb312123ca8cbb34b7..a061727532634d5e98de78c1b50a719aa7e2a85d 100644 (file)
--- a/doc/upgrade/snort_upgrade.text
+++ b/doc/upgrade/snort_upgrade.text
@@ -8,7 +8,7 @@ Snort 3 Upgrade Manual
 The Snort Team
 
 Revision History
-Revision 3.7.2.0 2025-03-30 22:15:00 EDT TST
+Revision 3.7.3.0 2025-04-20 11:41:49 EDT TST
 
 ---------------------------------------------------------------------
 

diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text
index 92c18089588bb8fb4d5a4040cd167c69f6d1690b..1645015fe4408e02686dc2a9636e7828d930b807 100644 (file)
--- a/doc/user/snort_user.text
+++ b/doc/user/snort_user.text
@@ -8,7 +8,7 @@ Snort 3 User Manual
 The Snort Team
 
 Revision History
-Revision 3.7.2.0 2025-03-30 22:14:35 EDT TST
+Revision 3.7.3.0 2025-04-20 11:41:15 EDT TST
 
 ---------------------------------------------------------------------
 
@@ -4817,6 +4817,12 @@ concurrently in a single HTTP/2 flow. The default and minimum
 configurable value is 100. It can be configured up to a maximum of
 1000.
 
+5.11.2.2. settings_max_frame_size
+
+This sets the maximum allowed value for settings frame
+SETTINGS_MAX_FRAME_SIZE. The default and max value is 16777215. The
+minimum configurable value is 16384.
+
 5.11.3. Detection rules
 
 Since HTTP/2 traffic is processed through the HTTP inspector, all of
@@ -5974,10 +5980,17 @@ Fields supported for DNS:
   * RA - A boolean, denotes the availability of recursive query
     support at the server
   * Z - A 3 bit integer set to 0 unless DNSSEC is used (see RFC 2535)
-  * answers - The list of answers to the query, only A and AAAA types
-    are currently supported
+  * answers - The list of answers to the query
+  * TTLs - The list of caching intervals for the corresponding
+    answers
   * rejected - A boolean, true when the server responds with an error
     code and no query
+  * auth - The list of authoritative responses
+  * addl - The list of additional responses
+
+In the answers, auth, and addl lists the decoding of the following RR
+types is supported: A, AAAA, CNAME, DS, MX, NS, NSEC, PTR, RRSIG,
+SOA, TXT
 
 Fields supported for connection: