From: Priyanka Bangalore Gurudev (prbg) Date: Mon, 31 Mar 2025 17:29:53 +0000 (+0000) Subject: Pull request #4681: build: generate and tag 3.7.2.0 X-Git-Tag: 3.7.2.0^0 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=9c496139a1d51a2058ec01c39f8ae0527fcecdc4;p=thirdparty%2Fsnort3.git Pull request #4681: build: generate and tag 3.7.2.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.7.2.0 to master Squashed commit of the following: commit 7efd9bbf77cdcb9923acb17a0214ed8e48689a51 Author: Priyanka Gurudev Date: Sun Mar 30 22:19:53 2025 -0400 build: generate and tag 3.7.2.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 643775375..c20226af8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 7) -set (VERSION_PATCH 1) +set (VERSION_PATCH 2) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index bbb452825..4077c6530 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,26 @@ +2025-03-30: 3.7.2.0 + +* appid: added flag to inspect out-of-order packets +* appid: modified shadow traffic status to default +* connectors: new unix domain connector +* dce_rpc: ignoring false positives and fixing spell checks +* dns: pass packet in DnsResponseEvent +* dump_config: include PID into dump file name +* file_api: making current_context as nullptr before it gets the value of ctx and removing redundant check +* imap:pop: delete if expression that compared session flag to the packet_flag filed +* main: initialize openssl at startup +* packet_capture: support packet capture limit and location +* packet_capture: use existing util function to check directory path +* pub_sub: basic framework with skeleton APIs multiprocess databus +* stream_tcp: eliminate redundant calls to initialize the normalizer policy +* stream_tcp: initialize each tracker's normalizer for missed 3whs behavior invidually when the initial packet is processed by the tracker +* stream_tcp: make member variables private to improve tracker class encapsulation +* stream_tcp: only allow legacy OS and FIRST normalizer policies to be configurable. Proxy and missed 3whs modes are determined dynamically per flow +* stream_tcp: reduce verbosity of packet tracer log messages for normalizer initialization actions +* stream_tcp: rename OS policy names to prevent conflict with existing macros +* stream_tcp: split StreamPolicy enum into enums specific to normalization and to overlap resolution +* unified2: add packet dump to unified event with reassembled udp packet + 2025-03-11: 3.7.1.0 * appid: added publishing of domain fronting event diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 8ebe20052..1eb2b411b 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.7.1.0 2025-03-12 00:16:10 EDT TST +Revision 3.7.2.0 2025-03-30 22:14:23 EDT TST --------------------------------------------------------------------- @@ -911,7 +911,7 @@ Configuration: | bsd | bsd_right | last | windows | solaris } * enum hosts[].tcp_policy: TCP reassembly policy { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | - hpux10 | windows | win_2003 | vista | proxy | asymmetric } + hpux10 | windows | win_2003 | vista } * string hosts[].services[].name: service identifier * enum hosts[].services[].proto = tcp: IP protocol { tcp | udp } * port hosts[].services[].port: port number @@ -1643,8 +1643,8 @@ Configuration: Operation * implied snort.--enable-test-features: enable features used in testing - * string snort.--gen-dump-config: dump configuration to - during startup and configuration reload + * string snort.--gen-dump-config: dump configuration to a + file during startup and configuration reload * implied snort.--gen-msg-map: dump configured rules in gen-msg.map format for use by other tools * implied snort.--help: show help overview @@ -2649,18 +2649,22 @@ Usage: global Configuration: * string unixdomain_connector[].connector: connector name - * str_list unixdomain_connector[].paths: list of paths to the remote - end-points - * bool unixdomain_connector[].conn_retries: retries to establish connection - enabled or not - * enum unixdomain_connector[].setup: stream establishment { call | answer} - * int unixdomain_connector[].retry_interval: retry interval in seconds - * int unixdomain_connector[].max_retries: maximum number of retries + * str_list unixdomain_connector[].paths: list of paths to remote + end-point + * bool unixdomain_connector[].conn_retries = false: retries to + establish connection enabled or not + * enum unixdomain_connector[].setup: stream establishment { call | + answer } + * int unixdomain_connector[].retry_interval = 4: retry interval in + seconds { 1:50 } + * int unixdomain_connector[].max_retries = 5: maximum number of + retries { 1:50 } Peg counts: * unixdomain_connector.messages: total messages (sum) + --------------------------------------------------------------------- 5. Inspector Modules @@ -4855,11 +4859,15 @@ Configuration: use for packet capturing * bool packet_capture.check_inner_pkt = true: apply filter on inner packet headers + * string packet_capture.capture_path: directory path to capture + pcaps + * int packet_capture.max_packet_count = 1000000: cap the number of + packets per thread { 0:max32 } Commands: - * packet_capture.enable(filter, group, tenants, check_inner_pkt): - capture raw packets + * packet_capture.enable(filter, group, tenants, check_inner_pkt, + capture_path, max_packet_count): capture raw packets * packet_capture.disable(): stop packet capturing Peg counts: @@ -6089,7 +6097,7 @@ Configuration: * enum stream_tcp.policy = bsd: determines operating system characteristics like reassembly { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | hpux10 | - windows | win_2003 | vista | proxy | asymmetric } + windows | win_2003 | vista } * bool stream_tcp.reassemble_async = true: queue data for reassembly before traffic is seen in both directions * int stream_tcp.require_3whs = -1: deprecated: use @@ -9345,8 +9353,8 @@ libraries see the Getting Started section of the manual. the version * --enable-inline-test enable Inline-Test Mode Operation * --enable-test-features enable features used in testing - * --gen-dump-config dump configuration to - during startup and configuration reload + * --gen-dump-config dump configuration to a file during + startup and configuration reload * --gen-msg-map dump configured rules in gen-msg.map format for use by other tools * --help show help overview @@ -10092,7 +10100,7 @@ libraries see the Getting Started section of the manual. * enum hosts[].services[].proto = tcp: IP protocol { tcp | udp } * enum hosts[].tcp_policy: TCP reassembly policy { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | - hpux10 | windows | win_2003 | vista | proxy | asymmetric } + hpux10 | windows | win_2003 | vista } * addr host_tracker[].ip: hosts address / cidr * port host_tracker[].services[].port: port number * enum host_tracker[].services[].proto: IP protocol { ip | tcp | @@ -10597,6 +10605,8 @@ libraries see the Getting Started section of the manual. * bool output.verbose = false: be verbose (same as -v) * bool output.wide_hex_dump = false: output 20 bytes per lines instead of 16 when dumping buffers + * string packet_capture.capture_path: directory path to capture + pcaps * bool packet_capture.check_inner_pkt = true: apply filter on inner packet headers * bool packet_capture.enable = false: state of packet capturing @@ -10604,6 +10614,8 @@ libraries see the Getting Started section of the manual. capturing * int packet_capture.group = -1: group filter to use for packet capturing { -1:32767 } + * int packet_capture.max_packet_count = 1000000: cap the number of + packets per thread { 0:max32 } * string packet_capture.tenants: comma-separated tenants filter to use for packet capturing * bool packets.address_space_agnostic = false: determines whether @@ -11173,8 +11185,8 @@ libraries see the Getting Started section of the manual. testing * implied snort.-f: turn off fflush() calls after binary log writes * int snort.-G: <0xid> (same as --logid) { 0:65535 } - * string snort.--gen-dump-config: dump configuration to - during startup and configuration reload + * string snort.--gen-dump-config: dump configuration to a + file during startup and configuration reload * implied snort.--gen-msg-map: dump configured rules in gen-msg.map format for use by other tools * string snort.-g: run snort gid as group (or gid) @@ -11464,7 +11476,7 @@ libraries see the Getting Started section of the manual. * enum stream_tcp.policy = bsd: determines operating system characteristics like reassembly { first | last | linux | old_linux | bsd | macos | solaris | irix | hpux11 | hpux10 | - windows | win_2003 | vista | proxy | asymmetric } + windows | win_2003 | vista } * int stream_tcp.queue_limit.asymmetric_ids_flush_threshold = 3145728: max bytes queued on asymmetric flow before flush in IDS mode { 1:max31 } @@ -11587,6 +11599,17 @@ libraries see the Getting Started section of the manual. is unlimited) { 0:maxSZ } * bool unified2.nostamp = true: append file creation time to name (in Unix Epoch format) + * string unixdomain_connector[].connector: connector name + * bool unixdomain_connector[].conn_retries = false: retries to + establish connection enabled or not + * int unixdomain_connector[].max_retries = 5: maximum number of + retries { 1:50 } + * str_list unixdomain_connector[].paths: list of paths to remote + end-point + * int unixdomain_connector[].retry_interval = 4: retry interval in + seconds { 1:50 } + * enum unixdomain_connector[].setup: stream establishment { call | + answer } * interval urg.~range: check if tcp urgent offset is in given range { 0:65535 } * int_list vlan.extra_tpid_ether_types = 0x9100 0x9200: set @@ -12921,6 +12944,7 @@ libraries see the Getting Started section of the manual. * udp.bad_udp4_checksum: nonzero udp over ipv4 checksums (sum) * udp.bad_udp6_checksum: nonzero udp over ipv6 checksums (sum) * udp.checksum_bypassed: checksum calculations bypassed (sum) + * unixdomain_connector.messages: total messages (sum) * wizard.tcp_hits: tcp identifications (sum) * wizard.tcp_misses: tcp searches abandoned (sum) * wizard.tcp_scans: tcp payload scans (sum) @@ -16323,8 +16347,8 @@ alert is raised by the enhanced JavaScript normalizer. cache segment(s) * network.set_policy(id): set the network policy for commands given the user policy id - * packet_capture.enable(filter, group, tenants, check_inner_pkt): - capture raw packets + * packet_capture.enable(filter, group, tenants, check_inner_pkt, + capture_path, max_packet_count): capture raw packets * packet_capture.disable(): stop packet capturing * packet_tracer.enable(proto, src_ip, src_port, dst_ip, dst_port, tenants): enable packet tracer debugging @@ -16802,6 +16826,8 @@ and are not applicable elsewhere. * udp (codec): support for user datagram protocol * unified2 (logger): output event and packet in unified2 format file + * unixdomain_connector (connector): implement the unix domain + stream connector * urg (ips_option): detection for TCP urgent pointer * vba_data (ips_option): rule option to set the detection cursor to the MS Office Visual Basic for Applications macros buffer @@ -16876,6 +16902,8 @@ and are not applicable elsewhere. * connector::std_connector: implement the stdout/stdin based connector * connector::tcp_connector: implement the tcp stream connector + * connector::unixdomain_connector: implement the unix domain stream + connector * inspector::appid: application and service identification * inspector::appid_listener: log selected published data to appid_listener.log diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 67b4f4b9d..ff1af9d3b 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.7.1.0 2025-03-12 00:16:50 EDT TST +Revision 3.7.2.0 2025-03-30 22:15:00 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 737c25657..92c180895 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.7.1.0 2025-03-12 00:16:23 EDT TST +Revision 3.7.2.0 2025-03-30 22:14:35 EDT TST --------------------------------------------------------------------- @@ -2761,9 +2761,9 @@ The dump mode is activated by the following options: --dump-config-text, --dump-config=all, --dump-config=top. They are described in detail below. -The --gen-dump-config option enables Snort to generate a dump -configuration file with a timestamp and config generation ID during -startup and reload. +The --gen-dump-config option enables Snort to dump +configuration to a file with PID, timestamp, and config generation ID +during startup and reload. The simple configuration is used in examples. The output contains applied configurations (defaults and configured). To simplify the