git.ipfire.org Git - thirdparty/snort3.git/log

Pull request #3373: ips_bag2

Merge in SNORT/snort3 from ~RUCOMBS/snort3:ips_bag2 to master

Squashed commit of the following:

commit faebae4e783ceb1e110663326756a87ba83510fe
Author: russ <rucombs@cisco.com>
Date:   Thu Apr 14 11:26:01 2022 -0400

    mms_data: make a fast pattern buffer

    Also some minor refactoring of related framework code.

commit aca6b04e9c610ecff216e28c549176a1f5962aa4
Author: russ <rucombs@cisco.com>
Date:   Tue Apr 12 13:31:08 2022 -0400

    ips_options: eliminate obsolete RULE_OPTION_TYPE_BUFFER_*

commit 75469d9cb9528a1952390d961a32199653678a3e
Author: russ <rucombs@cisco.com>
Date:   Mon Apr 11 16:26:00 2022 -0400

    conf: add cip and s7commplus to the default snort.lua

commit ed2856e6e08ef74187dda09c095177f8fd5fcd18
Author: russ <rucombs@cisco.com>
Date:   Sun Apr 10 16:03:51 2022 -0400

    raw_data: only search pkt_data if no alt buffer or raw_data rules included in group

commit f3d69b64eba4a520d2d782f2b4507ddb4f42d7f3
Author: russ <rucombs@cisco.com>
Date:   Sat Apr 9 22:13:44 2022 -0400

    detection: remove now obsolete get buf support

    The only remaining inspection buffer provided by multiple inspectors
    is vba_data. pkt_data and file_data are pushed to the detection engine.
    alt_data is pushed as well but is used where pkt_data is used. All other
    buffers are provided by solely by individual inspector ips options.
    (http2 just internally uses http_* buffers.)

commit f79e200c64a8de929764cded5dc10f8022fd429b
Author: russ <rucombs@cisco.com>
Date:   Fri Apr 8 18:27:40 2022 -0400

    ips: eliminate direct dependence on get_fp_buf of all ibt (by using rule options)

commit e54fa287fd110a6d7634ed22d9fcd43297b6490c
Author: russ <rucombs@cisco.com>
Date:   Fri Apr 8 06:08:01 2022 -0400

    service inspectors: update fast pattern access

commit 9d6477ebb015e2ddfdcf80aece115da3d21867b0
Author: russ <rucombs@cisco.com>
Date:   Fri Apr 8 02:59:57 2022 -0400

    detection: rearrange startup rule counts

commit d22ea5aeda36790a229a24226e9a5a5c509fc057
Author: russ <rucombs@cisco.com>
Date:   Thu Apr 7 15:49:47 2022 -0400

    ips: eliminate PM_TYPE_* to make fast pattern buffers generic

commit a49cd8f04e54c86228e45e3316c2f06769782fe2
Author: russ <rucombs@cisco.com>
Date:   Wed Apr 6 16:52:20 2022 -0400

    detection: add missing fast pattern buffer translations

commit 1ba179ea66d4050f3c57bd1d3fcc884106b08409
Author: russ <rucombs@cisco.com>
Date:   Tue Apr 5 17:53:12 2022 -0400

    inspectors: add / update api buffer lists

commit 127236881855c6230d413acdbae95320fbacf80c
Author: russ <rucombs@cisco.com>
Date:   Tue Apr 5 17:52:12 2022 -0400

    bufferlen: add missing relative override

commit 774a078e38b90fa610d70a3663383a260d8361f9
Author: russ <rucombs@cisco.com>
Date:   Mon Apr 4 10:09:04 2022 -0400

    ips_options: fix cursor action type overrides

commit 07fbe66bba3a81f4f8dbe3e8dcb4a351b22344b1
Author: russ <rucombs@cisco.com>
Date:   Mon Apr 4 08:41:42 2022 -0400

    detection: make CursorActionType generic

commit c7063241d67718633e5c533ea49ab9defd736f1e
Author: russ <rucombs@cisco.com>
Date:   Mon Apr 4 07:18:46 2022 -0400

    detection: map buffers to services

commit 0837fc34448a36c6a817491c916cda319e335112
Author: russ <rucombs@cisco.com>
Date:   Sun Apr 3 07:13:10 2022 -0400

    ips: further limit port group rules

    Rules with buffers that imply services go only in service groups.

commit eba1ff1bad596d1222b1dc934235ad29c929445a
Author: russ <rucombs@cisco.com>
Date:   Sun Apr 3 07:10:30 2022 -0400

    content: auto no-case non-alpha patterns

Pull request #3389: host_cache: fix unit test broken on some platforms

Merge in SNORT/snort3 from ~SMINUT/snort3:host_cache_test_fix to master

Squashed commit of the following:

commit f15830798d33af96629bfac0ead75ee2cd743209
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Apr 20 10:59:58 2022 -0400

host_cache: fix unit test broken on some platforms

Pull request #3378: Peg counts for bytes and number of items in use for various caches

Merge in SNORT/snort3 from ~SMINUT/snort3:memory_pegs_now to master

Squashed commit of the following:

commit b229d5b046d97cba62377ea028f0a4892c1cd82a
Author: Silviu Minut <sminut@cisco.com>
Date:   Sun Apr 17 08:40:40 2022 -0400

    module_manager: fix memory pegs display issue during packet processing, while also correctly computing the memory pegs in Analyzer::term

commit ac3e69171f9a9dc5e13bbe416418893ed791f1ee
Author: Silviu Minut <sminut@cisco.com>
Date:   Mon Mar 28 18:04:19 2022 -0400

    stream: add current_flows, uni_flows and uni_ip_flows peg counts

commit 014af9aa055dffae340d7e789258535ba820cf40
Author: Silviu Minut <sminut@cisco.com>
Date:   Thu Mar 24 20:54:28 2022 -0400

    appid: add bytes_in_use and items_in_use peg counts

commit b23c2063e089dfd6388bab6ff68737d9b94f706e
Author: Silviu Minut <sminut@cisco.com>
Date:   Thu Mar 24 19:35:12 2022 -0400

    host_cache: bytes_in_use and items_in_use peg counts

Pull request #3381: framework: make Cursor SO_PUBLIC

Merge in SNORT/snort3 from ~KATHARVE/snort3:cursor_so_public to master

Squashed commit of the following:

commit e207201c711459aea2eea09b796000d421b2ce93
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Apr 18 16:01:55 2022 -0400

framework: make Cursor SO_PUBLIC

Pull request #3382: smtp: SMTPData initialization changed from memset to constructor

Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtp_structure_initializer to master

Squashed commit of the following:

commit 60fb39c75b9b86611d80d78ce96858d8e40a062a
Author: ostepano <ostepano@cisco.com>
Date: Mon Apr 18 17:10:40 2022 -0400

smtp: SMTPData initialization changed from memset to constructor

Pull request #3365: dce_rpc: Handling only named ioctls for smb

Merge in SNORT/snort3 from ~BSACHDEV/snort3:dce_ss_crash_2 to master

Squashed commit of the following:

commit 1d77d1119629f9cd241577206b5bb64328b548fd
Author: bsachdev <bsachdev@cisco.com>
Date: Sun Mar 20 23:51:38 2022 -0400

dce_rpc: Handling only named ioctls for smb

Signed-off-by: bsachdev <bsachdev@cisco.com>

Pull request #3207: Mms service inspector

Merge in SNORT/snort3 from ~JRITTLE/snort3:mms_service_inspector to master

Squashed commit of the following:

commit 748bd178828da9d67a303ee24971f03ff0bc7e4f
Author: jrittle <jrittle@cisco.com>
Date: Fri Jul 2 14:04:54 2021 -0400

mms: adding new service inspector for the IEC61850 MMS protocol

Pull request #3248: mms: adding mms documentation to the snort3 manual

Merge in SNORT/snort3 from ~JRITTLE/snort3:doc_mms_service_inspector to master

Squashed commit of the following:

commit 9901175198be7125a8fdabb1fc3c0e36a3046400
Author: jrittle <jrittle@cisco.com>
Date: Mon Dec 6 19:21:36 2021 -0500

mms: adding manual updates for the new service inspector for the IEC61850 MMS protocol

Pull request #3371: Fix most of the perf drop from multi-tenant code

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:perf to master

Squashed commit of the following:

commit c14d36a3e41f083d4a80199b22b40b601166419f
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Mon Apr 11 09:58:36 2022 -0400

    flow: only select policies when deleting flow data if there is a policy selector

commit c38b0b61f1a9b8a7e359ff81a5468a59567a5260
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Sun Apr 10 16:26:12 2022 -0400

    flow, snort_config: change service back to a pointer and add a method to return a non-volatile pointer for service

commit a9b120ee80a12c64e59f475f56db4477ffc88c08
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Apr 7 11:14:26 2022 -0400

    flow: use a flag instead off shared pointer use count for has service check

commit 429fa43a6346f6e67e2ddb98238e2fc1f340aaa3
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Apr 1 12:32:23 2022 -0400

    flow, managers, binder: only publish flow state reloaded event from internal execute

commit 4f2429b5140895ea377a49029e387f5b509de5ca
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Mar 31 14:09:29 2022 -0400

    main: check policy exists instead of index when setting network policy
    by id

Pull request #3377: appid: ssl service detection for segmented server hello done

Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_validate_bug to master

Squashed commit of the following:

commit c7658c09fd53b9e72ce900d671d21ea3e960de66
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Apr 11 12:49:24 2022 -0400

appid: ssl service detection for segmented server hello done

Pull request #3374: An update for parser dev notes.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:doc_ips to master

Squashed commit of the following:

commit bd52c251919b13e11d0019407621b60ad64ab0c7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Apr 13 15:31:20 2022 +0300

parser: update dev notes

Pull request #3361: binder: Add binder action handling on service change

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:binder_flow_change_action to master

Squashed commit of the following:

commit b57a7773c54c8c65f35d19a7f4c596e6a1ddad5c
Author: dkyrylov <dkyrylov@cisco.com>
Date:   Fri Apr 1 16:40:44 2022 +0300

    binder: add binder actions to flow reassignment
        Thanks to Meridoff for the original report of the issue.

Pull request #3369: SfIp: Follow up for warning suppression

Merge in SNORT/snort3 from ~ASERBENI/snort3:sfip_warn_suppress to master

Squashed commit of the following:

commit f036849106353c02ceabf795e655cb298664a4fb
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Thu Apr 7 13:49:28 2022 +0300

sfip: improve warning suppression

Pull request #3330: smtp: STARTTLS command injection event processing

Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtp_starttls_command_injection_alert to master

Squashed commit of the following:

commit 73e2e3cef812a0a9e93b327ef0c9d713ba9e8c27
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Mon Mar 21 11:01:55 2022 -0400

smtp: STARTTLS command injection event processing

Pull request #3363: ftp: splitter and inspector fixes

Merge in SNORT/snort3 from ~BRASTULT/snort3:ftp_splitter_fix to master

Squashed commit of the following:

commit 5dae1d6e2ad7c446d8f1ff565de6730e47fb4eab
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue Apr 5 03:39:36 2022 -0400

    ftp: fix FTP response parsing

commit 08fdc2b94f137b87caca64e66ecae33f2e696329
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue Apr 5 00:54:37 2022 -0400

    ftp: flush FTP cmds ending in just carriage return

Pull request #3370: JS stack limit.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex_grp_limit to master

Squashed commit of the following:

commit 07c377d4a4c4e3aea177047747fbe61fcf1a4b27
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Apr 11 11:43:30 2022 +0300

    utils: limit JS regex stack size

    The 'http_inspect.js_norm_max_tmpl_nest' configuration option controls the limit.

Pull request #3332: stream: add can_set_no_ack_mode() api to check if policy allows no-ack mode

Merge in SNORT/snort3 from ~SBAIGAL/snort3:ok2noack to master

Squashed commit of the following:

commit f0de602d7c910b796ec11da3e1ffd7d42356960c
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Mar 30 21:49:46 2022 -0400

stream: add can_set_no_ack() api to check if policy allows no-ack mode

Pull request #3366: An improvment for JS regex literals.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex to master

Squashed commit of the following:

commit 4079a93365262390d6d77144b5ce8b2c29f4d8af
Author: dkyrylov <dkyrylov@cisco.com>
Date: Sun Jul 25 16:13:30 2021 +0300

utils: track groups and escaped symbols in JavaScript regex literals

Pull request #3367: build: generate and tag 3.1.27.0

Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.27.0 to master

Squashed commit of the following:

commit 5431b622172ee145af2dbbe6889e87764669d7f1
Author: Mike Stepanek <mstepane@cisco.com>
Date: Thu Apr 7 13:27:04 2022 -0400

build: generate and tag 3.1.27.0

Pull request #3364: file_api: Handling user_file_data cleanup

Merge in SNORT/snort3 from ~UMUNNIKR/snort3:file_bat_bqt to master

Squashed commit of the following:

commit b41c170a819ad1c542a98cba0708eb25da1d6bf6
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Tue Apr 5 15:42:04 2022 +0530

file_api: Handling user_file_data cleanup

Pull request #3359: SfIp: Address of packed member warning suppression

Merge in SNORT/snort3 from ~ASERBENI/snort3:sfip_warn_suppress to master

Squashed commit of the following:

commit 095cc69c2c8b938c7236778764562cc036185360
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Fri Mar 25 13:01:41 2022 +0200

sfip: suppress compiler warning

Pull request #3328: US 697558: http_inspect/http2_inspect: reduce holes in high-volume objects

Merge in SNORT/snort3 from ~MDAGON/snort3:reduce to master

Squashed commit of the following:

commit 9d73d54ad9e3420c100aced5eaa97b6977b147a4
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Mar 25 13:46:47 2022 -0400

http2_inspect: reduce holes in objects

Pull request #3324: Ips bag

Merge in SNORT/snort3 from ~RUCOMBS/snort3:ips_bag to master

Squashed commit of the following:

commit 7f28f5c4cbda2834d6f50ba43eb45a0d34b57abd
Author: russ <rucombs@cisco.com>
Date:   Sun Mar 27 14:03:38 2022 -0400

    hyperscan: ensure adequate scratch when deserializing

commit 0d4f03134ec1d17101774a9080a3e86dc7cf7a3c
Author: russ <rucombs@cisco.com>
Date:   Sat Mar 26 22:26:31 2022 -0400

    detection: skip match deduplication for hyperscan

commit 2b5fb8dce61bb23cf190200d6b99419b24bea1f1
Author: russ <rucombs@cisco.com>
Date:   Sat Mar 26 15:55:18 2022 -0400

    search_engines: ensure SearchTool with hyperscan gets multi-match mode

commit f50810182e6f1c2900afa9bf7c9a5c1a11f0ec84
Author: russ <rucombs@cisco.com>
Date:   Sat Mar 26 14:39:10 2022 -0400

    search_engines: add and refactor unit tests

commit a7af03c532dce85a2d9eae6d3ec89e36f75e439a
Author: russ <rucombs@cisco.com>
Date:   Sat Mar 26 10:08:56 2022 -0400

    ac_full: refactor api access

commit 8c29afb0e0cac16aa360b659281b7dcaa012b090
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 25 23:29:11 2022 -0400

    search_engine: always build ac_full since it is a hard default case

    SearchTool will use hyperscan if configured else ac_full since that
    is the only builtin MPSE that returns all matches.

commit 96f2c0943fc35638f2ee1e611c4e76ba994d0ceb
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 25 21:08:59 2022 -0400

    search_engine: remove search_optimize parameter (always true)

    Also remove broken support for offload from SearchTool.

commit 01271621d4af3bc5dd97ce7fab38887774b7675e
Author: russ <rucombs@cisco.com>
Date:   Thu Mar 24 20:33:25 2022 -0400

    detection: do not check ips policy when builtin events are queued

    Builtin events are for now only checked for the current policy  when
    dequeued. This allows the policy to be changed after inspection, which
    is how Snort 2 does it. This is flawed however and can be fixed by
    pairing an ips policy with each nap or just including the builtin rules
    and state stubs directly in the nap.

commit 95e6beb3ff36ac35d481265b690bb19e88ea9f64
Author: russ <rucombs@cisco.com>
Date:   Thu Mar 24 12:55:54 2022 -0400

    detection: minor refactoring of rule header access

commit 676606491ee0f74675deb8df59a0986ffef1e25f
Author: russ <rucombs@cisco.com>
Date:   Thu Mar 24 10:21:36 2022 -0400

    rate_filter: move to inspection policy

commit 76716c997dadb485e3e2bf4d3011196c61db0821
Author: russ <rucombs@cisco.com>
Date:   Sat Mar 19 09:40:51 2022 -0400

    alerts: remove obsolete stateful parameter

commit 4bcc7ca6fa19963d21768deee31692453a844322
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 18 10:17:31 2022 -0400

    ac_full: remove cruft

commit 4cb95706bd2e13085ee7fe4a158f33f1e35804e3
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 18 10:00:48 2022 -0400

    search_engines: remove the legacy ac_sparse_bands algorithm

commit 57b19a41e7125701e75ea017630a5eeef9f6ecc5
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 18 09:53:03 2022 -0400

    search_engines: remove the legacy ac_sparse algorithm

commit 36b258d99f0b32f7d46f782bce76ca740f320cfe
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 18 09:44:09 2022 -0400

    search_engines: remove the legacy ac_banded algorithm

commit 29720b96a3b54702119dfa98bcc1d8b0b82b7c8f
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 18 09:33:18 2022 -0400

    search_engines: remove the legacy ac_std algorithm

commit 5af3cd8074287bc865563f2e26be17df64fa4046
Author: russ <rucombs@cisco.com>
Date:   Sun Mar 13 00:12:12 2022 -0500

    detection: override match queue limit for offload

commit 00183d5cc1cb7802e3f2f9a5a9becc3319f76c0f
Author: russ <rucombs@cisco.com>
Date:   Sat Mar 12 12:47:59 2022 -0500

    ac_std: fix case translation buffer size

commit 20ceb4956bd6eaa2b6165723df7dd833a044f957
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 11 19:49:22 2022 -0500

    search_engine: remove obsolete warning on max_pattern_len change

commit be971a82799a9da367f0867970b9a20615f327ee
Author: russ <rucombs@cisco.com>
Date:   Fri Mar 11 15:03:54 2022 -0500

    search_engine: fix .debug = true output

... and 7 more commits

Pull request #3336: appid: provide client appid set by encrypted visibility engine to ssl through the ssl appid lookup api

Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_appid_bug to master

Squashed commit of the following:

commit 94dd37f7b2b5af8209556dcdedcc469593785b8c
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 31 13:34:29 2022 -0400

appid: provide client appid set by encrypted visibility engine to ssl through the ssl appid lookup api

Pull request #3335: Script opening tag pattern.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_otag to master

Squashed commit of the following:

commit 947e12e2db32df20c1de86abb9e39648697d0b67
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Mar 31 16:20:19 2022 +0300

utils: harden script opening tag sequence

Pull request #3334: Opening/closing tags in external scripts.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_oc_tags to master

Squashed commit of the following:

commit 0ee5e10bae28eaed6ef387cb487cf51d102e1b84
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Mar 30 18:38:41 2022 +0300

utils: allow opening/closing tags in external scripts

Pull request #3321: US 670672: O365: Add capability to identify microsoft headers in NHI

Merge in SNORT/snort3 from ~MDAGON/snort3:tenant to master

Squashed commit of the following:

commit f96fc2a190605055565dd5e7d616884cde125c25
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Mar 24 11:23:57 2022 -0400

http_inspect: support headers Restrict-Access-To-Tenants, Restrict-Access-Context

Pull request #3326: JSN: decode String.fromCodePoint() JavaScript function

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_from_code_point to master

Squashed commit of the following:

commit a4e3c6cad84181fb907ccafec6e4941e4611a927
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Mar 28 13:34:04 2022 +0300

    http_inspect: decode String.fromCodePoint() JavaScript function

        * utils: add support for supplementary characters in JS Normalizer
        * utils: add tracking and decoding of String.fromCodePoint() JavaScript
        function in JS Normalizer
        * utils: add unit test coverage
        * http_inspect: update dev notes
        * doc: update user manual

Pull request #3327: build: compile against libatomic if present

Merge in SNORT/snort3 from ~OSERHIIE/snort3:libatomic to master

Squashed commit of the following:

commit 720d367bae80b58612840d74a6af2d626ba1e4ad
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Mar 28 21:19:14 2022 +0300

    build: compile against libatomic if present

    Thanks to W. Michael Petullo <mike@flyn.org>

Pull request #3325: JS Normalizer fix.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_fix to master

Squashed commit of the following:

commit 478c1781f4c7385e48b55c7793b40ccb19cae152
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 28 18:38:01 2022 +0300

utils: fix tracking variable when the output buffer is reset

Pull request #3322: http_inspect: delete alerts 119:279 and 119:280

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_revert_alerts to master

Squashed commit of the following:

commit 775c6d1df3daf505c2ea338af2942d607661665b
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Wed Mar 23 23:09:13 2022 +0200

    http_inspect: delete alerts 119:279 and 119:280

        * http_inspect: delete 119:279 and 119:280 alerts, use 119:109 and 119:111 instead
        * doc: update builtin_stubs

Pull request #3320: JSN: String literals concatenation

Merge in SNORT/snort3 from ~ASERBENI/snort3:string_concat to master

Squashed commit of the following:

commit 34a89bea5e85a417f37bc26aaf859727e3148456
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Fri Mar 11 12:54:48 2022 +0200

utils: add string concatenation for Enchanced JS Normalizer

Pull request #3319: control, shell: add a command to set the network policy to be used by subsequent commands

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:command to master

Squashed commit of the following:

commit 3c3f144b75ada597b83130c7ce1613934d77b0ff
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Mar 14 08:18:08 2022 -0400

control, shell: add a command to set the network policy to be used by subsequent commands

Pull request #3316: Add current packet to http_inspect trace messages

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:trace_js_wizard to master

Squashed commit of the following:

commit 2c079c5afb4165d45cfd269e04d43f2d79883c9b
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Mar 8 15:02:09 2022 +0200

http_inspect: provide current packet to trace

Pull request #3315: dce_rpc: Handling cleanup path and race conditions for dce traffic

Merge in SNORT/snort3 from ~BSACHDEV/snort3:smb_ss_crash_master to master

Squashed commit of the following:

commit eecf1f19ed1f5f61306fa35a1cbb576bb9666d46
Author: bsachdev <bsachdev@cisco.com>
Date: Mon Mar 7 04:14:37 2022 -0500

dce_rpc: Handling cleanup path and race conditions for dce traffic

Signed-off-by: bsachdev <bsachdev@cisco.com>

Pull request #3312: JSN: Unescape Text Processing

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_unescape to master

Squashed commit of the following:

commit 5e79a2a365a4b5b74670d4bfc6f94bcc35f3b2d6
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Fri Mar 18 20:39:48 2022 +0200

    utils: fix JS Normalizer benchmark build

commit 8b79a4adbc538ea1b6400486cbe1b82a5369d1af
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Fri Mar 4 22:05:17 2022 +0200

    http_inspect: add unescape text processing for Enhanced JS Normalizer

        * utils: decode %XX, %uXXXX, \uXX, \uXXXX, \xXX, \u{CHAR_CODE} escape sequences
        * utils: decode hexadecimal and decimal code points
        * utils: add support for unescape of universal sequences in identifiers,
          strings, template literals and regular expressions
        * utils: add support for unescape(), decodeURI(), decodeURIComponent() JavaScript
          functions
        * utils: add support for String.fromCharCode() JavaScript function
        * utils: add unit test coverage
        * utils: add benchmark test
        * http_inspect: enable alert 119:280 - mixed encoding
        * http_inspect: update dev notes
        * doc: update user manual

Pull request #3318: build: generate and tag 3.1.26.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.26.0 to master

Squashed commit of the following:

commit 7e37ddc2a37e5a77476634521664fa9c6c5af527
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 23 12:52:10 2022 -0400

build: generate and tag 3.1.26.0

Pull request #3313: event: add new static member update_and_get_event_id()

Merge in SNORT/snort3 from ~PUNEETKU/snort3:shun_event to master

Squashed commit of the following:

commit feac3000a18764a324203fd80fadfac3f7f4f8ab
Author: Puneeth Kumar C V <puneetku@cisco.com>
Date: Thu Mar 17 18:48:38 2022 +0530

event: add new static member update_and_get_event_id()

Pull request #3279: Multi-tenant with reconcile inspectors and reputation with reload command

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:reputation to master

Squashed commit of the following:

commit fb9b349ce3fc2612c4f0bdae6f1e03a511bf9cf7
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Mar 22 11:06:13 2022 -0400

    framework: update base API version to 13

commit 877c1e7dcc63499301a8868880831b27ff9bcabe
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Mar 11 07:32:55 2022 -0500

    appid: sum stats at tterm and null the thread local stats pointer after delete

commit d23843bb934a4072c1c15458f9ddf17a95d1d269
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Mar 8 10:16:45 2022 -0500

    main: add the control connection to the analyzer command and a method to log a message to both console and the remote connection

commit aaf890c670f013e8af21c8db345139314084d13e
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Sat Mar 5 13:18:39 2022 -0500

    main: fix and reenable the distill_verdict unit test

commit edc81969f10a390a4a1e6e355906566405778583
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Mar 8 09:37:46 2022 -0500

    managers: add get_inspector unit tests

commit 393507e0e4182033f7f726e710516ffc68e95d1d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Feb 25 12:22:24 2022 -0500

    policy_selectors: add a method to select policies based on DAQ_FlowStats_t

commit c85bb3a7b2225efda3e0ade20267746a989f7e01
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Mon Feb 14 12:39:59 2022 -0500

    appid: make appid a global inspector

commit 046846e765831debe98886fdf1ce57382db96c75
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Feb 11 10:12:40 2022 -0500

    managers: add a faster get_inspectors method

commit 3470d1cb7dfdee60af067f15bba29694e4646ed3
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Jan 14 10:22:17 2022 -0500

    inspector, main, inspector_manager: add support for thread local data in inspectors and commands updating reload_id

commit 3d9c2556dbb39220ca26d61e4f2e6e2477b55a22
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 7 15:43:49 2021 -0500

    reputation: add a command to reload repuation data

commit c74d98a34b089d0b86db78cac78c6aaa793c2853
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 21 08:22:14 2021 -0500

    flow: make service a shared pointer to handle reload properly

commit 6750746d83d0c82ff3ebe552be43f8d36797c29b
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Dec 16 07:59:30 2021 -0500

    managers: move inspection policies into the corresponding network policy

Pull request #3311: Multiple Reject actions on a packet.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:ra_fix to master

Squashed commit of the following:

commit a066f83ec7ed7efa8afa691a9873e8e25f5ec782
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Mar 18 12:13:08 2022 +0200

    packet_io: fix active action so the first reset occurred takes effect

commit 2aadec1c5b6a77d4ba32929fb0456001af9438f6
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Mar 17 13:40:02 2022 +0200

    actions: set a delayed action on Reject IPS Action hit

commit 2296f7947952811a1a23044272388651249f85d4
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Mar 16 19:14:10 2022 +0200

    framework: bump API

commit 10b0c6a86ea416466d50ec4df7c9f72e77d8ed99
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Mar 16 18:51:55 2022 +0200

    actions: revert bf62a22d43bb2d15b7425c5ec3e3118ead470e8d

Pull request #3305: http_inspect, mime: VBA macro decompression for HTTP MIME file uploads

Merge in SNORT/snort3 from ~AMARNAYA/snort3:vba_upload to master

Squashed commit of the following:

commit e03395379f228c35acfbbe8e1777e415182e1140
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Feb 8 16:55:17 2022 +0000

http_inspect, mime: VBA macro decompression for HTTP MIME file uploads

Pull request #3310: file_api: Handling user_file_data cleanup

Merge in SNORT/snort3 from ~VKAMBALA/snort3:user_file_data to master

Squashed commit of the following:

commit be6525d736b93e5a07d22b76e55800a06532b10a
Author: krishnakanth <vkambala@cisco.com>
Date: Thu Mar 17 17:32:01 2022 +0530

file_api: Handling user_file_data cleanup

Pull request #3307: analyzer: avoid distilling sticky verdicts

Merge in SNORT/snort3 from ~MASHASAN/snort3:sticky_verdict to master

Squashed commit of the following:

commit 3bac1487b51334c6ed6caf9549d3efb991f03f68
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Mar 11 12:53:49 2022 -0500

analyzer: avoid distilling sticky verdicts

Pull request #3309: stream: reusable stream splitter

Merge in SNORT/snort3 from ~THOPETER/snort3:reusable_splitter to master

Squashed commit of the following:

commit f46c56042a28b94d8a3c48ac88eaa0cbb2f72ed9
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Mar 15 15:53:46 2022 -0400

stream: reusable stream splitter

Pull request #3306: http_inspect: do file decompression and utf decoding on non-MIME uploads

Merge in SNORT/snort3 from ~KATHARVE/snort3:non_mime_uploads to master

Squashed commit of the following:

commit 5af71a0295291bafdd017fa9468a016ed0dd2cb8
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Mar 11 13:52:10 2022 -0500

http_inspect: do file decompression and utf decoding on non-MIME uploads

Pull request #3303: appid: appid api to provide the path to appid detector directory

Merge in SNORT/snort3 from ~SATHIRKA/snort3:mercury_pkt_filter_cfg to master

Squashed commit of the following:

commit 4e47900b0a45e810a66aaa37365eaf0a5f3fd6ab
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Feb 15 15:36:12 2022 -0500

appid: appid api to provide the path to appid detector directory

Pull request #3295: control: make sure reload commands with empty argument is handled correctly

Merge in SNORT/snort3 from ~SBAIGAL/snort3:lua_bug to master

Squashed commit of the following:

commit 593cce30daa0338ee81bde5837c92c9ac1341d4b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Mar 3 15:22:11 2022 -0500

control: make sure reload commands with empty argument is handled correctly

Pull request #3304: build: generate and tag 3.1.25.0

Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.25.0 to master

Squashed commit of the following:

commit 61394736d321402730ce5b83456539af4a04c4e4
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Mar 9 06:24:44 2022 -0500

build: generate and tag 3.1.25.0

Pull request #3257: stream_tcp: call flush_queued_segments() from flush_on_ack_policy()

Merge in SNORT/snort3 from ~SMINUT/snort3:flush_queued_segments to master

Squashed commit of the following:

commit 77304a6d8f435d8491fa6113108dfb331651f386
Author: Silviu Minut <sminut@cisco.com>
Date:   Mon Feb 28 21:15:18 2022 -0500

    stream_tcp: add fin_i_seq and fin_no_gap() and try to use those together with the existing next_no_gap() to determine whether we are on a gap in the seglist or not, when scanning

commit 15eb71a6197aef4e190cd59083bc6cd4012403b3
Author: Silviu Minut <sminut@cisco.com>
Date:   Fri Feb 25 16:27:26 2022 -0500

    stream_tcp: distinguish between the various non-flush cases when returning from scan_on_data_policy(), so we can call final flush only when the seglist has no gaps; if the seglist has gaps, call final_flush only when the gaps have filled or on session teardown

commit e753368af6f64c501dd67f426c4dd40c005fce46
Author: Silviu Minut <sminut@cisco.com>
Date:   Thu Feb 24 19:26:29 2022 -0500

    stream_tcp: introduce TcpStreamTracker::set_fin_seq_status_seen() and call it before using the fin_seq_status flag in perform_fin_recv_flush()

commit 840f71182a9125660b1742fe190abc2d32303873
Author: Silviu Minut <sminut@cisco.com>
Date:   Wed Feb 2 22:00:39 2022 -0500

    stream_tcp: * call flush_queued_segments() from flush_on_ack_policy() when the splitter did not flush but we are on a FIN
                * fix how fin_seq_status is being set in update_tracker_ack_sent()
         * make the pre-ack mode work the same way as post-ack by modifying flush_on_data_policy() accordingly

Pull request #3300: JS Normalizer refactoring.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_perf to master

Squashed commit of the following:

commit 45a6b666b8c8ae9a6e67ed8d098acee76dc7d406
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Tue Mar 8 15:30:20 2022 +0200

    utils: improve Flex matching patterns

    Try to match as much as possible at a time.

commit 88b1d71905cda27a2231b95e1dfafbe7a91aa1e2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Sun Mar 6 18:50:56 2022 +0200

    utils: combine ignore list with normalization map

    An ID name is looked once in a combined map (normalized names and ignored names).

commit af84510fd2527b9b20cd3a3fd6e41e6651c0d436
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Sun Mar 6 10:59:00 2022 +0200

    utils: wrap unordered set with a fast lookup table

commit 23a81bb9f19c51f9f3c57fc39afb5b045622d392
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Sat Mar 5 22:03:43 2022 +0200

    utils: check more likely branches at first

commit a043edabcee24c5a0f167939581ab6202b3e491b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Sat Mar 5 21:09:48 2022 +0200

    utils: pre-compute ID normalized names

commit c1c644e47b8a7f0b04126fa4a6e7e68ca2e283b0
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Mar 4 20:57:24 2022 +0200

    utils: refactor the alias lookup

    One search in the map is performed per alias lookup.
    Loops removed.

    The scope_contains() test function removed, it is redundant.

Pull request #3302: appid: do not add odp mapping for a process name that already has a custom process to app mapping

Merge in SNORT/snort3 from ~SATHIRKA/snort3:custom_process_mapping to master

Squashed commit of the following:

commit 41b88649edd815ed38aa25641a360bf18ebac711
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 3 16:29:30 2022 -0500

appid: do not add duplicate process to client app mapping for the same process name

Pull request #3301: ssh: NULL check for session pointer before access.

Merge in SNORT/snort3 from ~PRBHALER/snort3:ssh_crash to master

Squashed commit of the following:

commit d1425cd466acbecc7e25dcd7bce141f5ca0c015d
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Mon Mar 7 17:42:43 2022 +0530

ssh: NULL check for session pointer before access.

Pull request #3281: http_inspect: call mime in a loop for each attachment

Merge in SNORT/snort3 from ~KATHARVE/snort3:http_mime_file_data_part1 to master

Squashed commit of the following:

commit f9a0cd0d24bb4730037aa8d426859556f09a8ab8
Author: Katura Harvey <katharve@cisco.com>
Date:   Thu Mar 3 13:37:58 2022 -0500

    http_inspect: use http_inspect decompression config parameters for HTTP MIME traffic instead of file_id;
    file_id: remove unused decompression and decode depth parameters

commit c77e3b165142f89a78d4c60cce25962f00f13a1d
Author: Katura Harvey <katharve@cisco.com>
Date:   Thu Feb 17 17:47:04 2022 -0500

    mime: fix resetting state after every attachment and check state instead of decode object

commit 70a27c3a2cc5866a5ca38e5350b3575543b68d4e
Author: Katura Harvey <katharve@cisco.com>
Date:   Wed Feb 16 17:16:38 2022 -0500

    http_inspect: call mime in a loop for each attachment
    mime: return at the end of each attachment and set the file_data for http

Pull request #3298: utils: fix compilation issues in js_tokenizer

Merge in SNORT/snort3 from ~VHORBATO/snort3:js_platforms_fix to master

Squashed commit of the following:

commit 1dcb665ab0353b30d7df6a89e74de3a7ffb47889
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Mar 4 12:35:30 2022 +0200

utils: fix compilation issues in js_tokenizer

Pull request #3282: http_inspect: add function state tracking for Enchanced javascript normalization

Merge in SNORT/snort3 from ~VHORBATO/snort3:js_unesc_track to master

Squashed commit of the following:

commit 18222154a76c7b9377a1080e4a146dbdfa3964de
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Feb 16 16:15:25 2022 +0200

http_inspect: add unescape function tracking for Enhanced JS Normalizer

Pull request #3294: stream_tcp: Clarify small segments help text and remove usage from lua

Merge in SNORT/snort3 from ~MASHASAN/snort3:small_segs to master

Squashed commit of the following:

commit 52982070e9dd55f4b2e5dcd01031b1311087e412
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Mar 2 10:44:58 2022 -0500

stream_tcp: Clarify small segments help text and remove usage from lua

Pull request #3293: watchdog: remove unused code

Merge in SNORT/snort3 from ~SBAIGAL/snort3:wdog_fix to master

Squashed commit of the following:

commit 638c16a54c5ada4c71787d44b8b855645a3e8833
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Mar 2 08:41:07 2022 -0500

watchdog: remove unused code

Pull request #3235: process: add watchdog to detect packet threads dead lock or dead loop

Merge in SNORT/snort3 from ~SBAIGAL/snort3:watchdog to master

Squashed commit of the following:

commit 8879f0f31b9ff1ad0b7b15f8650153ab9eecccbb
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Jan 13 12:35:30 2022 -0500

process: add watchdog to detect packet threads dead lock or dead loop

Pull request #3273: US 688507: http_inspect: rule option to compare numeric header values

Merge in SNORT/snort3 from ~MDAGON/snort3:numeric2 to master

Squashed commit of the following:

commit aafe16b64d6b9620cdb8869459072f86381da7e7
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Feb 14 15:34:50 2022 -0500

http_inspect: http_header_test, http_trailer_test rule options

Pull request #3289: http_inspect: remove feature to disable raw detection upon flow depth

Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp162 to master

Squashed commit of the following:

commit 0cdbe45898e0b4302bdf0a012067c591f3a9ba83
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Feb 2 15:38:52 2022 -0500

http_inspect: remove feature to disable raw detection upon flow depth

Pull request #3287: Check for null pointer.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:nullptr_check to master

Squashed commit of the following:

commit 56fd2e82203634e775a3aea7c31f8643a7256665
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Feb 23 12:46:28 2022 +0200

utils: check for NULL before calling fclose()

Pull request #3286: http_inspect: fix warning

Merge in SNORT/snort3 from ~MDAGON/snort3:fix_issue to master

Squashed commit of the following:

commit 3fd17ac7017b4ac8235e68919c162894e56c6ea7
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Feb 22 21:09:36 2022 -0500

http_inspect: add override to fix warning

Pull request #3288: build: Generate and tag 3.1.24.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.24.0 to master

Squashed commit of the following:

commit f39648a0906a1ed934480ece1ed63b6a7565634d
Author: Steve Chew <stechew@cisco.com>
Date: Wed Feb 23 09:22:33 2022 -0500

build: Generate and tag 3.1.24.0

Pull request #3270: US 727968: http_inspect: refactor HttpIpsOption

Merge in SNORT/snort3 from ~MDAGON/snort3:refactor_ips to master

Squashed commit of the following:

commit 2791042eff639fe3d50139a9b63396841ee1a862
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Feb 10 17:26:51 2022 -0500

http_inspect: refactor rule options

Pull request #3272: stream: Remove preemptive prunes peg count

Merge in SNORT/snort3 from ~MASHASAN/snort3:preemptive_pegcount to master

Squashed commit of the following:

commit 4e5e78eab8e4cd06d0452e4e757e67913f4972f8
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Feb 14 22:24:40 2022 -0500

stream: Remove preemptive prunes peg count

Pull request #3285: sfdaq: fix for underflow of outstanding counter

Merge in SNORT/snort3 from ~OSERHIIE/snort3:daq_outstanding_fix to master

Squashed commit of the following:

commit d97c12297e4c794b5d61753760c63dd2102aff28
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Feb 22 15:02:05 2022 +0200

packet_io: truncate negative values to zero in DAQ stats

Pull request #3278: netflow: add dev_notes.txt

Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow-devnotes to master

Squashed commit of the following:

commit 562995f31163726ee9a547bd3bbb3b50150052b6
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Feb 17 10:33:59 2022 -0500

netflow: add dev_notes.txt

Pull request #3274: mime: stop setting the file_data buffer for raw non-file MIME parts

Merge in SNORT/snort3 from ~KATHARVE/snort3:mime_file_data to master

Squashed commit of the following:

commit a71fc1cfe61fb6cbaa644c2dd238ff5641d63aa4
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Feb 15 14:45:15 2022 -0500

mime: stop setting the file_data buffer for raw non-file MIME parts

Pull request #3280: detection_filter: update dev notes to show multithreaded behavior

Merge in SNORT/snort3 from ~MMATIRKO/snort3:dev-notes-df to master

Squashed commit of the following:

commit b1f85411b8978cb61d634f815ce960e6e54d560f
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Feb 17 11:59:55 2022 -0500

detection_filter: update dev notes to show multithreaded behavior

Pull request #3264: latency: disabling time out functionality on implicit enable

Merge in SNORT/snort3 from ~ABHPAL/snort3:efd to master

Squashed commit of the following:

commit 565c333909f777174211084e247bef41f6ef1389
Author: abhpal <abhpal@cisco.com>
Date: Wed Feb 9 13:53:11 2022 +0530

latency: disabling time out on forced enable with disabled config

Pull request #3268: Typos in doc files.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:doc_spelling to master

Squashed commit of the following:

commit 30822afe43a6a44785fc6d30b4704e163beff1c8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Feb 11 11:19:23 2022 +0200

    doc: fix typos in text

    Thanks to Greg <myersg86> Myers for reporting the issue.

Pull request #3265: build: Generate and tag 3.1.23.0

Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.23.0 to master

Squashed commit of the following:

commit 78bbb97046191e8d2bf3fe40b8d87f3c75a747f9
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Feb 9 05:02:03 2022 -0500

build: Generate and tag 3.1.23.0

Pull request #3262: reference: fix incorrect http builtin rule sid

Merge in SNORT/snort3 from ~KATHARVE/snort3:doc_fix_http_builtin to master

Squashed commit of the following:

commit 4ff67c809328ddab37494d97624637e1ecac4f61
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Feb 8 11:24:23 2022 -0500

reference: fix incorrect http builtin rule sid

Pull request #3231: Detection filter multithread

Merge in SNORT/snort3 from ~MMATIRKO/snort3:detection_filter_multithread to master

Squashed commit of the following:

commit 833ec1e6f58a05a1db673e2a141d9b81694819ee
Author: Michael Matirko <mmatirko@cisco.com>
Date: Fri Dec 3 16:17:02 2021 -0500

filters: allow detection filter to sum events across threads

Pull request #3258: http_inspect: HttpStreamSplitter::reassemble verifies gzip file magic and checks for FEXTRA flag

Merge in SNORT/snort3 from ~KATHARVE/snort3:http_gzip_fextra to master

Squashed commit of the following:

commit 63e64d99166c241f253be1c1ce088dbf3e2d4e23
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Jan 26 12:02:52 2022 -0500

http_inspect: HttpStreamSplitter::reassemble verifies gzip file magic and checks for FEXTRA flag

Pull request #3256: config_parser: fix segfault when include(nil)

Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_segv_in_config_parser_lua to master

Squashed commit of the following:

commit 692843214a9428cd00ea99696dbfe755281f8a03
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Mon Jan 31 15:05:04 2022 +0200

main: stop with error on include(nil) attempt

Pull request #3259: detection: add direction abort check in skip_raw_tcp

Merge in SNORT/snort3 from ~ASERBENI/snort3:aborted_dir_raw_inspect to master

Squashed commit of the following:

commit d2541d8336523a682eb86f8c4c7b39e4bd8bf7c5
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Thu Feb 3 10:14:44 2022 +0200

detection: add dir abort check in skip_raw_tcp

Pull request #3212: Call splitter finish() on end-of-flow data, on a FIN packet.

Merge in SNORT/snort3 from ~SMINUT/snort3:fin_recv_flush_up to master

Squashed commit of the following:

commit 638c0494ccdf566b1f82605d43c29c2c24c58527
Author: Silviu Minut <sminut@cisco.com>
Date:   Thu Dec 9 11:41:14 2021 -0500

    stream_tcp: fix a bug in which in some cases we did not call splitter finish() in each direction, by calling flush_queued_segments() in perform_fin_recv_flush() on FIN with data packets

    stream: defer flush_queued_segments() if flow->clouseau

    stream_tcp: introduce TcpStreamTracker::delayed_finish_flag and call splitter finish from flush_on_data_policy if delayed_finish_flag is true

    stream_tcp: better place for setting delayed_finish_flag
                call flush_queued_segments() rather than splitter_finish() directly, from flush_on_data_policy()

    stream_tcp: wrap flow->clouseau in searching_for_service()

Pull request #3247: Define config options precedence

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:snort_the_first to master

Squashed commit of the following:

commit 8e80ead518f81e01d5030cd9419c1e9e49aad273
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Jan 26 10:01:29 2022 +0200

    doc: add notes about CLI/Lua precedence

commit c33f249fbef12ebfbed574054410fb28d4c13f16
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 25 14:37:10 2022 +0200

    main: remove default values for other-module parameters in snort module

    Snort module is not listed in coreinit.lua as a builtin module,
    thus some of its parameters get their default values elsewhere.

    Adjust the range for snaplen parameter, as in daq.

    Update --daq-batch-size description with a default value.

commit 0ff8c06919d30aace185f197aaa8a7b7c71ea7a5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 25 14:26:16 2022 +0200

    packet_io: decrease daq module's parameters priority

    Config parameter priority follows:
    Highest: command-line option
    Lower: snort module config entry (from Lua)
    Lowest: targeted module config entry (from Lua)

commit 948e8a18880395c9b84f3adcfe0c4adf10b0a5a4
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Jan 24 14:18:52 2022 +0200

    main: ignore Snort module's option if it duplicates CLI option

commit 2a5282cb6d73e513dc04fbd025e439b662b9c3f5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Jan 20 15:06:42 2022 +0200

    main: parse snort module before others

Pull request #3252: event: making apis SO_PUBLIC to access in .so

Merge in SNORT/snort3 from ~RJAVALI/snort3:eventid to master

Squashed commit of the following:

commit c867d326923f22660569b195e98e8ad5bec19841
Author: Raghavendra Javali <rjavali@cisco.com>
Date: Fri Jan 28 05:27:10 2022 -0500

event: making apis SO_PUBLIC to access in .so

Pull request #3253: build: Generate and tag 3.1.22.0

Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.22.0 to master

Squashed commit of the following:

commit 8e72732ceead2e94549fe4636bfd3e7361555876
Author: Mike Stepanek <mstepane@cisco.com>
Date: Mon Jan 31 06:05:52 2022 -0500

build: Generate and tag 3.1.22.0

Pull request #3249: stream: setting the max number of flows pruned while idle to 400

Merge in SNORT/snort3 from ~ALLEWI/snort3:idle_prune_to_400 to master

Squashed commit of the following:

commit b32b0648b79a9b8045ad4916c6a1995a1f3920e4
Author: allewi@cisco.com <allewi@cisco.com>
Date: Thu Jan 27 10:52:44 2022 -0500

stream: setting the max number of flows pruned while idle to 400

Pull request #3229: pub_sub: Export assistant_gadget_event.h header file

Merge in SNORT/snort3 from ~KBHANDAN/snort3:qdi to master

Squashed commit of the following:

commit b2c61fc6523915e55979d422b9eecfe4841d61df
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Sun Jan 2 09:37:12 2022 -0500

pub_sub: Export assistant_gadget_event.h header file

Pull request #3250: appid: rename efp (encrypted fingerprint) to eve (encrypted visibility engine)

Merge in SNORT/snort3 from ~SATHIRKA/snort3:rename_efp_to_eve to master

Squashed commit of the following:

commit 1d8b5ebd3194fd7db291963652febd2b0389ecf1
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jan 26 14:20:23 2022 -0500

appid: rename efp (encrypted fingerprint) to eve (encrypted visibility engine)

Pull request #3245: appid: give priority to custom process to app mappings over VDB mappings

Merge in SNORT/snort3 from ~SATHIRKA/snort3:multi_process_to_same_app_mapping to master

Squashed commit of the following:

commit 7bc7925573e5888981618557215d3398927823ce
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jan 19 16:50:51 2022 -0500

appid: give priority to custom process to app mappings over ODP mappings

Pull request #3242: detection: change output format of dump-rule-state

Merge in SNORT/snort3 from ~VHORBATO/snort3:drs_change to master

Squashed commit of the following:

commit 2ec901b110ad16237d1e5c9f330cf8c7f8a6f23a
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Jan 18 17:16:31 2022 +0200

detection: change output format of dump-rule-state

Pull request #3246: build: Generate and tag 3.1.21.0

Merge in SNORT/snort3 from ~SHRARANG/snort3:build_3.1.21.0 to master

Squashed commit of the following:

commit b7e5ac0e500ac686926143addc74b2f104590961
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Jan 25 11:19:07 2022 -0500

build: Generate and tag 3.1.21.0

Pull request #3239: BUG #722837 http_version_match should use the msg section version id instead of the flow data version id

Merge in SNORT/snort3 from ~MDAGON/snort3:version_fix to master

Squashed commit of the following:

commit 15b88a547e2a1c1231f15bc78a1cefaaa32b1f77
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Jan 14 16:10:22 2022 -0500

http_inspect: http_version_match uses msg section version id

Pull request #3244: BUG #719044: Snort 3 incorrectly normalizing URIs of webroot directory traversals

Merge in SNORT/snort3 from ~MDAGON/snort3:webroot to master

Squashed commit of the following:

commit d9a691f462e1c50462d2f8a5b950912285ae8cd6
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Jan 10 16:23:39 2022 -0500

http_inspect: webroot traversal

Pull request #3240: http_inspect: correct comment regarding header splitting rules

Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp161 to master

Squashed commit of the following:

commit a45b01a2e7310d59c53a00c12d6c2077188fc80e
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Jan 19 17:21:04 2022 -0500

http_inspect: correct comment regarding header splitting rules

Pull request #3241: appid: do not delay detection of SMB service for the sake of version detection

Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_smb_early_detect to master

Squashed commit of the following:

commit 5e6f1ac35b1fbca5d112430f5626cc239742e026
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Jan 19 23:35:22 2022 -0500

appid: do not delay detection of SMB service for the sake of version detection

Pull request #3238: Copyright: Update year to 2022

Merge in SNORT/snort3 from ~NIHDESAI/snort3:happy_new_year_2022 to master

Squashed commit of the following:

commit 47346abba4bd3c517ff6ccfb586a332900e56805
Author: ND <nihdesai@sinkhole.esl.cisco.com>
Date: Tue Jan 18 14:25:20 2022 -0500

Copyright: Update year to 2022

Pull request #3237: Single finish2

Merge in SNORT/snort3 from ~SMINUT/snort3:single_finish2 to master

Squashed commit of the following:

commit 56d6b7e2091d7752f955af1a2d4cc97c18e19bd0
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Jan 13 20:15:50 2022 -0500

stream_tcp: ensure that we call splitter finish() only once per flow, per direction

Pull request #3190: Quic: Quic stream dependent changes

Merge in SNORT/snort3 from ~KBHANDAN/snort3:quic to master

Squashed commit of the following:

commit 11114860690bc12e4fcfe410ce5406d207db08e2
Author: sunimukh <sunimukh@cisco.com>
Date: Tue Nov 23 23:23:49 2021 +0530

Quic: Quic stream dependent changes

Pull request #3236: BUG #722376 http_inspect: 0.9 request lines not forwarded to detection

Merge in SNORT/snort3 from ~MDAGON/snort3:zero_9 to master

Squashed commit of the following:

commit cfaa855d126e0038f390642f1f255fec8da2f327
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Jan 13 14:32:52 2022 -0500

http_inspect: forward 0.9 request lines to detection

Pull request #3205: Move global inspectors and selectors to the policy map

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:global to master

Squashed commit of the following:

commit 3e62d9c7bf8bfaddb89e9b9419efd08d78a9a7bb
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 7 11:06:41 2021 -0500

    policy: add a file_policy to the network policy and use it

commit 0b136c2654fa7d4ffadcb5ad3b080e723bc43bc2
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Dec 3 16:19:22 2021 -0500

    main: move policy selector and flow tracking from snort config to policy map

commit 69d9c2d07434a6ebe0968231f9ad503b43a0a1f4
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Dec 3 16:18:11 2021 -0500

    main: only add policies to the user policy map at the end of table processing

commit 20377e6bd1f74bbe37c615ce4b4aacf3c401c8c7
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Dec 3 16:16:04 2021 -0500

    control: fix macro definitions

Pull request #3232: wizard: remove extra semicolon

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:rem_semicol to master

Squashed commit of the following:

commit a69f31fea7fae9c1367e683da67f01bf46ee7189
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Wed Jan 12 11:51:26 2022 +0200

wizard: remove extra semicolon

Pull request #3233: build: generate and tag 3.1.20.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.20.0 to master

Squashed commit of the following:

commit 399ab61e2785c6f8c1b6f0580b9b2d718e4f4942
Author: Steve Chew <stechew@cisco.com>
Date: Wed Jan 12 09:21:56 2022 -0500

build: generate and tag 3.1.20.0

Pull request #3228: stream_tcp: fix PDU buffer overflow on fallback

Merge in SNORT/snort3 from ~VHORBATO/snort3:def_reassm_overflow to master

Squashed commit of the following:

commit 97a97f3dc033732bb92b802a10bb20f71623c82c
Author: russ <rucombs@cisco.com>
Date:   Sun Dec 19 10:41:02 2021 -0500

    stream_tcp: limit reassembly size for AtomSplitter

    Thanks to barosch78 and DAKOIT for their help in the process of finding the root cause.

Pull request #3224: wizard: make curses follow max_search_depth

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:curs_max_sear to master

Squashed commit of the following:

commit 9a12b1cfb8f359fe9eed43131a8bff3961d60d60
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Thu Dec 16 12:08:42 2021 +0200

wizard: make max_search_depth applicably for curses