]>
git.ipfire.org Git - thirdparty/snort3.git/log
Tom Peters (thopeter) [Fri, 14 May 2021 22:06:26 +0000 (22:06 +0000)]
Merge pull request #2884 in SNORT/snort3 from ~MDAGON/snort3:cleanup to master
Squashed commit of the following:
commit
c5b9bb50ce47a73a4928b3d4d50c7d97bdee9546
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri May 7 12:12:53 2021 -0400
http2_inspect: update state and delete streams after reaching flow
depth
Steve Chew (stechew) [Fri, 14 May 2021 20:53:12 +0000 (20:53 +0000)]
Merge pull request #2872 in SNORT/snort3 from ~SHASLAD/snort3:netflow_guard to master
Squashed commit of the following:
commit
2d8c1d90b2a54190da723464a1ead61a8d1106be
Author: Shashi Lad <shaslad@cisco.com>
Date: Tue May 4 10:33:50 2021 -0400
netflow: additional check before v5/v9 decode
Russ Combs (rucombs) [Thu, 13 May 2021 15:11:30 +0000 (15:11 +0000)]
Merge pull request #2881 in SNORT/snort3 from ~BRASTULT/snort3:dcerpc_expected_session to master
Squashed commit of the following:
commit
a9e8adf33d65d0686f58bd67f88013e59402cb7c
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri May 7 16:28:50 2021 -0400
dce_rpc: fix expected session protocol id
Tom Peters (thopeter) [Thu, 13 May 2021 03:43:09 +0000 (03:43 +0000)]
Merge pull request #2883 in SNORT/snort3 from ~KATHARVE/snort3:h2i_clang_fix to master
Squashed commit of the following:
commit
4ff274cf1142d175009c649f6e7372ed7f18711c
Author: Katura Harvey <katharve@cisco.com>
Date: Mon May 10 16:57:29 2021 -0400
http2_inspect: fix non-standard c++
Tom Peters (thopeter) [Mon, 10 May 2021 06:21:45 +0000 (06:21 +0000)]
Merge pull request #2880 in SNORT/snort3 from ~MDAGON/snort3:h2i_detection to master
Squashed commit of the following:
commit
2801cccf27ed16733f8ffa5c6054f845c39b56a6
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri May 7 14:20:06 2021 -0400
http_inspect: don't disable detection for flow if it's an HTTP/2 flow
Tom Peters (thopeter) [Sat, 8 May 2021 00:12:36 +0000 (00:12 +0000)]
Merge pull request #2875 in SNORT/snort3 from ~MDAGON/snort3:depth_trailer to master
Squashed commit of the following:
commit
194cedcca2a396e44522607dfd9add653f829367
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Apr 29 13:00:41 2021 -0400
http2_inspect: handle trailer after reaching flow depth
Steve Chew (stechew) [Fri, 7 May 2021 19:40:06 +0000 (19:40 +0000)]
Merge pull request #2879 in SNORT/snort3 from ~DIPANDIT/snort3:fix_spell to master
Squashed commit of the following:
commit
9208671b7b5a8e8c474a925eb6c9a5aa5297428b
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Fri May 7 12:54:42 2021 -0400
file_api: fix spell source error
Tom Peters (thopeter) [Fri, 7 May 2021 16:15:23 +0000 (16:15 +0000)]
Merge pull request #2873 in SNORT/snort3 from ~THOPETER/snort3:memory1 to master
Squashed commit of the following:
commit
787709393819a2729392f2292707cb8503f7d999
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Apr 30 17:27:24 2021 -0400
flow: memory tracking updates
Bhargava Jandhyala (bjandhya) [Fri, 7 May 2021 09:14:15 +0000 (09:14 +0000)]
Merge pull request #2846 in SNORT/snort3 from ~SMULKA/snort3:ips_log to master
Squashed commit of the following:
commit
e3d48073b8acbba1694383b0a56e6fb00f36cdd4
Author: smulka <smulka@cisco.com>
Date: Fri Apr 16 02:23:50 2021 -0400
packet_tracer: IPS daq trace log
Bhargava Jandhyala (bjandhya) [Fri, 7 May 2021 08:13:32 +0000 (08:13 +0000)]
Merge pull request #2837 in SNORT/snort3 from ~AJMANDAD/snort3:trace_file_module to master
Squashed commit of the following:
commit
4c5715c8e5785fe12a92218dfe44981a002deeb3
Author: Ajay Mandadi <ajmandad@cisco.com>
Date: Thu Apr 8 04:11:07 2021 -0400
packet_tracer: file daq trace log
Signed-off-by: Ajay Mandadi <ajmandad@cisco.com>
Shravan Rangarajuvenkata (shrarang) [Tue, 4 May 2021 17:39:52 +0000 (17:39 +0000)]
Merge pull request #2871 in SNORT/snort3 from ~SATHIRKA/snort3:mercury_debug to master
Squashed commit of the following:
commit
625b7fa920e751eee95585235f106101a0cb15e1
Author: cljudge <cljudge@cisco.com>
Date: Wed Apr 28 07:44:29 2021 -0400
appid: Publish an event when appid debug command is issued
Bhargava Jandhyala (bjandhya) [Tue, 4 May 2021 07:15:04 +0000 (07:15 +0000)]
Merge pull request #2864 in SNORT/snort3 from ~DIPANDIT/snort3:smb_deadlock_main to master
Squashed commit of the following:
commit
0e71ce321233e6c850d5fb2af7d0ec7e9b854091
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Mon Apr 26 03:17:22 2021 -0400
dce_rpc: use find_else_insert in smb session cache to avoid deadlock
commit
247e355e2d1ea43051f5e2e508857c4227dc29e3
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Mon Apr 26 02:44:30 2021 -0400
hash: add new insert method in lru_cache_shared
Steve Chew (stechew) [Tue, 4 May 2021 00:33:13 +0000 (00:33 +0000)]
Merge pull request #2818 in SNORT/snort3 from ~SHASLAD/snort3:netflow_v9_i1 to master
Squashed commit of the following:
commit
d2de5f0fae25d9c53da51166c0a525243abffc2f
Author: Shashi Lad <shaslad@cisco.com>
Date: Fri Mar 19 09:56:13 2021 -0400
netflow: version 9 decoding and filtering
Mike Stepanek (mstepane) [Fri, 30 Apr 2021 17:25:41 +0000 (17:25 +0000)]
Merge pull request #2869 in SNORT/snort3 from ~SVLASIUK/snort3:fix_custom_variable_set to master
Squashed commit of the following:
commit
16ceb01981c70f5c53432c7e588ebb780184bebb
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Apr 27 13:02:36 2021 +0300
parser: reduce RTNs only after states applied
Port groups get updated with reduced RTNs.
Tom Peters (thopeter) [Thu, 29 Apr 2021 21:36:05 +0000 (21:36 +0000)]
Merge pull request #2868 in SNORT/snort3 from ~KATHARVE/snort3:h2i_window_update to master
Squashed commit of the following:
commit
f80eef948c70811e81155a64745aeb9e92be74e3
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Apr 23 10:20:09 2021 -0400
http2_inspect: implement window_update frame
Russ Combs (rucombs) [Thu, 29 Apr 2021 18:00:22 +0000 (18:00 +0000)]
Merge pull request #2866 in SNORT/snort3 from ~BRASTULT/snort3:base64_relative to master
Squashed commit of the following:
commit
e485d60864b6a756b84d548a619445377ed1b916
Author: Brandon Stultz <brastult@cisco.com>
Date: Tue Apr 27 15:55:28 2021 -0400
ips_options: fix relative base64_decode
Mike Stepanek (mstepane) [Wed, 28 Apr 2021 19:53:34 +0000 (19:53 +0000)]
Merge pull request #2867 in SNORT/snort3 from ~OSERHIIE/snort3:pcre_jit_supp to master
Squashed commit of the following:
commit
39facc13eccc8dc6c29599d30afdd268d62be329
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Apr 28 15:02:57 2021 +0300
ips_pcre: re-enable JIT
Shravan Rangarajuvenkata (shrarang) [Wed, 28 Apr 2021 17:20:29 +0000 (17:20 +0000)]
Merge pull request #2863 in SNORT/snort3 from ~SHRARANG/snort3:mem_accounting to master
Squashed commit of the following:
commit
272257dd20a103ff68536d5437387fc3eadbb39a
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Apr 23 13:32:32 2021 -0400
appid: do memory accounting of api stash object, dns/tls/third-party sessions
Masud Hasan (mashasan) [Wed, 28 Apr 2021 15:25:56 +0000 (15:25 +0000)]
Merge pull request #2844 in SNORT/snort3 from ~MASHASAN/snort3:close_stream to master
Squashed commit of the following:
commit
2eaee2752af6e487c4ccf59940fd2a0ac6875c75
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Apr 23 08:58:09 2021 -0400
stream_tcp: Using window base for reset validation
commit
1526f0d93ba1d1ce04b40b46faf7304b0eb6b307
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Apr 13 18:36:58 2021 -0400
stream_tcp: Deleting session when both talker and listener are closed
Tom Peters (thopeter) [Tue, 27 Apr 2021 20:54:52 +0000 (20:54 +0000)]
Merge pull request #2852 in SNORT/snort3 from ~MDAGON/snort3:stream_limit to master
Squashed commit of the following:
commit
68169e41ce122a7368f076755edf7c1dc854d789
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Apr 16 16:39:05 2021 -0400
http2_inspect: concurrent streams limit is configurable
Masud Hasan (mashasan) [Tue, 27 Apr 2021 17:52:44 +0000 (17:52 +0000)]
Merge pull request #2820 in SNORT/snort3 from ~MASHASAN/snort3:match_aux_ip to master
Squashed commit of the following:
commit
9bd621b4b6104b9e0699b664d53e7d134ee3c905
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu Mar 11 16:52:02 2021 -0500
flow: Enhancing APIs to stash auxiliary IP
commit
fe9fcb2eaf1a2af9ffcca1a46fd638f63ad78ff2
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Feb 15 16:02:13 2021 -0500
http_inspect: IP reputation support
commit
173a34c1c6d897203c201dbd33802ec8befc24e3
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Feb 9 10:30:21 2021 -0500
flow: Adding stash API to save auxiliary IP
Mike Stepanek (mstepane) [Tue, 27 Apr 2021 10:12:26 +0000 (10:12 +0000)]
Merge pull request #2860 in SNORT/snort3 from ~DKYRYLOV/snort3:dump_rule_signature_fix to master
Squashed commit of the following:
commit
ac143943fff79eb95f80d84c05416f0c13c4d18b
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Apr 20 13:49:46 2021 +0300
parser: Remove rule merge in dump mode
Bhargava Jandhyala (bjandhya) [Tue, 27 Apr 2021 06:40:35 +0000 (06:40 +0000)]
Merge pull request #2861 in SNORT/snort3 from ~DIPANDIT/snort3:smb_memtrack to master
Squashed commit of the following:
commit
865dfc8eeccc40795e559c9d8bb21f82700055b1
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Fri Apr 23 09:51:38 2021 -0400
dce_rpc: update memory tracking for smb session data
Mike Stepanek (mstepane) [Mon, 26 Apr 2021 20:49:27 +0000 (20:49 +0000)]
Merge pull request #2865 in SNORT/snort3 from ~OSERHIIE/snort3:grind_fix to master
Squashed commit of the following:
commit
fdc6ce333548025807666c016e3466781ebca153
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Apr 26 07:13:23 2021 +0300
ips_pcre: disable JIT
Tom Peters (thopeter) [Mon, 26 Apr 2021 19:32:26 +0000 (19:32 +0000)]
Merge pull request #2857 in SNORT/snort3 from ~KATHARVE/snort3:h2i_stream_mem to master
Squashed commit of the following:
commit
fbbf12946446eadad1d6e643bec3bda1e310ae7d
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Apr 21 17:02:24 2021 -0400
http2_inspect: track stream memory incrementally instead of all up front
Shravan Rangarajuvenkata (shrarang) [Fri, 23 Apr 2021 17:36:54 +0000 (17:36 +0000)]
Merge pull request #2859 in SNORT/snort3 from ~KAMURTHI/snort3:3rd_pty_unknown_payload to master
Squashed commit of the following:
commit
7de785661b313f522ae52bb35e7250ab817de19b
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Thu Apr 22 15:49:25 2021 -0400
appid: mark payload detection as done after either http request or response is inspected
Tom Peters (thopeter) [Fri, 23 Apr 2021 16:07:00 +0000 (16:07 +0000)]
Merge pull request #2862 in SNORT/snort3 from ~KATHARVE/snort3:h2_clear to master
Squashed commit of the following:
commit
1dd6a2569c6edef71833921ce744cb4a8548eb26
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Apr 23 09:27:30 2021 -0400
http2_inspect: add assert in clear
Shravan Rangarajuvenkata (shrarang) [Fri, 23 Apr 2021 01:25:35 +0000 (01:25 +0000)]
Merge pull request #2858 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_future_flow to master
Squashed commit of the following:
commit
431ca4da86d7a950586cb89d983abd10e1eb1685
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Apr 21 23:43:59 2021 -0400
appid: set monitor flags on future flows
Steve Chew (stechew) [Wed, 21 Apr 2021 20:06:22 +0000 (20:06 +0000)]
Merge pull request #2855 in SNORT/snort3 from ~RUCOMBS/snort3:3_1_4_0 to master
Squashed commit of the following:
commit
033b703311c607c7790437ab216b40e8b7cf1b48
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Apr 21 12:31:35 2021 -0400
build: Generate and tag 3.1.4.0
Mike Stepanek (mstepane) [Wed, 21 Apr 2021 17:39:43 +0000 (17:39 +0000)]
Merge pull request #2848 in SNORT/snort3 from ~OSERHIIE/snort3:js_inline_scripts to master
Squashed commit of the following:
commit
8d130d92807ecc480c3832e7e85697883bf1ae42
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Apr 16 12:48:49 2021 +0300
http_inspect: add js_inline_scripts peg count
commit
07beb04a28389e09bc0e77f672e86f58e5ef4194
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Apr 16 10:31:01 2021 +0300
http_inspect: identify external javascripts
commit
b4e77cf2d524ecc076eb6007d9e1f4743b2852e4
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Apr 16 01:34:30 2021 +0300
http_inspect: add built-in alert for unexpected tags within inline javascript
Russ Combs (rucombs) [Wed, 21 Apr 2021 13:16:00 +0000 (13:16 +0000)]
Merge pull request #2811 in SNORT/snort3 from ~RUCOMBS/snort3:nfp to master
Squashed commit of the following:
commit
0349a07ec2d2ff74a3810a2952c8f642b7f0fd44
Author: russ <rucombs@cisco.com>
Date: Thu Apr 1 09:37:30 2021 -0400
pcre: revert change that disabled jit
commit
3e5c3aa8a6115c14b1fe2cad67a290c8c0ce8a0b
Author: russ <rucombs@cisco.com>
Date: Tue Mar 23 11:38:38 2021 -0400
ips: allow null detection trees with negated lists
Masud Hasan (mashasan) [Tue, 20 Apr 2021 16:56:30 +0000 (16:56 +0000)]
Merge pull request #2854 in SNORT/snort3 from ~SMINUT/snort3:hpq_reload_time to master
Squashed commit of the following:
commit
6fce6e70fea873975295861ac8963c4246319fe8
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Apr 20 10:20:14 2021 -0400
stream: fix race condition in HPQReloadTuner
Steve Chew (stechew) [Tue, 20 Apr 2021 05:57:06 +0000 (05:57 +0000)]
Merge pull request #2851 in SNORT/snort3 from ~STECHEW/snort3:hold_packet_ip_frag to master
Squashed commit of the following:
commit
8f56099ea176bcca27e743c632a4e2728f273e42
Author: Steve Chew <stechew@cisco.com>
Date: Mon Apr 19 13:41:45 2021 -0400
stream: IP frag packets won't have a flow so do not try to hold them.
Bhargava Jandhyala (bjandhya) [Mon, 19 Apr 2021 12:22:13 +0000 (12:22 +0000)]
Merge pull request #2849 in SNORT/snort3 from ~DIPANDIT/snort3:lru_dead_lock to master
Squashed commit of the following:
commit
57c873106b055daf409b5a712a98f67d642c8d1a
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Mon Apr 19 02:43:27 2021 -0400
hash: prepond object creation in LRU cache find_else_create
Bhargava Jandhyala (bjandhya) [Mon, 19 Apr 2021 12:13:17 +0000 (12:13 +0000)]
Merge pull request #2850 in SNORT/snort3 from ~BSACHDEV/snort3:dcerpc_share_type to master
Squashed commit of the following:
commit
ccd53ac3f861d158e1a93e92b5ebea23b4d4cc1e
Author: bsachdev <bsachdev@cisco.com>
Date: Mon Apr 19 02:56:13 2021 -0400
dce_rpc: Added a cleanup condition for DCERPC in close request
Signed-off-by: bsachdev <bsachdev@cisco.com>
Brian Morris (bmorris2) [Fri, 16 Apr 2021 16:45:56 +0000 (16:45 +0000)]
Merge pull request #2838 in SNORT/snort3 from ~OSIRYI/snort3:osiryi_ips to master
Squashed commit of the following:
commit
82bce21c9a702abec288bd9bebeb62ba1688956b
Author: Oleksandr Siryi <osiryi@cisco.com>
Date: Thu Apr 15 14:49:52 2021 +0300
ssl: refactoring SSLData out so it can be reused
Russ Combs (rucombs) [Thu, 15 Apr 2021 16:40:50 +0000 (16:40 +0000)]
Merge pull request #2843 in SNORT/snort3 from ~OSIRYI/snort3:appid_version_warning to master
Squashed commit of the following:
commit
1efe29874535e5825846136c83a71d4ee66eaa61
Author: Oleksandr Siryi <osiryi@cisco.com>
Date: Thu Apr 15 18:53:38 2021 +0300
appid: (style) Local variable 'version' shadows outer variable
Tom Peters (thopeter) [Thu, 15 Apr 2021 01:08:06 +0000 (01:08 +0000)]
Merge pull request #2833 in SNORT/snort3 from ~MDAGON/snort3:oom to master
Squashed commit of the following:
commit
ff5bc520f269912b3589fbe4adb1cab946ad9775
Author: Maya Dagon <mdagon@cisco.com>
Date: Thu Apr 1 15:55:16 2021 -0400
http2_inspect: free streams in completed/error state
Lokesh Bevinamarad (lbevinam) [Wed, 14 Apr 2021 15:07:29 +0000 (15:07 +0000)]
Merge pull request #2821 in SNORT/snort3 from ~BJANDHYA/snort3:feature/dcerpc to master
Squashed commit of the following:
commit
bddb8e4ce8aac8e8d78f3f62bf973228ac56994c
Author: Bhargava Jandhyala <bjandhya@cisco.com>
Date: Wed Mar 31 12:21:44 2021 -0400
dce_rpc: DCERPC Support over SMBv2
Shravan Rangarajuvenkata (shrarang) [Tue, 13 Apr 2021 22:13:32 +0000 (22:13 +0000)]
Merge pull request #2841 in SNORT/snort3 from ~SHRARANG/snort3:appid_dns_payload to master
Squashed commit of the following:
commit
d3ce08a3600f610d3053c82da85bce8fafd61dda
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Apr 9 16:18:19 2021 -0400
appid: detect payload based on dns host
Shravan Rangarajuvenkata (shrarang) [Tue, 13 Apr 2021 20:39:26 +0000 (20:39 +0000)]
Merge pull request #2836 in SNORT/snort3 from ~SHRARANG/snort3:appid_refactor_tp to master
Squashed commit of the following:
commit
826a256d28984cd56be15f6e93a95ef179be8eb9
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Apr 7 16:17:49 2021 -0400
appid: remove detectors which are available in odp
commit
0e4d330ddcdfac8e0add3fcac0286034229d9271
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Apr 7 11:30:23 2021 -0400
appid: remove duplicate rtmp code
commit
a6d0a4b77c99662f65a67037a856bed547a1178a
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Apr 7 10:41:22 2021 -0400
appid: refactor to set http scan flags in one place
Shravan Rangarajuvenkata (shrarang) [Mon, 12 Apr 2021 18:09:05 +0000 (18:09 +0000)]
Merge pull request #2842 in SNORT/snort3 from ~KAMURTHI/snort3:dhp_new_leash to master
Squashed commit of the following:
commit
1e1db8db55fffc7e4d0d4efffe88234aae80a8f9
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Mon Apr 12 10:17:05 2021 -0400
appid: clean-up parameters in service_bootp
Mike Stepanek (mstepane) [Mon, 12 Apr 2021 17:21:09 +0000 (17:21 +0000)]
Merge pull request #2839 in SNORT/snort3 from ~OSERHIIE/snort3:build_flex to master
Squashed commit of the following:
commit
e644105f5c593f23cabcf6486d1c32e4ce87472e
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Apr 9 14:17:58 2021 +0300
build: add better support for flex lexer
Thanks to Özkan KIRIK and Moin for reporting the issue.
commit
67548b869fa80173561b141b1733e0da41da84bf
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Apr 8 21:22:21 2021 +0300
utils: enable Flex C++ mode via its option
Tom Peters (thopeter) [Fri, 9 Apr 2021 20:44:21 +0000 (20:44 +0000)]
Merge pull request #2835 in SNORT/snort3 from ~THOPETER/snort3:script_detection_reload to master
Squashed commit of the following:
commit
c47bbd6354de354dc2f297e4c32eeae407d03ff4
Author: russ <rucombs@cisco.com>
Date: Thu Apr 1 23:30:47 2021 -0400
http_inspect: fix end of script match after reload
Tom Peters (thopeter) [Fri, 9 Apr 2021 19:14:00 +0000 (19:14 +0000)]
Merge pull request #2834 in SNORT/snort3 from ~MDAGON/snort3:goaway to master
Squashed commit of the following:
commit
184702db041232b8f7f1dda1c1bd61e7f5774fa3
Author: Maya Dagon <mdagon@cisco.com>
Date: Wed Mar 24 11:12:18 2021 -0400
payload_injector: send go away frame
Shravan Rangarajuvenkata (shrarang) [Fri, 9 Apr 2021 13:28:12 +0000 (13:28 +0000)]
Merge pull request #2775 in SNORT/snort3 from ~KAMURTHI/snort3:enable_rna_filter to master
Squashed commit of the following:
commit
40346667badded094e185b7cfb842da63995b23e
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Fri Mar 12 17:51:43 2021 -0500
appid: monitor only the networks specified in rna configuration
Mike Stepanek (mstepane) [Fri, 9 Apr 2021 12:57:13 +0000 (12:57 +0000)]
Merge pull request #2831 in SNORT/snort3 from ~OSERHIIE/snort3:bug_CSCvx77413 to master
Squashed commit of the following:
commit
34425873d946ed92696fcd20f0be7b43803fbb40
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Apr 6 23:54:48 2021 +0300
binder: update flow data inspector on a service change
Mike Stepanek (mstepane) [Wed, 7 Apr 2021 15:04:01 +0000 (15:04 +0000)]
Merge pull request #2832 in SNORT/snort3 from ~SVLASIUK/snort3:doc_script_data to master
Squashed commit of the following:
commit
c4f9eab374102412a2ebe64e8fddc2511d40b1c0
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Wed Apr 7 16:40:48 2021 +0300
doc: add documentation for script_data ips option
Steve Chew (stechew) [Wed, 7 Apr 2021 03:52:00 +0000 (03:52 +0000)]
Merge pull request #2829 in SNORT/snort3 from ~SBAIGAL/snort3:netflow_zone to master
Squashed commit of the following:
commit
2d625d0f1d4ffa8648679d735b5e6895f9278d73
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Apr 6 16:14:01 2021 -0400
netflow: get correct zone info from packet
Tom Peters (thopeter) [Wed, 7 Apr 2021 00:05:55 +0000 (00:05 +0000)]
Merge pull request #2830 in SNORT/snort3 from ~KATHARVE/snort3:nhi_remove_DI to master
Squashed commit of the following:
commit
185ed88e6b45399659b7443a2daf809805d15bdb
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Apr 6 13:25:16 2021 -0400
http_inspect: remove detained inspection config
Mike Stepanek (mstepane) [Tue, 6 Apr 2021 19:53:54 +0000 (19:53 +0000)]
Merge pull request #2828 in SNORT/snort3 from ~SVLASIUK/snort3:doc_js_norm to master
Squashed commit of the following:
commit
a172d99df0ae3acd69e26f884e5cbea40d90cec9
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Apr 6 22:24:15 2021 +0300
doc: revert documentation related to script_data ips option
Shravan Rangarajuvenkata (shrarang) [Tue, 6 Apr 2021 17:24:38 +0000 (17:24 +0000)]
Merge pull request #2827 in SNORT/snort3 from ~SATHIRKA/snort3:reload_tp_core to master
Squashed commit of the following:
commit
c6e4f9fbc002d75c9b352193993f967281271066
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Apr 1 17:45:12 2021 -0400
appid: Delete third-party connections with context only if third-party reload is not in progress
Mike Stepanek (mstepane) [Tue, 6 Apr 2021 15:50:46 +0000 (15:50 +0000)]
Merge pull request #2787 in SNORT/snort3 from ~SVLASIUK/snort3:script_data to master
Squashed commit of the following:
commit
aac9aac7fdda1f5dd7ca37ac32690700156655eb
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Mar 9 15:11:08 2021 +0200
ips_options: add sticky buffer script_data ips option within normalized javascripts payload
Update max value for js_normalization_depth = {-1, max53}
Add mutual exclusion behaviour for js_normalization_depth and normalize_javascript
js_normalization_depth - enables enhanced normalizer
normalize_javascript - enables legacy normalizer
Steve Chew (stechew) [Mon, 5 Apr 2021 22:34:23 +0000 (22:34 +0000)]
Merge pull request #2825 in SNORT/snort3 from ~DERAMADA/snort3:held_pkt_reset to master
Squashed commit of the following:
commit
5480871c0d14c8487fc7a2044f8ce002fc65d2c5
Author: Deepak Ramadass <deramada@cisco.com>
Date: Mon Mar 29 21:14:30 2021 -0400
stream: store held packet SYN
commit
14116e12388e618b28aef80f90e3364b22655f88
Author: Deepak Ramadass <deramada@cisco.com>
Date: Mon Mar 29 21:13:48 2021 -0400
stream: fetch held packet SYN
commit
b38b8d4d69bd0bd09bd2ffcfe69faa470f62b5d7
Author: Deepak Ramadass <deramada@cisco.com>
Date: Mon Mar 29 21:12:00 2021 -0400
codecs: use held packet SYN in Tcp header creation
Shravan Rangarajuvenkata (shrarang) [Mon, 5 Apr 2021 17:39:22 +0000 (17:39 +0000)]
Merge pull request #2826 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_ftp_dont_fail_during_continue to master
Squashed commit of the following:
commit
d0538349f43e27ea7e765b29ad086413678783cb
Author: cljudge <cljudge@cisco.com>
Date: Fri Apr 2 01:03:42 2021 -0400
appid: in continue state for ftp traffic, do not change service to unknown on validation failure
Masud Hasan (mashasan) [Fri, 2 Apr 2021 19:35:34 +0000 (19:35 +0000)]
Merge pull request #2822 in SNORT/snort3 from ~MASHASAN/snort3:iprep_reload to master
Squashed commit of the following:
commit
7f1303b3e1e50a8986acd72989e37bb0d8f9461e
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 20:35:41 2021 -0400
reputation: Registering inspector to the IT_FIRST type
commit
df1ace6dae83f3959acd3a226de38e54f8940957
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 20:11:08 2021 -0400
framework: Adding IT_FIRST inspector type to analyze the first packet of a flow
commit
4be59cff4ad586e556306aa5dba3914d0ccab076
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 15:45:45 2021 -0400
main: Adding reload id to track config/module/policy reloads
Masud Hasan (mashasan) [Fri, 2 Apr 2021 15:10:49 +0000 (15:10 +0000)]
Merge pull request #2824 in SNORT/snort3 from ~SMINUT/snort3:data_purge to master
Squashed commit of the following:
commit
596cd6e63ee19063e7c5fcdba4d930a99af486f9
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Apr 1 16:01:12 2021 -0400
host_tracker: fix bug in set_visibility
Clear HostTracker internal data not only when the visibility gets
turned off, but rather whenever the visibility changes, in order to
allow everything to be rediscovered after a data purge.
Lokesh Bevinamarad (lbevinam) [Thu, 1 Apr 2021 08:45:04 +0000 (08:45 +0000)]
Merge pull request #2804 in SNORT/snort3 from ~SMULKA/snort3:appid_trace to master
Squashed commit of the following:
commit
357d3b90982070f6f39dc65cff521af60aef4906
Author: smulka <smulka@cisco.com>
Date: Mon Mar 22 01:51:28 2021 -0400
packet_tracer: Appid daq trace log
Steve Chew (stechew) [Wed, 31 Mar 2021 22:38:58 +0000 (22:38 +0000)]
Merge pull request #2808 in SNORT/snort3 from ~SBAIGAL/snort3:netflow_cfg to master
Squashed commit of the following:
commit
d895eb631410232976bd389e90a2cd3b2c6650b0
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Mar 23 11:23:12 2021 -0400
netflow: add device list configuration
netflow: add filter matching for v5 decoder
Steve Chew (stechew) [Wed, 31 Mar 2021 12:40:16 +0000 (12:40 +0000)]
Merge pull request #2781 in SNORT/snort3 from ~STECHEW/snort3:ftps_tls_alert to master
Squashed commit of the following:
commit
41c0f9f0404feb00411a381fddc5a4d8b5fe8d2a
Author: Steve Chew <stechew@cisco.com>
Date: Wed Mar 24 18:40:40 2021 -0400
main: Log holding verdict only if packet was actually held.
commit
f85ee407474f867c021381d2c5dad01676c100a2
Author: Steve Chew <stechew@cisco.com>
Date: Fri Mar 19 09:30:21 2021 -0400
dce_rpc: Fixed prototype mismatch. Smb2Tid doesn't need to be inline.
commit
b1c00248536485223c00d2cd66df1fa236d18673
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 8 13:56:29 2021 -0500
main: Update memcap for detained packets.
commit
9850db7b66e50454048a7744497c057628a07429
Author: Steve Chew <stechew@cisco.com>
Date: Tue Mar 9 18:06:56 2021 -0500
packet_io: If packet has no daq_instance, use thread-local daq_instance.
commit
a0479bf54f4d882e2bd19c4044c3776330be787a
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 8 13:49:00 2021 -0500
stream: Add held packet to retry queue when requested.
commit
2e8c00a0ca58c338491bc3a38ed039cc1baba01a
Author: Steve Chew <stechew@cisco.com>
Date: Mon Mar 8 02:22:02 2021 -0500
stream: Add partial_flush. Flush one side of flow immediately.
Naveen Gujje (ngujje) [Wed, 31 Mar 2021 05:11:32 +0000 (05:11 +0000)]
Merge pull request #2816 in SNORT/snort3 from ~AJMANDAD/snort3:tracr_proto_bug to master
Squashed commit of the following:
commit
2d8674eb0608149257d1c908db5062829c98ca9e
Author: Ajay Mandadi <ajmandad@cisco.com>
Date: Fri Mar 26 01:12:22 2021 -0400
packet_tracer: fix trace condition for setting IP_PROTO
Signed-off-by: Ajay Mandadi <ajmandad@cisco.com>
Shravan Rangarajuvenkata (shrarang) [Tue, 30 Mar 2021 22:28:43 +0000 (22:28 +0000)]
Merge pull request #2813 in SNORT/snort3 from ~SHRARANG/snort3:appid_invalid_lua to master
Squashed commit of the following:
commit
8e18fcb2c5716b581b9a6ff1b0465ac9a5ae82cf
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Mar 8 18:30:06 2021 -0500
appid: clean up lua stack on C->lua function exit
Tom Peters (thopeter) [Tue, 30 Mar 2021 19:53:18 +0000 (19:53 +0000)]
Merge pull request #2817 in SNORT/snort3 from ~KATHARVE/snort3:h2i_hpack_fix to master
Squashed commit of the following:
commit
baf855dbcfe551ac5a42bec110adf53a958b281f
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Mar 26 14:28:53 2021 -0400
http2_inspect: fix possible read-after-free in hpack decoder
Masud Hasan (mashasan) [Tue, 30 Mar 2021 15:51:20 +0000 (15:51 +0000)]
Merge pull request #2812 in SNORT/snort3 from ~SMINUT/snort3:smbfp_ftd to master
Squashed commit of the following:
commit
dbfa20b6ac750dcc32956ecf5803c7fa0bcb212b
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Mar 24 19:24:42 2021 -0400
rna: add the smb fingerprint processor to the get_or_create / set processor api
Mike Stepanek (mstepane) [Tue, 30 Mar 2021 12:58:28 +0000 (12:58 +0000)]
Merge pull request #2807 in SNORT/snort3 from ~DKYRYLOV/snort3:copyright_update to master
Squashed commit of the following:
commit
95c183b195d6fa6f96c5489f5e9795107c4081bb
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Mar 23 13:41:57 2021 +0200
copyright: Update year to 2021
Michael Altizer (mialtize) [Sat, 27 Mar 2021 18:13:03 +0000 (18:13 +0000)]
Merge pull request #2814 in SNORT/snort3 from ~MIALTIZE/snort3:3_1_3_0 to master
Squashed commit of the following:
commit
80376763f888930cc887eb988326b4fdde38d06c
Author: Michael Altizer <mialtize@cisco.com>
Date: Sat Mar 27 11:43:36 2021 -0400
build: Generate and tag 3.1.3.0
This release requires LibDAQ 3.0.2.
Michael Altizer (mialtize) [Fri, 26 Mar 2021 19:20:37 +0000 (19:20 +0000)]
Merge pull request #2800 in SNORT/snort3 from ~BBANTWAL/snort3:ips_actions to master
Squashed commit of the following:
commit
9ea4a671998c7c5270d91ca26ee1cca8228030ff
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri Mar 26 12:08:39 2021 -0400
actions: dynamically construct the default eval order for all the loaded ips actions
commit
39c59c2dd92c4ad3b1ed1d3ac4914c511b5a7edf
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Sun Mar 21 13:07:52 2021 -0400
detection: Update the rtn's listHead to reflect the new action set in the rule state
commit
628648057da9d38fc7c212a209427623700efaa3
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Mar 25 09:48:18 2021 -0400
rate_filter: Get the available ips actions dynamically to configure the new_action
commit
15c13d82d360fc37aa83ebf30dea71b2877b5a14
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Mar 17 12:13:06 2021 -0400
snort_config: Remove is_active_enabled and set_active_enabled functions
commit
fce81b9ed016b3aa118371fec104cc3d62c5109b
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Mar 16 14:26:49 2021 -0400
snort2lua: delete conversion of disable_replace option
commit
13ad5f9b33620576f11483058425fc8b43031acc
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Mar 9 11:33:31 2021 -0500
actions: Make all IPS actions pluggable
* All actions, including the previously "built-in" actions, have been
refactored into a set of equal IPS action plugins. Each IPS action has
an immediate effect and may or may not contain an active response to be
carried out as a delayed action.
* The reset and reject IPS actions have been merged into a single
reject IPS action. The reject IPS action can no longer be built as a
dynamic plugin.
* All IPS actions will be instantiated in a default state in each IPS
policy where they have not been otherwise explicitly configured via a
module.
* The rewrite IPS action is no longer configurable and has lost its
module. Its active response priority has been corrected to AP_MODIFY.
* Rate filter thresholding has been corrected to apply to any IPS
action that drops traffic.
* Rule evaluation action ordering has been expanded to include all
IPS actions, static and dynamic. Dynamic actions will currently default
to the lowest priority.
Tom Peters (thopeter) [Wed, 24 Mar 2021 17:29:48 +0000 (17:29 +0000)]
Merge pull request #2799 in SNORT/snort3 from ~NIHDESAI/snort3:h2_uppercase_check to master
Squashed commit of the following:
commit
a0a75674bd8dd314db8551a187375ab5fbb3bc50
Author: Nihal Desai <nihdesai@cisco.com>
Date: Fri Mar 12 01:28:56 2021 -0500
http2_inspect: alert on uppercase header name encoded in HPACK
Tom Peters (thopeter) [Wed, 24 Mar 2021 16:05:05 +0000 (16:05 +0000)]
Merge pull request #2803 in SNORT/snort3 from ~THOPETER/snort3:nhttp156 to master
Squashed commit of the following:
commit
124ef14653ebd8c95178155ef5fa94d76cb60aa0
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Mar 17 13:46:37 2021 -0400
http_inspect: alert on HTTP/2 upgrade attempts
Pranav Bhalerao (prbhaler) [Wed, 24 Mar 2021 06:41:50 +0000 (06:41 +0000)]
Merge pull request #2805 in SNORT/snort3 from ~KRPRAJAP/snort3:pinhole_serv to master
Squashed commit of the following:
commit
ffc93030a0477fd864452bd5a01efeeef7e0f6e3
Author: Krithika Prajapathi <krprajap@cisco.com>
Date: Mon Mar 22 01:10:09 2021 -0400
log: pinhole serviceability
Masud Hasan (mashasan) [Tue, 23 Mar 2021 20:47:34 +0000 (20:47 +0000)]
Merge pull request #2810 in SNORT/snort3 from ~SMINUT/snort3:smbfp_fix to master
Squashed commit of the following:
commit
3fa6d18e0be33f4ebab458f5f690e3149b3d0b0a
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Mar 23 14:31:33 2021 -0400
rna: rename minor and major data members to avoid compiler warning
Masud Hasan (mashasan) [Tue, 23 Mar 2021 16:17:01 +0000 (16:17 +0000)]
Merge pull request #2792 in SNORT/snort3 from ~SMINUT/snort3:smbfp to master
Squashed commit of the following:
commit
727fcef5b3952eb13f895e3ea8fbb0075c4366d8
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Mar 11 15:43:57 2021 -0500
appid: smb fingerprinting support
rna: smb fingerprint support
Mike Stepanek (mstepane) [Tue, 23 Mar 2021 13:26:15 +0000 (13:26 +0000)]
Merge pull request #2801 in SNORT/snort3 from ~OSHUMEIK/snort3:dup_rtn_with_vars to master
Squashed commit of the following:
commit
2aaa48fd2e09639b937e61533b14d55544cb1355
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Mar 18 12:13:34 2021 +0200
parser: support duped RTN if its header has been changed
Mike Stepanek (mstepane) [Tue, 23 Mar 2021 13:05:23 +0000 (13:05 +0000)]
Merge pull request #2778 in SNORT/snort3 from ~OSERHIIE/snort3:javascript_normalization to master
Squashed commit of the following:
commit
5371730d74442a199d46ed862639172f18437193
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Mon Feb 1 16:01:38 2021 +0200
http_inspect: add JavaScript whitespace normalization
http_inspect: integrate JSNormalizer (whitespace normalizzation) keeping the old one
http_inspect: add normalization_depth config option
utils: add JSNormalizer
cmake: add flex build dependency
doc: update http_inspect feature doc
Michael Altizer (mialtize) [Tue, 23 Mar 2021 01:38:42 +0000 (01:38 +0000)]
Merge pull request #2806 in SNORT/snort3 from ~MIALTIZE/snort3:goodbye_retry to master
Squashed commit of the following:
commit
3f880f91cec15ab7c551962f117a02124ae075d4
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 22 10:32:55 2021 -0400
packet_io: Update for the removal of the RETRY DAQ verdict
Shravan Rangarajuvenkata (shrarang) [Mon, 22 Mar 2021 18:35:40 +0000 (18:35 +0000)]
Merge pull request #2752 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_add_netbios_domain_to_logs to master
Squashed commit of the following:
commit
482176a1c83f2a63941308ec6dbef5f7f2109712
Author: cljudge <cljudge@cisco.com>
Date: Wed Feb 17 04:55:19 2021 -0500
appid: Make netbios domain available through appid api.
Tom Peters (thopeter) [Thu, 18 Mar 2021 15:17:42 +0000 (15:17 +0000)]
Merge pull request #2797 in SNORT/snort3 from ~MDAGON/snort3:detection to master
Squashed commit of the following:
commit
bbfa5a891df785f60d423c84c1c55b125b4c07f0
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Mar 15 16:04:54 2021 -0400
detection: update detection.alert, to be used instead of reputation.total_alerts
Bhagya Tholpady (bbantwal) [Thu, 18 Mar 2021 15:05:50 +0000 (15:05 +0000)]
Merge pull request #2788 in SNORT/snort3 from ~DKYRYLOV/snort3:dump_rule_meta_crash to master
Squashed commit of the following:
commit
01f2233993c744d01935e1fbe9a727555867ad8f
Author: dkyry <dkyrylov@cisco.com>
Date: Wed Mar 10 14:07:21 2021 +0200
detection: Update dump_rule_meta function to only print rules from default ips policy
Masud Hasan (mashasan) [Wed, 17 Mar 2021 20:53:12 +0000 (20:53 +0000)]
Merge pull request #2795 in SNORT/snort3 from ~MMATIRKO/snort3:hostclient_nullptr to master
Squashed commit of the following:
commit
d5789022476a59edec4cfd73eea23d53664cdda2
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Mar 11 15:15:57 2021 -0500
host_tracker: fully populate local hostclient before logging
Bhargava Jandhyala (bjandhya) [Wed, 17 Mar 2021 14:39:07 +0000 (14:39 +0000)]
Merge pull request #2798 in SNORT/snort3 from ~DIPANDIT/snort3:classify to master
Squashed commit of the following:
commit
5927f7dae46a8a82919942171f594320044baf8a
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date: Wed Mar 17 09:06:47 2021 -0400
dce_rpc: fix warning of empty body
Russ Combs (rucombs) [Tue, 16 Mar 2021 15:57:26 +0000 (15:57 +0000)]
Merge pull request #2790 in SNORT/snort3 from ~RUCOMBS/snort3:stylez to master
Squashed commit of the following:
commit
498f2ec03eda4d563554358acb56da12fa323a33
Author: russ <rucombs@cisco.com>
Date: Thu Mar 11 11:13:08 2021 -0500
style: Change C++ comment NULL to null
To make inappropriate use of NULL vs nullptr easier to spot.
Also, keep MPLS "NULL label" comments since that is normative.
commit
3cf4fc89961d26585a091ca2f04526f3098c9302
Author: russ <rucombs@cisco.com>
Date: Thu Mar 11 10:51:59 2021 -0500
style: Remove unnecessary cruft
commit
e8ec4040b2deabe46d7322191fc4087e92525d8e
Author: russ <rucombs@cisco.com>
Date: Thu Mar 11 10:38:41 2021 -0500
style: Remove unused cruft
Lokesh Bevinamarad (lbevinam) [Tue, 16 Mar 2021 07:55:49 +0000 (07:55 +0000)]
Merge pull request #2737 in SNORT/snort3 from ~DIPANDIT/snort3:classify to master
Squashed commit of the following:
commit
85f29b509d5b53795caffbd55a44991929bac49c
Author: Dipto Pandit <dipandit@cisco.com>
Date: Thu Oct 8 06:55:59 2020 -0400
dce_rpc: refactoring smb code
Changed old C style code to C++ code. Created classes for appropriate
structures and encapsulated the methods. maintained data boundary as
much as possible. Changed file structure to reduce clutter.
Russ Combs (rucombs) [Mon, 15 Mar 2021 19:09:14 +0000 (19:09 +0000)]
Merge pull request #2785 in SNORT/snort3 from ~RUCOMBS/snort3:dash_h to master
Squashed commit of the following:
commit
b929e28aecf5a4b9eb7ab8ccf5266971a53cc7ec
Author: russ <rucombs@cisco.com>
Date: Tue Mar 9 11:23:06 2021 -0500
snort: Add -h to output the help overview (same as --help)
Michael Altizer (mialtize) [Sat, 13 Mar 2021 15:40:16 +0000 (15:40 +0000)]
Merge pull request #2794 in SNORT/snort3 from ~SMULKA/snort3:dtrace_style to master
Squashed commit of the following:
commit
ecc98c4f141de36b9f334933c14247f0b95b2ea2
Author: smulka <smulka@cisco.com>
Date: Thu Mar 11 23:14:21 2021 -0500
packet_tracer: Remove unused pt_timer_start()
Michael Altizer (mialtize) [Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)]
Merge pull request #2771 in SNORT/snort3 from ~KBHANDAN/snort3:pt_shell_nonip to master
Squashed commit of the following:
commit
0e87af6c8591908e68e8e3b60f98ff593566ef96
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Tue Mar 2 11:35:49 2021 -0500
packet_tracer: Do not log non-IP packets when enabled from shell and when a constraint is set
Masud Hasan (mashasan) [Fri, 12 Mar 2021 15:14:19 +0000 (15:14 +0000)]
Merge pull request #2783 in SNORT/snort3 from ~ARMANDAV/snort3:passive to master
Squashed commit of the following:
commit
003c442bf581f1d77a2d17263b57728b132830f2
Author: Arun Mandava <armandav@cisco.com>
Date: Tue Mar 9 09:31:41 2021 -0500
rna: Make discovery filter to use client and server interfaces if they are not DAQ_PKTHDR_UNKNOWN
Pranav Bhalerao (prbhaler) [Fri, 12 Mar 2021 11:48:11 +0000 (11:48 +0000)]
Merge pull request #2782 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_lua to master
Squashed commit of the following:
commit
40ef99ede336f6b2970d1fc42846369a3b986232
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Mon Mar 8 03:48:53 2021 -0500
snort2lua: Fixing lua conversion of http preproc options
Michael Altizer (mialtize) [Thu, 11 Mar 2021 21:10:46 +0000 (21:10 +0000)]
Merge pull request #2791 in SNORT/snort3 from ~MIALTIZE/snort3:3_1_2_0 to master
Squashed commit of the following:
commit
61f2ce2932087540afd85ba847dd164bdb68dd25
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Mar 11 14:53:33 2021 -0500
build: Generate and tag 3.1.2.0
Michael Altizer (mialtize) [Thu, 11 Mar 2021 04:53:24 +0000 (04:53 +0000)]
Merge pull request #2789 in SNORT/snort3 from ~MIALTIZE/snort3:tidy to master
Squashed commit of the following:
commit
a5026537718b6da997ff33e4125e90a250b74486
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Mar 10 16:10:52 2021 -0500
build: Do one more pass of modernizing the C++ code
Mostly generated automatically from clang-tidy using:
- modernize-deprecated-headers
- modernize-redundant-void-arg
- modernize-use-bool-literals
- modernize-use-equals-default
- modernize-use-nullptr
- modernize-use-override
Michael Altizer (mialtize) [Wed, 10 Mar 2021 17:22:20 +0000 (17:22 +0000)]
Merge pull request #2786 in SNORT/snort3 from ~MIALTIZE/snort3:flowstats_style to master
Squashed commit of the following:
commit
29bb7fe503dc2b2a8a87a164717a124368db13df
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 9 21:46:30 2021 -0500
snort: Update for DAQ_FlowStats_t structure and field name changes
Michael Altizer (mialtize) [Tue, 9 Mar 2021 21:49:57 +0000 (21:49 +0000)]
Merge pull request #2784 in SNORT/snort3 from ~MIALTIZE/snort3:frag_off to master
Squashed commit of the following:
commit
764273f3debc314962f1f935e5127cdd679fb5ed
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 9 13:27:53 2021 -0500
ipv4: Correct the calculation for illegal fragment offset checks
Shravan Rangarajuvenkata (shrarang) [Tue, 9 Mar 2021 17:43:27 +0000 (17:43 +0000)]
Merge pull request #2780 in SNORT/snort3 from ~SATHIRKA/snort3:smtps_imaps_fix to master
Squashed commit of the following:
commit
338c24caf91f531338b043703ad2928819768006
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Mar 4 17:07:27 2021 -0500
appid: Use opportunistic tls event to set decryption countdown for SMTP detector; Update IMAP service detector pattern
Shanmugam S (shanms) [Tue, 9 Mar 2021 16:22:13 +0000 (16:22 +0000)]
Merge pull request #2766 in SNORT/snort3 from ~SUNIMUKH/snort3:clear_global_counter to master
Squashed commit of the following:
commit
df425d8fc335ca5891200064f2c03b9b6f7d6892
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Feb 23 17:28:05 2021 -0500
module: Introduced new api to clear global active module counters
Lokesh Bevinamarad (lbevinam) [Tue, 9 Mar 2021 11:26:44 +0000 (11:26 +0000)]
Merge pull request #2763 in SNORT/snort3 from ~SMULKA/snort3:daq_trace to master
Squashed commit of the following:
commit
222b106f98bbade0ad7c89dbf526feea8fd1f46e
Author: smulka <smulka@cisco.com>
Date: Sat Feb 20 15:35:35 2021 -0500
packet_tracer: Added daq buffer to hold daq logs
Michael Altizer (mialtize) [Tue, 9 Mar 2021 03:56:50 +0000 (03:56 +0000)]
Merge pull request #2734 in SNORT/snort3 from ~BRASTULT/snort3:zip_data_desc to master
Squashed commit of the following:
commit
142372710cf9717980b1e2ab14f11c2f7ea5a18d
Author: Brandon Stultz <brastult@cisco.com>
Date: Wed Feb 3 00:23:10 2021 -0500
decompress: add support for streaming ZIPs
Michael Altizer (mialtize) [Tue, 9 Mar 2021 03:01:53 +0000 (03:01 +0000)]
Merge pull request #2729 in SNORT/snort3 from ~MIALTIZE/snort3:compound_codec to master
Squashed commit of the following:
commit
d38e1757de753e33fbd7eb86fdd47e7005367ba4
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Mar 8 17:32:42 2021 -0500
snort_config: Clean up and annotate command line config merge process
commit
7ddcab755604935be48973c78b17ca70a1dc3eb4
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Mar 2 15:30:14 2021 -0500
protocols: Add peg count for decodes that exceeded the max layers
Also, make sure that the alert for doing so only triggers once per
packet being decoded.
commit
4dbd0f9718ee3160864c760632dc8e4611101899
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Feb 2 18:25:29 2021 -0500
protocols: Add initial support for multilayer compound codecs
commit
6903a09c81e02f8dce04becc393edc26c1ce3b48
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Feb 1 12:29:19 2021 -0500
protocols: Consistently encapsulate exported protocol headers in the snort namespace
commit
e4f056d9fb416c0aaab573f6fa8d81c8f58367d1
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Jan 27 13:24:22 2021 -0500
log: Base logging the Ethernet header on proto bits rather than DLT
commit
d80dc65860f76d1f28e8c93dc832d66d65169e3e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Jan 11 20:43:46 2021 -0500
main: Fix accumulating and printing codec stats at run time
Michael Altizer (mialtize) [Mon, 8 Mar 2021 21:44:27 +0000 (21:44 +0000)]
Merge pull request #2744 in SNORT/snort3 from ~MIALTIZE/snort3:mpls to master
Squashed commit of the following:
commit
ee516377468dd17dfb4b1ff370d3912c96b29274
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
mpls: Add next layer autodetection and implement codec logging
The max_mpls_stack_depth and mpls_payload_type parameters of the MPLS
codec module have been renamed to max_stack_depth and payload_type
respectively to cut down on redundancy.
The EXP field in the MPLS header has been renamed to TC (traffic class)
per RFC5462. Previously available MPLS counters have been removed due
to being both inaccurate and not very valuable.
commit
c007bb268c0f94038e07646eb047f2f0659165a5
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
mpls: Refactor mpls.enable_mpls_overlapping_ip into packet.mpls_agnostic
commit
c00686eb8b98ccca8ca61cbd3517733ffe64802a
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
mpls: Remove enable_mpls_multicast option
The option was unused and MPLS multicast support is now always enabled.
commit
8b4edf540f2ac597e954b6edaace9e506d0d603a
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
loggers: Fix excessive byte reordering when printing MPLS labels in CSV and JSON
commit
ec4488602cf3e45ed4b5f7385f7acd9099078205
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Feb 25 16:38:35 2021 -0500
trans_bridge: Lift the log() implementation from the root Ethernet codec
Shravan Rangarajuvenkata (shrarang) [Fri, 5 Mar 2021 23:45:37 +0000 (23:45 +0000)]
Merge pull request #2777 in SNORT/snort3 from ~SHRARANG/snort3:appid_sub_policy to master
Squashed commit of the following:
commit
48ee239ce9197dcf6746dea9e77145e968a14322
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Thu Mar 4 15:37:49 2021 -0500
appid: get uri from http event even when http host is not present
commit
d1f81e06c96812def7e556f563bb011490ce2be4
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Mar 3 17:29:35 2021 -0500
appid: always get appid inspector from default inspection policy
Mike Stepanek (mstepane) [Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)]
Merge pull request #2776 in SNORT/snort3 from ~MDAGON/snort3:rep_peg to master
Squashed commit of the following:
commit
0ac10d96c7da3c9bb9055c3915380f7c5b934726
Author: mdagon <mdagon@cisco.com>
Date: Wed Mar 3 10:03:58 2021 -0500
reputation: add peg count for total alerts
Shanmugam S (shanms) [Fri, 5 Mar 2021 15:52:03 +0000 (15:52 +0000)]
Merge pull request #2757 in SNORT/snort3 from ~SUNIMUKH/snort3:elephant_flow to master
Squashed commit of the following:
commit
b28012491788b2a71dacda895d85fee6a9be3422
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Mon Feb 22 00:42:49 2021 -0500
flow: Add new flag to indicate elephant flow
projects / thirdparty / snort3.git / log
