]>
git.ipfire.org Git - thirdparty/snort3.git/log
Pranav Bhalerao (prbhaler) [Wed, 14 Oct 2020 03:28:37 +0000 (03:28 +0000)]
Merge pull request #2505 in SNORT/snort3 from ~PRBHALER/snort3:CSCvv22127 to master
Squashed commit of the following:
commit
af592ee2c72291609f0d8cb27589fd8c9b438d20
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Mon Sep 28 12:47:38 2020 -0400
ssh: ssh splitter implementation
Ron Dempster (rdempste) [Tue, 13 Oct 2020 17:25:10 +0000 (17:25 +0000)]
Merge pull request #2537 in SNORT/snort3 from ~SMINUT/snort3:get_tcp_fp_fix to master
Squashed commit of the following:
commit
b8177da6c546efe84744390069c38246f2b9cdb2
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Oct 13 08:28:00 2020 -0400
rna: condition reload tuner registration on get_inspector()
commit
392001e0d190628e0af4eda1eaa6c1c3cb857208
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 9 22:53:25 2020 -0400
rna: move registration of reload tuner to configure()
Naveen Gujje (ngujje) [Tue, 13 Oct 2020 06:43:03 +0000 (06:43 +0000)]
Merge pull request #2492 in SNORT/snort3 from ~KBHANDAN/snort3:whd to master
Squashed commit of the following:
commit
7cebab7b8118ab1539a7b1845f2d4b53ad2b74e8
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Sun Sep 20 18:36:46 2020 -0400
flow: stale and deleted flows due to EOF should generate would have dropped event
Davis McPherson (davmcphe) [Mon, 12 Oct 2020 15:51:50 +0000 (15:51 +0000)]
Merge pull request #2532 in SNORT/snort3 from ~ARMANDAV/snort3:rna_user to master
Squashed commit of the following:
commit
bd6b9da8be8e3f6de3fd612b60a0c3b72ad517bb
Author: Arun Mandava <armandav@cisco.com>
Date: Wed Oct 7 11:53:46 2020 -0400
rna: Change ip to client instead of server for login events
Michael Altizer (mialtize) [Sat, 10 Oct 2020 04:02:57 +0000 (04:02 +0000)]
Merge pull request #2281 in SNORT/snort3 from ~SUNIMUKH/snort3:vrf to master
Squashed commit of the following:
commit
63ed78206af167a874dbfd549c438758a7745e33
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Sep 15 08:22:50 2020 -0400
packet_tracer: Added groups in logging based on inter_group_flow flag
commit
3efd70273253ac1321493bdce224093ddcd46f8c
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Mon Sep 7 16:29:56 2020 -0400
build: Updates for libdaq changes introduced inter_group_flow in flow stats
commit
43d306ac769ff4f5eb798e70f7afc4f754a3c16d
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Mon May 4 13:56:38 2020 -0400
flow: Added source/dest group id in flow key to identify a session uniquely
Bhagya Tholpady (bbantwal) [Fri, 9 Oct 2020 16:36:58 +0000 (16:36 +0000)]
Merge pull request #2406 in SNORT/snort3 from ~BBANTWAL/snort3:lua_snort_version to master
Squashed commit of the following:
commit
84c77e479426a68fc09faf91e43eab75fe5338b5
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Oct 8 15:39:26 2020 -0400
managers: Delete obsolete variable parsing code
commit
d914f1df3c109b3c6de79be2f7ad30a3f8c7a15c
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Oct 8 15:38:56 2020 -0400
managers: Skip snort_set lua function for non-table top level keys in finalize.lua
commit
5ae145f0d4dedd3bf129de4fdc42404a50734105
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Oct 8 15:38:16 2020 -0400
main: Add lua variables for snort version and build
Bhagya Tholpady (bbantwal) [Fri, 9 Oct 2020 14:22:46 +0000 (14:22 +0000)]
Merge pull request #2533 in SNORT/snort3 from ~OSHUMEIK/snort3:n_fix to master
Squashed commit of the following:
commit
e08dc554e97ea7f23ac08df37ebb4515c89e47ae
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Oct 8 14:22:20 2020 +0300
trace: refactor the test code
Removing the warning of kind '-Wextra-semi-stmt'.
Fixing the trace pointers type.
Bhagya Tholpady (bbantwal) [Thu, 8 Oct 2020 18:54:13 +0000 (18:54 +0000)]
Merge pull request #2503 in SNORT/snort3 from ~OKHOMIAK/snort3:ipv4_codec_seed_fix to master
Squashed commit of the following:
commit
e78a4bc6b5663229ec919a626ad8c942c0d3734e
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Mon Sep 28 11:54:51 2020 +0300
utils: add a generic function to get random seeds
If std::random_device fails with an exception,
the system clock is used as an alternative source.
Michael Altizer (mialtize) [Wed, 7 Oct 2020 19:00:02 +0000 (19:00 +0000)]
Merge pull request #2531 in SNORT/snort3 from ~MIALTIZE/snort3:3_0_3_build_2 to master
Squashed commit of the following:
commit
930eedee00095c97b70df46b59eebe48d9360fa9
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 7 13:03:59 2020 -0400
build: Generate and tag 3.0.3 build 2
Ron Dempster (rdempste) [Tue, 6 Oct 2020 22:00:14 +0000 (22:00 +0000)]
Merge pull request #2530 in SNORT/snort3 from ~RDEMPSTE/snort3:rrt to master
Squashed commit of the following:
commit
9b53cbafd6645a86e1665d53f58cd614e0773d74
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 19:06:46 2020 -0400
rna: Update rna to use instance based reload tuner
commit
c217dfd4694b63b5e2ff5967afc6d817b720c964
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 18:57:22 2020 -0400
stream: Update stream to use instance based reload tuner
commit
bb8a5b14ba4c136adfbe629a8a877c7c4260f6b5
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 18:39:37 2020 -0400
port_scan: Update port scan to use instance based reload tuner
commit
23d389d7f2b10e63d1107672e49ec2ce569055f4
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 18:39:14 2020 -0400
perf_monitor: Update perf monitor to use instance based reload tuner
commit
32e23d8e8731580f396924a000e0ccdcccbcdea9
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 18:38:50 2020 -0400
appid: Update appid to use instance based reload tuner
commit
395f4974a4f0613546dc03002e7b270add17b48b
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Oct 6 12:54:04 2020 -0400
host_tracker: Update host tracker to use instance based reload tuner
commit
a5d808b82e0e68d8b2979fa765e608ded4e397c5
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 18:37:44 2020 -0400
main: Update host attribute class to use instance based reload tuner
commit
2746eb3fdf7e2e0125770237bb53af94f5ec3324
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 5 18:36:26 2020 -0400
main: Change reload memcap framework to use object instances
Michael Altizer (mialtize) [Tue, 6 Oct 2020 20:54:26 +0000 (20:54 +0000)]
Merge pull request #2494 in SNORT/snort3 from ~MIALTIZE/snort3:binder_rework to master
Squashed commit of the following:
commit
c7420f49c5918ac276b666c5740997b3cefe85fe
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 18 15:40:17 2020 -0400
binder: Allow binding based on address spaces
commit
37dc13fc0a0d9ebc1653daab256218dfa1690203
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 18 15:40:17 2020 -0400
binder: Allow directional binding based on interfaces
commit
9fdb963c5382952289f45a5c84a3f12389ecd988
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 18 15:40:17 2020 -0400
binder: Enforce directionality, add intfs, rename groups, cleanup
- The src parameters now strictly apply to the client, while the dst
parameters apply to the server. Previously, it would match in either
direction as long as all directional fields matched in a given direction.
- The zones, src_zone, and dst_zone parameters have been renamed to
groups, src_groups, and dst_groups.
- The ifaces parameter has been renamed to intfs.
- Intfs and groups can now handle the full range of legal values (int32
and int16, respectively).
- When role is used in a session binding, it will now only apply the
session inspector binding to the side of the conversation associated
with the role. (Previously, it would apply the session inspector to
both sides.)
- Binder configuration validation has gotten a bit stricter and more
informative in the case of violations.
commit
f6cc5b21bfbc4a0cbbedb2f57ce09f5c0623df87
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 18 15:40:17 2020 -0400
normalizer: Move TTL configuration toggle to inspector configure()
This prevents non-deterministic behavior influenced by the order of the
network and normalizer module configurations being parsed from Lua.
Bhagya Tholpady (bbantwal) [Tue, 6 Oct 2020 18:09:20 +0000 (18:09 +0000)]
Merge pull request #2520 in SNORT/snort3 from ~OSHUMEIK/snort3:trace_ut to master
Squashed commit of the following:
commit
9cdf32b0307311ce02f67caf0524b047f2a96db2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Sep 29 11:32:03 2020 +0300
trace: update parser unit tests
commit
6de816f12b0e1ca6ad1b511b3c02de0039f22fe1
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed Sep 30 11:40:18 2020 +0300
framework: update packet constraints comparison to check only set fields
Steve Chew (stechew) [Tue, 6 Oct 2020 15:54:05 +0000 (15:54 +0000)]
Merge pull request #2528 in SNORT/snort3 from ~DERAMADA/snort3:fix_inspection_clone to master
Squashed commit of the following:
commit
8c1be3ae06b4c6e3e60e738433aebb36edfec81c
Author: deramada <deramada@cisco.com>
Date: Fri Oct 2 12:52:51 2020 -0400
policy: copy uuid, user_policy_id, and policy_mode when an inspection policy is cloned
Masud Hasan (mashasan) [Tue, 6 Oct 2020 14:38:46 +0000 (14:38 +0000)]
Merge pull request #2529 in SNORT/snort3 from ~MASHASAN/snort3:ua_improvement to master
Squashed commit of the following:
commit
f47078b773d829aadba1199d139fb48801eafa04
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Oct 5 13:32:22 2020 -0400
rna: Checking user-agent processor early to skip some works
Masud Hasan (mashasan) [Mon, 5 Oct 2020 23:30:21 +0000 (23:30 +0000)]
Merge pull request #2517 in SNORT/snort3 from ~MMATIRKO/snort3:payload_disco to master
Squashed commit of the following:
commit
e7492a2d30552ee06fd9739e04c3411dbb58fe6f
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Sep 24 15:15:57 2020 -0400
rna: add payload discovery logic
Masud Hasan (mashasan) [Mon, 5 Oct 2020 21:15:01 +0000 (21:15 +0000)]
Merge pull request #2524 in SNORT/snort3 from ~SMINUT/snort3:fp_proc to master
Squashed commit of the following:
commit
dd6cf66f0414833b39cf2691b8c11c71f9b4bc8d
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Oct 1 17:03:09 2020 -0400
rna: set the thread local fingerprint processors during reload_config
Masud Hasan (mashasan) [Mon, 5 Oct 2020 21:03:19 +0000 (21:03 +0000)]
Merge pull request #2525 in SNORT/snort3 from ~ARMANDAV/snort3:rna_client_username to master
Squashed commit of the following:
commit
96f5c71451caa4bed79b5d6a2d8410ea11ae9a32
Author: Arun Mandava <armandav@cisco.com>
Date: Thu Oct 1 16:54:40 2020 -0400
rna: User discovery for successful login
commit
31414872a2d2354ef17ac4c1a371c704eea40a3b
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Sep 3 18:07:49 2020 -0400
appid: Create events for client user name, id and login success
Mike Stepanek (mstepane) [Mon, 5 Oct 2020 20:30:20 +0000 (20:30 +0000)]
Merge pull request #2514 in SNORT/snort3 from ~KATHARVE/snort3:fix_padding to master
Squashed commit of the following:
commit
e6e7fc65e4a104851bf523a427a3186b71d26197
Author: Katura Harvey <katharve@cisco.com>
Date: Sun Sep 27 15:36:22 2020 -0400
http2_inspect: fix frame padding handling
Shravan Rangarajuvenkata (shrarang) [Mon, 5 Oct 2020 19:00:08 +0000 (19:00 +0000)]
Merge pull request #2502 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_port_CSCvd99154 to master
Squashed commit of the following:
commit
0b172b4fe1149658914d104eecb084a6601de14c
Author: cljudge <cljudge@cisco.com>
Date: Thu Sep 24 05:38:41 2020 -0400
pop: Generate alert for unknown command if file policy is attached.
Shravan Rangarajuvenkata (shrarang) [Mon, 5 Oct 2020 17:15:58 +0000 (17:15 +0000)]
Merge pull request #2523 in SNORT/snort3 from ~SHRARANG/snort3:appid_hyperscan2 to master
Squashed commit of the following:
commit
10daec6eded4cc3b3543835d618b1cf5c5c4e05d
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Sep 28 16:05:54 2020 -0400
appid: reload detector patterns on reload_config for the sake of hyperscan
Bhagya Tholpady (bbantwal) [Mon, 5 Oct 2020 15:13:35 +0000 (15:13 +0000)]
Merge pull request #2504 in SNORT/snort3 from ~SVLASIUK/snort3:rule_state_cleanup to master
Squashed commit of the following:
commit
1d46cc8fea3a37a18dc4c6dc1dbd882796131760
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Thu Oct 1 18:42:11 2020 +0300
snort2lua: convert rule_state into ips.states
commit
2c87618a426b72b58f52300b3928014e166832e3
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Thu Oct 1 18:39:22 2020 +0300
main: remove deprecated rule_state module
Shravan Rangarajuvenkata (shrarang) [Fri, 2 Oct 2020 20:57:36 +0000 (20:57 +0000)]
Merge pull request #2526 in SNORT/snort3 from ~SATHIRKA/snort3:tp_reload_idle_prune to master
Squashed commit of the following:
commit
ade3c12d86fec754e94b5651710d4bebbe696561
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Sep 28 15:05:59 2020 -0400
appid: inform third-party about snort's idle state during reload
Masud Hasan (mashasan) [Fri, 2 Oct 2020 20:06:31 +0000 (20:06 +0000)]
Merge pull request #2515 in SNORT/snort3 from ~SMINUT/snort3:df to master
Squashed commit of the following:
commit
670911caddab0665fc9148a1e58897b12fd7d538
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Sep 29 16:49:22 2020 -0400
framework: remove unused dont_fragment() from DecodeData
Michael Altizer (mialtize) [Fri, 2 Oct 2020 19:53:21 +0000 (19:53 +0000)]
Merge pull request #2509 in SNORT/snort3 from ~MIALTIZE/snort3:wiz_parsing to master
Squashed commit of the following:
commit
b7580013b4c9669bc53ca4ab702750844a3716d3
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Oct 1 13:59:10 2020 -0400
wizard: Clean up parameter parsing and make it a bit stricter
- Fixes Lua implementation-specific ordering dependency of parameter
parsing for spells and hexes.
- Adds parse errors for spells and hexes that are missing services or
patterns.
Masud Hasan (mashasan) [Fri, 2 Oct 2020 17:18:59 +0000 (17:18 +0000)]
Merge pull request #2513 in SNORT/snort3 from ~DAVMCPHE/snort3:rna_host_type_discovery to master
Squashed commit of the following:
commit
52c06b3d7bc98f14eddab2d70efa5fe8df3a486a
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Sep 16 15:50:43 2020 -0400
rna: port host type discovery logic
Masud Hasan (mashasan) [Thu, 1 Oct 2020 21:55:32 +0000 (21:55 +0000)]
Merge pull request #2506 in SNORT/snort3 from ~MASHASAN/snort3:ua_decode to master
Squashed commit of the following:
commit
0343181337ee84cbbd963a4f7e64165b8a743083
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Sep 25 15:15:29 2020 -0400
rna: Updating methods for user-agent processor
Masud Hasan (mashasan) [Thu, 1 Oct 2020 14:40:55 +0000 (14:40 +0000)]
Merge pull request #2519 in SNORT/snort3 from ~MMATIRKO/snort3:os_fix to master
Squashed commit of the following:
commit
c15937d1dc3c00f172cde8f1f91110477488bd1d
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Sep 30 14:56:04 2020 -0400
rna: add event_time to rna logger events
Mike Stepanek (mstepane) [Tue, 29 Sep 2020 18:39:38 +0000 (18:39 +0000)]
Merge pull request #2512 in SNORT/snort3 from ~THOPETER/snort3:h2i7 to master
Squashed commit of the following:
commit
20251de1765966cdef9a47dc8ee04787024e0578
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Sep 25 16:07:34 2020 -0400
http2_inspect: free up HI flow data when we are finished with it
Masud Hasan (mashasan) [Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)]
Merge pull request #2501 in SNORT/snort3 from ~SMINUT/snort3:decode_flags to master
Squashed commit of the following:
commit
b8abccac60ea75793729bb63472adad9c932773f
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Sep 25 10:31:14 2020 -0400
framework: fix dont_fragment() function
Pranav Bhalerao (prbhaler) [Tue, 29 Sep 2020 05:51:40 +0000 (05:51 +0000)]
Merge pull request #2463 in SNORT/snort3 from ~ABHPAL/snort3:feature/custom_xff_header_support to master
Squashed commit of the following:
commit
7aec7eef7656af547f44efe8fcd9ab1dcb31a948
Author: Abhijit Pal <abhpal@cisco.com>
Date: Mon Sep 7 08:01:04 2020 -0400
http_inspect: support for custom xff type headers
Steve Chew (stechew) [Mon, 28 Sep 2020 20:48:32 +0000 (20:48 +0000)]
Merge pull request #2398 in SNORT/snort3 from ~SBAIGAL/snort3:http_connect to master
Squashed commit of the following:
commit
350263720dd444e39a318419804cfc4b90d31911
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Aug 12 13:56:06 2020 -0400
http_inspect: implement can_start_tls(), add support of ssl search abandoned event
Mike Stepanek (mstepane) [Mon, 28 Sep 2020 19:58:16 +0000 (19:58 +0000)]
Merge pull request #2500 in SNORT/snort3 from ~THOPETER/snort3:h2i6 to master
Squashed commit of the following:
commit
e7e8f2c22e796db2fe55cc202f02a55f2c76bf80
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Sep 15 19:49:55 2020 -0400
http2_inspect: stream state tracking
Bhagya Tholpady (bbantwal) [Fri, 25 Sep 2020 17:37:39 +0000 (17:37 +0000)]
Merge pull request #2477 in SNORT/snort3 from ~OKHOMIAK/snort3:update_s5_trace to master
Squashed commit of the following:
commit
ec9f6a8e1b7deb16e663fac1c5f38c085f06136d
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Tue Sep 8 12:34:45 2020 +0300
stream_tcp: update trace messages to use trace framework
Michael Altizer (mialtize) [Wed, 23 Sep 2020 17:03:40 +0000 (17:03 +0000)]
Merge pull request #2499 in SNORT/snort3 from ~MIALTIZE/snort3:3_0_3_build_1 to master
Squashed commit of the following:
commit
f1a6b94c2cb4e71fd6448b38bb17038c4f8d7392
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Sep 23 11:44:08 2020 -0400
build: Generate and tag 3.0.3 build 1
Michael Altizer (mialtize) [Tue, 22 Sep 2020 21:13:50 +0000 (21:13 +0000)]
Merge pull request #2475 in SNORT/snort3 from ~SVLASIUK/snort3:cmake_build_type to master
Squashed commit of the following:
commit
14d2ee0a319e3daa93d256ef5067a94ddf583378
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Fri Sep 11 23:27:18 2020 +0300
cmake: support cmake build type configuration
Mike Stepanek (mstepane) [Tue, 22 Sep 2020 19:38:56 +0000 (19:38 +0000)]
Merge pull request #2489 in SNORT/snort3 from ~MDAGON/snort3:push_promise to master
Squashed commit of the following:
commit
6d0b51f16b635cae70a2a143e07bacd8b672e909
Author: mdagon <mdagon@cisco.com>
Date: Fri Sep 18 13:35:20 2020 -0400
payload_injector: don't inject if stream id is even
Bhargava Jandhyala (bjandhya) [Tue, 22 Sep 2020 17:09:39 +0000 (17:09 +0000)]
Merge pull request #2486 in SNORT/snort3 from ~VKAMBALA/snort3:vkambala to master
Squashed commit of the following:
commit
965d734d3a7b16cfa0bffd96e37f02a103942270
Author: krishnakanth <vkambala@cisco.com>
Date: Thu Sep 17 05:50:32 2020 -0400
dce_rpc: Handling Compound requests for upload
Steve Chew (stechew) [Tue, 22 Sep 2020 03:47:14 +0000 (03:47 +0000)]
Merge pull request #2484 in SNORT/snort3 from ~SHASLAD/snort3:netflow_cache to master
Squashed commit of the following:
commit
405d47d61009943346d438ba86788ba44ebded7b
Author: Shashi Lad <shaslad@cisco.com>
Date: Tue Sep 15 00:21:35 2020 -0400
netflow: cache support and more v5 decoding
Masud Hasan (mashasan) [Tue, 22 Sep 2020 01:00:39 +0000 (01:00 +0000)]
Merge pull request #2474 in SNORT/snort3 from ~ARMANDAV/snort3:rna_service to master
Squashed commit of the following:
commit
45fe15c3bfa63927ccb6d9cedb486ebae9f5b739
Author: Arun Mandava <armandav@cisco.com>
Date: Mon Sep 21 15:10:43 2020 -0400
rna: Service discovery with multiple vendor and version support
Shravan Rangarajuvenkata (shrarang) [Mon, 21 Sep 2020 23:50:36 +0000 (23:50 +0000)]
Merge pull request #2490 in SNORT/snort3 from ~SATHIRKA/snort3:tp_reload_prune to master
Squashed commit of the following:
commit
b0b8a306141597733b5361c88650c1f6bdb4fde9
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Sep 14 09:35:36 2020 -0400
appid: Check third party context version while deleting connections
Russ Combs (rucombs) [Mon, 21 Sep 2020 22:58:00 +0000 (22:58 +0000)]
Merge pull request #2461 in SNORT/snort3 from ~RUCOMBS/snort3:fb1 to master
Squashed commit of the following:
commit
74da689cbda24e7aeb634f85c6bcdc8b08166ec3
Author: russ <rucombs@cisco.com>
Date: Sun Sep 13 18:44:03 2020 -0400
ac_bnfa: disable broken fail state reduction
Given sids 1 and 2 with contents |BB CC DD| and |AA BB| respectively,
only sid 2 would fire for buffer |AA BB CC DD|. This change increases
chasing your fail states for the sake of correctness. For best
performance, prefer hyperscan or, failing that, ac_full.
commit
46ef119fb723a68b016e12593a940b253bdbd404
Author: russ <rucombs@cisco.com>
Date: Mon Sep 14 17:56:19 2020 -0400
search_engine: fix peg type for max_queued
commit
f424d598d7d3a02e3333a79718768391ffe1fe71
Author: russ <rucombs@cisco.com>
Date: Tue Sep 15 11:28:20 2020 -0400
profiler: fix issue where flushed pattern matches caused rule_eval to be profiled under mpse
commit
227d230faf4c4b3fa0d4ead38ccc1873e09f2067
Author: russ <rucombs@cisco.com>
Date: Sun Sep 6 14:24:03 2020 -0400
flowbits: evaluate checkers after setters for fast pattern matches
Simplified flowbits sequencing that ensures that checkers (isset,
isnotset) are evaluated after changers (set, unset). This solves a
common problem for Talos rules, particularly with file identity flow
bits.
* Any fast-pattern rule with a check is guaranteed to be evaluated after
any rule that does not have a check.
* Flowbits sequencing for rules that both change and check is undefined.
* No change for non-fast-pattern rules. Non-fast-pattern rules are
always evaluated after fast pattern rules, but flowbits sequencing among
non-fast-pattern rules is still undefined.
* Sequencing applies for any given call to detect, which notably means
PDUs and raw packets are processed separately.
* Only the first rule in a tree is used to categorize the tree as a
checker or non-checker. Hyperscan results in exactly one rule per tree
so only the builtin MPSE have the first rule limitation.
Shravan Rangarajuvenkata (shrarang) [Mon, 21 Sep 2020 19:49:28 +0000 (19:49 +0000)]
Merge pull request #2470 in SNORT/snort3 from ~PRDAMODH/snort3:S7COMMPLUS-V3HEADER to master
Squashed commit of the following:
commit
3c718aa3078496b0bf0ff1fd7a8cce723ca24a8a
Author: Pradeep Damodharan <prdamodh@cisco.com>
Date: Thu Sep 10 09:01:40 2020 -0400
S7commplus : V3 header support
Masud Hasan (mashasan) [Mon, 21 Sep 2020 19:02:28 +0000 (19:02 +0000)]
Merge pull request #2485 in SNORT/snort3 from ~MASHASAN/snort3:ua_fp to master
Squashed commit of the following:
commit
b363e332c5bca6a23f0d434171c2ebeb8f1bd79a
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 15 13:09:27 2020 -0400
rna: Supporting user agent fingerprints
Masud Hasan (mashasan) [Mon, 21 Sep 2020 13:46:44 +0000 (13:46 +0000)]
Merge pull request #2404 in SNORT/snort3 from ~MMATIRKO/snort3:rna_cov to master
Squashed commit of the following:
commit
f777a2f58edf5204ea4fa470d1220e80095fcdb9
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Aug 17 12:11:33 2020 -0400
rna: add unit test to validate VLAN handling
Mike Stepanek (mstepane) [Mon, 21 Sep 2020 12:53:54 +0000 (12:53 +0000)]
Merge pull request #2480 in SNORT/snort3 from ~KATHARVE/snort3:h2i_bug to master
Squashed commit of the following:
commit
84f09f6257a9f9af151b8526c94166c713fbb134
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Sep 8 12:03:09 2020 -0400
http2_inspect: fix how implement_reassemble uses frame_type
Mike Stepanek (mstepane) [Mon, 21 Sep 2020 12:47:52 +0000 (12:47 +0000)]
Merge pull request #2488 in SNORT/snort3 from ~MDAGON/snort3:reload_module to master
Squashed commit of the following:
commit
8b5419bb4e2d4a351616d8b8ddeeb830a685c763
Author: mdagon <mdagon@cisco.com>
Date: Thu Sep 17 14:27:46 2020 -0400
module_manager: keep a list of modules supporting reload_module.
Return error for attempts to reload a module that isn't in the list.
Shanmugam S (shanms) [Mon, 21 Sep 2020 11:41:05 +0000 (11:41 +0000)]
Merge pull request #2476 in SNORT/snort3 from ~CYLEONAR/snort3:ftpupload to master
Squashed commit of the following:
commit
f40c6cffa3e25a67dddcb67fa574e352a450f005
Author: Cynthia Leonard <cyleonar@cisco.com>
Date: Tue Sep 15 14:36:05 2020 -0400
ftp: Add APPE to upload commands
Michael Altizer (mialtize) [Sat, 19 Sep 2020 22:20:30 +0000 (22:20 +0000)]
Merge pull request #2487 in SNORT/snort3 from ~SVLASIUK/snort3:dump_sorted_config_options to master
Squashed commit of the following:
commit
c11944eba35d03642f82b0f50d4bdab2c65717ab
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Fri Sep 18 11:36:01 2020 +0300
dump_config: sort config options before printing
Steve Chew (stechew) [Fri, 18 Sep 2020 19:48:29 +0000 (19:48 +0000)]
Merge pull request #2457 in SNORT/snort3 from ~DERAMADA/snort3:term_changes to master
Squashed commit of the following:
commit
d0d90374fef89082cede713f0168f68322643ad6
Author: deramada <deramada@cisco.com>
Date: Tue Sep 1 22:16:51 2020 -0400
reputation: change terms used in code, logs and peg counts
Mike Stepanek (mstepane) [Fri, 18 Sep 2020 18:47:34 +0000 (18:47 +0000)]
Merge pull request #2478 in SNORT/snort3 from ~THOPETER/snort3:h2i4 to master
Squashed commit of the following:
commit
5fb3446f7c55d1061ccda7b7566a437a08d702b7
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Sep 15 19:49:55 2020 -0400
http2_inspect: refactor HI interactions out of frame constructors
Masud Hasan (mashasan) [Thu, 17 Sep 2020 19:45:30 +0000 (19:45 +0000)]
Merge pull request #2434 in SNORT/snort3 from ~MMATIRKO/snort3:new_os_event to master
Squashed commit of the following:
commit
d87e89abad84703102a8c034bf2cac25ddadebb8
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Aug 26 14:10:14 2020 -0400
rna: avoid conflicts with other fingerprint definitions
Russ Combs (rucombs) [Thu, 17 Sep 2020 17:50:55 +0000 (17:50 +0000)]
Merge pull request #2426 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_fixits to master
Squashed commit of the following:
commit
13038c9f32725d9286103fca639511b3d236378d
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Sep 16 16:55:38 2020 -0400
stream_tcp: refactor tcp handling of no flags to drop packet before any processing, don't generate event
commit
3e19864b0c21b1a08295e8d0c935cfb29d216d91
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Sep 14 09:22:40 2020 -0400
stream_tcp: updates to resolve PR review comments
commit
0d05172e8d97fc8c98105ec7636a258e9a1d7f8a
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Sep 9 10:05:01 2020 -0400
stream_tcp: merge the setup methods of the TcpStreamSession and TcpSession classes into a single method in TcpSession
commit
df18ba9cdd09abe0400ae41820d2f1d4ca688068
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Aug 26 09:33:15 2020 -0400
stream_tcp: add PegCount for tcp packets received with an invalid ack
commit
ac9f49387302084104403c3c0a490741bd00fe92
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Aug 26 09:14:27 2020 -0400
stream_tcp: delete unused packet action flags, set action flags via its setter
commit
bd0cf57e31549ec2fc9eb82cf4f3d276e0bd8db9
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Aug 26 08:09:31 2020 -0400
stream_tcp: delete redundant calls to flush data when FIN is received
commit
3280c0ba1d11d045459483d741ab8b81031ca070
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Aug 13 10:34:15 2020 -0400
stream_tcp: handle bad tcp packets consistently when normalizing in ips mode
commit
3058628b9d04b8e513c92e63ee20265fb76f3f97
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Aug 11 16:04:18 2020 -0400
stream_tcp: add an assert to catch tcp state/event combination that should not occur
commit
0f383f759e850602e17e12ea6fd78f35b31a81c0
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Aug 11 15:55:40 2020 -0400
stream_tcp: remove FIXIT-H to add ack validation, the ack is already validated when processed on the listener side
commit
7570270137e4ee288ab892a81305dc2cc4671849
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Aug 11 15:43:52 2020 -0400
stream_tcp: implement helper function to return true if the TCP packet is a data segment, false otherwise
commit
acd13bf5378f9f80c4d757ef710c4d104d77d714
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Aug 11 15:21:46 2020 -0400
stream_tcp: this FIXIT-H has been removed because by definition an Ack Sent event in TcpStateNone means the SYN-ACK was not seen, so no way to do the check suggested
commit
b4ebcb37e6c2045b0f78bd4e12f1d2b3eb337353
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Aug 10 10:02:02 2020 -0400
stream_tcp: arrange TCP tracker member vars to optimize storage requirements, add helper functions to access private splitter functions
stream_tcp: refactor tracker and reassembler classes to improve encapsulation and move member variables to appropriate class
commit
ce9d8536c14011dc4dc33f43d33259a76c0f6e9d
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Jul 21 13:31:28 2020 -0400
stream_tcp: fix issues with stream_tcp handling of the TCP MSS option
Bhargava Jandhyala (bjandhya) [Thu, 17 Sep 2020 08:35:25 +0000 (08:35 +0000)]
Merge pull request #2481 in SNORT/snort3 from ~NEHASH4/snort3:smb_ut_failure to master
Squashed commit of the following:
commit
18c263d3f2978092d2d3630f35638c18baafcfd2
Author: Neha Sharma <nehash4@cisco.com>
Date: Thu Sep 17 02:22:48 2020 -0400
dec_rpc: modifying logs to show if file context is found or not found
Mike Stepanek (mstepane) [Wed, 16 Sep 2020 13:16:44 +0000 (13:16 +0000)]
Merge pull request #2468 in SNORT/snort3 from ~KATHARVE/snort3:http_cont_disp to master
Squashed commit of the following:
commit
0000fe4885165c1f1c1461635a78257bd9ee7046
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Sep 9 16:55:08 2020 -0400
http_inspect: extract filename from content-disposition header for HTTP uploads
Michael Altizer (mialtize) [Tue, 15 Sep 2020 21:25:25 +0000 (21:25 +0000)]
Merge pull request #2459 in SNORT/snort3 from ~DAVMCPHE/snort3:reload_hosts_sigurg to master
Squashed commit of the following:
commit
e28bb7d47acd917c99232cf5dbcf304c6e41a1dc
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Sep 3 09:00:04 2020 -0400
target_based: support reload of host attribute table via signal as well as control channel command
Lokesh Bevinamarad (lbevinam) [Tue, 15 Sep 2020 16:04:05 +0000 (16:04 +0000)]
Merge pull request #2441 in SNORT/snort3 from ~BSACHDEV/snort3:timeout_bug to master
Squashed commit of the following:
commit
a98f92fcb5f3806a5c34b96b760b33ebfc9a94cb
Author: bsachdev <bsachdev@cisco.com>
Date: Mon Aug 31 01:28:06 2020 -0400
file_api: updating lookup and block timeout from config at file cache creation
Signed-off-by: bsachdev <bsachdev@cisco.com>
Mike Stepanek (mstepane) [Tue, 15 Sep 2020 13:50:37 +0000 (13:50 +0000)]
Merge pull request #2473 in SNORT/snort3 from ~THOPETER/snort3:h2i3 to master
Squashed commit of the following:
commit
4915334804e793384139ea575b935a12988ac21c
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Sep 14 14:20:09 2020 -0400
http2_inspect: convert to new stream states
Shravan Rangarajuvenkata (shrarang) [Mon, 14 Sep 2020 22:43:35 +0000 (22:43 +0000)]
Merge pull request #2466 in SNORT/snort3 from ~KAMURTHI/snort3:ultrasurf_thirdparty to master
Squashed commit of the following:
commit
7bf244eaf487f78289c03b8fbfe16772cd872249
Author: kamurthi <kamurthi@cisco.com>
Date: Tue Sep 8 09:24:44 2020 -0400
appid: Use third party payload if available for HTTP tunneled.
Michael Altizer (mialtize) [Sun, 13 Sep 2020 19:40:51 +0000 (19:40 +0000)]
Merge pull request #2472 in SNORT/snort3 from ~MIALTIZE/snort3:3_0_2_build_6 to master
Squashed commit of the following:
commit
fc525e0d3bcaf819080ecc9959fc0f4698052135
Author: Michael Altizer <mialtize@cisco.com>
Date: Sun Sep 13 14:44:11 2020 -0400
build: Generate and tag 3.0.2 build 6
Lokesh Bevinamarad (lbevinam) [Sun, 13 Sep 2020 07:29:56 +0000 (07:29 +0000)]
Merge pull request #2399 in SNORT/snort3 from ~NEHASH4/snort3:dce_smb_logs to master
Squashed commit of the following:
commit
37b3a79e4b2c464593dd93399bfa2e1e11e6bed2
Author: Neha Sharma <nehash4@cisco.com>
Date: Thu Aug 13 02:12:58 2020 -0400
dec_rpc: introducing smb2 logs
Michael Altizer (mialtize) [Sun, 13 Sep 2020 04:14:10 +0000 (04:14 +0000)]
Merge pull request #2469 in SNORT/snort3 from ~OSHUMEIK/snort3:wand to master
Squashed commit of the following:
commit
1c363abe0803a853ce6945c35fc58ed1b091265b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Sep 11 11:50:10 2020 +0300
wizard: fix the error message about invalid pattern
Shravan Rangarajuvenkata (shrarang) [Fri, 11 Sep 2020 20:52:09 +0000 (20:52 +0000)]
Merge pull request #2467 in SNORT/snort3 from ~SATHIRKA/snort3:appid_warnings to master
Squashed commit of the following:
commit
bce8003b48e40345380baa2ae8e32a046bfc7555
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Sep 9 16:41:01 2020 -0400
appid: Update appid warning messages to print module name in lowercase
Shravan Rangarajuvenkata (shrarang) [Fri, 11 Sep 2020 19:09:21 +0000 (19:09 +0000)]
Merge pull request #2458 in SNORT/snort3 from ~EBURMAI/snort3:decrypted_smtp to master
Squashed commit of the following:
commit
7a870446615e9ebd29ef3358104e60e79fa62621
Author: Eduard Burmai <eburmai@cisco.com>
Date: Fri Sep 11 05:44:02 2020 -0400
appid: detect SMTP after decryption
commit
09baaf304cc69cdbc4484ad763bdb8991709fe6b
Author: Eduard Burmai <eburmai@cisco.com>
Date: Tue Sep 1 08:49:55 2020 -0400
appid: update appid stats for decrypted flows
Russ Combs (rucombs) [Fri, 11 Sep 2020 11:34:30 +0000 (11:34 +0000)]
Merge pull request #2460 in SNORT/snort3 from ~RUCOMBS/snort3:b4rc to master
Squashed commit of the following:
commit
178c3e27da00bd22f43c0b8938a66e87420accca
Author: russ <rucombs@cisco.com>
Date: Sat Sep 5 10:20:03 2020 -0400
build: fix minor cppcheck warnings
commit
6fb3475f2cba53e0bb7c5da61f1116f0e2f58be9
Author: russ <rucombs@cisco.com>
Date: Fri Sep 4 19:48:09 2020 -0400
byte_jump: fix jump relative to extracted length w/o relative offset
Thanks to James Manger for reporting the problem.
commit
f201d1535a7cd71a574db9674bf8557a6cbeaacd
Author: russ <rucombs@cisco.com>
Date: Fri Sep 4 19:21:03 2020 -0400
IPS options: ensure all options use base class hash and compare methods
commit
fe5c4284fd53c4d257e0f19631cb3bbddd44ed89
Author: russ <rucombs@cisco.com>
Date: Fri Sep 4 16:15:21 2020 -0400
snort: address fatal shutdown stability issues
First: upon a fatal error, don't attempt to exit from other than the
main thread to avoid hanging waiting on other threads.
Second: don't attempt general clean up except for REG_TEST builds. This
is attempted only to avoid voluminous leak sanitizer dumps. Clean exit
if fraught with peril upon fatal and should not crash production builds.
Third: explicilty stop file service in case the capture thread is
running to avoid hanging on shutdown.
TBD: eliminate unnecessary fatal conditions which should only exist from
the main thread and only at startup. Runtime fatals must all be
converted to graceful shutdowns to avoid leaking external resources.
Also need a more general scheme for managing aux threads.
commit
476a0e5d9b3b201de309a305855525b530137f36
Author: russ <rucombs@cisco.com>
Date: Fri Sep 4 13:43:40 2020 -0400
http_method: make available for fast pattern with first body section
commit
5a3fa3408b764b116839abe93c80ba3420977e9b
Author: russ <rucombs@cisco.com>
Date: Tue Sep 1 15:51:54 2020 -0400
mime: minor code cleanup
commit
1a2cb474d3fedadbe35604f85d24ac890d5bb75a
Author: russ <rucombs@cisco.com>
Date: Tue Sep 1 15:36:25 2020 -0400
mime: fix off-by-1 error with filename and email id capture
Thanks to Y M <snort@outlook.com> for reporting the issue.
Mike Stepanek (mstepane) [Wed, 9 Sep 2020 21:20:07 +0000 (21:20 +0000)]
Merge pull request #2445 in SNORT/snort3 from ~THOPETER/snort3:lit_script to master
Squashed commit of the following:
commit
4f9f4879a38c0b385d012088b0fc05b9b2909fc0
Author: russ <rucombs@cisco.com>
Date: Wed Aug 26 20:31:17 2020 -0400
http_inspect: support hyperscan literal search for accelerated blocking
Masud Hasan (mashasan) [Wed, 9 Sep 2020 20:39:54 +0000 (20:39 +0000)]
Merge pull request #2465 in SNORT/snort3 from ~MMATIRKO/snort3:uuid_fix to master
Squashed commit of the following:
commit
2a15dbe7a45f4180ceb83dbd72abf50827ab35c5
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Aug 31 17:17:23 2020 -0400
rna: remove dependency on uuid library
Naveen Gujje (ngujje) [Wed, 9 Sep 2020 02:33:09 +0000 (02:33 +0000)]
Merge pull request #2306 in SNORT/snort3 from ~SUNIMUKH/snort3:CSCvu79452 to master
Squashed commit of the following:
commit
873b964c11d555ba6dcbb97a30987335caaa090d
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Jun 30 14:08:29 2020 -0400
flow: disabled inspection for FlowState::RESET
Shravan Rangarajuvenkata (shrarang) [Wed, 9 Sep 2020 02:27:31 +0000 (02:27 +0000)]
Merge pull request #2456 in SNORT/snort3 from ~KAMURTHI/snort3:pkt_OOO to master
Squashed commit of the following:
commit
34f8a158f2501809f47d7a5384c2d83740c9402d
Author: kamurthi <kamurthi@cisco.com>
Date: Wed Sep 2 21:07:19 2020 -0400
appid: set payload to unknown for out-of-order flows
Steve Chew (stechew) [Tue, 8 Sep 2020 20:51:37 +0000 (20:51 +0000)]
Merge pull request #2455 in SNORT/snort3 from ~SHASLAD/snort3:netflow_as_inspector to master
Squashed commit of the following:
commit
08bc5e0c873d97912e9986c5f3ee57ab5eeb0831
Author: Shashi Lad <shaslad@cisco.com>
Date: Fri Aug 28 08:18:29 2020 -0400
netflow: introducing netflow as inspector
Shravan Rangarajuvenkata (shrarang) [Tue, 8 Sep 2020 17:11:16 +0000 (17:11 +0000)]
Merge pull request #2452 in SNORT/snort3 from ~SATHIRKA/snort3:dump_user_appid_conf_reload to master
Squashed commit of the following:
commit
53760dc07886359c1b1cb39b583c4a9bc66ddf26
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Sep 2 16:26:58 2020 -0400
appid: Dump user appid configuration on reload detectors
Michael Altizer (mialtize) [Tue, 8 Sep 2020 17:00:31 +0000 (17:00 +0000)]
Merge pull request #2435 in SNORT/snort3 from ~SUNIMUKH/snort3:zone-group to master
Squashed commit of the following:
commit
2dd056ac9f6e65d99293d914ebc505636d8ba03a
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Sep 1 03:10:30 2020 -0400
build: Updates for libdaq changes to interface group field width and naming
commit
ede03a067cf4c5fa98321453d97a1cda544c6b1d
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Sep 1 03:09:18 2020 -0400
helpers: Rework DiscoveryFilter to monitor IP lists based on interface rather than group
commit
dc80cdbeb1b12913b5f3968a49e8cc5db5da6d2e
Author: Sunirmal Mukherjee <sunimukh@cisco.com>
Date: Tue Sep 1 02:56:54 2020 -0400
reputation: Change from group-based to interface-based IP lists
Bhagya Tholpady (bbantwal) [Tue, 8 Sep 2020 16:21:48 +0000 (16:21 +0000)]
Merge pull request #2440 in SNORT/snort3 from ~OSERHIIE/snort3:doc_trace_all_modules_option to master
Squashed commit of the following:
commit
58f14dbd305d6e7b2cc820e5c1bfbc074ae8f5fe
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri Aug 28 13:05:31 2020 +0300
doc: update trace.txt with info about 'trace.modules.all' option
Bhagya Tholpady (bbantwal) [Tue, 8 Sep 2020 16:20:30 +0000 (16:20 +0000)]
Merge pull request #2439 in SNORT/snort3 from ~OSERHIIE/snort3:trace_all_modules_option to master
Squashed commit of the following:
commit
63012926daf4107ca5ae00376d9cdef0fdd39212
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Aug 26 12:27:05 2020 +0300
trace: add support for modules.all option
Masud Hasan (mashasan) [Tue, 8 Sep 2020 14:19:39 +0000 (14:19 +0000)]
Merge pull request #2446 in SNORT/snort3 from ~MASHASAN/snort3:fp_reload to master
Squashed commit of the following:
commit
6971b4c9c09c425532ccf946106d911f16b50d56
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Aug 31 17:01:52 2020 -0400
rna: Removing unused command and exporting swapper
Shravan Rangarajuvenkata (shrarang) [Fri, 4 Sep 2020 23:09:26 +0000 (23:09 +0000)]
Merge pull request #2448 in SNORT/snort3 from ~SATHIRKA/snort3:clear_snort_protoid_reload to master
Squashed commit of the following:
commit
8033a1cefaf99d7c5f8818971de44dc9fcc33f60
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Sep 1 12:37:55 2020 -0400
appid: Clear services set in host attribute table upon detector reload
Shravan Rangarajuvenkata (shrarang) [Fri, 4 Sep 2020 23:07:27 +0000 (23:07 +0000)]
Merge pull request #2447 in SNORT/snort3 from ~SHRARANG/snort3:appid_tp_reload_reorder to master
Squashed commit of the following:
commit
df9e98dfacc0edb9a9f1861357a09e6c73ded252
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Thu Aug 27 17:28:49 2020 -0400
appid: reorder third-party reload to keep only one handle open at a time
Steve Chew (stechew) [Fri, 4 Sep 2020 19:19:07 +0000 (19:19 +0000)]
Merge pull request #2453 in SNORT/snort3 from ~STECHEW/snort3:move_term_signal to master
Squashed commit of the following:
commit
b3e7752fee4aa1b2d81af24ca37b39500f7f899f
Author: Steve Chew <stechew@cisco.com>
Date: Wed Sep 2 14:50:51 2020 -0400
main: Turn off signal handlers later to catch more during snort shutdown.
Mike Stepanek (mstepane) [Fri, 4 Sep 2020 17:03:30 +0000 (17:03 +0000)]
Merge pull request #2449 in SNORT/snort3 from ~KATHARVE/snort3:h2i_trailers_2 to master
Squashed commit of the following:
commit
95037139d8ecd2ec236ecfa747e8411b08f81912
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Sep 1 17:26:13 2020 -0400
http2_inspect: fix hpack dynamic table init
commit
79454c069e4247d33cbb565fa1a9cba643d1360d
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 27 09:18:45 2020 -0400
http2_inspect: refactor hpack decoding and send trailer to http_inspect for processing
Bhagya Tholpady (bbantwal) [Fri, 4 Sep 2020 01:44:30 +0000 (01:44 +0000)]
Merge pull request #2450 in SNORT/snort3 from ~OKHOMIAK/snort3:jolt2_attack to master
Squashed commit of the following:
commit
f57e74ffc9ec150810f7c7bf6c62c1cc5c393a5f
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Wed Sep 2 13:09:53 2020 +0300
frag3: fix zero fragment built-in rule triggering for some reassembly policies
Mike Stepanek (mstepane) [Thu, 3 Sep 2020 16:04:21 +0000 (16:04 +0000)]
Merge pull request #2454 in SNORT/snort3 from ~THOPETER/snort3:nhttp149 to master
Squashed commit of the following:
commit
d0715acf006ad328ec79e7270eb02828d45ed0f6
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Sep 2 19:49:39 2020 -0400
http_inspect: script detection and concurrency fixes
Mike Stepanek (mstepane) [Wed, 2 Sep 2020 20:06:26 +0000 (20:06 +0000)]
Merge pull request #2443 in SNORT/snort3 from ~MDAGON/snort3:field_127 to master
Squashed commit of the following:
commit
18a108729bf0f36b122bebc77460447862c772f4
Author: mdagon <mdagon@cisco.com>
Date: Tue Aug 18 14:43:56 2020 -0400
payload_injector: support translation of header field value with length > 127
Bhargava Jandhyala (bjandhya) [Tue, 1 Sep 2020 19:33:21 +0000 (19:33 +0000)]
Merge pull request #2418 in SNORT/snort3 from ~KBHANDAN/snort3:set_ips_for_pseudo_pdu to master
Squashed commit of the following:
commit
98bfc2729f03abfccfaad361591fdac5dcdb4705
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Thu Aug 20 09:47:47 2020 -0400
ips: use the policies in the flow when creating pseudo packet
Michael Altizer (mialtize) [Tue, 1 Sep 2020 19:12:13 +0000 (19:12 +0000)]
Merge pull request #2433 in SNORT/snort3 from ~MIALTIZE/snort3:snort2lua_cleanup to master
Squashed commit of the following:
commit
7fc4a5c41f788b512ff8e07af2de85f34a921741
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Aug 27 12:28:57 2020 -0400
snort2lua: Remove obsolete and unused code
Along with other dead code cleanup, this removes the conversion support
for firewall, nap_selector, and sfunified2.
commit
b5cac33bdccc75c19efad1e1762bbdb5fc4128e9
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Aug 27 12:28:47 2020 -0400
snort2lua: Remove unused unit test files
Ron Dempster (rdempste) [Tue, 1 Sep 2020 17:09:23 +0000 (17:09 +0000)]
Merge pull request #2432 in SNORT/snort3 from ~RDEMPSTE/snort3:plugins to master
Squashed commit of the following:
commit
d381d49e800420f551024c4a5a275e541736e107
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Sep 1 10:29:54 2020 -0400
payload_injector: assume http1, if packet does not have a gadget
Masud Hasan (mashasan) [Tue, 1 Sep 2020 14:24:21 +0000 (14:24 +0000)]
Merge pull request #2437 in SNORT/snort3 from ~ARMANDAV/snort3:rna_client_disc to master
Squashed commit of the following:
commit
c3efbd690571824a3ced29722fae510d055b33df
Author: Arun Mandava <armandav@cisco.com>
Date: Fri Aug 28 12:18:56 2020 -0400
rna: Support client discovery from appid event changes
Mike Stepanek (mstepane) [Tue, 1 Sep 2020 11:45:03 +0000 (11:45 +0000)]
Merge pull request #2436 in SNORT/snort3 from ~MDAGON/snort3:fix_warning to master
Squashed commit of the following:
commit
e7d22e9969b20f155453634ed6e3277f3160f924
Author: mdagon <mdagon@cisco.com>
Date: Mon Aug 31 15:12:20 2020 -0400
code review: initialize select fields instead of using memset
commit
ab983114ee4e375e3bac1407fb474409e18de9da
Author: mdagon <mdagon@cisco.com>
Date: Fri Aug 28 13:01:23 2020 -0400
payload_injector: fix warning
Michael Altizer (mialtize) [Tue, 1 Sep 2020 03:37:42 +0000 (03:37 +0000)]
Merge pull request #2444 in SNORT/snort3 from ~MIALTIZE/snort3:freebsd to master
Squashed commit of the following:
commit
c12beed04d5a2988dacc479a8c56b19fa1924412
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Aug 31 22:58:40 2020 -0400
helpers: Fix build on systems without sigaction
commit
dc8959e04466d76792605447c3236fb2858f0104
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Aug 31 22:53:15 2020 -0400
helpers: Use sig_t instead of sighandler_t for better BSD compatibility
Michael Altizer (mialtize) [Tue, 1 Sep 2020 01:45:47 +0000 (01:45 +0000)]
Merge pull request #2427 in SNORT/snort3 from ~MIALTIZE/snort3:cpputest_leaks to master
Squashed commit of the following:
commit
f1f70793fa2f9bfa46a9f48245372df2899bcc5a
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Aug 31 15:35:04 2020 -0400
host_tracker: Fix allocator unit test to work on 32-bit systems again
commit
85a78101fe8bfb9d3055488bcba029ec4e430f02
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Aug 27 13:43:28 2020 -0400
cmake: Restore accidentally removed caching of static DAQ modules
commit
a89ffd26d712ca56ee8fafe24e1d64f616fc9c8b
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Aug 27 11:15:02 2020 -0400
utils: Add sys/time.h to util.h for struct timeval definition
This fixes the Alpine Linux build issue where the forward declaration
of struct timval from ts_print() ended up in the snort namespace.
commit
d3c78c5f6ec5fbc21231043512a3d90e30488e64
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Aug 27 11:12:32 2020 -0400
rna: Remove redefinition of USHRT_MAX
commit
9393c5e3621b1900acf15d07e08020c98be763cd
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Aug 25 12:41:00 2020 -0400
tests: Fix the majority of memory leaks in CppUTest unit tests
Additionally, this allows us to use the finally released CppUTest 4.0.
commit
7d363fe48a6a11836bd9e44f2fd8d54f936acafc
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Aug 25 17:18:19 2020 -0400
style: Replace some tabs that snuck in with proper spaces
Mike Stepanek (mstepane) [Mon, 31 Aug 2020 12:20:25 +0000 (12:20 +0000)]
Merge pull request #2438 in SNORT/snort3 from ~KATHARVE/snort3:cppcheck_fix to master
Squashed commit of the following:
commit
ff30d14526f064e5f5960b68e718585df543ed85
Author: Katura Harvey <katharve@cisco.com>
Date: Sun Aug 30 14:18:30 2020 -0400
http2_inspect: convert circular_array to std:vector
Mike Stepanek (mstepane) [Mon, 31 Aug 2020 12:17:49 +0000 (12:17 +0000)]
Merge pull request #2424 in SNORT/snort3 from ~KATHARVE/snort3:h2i_trailers to master
Squashed commit of the following:
commit
347853866023f7d14265f82b4b293e4268f8761c
Author: Katura Harvey <katharve@cisco.com>
Date: Sun Aug 30 11:27:18 2020 -0400
http_inspect: declare get_type_expected const
commit
3bc9d0c468a83e2a6ee7c4a61bcb3a329adf2b87
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 21 11:29:23 2020 -0400
http2_inspect: prepare http2_inspect and http_inspect for HTTP/2 trailers
commit
89063a23fb743327f59e9ef59444154aea32047f
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 21 11:28:41 2020 -0400
http2_inspect: fix continuation frame check
Masud Hasan (mashasan) [Fri, 28 Aug 2020 01:20:50 +0000 (01:20 +0000)]
Merge pull request #2420 in SNORT/snort3 from ~MASHASAN/snort3:rna_app_service to master
Squashed commit of the following:
commit
ad66c9f37f7beb0a3cbf0a18834a1b8994dd7d54
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Aug 14 21:45:23 2020 -0400
rna: Support service discovery from appid event changes
commit
9aa8d405eda1fe08496ea613d3049c5eb75da235
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Aug 14 06:22:01 2020 -0400
appid: Generate events for service info changes
Shravan Rangarajuvenkata (shrarang) [Thu, 27 Aug 2020 20:59:14 +0000 (20:59 +0000)]
Merge pull request #2425 in SNORT/snort3 from ~CLJUDGE/snort3:ssl_check_host_for_null to master
Squashed commit of the following:
commit
2d74e652df3a89b010de5eb38bfea7e2dc955efe
Author: cljudge <cljudge@cisco.com>
Date: Tue Aug 18 01:26:19 2020 -0400
appid: adding check for nullptr before setting tls host
Mike Stepanek (mstepane) [Thu, 27 Aug 2020 19:31:52 +0000 (19:31 +0000)]
Merge pull request #2407 in SNORT/snort3 from ~MDAGON/snort3:translate2 to master
Squashed commit of the following:
commit
169cd2c9214765cf3756a7ba82e5f15161dd13fa
Author: mdagon <mdagon@cisco.com>
Date: Wed Jul 29 10:37:03 2020 -0400
payload_injector: support http2 injection
Bhagya Tholpady (bbantwal) [Thu, 27 Aug 2020 14:37:44 +0000 (14:37 +0000)]
Merge pull request #2429 in SNORT/snort3 from ~OSHUMEIK/snort3:doc_fix to master
Squashed commit of the following:
commit
87b3e2266f9721e7fe6af81048f25e06aab7c33e
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Aug 25 22:23:43 2020 +0300
doc: reword the sentence to use the correct words
Bhagya Tholpady (bbantwal) [Thu, 27 Aug 2020 11:56:20 +0000 (11:56 +0000)]
Merge pull request #2409 in SNORT/snort3 from ~OKHOMIAK/snort3:trace_add_ntuple to master
Squashed commit of the following:
commit
bf8a7d52b3b4f28d90095cb276223a7f2da44f08
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date: Tue Aug 18 13:53:49 2020 +0300
trace: update loggers to support extended output with n-tuple packet info
Masud Hasan (mashasan) [Wed, 26 Aug 2020 18:07:25 +0000 (18:07 +0000)]
Merge pull request #2353 in SNORT/snort3 from ~SMINUT/snort3:tcp_fp_io to master
Squashed commit of the following:
commit
d8f33db11b1589cf65dddc77fde9cb428f747e7e
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Jul 28 18:48:55 2020 -0400
rna: tcp fingerprints configuration, storage, matching and event generation
Shravan Rangarajuvenkata (shrarang) [Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)]
Merge pull request #2384 in SNORT/snort3 from ~SATHIRKA/snort3:skip_detection_old_config to master
Squashed commit of the following:
commit
df50d6ceb4829ca89ee24ba6f95ba58cf4c5a2e9
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Aug 6 17:02:49 2020 -0400
appid: Skip detection for existing sessions after detector reload; rename reload_odp command to reload_detectors
Shravan Rangarajuvenkata (shrarang) [Wed, 26 Aug 2020 03:11:01 +0000 (03:11 +0000)]
Merge pull request #2380 in SNORT/snort3 from ~SHRARANG/snort3:appid_listener_more_logging to master
Squashed commit of the following:
commit
86da97002e7b8c30e75cd99817ab5bab9cf1e19a
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Aug 5 11:14:54 2020 -0400
appid: support json logging in appid_listener
Steve Chew (stechew) [Tue, 25 Aug 2020 22:21:26 +0000 (22:21 +0000)]
Merge pull request #2410 in SNORT/snort3 from ~DERAMADA/snort3:pop3_start_tls to master
Squashed commit of the following:
commit
144967eebc309fcc88eae236e868cb2ecab2baed
Author: deramada <deramada@cisco.com>
Date: Wed Aug 19 09:40:10 2020 -0400
pop: publish start_tls events, support for ssl search abandoned
Shravan Rangarajuvenkata (shrarang) [Tue, 25 Aug 2020 19:58:49 +0000 (19:58 +0000)]
Merge pull request #2419 in SNORT/snort3 from ~EBURMAI/snort3:sip_future_session to master
Squashed commit of the following:
commit
a8138a99828ef883106248ea028750845c71e888
Author: Eduard Burmai <eburmai@cisco.com>
Date: Tue Aug 25 08:14:58 2020 -0400
appid: Pass snort protocol id instead of appid while creating future flow
projects / thirdparty / snort3.git / log
