]>
git.ipfire.org Git - thirdparty/snort3.git/log
Shravan Rangarajuvenkata (shrarang) [Mon, 16 Dec 2019 11:37:54 +0000 (11:37 +0000)]
Merge pull request #1894 in SNORT/snort3 from ~SATHIRKA/snort3:navl_reload_command to master
Squashed commit of the following:
commit
a968abdae0d74e6b983a707fd9895b6f3909b96d
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Dec 12 12:11:46 2019 -0500
appid: Adding command for third-party reload
Michael Altizer [Fri, 13 Dec 2019 16:56:16 +0000 (11:56 -0500)]
sfip: Use REG_TEST-style IP stringification for standalone Catch tests
Shravan Rangarajuvenkata (shrarang) [Thu, 12 Dec 2019 18:39:07 +0000 (18:39 +0000)]
Merge pull request #1889 in SNORT/snort3 from ~SHRARANG/snort3:file_magic to master
Squashed commit of the following:
commit
0deef444b0544a25550c7e7191ff51df06876d38
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Dec 10 12:41:18 2019 -0500
file_magic: add file magic for .jar, .rar, .alz, .egg, .hwp and .swf files
George Koikara (gkoikara) [Wed, 11 Dec 2019 08:45:08 +0000 (08:45 +0000)]
Merge pull request #1878 in SNORT/snort3 from ~APOORAJ/snort3:gtp_teid to master
Squashed commit of the following:
commit
65363ab96ffd788f42836c407e6143952a69e825
Author: Apoorv Raj <apooraj@cisco.com>
Date: Tue Dec 3 23:42:37 2019 -0500
gtp:alerts should be raised for missing TEID in gtp msg
Michael Altizer [Wed, 11 Dec 2019 02:47:42 +0000 (21:47 -0500)]
lua: Link lua_stack_test against libdl to handle the static luajit case
Michael Altizer (mialtize) [Wed, 11 Dec 2019 01:52:42 +0000 (01:52 +0000)]
Merge pull request #1888 in SNORT/snort3 from ~MIALTIZE/snort3:catch_update to master
Squashed commit of the following:
commit
50bce7dcee80462f07283c4c7738728e8ff60841
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Dec 10 12:14:34 2019 -0500
build: Const-ify reference arguments as suggested by cppcheck
commit
4c90072dc0ab9f5ebae7cf4c1a4395d69794fe0a
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 18:08:25 2019 -0500
lua: Convert LuaStack unit tests to standalone Catch
commit
b33f7cc6db6fe2c5aa4077101efb5555bd6a201a
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 18:02:15 2019 -0500
stream/tcp: Remove some unused Catch includes
commit
641d95ae9d46ffff6e3c91e39c2a278028ebdc07
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 17:56:47 2019 -0500
sfip: Convert SfIp unit tests to standalone Catch
commit
85bd00016ecaa8146ffec9a809fa3851586116d3
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 17:45:31 2019 -0500
profiler: Convert MemoryContext and ProfilerStatsTable unit tests to standalone Catch
commit
693ace7a10e04611b8f91ee3d28bb43ea5664199
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 17:37:40 2019 -0500
helpers: Convert Base64Encoder unit tests to standalone Catch
commit
d7a7fd2beffa6fd3f7d46e9466c8f36a012e0f12
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 17:16:20 2019 -0500
time: Convert periodic and stopwatch unit tests to standalone Catch
commit
4248db7448a208b73fb8a815f0a6998b4e5fee06
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 16:54:43 2019 -0500
utils: Convert bitop unit tests to standalone Catch
commit
ef66e67db068785a60c260cb6463b15ca641d47b
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Dec 9 16:51:03 2019 -0500
control: Convert IdleProcessing unit tests to standalone Catch
commit
b134ee2b0a6a8d388c2141458fb95128d31140d3
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Nov 27 17:14:05 2019 -0500
framework: Convert parameter and range unit tests to standalone Catch
commit
ebe3148b938ae8dcf422a89af5d6e959490a8174
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Nov 27 17:04:12 2019 -0500
perf_monitor: Convert CSV, FBS, and JSON formatter unit tests to standalone Catch
commit
d064b5cbe59a7f372718794a3a307e40948d3af6
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Nov 27 14:49:36 2019 -0500
dce_rpc: Convert HTTP proxy and server splitter unit tests to standalone Catch
commit
d78b0707d9cd70ae3f487ce848a598889189127f
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Oct 29 10:11:10 2019 -0400
catch: Add infrastructure for standalone Catch unit tests
commit
890eb47d153baf0fc89ef75eab7a2a9fde47c836
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Nov 27 12:20:24 2019 -0500
catch: Update to Catch v2.11.0
Steve Chew (stechew) [Tue, 10 Dec 2019 22:11:14 +0000 (22:11 +0000)]
Merge pull request #1887 in SNORT/snort3 from ~ANTOROZC/snort3:duapalme_lru_cache to master
Squashed commit of the following:
commit
34fe7d4675a47b58c4fc6f9c5d3305f59d7ef999
Author: Duane Palmer <duapalme@cisco.com>
Date: Thu Nov 14 15:04:28 2019 -0600
lru_cache_shared: added find_else_insert to add user managed objects to the cache
Russ Combs (rucombs) [Tue, 10 Dec 2019 13:42:11 +0000 (13:42 +0000)]
Merge pull request #1877 in SNORT/snort3 from ~RUCOMBS/snort3:reincluder to master
Squashed commit of the following:
commit
7499236c7f9a0d79228c56d96099acf939626daf
Author: russ <rucombs@cisco.com>
Date: Wed Dec 4 17:43:52 2019 -0500
ips: do not use includer for any rules file includes
commit
2ce77f3186a19a723f97d9fbc34bc28bc3cd8053
Author: russ <rucombs@cisco.com>
Date: Wed Dec 4 13:40:56 2019 -0500
ips: fix --show-file-codes for inclusion from -c file
Mike Stepanek (mstepane) [Mon, 9 Dec 2019 17:08:40 +0000 (17:08 +0000)]
Merge pull request #1882 in SNORT/snort3 from ~THOPETER/snort3:h2i_streams to master
Squashed commit of the following:
commit
3b164411655f7ec11e66c424a3783f74c11cf11e
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Dec 2 14:59:20 2019 -0500
http2_inspect: add Stream class
Mike Stepanek (mstepane) [Mon, 9 Dec 2019 13:22:29 +0000 (13:22 +0000)]
Merge pull request #1858 in SNORT/snort3 from ~DAVMCPHE/snort3:reload_idle_tuning to master
Squashed commit of the following:
commit
bac1de7f1bdc9aa14db71457e39932c27768c43e
Author: davis mcpherson <davmcphe@cisco.com>
Date: Fri Nov 22 09:07:13 2019 -0500
reload: fix issue where resource tuning was not being called when in idle context
Michael Altizer (mialtize) [Fri, 6 Dec 2019 16:56:37 +0000 (16:56 +0000)]
Merge pull request #1875 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_init_race_condition to master
Squashed commit of the following:
commit
fd95dddf1c1087d8834f3ee04e3a6fb559798f61
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Dec 2 16:40:35 2019 -0500
stream_tcp: refactor stream_tcp initialization to create reassemblers during plugin init
stream_tcp: refactor to initialize tcp normalizers during plugin init
stream_tcp:: fix TcpState post increment operator to stop increment at max value (and use correct max value)
George Koikara (gkoikara) [Fri, 6 Dec 2019 09:59:33 +0000 (09:59 +0000)]
Merge pull request #1870 in SNORT/snort3 from ~RJAVALI/snort3:GRE_issu to master
Squashed commit of the following:
commit
c7d297104eceef9da751684b7102899c57fb48ba
Author: Raghavendra Javali <rjavali@cisco.com>
Date: Mon Nov 18 01:46:47 2019 -0500
codec: Added GRE::encode method
Mike Stepanek (mstepane) [Thu, 5 Dec 2019 21:16:40 +0000 (21:16 +0000)]
Merge pull request #1856 in SNORT/snort3 from ~DERAMADA/snort3:h2i_settings_frame to master
Squashed commit of the following:
commit
eb9c908e03f795681f2d82e92eaee6d8d17d5759
Author: deramada <deramada@cisco.com>
Date: Thu Nov 21 14:50:57 2019 -0500
http2: parse settings frames
Russ Combs (rucombs) [Thu, 5 Dec 2019 05:45:05 +0000 (05:45 +0000)]
Merge pull request #1853 in SNORT/snort3 from ~RUCOMBS/snort3:empty_rule_state_table to master
Squashed commit of the following:
commit
6bfb8eddcf1ba0cc23fbf4b42b3d9229bc506748
Author: russ <rucombs@cisco.com>
Date: Wed Nov 20 15:43:23 2019 -0500
rule_state: allow empty tables
Michael Altizer (mialtize) [Wed, 4 Dec 2019 17:14:29 +0000 (17:14 +0000)]
Merge pull request #1876 in SNORT/snort3 from ~MSTEPANE/snort3:build_266 to master
Squashed commit of the following:
commit
aec79dac54f6b8ad5fa28d8c0343de252858564e
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Dec 4 08:34:24 2019 -0500
build: generate and tag build 266
Shravan Rangarajuvenkata (shrarang) [Tue, 3 Dec 2019 22:08:14 +0000 (22:08 +0000)]
Merge pull request #1871 in SNORT/snort3 from ~SATHIRKA/snort3:host_cache_ssl to master
Squashed commit of the following:
commit
54ad92428c38323655e2b816d7eae3e7901a2b67
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Nov 27 14:34:18 2019 -0500
appid: Enabling host cache for unknown SSL flows
Mike Stepanek (mstepane) [Tue, 3 Dec 2019 20:28:43 +0000 (20:28 +0000)]
Merge pull request #1840 in SNORT/snort3 from ~SMINUT/snort3:appid_memcap_rrt to master
Squashed commit of the following:
commit
a9c44d768cf79685c6d547ac5a18da01dd7851ca
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Nov 8 18:27:01 2019 -0500
appid: handle memcap during reload_config using RRT.
Shravan Rangarajuvenkata (shrarang) [Tue, 3 Dec 2019 20:10:34 +0000 (20:10 +0000)]
Merge pull request #1855 in SNORT/snort3 from ~CLJUDGE/snort3:snort3-parity-ssl-pop3s to master
Squashed commit of the following:
commit
f21d9f8383c11ae5fdca7168b23a498cb44af89b
Author: cljudge <cljudge@cisco.com>
Date: Thu Nov 21 14:48:36 2019 -0500
appid: add new pattern to pop3, don't concatenate ssl certs, use openssl-1.1 compliant APIs
Steve Chew (stechew) [Tue, 3 Dec 2019 20:08:48 +0000 (20:08 +0000)]
Merge pull request #1863 in SNORT/snort3 from ~STECHEW/snort3:deferred_whitelist to master
Squashed commit of the following:
commit
5a3d0a1cd928695d52cf798cb92fb55186fe1593
Author: Steve Chew <stechew@cisco.com>
Date: Fri Nov 22 12:18:20 2019 -0500
flow: Add ability to defer whitelist verdict.
Mike Stepanek (mstepane) [Tue, 3 Dec 2019 16:40:53 +0000 (16:40 +0000)]
Merge pull request #1872 in SNORT/snort3 from ~THOPETER/snort3:doc_detained_inspection to master
Squashed commit of the following:
commit
d8229b442b674dd56ad47a1f9d7135ea08a70786
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Dec 3 11:34:16 2019 -0500
http_inspect: update user manual for detained inspection
George Koikara (gkoikara) [Tue, 3 Dec 2019 10:01:18 +0000 (10:01 +0000)]
Merge pull request #1868 in SNORT/snort3 from ~VKAMBALA/snort3:vkambala_test to master
Squashed commit of the following:
commit
adce4923e61c0258762b54d8cd716f7cebdd27c4
Author: krishnakanth <vkambala@cisco.com>
Date: Mon Nov 18 00:12:32 2019 -0500
file_api: Fixed eventing when FILE_SIG_DEPTH failed when store files enabled
Russ Combs (rucombs) [Tue, 3 Dec 2019 03:11:27 +0000 (03:11 +0000)]
Merge pull request #1867 in SNORT/snort3 from ~SHASLAD/snort3:bye_mallinfo to master
Squashed commit of the following:
commit
f9c843c9d43a77883ed7fd8d7095f72c17ca31ca
Author: Shashi Lad <shaslad@cisco.com>
Date: Tue Nov 26 13:23:05 2019 -0500
stats: removal of mallinfo as it only support 32bit
Russ Combs (rucombs) [Tue, 3 Dec 2019 02:57:37 +0000 (02:57 +0000)]
Merge pull request #1841 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_consolidate_source_files to master
Squashed commit of the following:
commit
e50ee5a0450248a37a310b42f9be1e8868cacaa9
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Nov 25 10:46:55 2019 -0500
stream_tcp: updates from PR review comments
commit
88137cf6242a9378cf6351882f7631947bff9d84
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Nov 11 08:58:57 2019 -0500
stream_tcp: move and update the libtcp source files to the tcp source directory to consolidate the stream tcp code into one component (libtcp goes away)
Russ Combs (rucombs) [Mon, 2 Dec 2019 22:28:25 +0000 (22:28 +0000)]
Merge pull request #1847 in SNORT/snort3 from ~RUCOMBS/snort3:rule_hacks to master
Squashed commit of the following:
commit
a273b19fd7256ab43c4639b064695a1d11f8030f
Author: russ <rucombs@cisco.com>
Date: Fri Nov 29 08:28:33 2019 -0500
http_inspect: implement show method for verbose config output
commit
6e1f40e01c95f0afd8ef4d0b609df25db9b757c6
Author: russ <rucombs@cisco.com>
Date: Thu Nov 28 18:44:33 2019 -0500
appid: format detected apps stats in columns akin to file stats
commit
4eb7cbdbfa223d6e6c998822c4db06d8c6f6a681
Author: russ <rucombs@cisco.com>
Date: Sun Nov 24 17:58:51 2019 -0500
profiler: fix module profile for multithreaded runs
The checks and time(us) are aggregated from all packet threads so the total time
can be N times greater than elapsed real time for N packet threads. The "other"
bucket has checks equal to the total number of packets and time equal to the sum
of all packet thread run times less the sum of all other times accounted for.
commit
9f7e9ec1fec03fc8681438a89f680d7b248f2326
Author: russ <rucombs@cisco.com>
Date: Wed Nov 27 13:42:13 2019 -0500
search_engine: raise an error if any MPSE compilation fails
commit
75bd85542994fb88da80754668679b46cfb3caca
Author: russ <rucombs@cisco.com>
Date: Wed Nov 27 09:08:10 2019 -0500
search_engine: process intermediate fast-pattern matches in batches of 32 same as Snort 2
commit
b76f0fc78432d4056e9b940441fd8803d7a5035b
Author: russ <rucombs@cisco.com>
Date: Sun Nov 24 18:01:12 2019 -0500
ips: support 2 rule vars same as Snort 2
commit
67ee953c4c7c9d13e4f95a4e527d87cb8a365b44
Author: russ <rucombs@cisco.com>
Date: Fri Nov 22 16:30:41 2019 -0500
appid: minor cleanup
commit
6b66d0839ca6cb14e8dd37010d69a47f97c6c5b6
Author: russ <rucombs@cisco.com>
Date: Fri Nov 22 16:24:56 2019 -0500
search_engine: ensure configured search_method is applied to search tools
commit
039f452cea4f183a469aa555275c7f47d37cd14d
Author: russ <rucombs@cisco.com>
Date: Mon Nov 18 18:14:14 2019 -0500
ips: only use multiple threads for rule group compilation at startup
A typical deployment will have N packet threads, each pinned to a separate core.
N threads can be used to speed up startup but shouldn't be used during reload
since that could impact detection. Reload is also not as time critical as
startup.
commit
a23500a9baf5773592653648d1a2cf32cfb22487
Author: russ <rucombs@cisco.com>
Date: Fri Nov 15 13:59:18 2019 -0500
hyperscan: select max scratch from among all compiler threads
commit
5b918976e0fad0f706675635852c74870175b4ad
Author: russ <rucombs@cisco.com>
Date: Thu Nov 14 16:45:34 2019 -0500
mpse: only hyperscan currently supports parallel compilation
commit
5ceb74b43af4b3bd7fafe61da7c53f2900b6b3cd
Author: russ <rucombs@cisco.com>
Date: Thu Nov 14 15:52:41 2019 -0500
ips: add support for parallel fast-pattern MPSE FSM compilation
Mike Stepanek (mstepane) [Wed, 27 Nov 2019 18:16:22 +0000 (18:16 +0000)]
Merge pull request #1865 in SNORT/snort3 from ~KATHARVE/snort3:h2i_dynamic_2 to master
Squashed commit of the following:
commit
8f4efe3e017be5036c368e2bd4fbdd70b9c3a025
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 25 14:56:43 2019 -0500
http2_inspect: implement hpack dynamic index lookups
Mike Stepanek (mstepane) [Wed, 27 Nov 2019 15:53:30 +0000 (15:53 +0000)]
Merge pull request #1866 in SNORT/snort3 from ~KAMURTHI/snort3:shell-application to master
Squashed commit of the following:
commit
28d4e06573721c4a1beb02dbb3e100d050d61e14
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Wed Nov 20 19:57:27 2019 -0500
appid: Fix for better classification on pinholed data session and control session for Rshell/rexec.
George Koikara (gkoikara) [Wed, 27 Nov 2019 05:42:32 +0000 (05:42 +0000)]
Merge pull request #1797 in SNORT/snort3 from ~POAWASTH/snort3:CSCvr33175 to master
Squashed commit of the following:
commit
df59543a5e3e99bef9c809163c6030bdfb042796
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri Oct 11 06:07:32 2019 -0400
high_availability:Disabling the inspection if the Flow state is BLOCK
Michael Altizer [Wed, 30 Oct 2019 15:40:28 +0000 (11:40 -0400)]
cmake: Cache static DAQ module info in FindDAQ
Michael Altizer (mialtize) [Mon, 25 Nov 2019 23:47:26 +0000 (23:47 +0000)]
Merge pull request #1864 in SNORT/snort3 from ~MIALTIZE/snort3:sfip_copy to master
Squashed commit of the following:
commit
75e04dbd8822d123436d078ed6a8c9264e5fe780
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Nov 25 12:51:01 2019 -0500
port_scan: Only update scanner for ICMP if we have one
commit
79a2e35cf97761f748bd50070c82fb5cc40dd97a
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Nov 5 17:52:27 2019 -0500
flow: Clean up unit test compiler warnings
commit
2c8c1f85b7c24d2c20edc803508018306362ca39
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 16:05:32 2019 -0400
sfip: Replace copy setter with implicit copy constructor
Also, add some more padding guards and give SfCidr a default
constructor.
Mike Stepanek (mstepane) [Mon, 25 Nov 2019 14:28:51 +0000 (14:28 +0000)]
Merge pull request #1830 in SNORT/snort3 from ~KATHARVE/snort3:h2i_response_start_line2 to master
Squashed commit of the following:
commit
0a5f41439490f3dad02b91ae6358c448af539553
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 30 17:09:13 2019 -0400
http2_inspect: generate status lines for responses and be more lenient on RFC violations
Russ Combs [Sat, 23 Nov 2019 03:03:43 +0000 (22:03 -0500)]
Squashed commit of the following:
commit
0698be4596756d8c393c294bd39995ea3631a75a
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Nov 22 11:53:06 2019 -0500
build: generate and tag build 265
Russ Combs (rucombs) [Sat, 23 Nov 2019 02:17:48 +0000 (02:17 +0000)]
Merge pull request #1862 in SNORT/snort3 from ~JIAWU2/snort3:dynamic_fix to master
Squashed commit of the following:
commit
d4338ff7993f3d75898004cf6ac24104ee35b1e3
Author: Jian Wu <jiawu2@cisco.com>
Date: Fri Nov 22 16:22:53 2019 -0500
pub_sub: fix warning when loading cip as dynamic lib
Mike Stepanek (mstepane) [Fri, 22 Nov 2019 20:20:10 +0000 (20:20 +0000)]
Merge pull request #1852 in SNORT/snort3 from ~NIHDESAI/snort3:ftp_cmds to master
Squashed commit of the following:
commit
72471dda4db4c0467871065d166c187cdfefb720
Author: Nihal Desai <nihdesai@cisco.com>
Date: Mon Nov 18 16:15:52 2019 -0500
ftp: handling multiple ftp server config validation
Shravan Rangarajuvenkata (shrarang) [Fri, 22 Nov 2019 18:04:41 +0000 (18:04 +0000)]
Merge pull request #1857 in SNORT/snort3 from ~SATHIRKA/snort3:bt_midstream to master
Squashed commit of the following:
commit
df005fee8fdee9b15bb625cd5ef908bbc410a7e7
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Nov 21 14:21:12 2019 -0500
appid: Adding Lua-C API to handle midstream traffic
Russ Combs (rucombs) [Thu, 21 Nov 2019 02:41:10 +0000 (02:41 +0000)]
Merge pull request #1850 in SNORT/snort3 from ~BRASTULT/snort3:dce_smb_curse_fix to master
Squashed commit of the following:
commit
a83a033a9ccc3ac8b1dc2b0a0ed474c1be08e1fd
Author: Brandon Stultz <brastult@cisco.com>
Date: Thu Nov 14 17:36:24 2019 -0500
wizard: handle NBSS startup in dce_smb_curse
Mike Stepanek (mstepane) [Wed, 20 Nov 2019 13:46:44 +0000 (13:46 +0000)]
Merge pull request #1849 in SNORT/snort3 from ~KATHARVE/snort3:h2i_refactor to master
Squashed commit of the following:
commit
df563843b3c042052d395ee46e72536545875718
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 18 10:40:09 2019 -0500
http2_inspect: add frame class and refactor stream splitter
Michael Altizer (mialtize) [Tue, 19 Nov 2019 22:29:09 +0000 (22:29 +0000)]
Merge pull request #1848 in SNORT/snort3 from ~BBANTWAL/snort3:fix_offload_sclear to master
Squashed commit of the following:
commit
2a913fe450cc4d25ed02fed62827c97c98b83791
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Nov 19 14:35:19 2019 -0500
detection: disable rule evaluation when detection is disabled for offload packets
commit
520f55a8bfea4f6b43b5a452e9beaad6dfa837c0
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Nov 19 12:53:21 2019 -0500
flow: check if there are offloaded packets in the flow before clearing out the alert count
commit
12163b08cc3718f82b1df982dee826aff31ec7b8
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Nov 18 14:26:24 2019 -0500
detection: move the inspector manager thread local flag used to determine whether or not to call inspector clear to context
Mike Stepanek (mstepane) [Tue, 19 Nov 2019 17:49:16 +0000 (17:49 +0000)]
Merge pull request #1846 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_reload_tweaks to master
Squashed commit of the following:
commit
d4f864cf104f1cad64a800948461613e75fac1d4
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Nov 18 08:25:24 2019 -0500
snort: update reload resource tuner to return status indicating if there is work to be done in the packet thread.
stream: register reload resource tuner unconditionally. move checks for config changes to the tuner tinit method
analyzer_command: update ACSwap execute to check return status from resource tuner tinit and delete tuner if no work (return status == false)
Mike Stepanek (mstepane) [Tue, 19 Nov 2019 15:41:32 +0000 (15:41 +0000)]
Merge pull request #1843 in SNORT/snort3 from ~MASHASAN/snort3:reject_options to master
Squashed commit of the following:
commit
35fd73d12ceced095d4a80ebbd6f28f34dc38a42
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Nov 13 16:55:43 2019 -0500
reject: Setting defaults for reset and control options
Michael Altizer (mialtize) [Tue, 19 Nov 2019 14:35:50 +0000 (14:35 +0000)]
Merge pull request #1844 in SNORT/snort3 from ~MIALTIZE/snort3:epoll_fix to master
Squashed commit of the following:
commit
72a00c5d08d665409775ebbc005e79befc586f0e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Nov 18 10:13:33 2019 -0500
main: Improve performance of control connection polling
Russ Combs (rucombs) [Mon, 18 Nov 2019 23:46:03 +0000 (23:46 +0000)]
Merge pull request #1832 in SNORT/snort3 from ~BRASTULT/snort3:plugin_path_fix to master
Squashed commit of the following:
commit
9b38272cd911699b161dfdc4f9aaf15411c5e401
Author: Brandon Stultz <brastult@cisco.com>
Date: Thu Oct 31 22:11:42 2019 -0400
plugin_manager: allow loading individual plugin files in plugin-path
Michael Altizer (mialtize) [Wed, 13 Nov 2019 00:04:27 +0000 (19:04 -0500)]
Merge pull request #1836 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_tsm_tsan_patch to master
Squashed commit of the following:
commit
bc8abc4b89ad76dbf294cc5e09c4d643d19607d8
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Nov 6 11:40:38 2019 -0500
stream_tcp: initialize tcp state machine instance in the stream_tcp plugin init method to ensure
it is created before the packet threads are started. in addition the state machine is deleted
in the stream_tcp plugin term method to free up allocated memory before snort exits.
Michael Altizer (mialtize) [Fri, 8 Nov 2019 16:20:51 +0000 (11:20 -0500)]
Merge pull request #1838 in SNORT/snort3 from ~KATHARVE/snort3:h2i_ut_fix to master
Squashed commit of the following:
commit
5e2d04a800963e2eedcfe720dce7edc318e36a95
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Nov 8 10:37:30 2019 -0500
http2_inspect: fix unit tests to build without REGTEST defined
Shravan Rangarajuvenkata (shrarang) [Fri, 8 Nov 2019 14:11:53 +0000 (09:11 -0500)]
Merge pull request #1789 in SNORT/snort3 from ~JIAWU2/snort3:service_inspector_cip_porting to master
Squashed commit of the following:
commit
4777c5b25a30d46c1f79488488c9a4c731f48971
Author: Jian Wu <jiawu2@cisco.com>
Date: Tue Oct 8 18:19:43 2019 -0400
cip: ips rule support for Common Industrial Protocol (CIP)
Mike Stepanek (mstepane) [Wed, 6 Nov 2019 14:45:37 +0000 (09:45 -0500)]
Merge pull request #1835 in SNORT/snort3 from ~MSTEPANE/snort3:build_264 to master
Squashed commit of the following:
commit
ed732bb8d2c89ba49853fbc3991aa8f6d060e7a5
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Nov 6 08:26:15 2019 -0500
build: generate and tag build 264
Mike Stepanek (mstepane) [Tue, 5 Nov 2019 14:25:08 +0000 (09:25 -0500)]
Merge pull request #1827 in SNORT/snort3 from ~KATHARVE/snort3:h2i_code_coverage to master
Squashed commit of the following:
commit
fb6ef30804b7463b132fac75af68005fe9fce16e
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Oct 28 14:53:03 2019 -0400
http2_inspect: fix bugs in splitting long data frames and padding
Mike Stepanek (mstepane) [Tue, 5 Nov 2019 13:45:10 +0000 (08:45 -0500)]
Merge pull request #1834 in SNORT/snort3 from ~KATHARVE/snort3:remove_fileclose to master
Squashed commit of the following:
commit
8ecbf015c21ae73d85da004aee4938c82742ebd5
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 4 15:54:16 2019 -0500
http_inspect: remove deprecated @fileclose command from test tool
Russ Combs (rucombs) [Mon, 4 Nov 2019 15:15:45 +0000 (10:15 -0500)]
Merge pull request #1825 in SNORT/snort3 from ~RUCOMBS/snort3:talos_alignment to master
Squashed commit of the following:
commit
08d2f79e350a96c4359e7169ff1369e97f86f458
Author: russ <rucombs@cisco.com>
Date: Fri Nov 1 10:22:36 2019 -0400
search_engine: stop searching if queue limit is reached
commit
6e23316f0236958c4656610bdc1bad3a164c1a9f
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 18:46:47 2019 -0400
lua: tweak default conf and add tweaks for various scenarios
Remove perf related configs from default snort.lua. These depend
on the specific deployment.
Add lua files for connectivity, balanced, security, and max detect
which provide an easy way to start tuning your config.
commit
e1bc66e26d8b042153e8c41ba7f05526f4bdab38
Author: russ <rucombs@cisco.com>
Date: Mon Nov 4 07:42:01 2019 -0500
imap, pop, smtp: changed default decode depths to unlimited
commit
d93e7ec438fec3ecbfd404fb33e0f1e5a8283846
Author: russ <rucombs@cisco.com>
Date: Fri Nov 1 10:15:42 2019 -0400
http_inspect: change accelerated_blocking to detained_inspection
commit
8f93239ab64372053cd7c1c1806b03e5b6768e54
Author: russ <rucombs@cisco.com>
Date: Wed Oct 30 07:57:54 2019 -0400
ips_option::enable: fix dynamic plugin build
commit
d803c6f0c428dfd491733db4f18311157a7247d6
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 22:09:28 2019 -0400
detection: negated fast patterns are last choice
commit
1b9bfcaa59a55b43f17817d6a2ad351aab9ec4af
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 13:34:27 2019 -0400
ips: define a builtin GID range to prevent unloaded SIDs from firing on all packets
100 <= GID <= 999 defines a builtin rule range such that SIDs from GIDs in this range
that are configured won't fire unless the module is loaded and configured. This is
helpful when a dynamic plugin is not loaded. It is possible to have builtin GIDs
outside this range, but they may fire inadvertently.
Also, note that "builtin" rules doesn't include just statically linked modules. Any
plugin generator (excluding text rules and SO rules) is considered "builtin".
Exception to the above is granted for the old SDF (138) generator from Snort 2.
Rules for GID 138 may appear as a result of snort2lua or user porting efforts so
it is not considered a builtin rule.
commit
d6f3553be176e7e916c627a2235546d5b0bf99a3
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 11:13:50 2019 -0400
port_scan: increase default memcap to a more reasonable 10M
commit
1ec6e5825939555a5924de522ae5608a49f98c69
Author: russ <rucombs@cisco.com>
Date: Tue Oct 29 11:12:07 2019 -0400
telnet: fix check_encrypted help string
commit
b30cebb995019ef83de4d9cd52a9d2f929a006c9
Author: russ <rucombs@cisco.com>
Date: Sat Oct 26 19:43:19 2019 -0400
dce_smb: deprecate config for smb_file_inspection, use smb_file_depth only
commit
147827d7a3228ebabf973ff1a188b13d4f50d939
Author: russ <rucombs@cisco.com>
Date: Tue Oct 22 14:36:07 2019 -0400
normalizer: make tcp.ips defaults to true
Mike Stepanek (mstepane) [Mon, 4 Nov 2019 13:59:47 +0000 (08:59 -0500)]
Merge pull request #1807 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_reload_memcap to master
Squashed commit of the following:
commit
b127a8a89a00336480bdf9cfb6c196c8db8d93ca
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Aug 20 11:40:34 2019 -0400
stream: implement reload resource tuner for stream to adjust the number of flow objects as needed when the stream 'max_flows' configuration option changes
Shravan Rangarajuvenkata (shrarang) [Fri, 1 Nov 2019 17:26:43 +0000 (13:26 -0400)]
Merge pull request #1831 in SNORT/snort3 from ~SATHIRKA/snort3:dns_compression_ptr to master
Squashed commit of the following:
commit
575eea2d85c85fa31aa73ff86d77c3ce85bd54ea
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Oct 31 17:53:36 2019 -0400
appid: Handle DNS responses with compression pointers at last record
Shravan Rangarajuvenkata (shrarang) [Fri, 1 Nov 2019 01:47:54 +0000 (21:47 -0400)]
Merge pull request #1751 in SNORT/snort3 from ~PRDAMODH/snort3:S7COMMPLUS-dev to master
Squashed commit of the following:
commit
c5548d43e80b6dd1534e2e7a218c6bc5e2ff1200
Author: Pradeep Damodharan <prdamodh@cisco.com>
Date: Wed Sep 18 15:54:12 2019 -0400
s7commplus: Initial working version of s7commplus service inspector
Russ Combs (rucombs) [Thu, 31 Oct 2019 20:18:02 +0000 (16:18 -0400)]
Merge pull request #1828 in SNORT/snort3 from ~RUCOMBS/snort3:build_263 to master
Squashed commit of the following:
commit
b1535e331687f558ec09d20be09e74783c9d1e84
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Oct 31 10:30:57 2019 -0400
build: generate and tag build 263
Shravan Rangarajuvenkata (shrarang) [Thu, 31 Oct 2019 14:34:45 +0000 (10:34 -0400)]
Merge pull request #1824 in SNORT/snort3 from ~SHRARANG/snort3:appid_dns_bad_host_name to master
Squashed commit of the following:
commit
c098d77166f81c6d9ec064991d4bf8ddd7b2cea9
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Oct 25 15:06:02 2019 -0400
appid: handle malformed DNS host name
Mike Stepanek (mstepane) [Wed, 30 Oct 2019 16:22:01 +0000 (12:22 -0400)]
Merge pull request #1815 in SNORT/snort3 from ~KATHARVE/snort3:h2i_request_start_line to master
Squashed commit of the following:
commit
2efd67923bc0de65e7282e3a1387884f39279c7b
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Oct 21 09:37:41 2019 -0400
http2_inspect: generate request start line from pseudo-headers
Russ Combs (rucombs) [Tue, 29 Oct 2019 21:06:50 +0000 (17:06 -0400)]
Merge pull request #1787 in SNORT/snort3 from ~BRASTULT/snort3:boyer_moore to master
Squashed commit of the following:
commit
c38c3e1dc80b15da5ebc4423662efffe94b585cd
Author: Brandon Stultz <brastult@cisco.com>
Date: Mon Oct 7 18:29:14 2019 -0400
content: rewrite boyer_moore for performance
Mike Stepanek (mstepane) [Tue, 29 Oct 2019 19:37:26 +0000 (15:37 -0400)]
Merge pull request #1812 in SNORT/snort3 from ~SMINUT/snort3:tcp_reassembler_int2uint to master
Squashed commit of the following:
commit
9ac10d66c206a949d9e7713bffd23ce14f65ef80
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Oct 22 11:41:56 2019 -0400
stream: change int16_t to uint16_t in the signature of TcpReassembler::add_reassembly_segment().
Do not use tsn->next->c_len when setting PKT_PDU_TAIL in TcpReassembler::flush_data_segments().
Steve Chew (stechew) [Mon, 28 Oct 2019 23:56:09 +0000 (19:56 -0400)]
Merge pull request #1813 in SNORT/snort3 from ~RUCOMBS/snort3:conf_loading to master
Squashed commit of the following:
commit
6ccd7795e4be8bd78c937316a7733326676e9f7b
Author: russ <rucombs@cisco.com>
Date: Mon Oct 28 16:05:22 2019 -0400
rule_state: use more accurate error message and other internal fixes
commit
17249d6de69dd6d4f7361052eb3328fae497b2ac
Author: russ <rucombs@cisco.com>
Date: Tue Oct 22 19:30:42 2019 -0400
ips: add states member to allow separate configs for rules and states
commit
ea165938df076947a3afb2c21649536404d66027
Author: russ <rucombs@cisco.com>
Date: Tue Oct 22 19:03:56 2019 -0400
rule_state: restore to facilitate continuous delivery
commit
a05f4fb5201833fb1aff644a2cce0007c72b04fc
Author: russ <rucombs@cisco.com>
Date: Mon Oct 21 08:09:44 2019 -0400
ips_option::enable: default gid = 1 as with text rules
commit
815cb7d64a3261ad22d38d8c3c4ebf692911813b
Author: russ <rucombs@cisco.com>
Date: Mon Oct 21 07:54:32 2019 -0400
ips_option::enable: invalid gid, sid is just a warning
commit
32c5ee376908c23b1dafb87c20b6103e7f902382
Author: russ <rucombs@cisco.com>
Date: Sun Oct 20 09:12:14 2019 -0400
snort: dump gids and sids in sorted order
commit
4106d2784a59f7e2077dcc43966f571d70a48971
Author: russ <rucombs@cisco.com>
Date: Sat Oct 19 10:11:11 2019 -0400
rule_state: replace with rule option enable
The enable option is used in rule stubs that set the state of a rule in the
current ips policy. The rule may have been loaded in the current or any other
ips policy. Text rule stubs are preferred over large LuaJIT tables since the
latter have limit of 64K constants per function and each row consumes one
constant. The stubs have the same rule syntax as text rules and can be defined
in alll the same places (ips.rules, ips.include, snort -R, snort
--stdin-rules). enable may be set to no, yes, or inherit and defaults to yes.
commit
ba221295e607fa5a89dd3ff59d688f43bcddf8e7
Author: russ <rucombs@cisco.com>
Date: Fri Oct 18 10:58:40 2019 -0400
framework: map parameters for faster lookup
commit
39eed8eb4700a4dbca41381b438d48b4a441af55
Author: russ <rucombs@cisco.com>
Date: Thu Oct 17 20:28:12 2019 -0400
rule_state: ensure later entries override first
commit
2094997a2d7c55de3f0af390dc415fb9e6ffa4b9
Author: russ <rucombs@cisco.com>
Date: Wed Oct 16 23:45:31 2019 -0400
style: miscellaneous fixups
commit
d98beb407148807943771e5ff13774bb1f6f2899
Author: Steve Chew <stechew@cisco.com>
Date: Wed Oct 9 11:28:40 2019 -0400
managers: Improve performance by using map instead of list for IPS options.
commit
590e5743d25952dc2259344c9a62df7b7e148d06
Author: Steve Chew <stechew@cisco.com>
Date: Wed Oct 9 01:23:19 2019 -0400
managers: Improve performance by using hash table instead of list for modules.
commit
df0530c469c50383d9da4976c073b02f4d20d051
Author: russ <rucombs@cisco.com>
Date: Mon Oct 14 11:08:39 2019 -0400
help: remove obsoleted require(snort_config) from --dump-defaults output
commit
740b16e3b0d89649f0cf3236a0fcbfc996356235
Author: russ <rucombs@cisco.com>
Date: Mon Oct 14 08:16:51 2019 -0400
rule_state: switch back to standard syntax
commit
8b44fc699329a64409ccb558be8ddc8b23133a54
Author: russ <rucombs@cisco.com>
Date: Mon Oct 14 08:16:21 2019 -0400
lua: do not traverse tables needlessly
Michael Altizer (mialtize) [Mon, 28 Oct 2019 14:09:14 +0000 (10:09 -0400)]
Merge pull request #1822 in SNORT/snort3 from ~SBAIGAL/snort3:databus_utest to master
Squashed commit of the following:
commit
19facb8667cfdbca840d17050e8c0662c72d7c59
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Oct 24 10:48:14 2019 -0400
data_bus: add unit test cases
Steve Chew (stechew) [Fri, 25 Oct 2019 17:31:13 +0000 (13:31 -0400)]
Merge pull request #1739 in SNORT/snort3 from ~BBANTWAL/snort3:mpse_stash_fix to master
Squashed commit of the following:
commit
94b58403014d34f2160aceb3c4d6ab6bfbb89ae0
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Sep 9 12:40:23 2019 -0400
detection: change the hardcoded stash max to configurable one, convert the stash queue to vector, and add new pegcounts for stash overruns
Michael Altizer (mialtize) [Fri, 25 Oct 2019 02:11:24 +0000 (22:11 -0400)]
Merge pull request #1817 in SNORT/snort3 from ~MIALTIZE/snort3:checksum_offsets to master
Squashed commit of the following:
commit
344219c01b7e1e8fe5912018441d29fd8aaf6b44
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Oct 24 12:50:23 2019 -0400
codecs: Relax requirement for DAQ packet decode data offsets when bypassing checksums
Only perform the offset sanity checking during checksum bypass
evaluation if the offset has been explicitly set in the packet decode
data. Otherwise, assume that the relevant checksum validation applies
to the current instance of the protocol.
Michael Altizer (mialtize) [Thu, 24 Oct 2019 22:13:42 +0000 (18:13 -0400)]
Merge pull request #1821 in SNORT/snort3 from ~MASHASAN/snort3:umap_find to master
Squashed commit of the following:
commit
76fd90fe0d4c2d5be45f900600398224ccf3b25f
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu Oct 24 13:38:31 2019 -0400
policy: Avoid unintended insertion of policy into map if it does not exist
Mike Stepanek (mstepane) [Wed, 23 Oct 2019 12:40:46 +0000 (08:40 -0400)]
Merge pull request #1811 in SNORT/snort3 from ~THOPETER/snort3:nhttp128 to master
Squashed commit of the following:
commit
2020c443a5f649cfca30e0957378edb5bfa62ad7
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Oct 18 11:32:15 2019 -0400
http_inspect: test tool single-direction abort fix
Steve Chew (stechew) [Tue, 22 Oct 2019 20:31:36 +0000 (16:31 -0400)]
Merge pull request #1775 in SNORT/snort3 from ~SBAIGAL/snort3:default_pub_subs to master
Squashed commit of the following:
commit
8c7d0ffc284e7fe8e3fba15d0f9eec287b0f847c
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Sep 26 16:06:24 2019 -0400
pub_subs: made default pub_subs policy-independent
Michael Altizer (mialtize) [Tue, 22 Oct 2019 17:50:32 +0000 (13:50 -0400)]
Merge pull request #1810 in SNORT/snort3 from ~SBAIGAL/snort3:dns_thread_local_fix to master
Squashed commit of the following:
commit
10494a848f9757b40c049cc43bede52b5800cca6
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Oct 21 15:43:06 2019 -0400
dns: made changes to make sure DNS parsing is thread safe
Mike Stepanek (mstepane) [Tue, 22 Oct 2019 16:17:26 +0000 (12:17 -0400)]
Merge pull request #1802 in SNORT/snort3 from ~DERAMADA/snort3:h2i_header_decode_error_abort to master
Squashed commit of the following:
commit
e68cab344dfd15d2c1abbfb214409c6c22d0c741
Author: deramada <deramada@cisco.com>
Date: Tue Oct 15 15:40:55 2019 -0400
http2_inspect: abort on header decode error
Russ Combs (rucombs) [Tue, 22 Oct 2019 13:54:56 +0000 (09:54 -0400)]
Merge pull request #1806 in SNORT/snort3 from ~STECHEW/snort3:handle_invalid_acks_v2 to master
Squashed commit of the following:
commit
a8ff46342ba2547b7bef27e529013a047aff6f22
Author: Steve Chew <stechew@cisco.com>
Date: Thu Oct 17 14:47:10 2019 -0400
stream_tcp: If no-ack is on, rewrite ACK value to be the expected ACK.
Shravan Rangarajuvenkata (shrarang) [Tue, 22 Oct 2019 13:24:20 +0000 (09:24 -0400)]
Merge pull request #1808 in SNORT/snort3 from ~SHRARANG/snort3:appid_inferred_svc_versioning to master
Squashed commit of the following:
commit
ca9b2578a0e6377aa4a66edc1358f2652e88ae1d
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Oct 18 16:34:32 2019 -0400
appid: check inferred services in host cache only if there were updates
Shravan Rangarajuvenkata (shrarang) [Fri, 18 Oct 2019 16:25:21 +0000 (12:25 -0400)]
Merge pull request #1803 in SNORT/snort3 from ~SATHIRKA/snort3:userappid_conf to master
Squashed commit of the following:
commit
cdab8058b0bd8ef59923dc978d09e279e5f0b8bc
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Oct 16 11:37:05 2019 -0400
appid: Updating the path to userappid.conf
Michael Altizer (mialtize) [Fri, 18 Oct 2019 13:43:52 +0000 (09:43 -0400)]
Merge pull request #1801 in SNORT/snort3 from ~SMINUT/snort3:retry_packet_daq_instance to master
Squashed commit of the following:
commit
7ffb11965cb72af79bb9b3360a3baa07c1bb873e
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Oct 15 13:37:57 2019 -0400
packet_io: do not retry packets that do not have a daq instance.
Mike Stepanek (mstepane) [Thu, 17 Oct 2019 19:54:44 +0000 (15:54 -0400)]
Merge pull request #1805 in SNORT/snort3 from ~THOPETER/snort3:nhttp127 to master
Squashed commit of the following:
commit
35c95333f95722ba5b344d34c073c3734317adb2
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Oct 17 14:43:45 2019 -0400
http_inspect: add more config initializers
Mike Stepanek (mstepane) [Thu, 17 Oct 2019 19:54:04 +0000 (15:54 -0400)]
Merge pull request #1804 in SNORT/snort3 from ~THOPETER/snort3:http2_variable_split to master
Squashed commit of the following:
commit
13aadca7891842643dc3fcbd4aef7ed396c0b875
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 16 16:59:10 2019 -0400
http2_inspect: stop sharing a variable between scan and reassemble
Mike Stepanek (mstepane) [Thu, 17 Oct 2019 14:41:56 +0000 (10:41 -0400)]
Merge pull request #1798 in SNORT/snort3 from ~KATHARVE/snort3:h2i_static_new to master
Squashed commit of the following:
commit
c7410c95a1982c8c5f9cf4300a5474f4ea595683
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Oct 14 13:00:46 2019 -0400
http2_inspect: decode indexed header fields in the HPACK static table
Mike Stepanek (mstepane) [Tue, 15 Oct 2019 19:29:22 +0000 (15:29 -0400)]
Merge pull request #1800 in SNORT/snort3 from ~NIHDESAI/snort3:ftp_warn to master
Squashed commit of the following:
commit
450926ec637f648f53a007f0dd92e2c940cf702b
Author: Nihal Desai <nihdesai@cisco.com>
Date: Tue Oct 15 02:15:08 2019 -0400
ftp: fix for missing prototype warning
Michael Altizer (mialtize) [Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)]
Merge pull request #1795 in SNORT/snort3 from ~MIALTIZE/snort3:namespace to master
Squashed commit of the following:
commit
9aab09747acdbb68c1f95d6a6b5a7cfd44d9dd32
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 9 16:42:57 2019 -0400
mime: Put MailLogConfig in the snort namespace
commit
f5628e7cbae4b8e68b2f66161e11c7b38fbfe234
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 9 16:42:27 2019 -0400
file_api: Put FileCapture in the snort namespace
commit
cc82c6f0aa7db229675ab4f255892d8efaa109d3
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Oct 9 14:49:12 2019 -0400
build: Clean up snort namespace usage
Steve Chew (stechew) [Mon, 14 Oct 2019 17:36:03 +0000 (13:36 -0400)]
Merge pull request #1794 in SNORT/snort3 from ~STECHEW/snort3:binder_use_snort_config to master
Squashed commit of the following:
commit
b50a46e6042a01c0b9bfeaa451f072bf4f5bd1c3
Author: Steve Chew <stechew@cisco.com>
Date: Fri Oct 11 14:43:41 2019 -0400
binder: Use reloaded snort config when getting inspector.
Mike Stepanek (mstepane) [Mon, 14 Oct 2019 16:19:18 +0000 (12:19 -0400)]
Merge pull request #1796 in SNORT/snort3 from ~THOPETER/snort3:h2i1 to master
Squashed commit of the following:
commit
96da272489408884f09cff1c6c7960b19dcc5a4a
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 9 17:15:58 2019 -0400
http2_inspect: Move HPACK decompression out of stream splitter into a separate class.
Mike Stepanek (mstepane) [Mon, 14 Oct 2019 14:55:33 +0000 (10:55 -0400)]
Merge pull request #1792 in SNORT/snort3 from ~DERAMADA/snort3:h2i_abort_bad_preface to master
Squashed commit of the following:
commit
fbb4311a964018530e8880d0b5080be3238ae2cf
Author: deramada <deramada@cisco.com>
Date: Wed Oct 9 13:39:12 2019 -0400
http2_inspect: Abort on bad connection preface
Mike Stepanek (mstepane) [Mon, 14 Oct 2019 14:21:27 +0000 (10:21 -0400)]
Merge pull request #1782 in SNORT/snort3 from ~NIHDESAI/snort3:ftp_leak to master
Squashed commit of the following:
commit
2cf5fb38604fcb5c90504db35b0b7086dbb120ea
Author: Nihal Desai <nihdesai@cisco.com>
Date: Mon Sep 23 08:17:46 2019 -0400
ftp: catch invalid server command format
Shravan Rangarajuvenkata (shrarang) [Fri, 11 Oct 2019 18:58:19 +0000 (14:58 -0400)]
Merge pull request #1742 in SNORT/snort3 from ~CLJUDGE/snort3:set_payload_unknown_if_no_tls_host to master
Squashed commit of the following:
commit
f06c11626ed3bc09d801b4b589d4c6b9ed51f00a
Author: cljudge <cljudge@cisco.com>
Date: Thu Sep 12 03:13:54 2019 -0400
appid: for ssl sessions, set payload id to unknown after ssl handshake is done if the payload id was not not found
Mike Stepanek (mstepane) [Thu, 10 Oct 2019 18:50:35 +0000 (14:50 -0400)]
Merge pull request #1791 in SNORT/snort3 from ~THOPETER/snort3:http2_cleanup to master
Squashed commit of the following:
commit
a36d5d0cb46a91592a7edbf061f9af4c9ee7beae
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 9 16:47:52 2019 -0400
http2_inspect: cleanup
Mike Stepanek (mstepane) [Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)]
Merge pull request #1784 in SNORT/snort3 from ~DERAMADA/snort3:h2i_discard_conn_preface to master
Squashed commit of the following:
commit
a00aa7fc98836c50c94cdac9d6cab856eba2ffb1
Author: deramada <deramada@cisco.com>
Date: Mon Oct 7 09:07:56 2019 -0400
http2_inspect: discard connection preface
Mike Stepanek (mstepane) [Wed, 9 Oct 2019 17:04:38 +0000 (13:04 -0400)]
Merge pull request #1783 in SNORT/snort3 from ~DAVMCPHE/snort3:packet_object_init to master
Squashed commit of the following:
commit
74aa43b0bc78b8747eb8a65f8f166390bae6e14a
Author: davis mcpherson <davmcphe@cisco.com>
Date: Mon Oct 7 10:48:34 2019 -0400
packet: ensure all member variables of the Packet class are initialized at instantiation and when an instance is reset
Mike Stepanek (mstepane) [Wed, 9 Oct 2019 14:21:41 +0000 (10:21 -0400)]
Merge pull request #1788 in SNORT/snort3 from ~MSTEPANE/snort3:build_262 to master
Squashed commit of the following:
commit
6c381d2eb2aaf2ba82d7ad0aaab1cd4efb252bf5
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Oct 9 08:37:27 2019 -0400
build: generate and tag build 262
Amarnath Sathyanarayanan (amsathya) [Tue, 8 Oct 2019 22:06:34 +0000 (18:06 -0400)]
Merge pull request #1786 in SNORT/snort3 from ~RUTIAN/snort3:identity to master
Squashed commit of the following:
commit
db0e98c934e4c092a3a7f6f77c75d8da3752c925
Author: Ruiqi Tian <rutian@cisco.com>
Date: Tue Oct 8 11:11:53 2019 -0400
snort2lua: remove identity related options from firewall
Mike Stepanek (mstepane) [Tue, 8 Oct 2019 19:59:19 +0000 (15:59 -0400)]
Merge pull request #1781 in SNORT/snort3 from ~SMINUT/snort3:port_filtering to master
Squashed commit of the following:
commit
2c0edc886d3066a8543de6df6e9fd80cea677905
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 4 16:23:21 2019 -0400
helpers: implement port exclusion in discovery filter.
Mike Stepanek (mstepane) [Tue, 8 Oct 2019 18:17:05 +0000 (14:17 -0400)]
Merge pull request #1735 in SNORT/snort3 from ~DAVMCPHE/snort3:flow_object_allocation to master
Squashed commit of the following:
commit
3b8ffbfb453e155f805ec859198ca08b945d0cdf
Author: davis mcpherson <davmcphe.cisco.com>
Date: Wed Sep 4 10:57:08 2019 -0400
flow: patch to allocate Flow objects individually on demand. Once allocated the Flow objects are reused until snort exits or reload changes the max_flows setting
Steve Chew (stechew) [Tue, 8 Oct 2019 18:09:06 +0000 (14:09 -0400)]
Merge pull request #1770 in SNORT/snort3 from ~BBANTWAL/snort3:snort2lua_port_bindings to master
Squashed commit of the following:
commit
be613587a79866a0f0c462759eb85bb94aea107a
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Fri Sep 27 02:00:27 2019 -0400
snort2lua: convert snort2 port bindings into snort3 service bindings for inspectors configured in wizard and add --bind-port option to enable port bindings conversion
Mike Stepanek (mstepane) [Tue, 8 Oct 2019 17:54:07 +0000 (13:54 -0400)]
Merge pull request #1768 in SNORT/snort3 from ~KATHARVE/snort3:h2i_decode_string_literals to master
Squashed commit of the following:
commit
c2a9ef959b7ecda8405591d9f53b041b6b06cec1
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Sep 5 08:49:22 2019 -0400
http2_inspect: parse hpack header representations and decode string literals
Michael Altizer (mialtize) [Tue, 8 Oct 2019 15:23:53 +0000 (11:23 -0400)]
Merge pull request #1785 in SNORT/snort3 from ~MIALTIZE/snort3:cksum_alignment to master
Squashed commit of the following:
commit
e4482a20e1e3c5720bd83d999baba9e6baffe5da
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Oct 7 15:13:32 2019 -0400
codecs: Fix checksumming a single byte of unaligned data
Mike Stepanek (mstepane) [Fri, 4 Oct 2019 22:07:38 +0000 (18:07 -0400)]
Merge pull request #1776 in SNORT/snort3 from ~KATHARVE/snort3:h2i_cut_frame_headers to master
Squashed commit of the following:
commit
ae747d91590506059c321c77bbc3eaf803c82b96
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 2 14:15:06 2019 -0400
http2_inspect: cut headers from frame_data buffer
Mike Stepanek (mstepane) [Fri, 4 Oct 2019 18:09:44 +0000 (14:09 -0400)]
Merge pull request #1779 in SNORT/snort3 from ~DERAMADA/snort3:h2i_validate_connection_preface to master
Squashed commit of the following:
commit
7391aa89fb2f7b2c274ec8966c63fa22b2f86b27
Author: deramada <deramada@cisco.com>
Date: Wed Oct 2 15:29:09 2019 -0400
http2_inspect: validate connection preface
Mike Stepanek (mstepane) [Fri, 4 Oct 2019 18:01:56 +0000 (14:01 -0400)]
Merge pull request #1767 in SNORT/snort3 from ~MASHASAN/snort3:zone_fitering to master
Squashed commit of the following:
commit
c4da727760f9b485dd4cc83f936ed70efeeb2225
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Sep 25 07:43:54 2019 -0400
discovery_filter: Supporting zone matching
Russ Combs (rucombs) [Thu, 3 Oct 2019 18:20:27 +0000 (14:20 -0400)]
Merge pull request #1755 in SNORT/snort3 from ~RUCOMBS/snort3:rule_mode to master
Squashed commit of the following:
commit
ea9b22df4fe34ec6b5443de7ad700676cd7ece65
Author: russ <rucombs@cisco.com>
Date: Wed Oct 2 15:07:43 2019 -0400
detection: map file rules to services
alert file and service:file rules will be loaded as if written:
alert * ( service:ftp-data, netbios-ssn, http, pop3, imap, smtp, user )
This only applies to rules w/o services. With file rules folded
into service groups, we can avoid a separate, and usually extra,
file_data search. The 'user' service is required for stream_file
support.
commit
4fc36a4a5813b0e862fd9059c8f409bfe7bd9fee
Author: russ <rucombs@cisco.com>
Date: Thu Sep 26 13:59:46 2019 -0400
detection: update trace to indicate eval task
commit
bab6812cb2fa5596c6cbe3c970c89d599c9814b2
Author: russ <rucombs@cisco.com>
Date: Sun Sep 22 10:45:09 2019 -0400
detection: non-service rules must match on rule header proto
commit
70c9e81d2a87fe01e40e13a400c5a8c6dae29847
Author: russ <rucombs@cisco.com>
Date: Sat Sep 21 19:43:07 2019 -0400
detection: consistently prefer service rules over port rules
commit
2d6092ffce0913a81440dbac11a0aab2c53527c6
Author: russ <rucombs@cisco.com>
Date: Fri Sep 20 15:31:56 2019 -0400
detection: do not split service groups by ip proto to avoid extra searches
commit
5e35f65a17de82034d5e48a2810abd4edd6d2a68
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 21:19:30 2019 -0400
detection: support alert file rules w/o optional services
commit
27d3cf25ecc4727468143df5a3c1a7d881982a27
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 14:36:08 2019 -0400
detection: use reference for signature eval data
commit
6cb9fffea37f2f521365927d5098a2ae2f2b8c8c
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 14:29:04 2019 -0400
detection: remove unnecessary match data from eval context
commit
763aa8a73cd15869b8e6f9de0a7908e28404e65c
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 14:12:20 2019 -0400
detection: remove the inappropriate match tracker from mpse batch setup
commit
e1342b186cf4bb026c1137fce73f7bdebb525291
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 13:43:30 2019 -0400
detection: remove more cruft from match tracker
This breaks alert file rules rules which do not contain services but fixes
the case where alert tcp and alert file coexist in the same FP FSM and
the service match should override port checks. The new breakage must
be fixed differently.
commit
62e271f85b925b7f6eb3b29d68c3459533bf7bfe
Author: russ <rucombs@cisco.com>
Date: Wed Sep 18 12:36:05 2019 -0400
detection: remove cruft from match accumulator
Shravan Rangarajuvenkata (shrarang) [Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)]
Merge pull request #1777 in SNORT/snort3 from ~SATHIRKA/snort3:bittorrent_std_port to master
Squashed commit of the following:
commit
149109cf966db56b7b1e9f63cea33dfe0b8c682c
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Oct 2 12:40:10 2019 -0400
appid: Add support for bittorrent detection over standard ports
Steve Chew (stechew) [Thu, 3 Oct 2019 14:17:45 +0000 (10:17 -0400)]
Merge pull request #1771 in SNORT/snort3 from ~STECHEW/snort3:noack_seq_fix to master
Squashed commit of the following:
commit
0f6d170ece2f36aeca31002ef6e7745c42d434a9
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 19 14:54:53 2019 -0400
libtcp: Turn off no-ack mode if packet is out of order.
Mike Stepanek (mstepane) [Thu, 3 Oct 2019 11:57:56 +0000 (07:57 -0400)]
Merge pull request #1778 in SNORT/snort3 from ~THOPETER/snort3:small_seg4 to master
Squashed commit of the following:
commit
916155bb5155a0f6985f0225f0718cba1013a705
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Oct 2 12:06:04 2019 -0400
stream: clean up cppcheck warnings
Michael Altizer (mialtize) [Tue, 1 Oct 2019 18:00:50 +0000 (14:00 -0400)]
Merge pull request #1760 in SNORT/snort3 from ~MIALTIZE/snort3:decode_data to master
Squashed commit of the following:
commit
1d85480c83ac1167b16c01b34c6bc992a86f381e
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Sep 16 21:09:22 2019 -0400
codecs: Use checksum validation from DAQ packet decode data when available
Supported protocols include IP, ICMP, ICMPv6, TCP, and UDP.
commit
a42a81e8ca5e9c2950dc0c7762dd1b9cf3d052d4
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Sep 23 17:25:43 2019 -0400
protocols: Remove reference to obsolete DAQ_PKT_FLAG_HW_TCP_CS_GOOD flag
commit
8ffb5eeca3196e783a89f07ff2a1bd13037c2f25
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 16:45:05 2019 -0400
unit-tests: Fix compiler warnings that snuck into CppUTest unit tests
Mike Stepanek (mstepane) [Tue, 1 Oct 2019 14:56:05 +0000 (10:56 -0400)]
Merge pull request #1774 in SNORT/snort3 from ~THOPETER/snort3:small_seg3 to master
Squashed commit of the following:
commit
48284a400a9d8f852f529a5439ab7bf4178756bb
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Sep 27 15:26:18 2019 -0400
stream: clean up update_direction
Mike Stepanek (mstepane) [Mon, 30 Sep 2019 19:40:49 +0000 (15:40 -0400)]
Merge pull request #1773 in SNORT/snort3 from ~MMATIRKO/snort3:lua_whitespace_fix to master
Squashed commit of the following:
commit
5ac2c1b82fda46a734a1de9db83fad8576a4d1d2
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Sep 30 11:41:06 2019 -0400
lua: fixed whitespace to match style guidelines
Mike Stepanek (mstepane) [Mon, 30 Sep 2019 14:38:33 +0000 (10:38 -0400)]
Merge pull request #1772 in SNORT/snort3 from ~MMATIRKO/snort3:luajit_segv_changes to master
Squashed commit of the following:
commit
8c227975324878d84517fba99ae8a4710f24c5ac
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Sep 30 09:41:11 2019 -0400
ips_options: minor code style changes
projects / thirdparty / snort3.git / log
