]>
git.ipfire.org Git - thirdparty/snort3.git/log
Mike Stepanek (mstepane) [Fri, 27 Sep 2019 16:32:18 +0000 (12:32 -0400)]
Merge pull request #1769 in SNORT/snort3 from ~THOPETER/snort3:small_seg2 to master
Squashed commit of the following:
commit
9e8b9922d6aa9046b0eaa320af3d35679698060a
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Sep 19 17:04:44 2019 -0400
stream: cleanup
Mike Stepanek (mstepane) [Thu, 26 Sep 2019 19:20:52 +0000 (15:20 -0400)]
Merge pull request #1764 in SNORT/snort3 from ~MMATIRKO/snort3:luajit_segv to master
Squashed commit of the following:
commit
5673dcacb025089db520ffcd8e87bf217ee59f8e
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Sep 24 13:36:00 2019 -0400
lua: Added move constructor and move assignment operator to Lua::State to fix segv (CSCvn22329)
Russ Combs (rucombs) [Thu, 26 Sep 2019 18:04:57 +0000 (14:04 -0400)]
Merge pull request #1744 in SNORT/snort3 from ~BRASTULT/snort3:ber_fix to master
Squashed commit of the following:
commit
c365ed5d5002bd72805b213179b379a536595dfa
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri Sep 13 15:29:17 2019 -0400
utils: prevent integer overflow/underflow when reading BER elements
Steve Chew (stechew) [Wed, 25 Sep 2019 19:00:56 +0000 (15:00 -0400)]
Merge pull request #1765 in SNORT/snort3 from ~STECHEW/snort3:analyzer_pkth to master
Squashed commit of the following:
commit
d4054d8a659c22f5b66bf4b887e7f9812838540d
Author: Steve Chew <stechew@cisco.com>
Date: Tue Sep 24 10:35:09 2019 -0400
analyzer: Move setting pkth to nullptr to after publishing finalize event.
Michael Altizer (mialtize) [Wed, 25 Sep 2019 17:44:53 +0000 (13:44 -0400)]
Merge pull request #1763 in SNORT/snort3 from ~MIALTIZE/snort3:daq_msg_event to master
Squashed commit of the following:
commit
2d87ba3bb1e5352e3a7a3f48692cb9d2f93e5c1f
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Sep 24 08:22:43 2019 -0400
pub_sub: Replace DaqMetaEvent and OtherMessageEvent with DaqMessageEvent
Three events use this new shared event structure: DAQ_SOF_MSG_EVENT,
DAQ_EOF_MSG_EVENT, and DAQ_OTHER_MSG_EVENT.
Additionally, DAQ peg counts were added for SoF and EoF messages
received.
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Sep 2019 21:59:12 +0000 (17:59 -0400)]
Merge pull request #1748 in SNORT/snort3 from ~KAMURTHI/snort3:BT_Proxy to master
Squashed commit of the following:
commit
a4cef99d25b3cc5b4cf06e22175dcebafc7781b9
Author: kani <kamurthi@cisco.com>
Date: Sun Sep 15 20:58:30 2019 -0400
appid: extract forward ip from http tunneled traffic and use it for dynamic host cache lookup
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Sep 2019 19:07:30 +0000 (15:07 -0400)]
Merge pull request #1758 in SNORT/snort3 from ~KAMURTHI/snort3:DNS_QUERY to master
Squashed commit of the following:
commit
0c8de28d008b2812203326458452265f48fffeba
Author: kani <kamurthi@cisco.com>
Date: Mon Sep 23 11:39:21 2019 -0400
Appid: fix populating dns_query for DNS traffic
Steve Chew (stechew) [Tue, 24 Sep 2019 18:01:41 +0000 (14:01 -0400)]
Merge pull request #1753 in SNORT/snort3 from ~BBANTWAL/snort3:snort2lua_base64_data_fix to master
Squashed commit of the following:
commit
231cbf77f0673e00669d6d57410478d6ae1b8955
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Sep 19 13:06:10 2019 -0400
snort2lua: reset the sticky buffer name while converting unchanged sticky rule options and file_data
Michael Altizer (mialtize) [Tue, 24 Sep 2019 16:55:31 +0000 (12:55 -0400)]
Merge pull request #1761 in SNORT/snort3 from ~SBAIGAL/snort3:revert_map_change to master
Squashed commit of the following:
commit
2bd74d091178b75253934e1f51a7bb5bfc9130bf
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Sep 23 20:51:16 2019 -0400
binder: remove global check for stream inspectors and revert module_map changes
Mike Stepanek (mstepane) [Tue, 24 Sep 2019 14:20:05 +0000 (10:20 -0400)]
Merge pull request #1757 in SNORT/snort3 from ~SMINUT/snort3:reload_module_reputation to master
Squashed commit of the following:
commit
7fcf2e12927d6e6511d7d3b03efbbdc2f96ce0a0
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Sep 23 12:54:40 2019 -0400
reputation: prevent reload module crash when reputation is not configured in lua at startup.
Shravan Rangarajuvenkata (shrarang) [Tue, 24 Sep 2019 13:06:44 +0000 (09:06 -0400)]
Merge pull request #1746 in SNORT/snort3 from ~SHRARANG/snort3:appid_detector_callback to master
Squashed commit of the following:
commit
a288bcb656661f879362bb851eb8aba5425c3774
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Mon Sep 16 10:18:56 2019 -0400
appid: add support for Lua detector callback mechanism
Mike Stepanek (mstepane) [Tue, 24 Sep 2019 12:09:44 +0000 (08:09 -0400)]
Merge pull request #1759 in SNORT/snort3 from ~MASHASAN/snort3:doc_rewrite to master
Squashed commit of the following:
commit
5cc735dc0f949db2a177f35e6d45533a54122a8d
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Sep 23 14:12:29 2019 -0400
doc: Adding Snort2Lua note on ips rule action rewrite
Steve Chew (stechew) [Mon, 23 Sep 2019 22:20:16 +0000 (18:20 -0400)]
Merge pull request #1750 in SNORT/snort3 from ~SBAIGAL/snort3:global_service to master
Squashed commit of the following:
commit
678613c91efb1772aa6bec5abcf0c849e99e83cb
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Sep 17 15:52:10 2019 -0400
binder: allow binder to support global level service inspectors
removed unused function get_type()
add module map
Shravan Rangarajuvenkata (shrarang) [Mon, 23 Sep 2019 21:49:10 +0000 (17:49 -0400)]
Merge pull request #1752 in SNORT/snort3 from ~SATHIRKA/snort3:bittorrent_wildcard to master
Squashed commit of the following:
commit
e2525bc26e3155a88b92665efc8fd466daae33eb
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Sep 18 15:58:20 2019 -0400
appid: Add support for wildcard ports in host tracker
Michael Altizer (mialtize) [Mon, 23 Sep 2019 19:02:10 +0000 (15:02 -0400)]
Merge pull request #1745 in SNORT/snort3 from ~BBANTWAL/snort3:expect_cache_fix to master
Squashed commit of the following:
commit
d7228380a4b95305ea45e59b14087af1b9b95a6e
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Sep 12 14:16:13 2019 -0400
flow: check if control packet has a valid daq instance before setting up daq expected flow and add pegcounts for expected flows
Mike Stepanek (mstepane) [Mon, 23 Sep 2019 17:38:12 +0000 (13:38 -0400)]
Merge pull request #1747 in SNORT/snort3 from ~MMATIRKO/snort3:reputation_blacklist_fix to master
Squashed commit of the following:
commit
3f5f03db34f988fee415252cf6fd50b383799ec3
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Sep 11 14:32:25 2019 -0400
reputation: SIDs for source and destination-triggered events added
Mike Stepanek (mstepane) [Mon, 23 Sep 2019 17:36:18 +0000 (13:36 -0400)]
Merge pull request #1749 in SNORT/snort3 from ~SMINUT/snort3:ips_reload to master
Squashed commit of the following:
commit
97392e8fcbcb1397b8c5838f557574da8472cec0
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Sep 17 16:17:24 2019 -0400
managers: add null check in reload_module to prevent crash when trying to reload module that has not been configured.
Mike Stepanek (mstepane) [Fri, 20 Sep 2019 16:40:59 +0000 (12:40 -0400)]
Merge pull request #1754 in SNORT/snort3 from ~THOPETER/snort3:small_seg to master
Squashed commit of the following:
commit
89c55ebeecd380736f5caa3a63a3d18f0835ae49
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Sep 19 11:49:18 2019 -0400
stream: cleanup
Steve Chew (stechew) [Wed, 18 Sep 2019 12:04:57 +0000 (08:04 -0400)]
Merge pull request #1741 in SNORT/snort3 from ~STECHEW/snort3:profiler_output to master
Squashed commit of the following:
commit
623c678d5fc25492f98cd58c27e2c99cbb804552
Author: Steve Chew <stechew@cisco.com>
Date: Tue Sep 10 10:15:16 2019 -0400
profiler: Increase width of checks and alloc fields so values don't run together
Steve Chew (stechew) [Sun, 15 Sep 2019 16:04:45 +0000 (12:04 -0400)]
Merge pull request #1743 in SNORT/snort3 from ~STECHEW/snort3:prune_unis_fix to master
Squashed commit of the following:
commit
544acc5afc312a7aea9c35d726171e52c2edc2d2
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 12 21:50:36 2019 -0400
flow: When walking uni_list stop before reaching head.
Steve Chew (stechew) [Fri, 13 Sep 2019 18:50:05 +0000 (14:50 -0400)]
Merge pull request #1734 in SNORT/snort3 from ~SBAIGAL/snort3:unknown_daq_pkt_evt to master
Squashed commit of the following:
commit
3d5082836611e94807b296bfb9ea0f2321c5a069
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Sep 3 13:52:16 2019 -0400
analyzer: publish other message event for unknown DAQ messages
made updated on comments
made changes based on comments
Michael Altizer [Thu, 12 Sep 2019 23:40:29 +0000 (19:40 -0400)]
build: Generate and tag build 261
Michael Altizer (mialtize) [Tue, 10 Sep 2019 16:53:46 +0000 (12:53 -0400)]
Merge pull request #1740 in SNORT/snort3 from ~SHRARANG/snort3:update_style_guide to master
Squashed commit of the following:
commit
87a8513592b7e3bde471a0c536cdd6e01958b9d5
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Sep 10 09:19:39 2019 -0400
style: update link for google c++ style guide
Mike Stepanek (mstepane) [Tue, 10 Sep 2019 16:31:19 +0000 (12:31 -0400)]
Merge pull request #1733 in SNORT/snort3 from ~SMINUT/snort3:rna_update_timeout to master
Squashed commit of the following:
commit
e082dd186ee53898cb90b31d7b426cd277afd2f1
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Sep 5 12:41:00 2019 -0400
rna: generate an RNA_EVENT_CHANGE when a host is seen after the last log event and the current time is past the update timeout.
rna: lock when returning last_seen and last_event in host tracker and add peg counts for RnaIdleEventHandler.
rna: pass cond_var to the rna log functions, as per snort 2.
rna: make generation of a CHANGE_HOST_UPDATE event from idle, configurable.
rna: change RnaLoggerEvent::cond_var from time_t to void* because SfUnified2LoggerRNA::rna_serialize() already takes a void* as cond_var.
rna: pass host tracker IP address rather than NULL when calling generate_change_host_update from idle.
rna: supress unused variable message in RnaIdleEventHandle::handle().
rna: address reviewers' comments.
Russ Combs (rucombs) [Mon, 9 Sep 2019 22:04:40 +0000 (18:04 -0400)]
Merge pull request #1732 in SNORT/snort3 from ~RUCOMBS/snort3:rule_statez to master
Squashed commit of the following:
commit
8f66afffc52f4eecc0436d23359f2eccd3ff18f2
Author: russ <rucombs@cisco.com>
Date: Wed Sep 4 17:53:18 2019 -0400
doc: add bullets for $var parameter names and maxXX limits.
commit
ff4bca6a07a6b5446332ce0d41272b9299f08998
Author: russ <rucombs@cisco.com>
Date: Wed Sep 4 16:59:12 2019 -0400
rule_state: switch from regex parameter names to simpler parsing
Performance when loading large rule sets (20K+ rules) with regex is unacceptable.
Switch from regex to $var parameter names with name matching delegated to module.
In this case, $gid_sid is used for rule_state["1:23456"] type configurations. As
you might have guessed, $ indicates parameters with variable names.
Mike Stepanek (mstepane) [Mon, 9 Sep 2019 19:53:14 +0000 (15:53 -0400)]
Merge pull request #1738 in SNORT/snort3 from ~THOPETER/snort3:nhttp125 to master
Squashed commit of the following:
commit
66eaee24b9d6e8f3b8073ecd88e4ba9799c80fc3
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jul 8 12:17:04 2019 -0400
http_inspect: accelerated blocking for chunked message bodies
Mike Stepanek (mstepane) [Mon, 9 Sep 2019 16:50:58 +0000 (12:50 -0400)]
Merge pull request #1728 in SNORT/snort3 from ~MASHASAN/snort3:filter_rna_events to master
Squashed commit of the following:
commit
15a663184d9fc02316049b28f071efa7ee986695
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Aug 27 12:30:24 2019 -0400
rna: Support for filtering rna events by host ip
Shravan Rangarajuvenkata (shrarang) [Mon, 9 Sep 2019 16:15:09 +0000 (12:15 -0400)]
Merge pull request #1731 in SNORT/snort3 from ~KAMURTHI/snort3:FTP_multi_split_resp to master
Squashed commit of the following:
commit
cfd2c0bea4045d59846a71a51070047d46dbd708
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Tue Sep 3 16:29:52 2019 -0400
appid: ftp banners on multiple packets with split response code
Michael Altizer (mialtize) [Sat, 7 Sep 2019 14:31:14 +0000 (10:31 -0400)]
Merge pull request #1737 in SNORT/snort3 from ~MIALTIZE/snort3:unversioned_safec to master
Squashed commit of the following:
commit
08aa510f3ae6d74ebd81023b0ef2ecf480d92c9d
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 11:55:17 2019 -0400
safec: Update CMake logic for unversioned LibSafeC pkg-config name
Thanks to Noah Dietrich <noah_dietrich@86penny.org> for reporting the issue.
Michael Altizer (mialtize) [Sat, 7 Sep 2019 14:31:05 +0000 (10:31 -0400)]
Merge pull request #1736 in SNORT/snort3 from ~MIALTIZE/snort3:cppcheck to master
Squashed commit of the following:
commit
dada26623785e41c11f66ce9fb24e0bffebba151
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 10:55:52 2019 -0400
build: Address miscellaneous cppcheck warnings
commit
48e3dffc6605b916b555134c60fb12e5f131ee1f
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Sep 6 10:34:46 2019 -0400
build: Const-ify reference arguments as suggested by cppcheck
Mike Stepanek (mstepane) [Thu, 5 Sep 2019 14:48:54 +0000 (10:48 -0400)]
Merge pull request #1730 in SNORT/snort3 from ~THOPETER/snort3:ab_stream_fix to master
Squashed commit of the following:
commit
feed2122124b63c3e13561585d63ddcf1d841094
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Sep 3 17:41:31 2019 -0400
stream: fix problem with accelerated blocking partial inspection
Davis McPherson (davmcphe) [Wed, 4 Sep 2019 19:54:05 +0000 (15:54 -0400)]
Merge pull request #1729 in SNORT/snort3 from ~DAVMCPHE/snort3:snort2lua_fix_ignored to master
Squashed commit of the following:
commit
2abe3e6fc16fa0bf6b217dbb72bf05b4b7a2b361
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Sep 3 12:22:37 2019 -0400
snort2lua: only emit max_flows and pruning_timeout options in converted lua file if the option is used in the snort2 conf file
Shravan Rangarajuvenkata (shrarang) [Wed, 4 Sep 2019 19:15:15 +0000 (15:15 -0400)]
Merge pull request #1727 in SNORT/snort3 from ~SATHIRKA/snort3:ssl_api to master
Squashed commit of the following:
commit
9e2b9339305b910ea4c0d7285f1829d5c64716ca
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Aug 30 11:26:03 2019 -0400
appid: Enabled API for SSL to lookup appid
Mike Stepanek (mstepane) [Wed, 4 Sep 2019 12:58:58 +0000 (08:58 -0400)]
Merge pull request #1726 in SNORT/snort3 from ~MMATIRKO/snort3:bidirectional_icmp_ip_udp to master
Squashed commit of the following:
commit
289756992b5a373f05a074032f694528a0916ef7
Author: Michael Matirko <mmatirko@cisco.com>
Date: Fri Aug 30 11:49:44 2019 -0400
rna: support for bidirectional flow with UDP, IP, and ICMP traffic
Michael Altizer (mialtize) [Tue, 3 Sep 2019 13:54:50 +0000 (09:54 -0400)]
Merge pull request #1721 in SNORT/snort3 from ~MIALTIZE/snort3:retry to master
Squashed commit of the following:
commit
5ce3c7346368e240487ad6f7f89534a6c27fdc4d
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Aug 27 12:57:52 2019 -0400
managers: Make InspectorManager::thread_stop() a no-op if thread_init() was never called
This can happen if the DAQ instance start attempt fails and the Analyzer
thread is forced to terminate early.
commit
cadf42eac5fd50c78c471ea6a973b391f7813d7a
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Jul 26 15:53:57 2019 -0400
analyzer: Process retry queue and onloads when no DAQ messages are received
Additionally, limit the retry queue such that messages will be dropped
instead if queuing them would drop the available pool below the batch
size (totally arbitrary) and add retry queue peg counts.
Also, fix the detection packet count (and thus get_packet_number()) to
include retried packets. This does remove the total_from_daq count, which
should be reimplemented in the SFDAQ module peg counts.
Mike Stepanek (mstepane) [Tue, 3 Sep 2019 12:42:25 +0000 (08:42 -0400)]
Merge pull request #1720 in SNORT/snort3 from ~KATHARVE/snort3:http2_framework to master
Squashed commit of the following:
commit
513ce97b05f7efc8d49df200bf7f26bd4bc3afb2
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 30 14:17:29 2019 -0400
modify event enum names and correctly handle preface split multile across tcp packets
commit
f209fca6eaa6825f627d87f76321c41cc95a0ec7
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 30 11:37:22 2019 -0400
fix data length in unit test
commit
b1da12736d0576d1004d8320dcdda6e9e66fccb0
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 22:59:47 2019 -0400
update unit test to avoid adding another spelling exception
commit
687d7c7f9e827c283962d991ef25a738f9c25c82
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 17:19:14 2019 -0400
address more comments
commit
5ee375bae4390516802cef80e69b2da16df1726f
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 17:15:49 2019 -0400
fix bug in scan - it wasn't actually searching until the end of data frames
commit
039c6513104af4116d51e3e72ddf570f581eda90
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 29 10:36:10 2019 -0400
fix comment
commit
b7f2c09c64a7c6db49351dd53bb2c5f2ebed0215
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Aug 28 10:48:57 2019 -0400
address first batch of comments
commit
559e6de2c803bb2bd09179624ac7b35d59b060f1
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Aug 27 10:42:42 2019 -0400
code cleanup
commit
918fb7e2de8533fb3e9f14f3c5488757abd1be95
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Aug 26 21:19:03 2019 -0400
http2_inspect: send raw encoded headers to detection
Steve Chew (stechew) [Wed, 28 Aug 2019 16:21:24 +0000 (12:21 -0400)]
Merge pull request #1722 in SNORT/snort3 from ~SBAIGAL/snort3:wiz_spell_err to master
Squashed commit of the following:
commit
e114bc47be63d99391eda8cdab62e5a4fd6b0757
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Aug 28 09:34:31 2019 -0400
binder: updated a spelling error from comment
Mike Stepanek (mstepane) [Wed, 28 Aug 2019 14:33:50 +0000 (10:33 -0400)]
Merge pull request #1723 in SNORT/snort3 from ~MSTEPANE/snort3:build_260 to master
Squashed commit of the following:
commit
41a75d86345ce115175322b3697abeb68bda9bda
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Aug 28 09:10:03 2019 -0400
Build 260
Steve Chew (stechew) [Tue, 27 Aug 2019 20:28:22 +0000 (16:28 -0400)]
Merge pull request #1719 in SNORT/snort3 from ~SBAIGAL/snort3:wiz_restart to master
Squashed commit of the following:
commit
614ef5ef2ffb2a683bd8574c5f6a124f42e17544
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Aug 2 14:18:37 2019 -0400
binder: updated change_service event to support service reset via wizard
removed switch to wizard event and use null service to reset
Mike Stepanek (mstepane) [Tue, 27 Aug 2019 15:20:02 +0000 (11:20 -0400)]
Merge pull request #1699 in SNORT/snort3 from ~SMINUT/snort3:host_cache_derived_memcap to master
Squashed commit of the following:
commit
097b3573f23a1ddfc2176d7f2c68ad4fd613e818
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Aug 1 17:01:39 2019 -0400
host_tracker: derive LruCacheSharedMemcap from the general LruCacheShared that trakcs size in bytes, rather than number of items and instantiate host_cache from LruCacheSharedMemcap.
Shravan Rangarajuvenkata (shrarang) [Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)]
Merge pull request #1717 in SNORT/snort3 from ~KAMURTHI/snort3:TLSV13 to master
Squashed commit of the following:
commit
541a74e8d1c6a088dfd9971e433faaefdfcaed83
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Wed Aug 21 07:07:48 2019 -0400
appid: handle 'change cipher spec' in 'server hello' to allow some app detection for tls 1.3 traffic
Mike Stepanek (mstepane) [Mon, 26 Aug 2019 17:05:41 +0000 (13:05 -0400)]
Merge pull request #1703 in SNORT/snort3 from ~MASHASAN/snort3:rna_unified_log to master
Squashed commit of the following:
commit
35a9980eefe2fe7848bd936e77a66d90e8a603a3
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Aug 6 09:30:45 2019 -0400
rna: Support for rna unified2 logging
Mike Stepanek (mstepane) [Mon, 26 Aug 2019 13:33:26 +0000 (09:33 -0400)]
Merge pull request #1716 in SNORT/snort3 from ~KATHARVE/snort3:remove_pkt_data to master
Squashed commit of the following:
commit
616c7aee55b2e0a239577a3c6430ef0a11d13d22
Author: Mike Redden <miredden@cisco.com>
Date: Fri Aug 16 13:25:49 2019 -0400
http2_inspect: Remove pkt_data buffer option
Michael Altizer (mialtize) [Thu, 22 Aug 2019 21:33:17 +0000 (17:33 -0400)]
Merge pull request #1715 in SNORT/snort3 from ~DAVMCPHE/snort3:reload_adjust_cleanup to master
Squashed commit of the following:
commit
e18fe7cb30171778f1fa02e8744f8d16913473e6
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Aug 19 17:43:49 2019 -0400
reload: fix coding style issues, support multiple in progress analyzer commands, support associated AC state for execute method, move reload tune logic for ACSwap to the execute command
Mike Stepanek (mstepane) [Thu, 22 Aug 2019 15:14:19 +0000 (11:14 -0400)]
Merge pull request #1713 in SNORT/snort3 from ~NIHDESAI/snort3:small_segs to master
Squashed commit of the following:
commit
548c72921772fd15d7b263602ab5c6f03ea048ce
Author: russ <rucombs@cisco.com>
Date: Wed Jul 10 15:54:14 2019 -0400
stream_tcp: clear consecutive small segs count upon non-small segs only
Michael Altizer [Wed, 21 Aug 2019 18:02:23 +0000 (14:02 -0400)]
build: Generate and tag build 254
Michael Altizer (mialtize) [Mon, 19 Aug 2019 19:31:44 +0000 (15:31 -0400)]
Merge pull request #1681 in SNORT/snort3 from ~NEHASH4/snort3:CLI_DAQ_ANALYZER to master
Squashed commit of the following:
commit
92a97c04e110ddcf808fb0be4052d960ffba6699
Author: Neha Sharma <nehash4@cisco.com>
Date: Mon Aug 19 13:51:06 2019 -0400
analyzer_command: Import into snort namespace and add the ability to retrieve the DAQ instance from an Analyzer
Davis McPherson (davmcphe) [Sat, 17 Aug 2019 13:11:24 +0000 (09:11 -0400)]
Merge pull request #1709 in SNORT/snort3 from ~DDAHIPHA/snort3:reload_adjust_memcaps to master
Squashed commit of the following:
commit
5dd84ba87aebf1d021a4b1d16fdc866dc932fc69
Author: Devendra Dahiphale <ddahipha@cisco.com>
Date: Tue Aug 13 15:13:36 2019 -0400
main: Implement reload memcap framework
Michael Altizer [Thu, 15 Aug 2019 18:41:01 +0000 (14:41 -0400)]
time: Make TscClock fail to compile on non-x86/AArch64 systems
Shravan Rangarajuvenkata (shrarang) [Thu, 15 Aug 2019 14:30:29 +0000 (10:30 -0400)]
Merge pull request #1711 in SNORT/snort3 from ~SHRARANG/snort3:appid_discovery_ut_fix to master
Squashed commit of the following:
commit
dfbad8d2ee4434a1469deabf5ec2b9a5725ddbc4
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Aug 14 19:25:44 2019 -0400
appid: fix for discovery unit tests
Shravan Rangarajuvenkata (shrarang) [Wed, 14 Aug 2019 18:01:10 +0000 (14:01 -0400)]
Merge pull request #1710 in SNORT/snort3 from ~SHRARANG/snort3:appid_discovery_ut_fix to master
Squashed commit of the following:
commit
001260b7442e31e52de22676a5fe9a28f5f69f9c
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Aug 14 11:07:07 2019 -0400
appid: fix discovery unit test that was failing intermittently
Steve Chew (stechew) [Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)]
Merge pull request #1702 in SNORT/snort3 from ~BBANTWAL/snort3:ftp_resume_block to master
Squashed commit of the following:
commit
4f8f260b315d4150cc7817c37cf52cf6d0bf85a4
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Jul 29 09:59:26 2019 -0400
ftp_telnet: add support for ftp file resume block by calculating path hash used as file id
Mike Stepanek (mstepane) [Tue, 13 Aug 2019 13:44:59 +0000 (09:44 -0400)]
Merge pull request #1707 in SNORT/snort3 from ~THOPETER/snort3:nhttp124 to master
Squashed commit of the following:
commit
27b030443d276768e16bf92b5768e8f919796765
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Jul 30 12:21:47 2019 -0400
http2_inspect: add HI test tool
Mike Stepanek (mstepane) [Tue, 13 Aug 2019 13:26:21 +0000 (09:26 -0400)]
Merge pull request #1708 in SNORT/snort3 from ~KATHARVE/snort3:file_event to master
Squashed commit of the following:
commit
ae5ed70fc70d303bea716effcd6d4a66fb6d05a8
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 2 13:46:19 2019 -0400
file_api: generate events each time file is seen, not just first time
Shravan Rangarajuvenkata (shrarang) [Mon, 12 Aug 2019 23:26:37 +0000 (19:26 -0400)]
Merge pull request #1690 in SNORT/snort3 from ~KAMURTHI/snort3:BitTorrent-interval-check to master
Squashed commit of the following:
commit
fd2215d74037b7c5c4f5af1bd7613d24b9775539
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Thu Jul 25 12:15:05 2019 -0400
appid: support for bittorrent detection when UDP tracker packet arrives after the TCP resumed session has already started
Mike Stepanek (mstepane) [Mon, 12 Aug 2019 18:53:51 +0000 (14:53 -0400)]
Merge pull request #1704 in SNORT/snort3 from ~MMATIRKO/snort3:iprep_monitor to master
Squashed commit of the following:
commit
3e2f96ca0c53ebc5fa0df542a5b1df32be37e9df
Author: Michael Matirko <mmatirko@cisco.com>
Date: Fri Aug 2 16:48:10 2019 -0400
reputation: Fixed issues with reputation monitor
Davis McPherson (davmcphe) [Fri, 9 Aug 2019 13:56:13 +0000 (09:56 -0400)]
Merge pull request #1697 in SNORT/snort3 from ~PSHINDE2/snort3:port_sfxhash to master
Squashed commit of the following:
commit
6dd6e2dd11ee71ff13fa93664fa9b3baecf1460c
Author: Pratik Shinde <pshinde2@cisco.com>
Date: Thu Aug 1 16:00:57 2019 -0400
xhash: Ported sfxhash_change_memcap() from snort2 to snort3
George Koikara (gkoikara) [Thu, 8 Aug 2019 09:08:21 +0000 (05:08 -0400)]
Merge pull request #1639 in SNORT/snort3 from ~PSREENAT/snort3:cst to master
Squashed commit of the following:
commit
d84f9984ea8e3c851e35d15a1a2e1523abca9da3
Author: Prajwal Srinivas Sreenath <psreenat@cisco.com>
Date: Mon Jun 3 12:54:48 2019 -0400
flow: introduced variable for handling idle session timeouts and flag for actively pruning flows based on the expire_time
stream: updated the protocol setup and process logic of TCP,UDP,IP,ICMP and USER sessions for setting and updating idle session timeouts
George Koikara (gkoikara) [Thu, 8 Aug 2019 08:39:46 +0000 (04:39 -0400)]
Merge pull request #1698 in SNORT/snort3 from ~SMULKA/snort3:flow_log to master
Squashed commit of the following:
commit
117341d9134b8fd2d99b6bc81089fd5e3cb0dcc6
Author: smulka <smulka@cisco.com>
Date: Fri Aug 2 06:45:07 2019 -0400
flow: serviceability log
Mike Stepanek (mstepane) [Wed, 7 Aug 2019 20:47:27 +0000 (16:47 -0400)]
Merge pull request #1700 in SNORT/snort3 from ~KATHARVE/snort3:0_byte_workaround to master
Squashed commit of the following:
commit
83d922a1dc71b2f874e32ed35d2692598b3bc31a
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Jul 30 13:37:30 2019 -0400
http_inspect: remove 0-byte workaround
Amarnath Sathyanarayanan (amsathya) [Wed, 7 Aug 2019 18:05:47 +0000 (14:05 -0400)]
Merge pull request #1705 in SNORT/snort3 from ~AMSATHYA/snort3:identity_plugin to master
Squashed commit of the following:
commit
bb548cd89a07db9e05bdc0c67a8b424b55a4758c
Author: Ruiqi Tian <rutian@cisco.com>
Date: Mon Aug 5 20:04:06 2019 -0400
snort2lua: add identity section from firewall settings
Russ Combs (rucombs) [Fri, 2 Aug 2019 19:41:18 +0000 (15:41 -0400)]
Merge pull request #1682 in SNORT/snort3 from ~BRASTULT/snort3:ber to master
Squashed commit of the following:
commit
946ac40b14e4d79b740f31ce7589134e6fe77a68
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri Jul 5 18:43:10 2019 -0400
ips_options: add ber_data and ber_skip
George Koikara (gkoikara) [Fri, 2 Aug 2019 07:31:53 +0000 (03:31 -0400)]
Merge pull request #1652 in SNORT/snort3 from ~SMULKA/snort3:clean_stale_flow to master
Squashed commit of the following:
commit
51287fcbe9cef0d1018d30adb8a30fb54b7cc614
Author: smulka <smulka@cisco.com>
Date: Fri Jul 5 08:36:00 2019 -0400
flow: delete stale flow on receiving NEW_FLOW flag
Russ Combs (rucombs) [Wed, 31 Jul 2019 20:02:23 +0000 (16:02 -0400)]
Merge pull request #1695 in SNORT/snort3 from ~SMINUT/snort3:host_cache_restore to master
Squashed commit of the following:
commit
2c14aae82bd89276c312d31455ec645b3e998efb
Author: Silviu Minut <sminut@cisco.com>
Date: Tue Jul 30 17:14:02 2019 -0400
hash: add back size(), get_max_size() and remove() functions to lru_cache_shared.
hash: add unit test for explicitly testing get / set max size.
hash: fix style
Davis McPherson (davmcphe) [Wed, 31 Jul 2019 15:55:02 +0000 (11:55 -0400)]
Merge pull request #1668 in SNORT/snort3 from ~DAVMCPHE/snort3:single_flowCache to master
Squashed commit of the following:
commit
9ba243badce51f88109251156be8efaf97ff1c3c
Author: Devendra Dahiphale <ddahipha@cisco.com>
Date: Sun Jun 30 03:36:52 2019 -0400
Flow: make a single flow cache for all the protocols
flow: refactor flow config object to work with single flow cache concept
flow: if no 'get_ssn' handler configured then skip processing of the flow
flow: release session object allocated for a flow when the Flow object is reused and the PktType of the new flow is different from the previous use
stream: update checks for modified stream config to work with updates to stream config options
flow: refactor uni list managment into a separate class and instantiate an instance for ip flows and another for all non-ip flows
snort2lua: Combine proto specific cache options for max_session in one max_flows option
Russ Combs (rucombs) [Tue, 30 Jul 2019 23:02:05 +0000 (19:02 -0400)]
Merge pull request #1683 in SNORT/snort3 from ~RUCOMBS/snort3:stream_order to master
Squashed commit of the following:
commit
38f074eb0b674fc12887f3b866881885ea4159b9
Author: russ <rucombs@cisco.com>
Date: Sun Jul 21 12:31:36 2019 -0400
stream_tcp: fix 3-1-2 ordering markup
Davis McPherson (davmcphe) [Tue, 30 Jul 2019 19:16:43 +0000 (15:16 -0400)]
Merge pull request #1686 in SNORT/snort3 from ~SBAIGAL/snort3:noack_api to master
Squashed commit of the following:
commit
aae5c979ba07cd80103d0a5c05acbefca4840bfe
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Thu Jul 18 15:30:44 2019 -0400
stream_tcp: add API for switching no_ack mode
add assert to make sure the session is tcp
Mike Stepanek (mstepane) [Tue, 30 Jul 2019 16:04:59 +0000 (12:04 -0400)]
Merge pull request #1694 in SNORT/snort3 from ~MASHASAN/snort3:wizard_host_cache to master
Squashed commit of the following:
commit
0c6bdabbfea675104681c4b13ed7ba33acd5344d
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Jul 29 13:55:00 2019 -0400
wizard: Avoiding host cache service insertion since we are using flow service
Amarnath Sathyanarayanan (amsathya) [Mon, 29 Jul 2019 23:09:31 +0000 (19:09 -0400)]
Merge pull request #1693 in SNORT/snort3 from ~AMSATHYA/snort3:identity_plugin to master
Squashed commit of the following:
commit
d75324ae893f9f11fb46af80bd9605dbaba1d54a
Author: haow3 <haow3@cisco.com>
Date: Fri Jul 26 16:51:56 2019 -0400
flow: add virtual destructor to stash generic object
Shravan Rangarajuvenkata (shrarang) [Mon, 29 Jul 2019 22:51:53 +0000 (18:51 -0400)]
Merge pull request #1689 in SNORT/snort3 from ~SATHIRKA/snort3:port_service to master
Squashed commit of the following:
commit
de926e3175877734017a6fb84939171ef326cfd7
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Jul 29 10:23:10 2019 -0400
Refactoring code
commit
c5dfddd9350be50a0c71b168f27aa838963a638d
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jul 24 10:38:19 2019 -0400
appid: Fix for app name not getting evaluated for port/protocol based detectors
Shravan Rangarajuvenkata (shrarang) [Mon, 29 Jul 2019 22:51:11 +0000 (18:51 -0400)]
Merge pull request #1634 in SNORT/snort3 from ~KAMURTHI/snort3:MySQL-Non-std-port to master
Squashed commit of the following:
commit
71a85486671a4148e910d1a8d299876fc1f0d080
Author: cljudge <cljudge@cisco.com>
Date: Thu Jun 6 08:38:17 2019 -0400
appid: delay port-based detection until a non-zero payload packe is seen for the session
Mike Stepanek (mstepane) [Mon, 29 Jul 2019 20:16:30 +0000 (16:16 -0400)]
Merge pull request #1685 in SNORT/snort3 from ~SMINUT/snort3:pcre_peg_counts to master
Squashed commit of the following:
commit
8efc8f5a2de33908a9dd5094f088e06b371e6997
Author: Silviu Minut <sminut@cisco.com>
Date: Thu Jul 18 09:59:13 2019 -0400
pcre: add peg counts for PCRE_ERROR_MATCHLIMIT and PCRE_ERROR_RECURSIONLIMIT return status from pcre_exec().
Mike Stepanek (mstepane) [Mon, 29 Jul 2019 16:35:43 +0000 (12:35 -0400)]
Merge pull request #1691 in SNORT/snort3 from ~MASHASAN/snort3:refactor_host_cache to master
Squashed commit of the following:
commit
8226ab4c2662a508d291efb2527777364cbaac6b
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Jul 26 01:44:02 2019 -0400
host_cache: Refactoring code to fix multithreading issues and to remove redundancy
Michael Altizer (mialtize) [Fri, 26 Jul 2019 22:32:29 +0000 (18:32 -0400)]
Merge pull request #1688 in SNORT/snort3 from ~MIALTIZE/snort3:msg_meta to master
Squashed commit of the following:
commit
719c0784502cea317152659ae8e16e2f9ea29b9b
Author: Michael Altizer <mialtize@cisco.com>
Date: Fri Jul 12 21:19:47 2019 -0400
codec: Adapt to new DAQ message metadata source for Real IP/port info
Mike Stepanek (mstepane) [Fri, 26 Jul 2019 20:14:27 +0000 (16:14 -0400)]
Merge pull request #1687 in SNORT/snort3 from ~MIREDDEN/snort3:huffman_rebased to master
Squashed commit of the following:
commit
4a07fd650fbe3cbd5f67c93af793653270704e79
Author: mdagon <mdagon@cisco.com>
Date: Wed Jul 10 08:51:33 2019 -0400
http2: huffman string decode
lookup table, first level only
Michael Altizer (mialtize) [Fri, 26 Jul 2019 14:14:44 +0000 (10:14 -0400)]
Merge pull request #1677 in SNORT/snort3 from ~BBANTWAL/snort3:finalize_packet_verdict_modify to master
Squashed commit of the following:
commit
52f14c12c27d30ee6cc92edad09ae57420b8f5a1
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Jul 15 22:12:27 2019 -0400
finalize_packet: pass verdict by reference
Mike Stepanek (mstepane) [Wed, 24 Jul 2019 20:40:07 +0000 (16:40 -0400)]
Merge pull request #1676 in SNORT/snort3 from ~MASHASAN/snort3:host_discovery to master
Squashed commit of the following:
commit
6ac57a71278abff483a23d296384f3d0d25a13b7
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Jul 15 12:13:45 2019 -0400
rna: Add new hosts with IP-address into host cache
Michael Altizer [Mon, 22 Jul 2019 04:48:12 +0000 (00:48 -0400)]
build: Fix miscellaneous cppcheck warnings
Michael Altizer (mialtize) [Thu, 18 Jul 2019 10:59:14 +0000 (06:59 -0400)]
Merge pull request #1666 in SNORT/snort3 from ~YSAIRAM/snort3:iha to master
Squashed commit of the following:
commit
4c012d6cc44655bab71ece1dc52c480ad8aa1e0a
Author: Y Sairam <ysairam@cisco.com>
Date: Thu Jul 11 21:39:39 2019 -0400
flow: Bypass ha write for unsupported Tunnel flows
Mike Stepanek (mstepane) [Wed, 17 Jul 2019 14:39:36 +0000 (10:39 -0400)]
Merge pull request #1679 in SNORT/snort3 from ~MSTEPANE/snort3:build_258 to master
Squashed commit of the following:
commit
b96f253230c9b1e079a6172cfd4648e64d9b2091
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Jul 17 09:02:44 2019 -0400
build: 258
Mike Stepanek (mstepane) [Tue, 16 Jul 2019 16:09:02 +0000 (12:09 -0400)]
Merge pull request #1675 in SNORT/snort3 from ~SMINUT/snort3:stack_size to master
Squashed commit of the following:
commit
51c4290811365b46aca3d7e5ef3b6985060c9bce
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Jul 15 09:47:03 2019 -0400
pcre: cap the pcre_match_limit_recursion based on the stack size available.
Davis McPherson (davmcphe) [Mon, 15 Jul 2019 18:06:50 +0000 (14:06 -0400)]
Merge pull request #1673 in SNORT/snort3 from ~DERAMADA/snort3:revert_stash_changes to master
Squashed commit of the following:
commit
0cacc8ab500b966c9d23ec819255f4bb77f94b7c
Author: deramada <deramada@cisco.com>
Date: Fri Jul 12 11:23:12 2019 -0400
Revert "Merge pull request #1593 in SNORT/snort3 from ~DERAMADA/snort3:appid_stash_store to master"
This reverts commit
1880af5f2b31ed968fc4a790384720d560acec1c .
Mike Stepanek (mstepane) [Mon, 15 Jul 2019 15:23:09 +0000 (11:23 -0400)]
Merge pull request #1658 in SNORT/snort3 from ~THOPETER/snort3:nhttp122 to master
Squashed commit of the following:
commit
db33060f5d83ad0b2a625abd8287df6073469f84
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Jul 11 13:35:16 2019 -0400
http_inspect: perf improvements
commit
37f170ddc1320c6d3bb3eff11a80cd2c21bff1c0
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Jun 7 10:22:43 2019 -0400
http_inspect: send headers to detection separately
Russ Combs (rucombs) [Mon, 15 Jul 2019 14:01:02 +0000 (10:01 -0400)]
Merge pull request #1649 in SNORT/snort3 from ~STECHEW/snort3:noack_policy1 to master
Squashed commit of the following:
commit
96cde40bbaef426256e5d5607c4f042033df22a9
Author: Steve Chew <stechew@cisco.com>
Date: Tue Jun 18 04:23:40 2019 -0400
stream_tcp: Add no-ack policy to handle flows that have no ACKs for data.
no_ack: Purge segment list withouth waiting for ack when using no_ack feature.
updated purge segment list fix for no_ack feature
updated some comments
Mike Stepanek (mstepane) [Fri, 12 Jul 2019 17:14:05 +0000 (13:14 -0400)]
Merge pull request #1667 in SNORT/snort3 from ~MDAGON/snort3:hpack_string to master
Squashed commit of the following:
commit
74d40186fe6b3dd1207eb70e621e966de29051df
Author: mdagon <mdagon@cisco.com>
Date: Wed Jul 3 12:04:12 2019 -0400
http2: hpack string decode
Michael Altizer (mialtize) [Fri, 12 Jul 2019 16:16:03 +0000 (12:16 -0400)]
Merge pull request #1672 in SNORT/snort3 from ~MASHASAN/snort3:host_tracker_warnings to master
Squashed commit of the following:
commit
3c652147665c5381f469165409a4c4c8caf59eb2
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Jul 12 10:49:49 2019 -0400
host_cache: Closing va_list after usage using va_end
Mike Stepanek (mstepane) [Thu, 11 Jul 2019 10:51:54 +0000 (06:51 -0400)]
Merge pull request #1665 in SNORT/snort3 from ~MASHASAN/snort3:host_cache_dump to master
Squashed commit of the following:
commit
363786e572c5274704c3c34355e5e01c694082ca
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Jul 3 09:08:41 2019 -0400
host_cache: Adding command and config option to dump hosts
George Koikara (gkoikara) [Fri, 5 Jul 2019 04:40:20 +0000 (00:40 -0400)]
Merge pull request #1623 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_eof to master
Squashed commit of the following:
commit
af18eb5c0005d65a1c4879d74dbfa80f736e81b8
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Fri May 17 07:01:05 2019 -0400
stream: add convenient method for flow deletion
Russ Combs (rucombs) [Thu, 4 Jul 2019 18:21:22 +0000 (14:21 -0400)]
Merge pull request #1660 in SNORT/snort3 from ~BRASTULT/snort3:talos_tweak_fix to master
Squashed commit of the following:
commit
1e557dca3a03f375d932d3ba14bed27aea7957ad
Author: Brandon Stultz <brastult@cisco.com>
Date: Sun Jun 30 19:12:46 2019 -0400
talos.lua: various fixes for command line usage
- lua: optionally include local.rules in talos tweak, set snaplen
- main: move talos tweak settings to lua, set default pcap-filter
- parser: fix -R by clearing includer when parsing s_aux_rules
- packet_io: set default pcap-filter
russ [Thu, 4 Jul 2019 18:26:52 +0000 (14:26 -0400)]
Squashed commit of the following:
commit
90bacc16fa036bd678c47a51898a0e247a4659cf
Author: russ <rucombs@cisco.com>
Date: Thu Jul 4 10:32:46 2019 -0400
profiler: include onload/offload efforts in mpse
commit
280854ff2229555fb893a409a62725d31ed403ed
Author: russ <rucombs@cisco.com>
Date: Wed Jul 3 21:52:09 2019 -0400
detection: reduce hard number of contexts to work with pcap default
commit
8eb020e4470c568039b89e12ae29f5b8a625cec3
Author: russ <rucombs@cisco.com>
Date: Wed Jul 3 12:25:53 2019 -0400
profiler: refactor
commit
656e280fc09d1d06c379dfc94fe2b905b79ba03c
Author: russ <rucombs@cisco.com>
Date: Sun Jun 30 13:54:38 2019 -0400
profiler: implement general exclusion
The profiler module has been reworked for performance and accuracy.
There is now a single level (default build) and no need to specify
exclusions. When a new scope is entered, the existing scope if any
is paused and then resumed when the new scope exits. The "total"
root is now implemented internally and fixed at total packets and
total runtime. The difference from that and the sum of all root
children is given in other.
Mike Stepanek (mstepane) [Tue, 2 Jul 2019 17:24:36 +0000 (13:24 -0400)]
Merge pull request #1659 in SNORT/snort3 from ~MDAGON/snort3:hpack_int to master
Squashed commit of the following:
commit
1aa88db8a750eb3efc4a66b0483cb515a60d613e
Author: mdagon <mdagon@cisco.com>
Date: Thu Jun 20 16:42:53 2019 -0400
http2: decode HPACK uint
Steve Chew (stechew) [Tue, 2 Jul 2019 16:13:20 +0000 (12:13 -0400)]
Merge pull request #1656 in SNORT/snort3 from ~SBAIGAL/snort3:ignore_vlan to master
Squashed commit of the following:
commit
59ee334a4e7e69b19bd8a25e8462b2a2005a0534
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Tue Jun 25 14:04:58 2019 -0400
codec: add support of ignore_vlan flag from daq header
updated to skip vlan header process when ignore_vlan flag was set
Michael Altizer (mialtize) [Mon, 1 Jul 2019 19:53:12 +0000 (15:53 -0400)]
Merge pull request #1662 in SNORT/snort3 from ~DERAMADA/snort3:fix_flow_stash_header to master
Squashed commit of the following:
commit
afb1391d7e42c5ffad9e74f34452ed2fe9a4585a
Author: deramada <deramada@cisco.com>
Date: Mon Jul 1 14:26:30 2019 -0400
appid: fix header order in appid_session
commit
12bd60e2cb543727d0a55ddb94d96415d262378a
Author: deramada <deramada@cisco.com>
Date: Mon Jul 1 14:23:48 2019 -0400
flow: remove config.h from flow_stash_keys
Mike Stepanek (mstepane) [Mon, 1 Jul 2019 14:15:54 +0000 (10:15 -0400)]
Merge pull request #1593 in SNORT/snort3 from ~DERAMADA/snort3:appid_stash_store to master
Squashed commit of the following:
commit
51382ddd1e26171b1a1ca0973ff950d1e073aa5c
Author: deramada <deramada@cisco.com>
Date: Mon Apr 29 15:49:05 2019 -0400
appid: use stash to store flow attributes
russ [Sun, 30 Jun 2019 04:04:55 +0000 (00:04 -0400)]
Squashed commit of the following:
commit
f1e74ea89089c180ee2ed823daa009d19954b922
Author: russ <rucombs@cisco.com>
Date: Sat Jun 29 17:49:25 2019 -0400
profiler: convert ips options to use optional profiles
Avoid the perf hit and double counting (with rule_eval) for detection
options with normal builds. Not deleted since it could be helpful
to see individual options in some cases despite the issues. Due to a
bug, this is commented out but should be made a build option once
fixed.
commit
b06b0aebed47a2f8676346e4a7c3dcb2dd522f75
Author: russ <rucombs@cisco.com>
Date: Thu Jun 27 10:28:44 2019 -0400
profiler: split out paf from stream_tcp
PAF (Protocol Aware Flushing) is the delegation by stream_tcp of flush point
determination by service inspectors which encapsulate PDU analysis. This
change splits out the scanning portion of the PAF interface. Reassembly
will be dealt with later. http_inspect will be the biggest contributor to
PAF since it front-loads considerable to the scanning phase.
commit
9dfdc6c399eddd925185e4a0e1dbeec1df91ba5d
Author: russ <rucombs@cisco.com>
Date: Wed Jun 26 21:36:37 2019 -0400
profiler: track DAQ message receives and finalizes
commit
8ec66593d58130bca89071a2d4a2a0429af57223
Author: russ <rucombs@cisco.com>
Date: Wed Jun 26 17:28:57 2019 -0400
profiler: eliminate deep profiling
Deep profiling creates broken totals, impacts performance, and is not a
good substitute for actual profiling with gprof etc. Furthermore, shallow
profiling (ie a single bucket per component and subsystem) provides enough
information to tune Snort effectively.
Russ Combs (rucombs) [Fri, 28 Jun 2019 03:44:43 +0000 (23:44 -0400)]
Merge pull request #1657 in SNORT/snort3 from ~BRASTULT/snort3:fast_pattern_fix to master
Squashed commit of the following:
commit
af403f7092a7a4f2d71a70b7a5d8d75cb23b80f3
Author: Brandon Stultz <brastult@cisco.com>
Date: Tue Jun 25 11:42:42 2019 -0400
detection: on PDUs change search order to set check_ports correctly
George Koikara (gkoikara) [Thu, 27 Jun 2019 15:31:07 +0000 (11:31 -0400)]
Merge pull request #1642 in SNORT/snort3 from ~KBHANDAN/snort3:ha to master
Squashed commit of the following:
commit
2ba9df6b36c5f614106d178f3ab2d56d399640e4
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Tue Jun 11 07:49:28 2019 -0400
flow: Fixes for DAQ-backed HA implementation
George Koikara (gkoikara) [Thu, 27 Jun 2019 10:02:43 +0000 (06:02 -0400)]
Merge pull request #1597 in SNORT/snort3 from ~POAWASTH/snort3:HA to master
Squashed commit of the following:
commit
ec4a4fbf906685e5ed48e9b8d9a2b37848ac16f9
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon Jun 3 04:25:04 2019 -0400
high_availability: high availability support in Snort2Lua
commit
921d334faceea4b4b3d0050a809f6b27add2b43f
Merge:
f33a1a3b0d fc765be03d
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Thu Jun 20 01:02:06 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
f33a1a3b0d6c129a5ed60fa840cd135155151340
Merge:
8f33e02bbf 0f1bfa63a2
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Tue Jun 18 01:30:18 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
8f33e02bbf85b66976c9b033c76d60975feea419
Merge:
ef5462a197 5f54ed99ca
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon Jun 17 01:47:17 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
ef5462a19724068d4f30ab47145a111e1398a449
Merge:
354a0f43b3 728c88e590
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed Jun 12 01:52:57 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
354a0f43b30341dc8bbc0feeae7ee7f11289976c
Merge:
05771d2a9d 2a063bd7fc
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon Jun 3 04:26:16 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
05771d2a9d7fabe20dbef9998346ac2d932b84ee
Merge:
ea74ebefe4 35d4b98423
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri May 24 14:22:51 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
ea74ebefe459505932e9633ecc58acf86f72afb1
Merge:
b05e64d3f4 514211db93
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri May 24 04:42:35 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
b05e64d3f4c7e0be9946a6b94ef38227a5b93962
Merge:
fd54dd4c67 683220535f
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon May 20 13:24:12 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
fd54dd4c67b610c1fb2b9a8fee809c49e6275fac
Merge:
3be4b6fd38 91d81bb4c4
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 15 01:18:15 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
3be4b6fd38ba5133795559ed5a696912d11fbf76
Merge:
49e4495f9d 2c994c4987
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Fri May 10 02:29:14 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
49e4495f9d094c0978465aef4694a0689cc9331b
Merge:
7875fdda54 51c6942a68
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 8 00:42:12 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
7875fdda543729688243daf17d28ab1de9a5291a
Merge:
0bf526d1f8 42f72b3882
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Mon May 6 11:36:04 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
0bf526d1f8b4c02bed19fd6a649c70268ec5ff00
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 1 13:09:08 2019 -0400
Revert "ha: Precommit for snort2lua Changes"
This reverts commit
b26b0b5b6f08b641b49c4ac4cc7c1e426a362ca1 .
commit
3bb98944144ae4d780ec26fa77e81f2ed9f06f84
Merge:
b26b0b5b6f a62e18d8c1
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 1 12:46:20 2019 -0400
Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3
commit
b26b0b5b6f08b641b49c4ac4cc7c1e426a362ca1
Author: Pooja Awasthi <poawasth@cisco.com>
Date: Wed May 1 12:40:48 2019 -0400
ha: Precommit for snort2lua Changes
Mike Stepanek (mstepane) [Wed, 26 Jun 2019 22:39:52 +0000 (18:39 -0400)]
Merge pull request #1655 in SNORT/snort3 from ~AMSATHYA/snort3:identity_plugin to master
Squashed commit of the following:
commit
c02b0069cf999ed917432358ee7df8c5734b0bf0
Author: haow3 <haow3@cisco.com>
Date: Mon Jun 24 12:56:26 2019 -0400
flow: Extend stash to support uint32_t and make it SO_PUBLIC
russ [Mon, 24 Jun 2019 04:22:04 +0000 (00:22 -0400)]
Squashed commit of the following:
commit
46b75614846523b09bc3f0381aa23c74c4b4037c
Author: russ <rucombs@cisco.com>
Date: Fri Jun 21 22:17:05 2019 -0400
ips: refactor fast pattern searching
commit
ca549ab88276c9c1032be231ce6ab4be331c9920
Author: russ <rucombs@cisco.com>
Date: Fri Jun 21 22:16:22 2019 -0400
detection: allocate scratch after configuration
commit
1db4b7941c9b0e700f6b8c76a4718649d546678a
Author: russ <rucombs@cisco.com>
Date: Wed Jun 19 12:21:49 2019 -0400
detection: immediately onload after offloading when running regression tests
commit
aecdde54894b4e2f9eddf1e641964ef1c1dac749
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 09:44:36 2019 -0400
detection: use offload_threads = N with -z = 1
commit
bbe6eb1f255d190b6fa08fe6d9471681a430a165
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 21:26:34 2019 -0400
analyzer: 1024 contexts max is a better default until configurable
commit
45c29b39d7bdbdd3f7271d120899e14f67f8d40a
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 09:45:08 2019 -0400
detection: start offload threads before packet threads are pinned
commit
f5788a9b17cea3545c05932d365c5736c1de5b54
Author: russ <rucombs@cisco.com>
Date: Tue Jun 4 09:41:41 2019 -0400
mpse: api init and print methods are optional
commit
619b7846de7cbd1d5962c92850ba855e3ce586d6
Author: russ <rucombs@cisco.com>
Date: Sat Jun 1 13:48:43 2019 -0400
ips: add missing non-fast-pattern warning
commit
05fd308f43484b2ed79a6a9d646aa203d2d1ffdd
Author: russ <rucombs@cisco.com>
Date: Sat Jun 1 13:47:59 2019 -0400
stream_tcp: fix non-deep detect profile exclusion
commit
d141982727775c23eb0503550b4b89e77d3971a3
Author: russ <rucombs@cisco.com>
Date: Fri May 31 16:32:29 2019 -0400
snort: remove out-of-date Snort 2 version from -V
projects / thirdparty / snort3.git / log
