git.ipfire.org Git - thirdparty/snort3.git/log

Merge pull request #877 in SNORT/snort3 from spell to master

Squashed commit of the following:

commit c07087e3943f18b3d2ac32b7267e91fa23b73f00
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon May 1 11:50:42 2017 -0400

    spell check user manual text files

commit d0a970845da721f3cf35219186f5e4d706796887
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon May 1 08:47:48 2017 -0400

    go with endianness

commit 269c1c0b93b84b18a46c92da3a277ba3f47251bc
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Apr 29 12:44:49 2017 -0400

    fix typos in comments

commit ff18dc38fded36310c99ebbdad8a1be0e195f112
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Apr 29 10:36:04 2017 -0400

    fix typos in strings

commit 5f8d717c58f3e1c89e031f0d42b6023246272fd2
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Apr 29 10:35:35 2017 -0400

    disable spell check on hex foo

Merge pull request #875 in SNORT/snort3 from nobom to master

Squashed commit of the following:

commit 229f248785e79f9ba8ea8798a3a3116ade43106b
Author: Tom Peters <thopeter@cisco.com>
Date:   Mon Apr 24 10:36:10 2017 -0400

    Ported enhancement to do UTF decoding when no Byte Order Mark is present from 2.9 OHI to NHI.

    Removed some unneeded safety checks from the real-time code.

    Fixed a bug where false 119/38 (UTF decoding failure) alert was generated for an empty message body section.

Merge pull request #876 in SNORT/snort3 from warnings to master

Squashed commit of the following:

commit 26670f34b12aba46c2416950ad3ec26f04f0f33c
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon May 1 11:39:57 2017 -0400

main: Fix compiler warnings when SHELL is not enabled

Merge pull request #873 in SNORT/snort3 from Bug201617 to master

Squashed commit of the following:

commit 501c5def6b7be582d9fe4d18bcd991a89f361e80
Author: allewi <allewi@cisco.com>
Date: Fri Apr 28 09:55:11 2017 -0400

adding changes from 2.x to correct false positives on modbus with a bad length

Merge pull request #874 in SNORT/snort3 from fbs_braces to master

Squashed commit of the following:

commit 4fb31387868440e20db02518b150b536190488ba
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Apr 28 13:03:20 2017 -0400

fixed missing braces in perf fbs

update ChangeLog format

build 232

Merge pull request #872 in SNORT/snort3 from build_fixes to master

Squashed commit of the following:

commit f95c65a839c1124bb5b30caac6588be9ffcd966a
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Apr 27 14:53:30 2017 -0400

    cmake: Fix building with and without flatbuffers present

commit 40638db52e6fc55397cf585024b405ebc4f1f3de
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Apr 27 14:52:51 2017 -0400

    autoconf: Check for lua.hpp as well as luajit.h to ensure C++ support

commit 5605896f56cb8e15e710e49275d68d61742402c3
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Apr 27 14:52:22 2017 -0400

    snort2lua: Add missing final newlines to source files

Merge pull request #863 in SNORT/snort3 from Bug195759 to master

Squashed commit of the following:

commit 18cf2a9ecad0306ef1ba2553b9acc89bc6adf085
Author: allewi <allewi@cisco.com>
Date: Thu Apr 27 18:12:27 2017 -0400

fix is for correct checking of dnp3 reserved addresses

Merge pull request #867 in SNORT/snort3 from appid_syncup_291042_final to master

Squashed commit of the following:

commit c577f7ef36e3088d5605dc3ab7cc17f5e3b15da9
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Thu Apr 6 15:08:23 2017 -0400

    miscellaneous cleanups and fixit fixes

    implement helper functions to return client/service detected status

    for the pop3 & imap detectors the index returned for the matched pattern is +1 the actual index value (0 means no match), the index was not being decremented before use in certain cases and this patch fixes those

    implement unit test to verify the appid api functions

    implement service detector to use for reg test scenarios

    dead code cleanup

    refactor to improve testability and eliminate service_util.h, add unit tests for app_info_table

    delete dead code, generic config functionality no longer required as detectors can now save this state in the class instance

    add unit tests for AppIdDetector class

    refactor appid_session to rename struct HttpSession to class AppIdHttpSession and move it and associated functions to a separate file appid_http_session.[h|cc]

    refactor unit test code to improve reuse of mocking and common initialization functions

    streamline processing of version strings

    add appid api unit test to verify consumption of HA state info generated by the produce HA state api method

    fix memory leak in changes to version handling code when version string was not saved to session status object

    fix memory leaks in appid unit tests

    document utility functions per review comments and uncrustify

    update copyright notices to conform with cisco standard

    for imap & pop3 custom pattern matching use (pattern array size + 1) to indicate no match instead of 0.  this eliminates need for 'cooked index' that must be decremented on return from find_all function of pattern matcher.

    fix pop3, imap, and kerberos detectors such that the client & server side detectors both use the client appid detector id to store and lookup the common data structures shared by each.

Merge pull request #866 in SNORT/snort3 from block_controls to master

Squashed commit of the following:

commit 2bbff4362a118c37342dac3c7a0b9376c581ea99
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Apr 20 00:36:42 2017 -0400

control channel changes: Make shell control commands blocking

Merge pull request #868 in SNORT/snort3 from snort2lua2 to master

Squashed commit of the following:

commit c075733b31c92b1d48296dac8ed7ec16da32ee62
Author: Steve Chew <stechew@cisco.com>
Date: Mon Apr 24 13:25:19 2017 -0400

Ports and protocols should be saved to separate bindings.

Merge pull request #865 in SNORT/snort3 from byte_jump_bitmask to master

Squashed commit of the following:

commit a837719a5ac101a433c8745c4bbe7fe01e31377a
Author: mdagon <mdagon@cisco.com>
Date:   Wed Apr 19 11:06:18 2017 -0400

    Byte_jump 2.9.9 sync-up
    1. bitmask option support
    2. from_end option
    3. error message for bytes to extract usage

Merge pull request #856 in SNORT/snort3 from multiple_remotes to master

Squashed commit of the following:

commit 59aea04b2d7f4d4642df12d35b21e456a94a4916
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Wed Apr 12 10:28:09 2017 -0400

allow multiple remote control channels

Merge pull request #848 in SNORT/snort3 from Bug185681 to master

Squashed commit of the following:

commit 83b98e57f3c45df9ec66fdc57b1fcb407f203766
Author: allewi <allewi@cisco.com>
Date:   Wed Apr 12 09:53:36 2017 -0400

    fix is for snort2lua hanging on bad include statements and to always print rej file on error.

    removing trailing space and the blank line

    removed another space

Merge pull request #864 in SNORT/snort3 from cmake_flatbuffers to master

Squashed commit of the following:

commit 0ad67430c6bf48f940b79ea91cc0f7e4a93b4cba
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Apr 19 16:35:33 2017 -0400

    utils: Add FlatBuffers version string to banner when used

commit 3d08dd60f7dcff7ff406e828c61a97a2349b5fab
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Apr 19 16:35:02 2017 -0400

    cmake: Fix detecting and using flatbuffers library

Merge pull request #861 in SNORT/snort3 from byte_extract_bitmask to master

Squashed commit of the following:

commit b50dc06730c0f013afdab2fcc07ef63cf2321926
Author: mdagon <mdagon@cisco.com>
Date:   Mon Apr 17 14:29:40 2017 -0400

    Byte_extract bitmask option

    Error for byte_extract w/o variable name

Merge pull request #854 in SNORT/snort3 from Bug51812 to master

Squashed commit of the following:

commit 83007534003c61344eac25407b13443ab4bc2c30
Author: allewi <allewi@cisco.com>
Date: Fri Apr 14 19:10:30 2017 -0400

changes made for detecting naptha attack and generate a codec event

Merge pull request #862 in SNORT/snort3 from nohi to master

Squashed commit of the following:

commit 8e07fee28e1719108957c7f679ad24f4b99c17a2
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Apr 18 07:38:37 2017 -0400

    snort2lua: remove obsolete --ohi option

commit 00bafd91773e137fd347a720b8e935ea40d320fe
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Apr 17 17:22:07 2017 -0400

    fix broken seglist byte counting full, split overlaps

commit 9d391eb6cf5dd9b876c2bf4019e9cbb056917032
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Apr 17 17:21:33 2017 -0400

    alert_fast: add key buffer (eg start line with HTTP body)

commit 7e593f0e0c216af3796fa2656cc4f2fa7447731e
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Apr 17 17:18:59 2017 -0400

    fix buffer dumps comment: use given length instead of packet length

commit 7be78bccf99ffd6f070fba6a4c15f50d132f9461
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Apr 17 09:29:55 2017 -0400

    remove http_server (use new http_inspect instead)

Merge pull request #860 in SNORT/snort3 from icc to master

Squashed commit of the following:

commit ca572eec71be76e79be4384f46444a5bbe6c3d52
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Apr 17 17:59:51 2017 -0400

build: Clean up Intel compiler warnings and remarks

Merge pull request #859 in SNORT/snort3 from x-fixes to master

Squashed commit of the following:

commit 267d90d9291c9d18dfda472511acaeaf7c977b4b
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Apr 17 12:34:20 2017 -0400

    gitignore: Add fbstreamer binary

commit aff4153fde73ea38a454d118ef9fa53e86edbe0a
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Apr 17 12:33:30 2017 -0400

    fbstreamer: Fix compiler warnings

commit 2ec27c7973532cfbbbb992e69e0b37c9f8441b2b
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Apr 17 10:47:40 2017 -0400

    extra: Remove unused config.h inclusions entirely

commit 02967ec532fc2bd9faac28b7bbf2a175f719e19e
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jan 4 17:37:05 2017 -0500

    autoconf: Add macros to extras for C++11 and Visibility support (and use them)

commit 4a2768796608dd9d9cfb9edec9b5962876afcfc5
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jan 4 17:37:41 2017 -0500

    autoconf: Split out visibility checks into their own macro file

commit f171fe0b67b2eb6e813bf8d2613b1c766ad49744
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jan 4 17:30:28 2017 -0500

    loggers: Build alert_sf_socket on all platforms

Merge pull request #855 in SNORT/snort3 from byte_test_bitmask to master

Squashed commit of the following:

commit 975803b82b3fa9e63d9510f177536b03496ae46f
Author: mdagon <mdagon@cisco.com>
Date: Tue Apr 11 16:30:35 2017 -0400

byte_test bitmask option support

Merge pull request #858 in SNORT/snort3 from freebsd to master

Squashed commit of the following:

commit f1e4d6ffe603d131d5cd4a97af3ce5af9e083ec7
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Apr 13 14:40:35 2017 -0400

build: Fix FreeBSD compilation issues

Merge pull request #857 in SNORT/snort3 from doc_fbs to master

Squashed commit of the following:

commit 65ddd6d2f2ace0e3a84ec6a4034095cb5bb1e4e0
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Apr 12 12:37:05 2017 -0400

documented usage of flatbuffers in perfmon and file format produced

Merge pull request #851 in SNORT/snort3 from appid_syncup_291042_tp187788 to master

Squashed commit of the following:

commit 2b8c66e17f6549e8727bdf5f60122347acddfac2
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Fri Apr 7 16:52:21 2017 -0400

    updates from code review comments

commit 608d26111022edc916509eb9381b696a324adea3
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Wed Apr 5 11:56:08 2017 -0400

    port 2.9.x changes related to Lua state initialization when loading lua detectors

commit 7de209bce79dfaffcc9af2dfe567168d2a4d3a18
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Wed Apr 5 08:41:06 2017 -0400

    port 2.9.x changes to the stmp detector to snort3, this adds support for detecting login user and auth

commit 8809cb2160c2b3f2ced3fbb6080539bb88ddf034
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Mon Mar 27 15:05:21 2017 -0400

    refactor failed service detection handling to make functions that handle failure member functions of the ServiceDiscoveryState class

    refactor to port 2.9 changes to the process for selecting service detectors for a flow and managing the service discovery process

Merge pull request #853 in SNORT/snort3 from 231 to master

Squashed commit of the following:

commit 93bb8d94638affbb7ad005a2465246f8e3c32c1f
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Apr 7 07:25:49 2017 -0400

    build 231

commit 4ff230055c0032375e1969dc2c2db5e58bf2c121
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Apr 7 06:21:58 2017 -0400

    remove cruft: unused treenode utilities

commit fb17334ebdd381c13614f070b8554238c263d32d
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Apr 7 06:21:34 2017 -0400

    remove cruft: unused signature utilities

Merge pull request #850 in SNORT/snort3 from appid_syncup_291042_tp187691 to master

Squashed commit of the following:

commit f60f7d82a30affc5738d653d14fb8aace5141188
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Tue Apr 4 16:05:30 2017 -0400

    updates based on PR code review comments

commit b62183ee7da3b454d5720e5a0fe320cc8dad60f9
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Mon Mar 27 15:05:21 2017 -0400

    refactor failed service detection handling to make functions that handle failure member functions of the ServiceDiscoveryState class

    refactor to port 2.9 changes to the process for selecting service detectors for a flow and managing the service discovery process

Merge pull request #849 in SNORT/snort3 from Bug66844 to master

Squashed commit of the following:

commit e92aca867900d9001f10871e5c0e8469f748bc60
Author: allewi <allewi@cisco.com>
Date:   Thu Mar 30 16:37:01 2017 -0400

    removed unused payload_type variable

commit 434f377d7225a6063641e51d1ff979b57f8fbf39
Author: allewi <allewi@cisco.com>
Date:   Thu Mar 30 12:30:09 2017 -0400

    added decoder check for label 0 or 2 set in non bottom of stack header

commit 3ce099cc788a5ce2a1b7f775c26fe99eaaf598a9
Author: allewi <allewi@cisco.com>
Date:   Mon Mar 27 06:04:37 2017 -0400

    added ip proto 137 to mpls decoder

Merge pull request #847 in SNORT/snort3 from 230 to master

Squashed commit of the following:

commit 1a9ccf0123184d2e531a4950c2142d533d517c96
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Mar 27 12:00:18 2017 -0400

    build 230

commit 95ab2af6205f0fd40b41a16139bd2ab06db7d200
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Mar 27 12:00:09 2017 -0400

    fix os x build issue

Merge pull request #846 in SNORT/snort3 from nhttp68 to master

Squashed commit of the following:

commit 5285027596f1c21bb700a05933ff9cf7639568f7
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Mar 22 16:46:50 2017 -0400

New feature for test tool used to investigate chunk reassembly problem

Merge pull request #841 in SNORT/snort3 from jviiret-hs_valid_platform to master

Squashed commit of the following:

commit 884ae7e5c67ccc845e290b9e9e4002c783dea5b0
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Mar 23 09:36:00 2017 -0400

    doc updates for optional build features

commit 545015764289686c030d4f8220e0bf35275b5d5d
Author: Justin Viiret <justin.viiret@intel.com>
Date:   Fri Mar 3 10:56:18 2017 +1100

    Check Hyperscan availability when configured

    This checks whether the host have the architectural features required by
    Hyperscan when it is configured with the hs_valid_platform() function.

    On failure, components that use HS (ips_regex, ips_sd_pattern, hyperscan
    MPSE) will produce parse errors.

commit 48cfdcf9f14332c0d9b26022c6a20535ae8ed7f1
Author: Justin Viiret <justin.viiret@intel.com>
Date:   Mon Mar 6 09:40:42 2017 +1100

    autotools: require Hyperscan >= 4.4.0

    This version is required for the hs_valid_platform() function.

commit ea2f8816ca8c016977a6cdf88c39dc01461d5399
Author: Justin Viiret <justin.viiret@intel.com>
Date:   Fri Mar 3 10:03:58 2017 +1100

    cmake: require Hyperscan >= 4.4.0

    This version is required for the hs_valid_platform() function.

Merge pull request #845 in SNORT/snort3 from appid_uninitialized_protocol_fix to master

Squashed commit of the following:

commit 5015272dcdba3db74196f847541013abdae2d494
Author: davis mcpherson <davmcphe.cisco.com>
Date: Fri Mar 24 10:44:03 2017 -0400

ensure the protocol variable passed in when instantiating a lua detector is initialized.

Merge pull request #844 in SNORT/snort3 from sip_no_sip to master

Squashed commit of the following:

commit bc8513ded1adef0249a405866f6f2338aace091e
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Mar 23 15:44:54 2017 -0400

fix sip_method to error out if sip not instantiated

Merge pull request #842 in SNORT/snort3 from 2017 to master

Squashed commit of the following:

commit ebc21669d5c36ed3dbe36469b6061ed37a2e91b7
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Mar 23 12:26:38 2017 -0400

update copyrights

Merge pull request #843 in SNORT/snort3 from appid_classy_issues to master

Squashed commit of the following:

commit 5ab36b4aab69f3386d5d353b1cebe7c31702cde8
Author: davis mcpherson <davmcphe.cisco.com>
Date: Thu Mar 23 15:03:37 2017 -0400

fix crunch and grind issues introduced by appid_classy_detectors refactoring

Merge pull request #830 in SNORT/snort3 from appid_classy_detectors to master

Squashed commit of the following:

commit 1b244982ce39da13950c8de16e04f30c85522c1f
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Mon Nov 7 09:20:56 2016 -0500

    rename class Detector to class LuaDetector

    use std::map to hold list of client detectors

    implement ServiceDetector subclass

    refactor detector_pattern.cc to subclass the ClientDetector class

    harmonize args to client & service detectors so signature to validate function is the same

    cleanup dead code, continue refactoring service/client discovery manager and detector classes

    move tcp/udp pattern registration functions to appid discovery manager base class

    delete unused free_pattern_data list

    service state class refactoring

    refactor service mdns to use ServiceDetector class

    refactor kerberos and imap detectors to subclass ClientDetector & ServiceDetector

    refactor imap, pattern, and pop3 detectors to use AppIdDetector class

    delete deprecated files, refactor service_bgp to subclass ServiceDetector class

    refactor bit & bootp service detectors to subclass ServiceDetector

    refactor bgp, dcerpc, direct_connect, flap, ftp, rexec, rfb rpc, rshell, snmp, ssh, ssl, tftp, timbuktu, and tns to subclass ServiceDiscovery

    refactor irc, lpr, mysql to subclass ServiceDiscovery

    refactor netbios service detection to subclass ServiceDiscovery

    refactor nntp, ntp, rlogin service detection to subclass ServiceDiscovery

    refactor radius, rpc, rsync, rtmp, ssh, telnet service detection to subclass ServiceDiscovery

    remove files no longer used due to ServiceDetector refactoring

    refactor client detector class names to include 'Client' in the name

    remove more of the old style validate functions

    add new files for appid_discovery base class

    move third party discovery functionality from appid session file to its own file

    move discovery specific functions from AppIdSession class to AppIdDiscovery or the client and service discovery subclasses

    add missing support for log_all_session config option

    manually merge changes from find_all fixes in commit 369726c01caf6ca4833e1b31fc2243684cd46593

    set size parameter for pattern search strings

    refactor client candiate list to use std::map instead of SF_LIST

    refactor appid statistics code to implement as a class, all stats THREAD_LOCAL vars changed to class member variables, appid inspector creates and manages THREAD_LOCAL instance of the appid statistics manager class

    refactor Lua detector classes to cleanly derive from AppIdDetector class and its subclasses

    refactor 'if' statement checks in lua api methods for session state & params validity to be asserts as these types of errors are programming mistakes

    move types defined in http_common.h to more appropriate header files, delete http_common.h

    updates to address comments and issued raised from PR review comments

Merge pull request #840 in SNORT/snort3 from bugz to master

Squashed commit of the following:

commit 234130156c9f535477f4d5e1217010b4b91cf5f3
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Mar 21 22:55:29 2017 -0400

    fix search tool test compiler warnings for unused params

commit c306114eaf2bd91018446aa963cee9a3ffed4b3c
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Mar 21 13:33:43 2017 -0400

    fix dce debug print of uuid to be thread safe

commit 1f20b9396cd4ec560bf8d6c530633a0872f15917
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Mar 21 12:34:40 2017 -0400

    do not try to compile an empty hyperscan db
    thanks to justin.viiret@intel.com for reporting the issue

Merge pull request #839 in SNORT/snort3 from regex_fix to master

Squashed commit of the following:

commit aedce1c1fe8f053e06f56772737562670435d705
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Mar 20 17:31:46 2017 -0400

remove unused field

Merge pull request #834 in SNORT/snort3 from flatbuffers to master

Squashed commit of the following:

commit e5ded2b1d2b6c5605341512d148f71f679e46be9
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Mon Mar 20 13:29:49 2017 -0400

    fixed build warnings

commit 44ce3ac80687438e75542ea1df4487f6fc79a5ba
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Tue Mar 7 15:45:17 2017 -0500

    Added flatbuffers output format to perf monitor. Added tool for converting flatbuffers files to yaml.

Merge pull request #838 in SNORT/snort3 from regex_fp to master

Squashed commit of the following:

commit b9c93c2c008fb44f0d8b93536b76199076fcb95d
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Mar 20 13:29:50 2017 -0400

    fix earlier cpp check errors

commit ccc974b6d5955b3fdc4c3fb4b843f3b1acee1ee5
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Mar 20 12:35:10 2017 -0400

    refactor regex only flags from PatternMatchData to RegexConfig

commit 9ffed2e78d7e35168142f9a37e6544e0853b75ef
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 17 19:33:52 2017 -0400

    refactor pattern match data; regex can be fp only if explicitly indicated

Merge pull request #837 in SNORT/snort3 from tweaks to master

Squashed commit of the following:

commit 54efd96f69efda1110d6fcb899bcf15b5fb0aa08
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 17 13:49:14 2017 -0400

    detection cleanup:  tighten variable scope and fix formatting of port tables

commit f3e7ab710767f3f07136b59b421c0d5863c2e5c8
Author: Russ Combs <rucombs@cisco.com>
Date:   Sun Mar 12 09:34:39 2017 -0400

    detection cleanup: fix up sig info naming

commit d55f2dd626252e83d18a471ec781048905ff2658
Author: Russ Combs <rucombs@cisco.com>
Date:   Sun Mar 12 09:03:43 2017 -0400

    detection cleanup: free rule state asap

commit 1627006374abcb1ca4cbe2247ee5bbda47381754
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Mar 11 11:38:03 2017 -0500

    detection cleanup: free PortObject lists asap

commit 14633db03d7f5d5bbf00b940e170a207ac12b946
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Mar 11 11:08:03 2017 -0500

    detection cleanup: free port table hash asap

commit 1337e7918739210033e1dc4c5cc6d7afc4616c44
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Mar 11 09:32:53 2017 -0500

    detection cleanup: add finalize method to PortObject2 to free compile time only data asap

commit a6c6d020e0b41ad9735c370dfa6f9d49df22bd28
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Mar 11 06:46:02 2017 -0500

    detection cleanup: free service rule map asap

commit ab3d114e01155a81a469aedc51d9d9dffe8cf505
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 18:19:39 2017 -0500

    detection cleanup: refactor PortObject and PortObject2 to use PortGroup* instead of void*

commit de73f4c9b0134d127a480bdb491a29728dae39a7
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 16:33:16 2017 -0500

    detection cleanup: add type checking to otn->detection_filter and friends

commit 17c01a8e2c3b40f1a69cc7004f2470c21af609d7
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 16:05:56 2017 -0500

    detection cleanup: remove unused PortTable.pt_merged_rule_list

commit 46a257e2a8648a4b5309b48e90a0a179159b1c0a
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 16:01:36 2017 -0500

    detection cleanup: remove unused PortObjectItem.cur_port, tmp

commit abd99111ddbea2830e4f631246f3e6e1afe14a73
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 15:44:22 2017 -0500

    detection cleanup: removed unused PortTable.pt_plx_list

commit a281d4d32a261df8eed0fd955623f98039baffba
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 15:32:20 2017 -0500

    detection cleanup: remove unused PortTable.pt_port_lists[] and associated print func

commit fa7a351ddbda453290aa053f17851554f1d6712a
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Mar 10 11:04:01 2017 -0500

    reformat and refactor detection related code
    enhance option tree dump
    remove unused pointer from otn
    remove useless otn integrity check

build 229

Merge pull request #835 in SNORT/snort3 from mpse_changes to master

Squashed commit of the following:

commit 001e3f1feb1b246b4564dccbb36d86c108dc7651
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Mar 13 16:10:28 2017 -0400

mpse changes to fix off by 1 issue in ac_full, hyperscan fixes, search tool changes to use fast patten config's search method

Merge pull request #833 in SNORT/snort3 from snort2lua_empty_preproc to master

Squashed commit of the following:

commit 11f36b6625c25d1c3dcc1999a36294d4ea024100
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Mar 13 12:18:03 2017 -0400

snort2lua parsing updates

Merge pull request #831 in SNORT/snort3 from nhttp67 to master

Squashed commit of the following:

commit 0c807e8b8861cea40c9b14dbb785b018cffb46f6
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Mar 8 14:14:34 2017 -0500

Alert for HTTP wrapping. CR and LF in header name parsed as whitespace.

Merge pull request #829 in SNORT/snort3 from nhttp66 to master

Squashed commit of the following:

commit b5cd986205120e83173ada3fbb5a57b17a8481fd
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Feb 10 13:50:32 2017 -0500

Alert for nonprinting character in header name. Alert for bad Content-Length value.

build 228 - alpha 4 final

Merge pull request #826 in SNORT/snort3 from quiet_daemon to master

Squashed commit of the following:

commit db5d675a41a376734931ec2b3cea3dfa805b052b
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Feb 27 11:25:19 2017 -0500

pid file is created regardless of priv drop settings

Merge pull request #828 in SNORT/snort3 from doc_daq to master

Squashed commit of the following:

commit c5d9e697d736c3495b160ac3d135f386afcb9089
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Feb 28 15:38:30 2017 -0500

    doc: Add LibDAQ README to Reference and fix typos

commit 48b89d644f466b6e123d9cd60899c0ee94c862a8
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Feb 28 00:22:20 2017 -0500

    doc: Add DAQ configuration documentation

Merge pull request #827 in SNORT/snort3 from byte_order to master

Squashed commit of the following:

commit a257b0dafc53321b199b7e5100d700345e133e32
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Feb 25 10:16:15 2017 -0500

add multiple byte orders warning

Merge pull request #825 in SNORT/snort3 from integ_fixes to master

Squashed commit of the following:

commit 0995fc8ac35cc6d600cda1a08a461244407da869
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 17:14:20 2017 +0000

    gitignore: Add doc/connector.txt

commit 6597ebd45f9706359f2529a3f1640c25e961ecac
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 17:11:21 2017 +0000

    autoconf: Alphabetize library dependency checks

    In addition to looking a bit nicer, this conveniently works around an
    ugly libsfbpf depdendency issue of a custom libpcap.

commit 361868030f86d392e852837d08ea402f17057513
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 16:56:27 2017 +0000

    snort2lua: Handle removed memcap option in ftp_telnet

commit 7bd2999a9edf2b013fd928e849d699afae6cf5ef
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 16:55:12 2017 +0000

    snort2lua: Mark appid conf and thirdparty_appid_dir as unsupported

    This will be reverted later when support is implemented.

commit c3845aa8efa0b1de70962b3bfc6376d115ef2d6c
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 16:49:21 2017 +0000

    snort2lua: Fix a couple of typos in table API output

commit e7ecde8e685d07c5ed9427b1f16e532c54d985e3
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 16:20:53 2017 +0000

    dce_rpc: Mark generated iface patterns as literal

    This fixes the situation where the ASCII representations of UUID bytes
    are regular expression special characters.

commit 50d6a80b3e282cc177769bdb4eb5192aad6744e3
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 24 16:19:31 2017 +0000

    hypercsan: Print error message and erroneous pattern when compilation fails

Merge pull request #824 in SNORT/snort3 from snort2lua_uricontent to master

Squashed commit of the following:

commit 1d438f21c0bbd8dc6cc1630550ef97ebb719794d
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Thu Feb 23 11:16:34 2017 -0500

uricontent snort2lua updates

build 227

Merge pull request #823 in SNORT/snort3 from free_the_gids-vjr to master

Squashed commit of the following:

commit 9403cbcdf2a16ec768325102b7a4e97e79f0a740
Author: Victor Roemer <viroemer@cisco.com>
Date:   Tue Feb 21 15:09:38 2017 -0500

    Only emplace non-zero gids

commit 2db5bc3e5222e927828446294de1394303773972
Author: Victor Roemer <viroemer@cisco.com>
Date:   Mon Feb 20 11:42:49 2017 -0500

    Keep track of GID's in use.

commit 99636e1116c862d0f0d5b73c0042c6de0c62c340
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Feb 15 11:05:51 2017 -0500

    poc - allow arbitrary gid use; test and perf tbd

Merge pull request #822 in SNORT/snort3 from syslog to master

Squashed commit of the following:

commit 83bed16119252515438e02cf4a96a636e3fe4a3a
Author: Carter Waxman <cwaxman@cisco.com>
Date: Fri Feb 17 17:04:10 2017 -0500

fixed output of bare LogLabel to divert to syslog if enabled

Merge pull request #821 in SNORT/snort3 from peg_fix to master

Squashed commit of the following:

commit da68bbf04ce39fb55fe0963f67b557bd807a68fa
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Feb 19 07:53:56 2017 -0500

fix up peg help (remove _)

Merge pull request #820 in SNORT/snort3 from noname_daqs to master

Squashed commit of the following:

commit fa60f46919821462077a54661f7bd5171eecc191
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Feb 17 14:30:22 2017 -0500

support DAQs w/o explicit sources (nfq, ipfw)

Merge pull request #817 in SNORT/snort3 from u2_logging_bug_166983 to master

Squashed commit of the following:

commit cf11c4fc3ae53a2fe11ca2af5628a25a4d114987
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Tue Feb 14 10:00:02 2017 -0500

    patch to fix u2 logging issues:
     1) for rebuilt packets use the Packet::dsize field to determine length of payload to be logged.
     2) also use the client/server ip addressess cached in the Flow object to set the source/destination address in the generated alerts.
     3) u2spewfoo updated to not include the 4 byte 'packet_data' field when copying the u2 serial header, this field is a placeholder for the offset to the logged payload and is not written out when the header is logged by snort
     4) defined new U2 record type UNIFIED2_PDU. rebuilt packets are logged with this type to distinguish them from raw packets in the u2 log file

remove fixed gotcha from doc

build 226

Merge pull request #819 in SNORT/snort3 from doc_bug60645 to master

Squashed commit of the following:

commit 73f1b8107b7e5cb20df76bc47227849190d84458
Author: Victor Roemer <viroemer@cisco.com>
Date: Thu Feb 16 15:26:46 2017 -0500

Remove doc for bug we've forgotten about.

Merge pull request #818 in SNORT/snort3 from doc_conn to master

Squashed commit of the following:

commit 98a35eebc3b3fee688a6abbed98a478493fb3e6e
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Feb 15 07:46:55 2017 -0500

    add plugin path to cmake doc build

commit 38fd4f4e696f4d3696fa9e6a344b3548ac2d67ed
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Feb 15 06:18:28 2017 -0500

    add connectors to generated reference parts of manual

Merge pull request #816 in SNORT/snort3 from chroot to master

Squashed commit of the following:

commit b748ba2c9987dbf2c6dba7e5a162c07383435521
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 13 18:15:40 2017 -0500

    snort: Improve privilege dropping and chroot behavior

    Clean up setuid/setgid and chroot code and behavior.
    Make failure to drop privileges a fatal error.

commit 554b957a2b63bc1d3374d2518305e39b4a7d75e3
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Feb 2 18:00:37 2017 -0500

    utils: Refactor deprecated C string utility functions into their own source module

    Also fix up printing literals in FTP command formats (reported by printf
    argument checking on sfsnprintfappend()).

commit b48d2eca39ec49110eb6201db26a0c1f302ef360
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 13 19:28:55 2017 -0500

    extra: Make extras a standalone autoconf project

commit 3aece989f65841d41a63da45eb67f9e6a20ebeb3
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Feb 2 15:42:10 2017 -0500

    snort_config: Refactor many functions into SnortConfig mutators

    Also, make many of the previous config directives on/off rather than
    just on.

commit 4065f341ec2dbf26dd842c5b3bd25409eca58903
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 13 17:51:55 2017 -0500

    build: Attempt to force statically linking sanitizer libraries

    This fixes the case where LD_PRELOAD has been modified and a dynamically
    linked libasan balks at not being the first library loaded.  Note:
    Static linking of these libraries is already the default with Clang and
    the -static-libXsan options are not supported there.

commit 1dcf97d4cf9531c17c36110ebbe3e73c4fef0ccc
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 13 11:08:21 2017 -0500

    main: Broadcast START or RUN when synchronizing for privilege drop

    This is a quick fix for the current situation where only the last packet
    thread to reach the privilege drop state will be started.  State machine
    transitions and privilege dropping should be reworked to make use of
    command objects rather than main_poke().

commit cbbcc0b0c69a71e83ff5f9582f396c2149065d22
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 13 10:17:10 2017 -0500

    perf_monitor: Fix segfault when tterm is called before tinit

Merge pull request #811 in SNORT/snort3 from stream_underflow3 to master

Squashed commit of the following:

commit 69d72bc0e02c334b8929f03e6a9085daf19a5473
Author: Steve Chew <stechew@cisco.com>
Date: Thu Feb 9 11:59:27 2017 -0500

Fix Stream TCP counter underflow bug and handle max and instant stats.

Merge pull request #815 in SNORT/snort3 from snort2lua_config_alertfile to master

Squashed commit of the following:

commit 814ca0f843359b2e2e8936bca3bc466d0f18d6aa
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Feb 13 16:52:49 2017 -0500

snort2lua changes to convert config alertfile: <filename>

Merge pull request #809 in SNORT/snort3 from doc_ha_sc_conn to master

Squashed commit of the following:

commit f3884b9e20e574158bb97ffed7bd9311907cf8ac
Author: Ed Borgoyn <eborgoyn@cisco.com>
Date: Thu Feb 9 17:44:49 2017 -0500

Documentation for HA, side_channel, and connectors.

Merge pull request #813 in SNORT/snort3 from snort2lua_rpc to master

Squashed commit of the following:

commit 48a573c67dccf9522d2fb3cb62df44781ddb2aa6
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Feb 13 06:49:36 2017 -0500

snort2lua changes for rpc over http

Merge pull request #814 in SNORT/snort3 from snort2lua_smb_file to master

Squashed commit of the following:

commit 022682efddaa17849e1b74bd93173d8f2fc251b9
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Mon Feb 13 15:21:03 2017 -0500

snort2lua changes to add file_id when smb file inspection is on

Merge pull request #808 in SNORT/snort3 from doc_nhttp64 to master

Squashed commit of the following:

commit fec40aea4abb0f97763b272bac14cb626dde23cd
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jan 23 10:20:50 2017 -0500

NHI user manual

Merge pull request #812 in SNORT/snort3 from bug_60626 to master

Squashed commit of the following:

commit a20c2f6fc79ba0c545ba9abe4b07a9077079929d
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Feb 10 17:16:17 2017 -0500

avoid overflows of signed integers

Merge pull request #810 in SNORT/snort3 from file_lzma to master

Squashed commit of the following:

commit 4b6e4c731b60d095e6d1e69dca1f1f57de17e857
Author: huica <huica@cisco.com>
Date: Fri Feb 10 10:17:23 2017 -0500

Allow lzma calculate data length

Merge pull request #807 in SNORT/snort3 from stream_bug_102679 to master

Squashed commit of the following:

commit 3894dac1e332295f06585b689fcb2d1aa062e9d0
Author: davis mcpherson <davmcphe.cisco.com>
Date: Thu Feb 9 07:29:51 2017 -0500

only generate 'no 3whs alert' when midstream pickup is denied and traffic has been seen from both the client & server side

Merge pull request #805 in SNORT/snort3 from nhttp65 to master

Squashed commit of the following:

commit 2fb69ed84c074aa40539f0dca567c252df0072e3
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Jan 24 11:09:05 2017 -0500

NHI PDF/SWF decompression

Merge pull request #806 in SNORT/snort3 from warnings to master

Squashed commit of the following:

commit fd0900c85e4065474274c2d00410af0e0f07659c
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Feb 8 12:43:14 2017 -0500

    appid: Remove dead store when USE_RNA_CONFIG isn't defined

commit aaed4212a58227641c7e4e883532990a5a0559dd
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 6 11:21:23 2017 -0500

    dce_rpc: Fix compiler warnings in dce_http_server and dce_http_proxy

Merge pull request #802 in SNORT/snort3 from appid_remove_static_appid_config to master

Squashed commit of the following:

commit bb6e77d1c2c47599718903353cb00ce375e30570
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Mon Feb 6 09:28:27 2017 -0500

    this patch fixes a bug where it was possible that a pointer to the new appid config after a reload
    could be referenced by session that should still be using the old appid config.
    also reduce references to global that points to appid config

Merge pull request #804 in SNORT/snort3 from paused_fixes to master

Squashed commit of the following:

commit 3c508cd54a47180081bfc29fdea820bc11904868
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Feb 6 14:04:55 2017 -0500

    main: Respect exit_requested in main loop when trough is not empty

    This fixes a scenario where Snort would never exit if an exit was
    requested in readback mode while there were still PCAPs to process.

commit f8552624ae27272b3c4fdb277f8141b3c4d7e80c
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 3 12:19:53 2017 -0500

    snort_config: Don't leak fast_pattern_config in destructor when reusing MPSE

commit 2857b7bdf968ec63f2b808bd0f92798d36d0a035
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Feb 3 11:42:03 2017 -0500

    main: Queue orphan analyzer commands for destruction

    This specifically addresses the scenario where a SWAP command is
    broadcast via a shell command while there are no active analyzers, which
    would previously result in the active shell being freed out from under
    the executing command.

Merge pull request #803 in SNORT/snort3 from rna_config_ifdef to master

Squashed commit of the following:

commit a93cbfe4df5a29411d790c873862a8e2df997c60
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Feb 6 13:30:54 2017 -0500

appid: Complete the removal of RNA config and network lists for now

Merge pull request #801 in SNORT/snort3 from s5s2l to master

Squashed commit of the following:

commit 40af73535f5bde6c03ccbbc21b9ca9891f3499a5
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Feb 3 15:18:10 2017 -0500

    add some FIXITs

commit 3f0ca9c6e652df3ca87854083c7ca3c8a2fcb6d2
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Feb 3 14:15:47 2017 -0500

    add deprecated option stream5_tcp: log_asymmetric_traffic to snort2lua

Merge pull request #800 in SNORT/snort3 from stream_reassembly_bug_148058 to master

Squashed commit of the following:

commit 9d91bc4c76128555e60fb8730e99ae1df7544a33
Author: davis mcpherson <davmcphe.cisco.com>
Date: Mon Jan 30 09:15:43 2017 -0500

adjust payload length when reassembling to account for fin when a fin has been recevied

build 225
fix shell resume after command line pause
update default manuals

Merge pull request #796 in SNORT/snort3 from sdf-credit-card-fixup to master

Squashed commit of the following:

commit 768f12ad556a273e9b3a6245ef8227c348f5ab16
Author: Victor Roemer <viroemer@cisco.com>
Date:   Wed Feb 1 12:54:01 2017 -0500

    Use assert, simplify test condition in bounds check

commit 5c07187d6b39a494c238474210620ee115ad7c41
Author: Victor Roemer <viroemer@cisco.com>
Date:   Wed Feb 1 11:20:54 2017 -0500

    Fix off by one bounds checking of the right side

commit 656d6d7c0df190ed294b5f185e554d3ee8b37095
Author: Victor Roemer <viroemer@cisco.com>
Date:   Wed Feb 1 10:53:13 2017 -0500

    Add a numeric boundaries test for builtin patterns

commit 7d3cd2287065df80d02102d593752de10095ff9b
Author: Victor Roemer <viroemer@cisco.com>
Date:   Tue Jan 24 14:55:45 2017 -0500

    Re-enable fast pattern and credit card luhn check validation

commit 73b2b2ab23a0949533ad79243f46a8f7fc04e0ed
Author: Victor Roemer <viroemer@cisco.com>
Date:   Tue Jan 24 13:53:05 2017 -0500

    Remove boundry goofiness in Luhn check that broke validation
    Replace digit separator in credit card pattern from `[- ]?` to `\D?`,
    the original pattern works sometimes but not others??

Merge pull request #797 in SNORT/snort3 from stream_flush_segfault_fix to master

Squashed commit of the following:

commit 52c88a06bef55c02102ed234ec8b69bb7ac9d9eb
Author: davis mcpherson <davmcphe.cisco.com>
Date: Tue Jan 31 17:52:14 2017 -0500

check that the tracker splitter object is valid before trying to call the splitter finish method when doing the final flush on a flow

Merge pull request #798 in SNORT/snort3 from appid_webdav2 to master

Squashed commit of the following:

commit ffbb37755493a42f5f0aed3650e6eb8fb19a4fcd
Author: Steve Chew <stechew@cisco.com>
Date: Thu Jan 26 12:21:38 2017 -0500

Use HTTP inspection events to detect webdav methods.

Merge pull request #780 in SNORT/snort3 from rpc_over_http to master

Squashed commit of the following:

commit 1622adc12f9a615b07682a3b83904c3d71e6058d
Author: Ed Borgoyn <eborgoyn@cisco.com>
Date:   Tue Jan 17 07:03:07 2017 -0500

    Implement rpc_over_http.

    Remove reference count for the http_* inspectors.

    Included config.h, uncrustify'ed add files.

    Fix to snort_debug.h flag.

    Updates per code review.

    Simplify splitters.

    Remove commented-out code.

    Simplified http_server splitter.

    Check for valid gadget before calling exec().

    Code review comment.

    Fix ASAN errors in UT's

    Remove unused variable.

    Fix splitter.  Remove inspector eval() implementation.

    One more UT fix in http_server splitter.

    Changes per code review.  Some improvements to http_proxy as well.

    http_server side completed.  http_proxy work-in-progress.

    Updated http_proxy splitter to simplify and added UT's.

    Better to NOT commit the test version of the source...

    Add SSNFLAG's to indicate a splitter ABORT situation.

    Updated the proxy splitter.

    Splitter reassemble changes.

    Fix one nit from code review.

    Additional code review fixes.

    Wrong data direction in snort_defaults.lua wizard config.

    Expose the failure counters.

    Fix names of counters.

Merge pull request #795 in SNORT/snort3 from units_fix to master

Squashed commit of the following:

commit d466d48c8cb086b7f3ceebbc55c7a00a2cea821b
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Jan 30 14:27:17 2017 -0500

fixed #defines for classes required for unit tests

Merge pull request #794 in SNORT/snort3 from disable_replace to master

Squashed commit of the following:

commit ea026073047d74bb63f2da8f373e954a7956cd1d
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Sat Jan 28 17:22:31 2017 -0500

port disable_replace option from snort 2.x and add snort2lua support

Merge pull request #792 in SNORT/snort3 from peg_norms to master

Squashed commit of the following:

commit 879f054992532a010c067f45c140c7b7a145681d
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 25 16:02:36 2017 -0500

normalize peg names to lower snake_case

Merge pull request #788 in SNORT/snort3 from ssh_tunnel_http to master

Squashed commit of the following:

commit b8ff4c09af767646d36d6203041b95d29b935a0b
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date: Tue Jan 24 15:14:51 2017 -0500

ssh tunnel over http changes

Merge pull request #793 in SNORT/snort3 from hardly to master

Squashed commit of the following:

commit 2cf0b48aa3296297e7ce3629fac594f79ba9a628
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Jan 27 12:08:00 2017 -0500

initialize flow hash with hardener

Merge pull request #789 in SNORT/snort3 from command_objects to master

Squashed commit of the following:

commit 47e6ec7e9fd99f6eae7374d0139e84979e3726e3
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Jan 24 20:49:41 2017 -0500

    main: Add asynchronous, broadcastable analyzer commands

commit bfdee461452dd0875c06dbb3c4596436a767ae70
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Jan 27 10:30:28 2017 -0500

    stream/user: Remove rogue semicolons

commit f4b81f1e3d04627454bc0f9e4e06f4bd0dade7c8
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jan 18 17:21:02 2017 -0500

    swapper: Refactor Swapper out of main.cc

commit 70b4bd47a9084d323850dc79c38e34c4fe01611c
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 21:17:29 2017 -0500

    shell: Add missing newline to Lua execution error responses

Merge pull request #790 in SNORT/snort3 from parser to master

Squashed commit of the following:

commit aaed5f64dd41e0993fcf6116695c72d997efab1f
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 25 09:01:39 2017 -0500

    fix support for content strings with escaped quotes ("foo\"bar")
    thanks to secres@linuxmail.org for reporting the issue

Merge pull request #786 in SNORT/snort3 from stream_bug_149980_no_finish to master

Squashed commit of the following:

commit 7ec653da8825592489b9e4fe4ae733633ab07d19
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Tue Jan 24 15:18:42 2017 -0500

    pass final flush status as a parameter instead of using a member variable

commit bfaac69281cf87538f3759e73f2d462ffcd63b43
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Tue Jan 24 08:59:34 2017 -0500

    for now have NHI return status of 'don't flush any more data' instead of asserting if there is no session data object

commit 6b49070ac39264d2ef6c9d432538d0c6804bed73
Author: davis mcpherson <davis.mcpherson@gmail.com>
Date:   Wed Jan 18 13:40:09 2017 -0500

    add logic to call splitter->finish() when flush_talker and flush_listener are called when connection is closing due to tcp rst

Merge pull request #785 in SNORT/snort3 from bug_segv1 to master

Squashed commit of the following:

commit 868f4323c447c59c7b92a55ef6fafc14075aaf93
Author: Steve Chew <stechew@cisco.com>
Date: Mon Jan 23 23:32:59 2017 -0500

Fixed reload_config bugs.

Merge pull request #787 in SNORT/snort3 from race_conditions to master

Squashed commit of the following:

commit ca7ee0b0da7a70bf493317be721266e8f350915a
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 17:41:56 2017 -0500

    host_tracker: Add locking to summing counts

commit 8056458fb0b0b7d0e07175e6629d43e1e34dacad
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 17:38:47 2017 -0500

    analyzer: Copy source input specifier string to avoid use-after-free

    The input specifier string will be freed on reload, so keep a copy of
    it.  We don't support the input specification changing in non-readback
    mode at the moment, so don't worry about it becoming inaccurate.

commit 28404ce852ca67b726b618ff814d3871d99f406e
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 17:37:30 2017 -0500

    reputation: Make module counts correctly thread-local

commit 837aaa9ee843de237cda7aecefee589ad8c563ce
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 16:24:01 2017 -0500

    framework: Make inspector ref_counts atomic

commit af82b8e3bde7cbdbe98a8d3ad44b3de335f8de3f
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 16:03:59 2017 -0500

    stream/tcp: Fix state machine race conditions

commit 177713176c5396a1b01b93674295d77e3787ac66
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 12:56:09 2017 -0500

    appid: Fix some thread init race conditions

commit 50f43a7c2292a3a26eb836e021bbdc63ed012173
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 12:54:18 2017 -0500

    sfdaq: Fix race condition in break_loop

    Only the packet thread should call break_loop() with a non-zero error
    value, removing the race condition for setting s_error.

commit df7ec3253f27234a253ed933ac19808e71ca439c
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 23 12:53:51 2017 -0500

    flow: Fix race condition in HighAvailabilityManager

Merge pull request #784 in SNORT/snort3 from file_delay to master

Squashed commit of the following:

commit 62995d7e0dfb1f0dbd30b688b6c5aaf572bb9f2c
Author: huica <huica@cisco.com>
Date: Mon Jan 23 10:59:36 2017 -0500

Apply delay action after logging

Merge pull request #782 in SNORT/snort3 from file_reload to master

Squashed commit of the following:

commit 71279c55cd4cab8c12eeb7447367dabedcfe9e9e
Author: huica <huica@cisco.com>
Date: Thu Jan 19 12:56:10 2017 -0500

file inspector reload fix

Merge pull request #783 in SNORT/snort3 from lua_lists to master

Squashed commit of the following:

commit 45d53c105a64464e1eb44335252985b1b430d4e2
Author: Carter Waxman <cwaxman@cisco.com>
Date: Thu Jan 19 12:50:48 2017 -0500

added logic to ensure set fails when the module is a list type and a value is set at the top level

Merge pull request #781 in SNORT/snort3 from macros to master

Squashed commit of the following:

commit ff0cba0a6121c1cf4d8e99f9dd3eb78ddfcd6827
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jan 18 21:45:22 2017 -0500

    build: Don't disable asserts when compiling with code coverage

commit b35985da20ac0dbe8dde56ef9fb6f3e3c35709b4
Author: Michael Altizer <mialtize@cisco.com>
Date:   Wed Jan 18 21:43:38 2017 -0500

    autoconf: Update to latest versions of autoconf-archive macros

Merge pull request #778 in SNORT/snort3 from find_all1 to master

Squashed commit of the following:

commit 80ee4b801232a9a4d9071a463e7f0b6a07a28265
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Jan 18 15:44:12 2017 -0500

    Changed matchIsNotDomainPattern to match_is_domain_pattern

commit bce61d5cb93fa8d426d282b920c134e7d03168a1
Author: Steve Chew <stechew@cisco.com>
Date:   Tue Jan 17 21:17:14 2017 -0500

    Updated pattern_match in detector_pattern.cc

commit 5ced7f716ff361f2558fe76cba777efe1c79f7ec
Author: Steve Chew <stechew@cisco.com>
Date:   Tue Jan 17 20:57:47 2017 -0500

    Use safer start_pos instead of after_match_pos.

commit 3da82697a48860bb32059238da61398fbc731661
Author: Steve Chew <stechew@cisco.com>
Date:   Tue Jan 17 19:50:20 2017 -0500

    Fixes to get pop3 and timbuktu regressions working.

commit 04b7a3b0f289406fd02e4c3f2c12324c08af90d8
Author: Steve Chew <stechew@cisco.com>
Date:   Tue Jan 17 05:18:19 2017 -0500

    Fix find_all usage of index to conform to Snort++ SearchEngine API.

Merge pull request #779 in SNORT/snort3 from appid_count to master

Squashed commit of the following:

commit a9dc76ad5be047b7391c0e479fe6514b29cb3e22
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Jan 9 12:38:25 2017 -0500

updated appid to count dns flows on request instead of response so that blocked flows are counted.