git.ipfire.org Git - thirdparty/snort3.git/log

Pull request #4092: build: generate and tag 3.1.74.0

Merge in SNORT/snort3 from ~PRBG/snort3:snort3_build_3.1.74.0_libdaq_v3.0.13 to master

Squashed commit of the following:

commit 4efd8f0c6e8a115d3d8133a86679480a725d9ab7
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue Nov 7 16:12:01 2023 -0500

build: generate and tag 3.1.74.0

Pull request #4083: bad checksum fix

Merge in SNORT/snort3 from ~VKHARVI/snort3:proto_51_fix to master

Squashed commit of the following:

commit bff3344649af8f6eb2e8e48679aa802df7d92e5c
Author: VISHAL RATNAKAR KHARVI -X (vkharvi - XORIANT CORPORATION at Cisco) <vkharvi@cisco.com>
Date: Wed Nov 1 18:43:15 2023 +0530

codecs: Fix bad checksum when auth(51) protocol header is present between IP and TCP layer.

Pull request #4088: Build

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:build to master

Squashed commit of the following:

commit 081a9a49a764b4e93b16047fa66592d3725dcb64
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Nov 3 13:16:32 2023 -0400

    build: fix up 32-bit compilation

commit c34089572ac99037baa69003971fe9b8cfea5c2d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Nov 3 12:52:55 2023 -0400

    appid: clean up main thread appid debug and make appid on, off, on work

Pull request #4082: Ips option ack

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:ips_option_ack to master

Squashed commit of the following:

commit 9001bca22553e7cd2a393a195ef0348b535bf5cc
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Nov 1 13:35:11 2023 +0200

    ips_options: fix ack option

    Packet header contains ACK in network representation.

Pull request #4085: ips_options: fix flow bits

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:fix_flowbits to master

Squashed commit of the following:

commit 252461ea3911401cb7c80304bc803f6c6c74080f
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Nov 2 15:12:29 2023 -0400

ips_options: fix flow bits

Pull request #3935: Cppcheck

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:cppcheck to master

Squashed commit of the following:

commit e7663dd3be7fd74a91808f293de0222ea7a467ee
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Thu Oct 19 11:46:13 2023 -0400

    build: remove unused functions reported by cppcheck

commit ce623c51d7bb6a034d09b3700db74f1ccf229bc5
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Wed Jul 19 12:55:56 2023 -0400

    actions, detection, file_api, flow, stream: coverity fixes

commit bed4872d9259d16a345e61a15f766505c18b0c30
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Jun 30 13:57:44 2023 -0400

    build: Address miscellaneous cppcheck warnings

Pull request #4077: search_tool: allow an override of the search method

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:search_tool to master

Squashed commit of the following:

commit 69f8dddd2647a3e02e6446a9fe0e9a1ac78771f0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Oct 27 12:14:12 2023 -0400

search_tool: allow an override of the search method

Pull request #4080: Taking care of few coverity warnings post porting of SMB Multichannel

Merge in SNORT/snort3 from ~SUMIKUM7/snort3:post_porting_760 to master

Squashed commit of the following:

commit 896ce9cb02a539af2297c5bc4207a4879319e844
Author: Sumit Kumar <sumikum7@cisco.com>
Date: Sat Oct 28 10:25:35 2023 +0530

snort3_coverity: coverity errors and cppcheck warnings being fixed here

Pull request #4061: Porting into 760(snort3) for SMB Multichannel Redesigning (First done in 741)

Merge in SNORT/snort3 from ~SUMIKUM7/snort3:porting_760 to master

Squashed commit of the following:

commit 6fc8604a2a7448163b8226ffaf77799c2965f4c1
Author: Sumit Kumar <sumikum7@cisco.com>
Date: Fri Oct 13 15:45:05 2023 +0530

dce_rpc: Added SMB Redsigned Multichannel enabled code

Pull request #4070: src: fix coverity warnings

Merge in SNORT/snort3 from ~MDAGON/snort3:coverity to master

Squashed commit of the following:

commit 5085ae69eeeb397398e4e72704ab917a65c1c178
Author: maya dagon <mdagon@cisco.com>
Date: Fri Oct 20 12:12:41 2023 -0400

src: fix coverity warnings

Pull request #4072: search_tool: fall back to normal mpse if no snort config

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:muster to master

Squashed commit of the following:

commit da21ec1a104bde95dc1f944fb50411daf0732803
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Oct 26 10:18:18 2023 -0400

search_tool: fall back to normal mpse if no snort config

Pull request #4068: http_inspect: add correct handling of configuration error

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:http_param_fix to master

Squashed commit of the following:

commit 2a15f0c5742bd014c9152620b68158db81237637
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Wed Oct 25 14:02:35 2023 +0300

http_inspect: add correct handling of configuration error

Pull request #4062: appid: Lua log function with appiddebug check

Merge in SNORT/snort3 from ~OSTEPANO/snort3:lua_log to master

Squashed commit of the following:

commit 8e509beb02cfed13e5fd171896d10159e91b1cbb
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Aug 10 08:18:48 2023 -0400

appid: Lua log function with appiddebug check

Pull request #4041: packet_io: fix incorrect counters caused by data plane counters reset

Merge in SNORT/snort3 from ~AKAYAMBU/snort3:daq_counter_fix to master

Squashed commit of the following:

commit 4ed5cf5bc6c597417789b18c15b03efa2843db69
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date: Fri Oct 6 08:21:47 2023 -0400

packet_io: fix incorrect counters caused by data plane counters reset

Pull request #4064: build: generate and tag 3.1.73.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.73.0 to master

Squashed commit of the following:

commit 26cad17bf00a89a84016de1a54f62202ce3d2cfd
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Mon Oct 23 08:55:22 2023 -0400

build: generate and tag 3.1.73.0

Pull request #4060: http_inspect: handle reserved gzip flags

Merge in SNORT/snort3 from ~MDAGON/snort3:gzip_flag to master

Squashed commit of the following:

commit d26f4726924c24ba7cafe6ba05468398ec0c4ab7
Author: maya dagon <mdagon@cisco.com>
Date: Tue Oct 3 10:40:52 2023 -0400

http_inspect: handle reserved gzip flags

Pull request #4059: appid: fixing cppcheck issue

Merge in SNORT/snort3 from ~SATHIRKA/snort3:fix_cppcheck to master

Squashed commit of the following:

commit 0b0614d79c862b35fca04c6dd70b30069ee316c2
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Oct 17 08:45:52 2023 -0400

appid: fixing cppcheck issue

Pull request #4056: stream_tcp: ignore normalization checks when in midstream state

Merge in SNORT/snort3 from ~JALIIMRA/snort3:midstream_invalid_seq to master

Squashed commit of the following:

commit db2d4e4174f77527e8360d66361c2bd2b9f21aba
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Wed Oct 11 10:48:18 2023 -0400

stream_tcp: ignore normalization checks when in midstream state

Pull request #4049: http_inspect: response to 0.9 isn't necessarily 0.9

Merge in SNORT/snort3 from ~MDAGON/snort3:zero_nine_res to master

Squashed commit of the following:

commit 5a1eb93b13c3a086c9c9baa4382853fecb5bb408
Author: maya dagon <mdagon@cisco.com>
Date: Wed Oct 4 08:30:54 2023 -0400

http_inspect: response to 0.9 isn't necessarily 0.9

Pull request #4057: profiler: extend field length to support uint64

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:time_profiler_field to master

Squashed commit of the following:

commit 369b82cb73598a157ebe1769ebd2bed1da52b525
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Tue Oct 17 01:45:39 2023 -0400

profiler: extend field length to support uint64

Pull request #4054: host_cache: added segmented cache

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:segmented_atr_cache to master

Squashed commit of the following:

commit d5e597e210b8c9a8c1d8e3dad6d675ecd9c5bcda
Author: rshafiq <rshafiq@cisco.com>
Date: Wed Oct 11 19:15:09 2023 -0400

host_cache: added segmented cache

Pull request #4001: appid: Added support for appid trace logs with multiple logging levels

Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_cbd_logging to master

Squashed commit of the following:

commit 03b7c38fb7fb796f0e7983c3f8fa6686c19a1561
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Sep 12 11:45:40 2023 -0400

appid: Added support for appid trace logs with multiple logging levels

Pull request #4047: tcp: do not allow duplicates in trs.alerts vector to avoid OOM possibility

Merge in SNORT/snort3 from ~ANOROKH/snort3:trs_alerts_dup_fix to master

Squashed commit of the following:

commit 08cecc25c6ca5763c725ccfb0fe48e692f0cfee7
Author: Anna Norokh <anorokh@cisco.com>
Date:   Fri Sep 29 13:42:35 2023 +0300

    stream: skip duplicated alerts in TcpReassemblerState's list

    * add assert() to verify flow.trs_alerts test work

    Thanks wenhao-in-chengdu for reporting the issue and suggesting a fix.

Pull request #4051: detection: always clear rule profiling stats for all nodes

Merge in SNORT/snort3 from ~ASERBENI/snort3:ruleprof_stats to master

Squashed commit of the following:

commit 6a7f93962b14b5675e36373f65fa1869e30e9577
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Thu Oct 12 12:29:58 2023 +0300

detection: fix cleaning of rule profiling stats when profiling starts

Pull request #4050: control: code refactor to support all unix flavors

Merge in SNORT/snort3 from ~RCONJEEV/snort3:control_conn_cmd_block_fix to master

Squashed commit of the following:

commit 2a10e5ab32d00bc4aa0389f21fe2bad270d14f93
Author: RAGHURAAM CONJEEVARAM UDAYANAN -X (rconjeev - XORIANT CORPORATION at Cisco) <rconjeev@cisco.com>
Date: Thu Oct 12 15:26:16 2023 +0530

control: code refactor to support all unix flavors

Pull request #4044: build: generate and tag 3.1.72.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.72.0 to master

Squashed commit of the following:

commit 31d798da0da602ab732f2661d2fca4ae75e15101
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue Oct 10 23:02:24 2023 -0400

build: generate and tag 3.1.72.0

Pull request #4032: stream_tcp: update rcv_nxt appropriately after each segment

Merge in SNORT/snort3 from ~JALIIMRA/snort3:update_rcv_nxt to master

Squashed commit of the following:

commit d04ba2b4f24c2f035509b4801e60a98d9452fbcb
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Fri Sep 29 16:58:49 2023 -0400

stream_tcp: update rcv_nxt appropriately for each segment

Pull request #4019: control: blocking control connections

Merge in SNORT/snort3 from ~RCONJEEV/snort3:control_conn_cmd_block_fix to master

Squashed commit of the following:

commit b1ad1e27d0f38286ac99594af11eb7d1c0cb94f8
Author: RAGHURAAM CONJEEVARAM UDAYANAN -X (rconjeev - XORIANT CORPORATION at Cisco) <rconjeev@cisco.com>
Date: Mon Sep 25 04:25:11 2023 -0400

control: allow one command at a time

Pull request #4040: helpers: increase buffer space for function names, allow printing truncated names

Merge in SNORT/snort3 from ~YCHALOV/snort3:backtrace_buffer_space to master

Squashed commit of the following:

commit 4a228b16da04e83b4749e84b310e4b2716936b3e
Author: Yurii Chalov <ychalov@cisco.com>
Date: Wed Oct 4 21:20:37 2023 +0200

helpers: increase buffer space for function names, allow printing truncated names

Pull request #4039: http_inspect: run detection on failed utf decoding

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:utf to master

Squashed commit of the following:

commit fe4c6b14626890ba2fa116faa4c9b632532e0cf9
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Sep 29 17:11:09 2023 -0400

http_inspect: run detection on failed utf decoding

Pull request #4034: stream_tcp: accept 1 byte of trimmed probe data after zero window

Merge in SNORT/snort3 from ~JALIIMRA/snort3:sfcn_zw_trim to master

Squashed commit of the following:

commit 86635a90a120ba963cee350075bc8f50545f219d
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Thu Sep 28 06:11:46 2023 -0400

stream_tcp: accept 1 byte of trimmed probe data after zero window

Pull request #4036: appid: Support to get correct http session based on stream_id

Merge in SNORT/snort3 from ~KBHANDAN/snort3:file_concurrent to master

Squashed commit of the following:

commit 0ff38afdada8f56ad977b9acb68eb96cad4e0e56
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Mon Oct 2 14:08:21 2023 +0530

appid: Support to get correct http session based on stream_id

Pull request #4014: flow_cache: added protocol base LRU caches

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:proto_base_lru to master

Squashed commit of the following:

commit 792e5b3c3febeece0f174c16a84646a3fb2e8a94
Author: rshafiq <rshafiq@cisco.com>
Date: Wed Sep 13 07:23:23 2023 -0400

flow_cache: added protocol base LRU caches

Pull request #4030: memory: change NOW type counts to SUM type, where necessary

Merge in SNORT/snort3 from ~MMATIRKO/snort3:now_pegs to master

Squashed commit of the following:

commit 82c5c10e13933d003f8907a41c8bdee48541a381
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Sep 27 15:27:54 2023 -0400

memory: change NOW type counts to SUM type, where necessary

Pull request #4028: CSCwh22691 - Continuous snort3 cores in DCE/SMB - DC into 7.6 release

Merge in SNORT/snort3 from ~ASHIKTHO/snort3:CSCwh22691_master to master

Squashed commit of the following:

commit 21e36571ca53ccb7883eee3cfb9aaf9e4cf2a7ec
Author: Sumit Kumar <sumikum7@cisco.com>
Date: Mon Aug 21 14:31:03 2023 +0530

dce_rpc: using reset_using_rpkt() inline to what is there in eval() of SMB inspector code as well

Pull request #4011: packet_io: fix daq stats

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:kern to master

Squashed commit of the following:

commit 0ef7d59ebe19f9c93e39296bcf6dd7d540596971
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Sep 19 17:52:12 2023 -0400

packet_io: fix daq stats

Pull request #4018: active: added API for printing delayed action string

Merge in SNORT/snort3 from ~KBHANDAN/snort3:file_verdict to master

Squashed commit of the following:

commit 68a43601dfb338206704a6bf64ac01cec05fa046
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Sat Sep 23 11:06:59 2023 +0530

active: added API for printing delayed action string

Pull request #4026: tcp: timeout for embryonic and idle session

Merge in SNORT/snort3 from ~SHANMS/snort3:tcp_conn_timeout to master

Squashed commit of the following:

commit 43753f773b6dacc772d85766718bb15b4ac0da5a
Author: shanms <shanms@cisco.com>
Date: Thu Jun 22 14:41:06 2023 +0000

tcp: timeout for embryonic and idle session

Pull request #4017: http_inspect: clear fake headers snapshot for 0.9 response

Merge in SNORT/snort3 from ~MDAGON/snort3:zero_nine to master

Squashed commit of the following:

commit 6cb2056dfb53780d8a70b69611a85b8cf2f635f4
Author: maya dagon <mdagon@cisco.com>
Date: Thu Sep 21 11:40:03 2023 -0400

http_inspect: clear fake headers snapshot for 0.9 response

Pull request #4022: build: generate and tag 3.1.71.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.71.0 to master

Squashed commit of the following:

commit e1ebf3f63dd0c0c9891e913de83dbde00beca65a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Mon Sep 25 07:45:30 2023 -0400

build: generate and tag 3.1.71.0

Pull request #3995: appid, http_inspect, http2_inspect: create appid session if not present in decrypt event handler, add message section as part of StreamFlowIntf for httpx

Merge in SNORT/snort3 from ~SHIBOSE/snort3:ac_rule_match to master

Squashed commit of the following:

commit df546681b874d2c88e6d1af67c1bccdb9d6d28e5
Author: shibose <shibose@cisco.com>
Date: Wed Sep 6 17:44:39 2023 +0000

appid, http_inspect, http2_inspect: create appid session if not present in decrypt event handler, add message section as part of StreamFlowIntf for httpx

Pull request #4012: flow: allow reinspection for blocked icmp flows after reload

Merge in SNORT/snort3 from ~SBAIGAL/snort3:icmp_fix to master

Squashed commit of the following:

commit 2749fdea6bb8b5e777288fd234f088adc05404ba
Author: Steven Baigal <sbaigal@cisco.com>
Date: Wed Sep 13 14:24:18 2023 -0400

flow: allow reinspection for blocked icmp flows after reload

Pull request #3996: parser: add file_id rule syntax evaluation

Merge in SNORT/snort3 from ~ANOROKH/snort3:contentless_file_id to master

Squashed commit of the following:

commit 62f56f702475340468f31ab8a7f1a0fcbdc3c943
Author: Anna Norokh <anorokh@cisco.com>
Date:   Wed Sep 13 11:03:31 2023 +0300

    parser: add file_id rule syntax evaluation

      * drop ParseError in case of file_id rule without file_meta,
        fast-pattern(content,regex) or file_data option;
      * update file_id docs;
      * detection: replace rtn hard check with assert

Pull request #4010: detection: avoid multiple fixups of duplicated trees

Merge in SNORT/snort3 from ~VHORBATO/snort3:fixup_tree_tsan to master

Squashed commit of the following:

commit aa509bd5fb8a21cc3365a427e434086401d15523
Author: vhorbato <vhorbato@cisco.com>
Date: Tue Sep 19 11:14:34 2023 +0300

detection: avoid multiple fixups of duplicated trees

Pull request #3993: main: fix signals handling after failed started instances

Merge in SNORT/snort3 from ~YCHALOV/snort3:all_pthreads_fix to master

Squashed commit of the following:

commit a5fb3c19fd3654946f66fc0786826791c34460f7
Author: Yurii Chalov <ychalov@cisco.com>
Date: Mon Sep 11 14:51:22 2023 +0200

main: fix signals handling after failed started instances

Pull request #3980: codecs: Add IPv6 Reserved Address to GID:116 Rules

Merge in SNORT/snort3 from ~TGANESHK/snort3:ipv6_newrule to master

Squashed commit of the following:

commit af9ad67ce413fccf9514c93893abce2591e0868e
Author: THARANI DHARAN GANESHKUMAR -X (tganeshk - XORIANT CORPORATION at Cisco) <tganeshk@cisco.com>
Date: Mon Aug 21 22:07:34 2023 +0530

codecs: Add IPv6 Reserved Address to GID:116 Rules

Pull request #4003: Smtp: support LF eol, add new alert

Merge in SNORT/snort3 from ~MDAGON/snort3:smtp2 to master

Squashed commit of the following:

commit bcef85d9d705aee8b9ef431a0afb9c6e2ace0f18
Author: maya dagon <mdagon@cisco.com>
Date:   Wed Sep 13 16:40:48 2023 -0400

    smtp: process DATA\n (no \r)

commit 932d3c0f135a352146f67f6e007023c2a1e3bb41
Author: maya dagon <mdagon@cisco.com>
Date:   Thu Sep 7 18:08:51 2023 -0400

    smtp: add alert for mixed LF and CRLF

Pull request #4004: stream_tcp: examine whether a segment plugs a hole before blocking due to exceeding queue_limit

Merge in SNORT/snort3 from ~JALIIMRA/snort3:seglist_window to master

Squashed commit of the following:

commit 872c4d9796db0b8099005542889da60d353fc8af
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Sep 11 11:56:03 2023 -0400

stream_tcp: examine whether a segment plugs a hole before blocking due to exceeding queue_limit

Pull request #3976: main: reset_stats argument type improvement

Merge in SNORT/snort3 from ~PRATEPRA/snort3:reset_stats_improve to master

Squashed commit of the following:

commit bf907f9b6fbfef61c5c9363fd67971d793d36de9
Author: PRATEEK MOHAN PRABHU -X (pratepra - XORIANT CORPORATION at Cisco) <pratepra@cisco.com>
Date: Mon Aug 28 22:46:09 2023 +0530

main: reset_stats argument type improvement

Pull request #3989: flow: generate flow setup and established events for ha flows

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:ha_flow_events to master

Squashed commit of the following:

commit 0586aa711d765efb73bd75863886f8790e1a4d48
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Sep 7 08:55:57 2023 -0400

flow: generate flow setup and established events for ha flows

Pull request #3982: Stream: extend interface of extra data logging

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:extra_data_update to master

Squashed commit of the following:

commit a4369053a05642a3c8ad9384ee1e9e04601ddce9
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Fri Aug 18 18:00:14 2023 +0300

stream: extend list of arguments for extra data logging

Pull request #3988: host_cache: cppcheck fix

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:cppcheck_fix to master

Squashed commit of the following:

commit e031ab24740026fd43fdd062dfd830c389dc820d
Author: rshafiq <rshafiq@cisco.com>
Date: Fri Sep 8 09:34:46 2023 -0400

host_cache: cppcheck fix

Pull request #3983: stream_tcp: ensure all data segments after a zero window are blocked when NAP is inline

Merge in SNORT/snort3 from ~JALIIMRA/snort3:sfcn_zw_block to master

Squashed commit of the following:

commit f9831f17611dfbed4c4ff20717272e7ab26c66f9
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Sep 4 14:30:19 2023 -0400

stream_tcp: ensure all data segments after a zero window are blocked when NAP is inline

Pull request #3987: detection: fix of default ips policy switching

Merge in SNORT/snort3 from ~ANOROKH/snort3:file_id_tenant_fix to master

Squashed commit of the following:

commit 4a0f89aab337ca876c5a46014f5be2c36217c42e
Author: Anna Norokh <anorokh@cisco.com>
Date:   Fri Sep 1 18:15:37 2023 +0300

    detection: fix of default ips policy switching

    Because in case of tenant or adress_space configurations, previous code will switch
    policy to network related IPS policy, not to default.

Pull request #3991: http2_inspect: fix http2 frame length for logging

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:fix_len to master

Squashed commit of the following:

commit fede0d17affda64ac54930a0f9c605ad5e1d7ef5
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Sep 8 11:14:28 2023 -0400

http2_inspect: fix http2 frame length for logging

Pull request #3992: build: generate and tag 3.1.70.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.70.0 to master

Squashed commit of the following:

commit 3357a9d7fd060ef804b9fa5dbb4790709142fd11
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Sun Sep 10 14:47:26 2023 -0400

build: generate and tag 3.1.70.0

Pull request #3978: main: prevent reloading unprepared thread

Merge in SNORT/snort3 from ~YCHALOV/snort3:thread_reinit_fix to master

Squashed commit of the following:

commit 2a1ca1397f62224c096b9bedb22b715db390e7ba
Author: Yurii Chalov <ychalov@cisco.com>
Date: Mon Aug 28 13:42:53 2023 +0200

main: prevent reloading unprepared thread

Pull request #3942: host_cache: segmented host cache

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:host_cache_locking to master

Squashed commit of the following:

commit e642b5dcfbc6a48be841676c6a9e77f2a8788dd3
Author: rshafiq <rshafiq@cisco.com>
Date: Thu Jul 27 08:43:35 2023 -0400

host_cache: added segmented host cache

Pull request #3981: detection: fix assert expression

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:flowbit_assert to master

Squashed commit of the following:

commit f6ab7141e83a53ed630b50f9331d841ae60ce193
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Sep 1 15:07:31 2023 +0300

    detection: fix assert expression

    Flowbit setter can be evaluated against a packet without flow.
    IPS rule still matches.

Pull request #3975: helpers: improve hyperscan_search error message

Merge in SNORT/snort3 from ~MDAGON/snort3:hyper_msg to master

Squashed commit of the following:

commit 84357839a39f9ac89a8cd5b448a828a061129c51
Author: maya dagon <mdagon@cisco.com>
Date: Thu Aug 24 14:52:14 2023 -0400

helpers: improve hyperscan_search error message

Pull request #3965: appid: makes regex error more of a warning

Merge in SNORT/snort3 from ~LCZARNIK/snort3:regex_warning to master

Squashed commit of the following:

commit 42b77baa8c0f3d1b2380a40a8b1e64ece33874e5
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date: Tue Aug 22 04:29:06 2023 -0400

appid: makes regex error more of a warning

Pull request #3974: search_engines: allow a snort config to be passed to find_all

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:wild_card to master

Squashed commit of the following:

commit ee1aa0de6b0ebe3449eb870b9581299074cea966
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Aug 24 15:58:32 2023 -0400

search_engines: allow a snort config to be passed to find_all

Pull request #3973: build: generate and tag 3.1.69.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.69.0 to master

Squashed commit of the following:

commit 0790c83baa10bb571b4862b29c14090992a023e2
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Sun Aug 27 10:09:40 2023 -0400

build: generate and tag 3.1.69.0

Pull request #3967: http2_inspect: add frame when logging a packet

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:h2_pkt to master

Squashed commit of the following:

commit 6a79c665c90e29c2025376c56ee1be5ef6d49e68
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Wed Aug 23 15:16:33 2023 -0400

    http2_inspect: address comments from Oleksii

commit 038f465bd138fbc9eb17fa661a9161cdd5235cbe
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Wed Jul 5 16:59:08 2023 -0400

    http2_inspect: add frame when logging a packet

Pull request #3971: http2_inspect: test tool config changes

Merge in SNORT/snort3 from ~MDAGON/snort3:fix_test to master

Squashed commit of the following:

commit 17143f2739a892c03d085a7451e4518a11fc6c16
Author: maya dagon <mdagon@cisco.com>
Date: Mon Aug 21 09:29:42 2023 -0400

http2_inspect: update test tool configurations

Pull request #3968: framework: Add virtual for inspectors that publish data when no ips policy is enabled.

Merge in SNORT/snort3 from ~STECHEW/snort3:dns_support_no_ips to master

Squashed commit of the following:

commit 12b31bdbac8c99c0e83b3e3a3e0e2f1922b90ea7
Author: Steve Chew <stechew@cisco.com>
Date: Tue Aug 22 22:54:30 2023 -0400

framework: Add virtual for inspectors that publish data when no ips policy is enabled.

Pull request #3969: dce_rpc: fix stats for client/server segments reassembled

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:dce_rpc_fix to master

Squashed commit of the following:

commit 41a8beea1fced1a5a4baf1fa8fbc7ff6d30a1d08
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Aug 18 16:20:22 2023 +0300

    dce_rpc: fix stats for client/server segments reassembled

    Thanks to Bader-eddine Ouaich for addressing the issue.

Pull request #3952: appid: mark ssl appid lookup successful if a service id is available

Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_api_fix to master

Squashed commit of the following:

commit b70cfde78e3439c33f7d11225b9986e10b57f276
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Aug 8 14:41:52 2023 -0400

appid: mark ssl appid lookup successful if a service id is available

Pull request #3961: HTTP mime boundary

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:http_mime_boundary to master

Squashed commit of the following:

commit 3ab0ced3e66e7f16da26e2ada1340b34d4f10897
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Aug 4 15:49:38 2023 +0300

    mime: postpone boundary-look-alike data till the next PDU arrives

    Works only if file position is unknown (http_inspect).

commit 154e2cc8d636004796761f64f8ec515bbb0a9e5b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Aug 3 21:02:24 2023 +0300

    mime: support transport padding in boundary strings

    transport-padding := *LWSP-char
    In encapsulation as "dash-boundary transport-padding CRLF".
    In multipart-body as "delimiter transport-padding CRLF".

commit 70d077a012bc79348017bd984f955c2b3ae3caec
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Aug 2 15:41:30 2023 +0300

    mime: fix boundary search

    In multi-part body the delimiter starts with CRLF and then boundary sequence goes.
    The first boundary may go without CRLF.

    However, scanning_boundary still ignores CRLF as they frequently occur in the file body.

commit 0e07d0a7c584633d6267f7df6283c4fa53f49d31
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Jul 26 14:52:29 2023 +0300

    http_inspect: adjust formatting

Pull request #3960: http2_inspect: handle empty header name

Merge in SNORT/snort3 from ~MDAGON/snort3:zero_hdr to master

Squashed commit of the following:

commit ea086e6a5be6780942c0a72d5b57dc4e4c4d6c97
Author: maya dagon <mdagon@cisco.com>
Date: Wed Aug 16 07:49:32 2023 -0400

http2_inspect: handle empty header name

Pull request #3957: inspector: export get_service_inspector_by_service method

Merge in SNORT/snort3 from ~KBHANDAN/snort3:quic_alpn to master

Squashed commit of the following:

commit c83471159682c4eca861f01b5889f89e331f080a
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date: Mon Aug 14 23:33:28 2023 +0530

inspector: export get_service_inspector_by_service method

Pull request #3955: appid: prefer eve client over appid detected client after decryption and use appid detected client version if eve client equals appid client

Merge in SNORT/snort3 from ~SATHIRKA/snort3:decrypted_http to master

Squashed commit of the following:

commit 2e2b0425f9228cea79a2023959c9e71bee040923
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed May 24 20:01:09 2023 -0400

appid: prefer eve client over appid detected client after decryption and use appid detected client version if eve client equals appid client

Pull request #3946: http2_inspect: update connection settings on ack

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:settings_ack to master

Squashed commit of the following:

commit 28a58b0433ba324da53fcf14398c2cdd205dd0b3
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Jul 25 16:03:20 2023 -0400

http2_inspect: update connection settings on ack

Pull request #3959: dns: Updates to allow DNS to be compiled dynamically.

Merge in SNORT/snort3 from ~STECHEW/snort3:dynamic_dns to master

Squashed commit of the following:

commit 4c8cf55371d387e0b37b63d330cd776ca630ea09
Author: Steve Chew <stechew@cisco.com>
Date: Tue Aug 15 22:42:25 2023 -0400

dns: Updates to allow DNS to be compiled dynamically.

Pull request #3958: build: generate and tag 3.1.68.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.68.0 to master

Squashed commit of the following:

commit f9f4200306f0a5a5e40a6cb00237dea0a636d30f
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Mon Aug 14 22:13:20 2023 -0400

build: generate and tag 3.1.68.0

Pull request #3956: managers: fix get_inspector to use the passed in snort config for context and inspection inspectors

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:fqdn to master

Squashed commit of the following:

commit 8394704aec2431ef1d070cbec8109075f2bed399
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Jul 25 10:15:45 2023 -0400

managers: fix get_inspector to use the passed in snort config for context and inspection inspectors

Pull request #3936: Dns response ip/name parser

Merge in SNORT/snort3 from ~SVLASIUK/snort3:dns_name_parser to master

Squashed commit of the following:

commit 81500ab8cd6138545a0c60009eda898e88de0e62
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date:   Tue Jul 25 18:50:36 2023 +0300

    dns: parse and publish dns response with ip, fqdn/ttl data

    added publish_response new dns inspector option

Pull request #3954: http_inspect: disable rule evaluation caching for MIME attachments

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:http_multiple_detection to master

Squashed commit of the following:

commit 38d843d18168ea4895e1a040f7de243cfb72dfc7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Aug 10 15:42:06 2023 +0300

http_inspect: disable rule evaluation caching for MIME attachments

Pull request #3949: sfip: Add < operator so SfIp can be used in std::map and std::set.

Merge in SNORT/snort3 from ~STECHEW/snort3:sfip_lessthan to master

Squashed commit of the following:

commit 40ae0e52ba715656e350f99928e696116624c78d
Author: Steve Chew <stechew@cisco.com>
Date: Tue Aug 8 13:01:59 2023 -0400

sfip: Add < operator so SfIp can be used in std::map and std::set.

Pull request #3948: stream: init meta ack packet action field

Merge in SNORT/snort3 from ~MDAGON/snort3:action_crash to master

Squashed commit of the following:

commit e75f02f21299dafbc205b30175c964d6bef24140
Author: maya dagon <mdagon@cisco.com>
Date: Tue Aug 8 08:59:39 2023 -0400

stream: init meta ack packet action field

Pull request #3943: remove asn1

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:asn1_fixing to master

Squashed commit of the following:

commit 9fd16701a67d1e244ba110de1f6a3160991f4baf
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Fri Aug 4 16:05:50 2023 +0300

    doc: udpate tutorial

commit db8e6783b1850e54024d4bb84364b166f7aff021
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Tue Jul 11 18:55:55 2023 +0300

    src: remove ips option asn1

Pull request #3940: wizard: refactoring - split curses to multiple files by protocol

Merge in SNORT/snort3 from ~MDAGON/snort3:wizard to master

Squashed commit of the following:

commit ad41e68e63256944ec6a6ffb1d1074f2fd891250
Author: maya dagon <mdagon@cisco.com>
Date: Mon Jul 31 14:51:01 2023 -0400

wizard: refactoring - split curses to multiple files by protocol

Pull request #3927: appid, cip: parsing cip safety segments

Merge in SNORT/snort3 from ~UMASHARM/snort3:cip to master

Squashed commit of the following:

commit a8174147e5aff828a79dffe6e252b4bea69de8d7
Author: Umang Sharma <umasharm@cisco.com>
Date: Mon Jul 24 12:07:57 2023 -0400

appid, cip: parsing cip safety segments

Pull request #3938: build: generate and tag 3.1.67.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.67.0 to master

Squashed commit of the following:

commit 3473c773d17abe367718db98914829680038c401
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Sun Jul 30 10:02:06 2023 -0400

build: generate and tag 3.1.67.0

Pull request #3934: ssl: remove wildcard character from common name string extracted from ssl certificate

Merge in SNORT/snort3 from ~SATHIRKA/snort3:cname_wildcard to master

Squashed commit of the following:

commit 0e8f3ab6fede768ff8acd8697ce9690082a9f417
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Jul 25 16:41:38 2023 -0400

ssl: remove wildcard character from common name string extracted from ssl certificate

Pull request #3898: appid: SSL regex patterns

Merge in SNORT/snort3 from ~LCZARNIK/snort3:regex_ssl to master

Squashed commit of the following:

commit b75fe307c9e2f091dcdd2bd5ad669e8b22d95df5
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date: Tue Jul 4 08:02:45 2023 -0400

appid: SSL regex pattern implementation

Pull request #3846: profiler: shell commands for time profiler

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:time_profiling to master

Squashed commit of the following:

commit 153408ae69c20bbe2f8f8afdfe125cc544e37207
Author: Akhilesh MY <amuttuva@cisco.com>
Date:   Fri May 12 10:10:19 2023 -0400

    profiler: shell commands for time profiler

    profiler: Handle reload scenarios and tsan issues

    profiler: remove interdependency with time and memory for accumulation
    change command names to match exposed profiler

Pull request #3928: ssl: extract common name in the SSL certificate using openssl apis

Merge in SNORT/snort3 from ~SATHIRKA/snort3:vdb_ci_fix_cn to master

Squashed commit of the following:

commit 83bf5e6d1e1041d6029ac91c067eb800d2eb35c7
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Jul 24 11:56:57 2023 -0400

ssl: extract common name in the SSL certificate using openssl apis

Pull request #3926: build: fix type resolution for OSX build environment

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:build_fix_types to master

Squashed commit of the following:

commit 82c8c6747c11288bb8b5fe819413f8aa4762c9e2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Jul 24 16:59:06 2023 +0300

build: fix type resolution for OSX build environment

Pull request #3925: build: fix cstdint related clearlinux errors

Merge in SNORT/snort3 from ~MDAGON/snort3:clearlinux to master

Squashed commit of the following:

commit 7ef2bc13851ffa2bf7908964242859a8c05ddd96
Author: maya dagon <mdagon@cisco.com>
Date: Thu Jul 20 14:34:01 2023 -0400

build: fix cstdint related clearlinux errors

Pull request #3924: flow: make sure cpputest mock objects are initialized

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:ha_test2 to master

Squashed commit of the following:

commit aebb18b1f50e3ba10b0050f171c4664486b4de43
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Jul 21 12:30:20 2023 -0400

flow: make sure cpputest mock objects are initialized

Pull request #3921: lua: change cip binder rule from 22222 to 2222 (thanks to animator-ra on GitHub for this fix).

Merge in SNORT/snort3 from ~MMATIRKO/snort3:lua_cip to master

Squashed commit of the following:

commit 2f5d3525d9018f15eee121701cbb4b22db652c8f
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Wed Jul 19 15:45:23 2023 -0400

    style: fix whitespace

commit 4eb3ff2b5a0411da5f2c38b4f57c0e836c10880e
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Wed Jul 19 14:35:16 2023 -0400

    lua: change cip binder rule from 22222 to 2222 (thanks to animator-ra on GitHub for this fix).

Pull request #3856: main: increase the user policy id range to 0 - 18446744073709551614

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:user_policy_id to master

Squashed commit of the following:

commit c80819df62302afaf9035df83bfec62f4d1a14eb
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri May 19 14:43:53 2023 -0400

main: increase the user policy id range to 0 - 18446744073709551614

Pull request #3916: detection: service_mapping config

Merge in SNORT/snort3 from ~MDAGON/snort3:service_map to master

Squashed commit of the following:

commit 5188c7c6ead8b7dae5b512167470ffe949fbfd74
Author: maya dagon <mdagon@cisco.com>
Date:   Thu Jul 20 11:08:55 2023 -0400

    ips_options: remove FIXIT comment from SD_Pattern

commit a08b568ab39443470dba17ae278cbf94fe43b238
Author: maya dagon <mdagon@cisco.com>
Date:   Fri Jul 7 14:05:01 2023 -0400

    detection: service_extension config

Pull request #3922: flow: fix ha_test use of stack variable

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:ha_test to master

Squashed commit of the following:

commit 9a39e03d6bb96f5fbd6035f58d2228ab33e75900
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Jul 20 08:12:50 2023 -0400

flow: fix ha_test use of stack variable

Pull request #3920: (master forward-port): perf_mon: continue even when pegcounts can't be resolved

Merge in SNORT/snort3 from ~MMATIRKO/snort3:peg_warn_master to master

Squashed commit of the following:

commit b0ae8a092363cd6f1b21eb2df5e6406955700b2a
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date:   Fri May 26 19:28:55 2023 +0000

    perf_mon: continue even when pegcounts can't be resolved

    Merge in FIREPOWER/snort3 from ~MMATIRKO/snort3:peg_warning to release/7.0.6

    * commit 'adc617b60633098a34abdce6fa7c56b0e9019aa4':
      build: fix issues with local build
      perf_mon: continue even when pegcounts can't be resolved

Pull request #3882: appid: Do not raise SMTP response overflow IPS alert on SSL traffic

Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtp_ssl_ips to master

Squashed commit of the following:

commit 355163900881bd437c95f0b3524b79ecb39ebac4
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Jun 16 09:21:44 2023 -0400

appid: Do not raise SMTP response overflow IPS alert on SSL traffic

Pull request #3910: ssl: parse and publish server common name from server certificate

Merge in SNORT/snort3 from ~SVLASIUK/snort3:ssl_server_common_name to master

Squashed commit of the following:

commit f314e115effcbb33b323324fd90b72a1ddca71b4
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Jul 11 17:11:46 2023 +0300

ssl: parse and publish server common name from server certificate

Pull request #3913: Fix descriptor polling for non-Linux kernels

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:cntrl_shell_detach to master

Squashed commit of the following:

commit a52fea2e2f3a957ae0e052b968343c36cdefdc29
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Jul 12 15:27:09 2023 +0300

    control: follow code style and formatting

commit 509e22428a6863396128b7cab018a9901fd378d8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Jul 12 15:22:14 2023 +0300

    control: fix descriptor polling implementation (POSIX)

Pull request #3917: build: generate and tag 3.1.66.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.66.0 to master

Squashed commit of the following:

commit 554747573d62ecf073381b0b2843cf4bf0e8ea84
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Fri Jul 14 16:01:05 2023 -0400

build: generate and tag 3.1.66.0