git.ipfire.org Git - thirdparty/snort3.git/log

Pull request #3744: appid: First packet detector creation support

Merge in SNORT/snort3 from ~OSTEPANO/snort3:first_packet_detector_builder to master

Squashed commit of the following:

commit 331b2b15dcb8e7157bb2440bc57d32ebb1c01ce7
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Jan 20 13:05:28 2023 -0500

appid: First packet detector creation support in appid detector builder script

Pull request #3739: stream_tcp: fix passive pickups with missing packets

Merge in SNORT/snort3 from ~RUCOMBS/snort3:tcp_fix to master

Squashed commit of the following:

commit 0da36c1f5a12f6d3d74447fc1afc6409f46d83a9
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 18 10:25:07 2023 -0500

    stream_tcp: fix passive pickups with missing packets

    Thanks to nagmtuc and hedayat for reporting and helping debug the issue.

Pull request #3745: ssl: refactor client hello sni parsing

Merge in SNORT/snort3 from ~SVLASIUK/snort3:ch_sni_parser to master

Squashed commit of the following:

commit afe66704e8e0249f023fdd6952092227d1af3e64
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Tue Jan 17 13:25:56 2023 +0200

ssl: refactor ssl client hello parser to be used by appid/ssl inspectors

Pull request #3751: appid: use packet thread's odp context instead of inspector's context for packet processing

Merge in SNORT/snort3 from ~SATHIRKA/snort3:reload_fixes to master

Squashed commit of the following:

commit fb0d3790437f4b3974552ca94aa68b186b282fd2
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Jan 20 10:24:30 2023 -0500

appid: use packet thread's odp context instead of inspector's context for packet processing

Pull request #3746: wizard: ensure Wizard is refcounted by MagicSplitter to prevent snort crashes due to memory corruption

Merge in SNORT/snort3 from ~JALIIMRA/snort3:umbrella_splitter_crash to master

Squashed commit of the following:

commit 76e78a72a86f276e1aaac1fa21d2d24d19029351
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Jan 23 14:18:11 2023 -0500

wizard: ensure Wizard is refcounted by MagicSplitter to prevent snort crashes due to memory corruption

Pull request #3748: main: Avoid race conditions when accessing id to tid map

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:fix_race_tid to master

Squashed commit of the following:

commit 0cf251b8ff63df57a9bae11d31ef16b7c3bad3e0
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Tue Jan 24 04:08:15 2023 -0500

main: Avoid race conditions when accessing id to tid map

Pull request #3750: build: generate and tag 3.1.54.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.54.0 to master

Squashed commit of the following:

commit 7f4326c7c2ba2cdbaa1494f5df4405dec8fb439d
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Jan 26 13:49:35 2023 -0500

build: generate and tag 3.1.54.0

Pull request #3749: build: generate and tag 3.1.53.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.53.0 to master

Squashed commit of the following:

commit cd3d7e926d0e257f69663229a6316f36c7956ff4
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Jan 25 11:37:17 2023 -0500

build: generate and tag 3.1.53.0

Pull request #3747: flow: add stream interface to get parent flow from child flow

Merge in SNORT/snort3 from ~ABHPAL/snort3:h3 to master

Squashed commit of the following:

commit 2ae655a6a07a27f45b6b6ecb23665c0dc40eabb5
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Mon Jan 23 18:08:36 2023 +0530

flow: add stream interface to get parent flow from child flow

Pull request #3738: memory: fix unit test build w/o reg test

Merge in SNORT/snort3 from ~RUCOMBS/snort3:mem_test to master

Squashed commit of the following:

commit 7d7cf735582105210f4d51918b0f83dfadec99cf
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Jan 19 00:04:03 2023 -0500

memory: fix unit test build w/o reg test

Pull request #3741: appid: publish tls host set in eve process event handler only when appid discovery is complete

Merge in SNORT/snort3 from ~SATHIRKA/snort3:quic_tls_host to master

Squashed commit of the following:

commit 47919a2706736d804c76dc493c61441d027e6824
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Jan 18 10:33:31 2023 -0500

appid: publish tls host set in eve process event handler only when appid discovery is complete

Pull request #3697: memory: Added memusage pegs

Merge in SNORT/snort3 from ~AKAYAMBU/snort3:memusage to master

Squashed commit of the following:

commit 3a41f9cd67876831ce9c501f9fed17675f2e4718
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date: Fri Dec 9 06:56:16 2022 -0500

memory: Added memusage pegs

Pull request #3726: file_api: Handling filedata in multithreading context

Merge in SNORT/snort3 from ~PRERAMA2/snort3:file_data_handling to master

Squashed commit of the following:

commit 7727011a1e1005b8b94365be3d7a6960adf672e8
Author: Preethi Ramachandra <prerama2@cisco.com>
Date: Mon Dec 19 10:30:56 2022 +0530

file_api: Handling filedata in multithreading context

Pull request #3731: fp_create: add showing the search algorithm name

Merge in SNORT/snort3 from ~YCHALOV/snort3:hyperscan to master

Squashed commit of the following:

commit 67b1c5d4412a2cedea75b8396843fc8555a8e59e
Author: Yurii Chalov <ychalov@cisco.com>
Date: Wed Jan 11 20:28:44 2023 +0100

detection: show search algorithm configured

Pull request #3737: build: generate and tag 3.1.52.0

Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.52.0 to master

Squashed commit of the following:

commit 5485284744482ab0ba403836875732fedf1dbfc1
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 18 06:11:25 2023 -0500

build: generate and tag 3.1.52.0

Pull request #3733: Memory Updates

Merge in SNORT/snort3 from ~RUCOMBS/snort3:memory_init to master

Squashed commit of the following:

commit e5194f6de9eb80ce8f47ad114ed13edd440690f1
Author: Russ Combs <rucombs@cisco.com>
Date:   Sun Jan 15 07:10:01 2023 -0500

    memory: add regression test hooks

commit fda0e1eb1a540ee8ad2a2256955d7ded488b5f8d
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Jan 13 18:13:01 2023 -0500

    memory: add final epoch to capture stats

    Also rename bookend methods for clarity.

commit d036355f926eacbde336039bd8eb9c023d836e00
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri Jan 13 08:29:45 2023 -0500

    memory: fix init sequence

    Thanks to amishmm and Xiche for reporting and debugging the problem.

Pull request #3725: rna: reset host_tracker type when its visibility changes

Merge in SNORT/snort3 from ~MKORNAS/snort3:fix_host_type_events to master

Squashed commit of the following:

commit fcfe6e0c73fe2e542f1f09c68b08c2f2e72d4d07
Author: Mikolaj Kornas <mkornas@cisco.com>
Date: Tue Jan 10 06:09:33 2023 -0500

rna: reset host_tracker type when visibility changes

Pull request #3720: src: fix config parsing issues seen on 32bit systems

Merge in SNORT/snort3 from ~ASERBENI/snort3:32bit_issue to master

Squashed commit of the following:

commit 8137a4fca03573398a89f011ce3e66743b9c4154
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Jan 4 17:15:04 2023 +0200

    src: address numbers parsing related concerns

commit 99895d8af9eb73b5646d54dc063322b910e467ea
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Jan 4 15:35:20 2023 +0200

    framework: add strtoul methods to Value class

commit 8e431851bc5416cb845684108d5a3c0a2407ecc3
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Wed Dec 21 16:48:01 2022 +0200

    framework: change range check types to int64_t

    long may not be enough on 32bit platforms, where it's only 4 bytes long. issue initially found with seq ips option, where a valid value of 3,927,875,496 would be perceived as erroneous because it would not fit in 4 byte signed long (max value is 2,147,483,647)

commit 59fec3d494cc8560754123688c4d9de7e216bbee
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Tue Dec 20 14:38:30 2022 -0500

    dce_rpc: add errno resets during uuid parsing

Pull request #3711: netflow: grab the proto off of the netflow record - not the wire packet

Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_proto to master

Squashed commit of the following:

commit bffc80a39a33507892dae4a2575544323a7003a7
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Dec 19 15:12:07 2022 -0500

netflow: grab the proto off of the netflow record - not the wire packet

Pull request #3730: main: Fix missing include file that caused build error on some platforms.

Merge in SNORT/snort3 from ~STECHEW/snort3:platforms_build_fix to master

Squashed commit of the following:

commit 9b90590454bbfd43f804baa91deade79c86dd9d8
Author: Steve Chew <stechew@cisco.com>
Date: Thu Jan 12 15:19:38 2023 -0500

main: Fix missing include file that caused build error on some platforms.

Pull request #3721: dcerpc: handling dcerpc over smbv2

Merge in SNORT/snort3 from ~VKAMBALA/snort3:psirt_74 to master

Squashed commit of the following:

commit 460a3b2d63914b1422bf3e7d9452facb6c9dd0c6
Author: krishnakanth <vkambala@cisco.com>
Date: Tue Jan 10 14:55:52 2023 +0530

dcerpc: handling dcerpc over smbv2

Pull request #3714: Event driven fw

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:event_driven_fw to master

Squashed commit of the following:

commit 8c782e76e24166ec8f7fec99f7a532816c238fb3
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Jan 6 15:28:48 2023 -0500

    stream: fix iss and irs and mid-stream sent post processing

commit e4b5df660ddb2422335e26b9aa8b4dd99574c8ad
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 13 19:19:05 2022 -0500

    stream: refactor tcp state machine to handle mid-stream flow and more established cases

commit 239472e8bf5924932871e9443581ef12eb23f471
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Dec 13 19:17:49 2022 -0500

    flow: update flow creation to exclude non-syn packets with no payload

Pull request #3728: build: generate and tag 3.1.51.0

Merge in SNORT/snort3 from ~PRBG/snort3:rel_build_3.1.51.0 to master

Squashed commit of the following:

commit 91cec43b99689a40963a1edbfd64f266851923f9
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Jan 11 19:50:28 2023 -0500

build: generate and tag 3.1.51.0

Pull request #3718: lua: add Adobe JavaScript related identifiers to snort_defaults

Merge in SNORT/snort3 from ~VHORBATO/snort3:acrobat_js_ids to master

Squashed commit of the following:

commit afeded685032c8baf29ffad53c07a6b9056d1200
Author: vhorbato <vhorbato@cisco.com>
Date: Fri Jan 6 12:03:42 2023 +0200

lua: add Adobe JavaScript related identifiers to snort_defaults

Pull request #3722: Add benchmark tests for PDF parser.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:jsn_pdf_bench to master

Squashed commit of the following:

commit 53ece926c098ed146e9e8e284c506767dabf2c64
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Dec 22 16:02:17 2022 +0200

    js_norm: delete unused method

commit f0c0270b07fa72676a91382cea44ea69baaf5d17
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Dec 21 10:49:36 2022 +0200

    js_norm: tune PDF parser performance

    Decrease data chunk size.

commit 97a247bc3236a27a8a91c9b6067214c5fb9333c3
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Dec 15 15:03:01 2022 +0200

    js_norm: add benchmark tests for PDF parser

Pull request #3683: Cip appid support on snort3

Merge in SNORT/snort3 from ~SUBALU/snort3:Cip_Appid to master

Squashed commit of the following:

commit 4de25c9be46823b572bc9a40365966eb587ad4a4
Author: suriya <subalu@cisco.com>
Date: Mon Dec 19 17:51:22 2022 +0530

appid: add support for cip service, client and payload detection

Pull request #3713: js_norm: decode UTF-16BE to UTF-8 for JS in PDF

Merge in SNORT/snort3 from ~OSERHIIE/snort3:jsn_pdf_utf16 to master

Squashed commit of the following:

commit 0687ef21316f44f413bdfe8287d8893ce5138e3c
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Thu Dec 15 15:41:25 2022 +0100

    js_norm: decode UTF-16BE to UTF-8 for JS in PDF

        * js_norm: support UTF-16BE in text strings, hexadecimal strings and streams
        * js_norm: add unit test coverage
        * lua: fixup in snort_defaults.lua

Pull request #3664: memory: use the process total instead of per thread totals to enforce cap

Merge in SNORT/snort3 from ~RUCOMBS/snort3:process_memory to master

Squashed commit of the following:

commit 3d3da0fd75a73eb43fd4aa6b7e8e252b9c6ea1ee
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 4 08:31:40 2023 -0500

    memory: rename manager to overloads to better indicate purpose

commit e343738e2b178002b7e8f63f60cdbe7c512499db
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 4 06:37:34 2023 -0500

    memory: update developer notes

commit 7f374a318e87662c1d7766ffd237d65eb605f60f
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Dec 28 09:01:20 2022 -0500

    memory: update stats regardless of state; add unit tests

commit 71822045d1ed62da660573d2c82a5566ba42967d
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Dec 27 09:33:34 2022 -0500

    memory: delete unnecessary includes

commit cc19d105f6b08a7071978de0681fdf840413967e
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Dec 22 16:02:14 2022 -0500

    memory: refactor jemalloc code and add relevant pegs

commit 7e30c6081c4fb0cac8c55658b50d5abfd14bc977
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Nov 23 13:51:30 2022 -0500

    build: exclude unused memory related sources

commit fc74bce73bd0db2b4fd67872615fd3f0dbf0a916
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Nov 23 12:21:38 2022 -0500

    build: error out if both jemalloc and tcmalloc are configured

commit 0663095ec3344f97cb80a9291bda6ed675edd469
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Nov 23 12:18:18 2022 -0500

    memory: incorporate overloads into profiler

commit 7824486ad5799116da4c825d991fc3d9d8e2738f
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Nov 10 14:03:23 2022 -0500

    memory: use the process total instead of per thread totals to enforce cap

    Since Snort doesn't always free memory in the thread that allocated it,
    switch to a process cap enforcement strategy when using jemalloc. To get
    updated stats.allocated it is necessary to bump the epoch, which can be
    expensive, so it is done by the main thread once per interval ms. If
    over limit, each packet thread will prune one flow per packet until the
    prune_target is reached.

Pull request #3715: appid: use packet thread's odp context for future flow creation

Merge in SNORT/snort3 from ~SATHIRKA/snort3:future_flow_odpctxt to master

Squashed commit of the following:

commit e11067b4a8b84060118b0378d65d0ed53c2e35b4
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Dec 19 11:10:07 2022 -0500

appid: use packet thread's odp context for future flow creation

Pull request #3716: main: fix const issues causing compile warnings

Merge in SNORT/snort3 from XTLS/snort3:fix_const to master

Squashed commit of the following:

commit ea95013da782eb675ac52aa6b022aeaa207bc29f
Author: Brian Morris <bmorris2@cisco.com>
Date: Thu Dec 22 20:02:07 2022 +0000

main: fix const issues causing compile warnings

Pull request #3705: watchdog: Add thread id as well for better identification of unresponsive threads

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:watchdog_tid to master

Squashed commit of the following:

commit c21969d8a3bd28db271f2ee069cec9e1a795c25b
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Fri Dec 16 03:08:01 2022 -0500

watchdog: Print thread id as well for better identification of unresponsive threads

Pull request #3706: lua: fix typo in Sensitive Data classifications name

Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_class_typo to master

Squashed commit of the following:

commit 6b94b248d84c41cf1d22cf80683d6c262d126bc5
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Dec 16 15:20:35 2022 +0200

lua: fix typo in Sensitive Data classifications name

Pull request #3703: appid: do not create snmp future flow for udp reversed traffic

Merge in SNORT/snort3 from ~SATHIRKA/snort3:snmp_ff to master

Squashed commit of the following:

commit cd4c269b5e8dc1f86f982509f373ce1ffe3beb4f
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue Dec 13 10:01:31 2022 -0500

appid: do not create snmp future flow for udp reversed session

Pull request #3712: build: generate and tag 3.1.50.0

Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.50.0 to master

Squashed commit of the following:

commit c594bb9d814155ee190501120763279f14825f4f
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Dec 19 15:20:23 2022 -0500

build: generate and tag 3.1.50.0

Pull request #3709: smtp: decline fast-pattern buffer request when flow data is not present

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_flow_data_check to master

Squashed commit of the following:

commit fb6ba7116e92a58b804f9fa752abb9a6afa97e81
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Dec 19 14:26:47 2022 +0200

smtp: decline fast-pattern buffer request when flow data is not present

Pull request #3689: Pub ID

Merge in SNORT/snort3 from ~RUCOMBS/snort3:pub_id to master

Squashed commit of the following:

commit 72426605b4c754c0690325e67335d89feec3c78b
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Dec 12 19:57:46 2022 -0500

    pub_sub: refactor includes

commit 8f875bb0e45eba5399e4b749025db394daa0fa30
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:57:28 2022 -0500

    log_hext: convert to use PubKey

commit 05b2273c2db182b1774d64f46f8e6f10829353f0
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:57:11 2022 -0500

    file_api: convert to use PubKeys

commit 55e2cc8568f9f442b4ece4cf2e63e7ef955c68fb
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:56:41 2022 -0500

    service_inspectors: convert to use Pubkeys

commit b8647d99b13b7bb4a199761f99b7fbbd1ce3648e
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:56:22 2022 -0500

    network_inspectors: convert to use Pubkeys

commit 8a5650828de654a6d42c93d3683ffb15dffef87e
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:55:01 2022 -0500

    http_inspect, http2_inspect: convert to use PubKeys

commit 48f7e79bcab8b7d02a554d38de91e8174e990cd6
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:53:22 2022 -0500

    appid: convert to use PubKeys

commit e2fa0a001c6cf9332f48e75c2e68a91e6e8a487c
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:50:29 2022 -0500

    stream: publish events using PubKey

commit d5984eba1201a7c36a20f1398a7c18f610ef86a2
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:49:58 2022 -0500

    framework: publish intrinsic events using PubKey

commit 2ee586558b895b47eb4378b948bb477ea6620d5f
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:48:46 2022 -0500

    flow: publish events using PubKeys

commit 9f79c1a019eba488573c463263806efa0dc70f6b
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:46:59 2022 -0500

    pub_sub: convert from string keys to PubKeys

commit 736d237a71d611e0b7a4f06832e598835bc31b4c
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Dec 10 16:43:58 2022 -0500

    data_bus: require key registration for improved publish performance

Pull request #3691: Fc36

Merge in SNORT/snort3 from ~RUCOMBS/snort3:fc36 to master

Squashed commit of the following:

commit 4f9390f1b2414fb2592055501e47707d7b0bdbf3
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Dec 15 13:53:50 2022 -0500

    pop, imap: gracefully decline buffer requests when flow data is not present

commit 65518cead263c7b8990417fd2acb4ea50577c8a3
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Nov 29 23:22:44 2022 -0500

    alert_fast: fix initialization of http_inspect cheat codes

commit 11496a4b6bb98ee69db9fd6cd5f2c084748242f4
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Nov 29 09:01:20 2022 -0500

    host_cache: simplify dump_file with std::string

commit 6a8994a35402695fe73c7c4a948903d3a94c5d06
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Nov 29 08:58:18 2022 -0500

    host_cache: fix initialization from Lua

commit c009d930c5ddb5d00928dd11fa4cdd33d1aeea04
Author: Russ Combs <rucombs@cisco.com>
Date:   Mon Nov 28 16:09:54 2022 -0500

    config: ensure table state is reset when starting a new shell

commit c3ec2dcb0c3ea36ec22ef9ea6e6159a9cc19d45c
Author: Russ Combs <rucombs@cisco.com>
Date:   Sat Nov 26 14:57:19 2022 -0500

    talos: fix tweaks for the daq module

Pull request #3704: build: generate and tag 3.1.49.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.49.0 to master

Squashed commit of the following:

commit 98957f0761a73601e6a11f626b8ff975e93c6f7a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Dec 15 16:54:01 2022 -0500

build: generate and tag 3.1.49.0

Pull request #3702: stream: ignore PAWS timestamp checks when in no_ack mode

Merge in SNORT/snort3 from ~JALIIMRA/snort3:paws_ts_check to master

Squashed commit of the following:

commit f7307eba55b333bd74d32b466d686176a6edf5f3
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Wed Dec 7 10:26:07 2022 -0500

stream: ignore PAWS timestamp checks when in no_ack mode

Pull request #3696: ips_options: fix offset related bug in byte_test eval()

Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_byte_test to master

Squashed commit of the following:

commit 1ef48b5e9e068f1b67c187635f31fd4f63676379
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date:   Wed Dec 7 17:04:36 2022 +0200

    ips_options: fix offset related bug in byte_test eval()

    * moved truncation of string from ips_byte_test eval() to extract data_extraction(),
      so all byte_ options have the same logic;
    * added unit tests to verify proper work with negative offset
      on the last byte of buffer;
    * added unit tests for all byte_ options to check situation when bytes_to_extract bigger
      then amount of bytes left in the buffer;
    * updated documentation and help option with info about string truncation;

Pull request #3701: doc: add decompression mention to js_norm reference

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_pdf_stream to master

Squashed commit of the following:

commit f87c4484534feaca0495aef61aa35564ed1a1f53
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Dec 12 08:54:23 2022 +0200

doc: add decompression mention to js_norm reference

Pull request #3698: js_norm: add PDF stream processing

Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_pdf_stream to master

Squashed commit of the following:

commit e4712275b6662de60d9dca67031bf693cfcf896c
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Dec 5 17:31:18 2022 +0200

js_norm: add PDF stream processing

Pull request #3699: doc: update user/js_norm.txt for PDF in email protocols

Merge in SNORT/snort3 from ~OSERHIIE/snort3:doc_jsn_others to master

Squashed commit of the following:

commit ffcf5576295b519ce8c3feb8d35606a42de9aac2
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Dec 8 12:33:48 2022 +0100

doc: update user/js_norm.txt for PDF in email protocols

Pull request #3700: js_norm: add support for email protocols

Merge in SNORT/snort3 from ~OSERHIIE/snort3:jsn_others to master

Squashed commit of the following:

commit ca987f6324421b17f3fd2d0bdd39c6a65e4cda8c
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Dec 2 16:11:01 2022 +0200

    js_norm: add support for email protocols

        * js_norm: move JS PDF normalizer to a common directory
        * js_norm: turn API classes to SO PUBLIC
        * http_inspect: update js_pdf_scripts peg description
        * imap: add JSN for PDF attachments
        * pop: add JSN for PDF attachments
        * smtp: add JSN for PDF attachments
        * update dev_notes

Pull request #3692: appid: fixed assert condition for odp_ctxt and odp_thread_local_ctxt

Merge in SNORT/snort3 from ~BSACHDEV/snort3:luafix to master

Squashed commit of the following:

commit 3f1bad59caaea21559a1189d92263fd90da06a9e
Author: bsachdev <bsachdev@cisco.com>
Date: Fri Dec 2 11:43:52 2022 -0500

appid: fixed assert condition for odp_ctxt and odp_thread_local_ctxt

Pull request #3687: appid: appid_detector_builder.sh addPortPatternService call fixed

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_detector_builder_fix to master

Squashed commit of the following:

commit 176b01a35d7947d4d33819333078a275697a9e21
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Dec 1 07:57:37 2022 -0500

appid: appid_detector_builder.sh addPortPatternService call fixed

Pull request #3677: appid: Do not reset session data when built-in discovery is not done

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_ftp_detection_over_navl to master

Squashed commit of the following:

commit 63cc4b95e86420c3cdec20719286bd10f069fe01
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Nov 30 06:28:54 2022 -0500

appid: Do not reset session data when built-in discovery is not done

Pull request #3693: js_norm: update PDF tokenizer to use glue input streambuf

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_pdf_fixup to master

Squashed commit of the following:

commit a1ea7641078ab9622838882605cfd2ffbf012e84
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Dec 5 15:08:20 2022 +0100

    js_norm: fix pdf_tokenizer_test on FreeBSD platform

commit af4be627c44f45dcae8fc24fe085ff4c03d972bf
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Dec 5 15:05:54 2022 +0100

    js_norm: update PDF tokenizer to use glue input streambuf

        * js_norm: update PDF tokenizer EOF rule to cover all starting conditions
        * http_inspect: update PDF JSNorm to use istreambuf_glue

Pull request #3685: geneve: If daq has the capability, do not bypass geneve tunnel

Merge in SNORT/snort3 from ~RAMANKS/snort3:geneve to master

Squashed commit of the following:

commit 169354f17567c641331058dfde01b03934790486
Author: Raman Krishnan <ramanks@cisco.com>
Date: Tue Nov 29 16:07:44 2022 -0800

geneve: If daq has the capability, do not bypass geneve tunnel

Pull request #3684: wizard: remove client_first option

Merge in SNORT/snort3 from ~ANOROKH/snort3:wiz_opt_rm to master

Squashed commit of the following:

commit 5e9be384bc45d5bc6f3147d2450d6cf2b27bde54
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date:   Mon Nov 28 17:20:59 2022 +0200

    wizard: remove client_first option

    * removed client_first from documentation

Pull request #3688: build: generate and tag 3.1.48.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.48.0 to master

Squashed commit of the following:

commit 05c2278739aabab6a68040bfd928a86f2b60ce74
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Dec 1 11:59:03 2022 -0500

build: generate and tag 3.1.48.0

Pull request #3658: Established event

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:established_event to master

Squashed commit of the following:

commit 38c51afab570fba0dff01bfe8f334b04632b74a1
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Oct 13 10:52:10 2022 -0400

flow, stream: added code to track and event for one-sided TCP sessions and generate an event for established or one-sided flows

Pull request #3668: process: Watchdog to abort snort when multiple packet thread becomes unresponsive

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:snortWatchdogEnhancement to master

Squashed commit of the following:

commit 242c3a800c4c72a72c81db304e03e1254ac53eaf
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Wed Nov 16 06:39:52 2022 -0500

process: Watchdog to abort snort when multiple packet thread becomes unresponsive

Pull request #3679: http_inspect: add decompression failure check before normalization

Merge in SNORT/snort3 from ~ASERBENI/snort3:jsn_decomp to master

Squashed commit of the following:

commit 0afc327eebcf120f34fc67e336fc2ffee73afaaf
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Nov 23 12:44:07 2022 +0200

http_inspect: add decompression failure check before normalization

Pull request #3678: appid: Fixed addition of duplicate entries in app_info_table

Merge in SNORT/snort3 from ~BSACHDEV/snort3:apptablefix to master

Squashed commit of the following:

commit 51e60c3e20024038a9c24366aca543730f21293b
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Nov 23 12:40:45 2022 -0500

appid: Fixed addition of duplicate entries in app_info_table

Pull request #3660: stream: add logic to ensure metaACKs cause flushing

Merge in SNORT/snort3 from ~JALIIMRA/snort3:meta_ack_flush to master

Squashed commit of the following:

commit e108a08265012b8341d1baf06bab2d6f6da3c8a0
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Mon Nov 7 16:34:38 2022 -0500

stream: add logic to ensure metaACKs cause flushing

Pull request #3680: doc: update JavaScript normalization user manual for PDF

Merge in SNORT/snort3 from ~OSERHIIE/snort3:doc_js_pdf to master

Squashed commit of the following:

commit bdd3301378adad84600c19ef14af5b8d651cac97
Author: dkyrylov <dkyrylov@cisco.com>
Date: Thu Nov 24 16:00:52 2022 +0200

doc: update user/js_norm.txt for PDF

Pull request #3681: js_norm: implement Enhanced JS Normalization for PDF

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_pdf to master

Squashed commit of the following:

commit 343d3c517880d059532dfc803feae254ef491cd7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Nov 8 17:53:51 2022 +0200

    js_norm: implement Enhanced JS Normalization for PDF

        * js_norm: implement JS extractor from PDF
        * js_norm: add unit tests for JS extractor from PDF
        * js_norm: update dev_notes
        * http_inspect: implement JS from PDF normalizer
        * http_inspect: update dev_notes

Pull request #3682: smb: handling smb duplicate sessions

Merge in SNORT/snort3 from ~BJANDHYA/snort3:pcap_test to master

Squashed commit of the following:

commit 6009316bdbe079c62494b1bcf8a8b9f72e3df393
Author: Bhargava Jandhyala <bjandhya@cisco.com>
Date: Thu Sep 1 02:24:57 2022 -0400

smb: handling smb duplicate sessions

Pull request #3672: appid: Make appid availability independent from TP state

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_availability_without_navl to master

Squashed commit of the following:

commit 4649cdf312728e5d7b60648b9f154da43a268adf
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Nov 17 08:09:36 2022 -0500

appid: Make appid availability independent from TP state

Pull request #3661: flow: add an event for retry packets

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:retry_event to master

Squashed commit of the following:

commit db8fdde4cdffb84cae3af426ed19c6b371eff14f
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Oct 25 17:09:44 2022 -0400

flow: add an event for retry packets

Pull request #3673: IPS options: mismatched option keeps cursor intact

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_negation_handling to master

Squashed commit of the following:

commit 5c65144c0dc2126e58aecd2148ac2c09d3645bbd
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Nov 17 18:52:18 2022 +0200

    ips_option: keep cursor intact for a negated hash mismatched

commit 02eb93f9bfea0bf4d657de2aa3b94a714f4cdc52
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Thu Nov 17 17:12:37 2022 +0200

    ips_option: keep cursor intact for a negated content mismatched

Pull request #3674: js_norm: add CMake command for noreturn attribute in LexerError

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_module_fix to master

Squashed commit of the following:

commit c7331f2da7b88e955bdbf06cc635e6007524a89f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Thu Nov 17 12:51:20 2022 +0100

    js_norm: use FLEX macro to build parser

commit a5b99c366582d785951e9dfa130d65d7eefc7fc4
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Nov 21 15:03:27 2022 +0100

    cmake: add FLEX build macro

Pull request #3676: doc: update sensitive data documentation

Merge in SNORT/snort3 from ~ASERBENI/snort3:doc_sensitive_data to master

Squashed commit of the following:

commit 7315c77a527fc4d3e16b1590953ca67bfe8f934b
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Fri Nov 18 17:39:39 2022 +0200

    doc: update sensitive data documentation

    Added more examples for built-in patterns obfuscation, threshold being per packet.
    Updated statement about needing hyperscan.

Pull request #3669: snort: fix deferred trust trigger

Merge in SNORT/snort3 from XTLS/snort3:osiryi_retry_whitelist_fix to master

Squashed commit of the following:

commit 8c454ad2416715be673406a15927fce7ad8048d0
Author: Oleksandr Siryi <osiryi@cisco.com>
Date:   Wed Nov 16 12:56:51 2022 +0200

    flow: fix deferred trust clear when packet is dropped

    Should only clear due to ACT_BLOCK and not ACT_DROP, so check session_was_blocked instead of packet_was_dropped

Pull request #3654: http_inspect: remove port from xff header

Merge in SNORT/snort3 from ~ABHRAWAT/snort3:xff_port to master

Squashed commit of the following:

commit 303ea6d9c86555861cb1e7af7fe771b7b5168293
Author: abhrawat <abhrawat@cisco.com>
Date: Sun Nov 6 14:32:13 2022 +0000

http_inspect: remove port from xff header

Pull request #3663: appid: Added config for logging alpn service mappings

Merge in SNORT/snort3 from ~BSACHDEV/snort3:alpn_service to master

Squashed commit of the following:

commit 707eb376b25536ef398532d0466aa0c9ade171af
Author: bsachdev <bsachdev@cisco.com>
Date: Thu Nov 10 10:40:12 2022 -0500

appid: Added config for logging alpn service mappings

Pull request #3659: flow: added an event to allow post processing of new expected flows

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:expected_flows to master

Squashed commit of the following:

commit 0e0addce6885fcd71a01c1a81e632542ac4ac128
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Oct 13 10:50:22 2022 -0400

flow: added an event to allow post processing of new expected flows

Pull request #3670: build: generate and tag 3.1.47.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.47.0 to master

Squashed commit of the following:

commit fe159caeea79e73e48063207c5b0a8cf70594ee2
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Nov 16 21:49:48 2022 -0500

build: generate and tag 3.1.47.0

Pull request #3620: Move Enhanced JS Normalizer from NHI to a standalone component

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_module to master

Squashed commit of the following:

commit 2678dac41df3f2862e165ccce92ab70598dad0ff
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 10 13:20:11 2022 +0300

    http_inspect: move Enhanced JS Normalizer from NHI to a standalone component

        * http_inspect: remove Enhanced JavaScript Normalizer from NHI
        * utils: move JavaScript Normalizer to js_norm component, including unit tests
        * js_norm: implement standalone Enhanced JavaScript Normalizer
        * ips_options: implement js_data IPS option
        * lua: remove default_http_inspect, add default_js_norm

Pull request #3621: Doc updates: move Enhanced JS Normalizer from NHI to a standalone component

Merge in SNORT/snort3 from ~OSERHIIE/snort3:doc_js_module to master

Squashed commit of the following:

commit da8da5ac9b34f6917ade0e7d2036119c90fe10c3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Tue Aug 30 12:53:32 2022 +0200

    doc: add JavaScript Normalization section to user manual

commit 9b3f22bc70d9dc2e35cf2521dad22dd504b5cac0
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Tue Aug 30 11:26:31 2022 +0200

    doc: add js_norm alerts to builtin_stubs.txt

Pull request #3667: smtp: Do not accumulate cmds across policies and reloads.

Merge in SNORT/snort3 from ~STECHEW/snort3:slow_reload_fix to master

Squashed commit of the following:

commit 12055a3409f2373424b8e1c0cd418f654e27bc4d
Author: Steve Chew <stechew@cisco.com>
Date: Tue Nov 15 13:29:18 2022 -0500

smtp: Do not accumulate cmds across policies and reloads. Avoids memory and performance problem.

Pull request #3666: stream: add info about the splitter lifetime to dev_notes

Merge in SNORT/snort3 from ~VHORBATO/snort3:doc_stream_splitter to master

Squashed commit of the following:

commit 56b229c22e0dda99808e23939928a1ab88366226
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Nov 15 10:51:22 2022 +0200

stream: add info about the splitter lifetime to dev_notes

Pull request #3656: stream: avoid double deletion of StreamSplitter in tcp_session

Merge in SNORT/snort3 from ~VHORBATO/snort3:stream_bug to master

Squashed commit of the following:

commit 9d52b64858fff1873db2710897e0a8e5032956d1
Author: Vitalii <vhorbato@cisco.com>
Date:   Fri Nov 11 11:02:09 2022 +0200

    wizard: remove inspector's ref counter increments from MagicSplitter

commit c3ca8620aefd3a2800102d37241c88309f192924
Author: Vitalii <vhorbato@cisco.com>
Date:   Fri Nov 11 11:01:07 2022 +0200

    stream: remove splitter from session before inspectors

commit 44301b945ec9c77e11121e022b6cab941f7cbbd5
Author: Vitalii <vhorbato@cisco.com>
Date:   Fri Nov 4 11:59:06 2022 +0200

    stream: set splitter only on initialized tcp sessions or if midstream sessions are allowed

Pull request #3665: main: Update to improve performance by making packet tracer checks before calling function.

Merge in SNORT/snort3 from ~STECHEW/snort3:improve_packet_dump to master

Squashed commit of the following:

commit 02022fff536a86af52b7a28d7a66bc80899c8b4a
Author: Steve Chew <stechew@cisco.com>
Date: Mon Nov 14 10:23:06 2022 -0500

main: Update to improve performance by making packet tracer checks before calling function.

Pull request #3662: Master stream: ignore flushing from meta-ack if sent after FIN

Merge in SNORT/snort3 from ~JALIIMRA/snort3:master_ma_after_fin to master

Squashed commit of the following:

commit f6818718191ac312df3c8cdc6ab980374163c20d
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Thu Nov 10 10:20:42 2022 -0500

stream: ignore flushing from meta-ack if sent after FIN

Pull request #3657: netflow: implement deferred trust, cleanup

Merge in SNORT/snort3 from ~MMATIRKO/snort3:nf_trust to master

Squashed commit of the following:

commit 8d15aa644c9a00f98c627dfde8815c2d8c5677f1
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Oct 31 15:48:26 2022 -0400

netflow: implement deferred trust, cleanup

Pull request #3651: http_inspect: subdivide dev_notes

Merge in SNORT/snort3 from ~DMOISEIE/snort3:doc_dev_notes to master

Squashed commit of the following:

commit 04ccffe59f406025ad126ed2015e35be21c86c91
Author: Dmytro Moiseienko -X (dmoiseie - SOFTSERVE INC at Cisco) <dmoiseie@cisco.com>
Date: Tue Nov 1 16:24:25 2022 +0200

http_inspect: subdivide dev_notes into topics

Pull request #3646: main: Dump packet trace after publishing finalize event since verdict could be modified.

Merge in SNORT/snort3 from ~STECHEW/snort3:move_packet_trace_after_finalize to master

Squashed commit of the following:

commit 98bdf68786445cf2d0ba4993550196295a8957ff
Author: Steve Chew <stechew@cisco.com>
Date: Sun Oct 30 23:15:59 2022 -0400

main: Dump packet trace after publishing finalize event since verdict could be modified.

Pull request #3606: appid: service, client and payload detection by lua detectors and third-party when first packet re-inspection is enabled

Merge in SNORT/snort3 from ~UMASHARM/snort3:navl_fix to master

Squashed commit of the following:

commit 94a51e06a4c12f0732d200e9f26a97e485dfe60c
Author: Umang Sharma <umasharm@cisco.com>
Date: Wed Sep 28 08:34:11 2022 -0400

appid: service, client and payload detection by lua detectors and third-party when first packet re-inspection is enabled

Pull request #3653: appid: NTP detection improvements

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ntp_detection_fix to master

Squashed commit of the following:

commit 8830778cda84c976cbb27c5e146d6833eb6238ef
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Nov 4 05:43:33 2022 -0400

appid: NTP detection improvements

Pull request #3635: Allow ACT_TRUST to be used as a delayed action.

Merge in SNORT/snort3 from XTLS/snort3:osiryi_ddnd_no_tracker_main to master

Squashed commit of the following:

commit 5ddf1f2bb8d63d084752d34fc72d66ba1ec87e57
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:59:22 2022 -0400

    packet_io: The most strict delayed action takes precedence.

commit 9044167d9c016ee04b577adffdacad1689a47877
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:56:43 2022 -0400

    packet_io: Allow ACT_TRUST to be used as a delayed action.

Pull request #3652: appid: add a changed bit for discovery finished

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:appid_finished to master

Squashed commit of the following:

commit 9b441546e2dd71c296276dd2cdf7bd88945ab9a1
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Oct 31 18:24:28 2022 -0400

appid: add a changed bit for discovery finished

Pull request #3655: build: generate and tag 3.1.46.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.46.0 to master

Squashed commit of the following:

commit a52e843f4354300a9ca301a6f37b1bf4efec0a4d
Author: Steve Chew <stechew@cisco.com>
Date: Sun Nov 6 23:50:43 2022 -0500

build: generate and tag 3.1.46.0

Pull request #3636: appid: check for empty patterns in lua detector api input

Merge in SNORT/snort3 from ~SATHIRKA/snort3:input_pattern_validation to master

Squashed commit of the following:

commit 5694e52be7a3860125f88019ff089b890f7c8d0b
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Oct 24 11:49:09 2022 -0400

appid: check for empty patterns in lua detector api input

Pull request #3650: http_inspect: add override to destructor

Merge in SNORT/snort3 from ~THOPETER/snort3:issue_fix to master

Squashed commit of the following:

commit 24ab14e54f8071b8b81036c46d310329da32e329
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Nov 1 11:12:48 2022 -0400

http_inspect: add override to destructor

Pull request #3638: main: add dependencies versions table to lua sandbox

Merge in SNORT/snort3 from ~ASERBENI/snort3:lua_ext_dep_table to master

Squashed commit of the following:

commit f888a1732033745fbb977d5c9be844afd9b527a6
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Mon Oct 24 12:49:16 2022 +0300

    main: add variables to lua environment

    Added SNORT_DEP_VERSIONS table with snort devendencies versions.
    Added SNORT_BUILD variable with snort build number.

Pull request #3631: detection: add config option for SSE

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_config_upd to master

Squashed commit of the following:

commit d23f48662ab0de026d4d84a482d4d9641ccee981
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Fri Oct 7 13:17:03 2022 +0300

detection: add config option for SSE

Pull request #3647: ports: enable checks in debug build only

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_po_po2 to master

Squashed commit of the following:

commit 14b1e9922e153058837ad4eab1d0a80bccc5dd97
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 1 11:19:27 2022 +0200

ports: enable checks in debug build only

Pull request #3640: doc: Adds more details about handling rejection

Merge in SNORT/snort3 from ~LCZARNIK/snort3:doc_unreachable to master

Squashed commit of the following:

commit 65438651b394c150803993b910e6578c8602569e
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date: Thu Oct 27 13:26:58 2022 -0400

doc: specified which packages are sent on rejection

Pull request #3628: helpers: fix duplicate scratch_handler entry created by HyperScratchAllocator

Merge in SNORT/snort3 from ~BRASTULT/snort3:hyper_scratch_fix to master

Squashed commit of the following:

commit 00a3129e7c345dff322a8d0de6fa47499bf4f23c
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Oct 21 15:30:36 2022 -0400

    http_inspect: move LiteralSearch::setup for http_param to its module

commit 942fa0ca625efe7b62338cd3a927628390e3dcc6
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Oct 21 15:28:26 2022 -0400

    helpers: fix duplicate scratch_handler

Pull request #3643: ports: align fields of PortObject and PortObject2

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_port_object to master

Squashed commit of the following:

commit 44b3c6115e248071e3258e148b82fc99ce25eefb
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Oct 28 15:57:05 2022 +0300

    ports: align fields of PortObject and PortObject2

    A static check added.

Pull request #3641: doc: add information about handling multiple detection in SSE

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:doc_sse_mult_proc_upd to master

Squashed commit of the following:

commit 6e8e6fffd54702cad4487ea5b54f2715b0c85f48
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Thu Oct 27 16:46:20 2022 +0300

doc: add information about handling multiple detection in SSE

Pull request #3630: detection: ignore back up of vars on node with 1 child

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_ips_w_constr to master

Squashed commit of the following:

commit 1ea313ec8cc86bc2461e2132b09f4a863e112f40
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Tue Oct 25 14:56:18 2022 +0300

detection: skip a rule variable copy for a single-branched node

Pull request #3639: netflow: if LAST_SWITCHED isn't provided, use packet time

Merge in SNORT/snort3 from ~MMATIRKO/snort3:nf_timestamp to master

Squashed commit of the following:

commit d7d56537ca9c9318ff1aa22a6ee8e8d2ec2bc12e
Author: Michael Matirko <mmatirko@cisco.com>
Date: Thu Oct 27 10:44:26 2022 -0400

netflow: if LAST_SWITCHED isn't provided, use packet time

Pull request #3637: parser: improve port_object hash function

Merge in SNORT/snort3 from ~VHORBATO/snort3:rtn_hash_fix to master

Squashed commit of the following:

commit 2d4ffd9c1da97b19a40c41909133ef961686f317
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Oct 11 16:09:48 2022 +0300

parser: improve port_object hash function

Pull request #3625: appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete

Merge in SNORT/snort3 from ~SATHIRKA/snort3:url_rule_matching to master

Squashed commit of the following:

commit f77afe9166c78bd765d6dd04bb0cfe471726fe6a
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Mon Oct 10 14:26:09 2022 -0400

appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete

Pull request #3632: build: generate and tag 3.1.45.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.45.0 to master

Squashed commit of the following:

commit 350a7e00d57621b16594504adb8672c8b0740865
Author: Steve Chew <stechew@cisco.com>
Date: Tue Oct 25 10:59:04 2022 -0400

build: generate and tag 3.1.45.0

Pull request #3627: Fix for IPS context generation ID.

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_context_num to master

Squashed commit of the following:

commit 38089067c06c360c60bf48d2d142e993c50813bd
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Oct 21 18:06:08 2022 +0300

detection: check Pig run number in node state conditions

Pull request #3626: build: generate and tag 3.1.44.0

Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.44.0 to master

Squashed commit of the following:

commit cc0cda03fe812924cc365ea30aff312e945cb367
Author: Steve Chew <stechew@cisco.com>
Date: Thu Oct 20 09:11:36 2022 -0400

build: generate and tag 3.1.44.0