]>
git.ipfire.org Git - thirdparty/snort3.git/log
Pull request #3509: JS_Norm: distinct arrow functions handling
Merge in SNORT/snort3 from ~ASERBENI/snort3:arrow_scope to master
Squashed commit of the following:
commit
fa93f3dd0ff971447de8b2d85876b514a33dee85
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Mon Jul 11 15:31:19 2022 +0300
utils: fix arrow functions parsing
Pull request #3495: Fix clearing peg counters on sum_stats
Merge in SNORT/snort3 from ~VHORBATO/snort3:peg_count_sum to master
Squashed commit of the following:
commit
897cb567559ca5739e307e6531a411d68c6b831d
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Jul 1 16:54:30 2022 +0300
normalizer: make normalizer and tcp_normalizer peg counts shared
commit
99ebc98d1fb649acfa052da5cf03126a4746f670
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Jul 1 16:50:06 2022 +0300
stream: fix stats cleanup
commit
ce477b1c3ccc00d4d293a6e79fd15475bed7308e
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Jul 1 16:49:36 2022 +0300
dce_smb: fix stats cleanup
commit
7d1e38d5a94bff506237a06fa7626c113cf5ba50
Author: Vitalii <vhorbato@cisco.com>
Date: Thu Jun 30 20:06:00 2022 +0300
appid: fix stats cleanup
commit
e0bd6f142fa2ee9e81dc8038eb4a88d5c104c357
Author: Vitalii <vhorbato@cisco.com>
Date: Thu Jun 30 20:05:43 2022 +0300
file_api: fix stats cleanup
Tom Peters (thopeter) [Mon, 11 Jul 2022 20:43:04 +0000 (20:43 +0000)]
Pull request #3503: http_inspect: do not abort midstream pickups
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:midstream_pickup to master
Squashed commit of the following:
commit
bc82cbb5677d46a254251022c7aebf01625a05c9
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Jul 1 15:36:43 2022 -0400
http_inspect: do not abort midstream pickups
Pull request #3493: JS Normalizer: fix decimal number pattern
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:jsn_fix_id to master
Squashed commit of the following:
commit
25041bc840a69dff344199c1ab86e315edfea5f7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Jul 1 15:06:01 2022 +0300
utils: fix parsing of decimal number literals
Russ Combs (rucombs) [Fri, 8 Jul 2022 18:17:15 +0000 (18:17 +0000)]
Pull request #3507: build: generate and tag 3.1.35.0
Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.35.0 to master
Squashed commit of the following:
commit
5274ec47130aff36ec8edea62cb0a6c0c6ebb2b3
Author: russ <rucombs@cisco.com>
Date: Fri Jul 8 14:08:49 2022 -0400
build: generate and tag 3.1.35.0
Russ Combs (rucombs) [Fri, 8 Jul 2022 17:25:43 +0000 (17:25 +0000)]
Pull request #3505: sandbox: must propagate file_id for includer logic
Merge in SNORT/snort3 from ~RUCOMBS/snort3:quick_sand to master
Squashed commit of the following:
commit
94541d79e83322cf81f0bdf87b6ad7803947f024
Author: russ <rucombs@cisco.com>
Date: Fri Jul 8 12:17:56 2022 -0400
sandbox: must propagate file_id for includer logic
Russ Combs (rucombs) [Thu, 7 Jul 2022 18:37:03 +0000 (18:37 +0000)]
Pull request #3501: build: generate and tag 3.1.34.0
Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.34.0 to master
Squashed commit of the following:
commit
3638397d75a75c46d6691ebf9cf80aab9b7c2ec7
Author: russ <rucombs@cisco.com>
Date: Thu Jul 7 12:10:19 2022 -0400
build: generate and tag 3.1.34.0
Russ Combs (rucombs) [Thu, 7 Jul 2022 13:34:04 +0000 (13:34 +0000)]
Pull request #3496: file_id: fix rules_file path resolution
Merge in SNORT/snort3 from ~RUCOMBS/snort3:file_magic_path to master
Squashed commit of the following:
commit
07d6ee41b541ffa39b5d4be6c9f034f104246431
Author: russ <rucombs@cisco.com>
Date: Wed Jul 6 15:39:01 2022 -0400
file_id: fix rules_file path resolution
Steven Baigal (sbaigal) [Tue, 5 Jul 2022 14:21:52 +0000 (14:21 +0000)]
Pull request #3485: Fix config logger
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_config_logger to master
Squashed commit of the following:
commit
4ce90eea0b6b7c75f4321c3cabdc6781178291a9
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Jun 15 17:21:26 2022 +0300
build: remove unnecessary type casts
commit
6cda44321578d31de30524a5b8a50ce7713ecea9
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Jun 15 17:02:52 2022 +0300
log: add log_value and log_limit overloads with built-in integer types
Using built-in integer types in overloads of ConfigLogger::log_value
and ConfigLogger::log_limit resolves possible ambiguity over different
platforms in case of platform-dependent integer types like size_t
Steven Baigal (sbaigal) [Tue, 5 Jul 2022 14:19:24 +0000 (14:19 +0000)]
Pull request #3492: utils: make shutdown timing stats more precise (github PR #184)
Merge in SNORT/snort3 from ~ASERBENI/snort3:github_issue_184 to master
Squashed commit of the following:
commit
776e276faf3cc86b3d9cd3675cca558a24271e57
Author: trevor tao <trevor.tao@arm.com>
Date: Mon May 24 21:09:15 2021 +0800
utils: make shutdown timing stats more precise
Thanks to trevor tao <trevor.tao@arm.com> for the update.
Tom Peters (thopeter) [Fri, 1 Jul 2022 20:40:36 +0000 (20:40 +0000)]
Pull request #3483: http2_inspect: consider continuation when checking headers length
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:scan_total to master
Squashed commit of the following:
commit
7e8952c3a39590fd7dff1d637b189ded8da70ce9
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Jun 22 11:27:53 2022 -0400
http2_inspect: consider continuation when checking headers length
Bhargava Jandhyala (bjandhya) [Fri, 1 Jul 2022 15:35:08 +0000 (15:35 +0000)]
Pull request #3489: dce_rpc: set presistent flag for dcerpc pinhole session
Merge in SNORT/snort3 from ~PRERAMA2/snort3:pinhole_flag to master
Squashed commit of the following:
commit
eddf849fc2839626dec59918da7f8e42351502e8
Author: Preethi Ramachandra <prerama2@cisco.com>
Date: Wed Jun 29 12:04:01 2022 +0530
dce_rpc: set presistent flag for dcerpc pinhole session
Mike Stepanek (mstepane) [Thu, 30 Jun 2022 12:57:36 +0000 (12:57 +0000)]
Pull request #3491: build: generate and tag 3.1.33.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.33.0 to master
Squashed commit of the following:
commit
7937d2f539bd331601f6a7303764766f760e86e1
Author: Mike Stepanek <mstepane@cisco.com>
Date: Thu Jun 30 07:44:50 2022 -0400
build: generate and tag 3.1.33.0
Mike Stepanek (mstepane) [Wed, 29 Jun 2022 20:32:38 +0000 (20:32 +0000)]
Pull request #3490: lua: updating sid and rev fields
Merge in SNORT/snort3 from ~BJANDHYA/snort3:file_magic to master
Squashed commit of the following:
commit
bbdd16189a0bfb454e18fd5a4b5b4c03edbff9e5
Author: Bhargava Jandhyala <bjandhya@cisco.com>
Date: Wed Jun 29 15:04:34 2022 -0400
lua: updating sid and rev fields
Mike Stepanek (mstepane) [Wed, 29 Jun 2022 17:06:53 +0000 (17:06 +0000)]
Pull request #3404: File type finding using IPS rules
Merge in SNORT/snort3 from ~BJANDHYA/snort3:poc_file_type to master
Squashed commit of the following:
commit
bc98bab3ec3f6e42ef512f2729c8e8940b49b770
Author: krishnakanth <vkambala@cisco.com>
Date: Mon Jun 27 10:34:11 2022 +0530
framework: update base API version to 14
commit
48da0d392030ec7af45bb0fde117acc2e216d844
Author: Bhargava Jandhyala <bjandhya@cisco.com>
Date: Fri Dec 3 06:54:35 2021 -0500
file_api: file type identification over ips engine
modified: src/framework/cursor.cc
Masud Hasan (mashasan) [Tue, 28 Jun 2022 19:28:13 +0000 (19:28 +0000)]
Pull request #3488: netflow: fix v5 header time value
Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_odds_and_ends to master
Squashed commit of the following:
commit
6cc63741d7f3cee1d0ce8feb449df868d8b9f947
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Jun 28 14:38:57 2022 -0400
netflow: fix v5 header time value
Tom Peters (thopeter) [Tue, 28 Jun 2022 17:05:00 +0000 (17:05 +0000)]
Pull request #3487: http2_inspect: unit tests depending on REG_TEST
Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp165 to master
Squashed commit of the following:
commit
d3b038594dc5118c6114f29a998f8c71aa4518f1
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jun 27 15:57:42 2022 -0400
http2_inspect: unit tests depending on REG_TEST
Masud Hasan (mashasan) [Tue, 28 Jun 2022 16:55:31 +0000 (16:55 +0000)]
Pull request #3466: rna: allow rna to fire an event when a new netflow connection is detected
Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_conn_events to master
Squashed commit of the following:
commit
d5a2c8c4a6217cc3dba89a8b25efae1d72e729f5
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Jun 7 13:37:12 2022 -0400
rna: allow rna to fire an event when a new netflow connection is detected
Mike Stepanek (mstepane) [Mon, 27 Jun 2022 12:22:07 +0000 (12:22 +0000)]
Pull request #3486: wizard: add proto option for wizard
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_proto to master
Squashed commit of the following:
commit
44c44188e18a24a6744a2b45c9791d8420e9223f
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Thu Jun 16 17:22:30 2022 +0300
wizard: update wizard's patterns to follow the proto option
Updated framework to parse correctly the patterns in pair with proto
option. For each proto type should be created seperated collection of
patterns based on config file.
Ron Dempster (rdempste) [Mon, 27 Jun 2022 12:21:26 +0000 (12:21 +0000)]
Pull request #3482: ftp_telnet: make active ftp expected session in the correct direction
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:active_ftp to master
Squashed commit of the following:
commit
9067434d7bf6bef3f21f935beb54833a4cdfed50
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Jun 17 15:05:18 2022 -0400
ftp_telnet: make active ftp expected session in the correct direction
Mike Stepanek (mstepane) [Mon, 27 Jun 2022 10:47:40 +0000 (10:47 +0000)]
Pull request #3477: Refactor: move trace related files from main to trace folder
Merge in SNORT/snort3 from ~ASERBENI/snort3:trace_refactor to master
Squashed commit of the following:
commit
2e074bcbe3732bdc06c3cc6d2cbfb4c1a80e84a7
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed Jun 15 13:34:38 2022 +0300
main: move trace related code to trace folder
Russ Combs (rucombs) [Fri, 24 Jun 2022 21:11:19 +0000 (21:11 +0000)]
Pull request #3484: hyperscan: delete databases upon error
Merge in SNORT/snort3 from ~RUCOMBS/snort3:hs_db_err to master
Squashed commit of the following:
commit
15d0fd1b9fe26fc2cd5b873726f51b013daecc2f
Author: russ <rucombs@cisco.com>
Date: Wed Jun 22 11:11:08 2022 -0400
hyperscan: delete databases upon error
Masud Hasan (mashasan) [Thu, 23 Jun 2022 19:13:43 +0000 (19:13 +0000)]
Pull request #3481: rna: Use the longest user agent fingerprint among multiple matches
Merge in SNORT/snort3 from ~MASHASAN/snort3:longest_ua_match to master
Squashed commit of the following:
commit
b4dbadacd3b980129546806c411de4da6f96e5ff
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Jun 17 10:31:03 2022 -0400
rna: Use the longest user agent fingerprint among multiple matches
Tom Peters (thopeter) [Thu, 23 Jun 2022 16:26:28 +0000 (16:26 +0000)]
Pull request #3461: http_inspect: uniform alerts when splitter aborts
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:uniform_alerts_for_abort to master
Squashed commit of the following:
commit
9a69be6c333453ce2cac6e9df8d06b4008a69653
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu May 26 14:59:09 2022 -0400
http_inspect: uniform alerts when splitter aborts
Steven Baigal (sbaigal) [Thu, 23 Jun 2022 15:14:09 +0000 (15:14 +0000)]
Pull request #3480: Fix SEGFAULT in suppress module
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_segfauld_in_suppress_module to master
Squashed commit of the following:
commit
a28a35b361421fc8287c1cd896545076a35216c6
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Fri Jun 17 14:46:03 2022 +0300
filters: check if a configured gid value is supported by filter's implementation
Mike Stepanek (mstepane) [Thu, 23 Jun 2022 12:37:40 +0000 (12:37 +0000)]
Pull request #3472: Fix port var not reduced bug
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_port_var_not_reduse_bug to master
Squashed commit of the following:
commit
73eb4880d0b83dffecf31053d1972c3e656ed42a
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Tue Jun 14 23:25:11 2022 +0300
parser: update do_hash() function to work correctly with port variables
Mike Stepanek (mstepane) [Tue, 21 Jun 2022 12:43:13 +0000 (12:43 +0000)]
Pull request #3471: parser: string-ify ExpandVars
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:expand_vars to master
Squashed commit of the following:
commit
ea934e0f3d339916be87ccc60ffd880eeb06b398
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Jun 14 13:07:24 2022 +0300
parser: use std::string in ExpandVars
Steve Chew (stechew) [Thu, 16 Jun 2022 22:01:53 +0000 (22:01 +0000)]
Pull request #3475: build: generate and tag 3.1.32.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.32.0 to master
Squashed commit of the following:
commit
2905c73152e863100139167d5e5efaa5c03a0806
Author: Steve Chew <stechew@cisco.com>
Date: Wed Jun 15 09:58:05 2022 -0400
build: generate and tag 3.1.32.0
Steve Chew (stechew) [Thu, 16 Jun 2022 13:27:55 +0000 (13:27 +0000)]
Pull request #3476: log: Fixed missing include for Clear Linux build.
Merge in SNORT/snort3 from ~STECHEW/snort3:clear_linux_time_fix to master
Squashed commit of the following:
commit
cf68d294a3b41057eb8969f648391c7fc78aadd0
Author: Steve Chew <stechew@cisco.com>
Date: Wed Jun 15 16:44:40 2022 -0400
log: Fixed missing include for Clear Linux build.
Masud Hasan (mashasan) [Tue, 14 Jun 2022 18:13:42 +0000 (18:13 +0000)]
Pull request #3435: stream_tcp: fix splitter abort handling
Merge in SNORT/snort3 from ~SMINUT/snort3:stream_splitter_abort to master
Squashed commit of the following:
commit
286a7c81fcf8209c10a67ee81af5b51891354ca4
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Jun 10 18:16:56 2022 -0400
stream_tcp: flip the server_side flag in fallback() and assert what it should be
commit
f5890f307f300c2a71f8c3906ccbf9d19602faf2
Author: Silviu Minut <sminut@cisco.com>
Date: Thu May 19 11:51:29 2022 -0400
stream_tcp: fix splitter abort handling
Mike Stepanek (mstepane) [Tue, 14 Jun 2022 14:13:44 +0000 (14:13 +0000)]
Pull request #3463: Fixit handling
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:fixit_handling to master
Squashed commit of the following:
commit
0941456ee529069d60f8edd1725ccbda3dbfb015
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Jun 7 12:58:02 2022 +0300
utils, parser: remove redundant fixits
Remove FIXIT-L@js_normalizer_test.cc:4249
US created to handle the fixit
Remove FIXIT-M@parser.cc:702
The issue was handled in
2414d8b9d22 ,
but the FIXIT comment was left
Reword FIXIT-M@parse-conf.cc:210
Masud Hasan (mashasan) [Tue, 14 Jun 2022 13:31:09 +0000 (13:31 +0000)]
Pull request #3460: openssl: Openssl minimum version is set to 1.1.1
Merge in SNORT/snort3 from ~OSTEPANO/snort3:openssl_version_check to master
Squashed commit of the following:
commit
08d6c9f9168f357f3c245c110864dc253fdb9b18
Author: ostepano <ostepano@cisco.com>
Date: Mon Jun 6 09:14:36 2022 -0400
openssl: Openssl minimum version is set to 1.1.1
Mike Stepanek (mstepane) [Tue, 14 Jun 2022 12:40:12 +0000 (12:40 +0000)]
Pull request #3470: detection: remove redundant FIXIT
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:detection_fix to master
Squashed commit of the following:
commit
f80bb5d5b3bdf39b8ccbb5c9ef2789917571cf8a
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Wed Jun 8 16:09:10 2022 +0300
detection: remove redundant FIXIT
Mike Stepanek (mstepane) [Tue, 14 Jun 2022 11:07:39 +0000 (11:07 +0000)]
Pull request #3468: ips_options: improve code coverage
Merge in SNORT/snort3 from ~ASERBENI/snort3:ips_options_cov to master
Squashed commit of the following:
commit
e560ef95fb156dc6ddfdf8844f3a50fbbc5f4fa7
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Thu Jun 9 11:24:44 2022 +0300
ips_options: improve ips_hash and ips_cvs code coverage
Mike Stepanek (mstepane) [Mon, 13 Jun 2022 10:39:20 +0000 (10:39 +0000)]
Pull request #3464: JS Normalizer: fix regex literal parsing
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex_fix to master
Squashed commit of the following:
commit
a819e45513bfdde092a859b5f0234e706e3c15a7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Jun 9 15:03:19 2022 +0300
utils: remove redundant checks in regex groups
In regex literal a group and a character class do not intersect.
commit
70ede6db27e10957b7464587734e54502676c597
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Thu Jun 9 13:35:30 2022 +0300
utils: remove curly brace parsing from regex literals
Curly braces inside a regex literal are not a point of interest, since they
don't form a class or a group.
Shanmugam S (shanms) [Fri, 10 Jun 2022 13:30:29 +0000 (13:30 +0000)]
Pull request #3469: ftp_telnet: handle all space characters as a separator between FTP request command and arguments
Merge in SNORT/snort3 from ~ABHPAL/snort3:ftp_no_encrypt to master
Squashed commit of the following:
commit
4ef21c0f3c7b90b57c42d6075add9f80029e1ae4
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Fri Jun 10 13:59:41 2022 +0530
ftp_telnet: handle all space characters as a seperator between FTP request command and arguments
Shanmugam S (shanms) [Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)]
Pull request #3458: ftp_telnet: correct the implementation for check_encrypted and encrypted_data config, handle form-feed as non-encrypted traffic
Merge in SNORT/snort3 from ~ABHPAL/snort3:ftp_no_encrypt to master
Squashed commit of the following:
commit
a32b054c106c71b116ef7c7ec279ad877cadce6a
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Tue Jun 7 10:48:05 2022 +0530
ftp_telnet: correct the implementation for check_encrypted and encrypted_data config, handle form-feed as non-encrypted traffic
Masud Hasan (mashasan) [Thu, 9 Jun 2022 19:16:05 +0000 (19:16 +0000)]
Pull request #3462: netflow: supporting memcap reconfiguration upon reload
Merge in SNORT/snort3 from ~MASHASAN/snort3:netflow_reload to master
Squashed commit of the following:
commit
653f9bee6693c19554061c1297db0236687172be
Author: Masud Hasan <mashasan@cisco.com>
Date: Fri Jun 3 21:53:43 2022 -0400
netflow: supporting memcap reconfiguration upon reload
Mike Stepanek (mstepane) [Wed, 8 Jun 2022 10:54:40 +0000 (10:54 +0000)]
Pull request #3455: JS Normalizer: add explicit check for HTML script opening tag ending
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_inline_scripts to master
Squashed commit of the following:
commit
f8e2c07bc730f705941d659fb8eb2e70c8e4c00d
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Jun 2 15:28:06 2022 +0300
http_inspect: add explicit check for HTML script opening tag ending
Mike Stepanek (mstepane) [Wed, 8 Jun 2022 10:19:22 +0000 (10:19 +0000)]
Pull request #3459: wizard: Use const reference instead of copying
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:wizard_vtune_perf_fix to master
Squashed commit of the following:
commit
b08b178af712f78da901496e6252b21f0c4037e8
Author: dkyrylov <dkyrylov@cisco.com>
Date: Tue Jun 7 13:04:19 2022 +0300
wizard: use const reference instead of copying
Tom Peters (thopeter) [Tue, 7 Jun 2022 19:16:39 +0000 (19:16 +0000)]
Pull request #3457: Mime phase 2
Merge in SNORT/snort3 from ~THOPETER/snort3:mime_phase_2 to master
Squashed commit of the following:
commit
fe36683acc1a83d5e93ce55ab806ce0c9edcf8f0
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Jun 6 16:20:52 2022 -0400
http_inspect: remove unneeded header inclusions and improve cleanup before trailers
commit
39da40c13fb24edd3204b7a780cd597d6832b29f
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Jun 3 13:50:16 2022 -0400
mime: cleanup
Mike Stepanek (mstepane) [Tue, 7 Jun 2022 13:13:23 +0000 (13:13 +0000)]
Pull request #3454: modules: resolve int type mismatch in config options
Merge in SNORT/snort3 from ~VHORBATO/snort3:opt_ranges to master
Squashed commit of the following:
commit
5e068e9c20ff3c5871aa423a54d3677a9ac1f058
Author: Vitalii <vhorbato@cisco.com>
Date: Thu Jun 2 16:40:07 2022 +0300
modules: resolve int type mismatch in config options
- dce_smb: reduce smb_max_credit range to avoid uint16_t overflow
- profiler: fix issue with negative number cast to unsigned for max_depth
- rna: reduce range for ttl, fix cast for df, minor and major options
Thanks to liangxwa01 for pointing this out!
Pranav Bhalerao (prbhaler) [Tue, 7 Jun 2022 09:30:18 +0000 (09:30 +0000)]
Pull request #3448: Ips bug port
Merge in SNORT/snort3 from ~KDEWANGA/snort3:ips_bug_port to master
Squashed commit of the following:
commit
f55b2bc2a1e3384cd53f4fed5c2c797ec31fc73f
Author: kdewanga <kdewanga@cisco.com>
Date: Sun May 22 10:38:38 2022 +0000
logger: added reload function to create new files when snort reloads
Masud Hasan (mashasan) [Tue, 7 Jun 2022 04:04:32 +0000 (04:04 +0000)]
Pull request #3440: Netflow host/service discovery
Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow_disco to master
Squashed commit of the following:
commit
60339cfeb1a5142a114415a1f451c752bb614297
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed May 11 16:11:33 2022 -0400
netflow: implement RNA integration for host/service discovery
Masud Hasan (mashasan) [Mon, 6 Jun 2022 20:46:46 +0000 (20:46 +0000)]
Pull request #3456: appid: config for logging eve process to client mappings
Merge in SNORT/snort3 from ~SATHIRKA/snort3:eve_process_client_mapping_log to master
Squashed commit of the following:
commit
d30d6a49e5e64f14b96d461eb9d284ebf6d9a2ce
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Jun 3 15:02:36 2022 -0400
appid: config for logging eve process to client mappings
Mike Stepanek (mstepane) [Thu, 2 Jun 2022 20:30:08 +0000 (20:30 +0000)]
Pull request #3451: netflow: fix build on MacOS
Merge in SNORT/snort3 from ~OSERHIIE/snort3:macos_build_fix to master
Squashed commit of the following:
commit
4ced378fa0217bd475d7e3fbdb96d7cfa9f8c4c3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Jun 1 13:51:33 2022 +0300
netflow: fix build on MacOS
This commit adds explicit type casting for ConfigLogger::log_value()
function call which accepts number of size_t type as an argument.
The reason is that on MacOS with Homebrew GCC 7.5.0 it cannot resolve
the call with size_t type to one of the overloads with int parameters.
Masud Hasan (mashasan) [Thu, 2 Jun 2022 17:57:14 +0000 (17:57 +0000)]
Pull request #3452: main: adding null check for scratch handler
Merge in SNORT/snort3 from ~SATHIRKA/snort3:scratch_update_crash to master
Squashed commit of the following:
commit
d8fd27401bdbf748a8edc353123e775295bc87b5
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Tue May 31 13:53:45 2022 -0400
main: adding null check for scratch handler
Mike Stepanek (mstepane) [Thu, 2 Jun 2022 16:02:45 +0000 (16:02 +0000)]
Pull request #3453: build: generate and tag 3.1.31.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.31.0 to master
Squashed commit of the following:
commit
30438385b5666040f82386851063c163ac9983fc
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Jun 1 13:43:46 2022 -0400
build: generate and tag 3.1.31.0
Mike Stepanek (mstepane) [Tue, 31 May 2022 17:03:11 +0000 (17:03 +0000)]
Pull request #3425: http_inspect: Check for empty decompressed file body for JSN
Merge in SNORT/snort3 from ~ASERBENI/snort3:pdu_miss to master
Squashed commit of the following:
commit
bebdb26c20002a96c5073d407889806864b21665
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Mon May 16 13:45:43 2022 +0300
http_inspect: change js processed data tracking
Masud Hasan (mashasan) [Tue, 31 May 2022 16:26:13 +0000 (16:26 +0000)]
Pull request #3442: appid: Added lock_guard to prevent data race on reload
Merge in SNORT/snort3 from ~OSTEPANO/snort3:tasan_appid_reload to master
Squashed commit of the following:
commit
5af9c9ad1b0ed389fb35d0d3cfff45dae3df46a8
Author: ostepano <ostepano@cisco.com>
Date: Tue May 24 09:15:25 2022 -0400
appid: Added lock_guard to prevent data race on reload
Mike Stepanek (mstepane) [Tue, 31 May 2022 14:59:10 +0000 (14:59 +0000)]
Pull request #3437: Fix config option handling for suppress module
Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_config_option_handling_for_suppress_module to master
Squashed commit of the following:
commit
099db62ee3f27240572b9007f3365e4e9e768bae
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Sun May 15 17:00:51 2022 +0300
filters: add correct handling of by_src and by_dst
Thanks to Albert O'Balsam for reporting the bug.
Mike Stepanek (mstepane) [Tue, 31 May 2022 14:52:35 +0000 (14:52 +0000)]
Pull request #3441: JSN: disabled 119:267 alert for single line comments
Merge in SNORT/snort3 from ~ASERBENI/snort3:comment_end_tag to master
Squashed commit of the following:
commit
3b00f92820e2e658e1d1088aadf0a2155da86a14
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date: Wed May 25 14:24:06 2022 +0300
utils: allow script closing tag in single-line comments
A closing tag placed in a single line comment will end the inline script
Mike Stepanek (mstepane) [Tue, 31 May 2022 14:41:24 +0000 (14:41 +0000)]
Pull request #3447: perf_monitor: fix timestamp for idle processing
Merge in SNORT/snort3 from ~OSERHIIE/snort3:bug_CSCvx76013 to master
Squashed commit of the following:
commit
48030fe21edd2181ff9c642b9f43f75ce965ef28
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Fri May 27 10:12:26 2022 +0300
perf_monitor: fix timestamp for idle processing
This change provides a fix for the case when traffic has been stopped
somewhere in the middle of reporting interval.
If it happens, reporting falls into idle processing and still makes
records in time but logged timestamp value is wrong since it was not
updated for trackers since the last packet gone.
Subsequent time intervals are fine.
Bhargava Jandhyala (bjandhya) [Tue, 31 May 2022 11:12:31 +0000 (11:12 +0000)]
Pull request #3444: dce_rpc: converting tree tracker to shared ptr
Merge in SNORT/snort3 from ~UMUNNIKR/snort3:tree_tracker_shared_ptr to master
Squashed commit of the following:
commit
7e04875cd7ad8cb7122469b985fe8f02575dba4d
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Tue May 17 12:11:41 2022 +0530
dce_rpc: converting tree tracker to shared ptr
Masud Hasan (mashasan) [Fri, 27 May 2022 19:36:44 +0000 (19:36 +0000)]
Pull request #3439: netflow: Enforcing memcap for record and template LRU caches
Merge in SNORT/snort3 from ~MASHASAN/snort3:netflow_memcap to master
Squashed commit of the following:
commit
bc2f0391d2011a359c8c1b238e222b305cd60db3
Author: Masud Hasan <mashasan@cisco.com>
Date: Thu May 26 23:51:59 2022 -0400
host_tracker: Renaming generic files and classes
commit
bf7c31fd580de06f7c8311cd7e1fc3c91b7c5f4e
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed May 18 14:50:13 2022 -0400
netflow: Enforcing memcap for session record and template LRU caches
Mike Stepanek (mstepane) [Fri, 27 May 2022 16:47:05 +0000 (16:47 +0000)]
Pull request #3431: http_inspect: add handling of binary and octal integers to JS Normalizer
Merge in SNORT/snort3 from ~VHORBATO/snort3:js_int_lit to master
Squashed commit of the following:
commit
2e3b8040edc18c5410c5a055eace0199a3135189
Author: Vitalii <vhorbato@cisco.com>
Date: Thu May 19 12:44:06 2022 +0300
http_inspect: add handling of binary, octal and big integers to JS Normalizer
Pranav Bhalerao (prbhaler) [Fri, 27 May 2022 12:49:07 +0000 (12:49 +0000)]
Pull request #3446: Revert "Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands"
Merge in SNORT/snort3 from ~ABHPAL/snort3:CSCwb69096 to master
Squashed commit of the following:
commit
543b5c6781025866bc7e43fa6df1d14aaf904759
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Fri May 27 16:15:41 2022 +0530
Revert "Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands"
This reverts commit
48d73d26f5d8c4307f98588a96cf4bc1a7da275f .
Masud Hasan (mashasan) [Thu, 26 May 2022 18:37:05 +0000 (18:37 +0000)]
Pull request #3434: hyperscan: reallocate hyperscan scratch space when patterns are reloaded during appid detector reload
Merge in SNORT/snort3 from ~SATHIRKA/snort3:scratch_update to master
Squashed commit of the following:
commit
d320d2fa108197eb0a5c78776a79b695dfe46ab7
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed May 11 14:38:03 2022 -0400
hyperscan: reallocate hyperscan scratch space when patterns are reloaded during appid detector reload
Tom Peters (thopeter) [Thu, 26 May 2022 15:57:54 +0000 (15:57 +0000)]
Pull request #3443: US 750083 http2_inspect: add alert for too long non-DATA frame
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:alert_long_no_data_frame to master
Squashed commit of the following:
commit
59b023f3586ae55d751a4d282f572f3276fa0cdc
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri May 20 17:13:11 2022 -0400
http2_inspect: add alert and infraction for non-Data frame too long
Mike Stepanek (mstepane) [Wed, 25 May 2022 16:52:43 +0000 (16:52 +0000)]
Pull request #3427: docs: JS Normalizer: track constructed objects
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_class_track to master
Squashed commit of the following:
commit
94a5709811b971bdec31035b9970866143914e07
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed May 18 14:20:14 2022 +0300
doc: add class track description to user doc
Mike Stepanek (mstepane) [Wed, 25 May 2022 16:52:10 +0000 (16:52 +0000)]
Pull request #3423: JS Normalizer: track constructed objects
Merge in SNORT/snort3 from ~DKYRYLOV/snort3:js_class_track to master
Squashed commit of the following:
commit
07d5248871f13bddbcaf96f9b16e05e6c3c3d6f8
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed May 4 17:30:17 2022 +0300
utils: Add keyword new support and object tracking
Pranav Bhalerao (prbhaler) [Wed, 25 May 2022 16:24:50 +0000 (16:24 +0000)]
Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands
Merge in SNORT/snort3 from ~ABHPAL/snort3:CSCwb69096 to master
Squashed commit of the following:
commit
022cac22e695b9c37e52665ea19a7fdd23f19cf5
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu May 5 12:09:16 2022 +0530
ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands
Russ Combs (rucombs) [Tue, 24 May 2022 17:49:09 +0000 (17:49 +0000)]
Pull request #3438: appid: do not delete third-party connection when third-party reload is in progress and the context swap is not complete
Merge in SNORT/snort3 from ~SATHIRKA/snort3:reload_tp_conn_delete to master
Squashed commit of the following:
commit
25910d3f6cce13f41c8115013306b588bbd50afe
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu May 19 18:21:37 2022 -0400
appid: do not delete third-party connection when third-party reload is in progress and the context swap is not complete
Mike Stepanek (mstepane) [Tue, 24 May 2022 14:30:17 +0000 (14:30 +0000)]
Pull request #3428: JS Norm: Check Content-Type
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_content_type to master
Squashed commit of the following:
commit
457cf486d8846108cb3cda7ea9bf99aaae4c5985
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue May 17 22:59:38 2022 +0300
http_inspect: implement general approach of checking Content-Type header
Adding a general approach of checking Content-Type header values.
Comparison uses normalized header value and returns appropriate
code value if matched. The headers comparison is strict and precise.
Additional header parameters, like charset, are ignored. Comparison
happens against MIME type/subtupe only.
commit
79fae25f1bf59d6bcf34f2f6b92a2b8666ee830d
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue May 17 13:29:09 2022 +0300
http_inspect: add Content-Type header validation for Enhanced JS Normalizer
Avoid lookup for Inline JavaScript if media-type is not of HTML type.
Accepted media-types follows:
* application/xhtml+xml
* text/html
If Content-Type header is not specified, default media-type will be
application/octet-stream which is not allowed. The normalization
will be skipped.
Tom Peters (thopeter) [Fri, 20 May 2022 01:09:52 +0000 (01:09 +0000)]
Pull request #3411: http_inspect: added field for raw_body
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:new_field_for_raw_body_w_depth to master
Squashed commit of the following:
commit
ecfe918412a0ac3914b649f5f4eb8d8d57d88a62
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed May 4 15:59:54 2022 -0400
http_inspect: added field for raw_body
Steve Chew (stechew) [Thu, 19 May 2022 21:26:26 +0000 (21:26 +0000)]
Pull request #3436: build: generate and tag 3.1.30.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.30.0 to master
Squashed commit of the following:
commit
5403acd8e7a4072702b809f0b4302570032728e3
Author: Steve Chew <stechew@cisco.com>
Date: Thu May 19 00:33:25 2022 -0400
build: generate and tag 3.1.30.0
Mike Stepanek (mstepane) [Thu, 19 May 2022 00:15:27 +0000 (00:15 +0000)]
Pull request #3426: Remove unused features
Merge in SNORT/snort3 from ~RUCOMBS/snort3:remove_unused_features to master
Squashed commit of the following:
commit
6e087ec5641a96c764b08a6de0fb87efec477f41
Author: russ <rucombs@cisco.com>
Date: Mon May 16 15:49:16 2022 -0400
piglets: remove unused test harness
commit
ab27ed002ccca3d6cd3bf480608f434bade93483
Author: russ <rucombs@cisco.com>
Date: Mon May 16 14:55:14 2022 -0400
perf_monitor: remove unused flatbuffers support
Tom Peters (thopeter) [Wed, 18 May 2022 19:42:05 +0000 (19:42 +0000)]
Pull request #3429: BUG #750965: Double free while processing mime
Merge in SNORT/snort3 from ~MDAGON/snort3:mime_fix to master
Squashed commit of the following:
commit
cd063a4521c381e26ccbd5e7bf958889ea1bba40
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue May 17 17:10:01 2022 -0400
mime: set partial_header to null after deletion
Mike Stepanek (mstepane) [Wed, 18 May 2022 11:33:23 +0000 (11:33 +0000)]
Pull request #3424: JS Normalizer: check content decoding
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_content_encoding to master
Squashed commit of the following:
commit
4fc6db8e507415d6feb50ae8691f0daba6492b8d
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Sun May 15 23:24:24 2022 +0300
http_inspect: avoid sending compressed data to JS normalizer
Masud Hasan (mashasan) [Wed, 18 May 2022 03:30:31 +0000 (03:30 +0000)]
Pull request #3417: stream: refactor flush_queued_segments
Merge in SNORT/snort3 from ~SMINUT/snort3:russ_flush to master
Squashed commit of the following:
commit
2dc7bba89aaa9dabf74b8ab930aadc948a02d54c
Author: Silviu Minut <sminut@cisco.com>
Date: Tue May 17 08:02:26 2022 -0400
stream_tcp: add null check for get_current_wire_packet() in dce too
commit
d70012d0605e1949b4f300300af33ac1dc2d86f0
Author: Silviu Minut <sminut@cisco.com>
Date: Tue May 10 18:46:22 2022 -0400
stream_tcp: provide a context and a wire packet where needed, when calling into reassembly from outside regular processing (handle_timeouts)
commit
3828703345b5dd3a0c213481e02938c0425f6c14
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Apr 29 17:36:04 2022 -0400
stream: refactor flush_queued_segments
Russ Combs (rucombs) [Tue, 17 May 2022 11:23:39 +0000 (11:23 +0000)]
Pull request #3413: build: Update dependent libdaq version to 3.0.7
Merge in SNORT/snort3 from ~PRBG/snort3:update_min_libdaq_version to master
Squashed commit of the following:
commit
7190ff171d721ec8a17b45ab0a71a3676a903031
Author: âPriyanka <prbg@cisco.com>
Date: Wed May 4 16:42:41 2022 -0400
build: Update dependent libdaq version to 3.0.7
Mike Stepanek (mstepane) [Mon, 16 May 2022 16:42:12 +0000 (16:42 +0000)]
Pull request #3422: JS Normalizer: regex char groups parsing
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_regex_char_set to master
Squashed commit of the following:
commit
bfac8f0bb9e69f89c289ab39b53b096d3b515219
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri May 13 16:38:36 2022 +0300
utils: fix regex char classes parsing
Inside a character set only few characters retain a special meaning.
Mike Stepanek (mstepane) [Mon, 16 May 2022 12:11:19 +0000 (12:11 +0000)]
Pull request #3421: JS Normalizer: regex literal detection
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_sc_regex_op to master
Squashed commit of the following:
commit
6282b69c758f5aee95bf88c412fd0d8ed15d4240
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri May 13 14:29:19 2022 +0300
utils: allow regex literals after operator
Mike Stepanek (mstepane) [Fri, 13 May 2022 15:23:46 +0000 (15:23 +0000)]
Pull request #3419: doc: User documentation update for obfuscate_pii and --help-module
Merge in SNORT/snort3 from ~PRBG/snort3:doc_update_help_and_usage to master
Squashed commit of the following:
commit
f6293a0d79293afa35d44555c1abb2175b3b120f
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu May 12 12:15:35 2022 -0400
doc: update clone link in README. Thanks to billchenchina.
commit
1838326a7c37672ff85cc97f5cb4e13dfd6a3781
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue May 10 14:20:44 2022 -0400
doc: user documentation update for obfuscate_pii and --help-module
Mike Stepanek (mstepane) [Fri, 13 May 2022 15:23:06 +0000 (15:23 +0000)]
Pull request #3420: JavaScript Normalizer: add Latin-1 decoding of JavaScript unescape-like functions
Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_unescape_latin_1 to master
Squashed commit of the following:
commit
aee1c83bfea39d7bd219eb7aecd5255dca2d470f
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed May 11 13:07:41 2022 +0300
utils: add Latin-1 decoding of JavaScript unescape-like functions
Mike Stepanek (mstepane) [Wed, 11 May 2022 18:20:47 +0000 (18:20 +0000)]
Pull request #3418: JS Normalizer: A Source Field Availability
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_input_check to master
Squashed commit of the following:
commit
33b91f2ba4c20d634ec0bab28b76f46bdb0e5efc
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue May 10 14:48:58 2022 +0300
http_inspect: check if input available before JavaScript normalization
Mike Stepanek (mstepane) [Wed, 11 May 2022 13:53:47 +0000 (13:53 +0000)]
Pull request #3415: http_inspect: add ignoring defined object properties for Enchanced JS normalizer
Merge in SNORT/snort3 from ~VHORBATO/snort3:js_prop_ignore to master
Squashed commit of the following:
commit
eb135f3e3ccfec12f622f9d2770a5f2175a0fc52
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Apr 29 12:51:52 2022 +0300
http_inspect: add ignoring defined object properties for Enchanced JS normalizer
Masud Hasan (mashasan) [Tue, 10 May 2022 19:46:57 +0000 (19:46 +0000)]
Pull request #3393: snort3: remove SMB detection from service_netbios.cc
Merge in SNORT/snort3 from ~CLJUDGE/snort3:snort3_downgrade_smb_detection to master
Squashed commit of the following:
commit
b4486b0c80ad1991d00f99dc6df64131b8be861b
Author: Clifford Judge <cljudge@cisco.com>
Date: Mon Apr 25 10:24:09 2022 -0400
snort3: remove SMB detection from service_netbios.cc
Mike Stepanek (mstepane) [Tue, 10 May 2022 15:12:29 +0000 (15:12 +0000)]
Pull request #3402: Handle optional quotes
Merge in SNORT/snort3 from ~VHORBAN/snort3:handle_optional_quotes_graceflly to master
Squashed commit of the following:
commit
d3f04e4d0f9311610c09d83f6b3392bdf4d349bd
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Fri Apr 22 18:08:13 2022 +0300
framework: add method to get unquoted string from configuration value
Mike Stepanek (mstepane) [Tue, 10 May 2022 11:10:02 +0000 (11:10 +0000)]
Pull request #3416: wizard: fix code style
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:fix_up_code_style to master
Squashed commit of the following:
commit
4103d16df893987b729caf1dc649de82b58fbda0
Author: Yehor <egor1velikogon@gmail.com>
Date: Thu May 5 21:43:30 2022 +0300
wizard: fix code style
Following code style aspects was covered:
1. Space after 'if', 'for', 'while', 'switch' and space between braces
2. Newline before mentioned keyword.
3. Newline before 'return'.
4. Adding const to func if applicable.
George Koikara (gkoikara) [Mon, 9 May 2022 10:50:51 +0000 (10:50 +0000)]
Pull request #3368: http2_inspect: Templatize variable length integer decoding of integer and string
Merge in SNORT/snort3 from ~ABHPAL/snort3:h3 to master
Squashed commit of the following:
commit
ba690edfc9d454ec8764a855fc110d071e1b0c4b
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date: Thu Apr 7 22:57:51 2022 +0530
http2_inspect: Templatize variable length integer decoding of integer and string
Mike Stepanek (mstepane) [Fri, 6 May 2022 17:51:06 +0000 (17:51 +0000)]
Pull request #3412: Hardening JS Normalizer.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_unescape_tracking to master
Squashed commit of the following:
commit
8120cbb49d9ba15b395cc9eb64b7766fb466f5f9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Wed May 4 19:54:30 2022 +0300
utils: turn debug-build assertion into a product-build code
This removes a redundant assert and adds a test to show that such input could be handled.
Lokesh Bevinamarad (lbevinam) [Thu, 5 May 2022 06:54:20 +0000 (06:54 +0000)]
Pull request #3403: smb: handling file context cleanup
Merge in SNORT/snort3 from ~UMUNNIKR/snort3:smb_mem_corrupt_fix to master
Squashed commit of the following:
commit
c7ce156cfa51ff1fda4d65b3b8f90c3783c77652
Author: Unnikrishnan M <umunnikr@cisco.com>
Date: Mon May 2 10:19:50 2022 +0530
smb: handling file context cleanup
Russ Combs (rucombs) [Wed, 4 May 2022 15:36:05 +0000 (15:36 +0000)]
Pull request #3397: stream_tcp, pop: add sync_on_start method to StreamSplitter
Merge in SNORT/snort3 from ~RUCOMBS/snort3:sync_on_start to master
Squashed commit of the following:
commit
fcd5a8de59569044555cc7d8bd987506767e53f3
Author: russ <rucombs@cisco.com>
Date: Tue Apr 26 14:28:15 2022 -0400
stream_tcp, pop: add sync_on_start method to StreamSplitter
This is used to force a flush of data from the client when the wizard
identifies a flow by data from the server. The new virtual defaults
to false and pop overrides to true to handle the case where jumpy
clients send a command before the server greeting. Other, similar
overrides are anticipated.
Mike Stepanek (mstepane) [Wed, 4 May 2022 14:31:50 +0000 (14:31 +0000)]
Pull request #3409: build: generate and tag 3.1.29.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.29.0 to master
Squashed commit of the following:
commit
53e0cb3ca6389c8d3a11ee0f623c2cc88af34a6d
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed May 4 07:19:08 2022 -0400
build: generate and tag 3.1.29.0
Ron Dempster (rdempste) [Mon, 2 May 2022 18:06:56 +0000 (18:06 +0000)]
Pull request #3406: flow, side_channel, utils: fix clang issues
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:fix_issues to master
Squashed commit of the following:
commit
ed8b5e927b8e6aafb9b58b85f596a49c647054b0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon May 2 10:12:21 2022 -0400
flow, side_channel, utils: fix clang issues
Mike Stepanek (mstepane) [Mon, 2 May 2022 10:49:18 +0000 (10:49 +0000)]
Pull request #3395: wizard: update glob storage due to shared memory
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_mt_fix to master
Squashed commit of the following:
commit
f9159d44d44a9def929b308cc9167bfd354bd99f
Author: Yehor <egor1velikogon@gmail.com>
Date: Tue Apr 19 17:44:47 2022 +0300
wizard: update glob storage due to shared memory
Pranav Bhalerao (prbhaler) [Sat, 30 Apr 2022 02:30:17 +0000 (02:30 +0000)]
Pull request #3383: appid: add alpn matchers
Merge in SNORT/snort3 from ~PRBHALER/snort3:quic_alpn to master
Squashed commit of the following:
commit
77be6266b97de2535006e3ecaa2dc84c8202aefd
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Mon Apr 4 22:16:02 2022 +0530
appid: add alpn matchers
Ron Dempster (rdempste) [Fri, 29 Apr 2022 20:27:35 +0000 (20:27 +0000)]
Pull request #3331: Tenant id
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:tenant_id to master
Squashed commit of the following:
commit
49bcaac681921062b79be6e17ffc319a9d7f831b
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Apr 28 17:02:22 2022 -0400
flow: change the padding and bits in the flow key to make it more clear
commit
76553e101331382ee5e7daca82fb34e513fbb23d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed Apr 27 12:18:04 2022 -0400
dce_rpc: update address space id in the smb keys
commit
3d78363477fcfe1c866ff62d73eb3a6a9970b3cf
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Mar 22 12:04:08 2022 -0400
flow: add inline cppcheck suppressions
commit
f54d8a3cc078023a153b576e78583569dfd4bbb6
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon Mar 21 13:13:19 2022 -0400
flow, network_inspectors, policy_selectors, stream: make address space id 32 bits and add a tenant id to the daq header
Ron Dempster (rdempste) [Fri, 29 Apr 2022 19:40:06 +0000 (19:40 +0000)]
Pull request #3401: main: update analyzer command log message to copy the variable arguments before using them for the remote response
Merge in SNORT/snort3 from ~RDEMPSTE/snort3:va_list to master
Squashed commit of the following:
commit
97b88140885310f3b48bde24cc3770eb73ab68c5
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri Apr 29 10:22:19 2022 -0400
main: update analyzer command log message to copy the variable arguments before using them for the remote response
Tom Peters (thopeter) [Fri, 29 Apr 2022 18:10:53 +0000 (18:10 +0000)]
Pull request #3399: Rule text updates
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:rule_text_updates to master
Squashed commit of the following:
commit
feb97b0a72375cac3e6a9b3a655ff6721a47965b
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Apr 27 12:35:18 2022 -0400
doc: rule text updates
George Koikara (gkoikara) [Fri, 29 Apr 2022 14:36:20 +0000 (14:36 +0000)]
Pull request #3333: http_inspect: install header files, create SO_PUBLIC base class for HttpStreamSplitter and HttpInspect
Merge in SNORT/snort3 from ~SHIKV/snort3:h3_initial to master
Squashed commit of the following:
commit
f027a9fa26ff3ee219eb3ed4717a90056c01a0f7
Author: shibin k v <shikv@cisco.com>
Date: Wed Mar 30 11:19:21 2022 +0000
http_inspect: install header files, create a virtual base class for http_inspect and http_stream_splitter
Tom Peters (thopeter) [Thu, 28 Apr 2022 15:32:43 +0000 (15:32 +0000)]
Pull request #3396: Http mime depth
Merge in SNORT/snort3 from ~KATHARVE/snort3:http_mime_depth to master
Squashed commit of the following:
commit
0a8379db6e1fa866ddc327409324e2ef094f0fa1
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Apr 20 12:21:33 2022 -0400
http_inspect: move mime processing outside of file and detect depth
Steve Chew (stechew) [Mon, 25 Apr 2022 16:53:44 +0000 (16:53 +0000)]
Pull request #3392: build: generate and tag 3.1.28.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.28.0 to master
Squashed commit of the following:
commit
ae3c9a8e96c8040f01a7a34821dac54ba578aab8
Author: Steve Chew <stechew@cisco.com>
Date: Mon Apr 25 10:39:44 2022 -0400
build: generate and tag 3.1.28.0
Steve Chew (stechew) [Fri, 22 Apr 2022 22:30:26 +0000 (22:30 +0000)]
Pull request #3391: mms: initialize BerElement
Merge in SNORT/snort3 from ~KATHARVE/snort3:mms_cppcheck to master
Squashed commit of the following:
commit
1e1b2363d1283c763c1a5d1b2eab6534673f14c3
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Apr 22 15:57:32 2022 -0400
mms: add check that BerElement argument isn't null before calling BerReader::read
Steve Chew (stechew) [Fri, 22 Apr 2022 20:02:32 +0000 (20:02 +0000)]
Pull request #3390: mms: Moved creation of TpktFlowData inspector ID to process init.
Merge in SNORT/snort3 from ~STECHEW/snort3:mms_splitter_fix to master
Squashed commit of the following:
commit
6bbabe07e02408a0f007d6a4cd9c470aa8a6b68b
Author: Steve Chew <stechew@cisco.com>
Date: Fri Apr 22 15:48:50 2022 -0400
mms: Moved creation of TpktFlowData inspector ID to process init.
Masud Hasan (mashasan) [Thu, 21 Apr 2022 19:20:11 +0000 (19:20 +0000)]
Pull request #3385: netflow: Framework for netflow V5 and V9 events
Merge in SNORT/snort3 from ~MASHASAN/snort3:netflow_event2 to master
Squashed commit of the following:
commit
9320cdc01f9ace6dec235274b38e3115381e5a19
Author: Masud Hasan <mashasan@cisco.com>
Date: Mon Apr 18 08:22:53 2022 -0400
netflow: Framework for netflow V5 and V9 events
Tom Peters (thopeter) [Thu, 21 Apr 2022 16:14:16 +0000 (16:14 +0000)]
Pull request #3360: mime: handle MIME header lines split between inspection sections and improve folded header line processing
Merge in SNORT/snort3 from ~KATHARVE/snort3:mime_header_parsing_copy to master
Squashed commit of the following:
commit
37fe918d4680d3c0528937889fa7a73f1a650db8
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Mar 28 10:48:51 2022 -0400
mime: handle MIME header lines split between inspection sections and improve folded header line processing
Mike Stepanek (mstepane) [Thu, 21 Apr 2022 15:59:14 +0000 (15:59 +0000)]
Pull request #3386: events: add action logging to the event
Merge in SNORT/snort3 from ~VHORBATO/snort3:events_upd to master
Squashed commit of the following:
commit
68bc9987e0c57edc1aae1bb18fb88a29529d1ca7
Author: Vitalii <vhorbato@cisco.com>
Date: Sun Apr 3 13:45:25 2022 +0300
events: add action logging to the event
packet_io: add rewrite action logging
Mike Stepanek (mstepane) [Thu, 21 Apr 2022 15:56:36 +0000 (15:56 +0000)]
Pull request #3384: doc : Update user manual and dev_notes for default binder
Merge in SNORT/snort3 from ~VHORBAN/snort3:doc_update_default_binder_info to master
Squashed commit of the following:
commit
19a85009ceda81bf170a6b7728089f9f4f274f25
Author: Volodymyr Horban <vhorban@cisco.com>
Date: Tue Apr 19 18:07:03 2022 +0300
doc: add clarification on default bindings in developer notes and user notes
projects / thirdparty / snort3.git / log
