Monday, October 31, 2016

Snort++ Build 217 Available Now on Snort.org!

Snort++ build 217 is now available on snort.org.  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

DAQ Changes:

  • updated DAQ - you *must* use DAQ 2.2.1
  • build: remove lingering libDAQ #ifdefs
  • expected: push expected flow information through the DAQ module
  • add libDAQ version to snort -V output

Enhancements:

  • add inspector events from http_inspect to appid
  • add build configuration for thread sanitizer
  • added module trace facility
  • add support http file upload processing and process decode/detection depths
  • add rev to rule latency logs


  • port dce_udp fragments
  • port block malware over ftp for clients/servers that support REST command
  • port dce_udp packet processing
  • port sip changes to avoid using NAT ip when calculating callid
  • port dce_udp autodetect and session creation
  • update appid to 2983

Bug Fixes:

  • fix appid error messages
  • fix flow reinitialization after expiration
  • fix release of blocked flow
  • fix 129:16 false positive
  • fix various unit test leaks
  • fix -Wmaybe-uninitialized issues
  • fix related to appid name with space and SSL position
  • fix various appid patterns and counts
  • fix fast pattern selection
  • fix file hash pruning issue
  • fix rate_filter action config and apply_to clean up
  • fix static analysis issues
  • fix analyzer/pig race condition
  • fix explicit obfuscation disable not working
  • fix ftp_data: Gracefully handle cleared flow data
  • fix LuaJIT rule option memory leak of plugin name
  • fix various appid issues - initial port is nearing completion
  • fix http_inspect event 119:66
  • fix ac_full initialization performance
  • fix stream_tcp left overlap on hpux, solaris
  • fix/remove 129:5 ("bad segment") events
  • file_mempool: fix initializing total pool size
  • fix bpf includes
  • fix builds for OpenSolaris

Other Changes:

  • build: clean up some ICC warnings
  • change search_engine.debug_print_fast_pattern to show_fast_patterns
  • overhaul appid for multiple threads, memory leaks, and coding style
  • expected: expected cache revamp and related bugfixes
  • ftp_data: add expected data consumption to set service name and fix bugs
  • defaults: update FTP default config based on Snort2's hardcoded one
  • rename default_snort_manual.* to snort_manual.*
  • build docs only by explicit target (make html|pdf|text)
  • update default manuals to build 213
  • tolerate more spaces in ip lists
  • change default latency actions to none
  • deleted non-functional extra decoder for i4l_rawip

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team