-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
next/105/60x/20230729/v1 #9304
next/105/60x/20230729/v1 #9304
Commits on Jul 29, 2023
-
exceptions: add master switch config option
This allows all traffic Exception Policies to be set from one configuration point. All exception policy options are available in IPS mode. Bypass, pass and auto (disabled) are also available in iDS mode Exception Policies set up individually will overwrite this setup for the given traffic exception. Task OISF#5219 (cherry picked from commit 0d92890)
Configuration menu - View commit details
-
Copy full SHA for 6a32139 - Browse repository at this point
Copy the full SHA 6a32139View commit details -
Configuration menu - View commit details
-
Copy full SHA for c3b97b4 - Browse repository at this point
Copy the full SHA c3b97b4View commit details -
defrag: clean up existing stats counters
7a044a9 removed the lines that incremented these defrag counters, but kept the entities themselves. This commit removes counters that we judge too complex to maintain, given the current state of the code, and re-adds incrementing max_hit (memcap related). Related to Task OISF#5816 (cherry picked from commit a37a88d)
Configuration menu - View commit details
-
Copy full SHA for 5e674aa - Browse repository at this point
Copy the full SHA 5e674aaView commit details -
misc: fix typos, doc, update copyright years
Updated FlowGetNew documentation, where it said NULL was only returned in case of error. (cherry picked from commit f511a4a)
Configuration menu - View commit details
-
Copy full SHA for 05ad4bd - Browse repository at this point
Copy the full SHA 05ad4bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 63b2792 - Browse repository at this point
Copy the full SHA 63b2792View commit details -
Configuration menu - View commit details
-
Copy full SHA for 82aa48f - Browse repository at this point
Copy the full SHA 82aa48fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4e067da - Browse repository at this point
Copy the full SHA 4e067daView commit details -
Configuration menu - View commit details
-
Copy full SHA for d6bfcc0 - Browse repository at this point
Copy the full SHA d6bfcc0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5116713 - Browse repository at this point
Copy the full SHA 5116713View commit details -
exception: use mix of logconfig/info/warning
Use a mix of SCLogConfig, Warning and Info. This mix works as follows: when something unnexpected for the user happens - for instance, the engine ignoring an invalid config value, we use warning. For indicating the value for the master switch, which happens only once, we use Info. For all the other cases, we use SCLogConfig. It is possible that SCLogConfig isn't showing at the moment, this is a possible bug to investigate further. Related to Bug OISF#5825 (cherry picked from commit 69311ab)
Configuration menu - View commit details
-
Copy full SHA for 298706d - Browse repository at this point
Copy the full SHA 298706dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 49ba6db - Browse repository at this point
Copy the full SHA 49ba6dbView commit details -
stream/tcp: re-enable midstream-policy usage
We were always setting it to ignore, due to bug 5825. The engine will now issue an initialization error if an invalid value is passed in the configuration file for midstream exception policy. 'pass-packet' or 'drop-packet' are never valid, as the midstream policy concerns the whole flow, not making sense for just a packet. If midstream is enabled, only two actual config values are allowed: 'ignore' and 'pass-flow', both in IDS and in IPS mode. In default mode ('auto' or if no policy is defined), midstream-policy is set to 'ignore'. All other values will lead to initialization error. In IDS mode, 'drop-flow' will also lead to initialization error. Part of Bug OISF#5825 (cherry picked from commit 69d3750)
Configuration menu - View commit details
-
Copy full SHA for c0efcbc - Browse repository at this point
Copy the full SHA c0efcbcView commit details -
exception/policy: minor code cleanup
(cherry picked from commit 479fa60)
Configuration menu - View commit details
-
Copy full SHA for 9227064 - Browse repository at this point
Copy the full SHA 9227064View commit details -
exception: fix 'auto' for master switch in IDS
If the master exception policy was set to 'auto' in IDS mode, instead of just setting the master switch to the default in this case, which is 'ignore', the engine would switch a warning saying that auto wasn't a valid config and then set the policy to ignore. This makes 'auto' work for the master switch in IDS, removes function for setting IPS option and handles the valid IDS options directly from the function that parses the master policy, as this was the only place where the function was still called. Bug OISF#6149 (cherry picked from commit feb47f9)
Configuration menu - View commit details
-
Copy full SHA for 33bd94c - Browse repository at this point
Copy the full SHA 33bd94cView commit details -
exception: fix use of master switch with default
If an exception policy wasn't set up individually, use the GetDefault function to pick one. This will check for the master switch option and handle 'auto' cases. Instead of deciding what the auto value should be when we are parsing the master switch, leave that for when some of the other policies is to be set via the master switch, when since this can change for specific exception policies - like for midstream, for instance. Update exceptions policies documentation to clarify that the default configuration in IPS when midstream is enabled is `ignore`, not `drop-flow`. Bug OISF#6169 (cherry picked from commit e306bc6)
Configuration menu - View commit details
-
Copy full SHA for bbfc445 - Browse repository at this point
Copy the full SHA bbfc445View commit details -
dcerpc: accept ALTER_CONTEXT as a valid request
So far, if only the starting request was a DCERPC request, it would be considered DCERPC traffic. Since ALTER_CONTEXT is a valid request type, it should be accepted too. Reported and patch proposed in the following Redmine ticket by InterNALXz. Bug 6191 (cherry picked from commit 8770431)
Configuration menu - View commit details
-
Copy full SHA for 9e2fb15 - Browse repository at this point
Copy the full SHA 9e2fb15View commit details