"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/upgrade/snort_upgrade.text" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

snort_upgrade.text  (snort3-3.1.28.0):snort_upgrade.text  (snort3-3.1.29.0)
--------------------------------------------------------------------- ---------------------------------------------------------------------
Snort 3 Upgrade Manual Snort 3 Upgrade Manual
--------------------------------------------------------------------- ---------------------------------------------------------------------
The Snort Team The Snort Team
Revision History Revision History
Revision 3.1.28.0 2022-04-25 10:44:39 EDT TST Revision 3.1.29.0 2022-05-04 08:06:54 EDT TST
--------------------------------------------------------------------- ---------------------------------------------------------------------
Table of Contents Table of Contents
1. Overview 1. Overview
1.1. Efficacy 1.1. Efficacy
1.2. Performance 1.2. Performance
1.3. Scalability 1.3. Scalability
skipping to change at line 809 skipping to change at line 809
--------------------------------------------------------------------- ---------------------------------------------------------------------
change -> attribute_table: 'STREAM_POLICY' ==> 'hosts: tcp_policy' change -> attribute_table: 'STREAM_POLICY' ==> 'hosts: tcp_policy'
change -> attribute_table: 'filename <file_name>' ==> 'hosts[]' change -> attribute_table: 'filename <file_name>' ==> 'hosts[]'
change -> config 'addressspace_agnostic' ==> 'packets.address_space_agnostic' change -> config 'addressspace_agnostic' ==> 'packets.address_space_agnostic'
change -> config 'checksum_mode' ==> 'network.checksum_eval' change -> config 'checksum_mode' ==> 'network.checksum_eval'
change -> config 'daq_dir' ==> 'daq.module_dirs' change -> config 'daq_dir' ==> 'daq.module_dirs'
change -> config 'detection_filter' ==> 'alerts.detection_filter_memcap' change -> config 'detection_filter' ==> 'alerts.detection_filter_memcap'
change -> config 'enable_deep_teredo_inspection' ==> 'udp.deep_teredo_inspectio n' change -> config 'enable_deep_teredo_inspection' ==> 'udp.deep_teredo_inspectio n'
change -> config 'enable_mpls_overlapping_ip' ==> 'packets.mpls_agnostic'
change -> config 'event_filter' ==> 'alerts.event_filter_memcap' change -> config 'event_filter' ==> 'alerts.event_filter_memcap'
change -> config 'max_attribute_hosts' ==> 'attribute_table.max_hosts' change -> config 'max_attribute_hosts' ==> 'attribute_table.max_hosts'
change -> config 'max_attribute_services_per_host' ==> 'attribute_table.max_ser vices_per_host' change -> config 'max_attribute_services_per_host' ==> 'attribute_table.max_ser vices_per_host'
change -> config 'nopcre' ==> 'detection.pcre_enable' change -> config 'nopcre' ==> 'detection.pcre_enable'
change -> config 'pkt_count' ==> 'packets.limit' change -> config 'pkt_count' ==> 'packets.limit'
change -> config 'rate_filter' ==> 'alerts.rate_filter_memcap' change -> config 'rate_filter' ==> 'alerts.rate_filter_memcap'
change -> config 'react' ==> 'react.page' change -> config 'react' ==> 'react.page'
change -> config 'threshold' ==> 'alerts.event_filter_memcap' change -> config 'threshold' ==> 'alerts.event_filter_memcap'
change -> converter: 'gen_id' ==> 'gid' change -> converter: 'gen_id' ==> 'gid'
change -> converter: 'sid_id' ==> 'sid' change -> converter: 'sid_id' ==> 'sid'
skipping to change at line 848 skipping to change at line 849
change -> csv: 'tcpack' ==> 'tcp_ack' change -> csv: 'tcpack' ==> 'tcp_ack'
change -> csv: 'tcpflags' ==> 'tcp_flags' change -> csv: 'tcpflags' ==> 'tcp_flags'
change -> csv: 'tcplen' ==> 'tcp_len' change -> csv: 'tcplen' ==> 'tcp_len'
change -> csv: 'tcpseq' ==> 'tcp_seq' change -> csv: 'tcpseq' ==> 'tcp_seq'
change -> csv: 'tcpwindow' ==> 'tcp_win' change -> csv: 'tcpwindow' ==> 'tcp_win'
change -> csv: 'udplength' ==> 'udp_len' change -> csv: 'udplength' ==> 'udp_len'
change -> daq: 'config daq:' ==> 'name' change -> daq: 'config daq:' ==> 'name'
change -> daq_mode: 'config daq_mode:' ==> 'mode' change -> daq_mode: 'config daq_mode:' ==> 'mode'
change -> daq_var: 'config daq_var:' ==> 'variables' change -> daq_var: 'config daq_var:' ==> 'variables'
change -> detection: 'ac' ==> 'ac_full' change -> detection: 'ac' ==> 'ac_full'
change -> detection: 'ac-banded' ==> 'ac_banded' change -> detection: 'ac-banded' ==> 'ac_full'
change -> detection: 'ac-bnfa' ==> 'ac_bnfa' change -> detection: 'ac-bnfa' ==> 'ac_bnfa'
change -> detection: 'ac-bnfa-nq' ==> 'ac_bnfa' change -> detection: 'ac-bnfa-nq' ==> 'ac_bnfa'
change -> detection: 'ac-bnfa-q' ==> 'ac_bnfa' change -> detection: 'ac-bnfa-q' ==> 'ac_bnfa'
change -> detection: 'ac-nq' ==> 'ac_full' change -> detection: 'ac-nq' ==> 'ac_full'
change -> detection: 'ac-q' ==> 'ac_full' change -> detection: 'ac-q' ==> 'ac_full'
change -> detection: 'ac-sparsebands' ==> 'ac_sparse_bands' change -> detection: 'ac-sparsebands' ==> 'ac_full'
change -> detection: 'ac-split' ==> 'ac_full' change -> detection: 'ac-split' ==> 'ac_full'
change -> detection: 'ac-split' ==> 'split_any_any' change -> detection: 'ac-split' ==> 'split_any_any'
change -> detection: 'ac-std' ==> 'ac_std' change -> detection: 'ac-std' ==> 'ac_full'
change -> detection: 'acs' ==> 'ac_sparse' change -> detection: 'acs' ==> 'ac_full'
change -> detection: 'bleedover-port-limit' ==> 'bleedover_port_limit' change -> detection: 'bleedover-port-limit' ==> 'bleedover_port_limit'
change -> detection: 'debug-print-fast-pattern' ==> 'show_fast_patterns' change -> detection: 'debug-print-fast-pattern' ==> 'show_fast_patterns'
change -> detection: 'intel-cpm' ==> 'hyperscan' change -> detection: 'intel-cpm' ==> 'hyperscan'
change -> detection: 'lowmem-nq' ==> 'lowmem' change -> detection: 'lowmem-nq' ==> 'lowmem'
change -> detection: 'lowmem-q' ==> 'lowmem' change -> detection: 'lowmem-q' ==> 'lowmem'
change -> detection: 'max-pattern-len' ==> 'max_pattern_len' change -> detection: 'max-pattern-len' ==> 'max_pattern_len'
change -> detection: 'no_stream_inserts' ==> 'detect_raw_tcp' change -> detection: 'no_stream_inserts' ==> 'detect_raw_tcp'
change -> detection: 'search-method' ==> 'search_method' change -> detection: 'search-method' ==> 'search_method'
change -> detection: 'search-optimize' ==> 'search_optimize'
change -> detection: 'split-any-any' ==> 'split_any_any = true by default' change -> detection: 'split-any-any' ==> 'split_any_any = true by default'
change -> detection: 'split-any-any' ==> 'split_any_any' change -> detection: 'split-any-any' ==> 'split_any_any'
change -> dnp3: 'ports' ==> 'bindings' change -> dnp3: 'ports' ==> 'bindings'
change -> dns: 'ports' ==> 'bindings' change -> dns: 'ports' ==> 'bindings'
change -> dynamicdetection ==> 'snort.--plugin_path=<path>' change -> dynamicdetection ==> 'snort.--plugin_path=<path>'
change -> dynamicengine ==> 'snort.--plugin_path=<path>' change -> dynamicengine ==> 'snort.--plugin_path=<path>'
change -> dynamicpreprocessor ==> 'snort.--plugin_path=<path>' change -> dynamicpreprocessor ==> 'snort.--plugin_path=<path>'
change -> dynamicsidechannel ==> 'snort.--plugin_path=<path>' change -> dynamicsidechannel ==> 'snort.--plugin_path=<path>'
change -> event_filter: 'gen_id' ==> 'gid' change -> event_filter: 'gen_id' ==> 'gid'
change -> event_filter: 'sig_id' ==> 'sid' change -> event_filter: 'sig_id' ==> 'sid'
skipping to change at line 945 skipping to change at line 945
change -> preprocessor 'normalize_icmp6' ==> 'normalize.icmp6' change -> preprocessor 'normalize_icmp6' ==> 'normalize.icmp6'
change -> preprocessor 'normalize_ip6' ==> 'normalize.ip6' change -> preprocessor 'normalize_ip6' ==> 'normalize.ip6'
change -> profile: 'print' ==> 'count' change -> profile: 'print' ==> 'count'
change -> profile: 'sort avg_ticks' ==> 'sort = avg_check' change -> profile: 'sort avg_ticks' ==> 'sort = avg_check'
change -> profile: 'sort total_ticks' ==> 'sort = total_time' change -> profile: 'sort total_ticks' ==> 'sort = total_time'
change -> rate_filter: 'gen_id' ==> 'gid' change -> rate_filter: 'gen_id' ==> 'gid'
change -> rate_filter: 'sig_id' ==> 'sid' change -> rate_filter: 'sig_id' ==> 'sid'
change -> reputation: 'shared_mem' ==> 'list_dir' change -> reputation: 'shared_mem' ==> 'list_dir'
change -> sfportscan: 'proto' ==> 'protos' change -> sfportscan: 'proto' ==> 'protos'
change -> sfportscan: 'scan_type' ==> 'scan_types' change -> sfportscan: 'scan_type' ==> 'scan_types'
change -> sip: 'max_requestName_len' ==> 'max_request_name_len'
change -> sip: 'ports' ==> 'bindings' change -> sip: 'ports' ==> 'bindings'
change -> smtp: 'ports' ==> 'bindings' change -> smtp: 'ports' ==> 'bindings'
change -> ssh: 'server_ports' ==> 'bindings' change -> ssh: 'server_ports' ==> 'bindings'
change -> ssl: 'ports' ==> 'bindings' change -> ssl: 'ports' ==> 'bindings'
change -> stream5_global: 'max_active_responses' ==> 'max_responses' change -> stream5_global: 'max_active_responses' ==> 'max_responses'
change -> stream5_global: 'min_response_seconds' ==> 'min_interval' change -> stream5_global: 'min_response_seconds' ==> 'min_interval'
change -> stream5_global: 'tcp_cache_nominal_timeout' ==> 'idle_timeout' change -> stream5_global: 'tcp_cache_nominal_timeout' ==> 'idle_timeout'
change -> stream5_global: 'udp_cache_nominal_timeout' ==> 'idle_timeout' change -> stream5_global: 'udp_cache_nominal_timeout' ==> 'idle_timeout'
change -> stream5_ha: 'min_session_lifetime' ==> 'min_age' change -> stream5_ha: 'min_session_lifetime' ==> 'min_age'
change -> stream5_ha: 'min_sync_interval' ==> 'min_sync' change -> stream5_ha: 'min_sync_interval' ==> 'min_sync'
skipping to change at line 1010 skipping to change at line 1011
deleted -> attribute_table: '<STREAM_POLICY>noack</STREAM_POLICY>' deleted -> attribute_table: '<STREAM_POLICY>noack</STREAM_POLICY>'
deleted -> attribute_table: '<STREAM_POLICY>unknown</STREAM_POLICY>' deleted -> attribute_table: '<STREAM_POLICY>unknown</STREAM_POLICY>'
deleted -> config 'cs_dir' deleted -> config 'cs_dir'
deleted -> config 'decode_data_link' deleted -> config 'decode_data_link'
deleted -> config 'disable_attribute_reload_thread' deleted -> config 'disable_attribute_reload_thread'
deleted -> config 'disable_decode_alerts' deleted -> config 'disable_decode_alerts'
deleted -> config 'disable_decode_drops' deleted -> config 'disable_decode_drops'
deleted -> config 'disable_inline_init_failopen' deleted -> config 'disable_inline_init_failopen'
deleted -> config 'disable_ipopt_alerts' deleted -> config 'disable_ipopt_alerts'
deleted -> config 'disable_ipopt_drops' deleted -> config 'disable_ipopt_drops'
deleted -> config 'disable_replace'
deleted -> config 'disable_tcpopt_alerts' deleted -> config 'disable_tcpopt_alerts'
deleted -> config 'disable_tcpopt_drops' deleted -> config 'disable_tcpopt_drops'
deleted -> config 'disable_tcpopt_experimental_alerts' deleted -> config 'disable_tcpopt_experimental_alerts'
deleted -> config 'disable_tcpopt_experimental_drops' deleted -> config 'disable_tcpopt_experimental_drops'
deleted -> config 'disable_tcpopt_obsolete_alerts' deleted -> config 'disable_tcpopt_obsolete_alerts'
deleted -> config 'disable_tcpopt_obsolete_drops' deleted -> config 'disable_tcpopt_obsolete_drops'
deleted -> config 'disable_tcpopt_ttcp_alerts' deleted -> config 'disable_tcpopt_ttcp_alerts'
deleted -> config 'disable_ttcp_alerts' deleted -> config 'disable_ttcp_alerts'
deleted -> config 'disable_ttcp_drops' deleted -> config 'disable_ttcp_drops'
deleted -> config 'dump_dynamic_rules_path' deleted -> config 'dump_dynamic_rules_path'
deleted -> config 'dynamicoutput' deleted -> config 'dynamicoutput'
deleted -> config 'enable_decode_drops' deleted -> config 'enable_decode_drops'
deleted -> config 'enable_decode_oversized_alerts' deleted -> config 'enable_decode_oversized_alerts'
deleted -> config 'enable_decode_oversized_drops' deleted -> config 'enable_decode_oversized_drops'
deleted -> config 'enable_gtp' deleted -> config 'enable_gtp'
deleted -> config 'enable_ipopt_drops' deleted -> config 'enable_ipopt_drops'
deleted -> config 'enable_mpls_multicast'
deleted -> config 'enable_tcpopt_drops' deleted -> config 'enable_tcpopt_drops'
deleted -> config 'enable_tcpopt_experimental_drops' deleted -> config 'enable_tcpopt_experimental_drops'
deleted -> config 'enable_tcpopt_obsolete_drops' deleted -> config 'enable_tcpopt_obsolete_drops'
deleted -> config 'enable_tcpopt_ttcp_drops' deleted -> config 'enable_tcpopt_ttcp_drops'
deleted -> config 'enable_ttcp_drops' deleted -> config 'enable_ttcp_drops'
deleted -> config 'flexresp2_attempts' deleted -> config 'flexresp2_attempts'
deleted -> config 'flexresp2_interface' deleted -> config 'flexresp2_interface'
deleted -> config 'flexresp2_memcap' deleted -> config 'flexresp2_memcap'
deleted -> config 'flexresp2_rows' deleted -> config 'flexresp2_rows'
deleted -> config 'flowbits_size' deleted -> config 'flowbits_size'
skipping to change at line 1047 skipping to change at line 1050
deleted -> config 'interface' deleted -> config 'interface'
deleted -> config 'layer2resets' deleted -> config 'layer2resets'
deleted -> config 'log_ipv6_extra_data' deleted -> config 'log_ipv6_extra_data'
deleted -> config 'no_promisc' deleted -> config 'no_promisc'
deleted -> config 'nolog' deleted -> config 'nolog'
deleted -> config 'protected_content' deleted -> config 'protected_content'
deleted -> config 'sfalert_unified2' deleted -> config 'sfalert_unified2'
deleted -> config 'sflog_unified2' deleted -> config 'sflog_unified2'
deleted -> config 'sidechannel' deleted -> config 'sidechannel'
deleted -> config 'so_rule_memcap' deleted -> config 'so_rule_memcap'
deleted -> config 'stateful'
deleted -> csv: '<filename> can no longer be specific' deleted -> csv: '<filename> can no longer be specific'
deleted -> csv: 'default' deleted -> csv: 'default'
deleted -> csv: 'trheader' deleted -> csv: 'trheader'
deleted -> detection: 'mwm' deleted -> detection: 'mwm'
deleted -> detection: 'search-optimize is always true'
deleted -> dnp3: 'disabled' deleted -> dnp3: 'disabled'
deleted -> dnp3: 'memcap' deleted -> dnp3: 'memcap'
deleted -> dns: 'enable_experimental_types' deleted -> dns: 'enable_experimental_types'
deleted -> dns: 'enable_obsolete_types' deleted -> dns: 'enable_obsolete_types'
deleted -> dns: 'enable_rdata_overflow' deleted -> dns: 'enable_rdata_overflow'
deleted -> event_trace: 'file' deleted -> event_trace: 'file'
deleted -> fast: '<filename> can no longer be specific' deleted -> fast: '<filename> can no longer be specific'
deleted -> frag3_engine: 'detect_anomalies' deleted -> frag3_engine: 'detect_anomalies'
deleted -> frag3_global: 'disabled' deleted -> frag3_global: 'disabled'
deleted -> ftp_telnet_protocol: 'detect_anomalies' deleted -> ftp_telnet_protocol: 'detect_anomalies'
deleted -> full: '<filename> can no longer be specific' deleted -> full: '<filename> can no longer be specific'
deleted -> http_inspect: 'detect_anomalous_servers' deleted -> http_inspect: 'detect_anomalous_servers'
deleted -> http_inspect: 'disabled' deleted -> http_inspect: 'disabled'
deleted -> http_inspect: 'fast_blocking'
deleted -> http_inspect: 'normalize_random_nulls_in_text'
deleted -> http_inspect: 'proxy_alert' deleted -> http_inspect: 'proxy_alert'
deleted -> http_inspect_server: 'allow_proxy_use' deleted -> http_inspect_server: 'allow_proxy_use'
deleted -> http_inspect_server: 'enable_cookie' deleted -> http_inspect_server: 'enable_cookie'
deleted -> http_inspect_server: 'enable_xff' deleted -> http_inspect_server: 'enable_xff'
deleted -> http_inspect_server: 'extended_ascii_uri' deleted -> http_inspect_server: 'extended_ascii_uri'
deleted -> http_inspect_server: 'extended_response_inspection' deleted -> http_inspect_server: 'extended_response_inspection'
deleted -> http_inspect_server: 'iis_unicode_map not allowed in sever' deleted -> http_inspect_server: 'iis_unicode_map not allowed in sever'
deleted -> http_inspect_server: 'inspect_uri_only' deleted -> http_inspect_server: 'inspect_uri_only'
deleted -> http_inspect_server: 'log_hostname' deleted -> http_inspect_server: 'log_hostname'
deleted -> http_inspect_server: 'log_uri' deleted -> http_inspect_server: 'log_uri'
skipping to change at line 1141 skipping to change at line 1148
deleted -> stream5_global: 'flush_on_alert' deleted -> stream5_global: 'flush_on_alert'
deleted -> stream5_global: 'memcap' deleted -> stream5_global: 'memcap'
deleted -> stream5_global: 'no_midstream_drop_alerts' deleted -> stream5_global: 'no_midstream_drop_alerts'
deleted -> stream5_tcp: 'check_session_hijacking' deleted -> stream5_tcp: 'check_session_hijacking'
deleted -> stream5_tcp: 'detect_anomalies' deleted -> stream5_tcp: 'detect_anomalies'
deleted -> stream5_tcp: 'dont_store_large_packets' deleted -> stream5_tcp: 'dont_store_large_packets'
deleted -> stream5_tcp: 'ignore_any_rules' deleted -> stream5_tcp: 'ignore_any_rules'
deleted -> stream5_tcp: 'log_asymmetric_traffic' deleted -> stream5_tcp: 'log_asymmetric_traffic'
deleted -> stream5_tcp: 'policy noack' deleted -> stream5_tcp: 'policy noack'
deleted -> stream5_tcp: 'policy unknown' deleted -> stream5_tcp: 'policy unknown'
deleted -> stream5_tcp: 'use_static_footprint_sizes'
deleted -> stream5_udp: 'ignore_any_rules' deleted -> stream5_udp: 'ignore_any_rules'
deleted -> tcpdump: '<filename> can no longer be specific' deleted -> tcpdump: '<filename> can no longer be specific'
deleted -> test: 'file' deleted -> test: 'file'
deleted -> test: 'stdout' deleted -> test: 'stdout'
deleted -> unified2: 'filename' deleted -> unified2: 'filename'
deleted -> unified2: 'mpls_event_types' deleted -> unified2: 'mpls_event_types'
deleted -> unified2: 'vlan_event_types' deleted -> unified2: 'vlan_event_types'
 End of changes. 13 change blocks. 
6 lines changed or deleted 14 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)