"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/ChangeLog" (30 Oct 2020, 959832 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 2.9.16.1_vs_2.9.17.

    1 2020-10-30 Divakar Y <divakyad@cisco.com>
    2 snort 2.9.17
    3 
    4 	* src/preprocessors/Stream6/snort_stream_tcp.c,
    5 	  src/preprocessors/spp_stream6.c :
    6 	  Fixed Memory leak in reassembly networks and ports config during reload.
    7 
    8 	* src/file-process/file_resume_block.c,
    9 	  src/file-process/file_service.c,
   10 	  src/file-process/file_lib.c,
   11 	  src/file-process/file_lib.h :
   12 	  Fixed resume-block for SMBv2 partial content retry and pending verdicts.
   13 	
   14 	* src/win32/WIN32-Prj/snort_installer.nsi : 
   15 	  Added user visible message to choose 4.1.1 or any higher version of winpcap, in windows 32 installer.
   16 
   17 	* src/win32/WIN32-Prj/snort_installer_x64.nsi,
   18 	  src/win32/WIN32-Prj/snort_installer.nsi : 
   19 	  Fixed popup message that was not honoring windows silent uninstaller option.
   20 
   21 	* src/preprocessors/snort_httpinspect.c : 
   22 	  Fix to populate original client IP for drop events, when inline normalization is disabled.
   23 
   24 	* src/dynamic-preprocessors/appid/luaDetectorApi.c :
   25 	  Fixed AppID caching proxy IP instead of tunneled IP in the dynamic cache during ultrasurf traffic. 
   26 
   27 	* src/detection-plugins/sp_react.c,
   28 	  src/dynamic-preprocessors/sdf/spp_sdf.c,
   29 	  src/parser.c,
   30 	  src/preprocessors/Stream6/snort_stream_tcp.c,
   31 	  tools/u2streamer/Unified2File.c, 
   32 	  src/dynamic-preprocessors/appid/luaDetectorApi.c,
   33 	  src/dynamic-preprocessors/appid/appInfoTable.c,
   34 	  snort/src/dynamic-plugins/sf_dynamic_plugins.c,
   35 	  src/memory_stats.c,
   36 	  src/sfutil/sfportobject.c,
   37 	  src/snort.h :
   38 	  Fixed multiple static analysis issues.
   39 
   40 	* src/dynamic-preprocessors/appid/appInfoTable.c :
   41 	  Fixed a potential race condition. 
   42 
   43 	* configure.in,
   44 	  src/reload.c :
   45 	  Fix to not rely on the last-modified-time for loading the dynamic detection libs.
   46 
   47 	* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c,
   48 	  src/file-process/file_capture.c,
   49 	  src/file-process/file_resume_block.c,
   50 	  src/file-process/file_segment_process.c,
   51 	  src/file-process/file_service.c : 
   52 	  Added debug messages in file-process packet flow.
   53 
   54 	* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c :
   55 	  Fix to address cases of ambiguous codes between SMTP & FTP and when SMTP server does not support EHLO.
   56 
   57 	* src/file-process/file_segment_process.c : 
   58 	  Fixed issue of generating multiple events for a single file transfer over SMB.
   59 
   60 	* src/dynamic-preprocessors/appid/appIdConfig.h,
   61 	  src/dynamic-preprocessors/appid/appInfoTable.c,
   62 	  src/dynamic-preprocessors/appid/appInfoTable.h,
   63 	  src/dynamic-preprocessors/appid/flow.h,
   64 	  src/dynamic-preprocessors/appid/fw_appid.c,
   65 	  src/dynamic-preprocessors/appid/flow.h : 
   66 	  Fixed false positives for ultrasurf.
   67 
   68 	* src/dynamic-preprocessors/sip/spp_sip.c :
   69 	  Fixed SIP pre-processor to detect SSL encrypted SIP traffic better.
   70 
   71 	* src/dynamic-preprocessors/appid/luaDetectorApi.c,
   72 	  etc/gen-msg.map,
   73 	  preproc_rules/preprocessor.rules,
   74 	  src/file-process/file_service.c,
   75 	  src/generators.h,
   76 	  src/preprocessors/HttpInspect/client/hi_client.c,
   77 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
   78 	  src/preprocessors/HttpInspect/include/hi_client.h,
   79 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
   80 	  src/preprocessors/HttpInspect/include/hi_server.h,
   81 	  src/preprocessors/HttpInspect/server/hi_server.c,
   82 	  src/preprocessors/snort_httpinspect.c,
   83 	  src/preprocessors/snort_httpinspect.h : 
   84 	  Added support for HTTP range field parsing to detect if HTTP response/request is indeed partial or full content.
   85 
   86 	* src/preprocessors/spp_session.c :
   87 	  Fixed TCP memcap oversize.
   88 
   89 	* src/dynamic-preprocessors/dcerpc2/dce2_stats.h,
   90 	  src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
   91 	  src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
   92 	  src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
   93 	  src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
   94 	  src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
   95 	  src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.h,
   96 	  src/preprocessors/HttpInspect/client/hi_client.c,
   97 	  src/preprocessors/HttpInspect/client/hi_client_norm.c,
   98 	  src/preprocessors/HttpInspect/include/hi_include.h,
   99 	  src/preprocessors/HttpInspect/include/hi_paf.h,
  100 	  src/preprocessors/HttpInspect/utils/hi_paf.c,
  101 	  src/preprocessors/Stream6/snort_stream_icmp.c,
  102 	  src/preprocessors/Stream6/snort_stream_icmp.h,
  103 	  src/preprocessors/Stream6/snort_stream_ip.c,
  104 	  src/preprocessors/Stream6/snort_stream_ip.h,
  105 	  src/preprocessors/Stream6/snort_stream_tcp.c,
  106 	  src/preprocessors/Stream6/snort_stream_tcp.h,
  107 	  src/preprocessors/Stream6/snort_stream_udp.c,
  108 	  src/preprocessors/Stream6/snort_stream_udp.h,
  109 	  src/preprocessors/Stream6/stream_common.h,
  110 	  src/preprocessors/snort_httpinspect.c,
  111 	  src/preprocessors/snort_httpinspect.h,
  112 	  src/preprocessors/spp_httpinspect.c,
  113 	  src/preprocessors/spp_httpinspect.h,
  114 	  src/preprocessors/spp_stream6.c, 
  115 	  src/dynamic-preprocessors/appid/fw_appid.c,
  116 	  src/dynamic-preprocessors/appid/fw_appid.h,
  117 	  src/dynamic-preprocessors/appid/spp_appid.c : 
  118 	  Enhanced statistics dumped during snort exit and SIGUSR1.
  119 
  120 	* src/dynamic-preprocessors/imap/imap_paf.c,
  121 	  src/dynamic-preprocessors/imap/snort_imap.h,
  122 	  src/dynamic-preprocessors/pop/pop_paf.c,
  123 	  src/dynamic-preprocessors/pop/snort_pop.h,
  124 	  src/dynamic-preprocessors/sip/spp_sip.h,
  125 	  src/dynamic-preprocessors/smtp/smtp_paf.c,
  126 	  src/dynamic-preprocessors/smtp/snort_smtp.h,
  127 	  src/dynamic-preprocessors/appid/flow.h,
  128 	  src/dynamic-preprocessors/appid/service_plugins/service_ssl.c,
  129 	  src/dynamic-preprocessors/dcerpc2/dce2_list.h,
  130 	  src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
  131 	  src/file-process/file_segment_process.h,
  132 	  src/file-process/libs/file_lib.h,
  133 	  src/preprocessors/sip_common.h,
  134 	  src/preprocessors/snort_httpinspect.h : 
  135 	  Optimized structures in several preprocessors.
  136 
  137 	* src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
  138 	  src/dynamic-preprocessors/dcerpc2/dce2_smb.h
  139 	  src/file-process/file_service.c :
  140 	  Fixed SMBv1 file block for pending verdict retry packets.
  141 
  142 	* src/dynamic-preprocessors/dcerpc2/dce2_smb.c : 
  143 	  Fixed SMBv1 unknown file size upload block.
  144 	
  145 	* src/detect.c,
  146 	  src/detect.h,
  147 	  src/parser.c,
  148 	  src/parser.h,
  149 	  src/preprocessors/Session/session_common.h,
  150 	  src/preprocessors/Stream6/snort_stream_udp.c,
  151 	  src/preprocessors/Stream6/snort_stream_udp.h,
  152 	  src/preprocessors/spp_stream6.c,
  153 	  src/preprocessors/Stream6/stream_common.c,
  154 	  src/preprocessors/Stream6/stream_common.h,
  155 	  src/preprocessors/spp_stream6.c,
  156 	  src/reload.c,
  157 	  src/snort.c,
  158 	  src/snort.h :
  159 	  Fixed incorrect filtering of UDP traffic when "ignore_any_rules" is configured.
  160 	
  161 	* src/detection-plugins/sp_session.c,
  162 	  src/detection-plugins/sp_session.h,
  163 	  src/sfutil/util_jsnorm.c : 
  164 	  Fixed GCC 10.1.1 compilation issues.
  165 	
  166 	* src/decode.c,
  167 	  src/decode.h,
  168 	  src/log_text.c,
  169 	  src/log.c,
  170 	  src/preprocessors/Stream6/snort_stream_tcp.c :
  171 	  Added support to detect TCP Fast Open packets. 
  172 
  173 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  174 	  Fixed TCP segment queue hole issue as per the RFC793 recommendation for OOO Ack packet handling.
  175 	
  176 	* src/detection-plugins/detection_leaf_node.c,
  177 	  src/detection-plugins/detection_options.c,
  178 	  src/dynamic-preprocessors/appid/appInfoTable.c,
  179 	  src/dynamic-preprocessors/appid/fw_appid.c,
  180 	  src/dynamic-preprocessors/appid/service_plugins/service_base.c,
  181 	  src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
  182 	  src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
  183 	  src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
  184 	  src/dynamic-preprocessors/appid/service_plugins/service_rshell.c,
  185 	  src/dynamic-preprocessors/appid/service_plugins/service_snmp.c,
  186 	  src/dynamic-preprocessors/appid/service_plugins/service_tftp.c,
  187 	  src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
  188 	  src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
  189 	  src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
  190 	  src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
  191 	  src/fpcreate.c,
  192 	  src/parser.c,
  193 	  src/preprocessors/Session/session_common.h,
  194 	  src/preprocessors/spp_session.c,
  195 	  src/reload.c,
  196 	  src/snort.c :
  197 	  Fixed build when some configure options were disabled.
  198 
  199 	* src/detection-plugins/sp_byte_math.c :
  200 	  Fixed byte_math operation for multiplication integer overflow.
  201 
  202 	* src/dynamic-preprocessors/appid/appId.h,
  203 	  src/dynamic-preprocessors/appid/service_plugins/service_ssl.c : 
  204 	  Fix to include 853 port in SSL detector for DNS over TLS runs on SSL.
  205 
  206 	* src/dynamic-plugins/sf_dynamic_plugins.c,
  207 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
  208 	  src/dynamic-preprocessors/appid/Makefile_defs,
  209 	  src/dynamic-preprocessors/appid/luaDetectorApi.c,
  210 	  src/dynamic-preprocessors/appid/util/common_util.h : 
  211 	  Fix for excessive logging of lua detector invalid LUA (null).
  212 
  213 	* snort/src/detection-plugins/sp_byte_check.c,
  214 	  src/detection-plugins/sp_byte_extract.c,
  215 	  src/detection-plugins/sp_byte_jump.c, 
  216 	  src/detection-plugins/sp_byte_math.c,
  217 	  src/detection-plugins/sp_byte_math.h,
  218 	  src/detection-plugins/sp_isdataat.c,
  219 	  src/detection-plugins/sp_pattern_match.c : 
  220 	  Added support for allowing common names across rule options.
  221 
  222 	* src/memory_stats.c :
  223 	  Removed a redundant log.
  224 
  225 	* spp_sip.c :
  226 	  Fixed handling encrypted traffic by SIP preprocessor.
  227 	
  228 	* snort/configure.in,
  229 	  snort/doc/README.s7commplus,
  230 	  snort/etc/sf_rule_options,
  231 	  snort/etc/sf_rule_validation.conf,
  232 	  snort/src/dynamic-preprocessors/Makefile.am,
  233 	  snort/src/dynamic-preprocessors/s7commplus/Makefile.am,
  234 	  snort/src/dynamic-preprocessors/s7commplus/s7comm_decode.c,
  235 	  snort/src/dynamic-preprocessors/s7commplus/s7comm_decode.h,
  236 	  snort/src/dynamic-preprocessors/s7commplus/s7comm_paf.c,
  237 	  snort/src/dynamic-preprocessors/s7commplus/s7comm_paf.h,
  238 	  snort/src/dynamic-preprocessors/s7commplus/s7comm_roptions.c,
  239 	  snort/src/dynamic-preprocessors/s7commplus/s7comm_roptions.h,
  240 	  snort/src/dynamic-preprocessors/s7commplus/spp_s7comm.c,
  241 	  snort/src/dynamic-preprocessors/s7commplus/spp_s7comm.h,
  242 	  snort/src/generators.h,
  243 	  snort/src/preprocids.h :
  244 	  Added support for s7Commplus protocol.
  245 
  246 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  247 	  Fixed out of order FIN packet leading to segment trimming.
  248 
  249 	* src/output-plugins/spo_unified2.c,
  250 	  src/preprocessors/Stream6/snort_stream_tcp.c :
  251 	  Fix to populate original IP in dropped events when inline normalization is enabled.
  252 
  253 	* snort/src/sfutil/sf_ip.h :
  254 	  Fixed compiler warnings.
  255 
  256 	* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
  257 	  Fixed DNS application detector failing to detect DNS traffic in some scenarios.
  258 
  259 2020-07-24 Hariharan Chandrashekar <harchand@cisco.com>
  260 snort 2.9.16.1
  261 
  262 	* src/dynamic-preprocessors/appid/appIdConfig.h,
  263 	  src/dynamic-preprocessors/appid/appInfoTable.c,
  264 	  src/dynamic-preprocessors/appid/flow.h,
  265 	  src/dynamic-preprocessors/appid/fw_appid.c :
  266 	  Added packet counters to make sure flows with one-way data don't pend forever.
  267 
  268 	* src/detection-plugins/sp_flowbits.c,
  269 	  src/snort.c :
  270 	  Fixed potential race condition between reload and exit path.
  271 
  272 	* src/detection-plugins/sp_session.c,
  273 	  src/preprocessors/Stream6/stream_paf.h,
  274 	  src/sfutil/util_jsnorm.c :
  275 	  Added support for GCC version 10.1.1.
  276 
  277 2020-03-15 Hariharan Chandrashekar <harchand@cisco.com>
  278 snort 2.9.16
  279 
  280 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  281 	  Addressed an issue when out-of-order FIN is received by dropping it.
  282 
  283 	* src/output-plugins/spo_unified2.c,
  284 	  src/preprocessors/Stream6/snort_stream_tcp.c :
  285 	  Fixed an issue in which xtradata is not added to the alert in unified file.
  286 
  287 	* src/reload.c,
  288 	  src/snort.c :
  289 	  Fixed potential race condition between reload and exit path (main thread).
  290 
  291 	* etc/file_magic.conf :
  292 	  Updated the file magic to detect ALZ file types.
  293 
  294 	* src/sfutil/sf_ip.h :
  295 	  Added support for gcc version 9.2.1.
  296 
  297 	* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
  298 	  Fixed an issue in which APPID returns no match.
  299 
  300 	* src/dynamic-preprocessors/dcerpc2/sf_dce2.vcxproj,
  301 	  src/dynamic-preprocessors/dnp3/sf_dnp3.vcxproj,
  302 	  src/dynamic-preprocessors/dns/sf_dns.vcxproj,
  303 	  src/dynamic-preprocessors/dynamic_preprocessors.vcxproj,
  304 	  src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.vcxproj,
  305 	  src/dynamic-preprocessors/gtp/sf_gtp.vcxproj,
  306 	  src/dynamic-preprocessors/imap/sf_imap.vcxproj,
  307 	  src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.vcxproj,
  308 	  src/dynamic-preprocessors/modbus/sf_modbus.vcxproj,
  309 	  src/dynamic-preprocessors/pop/sf_pop.vcxproj,
  310 	  src/dynamic-preprocessors/reputation/sf_reputation.vcxproj,
  311 	  src/dynamic-preprocessors/sdf/sf_sdf.vcxproj,
  312 	  src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.vcxproj,
  313 	  src/dynamic-preprocessors/sip/sf_sip.vcxproj,
  314 	  src/dynamic-preprocessors/smtp/sf_smtp.vcxproj,
  315 	  src/dynamic-preprocessors/ssh/sf_ssh.vcxproj,
  316 	  src/dynamic-preprocessors/ssl/sf_ssl.vcxproj,
  317 	  src/win32/WIN32-Prj/build_all.vcxproj,
  318 	  src/win32/WIN32-Prj/sf_engine.vcxproj,
  319 	  src/win32/WIN32-Prj/sf_engine_initialize.vcxproj,
  320 	  src/win32/WIN32-Prj/snort.vcxproj,
  321 	  src/win32/WIN32-Prj/snort_initialize.vcxproj,
  322 	  src/win32/WIN32-Prj/snort_installer_x64.nsi,
  323 	  src/win32/WIN32-Prj/snort_x64.dsw,
  324 	  src/win64/WIN64-Libraries/Packet.lib,
  325 	  src/win64/WIN64-Libraries/libdnet/dnet.lib,
  326 	  src/win64/WIN64-Libraries/pcre.lib,
  327 	  src/win64/WIN64-Libraries/wpcap.lib,
  328 	  src/win64/WIN64-Libraries/zlib.lib,
  329 	  tools/u2spewfoo/u2spewfoo.vcxproj :
  330 	  Added 64-bit support for Windows 10 operating system.
  331 
  332 	* src/dynamic-preprocessors/pop/snort_pop.c :
  333 	  Fixed an issue where POP preprocessor was not generating alert in some cases.
  334 
  335 	* src/dynamic-preprocessors/gtp/gtp_parser.c :
  336 	  Fixed the alerting logic for GTP v2 with missing TEID.
  337 
  338 	* src/preprocessors/HttpInspect/utils/hi_paf.c :
  339 	  Fixed file policy not working with character prefix in chunk size.
  340 
  341 	* configure.in,
  342 	  src/reload.c,
  343 	  src/side-channel/sidechannel.c,
  344 	  src/snort.c,
  345 	  src/target-based/sftarget_reader.c,
  346 	  src/util.h :
  347 	  Added support for glibc version 2.30.
  348 
  349 	* src/decode.h,
  350 	  src/dynamic-plugins/sf_engine/sf_snort_packet.h,
  351 	  src/preprocessors/HttpInspect/utils/hi_paf.c,
  352 	  src/preprocessors/Stream6/snort_stream_tcp.c,
  353 	  src/preprocessors/Stream6/stream_paf.c,
  354 	  src/preprocessors/snort_httpinspect.c,
  355 	  src/preprocessors/snort_httpinspect.h,
  356 	  src/preprocessors/stream_api.h :
  357 	  Added support for early inspection of HTTP payload before flushing in pre-ack mode.
  358 
  359 	* src/file-process/file_api.h,
  360 	  src/file-process/file_service.c,
  361 	  src/preprocessors/HttpInspect/include/hi_norm.h,
  362 	  src/preprocessors/HttpInspect/include/hi_ui_config.h,
  363 	  src/preprocessors/HttpInspect/server/hi_server_norm.c,
  364 	  src/preprocessors/snort_httpinspect.c :
  365 	  Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8.
  366 
  367 2019-12-15 Hariharan Chandrashekar <harchand@cisco.com>
  368 snort 2.9.15.1
  369 
  370 	* src/file-process/file_ss.c :
  371 	  Fixed the right order of precedence. Thanks to David Binderman for reporting this.
  372 
  373 	* src/dynamic-preprocessors/ssl_common/ssl_config.c :
  374 	  Fixed snort core seen during ssl re-configuration.
  375 
  376 	* src/fpdetect.c,
  377 	  src/log_text.c, src/profiler.h :
  378 	  Fixed compiler warnings.
  379 
  380 	* src/file-process/file_segment_process.c :
  381 	  Fixed file access issues on files from SMB share.
  382 
  383 	* configure.in,
  384 	  src/reload.c, src/side-channel/sidechannel.c,
  385 	  src/snort.c, src/target-based/sftarget_reader.c, src/util.h :
  386 	  Added support for glibc version 2.30.
  387 
  388 2019-10-02 Hariharan Chandrashekar <harchand@cisco.com>
  389 snort 2.9.15
  390 
  391 	* src/snort.c,
  392 	  src/control/sfcontrol.c,
  393 	  src/preprocessors/Session/stream5_ha.c,
  394 	  src/preprocessors/session_api.h,
  395 	  src/dynamic-plugins/sp_dynamic.c :
  396 	  Fixed a potential race condition.
  397 
  398 	* src/detect.c :
  399 	  Fixed static analysis issues.
  400 
  401 	* src/detect.c,
  402 	  src/detect.h,
  403 	  src/file-process/file_service.c,
  404 	  src/reload.c,
  405 	  src/sfdaq.h,
  406 	  src/snort.c,
  407 	  src/snort.h :
  408 	  Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
  409 
  410 	* src/dynamic-preprocessors/appid/fw_appid.c :
  411 	  Added NULL check before dereferencing tcp_header.
  412 
  413 	* src/file-process/libs/file_lib.h,
  414 	  src/sfdaq.h :
  415 	  Fix to make daq_pktHdr globally visible and removed the extra Packet variable from the FILE_PKT_DEBUG macro.
  416 
  417 	* snort/etc/file_magic.conf :
  418 	  Added support to detect new Korean file formats .egg and .alz to the file preprocessor.
  419 	  
  420 	* src/dynamic-preprocessors/gtp/gtp_parser.c,
  421 	  src/dynamic-preprocessors/gtp/spp_gtp.h :
  422 	  Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
  423 
  424 	* src/detect.c :
  425 	  Added a check before printing the Packet latency trace when detection is enabled or not.
  426 
  427 	* src/file-process/file_capture.c,
  428 	  src/file-process/file_mime_process.c,
  429 	  src/file-process/file_resume_block.c,
  430 	  src/file-process/file_segment_process.c,
  431 	  src/file-process/file_service.c,
  432 	  src/file-process/libs/file_lib.c,
  433 	  src/file-process/libs/file_lib.h,
  434 	  src/sfdaq.h :
  435 	  Added debug messages in file-process packet flow.
  436 
  437 	* src/dynamic-plugins/sp_dynamic.c,
  438 	  src/reload.c,
  439 	  src/reload.h,
  440 	  src/snort.c :
  441 	  Fixed dynamic rules from getting disabled after multiple reloads.
  442 
  443 	* src/pkt_tracer.c :
  444 	  Fix to print packet trace information in the direction of the packet on the wire.
  445 
  446 	* etc/file_magic.conf :
  447 	  Added new file magic to detect RAR file-type.
  448 
  449 	* src/dynamic-plugins/sf_dynamic_preprocessor.h :
  450 	  Updated preproc version.
  451 
  452 	* src/dynamic-plugins/sf_dynamic_preprocessor.h :
  453 	  Provided an API to query non-flow related information from DAQ.
  454 
  455 	* src/dynamic-plugins/sf_dynamic_plugins.c,
  456 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
  457 	  src/sfdaq.c,
  458 	  src/sfdaq.h :
  459 	  Added a generic api DAQ_Ioctl for dynamic preprocs to use for various daq clis.
  460 		  
  461 	* src/dynamic-preprocessors/appid/Makefile_defs,
  462 	  src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
  463 	  src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
  464 	  src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c,
  465 	  src/dynamic-preprocessors/appid/service_plugins/service_base.h,
  466 	  src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
  467 	  src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
  468 	  src/dynamic-preprocessors/appid/service_plugins/service_nntp.c :
  469 	  Fix to whitelist ftp data sessions when no file policy exists.
  470 
  471 	* src/dynamic-preprocessors/appid/fw_appid.c :
  472 	  Fixed -Wparentheses warning.
  473 
  474 	* src/dynamic-preprocessors/appid/fw_appid.c :
  475 	  Fixed the algorithm that triggers port only detection.
  476 
  477 	* src/preprocessors/HttpInspect/client/hi_client.c,
  478 	  src/preprocessors/HttpInspect/include/hi_paf.h,
  479 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  480 	  Fixed an issue where HTTP was wrongly processing non HTTP traffic on port 443.
  481 
  482 	* src/dynamic-preprocessors/appid/appIdConfig.h,
  483 	  src/dynamic-preprocessors/appid/fw_appid.c,
  484 	  src/dynamic-preprocessors/appid/service_plugins/service_base.c,
  485 	  src/dynamic-preprocessors/appid/service_plugins/service_base.h :
  486 	  Fixed IPS alerts generation for ICMP packets.
  487 
  488 	* src/file-process/file_resume_block.c :
  489 	  Fixed signature lookup when the context is not present.
  490 
  491 	* src/preprocessors/HttpInspect/utils/hi_paf.c :
  492 	  Added a new state to handle HTTP responses, having no status message followed by status code.
  493 
  494 	* src/dynamic-plugins/sf_dynamic_plugins.c,
  495 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
  496 	  src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
  497 	  src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h :
  498 	  Added DPD callbacks for receiving ftp transfer mode before generating file events.
  499 
  500 	* snort/etc/file_magic.conf :
  501 	  Fixed RTF file magic to a more generic value.
  502 
  503 	* src/preprocessors/spp_httpinspect.c :
  504 	  Added debug logs during HTTP Reload.
  505 
  506 	* src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c :
  507 	  Fix to bypass munmap if shmemSegptr points to zeroSegptr.
  508 
  509 	* src/parser.c :
  510 	  Added rule SID check during Snort validation.
  511 
  512 	* src/pkt_tracer.c :
  513 	  Corrected endianness representation for some of the parameters in the debug log.
  514 
  515 2019-07-26 Hariharan Chandrashekar <harchand@cisco.com>
  516 snort 2.9.14.1
  517 	* src/sfdaq.c :
  518 	  Fixed packet drop scenario.
  519 
  520 2019-04-23 Hariharan Chandrashekar <harchand@cisco.com>
  521 Snort 2.9.14.0
  522 	All files: updated copyright to 2019.
  523 
  524 	* src/build.h : updating build number to 15003.
  525 	
  526 	* src/dynamic-preprocessors/appid/fw_appid.c :
  527 	  Fix to block https traffic going through proxy.
  528 
  529 	* src/dynamic-preprocessors/appid/fw_appid.c :
  530 	  Reset navl packet counters when shifting to new req/resp.
  531 
  532 	* src/file-process/file_ss.c :
  533 	  Fixed enabling side channel during some race conditions.
  534 
  535 	* src/appIdApi.h,
  536 	  src/dynamic-preprocessors/appid/detector_plugins/detector_http.c,
  537 	  src/dynamic-preprocessors/appid/fw_appid.c,
  538 	  src/dynamic-preprocessors/appid/thirdparty_appid_types.h :
  539 	  Improving appId detection for proxied traffic.
  540 
  541 	* src/control/sfcontrol.c,
  542 	  src/preprocessors/spp_httpinspect.c,
  543 	  src/detection-plugins/sp_isdataat.c,
  544 	  src/detection-plugins/sp_isdataat.h,
  545 	  src/preprocessors/HttpInspect/include/hi_eo_log.h,
  546 	  src/dynamic-preprocessors/appid/luaDetectorModule.c,
  547 	  src/dynamic-preprocessors/appid/detector_plugins/detector_cip.c,
  548 	  src/file-process/file_resume_block.c,
  549 	  src/file-process/file_service.h,
  550 	  src/file-process/file_service_config.c,
  551 	  src/file-process/file_ss.c,
  552 	  src/file-process/file_ss.h,
  553 	  src/file-process/libs/file_config.h,
  554 	  src/reload.c,
  555 	  src/snort.c :
  556 	  Fixed potential race conditions across snort code base.
  557 
  558 	* src/dynamic-preprocessors/appid/hostPortAppCache.c :
  559 	  Added support for wild card port numbers in host cache and overwriting port service AppId.
  560 
  561 	* src/preprocessors/HttpInspect/utils/hi_paf.c :
  562 	  Fixed the chunk extensions parsing in the HTTP responses leading to the correct construction of the PDU.	
  563 
  564 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  565 	  Fixed missing inspection for out of order HTTP flows.
  566 
  567 	* src/dynamic-preprocessors/appid/appInfoTable.c :
  568 	  Allow spaces in appid.conf and userappid.conf.
  569 
  570 	* src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c :
  571 	  Added support for new STLS client patterns to help better detect POP3S over SSL.
  572 
  573 	* src/dynamic-preprocessors/dcerpc2/dce2_smb2.c,
  574 	  src/file-process/file_segment_process.c :
  575 	  Fixed decrement of segment_mem_in_use counter when no pruning is done.
  576 
  577 	* doc/README.http_inspect,
  578 	  etc/gen-msg.map,
  579 	  preproc_rules/preprocessor.rules,
  580 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
  581 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
  582 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  583 	  Fixed HTTP issue caused due to invalid versions.
  584 
  585 	* src/parser.c :
  586 	  Fixed static analysis issues.
  587 
  588 	* src/decode.c :
  589 	  Removed Duplicate length checks when decoding IPv6 Extensions.
  590 
  591 	* src/preprocessors/sfprocpidstats.c :
  592 	  Changed the sfprocpidstat to calculate CPU statistics when --suppress-config-log option is not supplied.
  593 
  594 	* src/file-process/libs/file_lib.h :
  595 	  Reset the max file id's default value.
  596 
  597 	* src/dynamic-preprocessors/appid/appId_ss.c,
  598 	  src/dynamic-preprocessors/appid/appInfoTable.c :
  599 	  Logging the aggressiveness setting for BitTorrent, Ultrasurf, Psiphon & fixing paranthesis in 'If' condition.
  600 
  601 	* src/dynamic-preprocessors/appid/service_plugins/service_ftp.c :
  602 	  Fixed FTP detection issues when a multi-line server response is split across multiple packets.
  603 	
  604 	* src/dynamic-preprocessors/appid/appIdConfig.c,
  605 	  src/dynamic-preprocessors/appid/appIdConfig.h,
  606 	  src/dynamic-preprocessors/appid/commonAppMatcher.c,
  607 	  src/dynamic-preprocessors/appid/spp_appid.c,
  608 	  src/dynamic-preprocessors/appid/thirdparty_appid_api.h,
  609 	  src/dynamic-preprocessors/appid/thirdparty_appid_utils.c :
  610 	  Added a new AppId preproc config option which specifies path to NAVL related cofiguration.
  611 
  612 	* src/dynamic-preprocessors/appid/fw_appid.c :
  613 	  Fix to set TOR as payloadAppId if NAVL detects it over an HTTP SSL Tunnel.
  614 	
  615 	* src/dynamic-preprocessors/imap/imap_config.c,
  616 	  src/dynamic-preprocessors/pop/pop_config.c,
  617 	  src/dynamic-preprocessors/smtp/smtp_config.c,
  618 	  src/file-process/file_api.h,
  619 	  src/file-process/file_mime_config.c,
  620 	  src/file-process/file_mime_config.h,
  621 	  src/preprocessors/perf_indicators.h,
  622 	  src/preprocessors/snort_httpinspect.c,
  623 	  src/preprocessors/snort_httpinspect.h,
  624 	  src/preprocessors/spp_httpinspect.c :
  625 	  Fix Snort2 with a newer ICC without fixing the [bad] binary-crossing strtok assumptions.
  626 
  627 	* src/preprocessors/spp_sfportscan.c :
  628 	  Fix for filling the ip4hdr in the port scan packet creation.
  629 
  630 	* src/checksum.h,
  631 	  src/encode.c :
  632 	  Updated the checksum correctly for reset and locally modified packets for GRE flow.
  633 
  634 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  635 	  Fixed issue in handling TCP timestamp options in Snort.
  636 
  637 	* src/dynamic-preprocessors/appid/fw_appid.c :
  638 	  Fixed compilation warning.
  639 	
  640 	* src/dynamic-plugins/sf_dynamic_preprocessor.h,
  641 	  src/dynamic-preprocessors/sdf/spp_sdf.c,
  642 	  src/dynamic-preprocessors/sdf/spp_sdf.h :
  643 	  Fixed Sensitive Data Threshold Configuration.
  644 
  645 	* src/dynamic-preprocessors/appid/fw_appid.c,
  646 	  src/preprocessors/Session/session_expect.c :
  647 	  Fix for setting application_protocol_ordinal by the caller.
  648 
  649 	* src/file-process/file_resume_block.c,
  650 	  src/file-process/file_ss.c :
  651 	  Removed unused variables.
  652 	
  653 	* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c :
  654 	  Added support for detecting Mac based SMTP Microsoft Outlook client application
  655 
  656 	* src/dynamic-preprocessors/sip/sip_config.c :
  657 	  Fixed policy deployment failure due to SIP preprocessor config validation.
  658 	
  659 	* src/dynamic-preprocessors/appid/luaDetectorApi.c :
  660 	  Including more informations for lua errors while loading patterns.
  661 
  662 	* src/dynamic-preprocessors/sdf/sdf_credit_card.c,
  663 	  src/dynamic-preprocessors/sdf/sdf_pattern_match.c :
  664 	  Fix to treat any pii without following by non-digit as full pattern match and fire alert.
  665 
  666 	* src/dynamic-preprocessors/reputation/shmem/shmem_lib.c :
  667 	  Fixed snort process exit when processing reputation and if another snort was launched that does the same work.
  668 
  669 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  670 	  Fix to not flush the urgent data to preprocs and the segment be trimmed.
  671 
  672 	* src/dynamic-preprocessors/appid/appIdApi.c :
  673 	  Stop marking the HTTP inspection as done if the SSL detector is in progress and no URL is extracted.
  674 
  675 	* src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
  676 	  src/dynamic-preprocessors/appid/service_plugins/service_rshell.c :
  677 	  Fix here is to set the AppId for rsh/rexec control sessions initially to allow the data session 
  678 	  and doing the rest of the validation later.
  679 
  680 	* src/control/sfcontrol.h,
  681 	  src/preprocessors/spp_perfmonitor.c :
  682 	  Fix for enabling flow profiling mode without restarting snort detection engine.
  683 	
  684 	* src/preprocessors/HttpInspect/client/hi_client.c,
  685 	  src/preprocessors/HttpInspect/include/hi_client.h :
  686 	  Fixed x-forward-for-like headers when there are multiple proxies.
  687 
  688 	* src/file-process/file_service.c :
  689 	  Fix to update the file_config when we update the file_context.
  690 
  691 	* src/dynamic-preprocessors/appid/service_plugins/service_base.c :
  692 	  Fix to prevent re-allocation of memory for SMB AppId data.
  693 
  694 	* src/dynamic-preprocessors/Makefile.am :
  695 	  Add -f option to the mv command for fixing make distcheck failure during file overwrite.
  696 
  697 	* doc/README.http_inspect,
  698 	  etc/gen-msg.map,
  699 	  preproc_rules/preprocessor.rules,
  700 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  701 	  A new preprocessor alert is added 120:27 to alert if there is no proper end of header.
  702 
  703 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  704 	  Fixed uninitialized members of StreamTracker for midstream sessions.
  705 
  706 	* src/preprocessors/session_api.h,
  707 	  src/preprocessors/spp_session.c :
  708 	  Removal of Blocklist timeout code.
  709 
  710 	* src/preprocessors/spp_session.c :
  711 	  Fix for snort to check for expired sessions and stop matching new packets with expired sessions.
  712 
  713 	* src/dynamic-plugins/sf_dynamic_plugins.c,
  714 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
  715 	  src/snort.c :
  716 	  Fix to get daq capabilities for snort firewall in optimized way.
  717 
  718 	* tools/appid_detector_builder.sh :
  719 	  Fixed API name used by OpenAppId LUA detector builder.
  720 
  721 	* src/dynamic-preprocessors/appid/luaDetectorApi.c,
  722 	  src/dynamic-preprocessors/appid/luaDetectorModule.c :
  723 	  Locking LUA detectors during snort reload free.
  724 
  725 	* src/dynamic-preprocessors/appid/luaDetectorApi.c,
  726 	  src/dynamic-preprocessors/appid/luaDetectorFlowApi.c,
  727 	  src/dynamic-preprocessors/appid/service_plugins/service_ssl.c :
  728 	  Setting AppId for RSHELL/REXEC stderr data sessions.
  729 
  730 	* src/memory_stats.c,
  731 	  src/memory_stats.h,
  732 	  src/snort.c
  733 	  src/preprocessors/HttpInspect/client/hi_client.c,
  734 	  src/dynamic-preprocessors/appid/luaDetectorModule.c,
  735 	  src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
  736 	  src/dynamic-preprocessors/appid/spp_appid.c,
  737 	  src/dynamic-preprocessors/appid/service_plugins/service_base.c :
  738 	  Fixed issues reported by valgrind.
  739 
  740 	* src/dynamic-preprocessors/appid/appIdApi.c,
  741 	  src/dynamic-preprocessors/appid/fw_appid.c :	
  742 	  Fix for FTP Active detection issues in case of multi-line server responses.
  743 
  744 	* src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
  745 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_config.h,
  746 	  src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
  747 	  src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
  748 	  src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
  749 	  src/file-process/file_api.h,
  750 	  src/file-process/file_resume_block.c,
  751 	  src/file-process/file_resume_block.h,
  752 	  src/file-process/file_segment_process.c,
  753 	  src/file-process/file_service.c,
  754 	  src/preprocessors/Stream6/snort_stream_tcp.c :
  755 	  Fixed File policy with the rule block with reset that was not blocking the file upload.
  756 
  757 	* src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c :
  758 	  Fixed snort process exit while processing Security Intelligence.
  759 
  760 2019-03-21 Bhumika Sachdeva <bsachdev@cisco.com>
  761 Snort 2.9.13.0
  762 	
  763 	* src/dynamic-preprocessors/sip/sip_config.c :
  764 	  Changed number of max sessions SIP can handle.
  765 	
  766 	* src/dynamic-preprocessors/appid/luaDetectorModule.c :
  767 	  Fixed an issue in loading of bunch of lua detector.
  768 
  769 	* src/dynamic-preprocessors/sdf/sdf_credit_card.c,
  770 	  src/dynamic-preprocessors/sdf/sdf_pattern_match.c :
  771 	  Fixed an issue with processing of pattern matching. 
  772 
  773 	* src/dynamic-preprocessors/appid/appIdApi.c :
  774 	  Fixed an issue with HTTP inspection in case SSL detector is in process and no URL has been extracted.
  775 
  776 	* src/preprocessors/HttpInspect/client/hi_client.c,
  777 	  src/preprocessors/HttpInspect/include/hi_client.h :
  778 	  Fixing of x-forward-for-like headers in case of multiple proxies by snort.
  779 
  780 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  781 	  Blocking the flush of urgent data to preprocs and trimming of segment in case urgent flag is set and urgent pointer > 0.
  782 
  783 	* src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
  784 	  src/dynamic-preprocessors/appid/service_plugins/service_rshell.c :
  785 	  Set the AppId for rsh/rexec control sessions initially to allow the data session and doing the rest of the validation.
  786 
  787 	* src/file-process/file_service.c :
  788 	  Fixed the Snort process failure while processing file policy on SMB2 traffic.
  789 
  790 	* src/dynamic-preprocessors/appid/service_plugins/service_base.c :
  791 	  Modified the prevention of re-allocation of memory for SMB AppId data.
  792 
  793 	* src/dynamic-preprocessors/appid/luaDetectorModule.c,
  794 	  src/dynamic-preprocessors/appid/service_plugins/service_base.c :
  795 	  Fixed memory leak issues.
  796 
  797 	* src/control/sfcontrol.c,
  798 	  src/detection-plugins/Makefile.am,
  799 	  src/dynamic-examples/Makefile.am,
  800 	  src/dynamic-plugins/Makefile.am,
  801 	  src/dynamic-plugins/sf_decompression_define.h,
  802 	  src/dynamic-plugins/sf_dynamic_decompression.c,
  803 	  src/dynamic-plugins/sf_dynamic_decompression.h,
  804 	  src/dynamic-plugins/sf_dynamic_detection.h,
  805 	  src/dynamic-plugins/sf_dynamic_engine.h,
  806 	  src/dynamic-plugins/sf_dynamic_meta.h,
  807 	  src/dynamic-plugins/sf_dynamic_plugins.c,
  808 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
  809 	  src/dynamic-plugins/sf_dynamic_side_channel.h,
  810 	  src/dynamic-plugins/sf_engine/bmh.c,
  811 	  src/dynamic-plugins/sf_engine/examples/12759.c,
  812 	  src/dynamic-plugins/sf_engine/examples/detection_lib_meta.h,
  813 	  src/dynamic-plugins/sf_engine/examples/rule_storeandforward.c,
  814 	  src/dynamic-plugins/sf_engine/examples/rule_storeandforward2.c,
  815 	  src/dynamic-plugins/sf_engine/sf_decompression.c,
  816 	  src/dynamic-plugins/sf_engine/sf_decompression.h,
  817 	  src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
  818 	  src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
  819 	  src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
  820 	  src/dynamic-plugins/so_rule_mem_adjust.h,
  821 	  src/dynamic-plugins/sp_dynamic.c,
  822 	  src/dynamic-preprocessors/Makefile.am,
  823 	  src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
  824 	  src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
  825 	  src/dynamic-preprocessors/appid/thirdparty_appid_utils.c,
  826 	  src/dynamic-preprocessors/dcerpc2/dce2_config.c,
  827 	  src/dynamic-preprocessors/dcerpc2/includes/smb.h,
  828 	  src/dynamic-preprocessors/sip/sip_dialog.c,
  829 	  src/dynamic-preprocessors/sip/sip_roptions.c,
  830 	  src/preprocessors/HttpInspect/utils/hi_util_hbm.c,
  831 	  src/preprocessors/spp_arpspoof.c,
  832 	  src/reload.c,
  833 	  src/snort.c,
  834 	  src/snort.h,
  835 	  snort_build/Makefile.common,
  836 	  snort_build/common-snort-opts.makefile :
  837 	  Snort now supports reload on snort rules update.
  838 
  839 	* configure.in,
  840 	  src/control/sfcontrol.c :
  841 	  Addressed FreeBSD Build error.
  842 
  843 	* src/preprocessors/perf-base.c :
  844 	  Fixed an issue with Inspection engine performance statistics showing 0 drops in case of non-zero drops.
  845 
  846 	* src/control/sfcontrol.c :
  847 	  Fixed an issue where snort was stuck in cleanup.
  848 
  849 	* preproc_rules/preprocessor.rules,
  850 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
  851 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  852 	  Handling of junk characters after chunk size in HTTP response.
  853 
  854 	* src/detection-plugins/sp_byte_math.c :
  855 	  Handled a zero value case with division operator.
  856 
  857 	* src/preprocessors/Stream6/snort_stream_tcp.c :
  858 	  Updated TCP policy for client and server session while flushing the client or server segment list.
  859 
  860 	* doc/README.http_inspect,
  861 	  etc/gen-msg.map,
  862 	  preproc_rules/preprocessor.rules,
  863 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
  864 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
  865 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  866 	  Handled a new pre-processor alert in case of improper end of HTTP header.
  867 
  868 	* src/dynamic-preprocessors/reputation/shmem/shmem_lib.c,
  869 	  src/detection-plugins/sp_isdataat.c,
  870 	  src/detection-plugins/sp_isdataat.h :
  871 	  Fixed a potential race condition.
  872 
  873 	* src/dynamic-preprocessors/appid/appIdStats.c,
  874 	  src/dynamic-preprocessors/appid/appInfoTable.c,
  875 	  src/dynamic-preprocessors/appid/detector_plugins/detector_http.c,
  876 	  src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
  877 	  src/dynamic-preprocessors/appid/fw_appid.c,
  878 	  src/dynamic-preprocessors/appid/service_plugins/service_ssh.c,
  879 	  src/dynamic-preprocessors/appid/service_plugins/service_ssl.c,
  880 	  src/dynamic-preprocessors/appid/thirdparty_appid_utils.c,
  881 	  src/dynamic-preprocessors/dnp3/spp_dnp3.c,
  882 	  src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
  883 	  src/sfutil/bnfa_search.c,
  884 	  src/sfutil/sf_textlog.c :
  885 	  Validation of malloc return values.
  886 
  887 	* src/preprocessors/sfprocpidstats.c :
  888 	  Modified the sfprocpidstat to only calculate CPU statistics when --suppress-config-log option is not supplied.
  889 
  890 
  891 2018-09-18 Puneeth Kumar C V <puneetku@cisco.com>
  892 Snort 2.9.12.0
  893 
  894 	* doc/README.http_inspect, etc/gen-msg.map,
  895 	  preproc_rules/preprocessor.rules,
  896 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
  897 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
  898 	  src/preprocessors/HttpInspect/server/hi_server.c,
  899 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  900 	  Fixed an issue where in if we have a junk line before HTTP response header, the header was wrongly parsed.
  901 	  A new preprocessor alert with gid:120 and sid:26 is alerted if any junk lines before HTTP response header is detected.
  902 
  903 	* etc/gen-msg.map, preproc_rules/preprocessor.rules,
  904 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
  905 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
  906 	  src/preprocessors/HttpInspect/include/hi_server.h,
  907 	  src/preprocessors/HttpInspect/server/hi_server.c :
  908 	  If any of the standard header fields like Transfer-Encoding, content-encoding, content-length,
  909 	  content-type are preceded by \t, then a new alert is added with gid:120 and sid:25.
  910 
  911 	* doc/README.http_inspect, doc/snort_manual.pdf, etc/gen-msg.map,
  912 	  preproc_rules/preprocessor.rules,
  913 	  src/preprocessors/snort_httpinspect.h,
  914 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
  915 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
  916 	  src/preprocessors/HttpInspect/server/hi_server.c,
  917 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
  918 	  Fixed GZIP evasions wherein a HTTP response with content-encoding:gzip contains a body which has some gzip related anomaly.
  919 	  A new alert with gid:120 and sid:24 has been added to detect mixed gzip encode and plain text response.
  920 	
  921 	* src/preprocessors/HttpInspect/server/hi_server.c :
  922 	  Memory leak in decompression when using zlib version 1.2.11. Thanks Elof for reporting it and Thanks Anuj Patel for sending the patch.
  923 
  924 	* src/: dynamic-preprocessors/dcerpc2/dce2_smb2.c,
  925 	  dynamic-preprocessors/dcerpc2/dce2_smb.h,
  926 	  dynamic-preprocessors/dcerpc2/dce2_smb2.c,
  927 	  dynamic-preprocessors/dcerpc2/dce2_smb2.h,
  928 	  dynamic-preprocessors/dcerpc2/dce2_paf.c, includes/smb.h,
  929 	  dynamic-preprocessors/dcerpc2/spp_dce2.c,
  930 	  file-process/file_api.h, file-process/file_segment_process.c,
  931 	  file-process/file_segment_process.h,
  932 	  SMB improvements for file processing.
  933 
  934 	* src/dynamic-preprocessors/appid/: appInfoTable.h, fw_appid.c,
  935 	  fw_appid.h, hostPortAppCache.c, luaDetectorApi.c,
  936 	  luaDetectorApi.h, luaDetectorFlowApi.c,
  937 	  client_plugins/client_app_aim.c, client_plugins/client_app_api.h,
  938 	  client_plugins/client_app_base.c,
  939 	  client_plugins/client_app_base.h,
  940 	  client_plugins/client_app_bit.c,
  941 	  client_plugins/client_app_bit_tracker.c,
  942 	  client_plugins/client_app_msn.c, client_plugins/client_app_rtp.c,
  943 	  client_plugins/client_app_ssh.c,
  944 	  client_plugins/client_app_timbuktu.c,
  945 	  client_plugins/client_app_tns.c, client_plugins/client_app_vnc.c,
  946 	  client_plugins/client_app_ym.c, detector_plugins/detector_http.c,
  947 	  detector_plugins/detector_imap.c,
  948 	  detector_plugins/detector_kerberos.c,
  949 	  detector_plugins/detector_pattern.c,
  950 	  detector_plugins/detector_pop3.c,
  951 	  detector_plugins/detector_sip.c,
  952 	  detector_plugins/detector_smtp.c, service_plugins/service_api.h,
  953 	  service_plugins/service_base.c, service_plugins/service_base.h :
  954 	  Fixed an issue in a scenario where BitTorrent pattern is seen only on the 3rd packet of the session because of which we miss our client detection.
  955 
  956 	* src/dynamic-preprocessors/appid/fw_appid.c :
  957 	  Re-enabling third party AppId detection for out-of-order/not-ok flows.
  958 
  959 	* src/dynamic-preprocessors/appid/: flow.h, fw_appid.c :
  960 	  Added support for HTTP CONNECT command to handle BitTorrent connections over proxy.
  961 
  962 	* src/encode.c, src/reload.h, src/sfdaq.c,
  963 	  src/dynamic-preprocessors/dcerpc2/dce2_co.c,
  964 	  src/dynamic-preprocessors/dcerpc2/dce2_config.c,
  965 	  src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
  966 	  src/dynamic-preprocessors/dcerpc2/dce2_smb2.c,
  967 	  src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
  968 	  src/dynamic-preprocessors/sdf/spp_sdf.c,
  969 	  src/preprocessors/spp_frag3.c, src/preprocessors/spp_session.c,
  970 	  src/preprocessors/spp_sfportscan.c,
  971 	  src/preprocessors/Stream6/snort_stream_ip.c,
  972 	  src/preprocessors/Stream6/snort_stream_tcp.c, src/sfutil/acsmx.c,
  973 	  src/sfutil/sfksearch.c, src/sfutil/sfportobject.c,
  974 	  tools/u2spewfoo/u2spewfoo.c :
  975 	  Fixed Snort warnings when compiled in OpenBSD with clang/llvm. Thanks to Markus for reporting this.
  976 
  977 	* src/dynamic-preprocessors/file/spp_file.c :
  978 	  Fixed an issue where file inspect not working after reload.
  979 
  980 	* src/dynamic-preprocessors/Makefile.am :
  981 	  Fixed an issue where snort was not coming up with AppId enabled on OpenBSD.
  982 
  983 	* src/: snort.c, dynamic-plugins/sf_dynamic_preprocessor.h,
  984 	  preprocessors/perf.c, preprocessors/Stream6/snort_stream_icmp.c,
  985 	  preprocessors/Stream6/snort_stream_ip.c,
  986 	  preprocessors/Stream6/snort_stream_tcp.c,
  987 	  preprocessors/Stream6/snort_stream_udp.c :
  988 	  Fixed compilation issue with --disable-reload.
  989 
  990 	* configure.in, doc/README.appid, doc/snort_manual.tex,
  991 	  rpm/README.build_rpms, rpm/generate-all-rpms, rpm/snort.spec,
  992 	  src/dynamic-preprocessors/appid/Makefile_defs :
  993 	  Compile AppID by default.
  994 
  995 	* src/dynamic-preprocessors/appid/fw_appid.c :
  996 	  Changes to AppId to ignore malformed packets.
  997 
  998 	* src/: dynamic-preprocessors/dcerpc2/dce2_smb2.c,
  999 	  file-process/file_segment_process.c,
 1000 	  file-process/file_segment_process.h :
 1001 	  Fix an issue where memory is over allocated due to SMB traffic.
 1002 
 1003 	* src/dynamic-preprocessors/appid/: appIdApi.c, appIdConfig.h,
 1004 	  appInfoTable.c, fw_appid.c, hostPortAppCache.c :
 1005 	  Added support for wild card port numbers in host cache and overwriting port service AppId.
 1006 
 1007 	* src/mstring.c :
 1008 	  Fixed an issue with msplit() not behaving properly in some scenarios.
 1009 
 1010 	* src/dynamic-preprocessors/appid/: fw_appid.c, test/appIdTests.c :
 1011 	  Fixed an issue where retransmitted packet incorrectly treated as out of order.
 1012 
 1013 	* src/preprocessors/spp_frag3.c :
 1014 	  Fixed snort crash in some scenraios.
 1015 
 1016 	* src/dynamic-preprocessors/appid/: fw_appid.c,
 1017 	  service_plugins/service_ssl.c :
 1018 	  Fixed an issue wherein if we have multiple ssl certificates, they were concatinated.
 1019 
 1020 	* src/dynamic-preprocessors/appid/fw_appid.c :
 1021 	  Using Inner IP header to determine the protocol & direction for AppId.
 1022 
 1023 	* src/: reload.c, preprocessors/spp_normalize.c,
 1024 	  preprocessors/Stream6/snort_stream_tcp.c :
 1025 	  Fixed an issue where snort cores due to wrong/stale policy IDs in the flush path.
 1026 
 1027 	* src/detection-plugins/sp_pattern_match.c :
 1028 	  Fixed an issue with intrusion rule that was trigerring false negatives.
 1029 
 1030 	* src/sfutil/sfportobject.c, src/decode.c, src/fpcreate.c,
 1031 	  src/plugbase.c, src/util.c,
 1032 	  src/dynamic-preprocessors/sdf/sdf_us_ssn.c :
 1033 	  Fixed static analysis issues.
 1034 
 1035 	* src/preprocessors/Stream6/: snort_stream_tcp.c, stream_common.c :
 1036 	  Fixed early setting of PKT_STREAM_ORDER_BAD when out of order packet is seen.
 1037 
 1038 	* src/preprocessors/: session_api.h, spp_session.c :
 1039 	  This change will allow us to use the session stream key to lookup the session instead
 1040 	  of directly storing the S pointer
 1041 
 1042 	* src/: event_wrapper.c, event_wrapper.h, preprocessors/portscan.c :
 1043 	  Fixed an issue where Port Scan doesn't block scans
 1044 
 1045 	* src/: obfuscation.c,
 1046 	  dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 1047 	  dynamic-preprocessors/file/file_agent.c,
 1048 	  dynamic-preprocessors/file/file_inspect_config.c,
 1049 	  dynamic-preprocessors/sdf/sdf_us_ssn.c,
 1050 	  file-process/file_capture.c :
 1051 	  Fixed bugs reported by open source community. Thanks for David Binderman for reporting this.
 1052 
 1053 	* src/snort.c :
 1054 	  Avoid possible double free and memory corruption in snortcleanup().
 1055 
 1056 	* doc/snort_manual.pdf, src/reg_test.h 
 1057 	  src/dynamic-preprocessors/reputation/spp_reputation.c :
 1058 	  Prevent restart when Reputation memcap changes.
 1059 
 1060 	* src/dynamic-preprocessors/appid/luaDetectorModule.c :
 1061 	  Fixed an issue where AppId continues to try & load the remaining detectors instead of returning after
 1062 	  finding an invalid one.  
 1063 
 1064 	* src/snort.c :
 1065 	  Reduced the number of session prunings when snort is idle.
 1066 
 1067 	* src/dynamic-preprocessors/ftptelnet/pp_ftp.c :
 1068 	  Fixed an issue which can cause buffer overflow and memory corruption in FTP control path.
 1069 
 1070 	* src/reload.c :
 1071 	  Synchronise reload and restart in snort.
 1072 
 1073 	* src/snort_bounds.h : 
 1074 	  Fixed possible buffer overrun.
 1075 
 1076 	* src/dynamic-preprocessors/appid/: fw_appid.c, fw_appid.h,
 1077 	  luaDetectorApi.c, spp_appid.c, client_plugins/client_app_base.c,
 1078 	  service_plugins/service_base.c, test/Makefile.am :
 1079 	  Remove misleading exit log about DetectorFini. 
 1080 
 1081 	* src/dynamic-preprocessors/appid/:
 1082 	  client_plugins/client_app_rtp.c, client_plugins/client_app_rtp.h,
 1083 	  test/Makefile.am, test/appIdTests.c, test/client_app_rtp_test.c,
 1084 	  test/client_app_rtp_test.h :
 1085 	  Fix for the issue where RTP doesn't get detected when there is SSRC switch.
 1086 
 1087 	* src/dynamic-preprocessors/appid/: fw_appid.c,
 1088 	  detector_plugins/detector_smtp.c, service_plugins/service_ftp.c :
 1089 	  Fixed an issue where is SMTP is detected too late.
 1090 
 1091 	* src/: dynamic-plugins/sf_dynamic_plugins.c,
 1092 	  dynamic-preprocessors/appid/appIdConfig.h,
 1093 	  dynamic-preprocessors/appid/fw_appid.c : 
 1094 	  Added mutex protections into the framework API to protect against some thread contention.
 1095 
 1096 	* src/preprocessors/: session_api.h, spp_session.c,
 1097 	  Session/session_expect.c :
 1098 	  Changes to allow simulated packets to match an existing session.
 1099 
 1100 	* src/: snort.c, dynamic-plugins/sf_dynamic_plugins.c,
 1101 	  dynamic-plugins/sf_dynamic_preprocessor.h,
 1102 	  dynamic-preprocessors/reputation/spp_reputation.c,
 1103 	  preprocessors/session_api.h, preprocessors/spp_session.c,
 1104 	  preprocessors/Session/session_common.h, sfutil/sfPolicyData.h :
 1105 	  Re-evaluate IP reputation on all flows except black listed flows after reputation update.
 1106 
 1107 	* doc/README.http_inspect, etc/gen-msg.map,
 1108 	  preproc_rules/preprocessor.rules,
 1109 	  src/preprocessors/HttpInspect/client/hi_client.c,
 1110 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 1111 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
 1112 	  src/preprocessors/HttpInspect/include/hi_paf.h,
 1113 	  src/preprocessors/HttpInspect/server/hi_server.c,
 1114 	  src/preprocessors/HttpInspect/utils/hi_paf.c :
 1115 	  Added handling chunked encoding in HTTP1.0 request and response.
 1116 
 1117 	* src/preprocessors/: snort_httpinspect.c,
 1118 	  HttpInspect/client/hi_client.c, HttpInspect/include/hi_client.h,
 1119 	  Stream6/snort_stream_tcp.c, Stream6/stream_paf.c :
 1120 	  Fixed an issue where in HTTPS post file detection not working.
 1121 
 1122 	* src/: parser.c, snort.h, detection-plugins/sp_pcre.c,
 1123 	  dynamic-plugins/sf_convert_dynamic.c,
 1124 	  dynamic-plugins/sf_dynamic_engine.h,
 1125 	  dynamic-plugins/sf_dynamic_plugins.c,
 1126 	  dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 1127 	  output-plugins/spo_log_tcpdump.c, preprocessors/spp_normalize.c,
 1128 	  preprocessors/Stream6/snort_stream_tcp.c : 
 1129 	  Fixed an issue with Snort using incorrect snort config in reload path.
 1130 
 1131 	* src/: decode.c, preprocessors/portscan.c,
 1132 	  preprocessors/spp_frag3.c :
 1133 	  Fixed an issue with IP Protocol scanning not getting detected.
 1134 
 1135 	* src/decode.c :
 1136 	  Fixed heap out of bounds read in DecodeCiscoMeta().
 1137 
 1138 	* src/decode.c : 
 1139 	  Fixed 1 byte buffer overflow in CheckIPV6HopOptions.
 1140 
 1141 	* src/dynamic-preprocessors/appid/: commonAppMatcher.c :
 1142 	  Fix for the issue where hosts were not being discovered if the ND rule had IPv6 network and zone.
 1143 
 1144 	* src/sfutil/Unified2_common.h :
 1145 	  Fixed an issue with Unified2IDSEventIPv6 structure's app_name field has incorrect size.
 1146 
 1147 	* src/util.c :
 1148 	  Fixed an issue where logging packet can cause a segmentation fault in single-pcap mode when printing timestamp. 
 1149 	  Thanks to Stephan Zeisbarg for reporting this issue.
 1150 
 1151 	* src/preprocessors/portscan.c :
 1152 	  Fix Protocol sweep alert.
 1153 
 1154 
 1155 2017-12-06 Meghana R <meraghav@cisco.com>
 1156 Snort 2.9.11.1
 1157 
 1158 	* sfeng/ims/sfsnort/snort/src/build.h : updating build number to 268
 1159 
 1160 	* sfeng/ims/sfsnort/snort/: src/encode.c, src/reload.h,
 1161 	  src/sfdaq.c, src/dynamic-preprocessors/dcerpc2/dce2_co.c,
 1162 	  src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 1163 	  src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
 1164 	  src/dynamic-preprocessors/dcerpc2/dce2_smb2.c,
 1165 	  src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 1166 	  src/dynamic-preprocessors/sdf/spp_sdf.c,
 1167 	  src/preprocessors/spp_frag3.c, src/preprocessors/spp_session.c,
 1168 	  src/preprocessors/spp_sfportscan.c,
 1169 	  src/preprocessors/Stream6/snort_stream_ip.c,
 1170 	  src/preprocessors/Stream6/snort_stream_tcp.c, src/sfutil/acsmx.c,
 1171 	  src/sfutil/sfksearch.c, src/sfutil/sfportobject.c,
 1172 	  tools/u2spewfoo/u2spewfoo.c :
 1173 	  Fixed warnings when snort is compiled in OpenBSD with clang/llvm. Thanks to Markus Lude for noting the issue.
 1174 
 1175 	* sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/file/spp_file.c :
 1176 	  Fixed issue of applying new configuration in file inspection after snort reload.
 1177 
 1178 	* sfeng/ims/sfsnort/snort/src/preprocessors/spp_session.c :
 1179 	  Added null check before accessing session cache.
 1180 
 1181 	* sfeng/ims/sfsnort/snort/src/: appIdApi.h,
 1182 	  dynamic-preprocessors/appid/appIdApi.c :
 1183 	  Fixed issue where AppId was not setting HA flags correctly for unmonitored sessions.
 1184 
 1185 	* sfeng/ims/sfsnort/snort/src/: snort.c,
 1186 	  dynamic-plugins/sf_dynamic_preprocessor.h, preprocessors/perf.c,
 1187 	  preprocessors/Stream6/snort_stream_icmp.c,
 1188 	  preprocessors/Stream6/snort_stream_ip.c,
 1189 	  preprocessors/Stream6/snort_stream_tcp.c,
 1190 	  preprocessors/Stream6/snort_stream_udp.c :
 1191 	  Fixed issue in compilation of snort with --disable-reload option. Thanks to BlueSky for noting the issue.
 1192 
 1193 	* sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/Makefile.am :
 1194 	  Fixed AppID compilation failure in OpenBSD platform.
 1195 
 1196 	* sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/fw_appid.c :
 1197 	  Fixed issue to set correct flags when there is a need to ignore thirdparty detection for an SSL session.
 1198 
 1199 	* sfeng/ims/sfsnort/snort/src/: event_wrapper.c, event_wrapper.h,
 1200 	  preprocessors/portscan.c :
 1201 	  Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets, which means snort will block the packet and generate logs.
 1202 
 1203 	* sfeng/ims/sfsnort/snort/src/: obfuscation.c,
 1204 	  dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 1205 	  dynamic-preprocessors/file/file_agent.c,
 1206 	  dynamic-preprocessors/file/file_inspect_config.c,
 1207 	  dynamic-preprocessors/sdf/sdf_us_ssn.c,
 1208 	  file-process/file_capture.c :
 1209 	  Fixed incorrect usage of bitwise-operator and removed dead code. Thanks to David Binderman for noting the issue and proposing the fix.
 1210 
 1211 	* sfeng/ims/sfsnort/snort/: doc/snort_manual.pdf, src/snort.c,
 1212 	  src/dynamic-plugins/sf_dynamic_plugins.c,
 1213 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
 1214 	  src/dynamic-preprocessors/reputation/spp_reputation.c,
 1215 	  src/preprocessors/session_api.h, src/preprocessors/spp_session.c,
 1216 	  src/preprocessors/Session/session_common.h,
 1217 	  src/sfutil/sfPolicyData.h :
 1218 	  Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted.
 1219 
 1220 	* sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/:
 1221 	  client_plugins/client_app_rtp.c, client_plugins/client_app_rtp.h :
 1222 	  Fixed issue to detect RTP upto two SSRC switches in each traffic direction.
 1223 
 1224 	* sfeng/ims/sfsnort/snort/src/snort.c :
 1225 	  Added changes to reduce the number of session pruning when snort is idle.
 1226 
 1227 	* sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/ftptelnet/pp_ftp.c :
 1228 	  Fixed an issue related to setting of directory path when handling FTP sessions.
 1229 
 1230 	* sfeng/ims/sfsnort/snort/src/snort_bounds.h :
 1231 	  Fixed an issue with the incorrect return in SafeSnprintf function.
 1232 
 1233 	* sfeng/ims/sfsnort/snort/src/preprocessors/: snort_httpinspect.c,
 1234 	  HttpInspect/client/hi_client.c, HttpInspect/include/hi_client.h,
 1235 	  Stream6/snort_stream_tcp.c, Stream6/stream_paf.c :
 1236 	  Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive copy of segment data by not splitting them when flushing headers.
 1237 
 1238 	* sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c :
 1239 	  Added changes to show missing session log message only when debugging mode is enabled.
 1240 
 1241 	* sfeng/ims/sfsnort/snort/: doc/snort_manual.pdf,
 1242 	  src/preprocessors/portscan.c :
 1243 	  Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan.
 1244 
 1245 	* sfeng/ims/sfsnort/snort/src/preprocessors/Stream6/snort_stream_tcp.c :
 1246 	  Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels.
 1247 
 1248 	* sfeng/ims/sfsnort/snort/src/: decode.c, preprocessors/portscan.c,
 1249 	  preprocessors/spp_frag3.c : 
 1250 	  Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets.
 1251 
 1252 	* sfeng/ims/sfsnort/snort/src/preprocessors/snort_httpinspect.c:
 1253 	  Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup.
 1254 
 1255 
 1256 2017-09-05 Meghana R <meraghav@cisco.com>
 1257 Snort 2.9.11
 1258 
 1259 	* src/build.h : updating build number to 125.
 1260 
 1261 	* src/preprocessors/: spp_session.c, Stream6/snort_stream_tcp.c :
 1262 	  Fixed issue with updation of global IPS id before packet processing.
 1263 
 1264 	* src/output-plugins/spo_unified2.c : 
 1265 	  Added changes to display AppId for IPv6 unified events.
 1266 
 1267 	* src/: dynamic-preprocessors/Makefile.am,
 1268 	  reload-adjust/appdata_adjuster.c,
 1269 	  sfutil/sfmemcap.c, sfutil/sfmemcap.h : 
 1270 	  Fixed dynamic preprocessor compilation failure in OpenBSD platform.
 1271 
 1272 	* src/: parser.c, snort.h, detection-plugins/sp_replace.c : 
 1273 	  Fixed issues while parsing rules in snort reload path.
 1274 
 1275 	* src/: appIdApi.h, dynamic-preprocessors/appid/appId.h,
 1276 	  dynamic-preprocessors/appid/appIdApi.c,
 1277 	  dynamic-preprocessors/appid/appIdConfig.h,
 1278 	  dynamic-preprocessors/appid/appInfoTable.c,
 1279 	  dynamic-preprocessors/appid/flow.h,
 1280 	  dynamic-preprocessors/appid/fw_appid.c,
 1281 	  dynamic-preprocessors/appid/hostPortAppCache.c,
 1282 	  dynamic-preprocessors/appid/hostPortAppCache.h :
 1283 	  Added implementation of hostPortCache versioning for unknown flows in AppID to detect and block BitTorrent.
 1284 
 1285 	* src/preprocessors/spp_normalize.c :
 1286 	  Fixed incorrect usage of snort configuration in snort reload path.
 1287 
 1288 	* src/dynamic-preprocessors/appid/: flow.c, flow.h, fw_appid.c : 
 1289 	  Fixed issues with printing of messages for out-of-order packets.
 1290 
 1291 	* src/: mempool.c, mempool.h, reg_test.h, reload.c,
 1292 	  control/sfcontrol.c, control/sfcontrol.h,
 1293 	  preprocessors/spp_session.c,
 1294 	  preprocessors/Stream6/snort_stream_tcp.c : 
 1295 	  Added support for forced allocation of TCP protocol memory pool after maximum limit is reached.
 1296 
 1297 	* src/reload.c :
 1298 	  Fixed synchronisation issue during snort reload.  
 1299 
 1300 	* src/sfutil/: sf_ip.h, sf_ipvar.c, sf_ipvar.h :
 1301 	  Added changes to improve performance of ipvar list comparison.
 1302 
 1303 	* src/: dynamic-output/plugins/output_lib.h,
 1304 	  dynamic-output/plugins/output_plugin.c,
 1305 	  dynamic-preprocessors/dcerpc2/dce2_smb.c,
 1306 	  dynamic-preprocessors/dcerpc2/dce2_smb.h,
 1307 	  dynamic-preprocessors/dcerpc2/dce2_smb2.c,
 1308 	  dynamic-preprocessors/dcerpc2/spp_dce2.c,
 1309 	  dynamic-preprocessors/file/file_event_log.c,
 1310 	  file-process/file_api.h, file-process/file_service.c,
 1311 	  file-process/file_stats.c, file-process/file_stats.h,
 1312 	  sfutil/sf_textlog.c, sfutil/sf_textlog.h : 
 1313 	  Added support for storing filenames in unicode format for SMB protocol.
 1314 
 1315 	* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c : 
 1316 	  Enhanced SMTP client detection by allowing line folding and all authentication methods.
 1317 
 1318 	* src/: fpcreate.c, sfutil/sfthd.c, sfutil/sfxhash.c :
 1319 	  Fixed issue in detection filter counter when rule is used in multiple configurations.
 1320 
 1321 
 1322 2017-06-19 Meghana R <meraghav@cisco.com>
 1323 Snort 2.9.11 Beta
 1324 
 1325 	*src/build.h : updating build number to 101
 1326 
 1327 	* configure.in : 
 1328 	  Control-socket and side-channel support for FreeBSD platform.
 1329 
 1330 	* src/snort.c :
 1331 	  Fixed an issue where snort did not exit gracefully on SIGHUP during the initialisation.
 1332 	  
 1333 	* src/detect.c : 
 1334 	  Added a data length check before copying into memory during application detection.
 1335 	 
 1336 	* doc/snort_manual.pdf,
 1337 	  src/dynamic-preprocessors/appid/appIdConfig.h,
 1338 	  src/dynamic-preprocessors/appid/appInfoTable.c,
 1339 	  src/dynamic-preprocessors/appid/commonAppMatcher.c,
 1340 	  src/dynamic-preprocessors/appid/fw_appid.c,
 1341 	  src/dynamic-preprocessors/appid/fw_appid.h,
 1342 	  src/dynamic-preprocessors/appid/hostPortAppCache.c,
 1343 	  src/dynamic-preprocessors/appid/hostPortAppCache.h,
 1344 	  src/dynamic-preprocessors/appid/luaDetectorApi.c :
 1345 	  Added new hostPortCache which can maintain runtime AppId entries.
 1346 
 1347 	* src/preprocessors/perf-flow.c :
 1348 	  Added null check for individual sfFlow structure members.  
 1349 
 1350 	* doc/snort_manual.tex : 
 1351 	  Fixed syntax error in snort_maual.tex
 1352 
 1353 	* src/dynamic-preprocessors/appid/test/Makefile.am,
 1354 	  dynamic-preprocessors/dcerpc2/test/Makefile.am,
 1355 	  sfutil/test/Makefile.am : 
 1356 	  Linked librt library in appidd and dcerpc2 modules.
 1357 
 1358 	* doc/snort_manual.pdf, doc/snort_manual.tex, src/decode.c,
 1359           src/decode.h, src/detect.c, src/encode.c, src/reg_test.h,
 1360           src/snort.c, src/snort.h, src/util.c, src/reload.c
 1361           src/detection-plugins/sp_byte_math.c,
 1362           src/dynamic-plugins/sf_engine/sf_snort_plugin_byte.c,
 1363           src/dynamic-preprocessors/appid/appIdConfig.h,
 1364           src/dynamic-preprocessors/appid/appInfoTable.c,
 1365           src/dynamic-preprocessors/appid/commonAppMatcher.c,
 1366           src/dynamic-preprocessors/appid/fw_appid.c,
 1367           src/dynamic-preprocessors/appid/fw_appid.h,
 1368           src/dynamic-preprocessors/appid/hostPortAppCache.c,
 1369           src/dynamic-preprocessors/appid/hostPortAppCache.h,
 1370           src/dynamic-preprocessors/appid/luaDetectorApi.c,
 1371           src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 1372           src/dynamic-preprocessors/appid/test/Makefile.am,
 1373           src/dynamic-preprocessors/dcerpc2/dce2_smb2.c,
 1374           src/dynamic-preprocessors/dcerpc2/dce2_smb2.h,
 1375           src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 1376           src/dynamic-preprocessors/dcerpc2/test/Makefile.am,
 1377           src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 1378           src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 1379           src/dynamic-preprocessors/reputation/spp_reputation.c,
 1380           src/dynamic-preprocessors/imap/spp_imap.c,
 1381 	  src/dynamic-preprocessors/pop/spp_pop.c,
 1382 	  src/dynamic-preprocessors/smtp/spp_smtp.c,
 1383           src/file-process/file_api.h,
 1384           src/file-process/file_segment_process.c,
 1385           src/file-process/file_segment_process.h,
 1386           src/file-process/file_service.c, src/preprocessors/perf-base.c,
 1387           src/preprocessors/perf-flow.c,
 1388           src/preprocessors/perf_indicators.c,
 1389           src/preprocessors/snort_httpinspect.c,
 1390           src/preprocessors/spp_session.c, src/preprocessors/spp_stream6.c,
 1391           src/preprocessors/HttpInspect/server/hi_server.c,
 1392           src/preprocessors/HttpInspect/utils/hi_cmd_lookup.c,
 1393 	  src/preprocessors/Session/session_expect.c,
 1394           src/preprocessors/Stream6/snort_stream_tcp.c,
 1395           src/reload-adjust/appdata_adjuster.c, src/sfutil/sfrf.c,
 1396           src/sfutil/sfrf.h, src/sfutil/test/Makefile.am,
 1397           src/sfutil/test/unit_hacks.c, src/target-based/sftarget_reader.c,
 1398 	  src/target-based/sftarget_reader.h :
 1399 	  Changes to eliminate Snort restart when there are changes to the memory 
 1400 	  allocated for preprocessors, by releasing unused or least recently used memory
 1401 	  when needed.
 1402 
 1403 	* src/encode.c, dynamic-plugins/sf_engine/sf_snort_plugin_byte.c,
 1404 	  dynamic-preprocessors/ftptelnet/pp_ftp.c,
 1405 	  dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 1406 	  preprocessors/perf-base.c, preprocessors/perf_indicators.c,
 1407 	  preprocessors/snort_httpinspect.c,
 1408 	  preprocessors/HttpInspect/utils/hi_cmd_lookup.c :
 1409 	  Fixed multiple issues reported by Coverity.
 1410 
 1411 	* src/preprocessors/Stream6/: snort_stream_tcp.c : 
 1412 	  Added a null check before retrieving tcpssn for getting re-built packets.
 1413 
 1414 	* src/dynamic-preprocessors/reputation/spp_reputation.c :
 1415 	  Fixed double free issue in reputation module.
 1416 
 1417 	* src/detection-plugins/sp_byte_math.c,
 1418 	  file-process/file_service.c : 
 1419 	  Fixed Coverity Issue - added null check before usage.
 1420 
 1421 	* src/dynamic-preprocessors/appid/fw_appid.c : 
 1422 	  Enhanced RTSP metadata parsing to match the user-agent field to detect RTSP traffic over Windows Media.
 1423 
 1424 	* src/dynamic-preprocessors/appid/fw_appid.c :
 1425 	  Added a null check to prevent copy unless debugHostIp is configured in AppId.
 1426 
 1427 	* src/decode.c, decode.h, detect.c, snort.h, util.c,
 1428 	  preprocessors/spp_session.c,
 1429 	  preprocessors/Stream6/snort_stream_tcp.c, sfutil/sfrf.c,
 1430 	  sfutil/sfrf.h : 
 1431 	  Performance improvement when SYN rate limit has reached and drop
 1432 	  is configured as next action.
 1433 
 1434 	* src/preprocessors/HttpInspect/server/hi_server.c :
 1435 	  Fixed issue of uninitialised value before usage.
 1436 
 1437 	* src/file-process/file_service.c : 
 1438 	  Fixed issue with SHA value display in File Events.
 1439 
 1440 	* src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c :
 1441  	  Enhanced the processing of SIP/RTP future flows without ignoring them.
 1442 	  
 1443 	* src/preprocessors/snort_httpinspect.c : 
 1444 	  Changes made in PDF/SWF decompression by adding boundary to the size of the decompressed data.
 1445 
 1446 	* src/preprocessors/Stream6/snort_stream_tcp.c : 
 1447 	  Fixed stream5 to flush out ACK'ed segments using PAF when session is terminating.
 1448 
 1449 	* src/preprocessors/spp_session.c :
 1450 	  Fixed issue with associating router solicit/reply packets to a single session.
 1451 
 1452 	* src/preprocessors/HttpInspect/server/hi_server_norm.c,
 1453 	  sfutil/util_utf.c : 
 1454 	  Fixed issues with normalisation of unicode HTML pages that do not have unicode encoding specifiers. 
 1455 
 1456 	* src/appIdApi.h, dynamic-plugins/sf_dynamic_plugins.c,
 1457 	  dynamic-preprocessors/appid/appIdApi.c,
 1458 	  dynamic-preprocessors/appid/appIdConfig.h,
 1459 	  dynamic-preprocessors/appid/commonAppMatcher.c,
 1460 	  dynamic-preprocessors/appid/fw_appid.c,
 1461 	  dynamic-preprocessors/appid/fw_appid.h,
 1462 	  dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 1463 	  dynamic-preprocessors/appid/service_plugins/service_base.h,
 1464 	  dynamic-preprocessors/appid/service_plugins/service_ftp.c,
 1465 	  dynamic-preprocessors/appid/service_plugins/service_rexec.c,
 1466 	  dynamic-preprocessors/appid/service_plugins/service_rshell.c,
 1467 	  dynamic-preprocessors/appid/service_plugins/service_snmp.c,
 1468 	  dynamic-preprocessors/appid/service_plugins/service_tftp.c,
 1469 	  dynamic-preprocessors/appid/test/appIdTests.c : 
 1470 	  Fixed the issue in FTP active traffic by copying the flags as is when expected flow is in the same direction as current flow, reversing the flags when expected flow is in opposite direction and not copying the flags when expected flow's direction is unknown.
 1471 
 1472 	* src/dynamic-plugins/sf_dynamic_plugins.c,
 1473 	  dynamic-preprocessors/dcerpc2/spp_dce2.c
 1474 	  Fixed issue of multiple allocation of ada cache in dcerpc2 module.
 1475 
 1476 	* src/preprocessors/spp_httpinspect.c : 
 1477 	  Made changes to take care of boundary conditions after mempool allocation.
 1478 
 1479 	* src/dynamic-preprocessors/appid/luaDetectorModule.c :
 1480 	  Fixed Coverity Issues - Removed logically dead duplicate code that does NULL check after creating a new luaState.
 1481 
 1482 	* src/file-process/file_service.c,
 1483 	  preprocessors/Stream6/snort_stream_tcp.c : 
 1484 	  Fixed issue in file signature lookup for retransmitted FTP packet.
 1485 
 1486 	* src/output-plugins/spo_log_buffer_dump.c :
 1487 	  Changes to free HTTP buffers not used during processing.
 1488 
 1489 	* src/dynamic-plugins/sf_dynamic_plugins.c,
 1490 	  dynamic-preprocessors/dcerpc2/spp_dce2.c,
 1491 	  dynamic-preprocessors/dnp3/spp_dnp3.c,
 1492 	  dynamic-preprocessors/sip/sip_config.c,
 1493 	  dynamic-preprocessors/sip/spp_sip.c,
 1494 	  reload-adjust/appdata_adjuster.c,
 1495 	  reload-adjust/appdata_adjuster.h :
 1496 	  Fixed issues in SIP related to reallocation of the same data structure multiple times and accessing numSessions which is asynchronously written by packet processing thread.
 1497 	
 1498 	* src/dynamic-preprocessors/dcerpc2/spp_dce2.c :
 1499 	  Added multiple null checks in dcerpc2 module.
 1500 
 1501 	* src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 1502 	  reload-adjust/appdata_adjuster.c,
 1503 	  reload-adjust/appdata_adjuster.h :
 1504 	  Added null pointer checks in DNP3CheckConfig.
 1505 	  
 1506 	* src/preprocessors/spp_session.c :  
 1507 	  Fixed Coverity issue - added null check before usage.
 1508 	  
 1509         * src/build.h : updating build number to 42
 1510 
 1511         * src/snort.c :
 1512           Trigger Snort restart when `config disable-attribute-reload-thread` is
 1513 	  turned on/off.
 1514 
 1515         * src/preprocessors/Stream6/snort_stream_tcp.c :
 1516           Fixed detection issue where wrong file signature calculation
 1517           was done for secure-ftp.
 1518      
 1519         * src/dynamic-preprocessors/ftptelnet/: ftpp_si.c, ftpp_si.h,
 1520           pp_ftp.c :
 1521           Fixed incorrect referencing of ftp_data_session after its pruned.
 1522 
 1523         * src/dynamic-preprocessors/appid/fw_appid.c : 
 1524           Stability improvement by resolving valgrind reported issues in AppId.
 1525 
 1526         * src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 1527           file-process/file_api.h, file-process/file_resume_block.h,
 1528           file-process/file_service.c, preprocessors/Session/session_common.h,
 1529           Session/session_expect.c, Stream6/snort_stream_tcp.c,
 1530           Stream6/snort_stream_tcp.h, Stream6/stream_common.h, parser.c,
 1531           parser.h, snort.c, snort.h, dynamic-preprocessors/dcerpc2/dce2_smb.c,
 1532           dynamic-preprocessors/ftptelnet/ftpp_si.h,
 1533           dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 1534           dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 1535           file-process/file_mime_process.c, file-process/libs/file_lib.c,
 1536           preprocessors/snort_httpinspect.c, preprocessors/spp_normalize.c,
 1537           preprocessors/spp_normalize.h, preprocessors/spp_stream6.c,
 1538           preprocessors/stream_api.h, preprocessors/HttpInspect/client/hi_client.c : 
 1539           Fixed issue where FTP file type block doesn't work on retried download.
 1540 
 1541         * src/appIdApi.h, dynamic-plugins/sf_dynamic_plugins.c,
 1542           dynamic-preprocessors/appid/appIdApi.c,
 1543           dynamic-preprocessors/appid/flow.c,
 1544           dynamic-preprocessors/appid/flow.h,
 1545           dynamic-preprocessors/appid/fw_appid.c,
 1546           dynamic-preprocessors/appid/fw_appid.h,
 1547           dynamic-preprocessors/appid/detector_plugins/detector_sip.c :
 1548           Fixed issue where Snort is inappropriately handling traffic for which AppId
 1549           was creating future flow.
 1550 
 1551         * src/file-process/file_segment_process.c :
 1552           Fixed issue of updating the file session information for SMB2 file transfer
 1553 	  spanning multiple TCP sessions.
 1554         
 1555         * src/dynamic-preprocessors/appid/: flow.h, fw_appid.c,
 1556           luaDetectorApi.c, service_state.c, service_state.h,
 1557           detector_plugins/detector_dns.c,
 1558           detector_plugins/detector_http.c,
 1559           detector_plugins/detector_imap.c,
 1560           detector_plugins/detector_kerberos.c,
 1561           detector_plugins/detector_pattern.c,
 1562           detector_plugins/detector_pop3.c,
 1563           detector_plugins/detector_sip.c,
 1564           detector_plugins/detector_smtp.c, service_plugins/service_MDNS.c,
 1565           service_plugins/service_api.h, service_plugins/service_base.c,
 1566           service_plugins/service_base.h,
 1567           service_plugins/service_battle_field.c,
 1568           service_plugins/service_bgp.c, service_plugins/service_bit.c,
 1569           service_plugins/service_bootp.c,
 1570           service_plugins/service_dcerpc.c,
 1571           service_plugins/service_direct_connect.c,
 1572           service_plugins/service_flap.c, service_plugins/service_ftp.c,
 1573           service_plugins/service_irc.c, service_plugins/service_lpr.c,
 1574           service_plugins/service_mysql.c,
 1575           service_plugins/service_netbios.c,
 1576           service_plugins/service_nntp.c, service_plugins/service_ntp.c,
 1577           service_plugins/service_radius.c,
 1578           service_plugins/service_rexec.c, service_plugins/service_rfb.c,
 1579           service_plugins/service_rlogin.c, service_plugins/service_rpc.c,
 1580           service_plugins/service_rshell.c,
 1581           service_plugins/service_rsync.c, service_plugins/service_rtmp.c,
 1582           service_plugins/service_snmp.c, service_plugins/service_ssh.c,
 1583           service_plugins/service_ssl.c, service_plugins/service_telnet.c,
 1584           service_plugins/service_tftp.c,
 1585           service_plugins/service_timbuktu.c,
 1586           service_plugins/service_tns.c, test/appIdTests.c,
 1587           test/sessionFile.c :
 1588           Changes in AppId discovery to address session and services related issues.
 1589 
 1590         * src/dynamic-preprocessors/appid/: appId.h, fw_appid.c :
 1591           Performance improvements for SIP/RTP audio and video data flow in AppId .
 1592 
 1593         * src/dynamic-preprocessors/appid/: fw_appid.c,
 1594           thirdparty_appid_utils.c, test/appIdTests.c, test/externalApis.c :
 1595           Fixed an issue related to incorrect processing of XFF addresses during 
 1596           Snort reload.
 1597 
 1598         * src/dynamic-preprocessors/appid/luaDetectorModule.c :
 1599           Improved error handling in luadetector when lua_State object is NULL.
 1600 
 1601         * src/preprocessors/snort_httpinspect.c :
 1602           Improved flushing mechanism for HTTP POST header. 
 1603 
 1604         * src/output-plugins/spo_log_buffer_dump.c :
 1605           Fixed an issue where HTTP buffers were incorrectly dumped as 
 1606           DNS payload buffers.
 1607 
 1608         * src/preprocessors/Stream6/snort_stream_tcp.c : 
 1609           Prevent application preprocessors from processing packets having end_sequence
 1610           numbers less than current TCP window base.
 1611 
 1612 
 1613 2016-11-07 Gagan Sachdeva <gagsachd@cisco.com>
 1614 Snort 2.9.9.0
 1615 
 1616         * src/build.h : updating build number to 56.
 1617 
 1618         * tools/u2spewfoo/u2spewfoo.c :
 1619           src/snort.c, win32/WIN32-Includes/config.h :
 1620           Fixed Issue related to DLL-Load in Snort on Windows platforms For CVE-2016-1417, thanks to Secureworks for 
 1621           reporting this issue.
 1622 
 1623         * src/: detection_filter.c, detection_filter.h, fpdetect.c,
 1624           detection-plugins/detection_options.c,
 1625           detection-plugins/detection_options.h, sfutil/sfthd.c,
 1626           sfutil/sfthd.h, sfutil/test/sfthd_test.c : 
 1627           Incrementing detection_filter count on either raw packets or re-assembled packets but not on both.
 1628 
 1629         * src/detection-plugins/sp_byte_jump.c : 
 1630           Fixed an issue where value present in the zero index of byte_extract array was incorrectly used when 
 1631           byte_extract rule option is not present.
 1632 
 1633 
 1634 2016-09-08 Seshaiah Erugu <serugu@cisco.com>
 1635 Snort 2.9.9
 1636 
 1637         * src/build.h : Updated build number to 82.
 1638 
 1639         * src/dynamic-preprocessors/appid/: appId.h, fw_appid.c, spp_appid.c:
 1640           Improved handling of HTTP tunneling in AppId.
 1641 
 1642         * src/detection-plugins/sp_byte_jump.c:
 1643           Fixed a bug where byte_jump postoffset was incorrectly initialized leading
 1644           to failure in rule matching in some scenarios.
 1645 
 1646         * src/detection-plugins/sp_rpc_check.c:
 1647           Fixed RPC decode plugin issue where rule context was missing and RPC
 1648           values were not read correctly.
 1649 
 1650         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/smtp/snort_smtp.c :
 1651           Fixed an issue in mime data processing in case of stateless inspection.
 1652 
 1653         * sfeng/ims/sfsnort/snort/src/preprocessors/: spp_session.c,
 1654           Stream6/stream_paf.c :
 1655           Addressed incorrect flushing of packets whose size is greater than MAXIMUM_PAF_MAX.
 1656 
 1657         * sfeng/ims/sfsnort/snort/src/output-plugins/spo_log_buffer_dump.c :
 1658           Added banner message with packet timestamp for every buffer dump.
 1659 
 1660         * sfeng/ims/sfsnort/snort/src/: snort.h,
 1661           dynamic-preprocessors/dcerpc2/dce2_paf.c,
 1662           dynamic-preprocessors/dnp3/dnp3_paf.c,
 1663           dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 1664           dynamic-preprocessors/imap/imap_paf.c,
 1665           dynamic-preprocessors/modbus/modbus_paf.c,
 1666           dynamic-preprocessors/modbus/modbus_paf.h,
 1667           dynamic-preprocessors/pop/pop_paf.c,
 1668           dynamic-preprocessors/sip/sip_paf.c,
 1669           dynamic-preprocessors/smtp/smtp_paf.c,
 1670           preprocessors/snort_httpinspect.c, preprocessors/spp_stream6.c,
 1671           preprocessors/stream_api.h,
 1672           preprocessors/HttpInspect/client/hi_client.c,
 1673           preprocessors/HttpInspect/utils/hi_paf.c,
 1674           preprocessors/Stream6/snort_stream_tcp.c,
 1675           preprocessors/Stream6/stream_paf.c,
 1676           preprocessors/Stream6/stream_paf.h :
 1677           Generating an event when content-length in a POST request is greater than Payload.
 1678 
 1679         * sfeng/ims/sfsnort/snort/src/decode.c :
 1680           Decoding support for packets that contain VLAN and SGT.
 1681 
 1682         * sfeng/ims/sfsnort/snort/src/preprocessors/HttpInspect/client/hi_client.c :
 1683           Fixed Coverity issue - added null check before usage.
 1684 
 1685         * sfeng/ims/sfsnort/snort/src/preprocessors/snort_httpinspect.c :
 1686           Fixed Coverity issue - added null check for Field_Name.
 1687 
 1688         * sfeng/ims/sfsnort/snort/src/preprocessors/Stream6/snort_stream_tcp.c :
 1689           Fixed an issue where out-of-bounds memory access (is possible) due to incorrect length argument in memcpy.
 1690 
 1691         * sfeng/ims/sfsnort/snort/src/preprocessors/spp_stream6.c :
 1692           Resolved an issue where stream_config is not set (to) correct value in some cases after reload.
 1693 
 1694         * sfeng/ims/sfsnort/snort/src/file-process/:
 1695           file_segment_process.c, file_service.c :
 1696           Changes done to avoid memory allocation for each signature callback and handle
 1697           segments properly when file session has not been created yet.
 1698 
 1699         * sfeng/ims/sfsnort/snort/preproc_rules/preprocessor.rules :
 1700           Added new http prepreocessor alert for multiple content encoding.
 1701           alert ( msg: "HI_SERVER_MULTIPLE_CONTENT_ENCODING"; sid:20; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; ).
 1702 
 1703         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/fw_appid.c :
 1704           Changes done to handle empty HTTP XFF field.
 1705 
 1706         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/service_plugins/service_base.c :
 1707           Changed initiator_ip to be in sync with other ip's.
 1708 
 1709         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/fw_appid.c :
 1710           Fixed an issue where AppId was skipping inspection of some HTTP requests.
 1711 
 1712         * sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_plugins.c :
 1713           Fixed compiler warning by changing the definition of dummyConsumeHAState() function.
 1714 
 1715         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/:
 1716           fw_appid.c, detector_plugins/detector_smtp.c :
 1717           Fixed AppId compilation warnings.
 1718 
 1719         * sfeng/ims/sfsnort/snort/src/: parser.c, parser.h, snort.c,
 1720           snort.h, preprocessors/spp_normalize.c,
 1721           preprocessors/spp_normalize.h, preprocessors/spp_stream6.c,
 1722           preprocessors/stream_api.h,
 1723           preprocessors/Session/session_common.h,
 1724           preprocessors/Session/session_expect.c,
 1725           preprocessors/Stream6/snort_stream_tcp.c :
 1726           Fixed an issue where Malware files not getting dropped over FTP protocol.
 1727 
 1728         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/appInfoTable.c :
 1729           Fixed issue with using dynamic app ID names (not in appMapping.data) in Snort rules.
 1730 
 1731         * sfeng/ims/sfsnort/snort/src/preprocessors/HttpInspect/utils/hi_paf.c :
 1732           Handling HTTP header line containing \r or \r\r.
 1733 
 1734         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/: flow.h,
 1735           fw_appid.c, thirdparty_appid_types.h :
 1736           Performance improvement in Appid.
 1737 
 1738         * sfeng/ims/sfsnort/snort/src/: file-process/file_service.c,
 1739           preprocessors/snort_httpinspect.c,
 1740           preprocessors/snort_httpinspect.h :
 1741           Added support to detect partial content when it starts in second reassembled packet.
 1742 
 1743         * sfeng/ims/sfsnort/snort/src/preprocessors/: snort_httpinspect.c,
 1744           snort_httpinspect.h, HttpInspect/client/hi_client.c
 1745           HTTP preprocessor enhanced to handle the split of chunk length itself across different packets.
 1746 
 1747         * sfeng/ims/sfsnort/snort/src/decode.c :
 1748           Fixed an issue where single packet can cause a segmentation fault if there is a specific
 1749           snort rule is in place. Thanks to Marcel da Silva for reporting this issue.
 1750 
 1751         * sfeng/ims/sfsnort/snort/src/decode.c :
 1752           Fixed an issue where incorrect byte order was been used for comparision with hard coded value.
 1753           Thanks to Al Lewis who reported this issue on open source.
 1754 
 1755         * sfeng/ims/sfsnort/snort/src/preprocessors/: spp_session.c,
 1756           spp_stream6.c, Session/session_common.h,
 1757           Stream6/snort_stream_tcp.c :
 1758           This patch changes the logic in session to set a flag in the SCB
 1759           for a flow on the first packet after a reload to indicate the
 1760           stream config pointer is stale.  Previously the pointer was set
 1761           to NULL. Stream was changed to check this stale flag and, if true,
 1762           the stream config pointer in the SCB is reinitialized.
 1763           With this change the stream configuration pointer continues to
 1764           point to the old configuration which will still be valid until
 1765           the stream preproc runs.  This ensures that the part of the SSL
 1766           preproc that runs before Session/Stream have run will have a
 1767           valid stream config pointer after a reload.
 1768           In addition the StreamActivatePafTcp function, which is called by
 1769           the SSL preproc and requires a valid stream configuration, was
 1770           changed to check for the pointer being NULL and if it is it will
 1771           reinitialize the pointer to valid value and log a warning
 1772           message.
 1773 
 1774         * sfeng/ims/sfsnort/snort/doc/snort_manual.tex :
 1775           Snort manual updated with Buffer dump feature.
 1776 
 1777         * sfeng/ims/sfsnort/snort/doc/snort_manual.tex :
 1778           Snort manual changed with Rule Options Enhancement.
 1779 
 1780         * sfeng/ims/sfsnort/snort/src/sfutil/sfghash.c :
 1781           Added NULL check for SFGHASH.
 1782 
 1783         * sfeng/ims/sfsnort/snort/etc/sf_rule_options :
 1784           Error message is updated for byte_extract options.
 1785           When creating a rule with byte_extract option an error message is sent
 1786           when the rule doesn't include a variable name, which is mandatory.
 1787 
 1788         * sfeng/ims/sfsnort/snort/src/: encode.c, preprocids.h,
 1789           detection-plugins/sp_byte_math.c,
 1790           dynamic-output/plugins/output_lib.h,
 1791           dynamic-preprocessors/ftptelnet/pp_ftp.c,
 1792           preprocessors/perf-base.c, preprocessors/snort_httpinspect.c,
 1793           preprocessors/spp_stream6.c,
 1794           preprocessors/HttpInspect/server/hi_server.c, sfutil/sf_ip.h,
 1795           win32/WIN32-Prj/snort.dsp :
 1796           Addressed issues in Snort Windows build.
 1797 
 1798         * sfeng/ims/sfsnort/snort/src/detection-plugins/: sp_byte_check.c,
 1799           sp_byte_jump.c, sp_byte_math.c :
 1800           An error message is sent if string rule option is not present
 1801           when bytes to grab are greater than 4 bytes in byte_math rule.
 1802 
 1803         * sfeng/ims/sfsnort/snort/src/preprocessors/Stream6/snort_stream_tcp.c :
 1804           Resolved an incorrect logging of source and destination ip when TCP stream queue is full.
 1805 
 1806         * sfeng/ims/sfsnort/snort/src/detection-plugins/sp_byte_math.c :
 1807           Error message is updated for byte_math options.
 1808           When creating a rule with byte_math option an error message is sent
 1809           when the rule doesn't include offset and rvalue.
 1810 
 1811         * sfeng/ims/sfsnort/snort/src/dynamic-preprocessors/appid/:
 1812           Makefile_defs, fw_appid.c, client_plugins/client_app_base.c,
 1813           client_plugins/client_app_smtp.c,
 1814           client_plugins/client_app_smtp.h,
 1815           detector_plugins/detector_base.c,
 1816           detector_plugins/detector_smtp.c, service_plugins/service_base.c,
 1817           service_plugins/service_smtp.c, service_plugins/service_smtp.h :
 1818           Added SMTP detection to AppID, added detector_smtp.c file as part of this enhancement.
 1819 
 1820 2016-05-12 Seshaiah Erugu <serugu@cisco.com>
 1821 Snort 2.9.9 Beta
 1822 
 1823         * src/build.h : Updated build number to 4065.
 1824 
 1825         * src/dynamic-preprocessors/appid/fw_appid.c :
 1826           Fix for handling bogus client AppIds for AppleCoreMedia.
 1827 
 1828         * src/preprocessors/spp_arpspoof.c :
 1829           Added 802.11/wifi header support in ARP Preprocessor.
 1830 
 1831         * src/: detect.c, dynamic-plugins/sf_engine/sf_snort_packet.h,
 1832           preprocessors/session_api.h,
 1833           preprocessors/Stream6/snort_stream_tcp.c :
 1834           Changed RST handling on closed tcp connection.
 1835 
 1836         * src/dynamic-preprocessors/appid/appInfoTable.c :
 1837           Fixed a compilation issue in AppId.
 1838 
 1839         * src/: appIdApi.h, dynamic-preprocessors/appid/appIdApi.c,
 1840           dynamic-preprocessors/appid/flow.h,
 1841           dynamic-preprocessors/appid/fw_appid.c,
 1842           dynamic-preprocessors/appid/httpCommon.h,
 1843           dynamic-preprocessors/appid/luaDetectorApi.c,
 1844           dynamic-preprocessors/appid/thirdparty_appid_types.h,
 1845           dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 1846           dynamic-preprocessors/appid/detector_plugins/detector_http.h :
 1847           Added support for Host, User-Agent, and Referer fields to be rewritten.
 1848 
 1849          * src/dynamic-preprocessors/appid/: appIdApi.c, appInfoTable.h,
 1850           fw_appid.c, luaDetectorApi.c, detector_plugins/detector_http.c,
 1851           service_plugins/service_ftp.c, service_plugins/service_tftp.c :
 1852           Fixed AppId compilation warnings.
 1853 
 1854         * src/preprocessors/Session/stream5_ha.c :
 1855           Fix updates HA sf_base counters during failover.
 1856         
 1857         * src/dynamic-preprocessors/appid/fw_appid.c,
 1858           src/dynamic-preprocessors/appid/: appId.h :
 1859           Fix Reconstructed the call to port-service detection.
 1860 
 1861         * src/dynamic-preprocessors/appid/test/appIdTests.c :
 1862           Fixed an AppId compilation issue.
 1863 
 1864          * src/dynamic-preprocessors/appid/appId.h :
 1865           Revised appid.h to have APP_ID_ICMP and APP_ID_ICMPV6.
 1866 
 1867         * src/dynamic-preprocessors/appid/: httpCommon.h, luaDetectorApi.c,
 1868           detector_plugins/detector_http.c :
 1869           Added DEFER_TO_SIMPLE_DETECT action to CHPAddAction.
 1870 
 1871         * src/preprocessors/HttpInspect/: event_output/hi_eo_log.c,
 1872           New HTTP prepocessor alert added for Multiple content encodings.
 1873 
 1874         * src/preprocessors/Stream6/snort_stream_tcp.c :
 1875           Fix populates DAQ_PktHdr_t of the packet generated while flushing queued
 1876           segments with src and dst IP's.
 1877 
 1878         * src/preprocessors/HttpInspect/: client/hi_client.c,
 1879           event_output/hi_eo_log.c, include/hi_eo_events.h,
 1880           server/hi_server.c :
 1881           New HTTP preprocessor alert added for multiple content lengths.
 1882 
 1883         * src/dynamic-preprocessors/appid/: fw_appid.c,
 1884           service_plugins/service_rshell.c :
 1885           Fix reduces extra service discovery to improve performance.
 1886 
 1887         * src/preprocessors/HttpInspect/client/hi_client.c :
 1888           Fix to handle chunk encoding followed by \r\r\r\n and \n\n\n\r\r\n.
 1889           This issue was reported by Steffen Ullrich.
 1890 
 1891         * src/: detection_filter.c, detection_filter.h, fpdetect.c,
 1892           detection-plugins/detection_options.c,
 1893           detection-plugins/detection_options.h, sfutil/sfthd.c,
 1894           sfutil/sfthd.h, sfutil/test/sfthd_test.c :
 1895           Fix related to detection_options.
 1896           Added a new variable detection_filter_count to detection_option_eval_data_t
 1897           data structure and set it when detection_filter_test is called for first time.
 1898 
 1899         * src/dynamic-preprocessors/appid/: fw_appid.c, test/appIdTests.c :
 1900           Fix picks last IP address in XFF address list.
 1901         * src/decode.c :
 1902           Added an additional check for divisibility of the length of the PGM header by 4.
 1903           If it's not, then an error is returned instead of calculating the checksum.
 1904 
 1905         * src/dynamic-preprocessors/appid/fw_appid.c :
 1906           Changed ignore tp appid logic.
 1907 
 1908         * src/preprocessors/HttpInspect/server/hi_server.c :
 1909           File filled with delimiters now successfully gets detected.
 1910 
 1911         * src/dynamic-preprocessors/appid/service_plugins/service_ftp.c :
 1912           Fix ignores text after FTP response codes.
 1913 
 1914         * src/preprocessors/HttpInspect/server/hi_server.c :
 1915           Modified Http header parsing of multiline content-encoding header.
 1916 
 1917         * src/: appIdApi.h, dynamic-preprocessors/appid/appIdApi.c,
 1918           dynamic-preprocessors/appid/appInfoTable.h,
 1919           dynamic-preprocessors/appid/flow.h,
 1920           dynamic-preprocessors/appid/fw_appid.c,
 1921           dynamic-preprocessors/appid/luaDetectorApi.c,
 1922           dynamic-preprocessors/appid/detector_plugins/detector_http.c :
 1923           Made changes in getHttpSearch() to return value based on any payloadAppId match,
 1924           not just CHP patterns.
 1925 
 1926         * src/preprocessors/: snort_httpinspect.c,
 1927           HttpInspect/server/hi_server.c :
 1928           Fixed Coverity issue - Unsigned compared against 0.
 1929 
 1930         * src/preprocessors/: snort_httpinspect.c,
 1931           HttpInspect/server/hi_server.c :
 1932           Improved chunked gzip content handling.
 1933 
 1934         * src/: dynamic-preprocessors/sdf/spp_sdf.c, obfuscation.c :
 1935           Fix to mask sensitive data spanning multiple raw packets.
 1936 
 1937         * src/sfutil/sfghash.c :
 1938           Added NULL pointer checks to all the functions in sfghash.c.
 1939 
 1940         * src/preprocessors/spp_httpinspect.c :
 1941           Fix Sets file_depth after Snort reload.
 1942 
 1943 
 1944         * src/dynamic-preprocessors/appid/: fw_appid.c, httpCommon.h,
 1945           luaDetectorApi.c, detector_plugins/detector_http.c,
 1946           detector_plugins/detector_http.h :
 1947           Fix allows multiple key patterns per AppId instance in CHPMultiAddAction().
 1948 
 1949         * src/preprocessors/HttpInspect/files/file_decomp_SWF.c :
 1950           Fixed an issue with LZMA flash decompression.
 1951 
 1952         * etc/sf_rule_options, src/detection-plugins/sp_byte_extract.c,
 1953           src/detection-plugins/sp_byte_extract.h :
 1954           Changed code to allow 1 to 10 bytes (bytes_to_extract )values in byte_extract rule.
 1955 
 1956         * configure.in, doc/snort_manual.tex, etc/snort.conf,
 1957           rpm/snort.spec, src/dynamic-plugins/sf_dynamic_meta.h,
 1958           src/dynamic-plugins/sf_engine/examples/detection_lib_meta.h,
 1959           src/win32/WIN32-Includes/config.h,
 1960           src/win32/WIN32-Prj/snort_installer.nsi :
 1961           API version updated.
 1962 
 1963         * src/dynamic-preprocessors/appid/fw_appid.c :
 1964           Fix prevents bogus generic clients, and also prevents things like "MPEG"
 1965           showing up as a client in case of AppleCoreMedia.
 1966 
 1967         * src/detection-plugins/sp_byte_jump.c :
 1968           Now from_end option acccepts 0-10 bytes in byte_jump rule.
 1969 
 1970         * src/dynamic-preprocessors/appid/: fw_appid.c, httpCommon.h :
 1971           Added more AppId instances for CHPMultixxx Lua api.
 1972 
 1973          * configure.in, src/appIdApi.h, src/sfdaq.c, src/sfdaq.h,
 1974           src/tag.c, src/dynamic-plugins/sf_dynamic_plugins.c,
 1975           src/dynamic-preprocessors/appid/appIdApi.c,
 1976           src/dynamic-preprocessors/appid/flow.c,
 1977           src/dynamic-preprocessors/appid/flow.h,
 1978           src/dynamic-preprocessors/appid/fw_appid.c,
 1979           src/dynamic-preprocessors/appid/fw_appid.h,
 1980           src/dynamic-preprocessors/appid/luaDetectorApi.c,
 1981           src/dynamic-preprocessors/appid/luaDetectorApi.h,
 1982           src/dynamic-preprocessors/appid/luaDetectorFlowApi.c,
 1983           src/dynamic-preprocessors/appid/client_plugins/client_app_aim.c,
 1984           src/dynamic-preprocessors/appid/client_plugins/client_app_base.c,
 1985           src/dynamic-preprocessors/appid/client_plugins/client_app_bit.c,
 1986           src/dynamic-preprocessors/appid/client_plugins/client_app_bit_tracker.c,
 1987           src/dynamic-preprocessors/appid/client_plugins/client_app_msn.c,
 1988           src/dynamic-preprocessors/appid/client_plugins/client_app_rtp.c,
 1989           src/dynamic-preprocessors/appid/client_plugins/client_app_smtp.c,
 1990           src/dynamic-preprocessors/appid/client_plugins/client_app_ssh.c,
 1991           src/dynamic-preprocessors/appid/client_plugins/client_app_timbuktu.c,
 1992           src/dynamic-preprocessors/appid/client_plugins/client_app_tns.c,
 1993           src/dynamic-preprocessors/appid/client_plugins/client_app_vnc.c,
 1994           src/dynamic-preprocessors/appid/client_plugins/client_app_ym.c,
 1995           src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c,
 1996           src/dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 1997           src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
 1998           src/dynamic-preprocessors/appid/detector_plugins/detector_kerberos.c,
 1999           src/dynamic-preprocessors/appid/detector_plugins/detector_pattern.c,
 2000           src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
 2001           src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 2002           src/dynamic-preprocessors/appid/service_plugins/service_MDNS.c,
 2003           src/dynamic-preprocessors/appid/service_plugins/service_api.h,
 2004           src/dynamic-preprocessors/appid/service_plugins/service_base.c,
 2005           src/dynamic-preprocessors/appid/service_plugins/service_base.h,
 2006           src/dynamic-preprocessors/appid/service_plugins/service_battle_field.c,
 2007           src/dynamic-preprocessors/appid/service_plugins/service_bgp.c,
 2008           src/dynamic-preprocessors/appid/service_plugins/service_bit.c,
 2009           src/dynamic-preprocessors/appid/service_plugins/service_bootp.c,
 2010           src/dynamic-preprocessors/appid/service_plugins/service_dcerpc.c,
 2011           src/dynamic-preprocessors/appid/service_plugins/service_direct_connect.c,
 2012           src/dynamic-preprocessors/appid/service_plugins/service_flap.c,
 2013           src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
 2014           src/dynamic-preprocessors/appid/service_plugins/service_irc.c,
 2015           src/dynamic-preprocessors/appid/service_plugins/service_lpr.c,
 2016           src/dynamic-preprocessors/appid/service_plugins/service_mysql.c,
 2017           src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
 2018           src/dynamic-preprocessors/appid/service_plugins/service_nntp.c,
 2019           src/dynamic-preprocessors/appid/service_plugins/service_ntp.c,
 2020           src/dynamic-preprocessors/appid/service_plugins/service_radius.c,
 2021           src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
 2022           src/dynamic-preprocessors/appid/service_plugins/service_rfb.c,
 2023           src/dynamic-preprocessors/appid/service_plugins/service_rlogin.c,
 2024           src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
 2025           src/dynamic-preprocessors/appid/service_plugins/service_rshell.c,
 2026           src/dynamic-preprocessors/appid/service_plugins/service_rsync.c,
 2027           src/dynamic-preprocessors/appid/service_plugins/service_rtmp.c,
 2028           src/dynamic-preprocessors/appid/service_plugins/service_smtp.c,
 2029           src/dynamic-preprocessors/appid/service_plugins/service_snmp.c,
 2030           src/dynamic-preprocessors/appid/service_plugins/service_ssh.c,
 2031           src/dynamic-preprocessors/appid/service_plugins/service_ssl.c,
 2032           src/dynamic-preprocessors/appid/service_plugins/service_telnet.c,
 2033           src/dynamic-preprocessors/appid/service_plugins/service_tftp.c,
 2034           src/dynamic-preprocessors/appid/service_plugins/service_timbuktu.c,
 2035           src/dynamic-preprocessors/appid/service_plugins/service_tns.c,
 2036           src/dynamic-preprocessors/appid/test/appIdTests.c,
 2037           src/dynamic-preprocessors/appid/util/common_util.h,
 2038           src/file-process/file_resume_block.c,
 2039           src/preprocessors/Session/session_expect.c,
 2040           src/preprocessors/Stream6/snort_stream_tcp.c :
 2041           Added the flag to prevent third-party application identification
 2042           to expected connections. Changed the internal and external flags
 2043           field into one 64-bit flags field. Added address space and
 2044           instance to AppID debug. Cleaned up some compiler warnings.
 2045           Added the debugging flags and info to the service validator function to
 2046           allow internal debugging. Fixed processing of packets without any payload.
 2047           Fixed tftp and rshell detection. Fixed third-party application identification
 2048           proto state for sessions after http. Fixed expected session allow for AppId
 2049           continutation (tftp, snmp).
 2050 
 2051         * src/dynamic-preprocessors/appid/: appInfoTable.c, appInfoTable.h,
 2052           fw_appid.h :
 2053           Fixed the issue where AppId for Facebook over SPDY/HTTP 1.1 is incorrect.
 2054 
 2055         * src/dynamic-preprocessors/appid/fw_appid.c :
 2056           Fixed Coverity warning for Uninitialized variable.
 2057 
 2058         * src/dynamic-preprocessors/appid/: httpCommon.h, luaDetectorApi.c,
 2059           detector_plugins/detector_http.c :
 2060           Changed code in CHPAddAction to REWRITE/INSERT side effect.
 2061                                                                            
 2062         * src/dynamic-preprocessors/appid/appInfoTable.c :
 2063           Disabled internal AppID detectors for HTTP/2 by default.
 2064 
 2065         * src/preprocessors/HttpInspect/: include/h2_common.h,
 2066           utils/h2_common.c, utils/h2_paf.c :
 2067           Added support for HTTP/2.
 2068 
 2069         * src/dynamic-preprocessors/imap/imap_buffer_dump.c,
 2070           src/dynamic-preprocessors/imap/imap_buffer_dump.h,
 2071           src/dynamic-preprocessors/ftptelnet/ftptelnet_buffer_dump.c,
 2072           src/dynamic-preprocessors/ftptelnet/ftptelnet_buffer_dump.h,
 2073           src/dynamic-preprocessors/dcerpc2/dcerpc2_buffer_dump.c,
 2074           src/dynamic-preprocessors/dcerpc2/dcerpc2_buffer_dump.h,
 2075           src/dynamic-preprocessors/ssl/ssl_buffer_dump.c,
 2076           src/dynamic-preprocessors/ssl/ssl_buffer_dump.h,
 2077           src/dynamic-preprocessors/ssh/ssh_buffer_dump.c,
 2078           src/dynamic-preprocessors/ssh/ssh_buffer_dump.h,
 2079           src/dynamic-preprocessors/dns/dns_buffer_dump.c,
 2080           src/dynamic-preprocessors/dns/dns_buffer_dump.h,
 2081           src/dynamic-preprocessors/modbus/modbus_buffer_dump.c,
 2082           src/dynamic-preprocessors/modbus/modbus_buffer_dump.h,
 2083           src/preprocessors/HttpInspect/utils/hi_buffer_dump.c,
 2084           src/preprocessors/HttpInspect/include/hi_buffer_dump.h,
 2085           src/output-plugins/spo_log_buffer_dump.h,
 2086           src/output-plugins/spo_log_buffer_dump.c,
 2087           src/dynamic-preprocessors/smtp/smtp_buffer_dump.c,
 2088           src/dynamic-preprocessors/smtp/smtp_buffer_dump.h,
 2089           src/dynamic-preprocessors/sip/sip_buffer_dump.c,
 2090           src/dynamic-preprocessors/sip/sip_buffer_dump.h,
 2091           src/dynamic-preprocessors/pop/pop_buffer_dump.c,
 2092           src/dynamic-preprocessors/pop/pop_buffer_dump.h,
 2093           src/dynamic-preprocessors/dnp3/dnp3_buffer_dump.c,
 2094           src/dynamic-preprocessors/dnp3/dnp3_buffer_dump.h,
 2095           src/dynamic-preprocessors/gtp/gtp_buffer_dump.c,
 2096           src/dynamic-preprocessors/gtp/gtp_buffer_dump.h,
 2097           src/dynamic-preprocessors/imap/imap_buffer_dump.c :
 2098           Added these files as part of Buffer-dump feature.
 2099 
 2100         * src/detection-plugins/sp_byte_math.c,
 2101           src/detection-plugins/sp_byte_math.h :
 2102           Added new rule option "byte_math".
 2103                                                                                                                           
 2104 
 2105 
 2106 2016-04-26 Rahul Burman <rahburma@cisco.com>
 2107 Snort 2.9.8.3
 2108 
 2109         * src/build.h: updating build number to 383
 2110 
 2111         * configure.in, src/preprocessors/HttpInspect/server/hi_server.c:
 2112           Modified Http header parsing of multiline content-encoding header.
 2113 
 2114         * src/preprocessors/: snort_httpinspect.c,
 2115           HttpInspect/server/hi_server.c:
 2116           Fixed an issue where file position pointer was incorrectly set for HTTP response
 2117           containing chunked and gzip data.
 2118 
 2119         * src/preprocessors/Stream6/: snort_stream_tcp.c
 2120           Added sanity check to TCP trimming in out-of-order FIN case.
 2121 
 2122         * src/parser.c:
 2123           Disabled port groups that are not useful unless adapative profiling is enabled.
 2124 
 2125         * src/: dynamic-preprocessors/sdf/spp_sdf.c, obfuscation.c:
 2126           Fixed an issue of incorrect masking of sensitive data.
 2127 
 2128 2016-03-18 Gaurav Nagare <gnagare@cisco.com>
 2129 Snort 2.9.8.2
 2130 
 2131 	* src/build.h: updating build number to 335
 2132 
 2133 	* src/dynamic-plugins/: sf_engine/examples/detection_lib_meta.h,
 2134 	  sf_dynamic_meta.h:
 2135           Updated detection API version to 2.6 to use the latest snort SO rules.
 2136 	
 2137         * src/: dynamic-preprocessors/sdf/spp_sdf.c,
 2138 	  preprocessors/Stream6/snort_stream_tcp.c, obfuscation.c:
 2139           Fixed several issues with SDF and obfuscation.
 2140 
 2141 	* src/: profiler.h, preprocessors/perf_indicators.c,
 2142 	  preprocessors/perf_indicators.h: 
 2143           Resolved snort build issue with "--disable-perfprofiling" configure 
 2144           option.
 2145 
 2146 	* src/: decode.c, decode.h: 
 2147           Added Double VLAN tagging support.
 2148 
 2149 	* src/file-process/file_mime_process.c:
 2150           Enhanced mime parsing by adding support for detecting files
 2151           after unknown headers and no headers.
 2152 
 2153 	* src/preprocessors/HttpInspect/server/hi_server.c:
 2154           Fixed memory leak.
 2155 	  
 2156         * src/preprocessors/HttpInspect/utils/hi_paf.c:
 2157           Fixed issue with gzip decompression. If the server response specifies
 2158           Content-Encoding as GZIP, but no Content-Length field for HTTP version 1.0.
 2159 
 2160 	* doc/snort_manual.pdf, src/preprocessors/snort_httpinspect.c,
 2161 	  src/preprocessors/spp_httpinspect.c:
 2162           Fixed Snort memory leak in parsing HTTP xff options.
 2163 
 2164 	* src/preprocessors/spp_httpinspect.c: 
 2165           Fixed Coverity issues.
 2166 
 2167 	* src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
 2168 	  HttpInspect/include/hi_paf.h, HttpInspect/server/hi_server.c,
 2169 	  HttpInspect/utils/hi_paf.c: 
 2170           Improved End of Header(EOH) identification for response header spanning multiple
 2171 	  reassembled packets.
 2172 
 2173 	* src/preprocessors/: HttpInspect/utils/hi_paf.c,
 2174 	  Stream6/snort_stream_tcp.c, Stream6/stream_paf.c:
 2175 	  Improved packet reassembly for HTTP, added code to purge segment correctly when 
 2176 	  PAF decides to ignore packet upon reaching paf_max.
 2177 
 2178         * src/fpdetect.c:
 2179           Fixed to use outer header callback functions when checking IP rule against outer IPs 
 2180 	  and inner header callback when checking against inner IPs.
 2181 
 2182         * src/preprocessors/spp_httpinspect.c:
 2183           Fixed an issue where http_inspect current and default config had 
 2184           different file depth.
 2185 
 2186         * src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c:
 2187           Handled malformed DNS host in AppId.
 2188 
 2189         * src/file-process/: file_api.h, file_segment_process.c, file_service.c:
 2190           Prevented access to file contexts which are pruned when memcap is 
 2191           reached.
 2192 
 2193         * src/dynamic-preprocessors/appid/: app_forecast.c, app_forecast.h,
 2194           flow.h, fw_appid.c, spp_appid.c, thirdparty_appid_types.h:
 2195           Performance improvements to AppID.
 2196 
 2197         * src/dynamic-preprocessors/appid/luaDetectorApi.c:
 2198           Created a future-flow API for lua detector.
 2199           Exposed DNS API to lua detector.
 2200 
 2201         * src/dynamic-preprocessors/ftptelnet/pp_ftp.c:
 2202           Fixed an issue where unexpected SSL negotiation starts for FTP
 2203           with explicit SSL.
 2204 
 2205         * src/preprocessors/HttpInspect/utils/hi_paf.c:
 2206           Updated HTTP PAF to accept all tokens between method and version
 2207           string in request URI.
 2208 
 2209 	* src/preprocessors/HttpInspect/files/file_decomp_SWF.c:
 2210 	  Fixed Flash LZMA decompression issue.
 2211 
 2212 	* src/preprocessors/spp_httpinspect.c:
 2213 	  Fixed file_depth intialization issue during Snort reload. 
 2214 
 2215 
 2216 2015-11-18 Carter Waxman <cwaxman@cisco.com>
 2217 Snort 2.9.8.0
 2218 
 2219    * src/build.h: updating build number to 229
 2220 
 2221    * src/preprocessors/: session_api.h, spp_session.c,
 2222      Session/session_expect.c, Session/session_expect.h:
 2223      Added support for multiple expected sessions created for
 2224      a single packet.
 2225 
 2226    * doc/: snort_manual.pdf, snort_manual.tex:
 2227      Changed gtp ports in snort manual
 2228 
 2229    * src/: dynamic-preprocessors/ftptelnet/ftpp_si.c,
 2230      dynamic-preprocessors/ftptelnet/ftpp_si.h,
 2231      dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 2232      preprocessors/spp_session.c:
 2233      Change setAppProcolId to update SFAT for non-TCP traffic
 2234 
 2235    * src/dynamic-preprocessors/appid/spp_appid.c:
 2236      Fixed reload issues
 2237 
 2238    * src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c:
 2239      Future flows are now created for both directions on SIP
 2240    
 2241    * src/dynamic-preprocessors/smtp/smtp_paf.c:
 2242      Improved reliability of SMTP PAF
 2243 
 2244    * src/dynamic-preprocessors/appid/fw_appid.c: Bugs Fixed:
 2245      Improved AppId detection on SSL/TLS protocols for decrypted
 2246 
 2247    * src/: dynamic-plugins/sf_engine/sf_snort_packet.h,
 2248      dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 2249      preprocessors/Stream6/snort_stream_tcp.c:
 2250      Fixed FTP file detection where server SYNs data channel before
 2251      responding to PORT on command channel.
 2252 
 2253    * src/dynamic-preprocessors/appid/: commonAppMatcher.c, fw_appid.c,
 2254      fw_appid.h, service_plugins/service_ftp.c:
 2255      Improved detection of data on FTPS data channel
 2256 
 2257    * src/: encode.c, util.h,
 2258      dynamic-preprocessors/appid/test/sessionFile.h,
 2259      preprocessors/spp_session.c, preprocessors/spp_stream6.c,
 2260      preprocessors/Session/session_common.h:
 2261      Added support for MPLS active responses
 2262 
 2263    * src/dynamic-preprocessors/appid/:
 2264      detector_plugins/detector_pop3.c, service_plugins/service_ftp.c:
 2265      Improved detection of POP3S
 2266 
 2267    * src/detection-plugins/sp_appid.c:
 2268      Fixed reliability issue with client AppID IPS rules
 2269 
 2270    * preproc_rules/preprocessor.rules,
 2271      src/dynamic-preprocessors/smtp/smtp_config.c,
 2272      src/dynamic-preprocessors/smtp/smtp_config.h,
 2273      src/dynamic-preprocessors/smtp/smtp_log.h,
 2274      src/dynamic-preprocessors/smtp/smtp_paf.c:
 2275      Added preproc alert for excessive data following "AUTH NTLM\r\n"
 2276      "AUTH CRAM-MD5\r\n"
 2277 
 2278    * src/dynamic-preprocessors/reputation/: reputation_config.c,
 2279      shmem/shmem_mgmt.c:
 2280      Improved reliability of reputation shared memory on single-cpu
 2281      systems
 2282 
 2283    * doc/: snort_manual.pdf, snort_manual.tex:
 2284      Fix first/last typo in manual. Thanks Mohsen Abbaspour for reporting it.
 2285 
 2286    * src/dynamic-preprocessors/appid/spp_appid.c:
 2287      Update AppID to use only global snort config and only process IP packets
 2288 
 2289    * src/dynamic-preprocessors/appid/service_plugins/service_tftp.c:
 2290      Fixed reversal of TFTP detection had the source and destination
 2291      address data
 2292 
 2293    * src/: detection-plugins/sp_byte_jump.c,
 2294      dynamic-plugins/sf_convert_dynamic.c,
 2295      dynamic-preprocessors/appid/appIdConfig.c,
 2296      dynamic-preprocessors/appid/commonAppMatcher.c,
 2297      dynamic-preprocessors/appid/fw_appid.c,
 2298      dynamic-preprocessors/appid/luaDetectorApi.c,
 2299      dynamic-preprocessors/appid/client_plugins/client_app_smtp.c,
 2300      dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 2301      dynamic-preprocessors/appid/service_plugins/service_MDNS.c,
 2302      dynamic-preprocessors/ftptelnet/hi_util_kmap.c,
 2303      dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 2304      dynamic-preprocessors/reputation/reputation_config.c,
 2305      dynamic-preprocessors/sdf/sdf_detection_option.c,
 2306      dynamic-preprocessors/ssl_common/ssl_config.c,
 2307      dynamic-preprocessors/ssl_common/ssl_ha.c,
 2308      output-plugins/spo_csv.c, preprocessors/spp_arpspoof.c,
 2309      preprocessors/spp_session.c,
 2310      preprocessors/HttpInspect/utils/hi_util_kmap.c, sfutil/ipobj.c,
 2311      sfutil/sfghash.c:
 2312      Added error checks to improve reliability
 2313 
 2314    * src/dynamic-preprocessors/appid/: flow.h, fw_appid.c,
 2315      service_plugins/service_ssl.c, service_plugins/service_ssl.h:
 2316      Fixed issue where appid info was not populated for ssl
 2317      sessions on non-standard ports
 2318 
 2319 2015-08-28 Rahul Burman <rahburma@cisco.com>
 2320 Snort 2.9.8_rc
 2321    * src/build.h:
 2322      updating build number to 195
 2323 
 2324    * src/preprocessors/HttpInspect/: client/hi_client.c,
 2325      server/hi_server.c:
 2326      NULL check added for call to strndup function.
 2327 
 2328    * src/output-plugins/spo_alert_unixsock.c:
 2329      Resolved issue where output data is corrupted while writing to unix socket [reported by Alexander Bubnov].
 2330 
 2331    * src/: dynamic-plugins/sf_dynamic_plugins.c,
 2332      dynamic-plugins/sf_dynamic_preprocessor.h,
 2333      dynamic-preprocessors/ftptelnet/ftpp_si.h,
 2334      dynamic-preprocessors/ftptelnet/ftpp_ui_config.h,
 2335      dynamic-preprocessors/ftptelnet/pp_ftp.c,
 2336      dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
 2337      Improvements to FTP preprocessor to block malware when downloaded with a client that supports FTP REST.
 2338 
 2339    * src/dynamic-preprocessors/appid/fw_appid.c:
 2340      Resolved issue where squid detector is not showing expected alerts.
 2341      Reset app ID when SSL is identified on an FTP data channel.
 2342 
 2343    * src/preprocessors/spp_perfmonitor.c:
 2344      Resolved snort output error issue in perfmonitor preprocessor
 2345 
 2346    * src/preprocessors/Stream6/snort_stream_tcp.c:
 2347      Resolved issue where snort marks retransmitted packet as bad segment.
 2348      Fixed issue where XFF/ExtraData is not always logged when 'drop' rules trigger [reported by Mike Cox].
 2349 
 2350    * src/dynamic-preprocessors/reputation/reputation_config.c:
 2351      Fixed unexpected behaviour in reputation config where blacklist is displayed
 2352      in priority field even though whitelist option is set [reported by Mike Cox].
 2353 
 2354    * src/: decode.h, snort.c,
 2355      dynamic-plugins/sf_engine/sf_snort_packet.h,
 2356      preprocessors/Stream6/snort_stream_tcp.c:
 2357      Improvements done to avoid RETRY verdict for re-transmitted packet.
 2358 
 2359    * etc/gen-msg.map:
 2360      Fixed a typo where ssp_ssl is renamed to spp_ssl
 2361 
 2362    * src/preprocessors/spp_session.c:
 2363      Changes done to avoid memory allocation for default no. of sessions when session tracking is disabled.
 2364 
 2365    * doc/snort_manual.tex:
 2366      Corrected errors in snort_manual.tex [reported by Gabriel Corre].
 2367 
 2368    * src/dynamic-preprocessors/appid/: appId.h, appIdStats.c,
 2369      service_plugins/service_ftp.c:
 2370      Changes done to differentiate between active and passive FTP connections.
 2371 
 2372    * src/dynamic-preprocessors/appid/: appIdApi.c, appIdConfig.h,
 2373      appInfoTable.c, flow.h, fw_appid.c, thirdparty_appid_api.h,
 2374      thirdparty_appid_utils.c, detector_plugins/detector_http.c,
 2375      detector_plugins/detector_sip.c:
 2376      Fixed issues reported by valgrind in AppID.
 2377 
 2378 2015-08-05 Victor Roemer  <viroemer@cisco.com>
 2379 Snort 2.9.8 Beta
 2380 	* src/build.h:
 2381 	  Update build number to 176
 2382 
 2383 	* src/dynamic-preprocessors/appid/service_plugins/service_ftp.c:
 2384 	  Snort to support EPRT command for active FTP on IPv4 and IPv6
 2385 
 2386 	* src/dynamic-preprocessors/ftptelnet/: ftpp_si.c, ftpp_si.h, pp_ftp.c:
 2387 	  Some PDF files were not blocked by snort.
 2388 
 2389 	* src/preprocessors/HttpInspect/client/hi_client.c:
 2390 	  Check if packet has start of PDU before generating alert.
 2391 
 2392 	* src/dynamic-preprocessors/smtp/smtp_util.c:
 2393 	  SMTP preprocessor email log buffer length update before copying to
 2394 	  avoid assert failure.
 2395 
 2396 	* src/: active.c,
 2397 	  decode.h,
 2398 	  preprocids.h,
 2399 	  detection-plugins/sp_react.c,
 2400 	  dynamic-plugins/sf_engine/sf_snort_packet.h,
 2401 	  dynamic-preprocessors/appid/spp_appid.c,
 2402 	  dynamic-preprocessors/reputation/spp_reputation.c,
 2403 	  preprocessors/spp_session.c:
 2404 	  Sessions that are blocked and trusted. Fix sp_react when sending
 2405 	  data.
 2406 
 2407 	* src/dynamic-preprocessors/appid/: flow.h, fw_appid.c,
 2408 	  detector_plugins/detector_http.c:
 2409 	  Skip simple detection only for those CHP actions that could overrirde
 2410 	  client ID, payload ID, etc.
 2411 
 2412 	* doc/snort_manual.tex:
 2413 	  Correct Unified2 Packet content.
 2414 
 2415 	* etc/snort.conf,
 2416 	  src/preprocessors/snort_httpinspect.c,
 2417 	  src/preprocessors/snort_httpinspect.h,
 2418 	  src/preprocessors/HttpInspect/client/hi_client.c,
 2419 	  src/preprocessors/HttpInspect/server/hi_server.c,
 2420 	  src/preprocessors/Stream6/stream_paf.c:
 2421 	  Clear True-IP and XFF between HTTP transactions. Prevents Snort
 2422 	  from logging extra data on transactions incorrectly.
 2423 
 2424 	* src/sfutil/sf_ip.h:
 2425 	  Treat 0.0.0.0/0 as "any" ipv4 address, fixing rule matches on ip header
 2426 	  leaf node.
 2427 
 2428 	* src/preprocessors/perf-base.c:
 2429 	  Fixed macro usage to work with ICC and C89.
 2430 
 2431 	* src/preprocessors/perf-base.c:
 2432 	  Fixed erroneous performance values being generated when Snort is idle.
 2433 
 2434 	* src/dynamic-preprocessors/appid/: service_plugins/service_api.h,
 2435 	  util/NetworkSet.h:
 2436 	  Fixed appid compilation issues for FreeBSD and OpenBSD.
 2437 
 2438 	* tools/appid_detector_builder.sh:
 2439 	 Fix script shortcomings for HTTP URL, Copyright, DetectorClean() stub.
 2440 
 2441 	* src/decode.c:
 2442 	  Snort min_ttl decoder rules drop regardless of alert/drop type.
 2443 
 2444 	* src/dynamic-preprocessors/appid/luaDetectorApi.c:
 2445 	  Set active flag for sandboxing for SSL Lua detectors.
 2446 
 2447 	* src/: active.h, sfdaq.c, sfdaq.h, snort.c,
 2448 	  dynamic-plugins/sf_dynamic_plugins.c,
 2449 	  dynamic-plugins/sf_dynamic_preprocessor.h,
 2450 	  file-process/file_service.c:
 2451 	  Add support for DAQ Retry detection of the current packet. 
 2452 
 2453 	  This change adds active response api function to request a packet
 2454 	  retry (method added to dpd struct as well) and to query if the
 2455 	  packet disposition is ACTIVE_RETRY.
 2456 
 2457 	* src/preprocessors/: spp_session.c,
 2458 	  Session/stream5_ha.c,
 2459 	  Session/stream5_ha.h:
 2460 	  preprocessors/Stream6/snort_stream_tcp.c:
 2461 	  preprocessors/spp_session.c:
 2462 	  If session lookup fails for a packet being processed
 2463 	  by the Session preprocessor while DAQ HA is enabled and DAQ HA
 2464 	  state is available for the packet, retrieve and process the HA
 2465 	  state from the DAQ and retry the lookup.  Do not store DAQ HA
 2466 	  state when unsupported tunnel types are decoded that might make
 2467 	  the underlying hardware's concept of flows not match Snort's.
 2468 	  
 2469 	* src/dynamic-preprocessors/file/: file_agent.c, file_agent.h,
 2470 	  spp_file.c:
 2471 	  Support daemon option with file_inspect preprocessor.
 2472 
 2473 	* src/preprocessors/Stream6/snort_stream_tcp.c:
 2474 	  When processing asymmetric traffic, TCP segements are no longer
 2475 	  queued indefinately, reducing session cache thrashing caused by
 2476 	  excessive prunning.
 2477 
 2478 	* src/preprocessors/HttpInspect/session_inspection/hi_si.c:
 2479 	  Fix false positive on HI_ANOM_SERVER_ALERT.
 2480 
 2481 	* src/dynamic-preprocessors/appid/: detector_plugins/detector_pattern.c,
 2482 	  service_plugins/service_api.h, service_plugins/service_base.c:
 2483 	  C detectors were not enabled when testing with a pcap.
 2484 
 2485 	* src/: event.h, sfutil/Unified2_common.h:
 2486 	 Increase max size for app ID names so they don't get truncated in alerts.
 2487 
 2488 	* src/dynamic-preprocessors/appid/commonAppMatcher.c:
 2489 	  Fix an issue with old/new config and AppID reload swap.
 2490 
 2491 	* src/dynamic-preprocessors/appid/service_plugins/service_bootp.c:
 2492 	  Fix in AppId bootp srevice plugin for packets without layer 2 header.
 2493 
 2494 	* snort.8:
 2495 	  Updated -q and -M switch description in snort manpage.
 2496 
 2497 	* src/dynamic-preprocessors/appid/: flow.h, fw_appid.c,
 2498 	  detector_plugins/detector_pattern.h, util/NetworkSet.h,
 2499 	  util/OutputFile.c, util/sfutil.c:
 2500 	  Fix Snort compilation issues on OSX when AppID is enabled.
 2501 
 2502 	* src/: dynamic-plugins/sf_dynamic_define.h,
 2503 	  dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 2504 	  dynamic-plugins/sf_engine/examples/sfsnort_dynamic_detection_lib.h,
 2505 	  dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.h,
 2506 	  dynamic-preprocessors/appid/appId.h, dynamic-preprocessors/appid/flow.h,
 2507 	  dynamic-preprocessors/appid/host_tracker.h,
 2508 	  dynamic-preprocessors/appid/rna_flow.h,
 2509 	  dynamic-preprocessors/appid/service_state.h,
 2510 	  dynamic-preprocessors/appid/spp_appid.c,
 2511 	  dynamic-preprocessors/appid/thirdparty_appid_api.h,
 2512 	  dynamic-preprocessors/appid/client_plugins/client_app_api.h,
 2513 	  dynamic-preprocessors/appid/client_plugins/client_app_bit.c,
 2514 	  dynamic-preprocessors/appid/client_plugins/client_app_bit_tracker.c,
 2515 	  dynamic-preprocessors/appid/client_plugins/client_app_rtp.c,
 2516 	  dynamic-preprocessors/appid/client_plugins/client_app_ssh.c,
 2517 	  dynamic-preprocessors/appid/client_plugins/client_app_timbuktu.c,
 2518 	  dynamic-preprocessors/appid/client_plugins/client_app_tns.c,
 2519 	  dynamic-preprocessors/appid/client_plugins/client_app_vnc.c,
 2520 	  dynamic-preprocessors/appid/detector_plugins/detector_dns.c,
 2521 	  dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
 2522 	  dynamic-preprocessors/appid/detector_plugins/detector_kerberos.c,
 2523 	  dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
 2524 	  dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 2525 	  dynamic-preprocessors/appid/service_plugins/service_base.c,
 2526 	  dynamic-preprocessors/appid/service_plugins/service_bit.c,
 2527 	  dynamic-preprocessors/appid/service_plugins/service_timbuktu.c,
 2528 	  dynamic-preprocessors/appid/service_plugins/service_tns.c,
 2529 	  side-channel/dynamic-plugins/sf_dynamic_side_channel_lib.h:
 2530 	  Rename SO_PUBLIC to SF_SO_PUBLIC.
 2531 	  Removed unused appid/rna code.
 2532 
 2533 	* doc/README.appid, rpm/snort.spec, tools/Makefile.am,
 2534 	  tools/appid_detector_builder.sh:
 2535 	  Added shell script to build simple LUA detectors for Snort.
 2536 
 2537 	* src/dynamic-preprocessors/appid/: luaDetectorApi.c,
 2538 	  client_plugins/client_app_base.c, client_plugins/client_app_base.h:
 2539 	  Add sanity checks for lua client mod calls.
 2540 	  Add function for service detectors to add clients.
 2541 	  Open client-side API to allow clients to be added outside of client api.
 2542 
 2543 	* configure.in, src/dynamic-output/plugins/output_lib.h:
 2544 	  Don't export visibility hidden or invalid daq include path.
 2545 
 2546 	* src/dynamic-preprocessors/appid/service_plugins/service_tftp.c:
 2547 	  Switch source and destination when adding the expected flow.
 2548 
 2549 	* doc/README.stream5, doc/snort_manual.tex, etc/snort.conf,
 2550 	  src/preprocessors/Stream6/snort_stream_tcp.c:
 2551 	  Added a new configure option "log_asymmetric_traffic" to turn
 2552 	  on/off logging the message for asymmetric traffic. By default, it
 2553 	  will be turned off.
 2554 
 2555 	* src/detect.c:
 2556 	  Call correct function to get app names for alerts.
 2557 	
 2558 	* configure.in, src/dynamic-preprocessors/appid/dns_defs.h,
 2559 	  src/dynamic-preprocessors/appid/client_plugins/client_app_rtp.c,
 2560 	  src/dynamic-preprocessors/appid/service_plugins/service_api.h,
 2561 	  src/dynamic-preprocessors/appid/service_plugins/service_netbios.c:
 2562 	  Replace use of __BYTE_ORDER with use of WORDS_BIGENDIAN or SF_BIGENDIAN.
 2563 
 2564 	* src/dynamic-preprocessors/appid/fw_appid.c:
 2565 	  Free http_session->new_uri and new_cookie before reassigning. 
 2566 
 2567 	* src/: preprocessors/spp_normalize.c, snort.h:
 2568 	  When normaization is removed from snort conf, a reload would not
 2569 	  disable it in Stream.
 2570 
 2571 	* src/preprocessors/perf_indicators.h:
 2572 	  Added a NULL check for a pointer argument in a perf_indicator utility 
 2573 	  inline function.
 2574 
 2575 	* src/: parser.c, preprocessors/Stream6/snort_stream_tcp.c,
 2576 	  sfutil/sfPolicyUserData.h:
 2577 	  Fixed an issue where stream fails during multiple-policy
 2578 	  configuration if stream_tcp configs are present in the default, but
 2579 	  not child policies.
 2580 
 2581 	* src/dynamic-preprocessors/appid/appInfoTable.c:
 2582 	  App name(s) in Snort rules are now case insensitive.
 2583 
 2584 	* doc/snort_manual.tex,
 2585 	  src/preprocessors/snort_httpinspect.c,
 2586 	  src/preprocessors/snort_httpinspect.h,
 2587 	  src/preprocessors/spp_httpinspect.c,
 2588 	  src/preprocessors/stream_api.h,
 2589 	  src/preprocessors/HttpInspect/include/hi_si.h,
 2590 	  src/preprocessors/HttpInspect/include/hi_ui_config.h,
 2591 	  src/preprocessors/HttpInspect/server/hi_server.c,
 2592 	  src/preprocessors/HttpInspect/session_inspection/hi_si.c,
 2593 	  src/preprocessors/HttpInspect/utils/hi_paf.c,
 2594 	  src/preprocessors/Session/session_common.h,
 2595 	  src/preprocessors/Stream6/snort_stream_tcp.c,
 2596 	  src/preprocessors/Stream6/stream_paf.c,
 2597 	  src/preprocessors/Stream6/stream_paf.h:
 2598 	  Stop reassembly if HTTP flow depth has been reached.
 2599 
 2600 	* src/dynamic-preprocessors/appid/: fw_appid.c:
 2601 	  Fix for core while processing SIP traffic from ignore sessions.
 2602 
 2603 	* src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:
 2604 	  Fix for parsing SSL client hello packet (do not assume that this
 2605 	  packet always contains extensions field).
 2606 
 2607 	* src/: dynamic-preprocessors/dcerpc2/dce2_paf.c,
 2608 	  dynamic-preprocessors/dnp3/dnp3_paf.c,
 2609 	  dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 2610 	  dynamic-preprocessors/imap/imap_paf.c,
 2611 	  dynamic-preprocessors/pop/pop_paf.c,
 2612 	  dynamic-preprocessors/sip/sip_paf.c,
 2613 	  dynamic-preprocessors/smtp/smtp_paf.c,
 2614 	  preprocessors/spp_stream6.c,
 2615 	  preprocessors/stream_api.h,
 2616 	  preprocessors/HttpInspect/utils/hi_paf.c,
 2617 	  preprocessors/Session/session_common.h,
 2618 	  preprocessors/Stream6/snort_stream_tcp.c,
 2619 	  preprocessors/Stream6/snort_stream_tcp.h,
 2620 	  preprocessors/Stream6/stream_paf.c,
 2621 	  preprocessors/Stream6/stream_paf.h:
 2622 	  Allow 2 PAF clients to be active at a time.
 2623 
 2624 	* src/detection-plugins/detection_options.c:
 2625 	  Detection_filter events incorrect both raw and reassembled packets
 2626 	  used.  Added a check that, if session is being reassembled, consider
 2627 	  reassembled packet. Else, consider raw packet for count.
 2628 
 2629 	  When "no_stream" is present in the rule, need to consider raw packets
 2630 	  only, even though session reassembly is happening. Took care of this
 2631 	  case by adding OtnFlowIgnoreReassembled(otn) check.
 2632 
 2633 	* src/sfutil/: sf_email_attach_decode.c, sf_email_attach_decode.h:
 2634 	  Filename parsed from Mime body for UUencoded file.
 2635 
 2636 	* src/: detect.c, detect.h, event_queue.c, event_queue.h,
 2637 	  event_wrapper.c, event_wrapper.h, fpdetect.c, fpdetect.h,
 2638 	  ppm.c, tag.c, tag.h, file-process/file_service.c,
 2639 	  preprocessors/Stream6/snort_stream_tcp.c, sfutil/sfPolicyData.h,
 2640 	  sfutil/sfrf.c:
 2641 	  Internal (gid:135) rate filtering events now use runtime NAP instead 
 2642 	  of runtime IPS for rule tree lookups.
 2643 
 2644 	* src/dynamic-preprocessors/Makefile.am:
 2645 	  Fix for Snort compilation issue on OSX.
 2646 
 2647 	* src/: appIdApi.h, decode.h, detect.c, snort.c, snort.h,
 2648 	  dynamic-plugins/sf_dynamic_plugins.c,
 2649 	  dynamic-plugins/sf_engine/sf_snort_packet.h,
 2650 	  dynamic-preprocessors/appid/appIdApi.c,
 2651 	  dynamic-preprocessors/appid/flow.c,
 2652 	  dynamic-preprocessors/appid/flow.h,
 2653 	  dynamic-preprocessors/appid/luaDetectorApi.c,
 2654 	  dynamic-preprocessors/appid/luaDetectorApi.h,
 2655 	  dynamic-preprocessors/appid/client_plugins/client_app_aim.c,
 2656 	  dynamic-preprocessors/appid/client_plugins/client_app_api.h,
 2657 	  dynamic-preprocessors/appid/client_plugins/client_app_base.c,
 2658 	  dynamic-preprocessors/appid/client_plugins/client_app_base.h,
 2659 	  dynamic-preprocessors/appid/client_plugins/client_app_bit.c,
 2660 	  dynamic-preprocessors/appid/client_plugins/client_app_bit_tracker.c,
 2661 	  dynamic-preprocessors/appid/client_plugins/client_app_msn.c,
 2662 	  dynamic-preprocessors/appid/client_plugins/client_app_rtp.c,
 2663 	  dynamic-preprocessors/appid/client_plugins/client_app_smtp.c,
 2664 	  dynamic-preprocessors/appid/client_plugins/client_app_ssh.c,
 2665 	  dynamic-preprocessors/appid/client_plugins/client_app_timbuktu.c,
 2666 	  dynamic-preprocessors/appid/client_plugins/client_app_tns.c,
 2667 	  dynamic-preprocessors/appid/client_plugins/client_app_vnc.c,
 2668 	  dynamic-preprocessors/appid/client_plugins/client_app_ym.c,
 2669 	  dynamic-preprocessors/appid/detector_plugins/detector_dns.c,
 2670 	  dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
 2671 	  dynamic-preprocessors/appid/detector_plugins/detector_kerberos.c,
 2672 	  dynamic-preprocessors/appid/detector_plugins/detector_pattern.c,
 2673 	  dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
 2674 	  dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 2675 	  dynamic-preprocessors/appid/service_plugins/service_api.h,
 2676 	  dynamic-preprocessors/appid/service_plugins/service_base.c,
 2677 	  dynamic-preprocessors/appid/service_plugins/service_base.h,
 2678 	  dynamic-preprocessors/appid/service_plugins/service_rpc.c,
 2679 	  dynamic-preprocessors/ftptelnet/pp_ftp.c,
 2680 	  dynamic-preprocessors/sip/sip_dialog.c,
 2681 	  preprocessors/session_api.h,
 2682 	  preprocessors/sip_common.h,
 2683 	  preprocessors/spp_session.c,
 2684 	  preprocessors/spp_session.h,
 2685 	  preprocessors/spp_stream6.c,
 2686 	  preprocessors/stream_api.h,
 2687 	  preprocessors/Session/session_expect.c,
 2688 	  preprocessors/Session/session_expect.h:
 2689 	  Allow all preprocessors to create expected session calls.
 2690 
 2691 	* src/dynamic-plugins/: sf_dynamic_plugins.c, sf_dynamic_preprocessor.h:
 2692 	  Corrected function prototype definition for DP API method called to
 2693 	  register an Active Response callback.
 2694 
 2695 	* src/snort.c:
 2696 	  Clean up the inline failopen thread before calling DAQ_Stop in
 2697 	  SnortCleanup(). Prevent running in daemon mode from killing these
 2698 	  threads.
 2699 
 2700 	* src/preprocessors/: perf-base.h, perf.c:
 2701 	  Don't clear procpidstats structure, so snort doesn't core.
 2702 
 2703 	* src/dynamic-preprocessors/appid/: service_state.h,
 2704 	  service_plugins/service_base.c:
 2705 	  Restart service search state machine if previous session was only
 2706 	  partial.
 2707 
 2708 	* configure.in, src/sfdaq.c, src/sfdaq.h, 
 2709 	  src/dynamic-plugins/sf_dynamic_plugins.c,
 2710 	  src/dynamic-plugins/sf_dynamic_preprocessor.h:
 2711 	  Added accessor methods for DAQ query flow method.
 2712 
 2713 	* src/preprocessors/snort_httpinspect.c:
 2714 	  Added checks to prevent raw packets from being used for file process
 2715 	  in HTTP.
 2716 
 2717 	* src/dynamic-preprocessors/appid/: flow.h, fw_appid.c:
 2718 	  Fix for processing HTTPS data to extract client app id.
 2719 
 2720 	* src/preprocessors/: perf-base.c, Stream6/snort_stream_tcp.c:
 2721 	  Prunes due to timouts will are now counted by perfmonitor as prunes.
 2722 
 2723 	* doc/snort_manual.tex, src/parser.c, src/parser.h, src/snort.h,
 2724 	  src/detection-plugins/detection_options.c:
 2725 	  Introduced config option `disable_replace.
 2726 
 2727 	* preproc_rules/preprocessor.rules,
 2728 	  src/preprocessors/session_api.h,
 2729 	  src/preprocessors/snort_httpinspect.c,
 2730 	  src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 2731 	  src/preprocessors/HttpInspect/include/hi_eo_events.h,
 2732 	  src/preprocessors/Stream6/snort_stream_tcp.c
 2733 	  etc/gen-msg.map:
 2734 	  HI_EO_SERVER_PROTOCOL_OTHER alert is added to detect SSH tunneling over HTTP.
 2735 
 2736 	* configure.in:
 2737 	  Remove unused declaration of ADD_WERROR.
 2738 
 2739 	* src/: active.c, detection-plugins/sp_react.c:
 2740 	  Changed code to add FIN on last data packet and bump the seq for the 
 2741 	  FIN flag.
 2742 
 2743 	* src/active.c:
 2744 	  Added a FIN packet after the last data packet and before the reset.
 2745 
 2746 	* src/dynamic-preprocessors/appid/fw_appid.c:
 2747 	  Fixed HTTP header field offset calculation for fragmented HTTP headers.
 2748 
 2749 	* doc/: snort_manual.pdf, snort_manual.tex:
 2750 	  Added note about fast pattern matcher being case insensitive.
 2751 
 2752 	* src/: dynamic-plugins/sf_dynamic_plugins.c,
 2753 	  dynamic-plugins/sf_dynamic_preprocessor.h,
 2754 	  dynamic-preprocessors/appid/spp_appid.c:
 2755 	  Allow for multiple isAppIdRequired functions.
 2756 
 2757 	* doc/snort_manual.tex:
 2758 	  When not set by preprocessor, set file_data pointer to beg. of
 2759 	  payload.  Also fixed an issue when doe_ptr is moved to http
 2760 	  buffers, the length for those buffers is incorrect.
 2761 
 2762 	* src/: snort.c, preprocessors/perf.c, preprocessors/perf.h,
 2763 	  preprocessors/spp_perfmonitor.c: 
 2764 	  Change the way perfmon dumps stats to ensure that multiple
 2765 	  instances will dump stats at offsets from absolute time. This gives
 2766 	  Snort the ability to dump stats asynchronously (when idle).
 2767 
 2768 	* src/snort.c:
 2769 	  Change the order of permissions drop and chroot so that we set 
 2770 	  the uid and gid before creating the pid file.
 2771 
 2772 	* src/preprocessors/Stream6/snort_stream_tcp.c:
 2773 	  Change PAF to handle full PDU in single tcp segment correctly.
 2774 
 2775 	* src/decode.c: 
 2776 	  Prevent duplicate alerting of decoder rule 116:296.
 2777 
 2778 	* src/dynamic-preprocessors/appid/fw_appid.c:
 2779 	  Use memcpy instead of strdup.
 2780 
 2781 	* src/dynamic-preprocessors/appid/detector_plugins/detector_http.c:
 2782 	  Fixed the calculation of 'end' index in http_header_pattern_match
 2783 	  when HTTP header does not have a properly terminated 'Server'
 2784 	  field.
 2785 
 2786 	* src/: log_text.c, log_text.h, output-plugins/spo_alert_fast.c,
 2787 	  output-plugins/spo_alert_full.c:
 2788 	  Add AppID to console alert logs.
 2789 	 
 2790 	* src/dynamic-preprocessors/appid/: service_state.c,
 2791 	  service_plugins/service_base.c:
 2792 	  Don't fail adding a service if the id_state is already in the host cache.
 2793 
 2794 	* src/dynamic-preprocessors/appid/fw_appid.c:
 2795 	  Addressed pinhole issue not allowing FTP-Data sessions.
 2796 
 2797 	* src/: decode.c, parser.c, sfdaq.c, sfdaq.h, snort.c, snort.h:
 2798 	  Update snort to handle the DAQ flags to determine which tunnels it 
 2799 	  can render flow verdicts to hardware.
 2800 	 
 2801 	* src/active.c:
 2802 	  Included function for sending UDP response(s).
 2803 
 2804 	* src/: sfutil/sfrt_flat.c,
 2805 	  dynamic-preprocessors/reputation/reputation_config.c:
 2806 	  Limit number of IP entries based on memcap. Avoiding issue of sfrt table
 2807 	  not being created in the first place.
 2808 
 2809 	* src/: tag.c, detection-plugins/detection_leaf_node.c,
 2810 	  file-process/file_capture.c, file-process/file_mempool.c,
 2811 	  file-process/file_resume_block.c,
 2812 	  file-process/file_segment_process.c,
 2813 	  file-process/file_segment_process.h, preprocessors/perf-flow.c,
 2814 	  preprocessors/portscan.c, preprocessors/Session/session_expect.c,
 2815 	  sfutil/sf_ip.h, sfutil/sfrf.c, sfutil/sfthd.c, sfutil/sfthd.h:
 2816 	  Replaced all sfaddr_t occurrences in hash keys with struct in6_addr.
 2817 
 2818 	* src/sfutil/sfdebug.h, tools/control/sfcontrol.c:
 2819 	  Fixed ascii output of file data.
 2820 
 2821 	* src/: profiler.h, snort.c, dynamic-plugins/sf_dynamic_plugins.c,
 2822 	  dynamic-plugins/sf_dynamic_preprocessor.h,
 2823 	  dynamic-preprocessors/Makefile.am, preprocessors/Makefile.am,
 2824 	  preprocessors/perf_indicators.c,
 2825 	  preprocessors/perf_indicators.h:
 2826 	  New dynamic-preprocessor API hooks for fetching a set of snort
 2827 	  performance indicators and the pcap readback mode bit.
 2828 
 2829 	* src/sfutil/sfdebug.h, tools/control/sfcontrol.c:
 2830 	  Fixed string termination to only dump values that have been initialized.
 2831 
 2832 	* src/sfutil/: sfrt_flat.c, sfrt_flat.h, sfrt_flat_dir.c,
 2833 	  sfrt_flat_dir.h:
 2834 	  Memory optimizations for reputation preprocessor
 2835 
 2836 	* src/: decode.h, detect.c, detection_util.c, plugbase.c, plugbase.h,
 2837 	  preprocids.h, snort.h, dynamic-plugins/sf_engine/Makefile.am,
 2838 	  dynamic-plugins/sf_engine/sf_snort_packet.h,
 2839 	  preprocessors/spp_frag3.c, preprocessors/spp_session.c,
 2840 	  sfutil/sf_ip.c, sfutil/sf_ip.h:
 2841 	  Changed the preprocessor mask from 32-bit to 64-bit.
 2842 	  Changed all declarations to use PreprocEnableMask as the type.
 2843 	 
 2844 	* src/: file-process/file_resume_block.c, sfutil/sfxhash.c,
 2845 	  sfutil/sfxhash.h:
 2846 	  Added a memcap to sfxhash usage in file_resume_block.
 2847 	  
 2848 	* src/dynamic-preprocessors/dcerpc2/: dce2_smb2.c, dce2_smb2.h,
 2849 	  dce2_stats.h, spp_dce2.c:
 2850 	  Currently, we use file size to avoid processing pipe and print
 2851 	  share data because file size is 0 in that case. However, for
 2852 	  smbclient, it sets file size to be zero which snort fails to
 2853 	  identify those files correctly.
 2854 
 2855 	* src/: dynamic-preprocessors/appid/commonAppMatcher.c,
 2856 	  dynamic-preprocessors/appid/hostPortAppCache.c,
 2857 	  dynamic-preprocessors/appid/lengthAppCache.c,
 2858 	  dynamic-preprocessors/appid/service_state.c,
 2859 	  dynamic-preprocessors/appid/util/NetworkSet.c,
 2860 	  preprocessors/Session/session_expect.c, sfutil/sfxhash.c,
 2861 	  sfutil/sfxhash.h:
 2862 	  Create SFXHASH with non-negative sizes only. 
 2863 
 2864 	* doc/snort_manual.tex:
 2865 	  Documentation for new Port Override feature.
 2866 
 2867 	* src/dynamic-preprocessors/appid/: luaDetectorApi.c,
 2868 	  luaDetectorApi.h, client_plugins/client_app_base.c,
 2869 	  detector_plugins/detector_pattern.c,
 2870 	  service_plugins/service_base.c:
 2871 	  Fix memory leaks in detector_pattern.
 2872 
 2873 	* src/dynamic-preprocessors/appid/service_plugins/service_dns.c,
 2874 	  src/dynamic-preprocessors/appid/service_plugins/service_base.c,
 2875 	  src/dynamic-preprocessors/appid/service_plugins/service_api.h,
 2876 	  src/dynamic-preprocessors/appid/fw_appid.h,
 2877 	  src/dynamic-preprocessors/appid/fw_appid.c,
 2878 	  src/dynamic-preprocessors/appid/appIdApi.c,
 2879 	  src/dynamic-plugins/sf_dynamic_plugins.c,
 2880 	  src/appIdApi.h:
 2881 	  Included 2 new Appid Api calls for DNS_QUERY and DNS_QUERY_LEN.
 2882 
 2883 	* src/preprocessors/HttpInspect/client/hi_client.c:
 2884 	  Enable publishing of host name from raw packets for Appid.
 2885 
 2886 	* src/: post_detection.c, post_detection.h:
 2887 	  Inline modifier removed from post detection initialization function.
 2888 
 2889 	* src/post_detection.h:
 2890 	  Remove static modifier from inline function definition.
 2891 
 2892 	* src/decode.c:
 2893 	  FabricPath decoding modified the packet data pointer and length fields
 2894 	  used to caluclate ethernet header offesets incorrectly.
 2895 
 2896 	* src/: Makefile.am, decode.h, detect.c, post_detection.c,
 2897 	  post_detection.h, snort.c, dynamic-examples/Makefile.am,
 2898 	  dynamic-plugins/sf_dynamic_plugins.c, 
 2899 	  dynamic-plugins/sf_dynamic_preprocessor.h,
 2900 	  dynamic-plugins/sf_engine/sf_snort_packet.h,
 2901 	  dynamic-preprocessors/Makefile.am:
 2902 	  Provide an API method available to all preprocessors to register a 
 2903 	  callback function that is called post-detection processing of the 
 2904 	  packet on which the callback was registered.
 2905 
 2906 	* src/dynamic-preprocessors/appid/: commonAppMatcher.c,
 2907 	  thirdparty_appid_api.h, thirdparty_appid_utils.c:
 2908 	  Use Snort's logging facility for 3rd party AppID impls.
 2909 
 2910 	* src/: decode.c, decode.h, encode.c, generators.h, sf_protocols.h,
 2911 	  dynamic-plugins/sf_engine/sf_snort_packet.h:
 2912 	  Added a decoding for Cisco Metadata headers.
 2913 
 2914 	* src/dynamic-preprocessors/appid/: commonAppMatcher.c, fw_appid.c,
 2915 	  fw_appid.h, client_plugins/client_app_api.h, 
 2916 	  client_plugins/client_app_base.c, detector_plugins/detector_pattern.c,
 2917 	  detector_plugins/detector_sip.c, service_plugins/service_api.h,
 2918 	  service_plugins/service_base.c, service_plugins/service_base.h,
 2919 	  util/sf_mlmp.c, util/sf_mlmp.h:
 2920 	  Fixes for sandboxing sip and http.
 2921 
 2922 	* src/dynamic-preprocessors/appid/: appIdConfig.c,
 2923 	  luaDetectorApi.c,
 2924 	  detector_plugins/detector_imap.c,
 2925 	  detector_plugins/detector_kerberos.c,
 2926 	  detector_plugins/detector_pop3.c, 
 2927 	  detector_plugins/detector_sip.c,
 2928 	  service_plugins/service_MDNS.c,
 2929 	  service_plugins/service_battle_field.c,
 2930 	  service_plugins/service_bgp.c,
 2931 	  service_plugins/service_bit.c,
 2932 	  service_plugins/service_bootp.c,
 2933 	  service_plugins/service_dcerpc.c,
 2934 	  service_plugins/service_direct_connect.c,
 2935 	  service_plugins/service_dns.c,
 2936 	  service_plugins/service_flap.c,
 2937 	  service_plugins/service_ftp.c,
 2938 	  service_plugins/service_irc.c,
 2939 	  service_plugins/service_lpr.c,
 2940 	  service_plugins/service_mysql.c,
 2941 	  service_plugins/service_netbios.c,
 2942 	  service_plugins/service_nntp.c,
 2943 	  service_plugins/service_ntp.c,
 2944 	  service_plugins/service_radius.c,
 2945 	  service_plugins/service_rexec.c,
 2946 	  service_plugins/service_rfb.c,
 2947 	  service_plugins/service_rlogin.c,
 2948 	  service_plugins/service_rpc.c,
 2949 	  service_plugins/service_rshell.c,
 2950 	  service_plugins/service_rsync.c,
 2951 	  service_plugins/service_rtmp.c,
 2952 	  service_plugins/service_smtp.c,
 2953 	  service_plugins/service_snmp.c,
 2954 	  service_plugins/service_ssh.c,
 2955 	  service_plugins/service_ssl.c,
 2956 	  service_plugins/service_telnet.c,
 2957 	  service_plugins/service_tftp.c,
 2958 	  service_plugins/service_timbuktu.c,
 2959 	  service_plugins/service_tns.c:
 2960 	  Initialize current_ref_count for all service plugins.
 2961 
 2962 	* src/: detection-plugins/sp_appid.c, dynamic-preprocessors/appid/fw_appid.c:
 2963 	  Fixed AppID in snort rules, trim appNames.
 2964 
 2965 	* src/dynamic-preprocessors/appid/: flow.h, fw_appid.c, host_tracker.h,
 2966 	  service_state.h, client_plugins/client_app_base.c,
 2967 	  service_plugins/service_base.c:
 2968 	  Allow multiple service and client detectors to be evaluated on that same flow.
 2969 
 2970 	* src/dynamic-preprocessors/appid/: Makefile.am,
 2971 	  appIdConfig.h,
 2972 	  commonAppMatcher.c,
 2973 	  luaDetectorApi.c,
 2974 	  luaDetectorApi.h,
 2975 	  luaDetectorModule.c,
 2976 	  client_plugins/client_app_base.c,
 2977 	  client_plugins/client_app_base.h,
 2978 	  detector_plugins/detector_base.c,
 2979 	  detector_plugins/detector_pattern.c,
 2980 	  detector_plugins/detector_pattern.h,
 2981 	  service_plugins/service_api.h,
 2982 	  service_plugins/service_base.c,
 2983 	  service_plugins/service_base.h,
 2984 	  service_plugins/service_pattern.c,
 2985 	  service_plugins/service_pattern.h:
 2986 	  Implemented new Lua API to inject pattern/port for client and server.
 2987 
 2988 	* src/dynamic-preprocessors/: appid/fw_appid.h,
 2989 	  appid/luaDetectorApi.c,
 2990 	  appid/luaDetectorApi.h,
 2991 	  appid/luaDetectorModule.c,
 2992 	  appid/spp_appid.c,
 2993 	  appid/service_plugins/service_MDNS.c,
 2994 	  dcerpc2/spp_dce2.c,
 2995 	  dnp3/spp_dnp3.c,
 2996 	  dns/spp_dns.c,
 2997 	  ftptelnet/spp_ftptelnet.c,
 2998 	  gtp/spp_gtp.c,
 2999 	  imap/spp_imap.c,
 3000 	  isakmp/spp_isakmp.c,
 3001 	  modbus/spp_modbus.c,
 3002 	  pop/spp_pop.c,
 3003 	  reputation/spp_reputation.c,
 3004 	  sdf/spp_sdf.c,
 3005 	  sip/spp_sip.c,
 3006 	  smtp/spp_smtp.c,
 3007 	  ssh/spp_ssh.c,
 3008 	  ssl_common/ssl_config.c,
 3009 	  ssl_common/ssl_ha.c:
 3010 	  Implemented lua detector performance profiling.
 3011 
 3012 	* src/generators.h, src/dynamic-preprocessors/dcerpc2/dce2_event.c,
 3013 	  src/dynamic-preprocessors/dcerpc2/dce2_event.h,
 3014 	  src/dynamic-preprocessors/dcerpc2/dce2_smb2.c,
 3015 	  doc/README.dcerpc2, doc/snort_manual.tex,
 3016 	  preproc_rules/preprocessor.rules, etc/gen-msg.map:
 3017 	  SMBv2 and SMBv3 preprocessor alerts update.
 3018 
 3019 	* src/encode.c:
 3020 	  Use ip6h struct to reference the src/dst address bytes.
 3021 
 3022 	* configure.in,
 3023 	  src/file-process/file_segment_process.c,
 3024 	  src/file-process/file_segment_process.h,
 3025 	  src/file-process/file_service.c,
 3026 	  src/file-process/file_stats.c,
 3027 	  src/file-process/libs/file_lib.c,
 3028 	  src/file-process/Makefile.am,
 3029 	  src/file-process/file_api.h,
 3030 	  src/dynamic-preprocessors/sip/sip_utils.h,
 3031 	  src/dynamic-preprocessors/dcerpc2/Makefile.am,
 3032 	  src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 3033 	  src/dynamic-preprocessors/dcerpc2/dce2_config.h,
 3034 	  src/dynamic-preprocessors/dcerpc2/dce2_session.h,
 3035 	  src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
 3036 	  src/dynamic-preprocessors/dcerpc2/dce2_smb.h,
 3037 	  src/dynamic-preprocessors/dcerpc2/dce2_smb2.c,
 3038 	  src/dynamic-preprocessors/dcerpc2/dce2_smb2.h,
 3039 	  src/dynamic-preprocessors/dcerpc2/dce2_stats.h,
 3040 	  src/dynamic-preprocessors/dcerpc2/sf_dce2.dsp,
 3041 	  src/dynamic-preprocessors/dcerpc2/spp_dce2.c:
 3042 	  doc/README.dcerpc2,
 3043 	  doc/snort_manual.tex:
 3044 	  SMBv2 and SMBv3 file inspection support.
 3045 
 3046 	* src/: Makefile.am,
 3047 	  appIdApi.h,
 3048 	  detect.c,
 3049 	  event.h,
 3050 	  sf_sdlist.c,
 3051 	  snort_debug.h,
 3052 	  detection-plugins/sp_appid.c,
 3053 	  detection-plugins/sp_appid.h,
 3054 	  dynamic-plugins/sf_dynamic_plugins.c,
 3055 	  dynamic-plugins/sf_dynamic_preprocessor.h, 
 3056 	  dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 3057 	  dynamic-preprocessors/Makefile.am,
 3058 	  dynamic-preprocessors/appid/Makefile.am,
 3059 	  dynamic-preprocessors/appid/appId.c,
 3060 	  dynamic-preprocessors/appid/appId.h,
 3061 	  dynamic-preprocessors/appid/appIdApi.c,
 3062 	  dynamic-preprocessors/appid/appIdConfig.c,
 3063 	  dynamic-preprocessors/appid/appIdConfig.h,
 3064 	  dynamic-preprocessors/appid/appIdStats.c,
 3065 	  dynamic-preprocessors/appid/appInfoTable.c,
 3066 	  dynamic-preprocessors/appid/appInfoTable.h,
 3067 	  dynamic-preprocessors/appid/app_forecast.c,
 3068 	  dynamic-preprocessors/appid/app_forecast.h,
 3069 	  dynamic-preprocessors/appid/commonAppMatcher.c,
 3070 	  dynamic-preprocessors/appid/commonAppMatcher.h,
 3071 	  dynamic-preprocessors/appid/flow.c,
 3072 	  dynamic-preprocessors/appid/flow.h,
 3073 	  dynamic-preprocessors/appid/flow_error.h,
 3074 	  dynamic-preprocessors/appid/fw_appid.c,
 3075 	  dynamic-preprocessors/appid/fw_appid.h,
 3076 	  dynamic-preprocessors/appid/hostPortAppCache.c,
 3077 	  dynamic-preprocessors/appid/hostPortAppCache.h,
 3078 	  dynamic-preprocessors/appid/host_tracker.h,
 3079 	  dynamic-preprocessors/appid/httpCommon.h,
 3080 	  dynamic-preprocessors/appid/lengthAppCache.c,
 3081 	  dynamic-preprocessors/appid/lengthAppCache.h,
 3082 	  dynamic-preprocessors/appid/luaDetectorApi.c,
 3083 	  dynamic-preprocessors/appid/luaDetectorApi.h,
 3084 	  dynamic-preprocessors/appid/luaDetectorFlowApi.c,
 3085 	  dynamic-preprocessors/appid/luaDetectorFlowApi.h,
 3086 	  dynamic-preprocessors/appid/luaDetectorModule.c,
 3087 	  dynamic-preprocessors/appid/luaDetectorModule.h,
 3088 	  dynamic-preprocessors/appid/rna_flow.h,
 3089 	  dynamic-preprocessors/appid/service_state.c,
 3090 	  dynamic-preprocessors/appid/service_state.h,
 3091 	  dynamic-preprocessors/appid/spp_appid.c,
 3092 	  dynamic-preprocessors/appid/thirdparty_appid_api.h,
 3093 	  dynamic-preprocessors/appid/thirdparty_appid_types.h,
 3094 	  dynamic-preprocessors/appid/thirdparty_appid_utils.c,
 3095 	  dynamic-preprocessors/appid/thirdparty_appid_utils.h,
 3096 	  dynamic-preprocessors/appid/client_plugins/clientAppConfig.h,
 3097 	  dynamic-preprocessors/appid/client_plugins/client_app_aim.c,
 3098 	  dynamic-preprocessors/appid/client_plugins/client_app_aim.h,
 3099 	  dynamic-preprocessors/appid/client_plugins/client_app_api.h,
 3100 	  dynamic-preprocessors/appid/client_plugins/client_app_base.c,
 3101 	  dynamic-preprocessors/appid/client_plugins/client_app_base.h,
 3102 	  dynamic-preprocessors/appid/client_plugins/client_app_bit.c,
 3103 	  dynamic-preprocessors/appid/client_plugins/client_app_bit_tracker.c,
 3104 	  dynamic-preprocessors/appid/client_plugins/client_app_msn.c,
 3105 	  dynamic-preprocessors/appid/client_plugins/client_app_msn.h,
 3106 	  dynamic-preprocessors/appid/client_plugins/client_app_rtp.c,
 3107 	  dynamic-preprocessors/appid/client_plugins/client_app_smtp.c,
 3108 	  dynamic-preprocessors/appid/client_plugins/client_app_smtp.h,
 3109 	  dynamic-preprocessors/appid/client_plugins/client_app_ssh.c,
 3110 	  dynamic-preprocessors/appid/client_plugins/client_app_timbuktu.c,
 3111 	  dynamic-preprocessors/appid/client_plugins/client_app_tns.c,
 3112 	  dynamic-preprocessors/appid/client_plugins/client_app_vnc.c,
 3113 	  dynamic-preprocessors/appid/client_plugins/client_app_ym.c,
 3114 	  dynamic-preprocessors/appid/client_plugins/client_app_ym.h,
 3115 	  dynamic-preprocessors/appid/detector_plugins/detector_api.h,
 3116 	  dynamic-preprocessors/appid/detector_plugins/detector_base.c,
 3117 	  dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 3118 	  dynamic-preprocessors/appid/detector_plugins/detector_http.h,
 3119 	  dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
 3120 	  dynamic-preprocessors/appid/detector_plugins/detector_kerberos.c,
 3121 	  dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
 3122 	  dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 3123 	  dynamic-preprocessors/appid/detector_plugins/detector_sip.h,
 3124 	  dynamic-preprocessors/appid/detector_plugins/http_url_patterns.c,
 3125 	  dynamic-preprocessors/appid/detector_plugins/http_url_patterns.h,
 3126 	  dynamic-preprocessors/appid/service_plugins/serviceConfig.h,
 3127 	  dynamic-preprocessors/appid/service_plugins/service_MDNS.c,
 3128 	  dynamic-preprocessors/appid/service_plugins/service_MDNS.h,
 3129 	  dynamic-preprocessors/appid/service_plugins/service_api.h,
 3130 	  dynamic-preprocessors/appid/service_plugins/service_base.c,
 3131 	  dynamic-preprocessors/appid/service_plugins/service_base.h,
 3132 	  dynamic-preprocessors/appid/service_plugins/service_battle_field.c,
 3133 	  dynamic-preprocessors/appid/service_plugins/service_battle_field.h,
 3134 	  dynamic-preprocessors/appid/service_plugins/service_bgp.c,
 3135 	  dynamic-preprocessors/appid/service_plugins/service_bgp.h,
 3136 	  dynamic-preprocessors/appid/service_plugins/service_bit.c,
 3137 	  dynamic-preprocessors/appid/service_plugins/service_bootp.c,
 3138 	  dynamic-preprocessors/appid/service_plugins/service_bootp.h,
 3139 	  dynamic-preprocessors/appid/service_plugins/service_dcerpc.c,
 3140 	  dynamic-preprocessors/appid/service_plugins/service_dcerpc.h,
 3141 	  dynamic-preprocessors/appid/service_plugins/service_direct_connect.c,
 3142 	  dynamic-preprocessors/appid/service_plugins/service_direct_connect.h,
 3143 	  dynamic-preprocessors/appid/service_plugins/service_dns.c,
 3144 	  dynamic-preprocessors/appid/service_plugins/service_dns.h,
 3145 	  dynamic-preprocessors/appid/service_plugins/service_flap.c,
 3146 	  dynamic-preprocessors/appid/service_plugins/service_flap.h,
 3147 	  dynamic-preprocessors/appid/service_plugins/service_ftp.c,
 3148 	  dynamic-preprocessors/appid/service_plugins/service_ftp.h,
 3149 	  dynamic-preprocessors/appid/service_plugins/service_irc.c,
 3150 	  dynamic-preprocessors/appid/service_plugins/service_irc.h,
 3151 	  dynamic-preprocessors/appid/service_plugins/service_lpr.c,
 3152 	  dynamic-preprocessors/appid/service_plugins/service_lpr.h,
 3153 	  dynamic-preprocessors/appid/service_plugins/service_mysql.c,
 3154 	  dynamic-preprocessors/appid/service_plugins/service_mysql.h,
 3155 	  dynamic-preprocessors/appid/service_plugins/service_netbios.c,
 3156 	  dynamic-preprocessors/appid/service_plugins/service_netbios.h,
 3157 	  dynamic-preprocessors/appid/service_plugins/service_nntp.c,
 3158 	  dynamic-preprocessors/appid/service_plugins/service_nntp.h,
 3159 	  dynamic-preprocessors/appid/service_plugins/service_ntp.c,
 3160 	  dynamic-preprocessors/appid/service_plugins/service_ntp.h,
 3161 	  dynamic-preprocessors/appid/service_plugins/service_pattern.c,
 3162 	  dynamic-preprocessors/appid/service_plugins/service_pattern.h,
 3163 	  dynamic-preprocessors/appid/service_plugins/service_radius.c,
 3164 	  dynamic-preprocessors/appid/service_plugins/service_radius.h,
 3165 	  dynamic-preprocessors/appid/service_plugins/service_rexec.c,
 3166 	  dynamic-preprocessors/appid/service_plugins/service_rexec.h,
 3167 	  dynamic-preprocessors/appid/service_plugins/service_rfb.c,
 3168 	  dynamic-preprocessors/appid/service_plugins/service_rfb.h,
 3169 	  dynamic-preprocessors/appid/service_plugins/service_rlogin.c,
 3170 	  dynamic-preprocessors/appid/service_plugins/service_rlogin.h,
 3171 	  dynamic-preprocessors/appid/service_plugins/service_rpc.c,
 3172 	  dynamic-preprocessors/appid/service_plugins/service_rpc.h,
 3173 	  dynamic-preprocessors/appid/service_plugins/service_rshell.c,
 3174 	  dynamic-preprocessors/appid/service_plugins/service_rshell.h,
 3175 	  dynamic-preprocessors/appid/service_plugins/service_rsync.c,
 3176 	  dynamic-preprocessors/appid/service_plugins/service_rsync.h,
 3177 	  dynamic-preprocessors/appid/service_plugins/service_rtmp.c,
 3178 	  dynamic-preprocessors/appid/service_plugins/service_rtmp.h,
 3179 	  dynamic-preprocessors/appid/service_plugins/service_smtp.c,
 3180 	  dynamic-preprocessors/appid/service_plugins/service_smtp.h,
 3181 	  dynamic-preprocessors/appid/service_plugins/service_snmp.c,
 3182 	  dynamic-preprocessors/appid/service_plugins/service_snmp.h,
 3183 	  dynamic-preprocessors/appid/service_plugins/service_ssh.c,
 3184 	  dynamic-preprocessors/appid/service_plugins/service_ssh.h,
 3185 	  dynamic-preprocessors/appid/service_plugins/service_ssl.c,
 3186 	  dynamic-preprocessors/appid/service_plugins/service_ssl.h,
 3187 	  dynamic-preprocessors/appid/service_plugins/service_telnet.c,
 3188 	  dynamic-preprocessors/appid/service_plugins/service_telnet.h,
 3189 	  dynamic-preprocessors/appid/service_plugins/service_tftp.c,
 3190 	  dynamic-preprocessors/appid/service_plugins/service_tftp.h,
 3191 	  dynamic-preprocessors/appid/service_plugins/service_timbuktu.c,
 3192 	  dynamic-preprocessors/appid/service_plugins/service_tns.c,
 3193 	  dynamic-preprocessors/appid/util/NetworkSet.c,
 3194 	  dynamic-preprocessors/appid/util/NetworkSet.h,
 3195 	  dynamic-preprocessors/appid/util/common_util.h,
 3196 	  dynamic-preprocessors/appid/util/fw_avltree.c,
 3197 	  dynamic-preprocessors/appid/util/ip_funcs.c,
 3198 	  dynamic-preprocessors/appid/util/ip_funcs.h,
 3199 	  dynamic-preprocessors/appid/util/sf_mlmp.c,
 3200 	  dynamic-preprocessors/appid/util/sfutil.c,
 3201 	  dynamic-preprocessors/appid/util/sfutil.h,
 3202 	  preprocessors/session_api.h,
 3203 	  preprocessors/spp_session.c,
 3204 	  sfutil/Unified2_common.h:
 3205 	  Snort side changes to openAppid to support openAVC
 3206 
 3207 	* src/dynamic-plugins/sf_dynamic_preprocessor.h,
 3208 	  src/sfutil/sf_ip.h:
 3209 	  Bump dpd version.
 3210 
 3211 	* configure.in, src/parser.c, src/fpcreate.c, src/fpdetect.c,
 3212 	  src/fpdetect, src/parser.c, src/pcrm.c, src/pcrm.h, src/signature.c,
 3213 	  src/signature.h, src/detection-plugins/Makefile.am,
 3214 	  src/detection-plugins/detection_leaf_node.c,
 3215 	  src/detection-plugins/detection_options.c,
 3216 	  src/sfutil/sfportobject.h:
 3217 	  NEW FEATURE Port Override. Adds new metadata keywords "else-ports",
 3218 	  "or-ports" and "and-ports".
 3219 
 3220 	* src/sfdaq.c,
 3221 	  src/sfdaq.h,
 3222 	  src/dynamic-plugins/sf_dynamic_plugins.c,
 3223 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
 3224 	  src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 3225 	  src/preprocessors/HttpInspect/user_interface/hi_ui_server_lookup.c,
 3226 	  src/sfutil/sfPolicy.c,
 3227 	  src/target-based/sftarget_reader.c:
 3228 	  Add a generic DAQ modify flow function to dpd.
 3229 
 3230 	* configure.in,
 3231 	  src/debug.c,
 3232 	  src/decode.c,
 3233 	  src/decode.h,
 3234 	  src/detect.c,
 3235 	  src/detection_filter.c,
 3236 	  src/detection_filter.h,
 3237 	  src/encode.c,
 3238 	  src/fpcreate.c,
 3239 	  src/fpdetect.c,
 3240 	  src/ipv6_port.h,
 3241 	  src/log.c,
 3242 	  src/log_text.c,
 3243 	  src/parser.c,
 3244 	  src/ppm.c,
 3245 	  src/rate_filter.c,
 3246 	  src/sfdaq.c,
 3247 	  src/sfdaq.h,
 3248 	  src/sfthreshold.c,
 3249 	  src/sfthreshold.h,
 3250 	  src/snort.c,
 3251 	  src/snort.h,
 3252 	  src/snort_debug.h,
 3253 	  src/tag.c,
 3254 	  src/util.c,
 3255 	  src/util.h,
 3256 	  src/detection-plugins/sp_ftpbounce.c,
 3257 	  src/detection-plugins/sp_session.c,
 3258 	  src/dynamic-plugins/sf_dynamic_plugins.c,
 3259 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
 3260 	  src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 3261 	  src/dynamic-preprocessors/appid/flow.c,
 3262 	  src/dynamic-preprocessors/appid/flow.h,
 3263 	  src/dynamic-preprocessors/appid/fw_appid.c,
 3264 	  src/dynamic-preprocessors/appid/fw_appid.h,
 3265 	  src/dynamic-preprocessors/appid/hostPortAppCache.c,
 3266 	  src/dynamic-preprocessors/appid/hostPortAppCache.h,
 3267 	  src/dynamic-preprocessors/appid/luaDetectorApi.c,
 3268 	  src/dynamic-preprocessors/appid/luaDetectorFlowApi.c,
 3269 	  src/dynamic-preprocessors/appid/rna_flow.h,
 3270 	  src/dynamic-preprocessors/appid/service_state.c,
 3271 	  src/dynamic-preprocessors/appid/service_state.h,
 3272 	  src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 3273 	  src/dynamic-preprocessors/appid/service_plugins/service_api.h,
 3274 	  src/dynamic-preprocessors/appid/service_plugins/service_base.c,
 3275 	  src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
 3276 	  src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
 3277 	  src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
 3278 	  src/dynamic-preprocessors/appid/service_plugins/service_rshell.c,
 3279 	  src/dynamic-preprocessors/appid/service_plugins/service_snmp.c,
 3280 	  src/dynamic-preprocessors/appid/service_plugins/service_ssl.c,
 3281 	  src/dynamic-preprocessors/appid/service_plugins/service_tftp.c,
 3282 	  src/dynamic-preprocessors/appid/util/ip_funcs.h,
 3283 	  src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 3284 	  src/dynamic-preprocessors/dcerpc2/dce2_config.h,
 3285 	  src/dynamic-preprocessors/ftptelnet/ftp_bounce_lookup.c,
 3286 	  src/dynamic-preprocessors/ftptelnet/ftp_bounce_lookup.h,
 3287 	  src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 3288 	  src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
 3289 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_client_lookup.c,
 3290 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_client_lookup.h,
 3291 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_config.c,
 3292 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_config.h,
 3293 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.c,
 3294 	  src/dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.h,
 3295 	  src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 3296 	  src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 3297 	  src/dynamic-preprocessors/imap/spp_imap.c,
 3298 	  src/dynamic-preprocessors/reputation/reputation_config.c,
 3299 	  src/dynamic-preprocessors/reputation/spp_reputation.c,
 3300 	  src/dynamic-preprocessors/sip/sip_parser.c,
 3301 	  src/dynamic-preprocessors/ssl_common/ssl_ha.c,
 3302 	  src/dynamic-preprocessors/ssl_common/ssl_inspect.c,
 3303 	  src/file-process/file_resume_block.c, 
 3304 	  src/output-plugins/spo_alert_sf_socket.c,
 3305 	  src/output-plugins/spo_log_ascii.c,
 3306 	  src/output-plugins/spo_unified2.c,
 3307 	  src/preprocessors/perf-flow.c,
 3308 	  src/preprocessors/perf-flow.h,
 3309 	  src/preprocessors/portscan.c,
 3310 	  src/preprocessors/portscan.h,
 3311 	  src/preprocessors/session_api.h,
 3312 	  src/preprocessors/sip_common.h,
 3313 	  src/preprocessors/snort_httpinspect.c,
 3314 	  src/preprocessors/snort_httpinspect.h,
 3315 	  src/preprocessors/spp_arpspoof.c,
 3316 	  src/preprocessors/spp_frag3.c,
 3317 	  src/preprocessors/spp_session.c,
 3318 	  src/preprocessors/spp_sfportscan.c,
 3319 	  src/preprocessors/spp_stream6.c,
 3320 	  src/preprocessors/stream_api.h, 
 3321 	  src/preprocessors/HttpInspect/client/hi_client.c, 
 3322 	  src/preprocessors/HttpInspect/files/file_decomp.c, 
 3323 	  src/preprocessors/HttpInspect/include/file_decomp.h, 
 3324 	  src/preprocessors/HttpInspect/include/hi_si.h, 
 3325 	  src/preprocessors/HttpInspect/include/hi_ui_config.h, 
 3326 	  src/preprocessors/HttpInspect/include/hi_ui_server_lookup.h,
 3327 	  src/preprocessors/HttpInspect/session_inspection/hi_si.c, 
 3328 	  src/preprocessors/HttpInspect/user_interface/hi_ui_config.c,
 3329 	  src/preprocessors/HttpInspect/user_interface/hi_ui_server_lookup.c,
 3330 	  src/preprocessors/Session/session_common.h, 
 3331 	  src/preprocessors/Session/session_expect.c,
 3332 	  src/preprocessors/Session/session_expect.h,
 3333 	  src/preprocessors/Session/stream5_ha.c,
 3334 	  src/preprocessors/Session/stream5_ha.h, 
 3335 	  src/preprocessors/Stream6/snort_stream_icmp.c,
 3336 	  src/preprocessors/Stream6/snort_stream_icmp.h,
 3337 	  src/preprocessors/Stream6/snort_stream_tcp.c,
 3338 	  src/preprocessors/Stream6/snort_stream_tcp.h,
 3339 	  src/preprocessors/Stream6/snort_stream_udp.c,
 3340 	  src/preprocessors/Stream6/snort_stream_udp.h,
 3341 	  src/preprocessors/Stream6/stream_paf.c,
 3342 	  src/sfutil/ipobj.c,
 3343 	  src/sfutil/ipobj.h,
 3344 	  src/sfutil/sfPolicy.c,
 3345 	  src/sfutil/sfPolicy.h,
 3346 	  src/sfutil/sf_ip.c,
 3347 	  src/sfutil/sf_ip.h,
 3348 	  src/sfutil/sf_iph.c,
 3349 	  src/sfutil/sf_iph.h,
 3350 	  src/sfutil/sf_ipvar.c,
 3351 	  src/sfutil/sf_ipvar.h,
 3352 	  src/sfutil/sf_vartable.c,
 3353 	  src/sfutil/sfrf.c,
 3354 	  src/sfutil/sfrf.h,
 3355 	  src/sfutil/sfrt.c,
 3356 	  src/sfutil/sfrt.h,
 3357 	  src/sfutil/sfrt_dir.c,
 3358 	  src/sfutil/sfrt_dir.h,
 3359 	  src/sfutil/sfrt_flat.c,
 3360 	  src/sfutil/sfrt_flat.h,
 3361 	  src/sfutil/sfrt_flat_dir.c,
 3362 	  src/sfutil/sfrt_flat_dir.h,
 3363 	  src/sfutil/sfthd.c,
 3364 	  src/sfutil/sfthd.h,
 3365 	  src/sfutil/util_net.c,
 3366 	  src/sfutil/util_net.h,
 3367 	  src/sfutil/test/sf_ip_test.c,
 3368 	  src/sfutil/test/sfrf_test.c,
 3369 	  src/sfutil/test/sfrt_test.c,
 3370 	  src/sfutil/test/sfthd_test.c,
 3371 	  src/side-channel/sidechannel.c,
 3372 	  src/target-based/sftarget_reader.c,
 3373 	  src/target-based/sftarget_reader.h: 
 3374 	  Refactor sfip_t/sfaddr_t code to be compatible with struct in6_addr.
 3375 
 3376 2015-08-13 Rahul Burman <rahburma@cisco.com>
 3377 Snort 2.9.7.6
 3378     * src/build.h:
 3379           updating build number to 285
 3380 
 3381     * src/dynamic-preprocessors/reputation/reputation_config.c:
 3382           Fixed unexpected behaviour in reputation config where blacklist is displayed
 3383           in priority field even though whitelist option is set [reported by Mike Cox].
 3384 
 3385     * src/preprocessors/Stream6/snort_stream_tcp.c:
 3386           Fixed issue where XFF/ExtraData is not always logged when 'drop' rules trigger [reported by Mike Cox].
 3387           Fixed issue in TCP session deletion when being called from Stream5 HA.
 3388 
 3389     * src/: active.h, file-process/file_service.c:
 3390           ACTIVE_DROP is changed to ACTIVE_FORCE_DROP when file_verdict is pending.
 3391 
 3392     * src/dynamic-preprocessors/appid/fw_appid.c:
 3393           Fixed issue where openappid does not provide the Content-Type field for use with CHPAddAction.
 3394 
 3395     * doc/snort_manual.tex:
 3396           Corrected errors in snort_manual.tex [reported by Gabriel Corre].
 3397 
 3398     * preproc_rules/preprocessor.rules
 3399           src/preprocessors/: session_api.h, snort_httpinspect.c,
 3400           HttpInspect/event_output/hi_eo_log.c, HttpInspect/include/hi_eo_events.h
 3401           Stream6/snort_stream_tcp.c:
 3402           Enhancement done to detect 'SSH tunneling over HTTP'.
 3403 
 3404     * src/sfutil/sfportobject.c:
 3405           Fixed Memory leaks [reported by Bill Parker].
 3406 
 3407     * doc/snort_manual.tex:
 3408           Corrected the information about unified2 record structure [reported by Avery Rozar].
 3409 
 3410     * etc/snort.conf, src/preprocessors/snort_httpinspect.c,
 3411 	  src/preprocessors/snort_httpinspect.h,
 3412           src/preprocessors/HttpInspect/client/hi_client.c,
 3413           src/preprocessors/HttpInspect/server/hi_server.c,
 3414           src/preprocessors/Stream6/stream_paf.c:
 3415           Fixed issue where original client IP in intrusion event is incorrectly
 3416           populated with XFF of the last GET request.
 3417 
 3418     * src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
 3419           HttpInspect/server/hi_server.c,
 3420           snort_httpinspect.c, snort_httpinspect.h,
 3421           HttpInspect/server/hi_server.c:
 3422           Http unlimited decompression will now decompress the entire stream.
 3423 
 3424     * src/decode.c:
 3425           Added a check so that min_ttl decoder do not drop packet in alert mode.
 3426 
 3427     * etc/snort.conf, src/preprocessors/snort_httpinspect.c,
 3428           src/preprocessors/snort_httpinspect.h,
 3429           src/preprocessors/HttpInspect/client/hi_client.c,
 3430           src/preprocessors/HttpInspect/server/hi_server.c
 3431           Fixed issue where original client IP in intrusion event is incorrectly populated with XFF of the last GET request.
 3432 
 3433 2015-07-01 Carter Waxman <cwaxman@cisco.com>
 3434 Snort 2.9.7.5
 3435     * src/build.h:
 3436       updating build number to 262
 3437 
 3438     * src/preprocessors/Stream6/snort_stream_tcp.c: 
 3439       Improved handling of asymmetric traffic
 3440 
 3441     * src/active.c: 
 3442       Active responses no longer set the FIN flag on the last segment
 3443       transmitted
 3444 
 3445     * src/dynamic-preprocessors/appid/luaDetectorApi.c:
 3446       Added sanity checks to client api
 3447       
 3448     * doc/snort_manual.pdf,
 3449       src/: dynamic-preprocessors/dcerpc2/dce2_paf.c,
 3450       dynamic-preprocessors/dnp3/dnp3_paf.c,
 3451       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 3452       dynamic-preprocessors/imap/imap_paf.c,
 3453       dynamic-preprocessors/pop/pop_paf.c,
 3454       dynamic-preprocessors/sip/sip_paf.c,
 3455       dynamic-preprocessors/smtp/smtp_paf.c,
 3456       preprocessors/session_api.h, preprocessors/spp_stream6.c,
 3457       preprocessors/stream_api.h,
 3458       preprocessors/HttpInspect/utils/hi_paf.c,
 3459       preprocessors/Session/session_common.h,
 3460       preprocessors/Stream6/snort_stream_tcp.c,
 3461       preprocessors/Stream6/snort_stream_tcp.h,
 3462       preprocessors/Stream6/stream_paf.c,
 3463       preprocessors/Stream6/stream_paf.h: 
 3464       Multiple PAF clients can Read/Write to the same user data
 3465 
 3466     * src/: file-process/file_api.h, file-process/file_mail_common.h,
 3467       file-process/file_mime_process.c,
 3468       sfutil/sf_email_attach_decode.c, sfutil/sf_email_attach_decode.h: 
 3469       Fixed filename parsing from Mime body for UUencoded MIME
 3470 
 3471     * src/preprocessors/perf-base.c,
 3472       src/preprocessors/Stream6/snort_stream_tcp.c: 
 3473       Prunes triggered by timeouts are now accounted by perfmonitor.
 3474 
 3475     * src/preprocessors/spp_session.c: 
 3476       Log warning instead of Fatal Error
 3477       if a stream5_global config is in a non-default policy
 3478       
 3479     * src/detection-plugins/sp_base64_decode.c: 
 3480       Removed unused checks
 3481       
 3482     * src/snort.c:
 3483       Improved reliability of configuration reloads
 3484 
 3485     * src/preprocessors/snort_httpinspect.c: 
 3486       Fixed issue in http
 3487       file processing where SHAs may not always be correct.
 3488 
 3489     * doc/snort_manual.pdf,
 3490       src/sfutil/sf_email_attach_decode.c: 
 3491       Fixed handling new line chars in QP encoding
 3492       
 3493 
 3494     * src/preprocessors/snort_httpinspect.c: 
 3495       Fixed inconsistent behavior when configuring "max_gzip_mem -1"
 3496 
 3497 2015-22-04 Joel Cornett <jocornet@cisco.com>
 3498 Snort 2.9.7.3
 3499     * src/build.h:
 3500       updating build number to 217
 3501 
 3502     * src/: decode.h, detection-plugins/sp_clientserver.c,
 3503       dynamic-plugins/sf_engine/sf_snort_packet.h,
 3504       dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 3505       dynamic-preprocessors/dcerpc2/dce2_session.h,
 3506       dynamic-preprocessors/sdf/spp_sdf.c,
 3507       preprocessors/HttpInspect/server/hi_server.c,
 3508       preprocessors/Stream6/snort_stream_tcp.c,
 3509       preprocessors/snort_httpinspect.c, preprocessors/spp_normalize.c:
 3510       Added mode safety checks to normalization.
 3511       Fixed an issue in PAF where the start of the PDU after flushing was not
 3512       being set correctly in some case.
 3513       Improved Stream reassembly of HTTPS sessions
 3514 
 3515     * src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
 3516       Stability improvements for ftp_telnet preprocessor
 3517 
 3518     * doc/snort_manual.pdf, doc/snort_manual.tex,
 3519       src/detection-plugins/sp_base64_decode.c,
 3520       src/detection-plugins/sp_base64_decode.h,
 3521       src/detection-plugins/sp_file_data.c:
 3522       Improved performance for file preprocessor
 3523       Documentation changes
 3524 
 3525     * src/dynamic-preprocessors/appid/: service_plugins/service_base.c,
 3526       service_state.c:
 3527       Various OpenAppId improvements
 3528 
 3529     * configure.in:
 3530       Fixed issue with configure script handling of -Werror compiler flags
 3531 
 3532     * src/decode.c:
 3533       Improved decoding of IPv6 extensions
 3534 
 3535     * src/detection-plugins/detection_options.c:
 3536       Fixed an issue where the protected_content rule option was not
 3537       backtracking correctly in some cases
 3538 
 3539     * src/snort.c:
 3540       Fixed snort handling of PID files
 3541 
 3542     * tools/: u2openappid/u2openappid.c, u2spewfoo/u2spewfoo.c:
 3543       Fixed usage info.
 3544 
 3545     * src/dynamic-preprocessors/sip/: Makefile.am, sf_sip.dsp, sip_dialog.c,
 3546       sip_parser.c, spp_sip.c:
 3547       Added PAF support for TCP traffic
 3548 
 3549     * src/: log_text.c, log_text.h, output-plugins/spo_alert_fast.c,
 3550       output-plugins/spo_alert_full.c:
 3551       Extended support for OpenAppId logging to cmg and console output loggers
 3552 
 3553     * src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:
 3554       Improved SSLv3 handling for OpenAppId
 3555 
 3556 2014-24-12 Victor Roemer <viroemer@cisco.com>
 3557 Snort 2.9.7.2
 3558     * src/build.h:
 3559       updating build number to 177
 3560 
 3561     * src/preprocessors/Stream6/snort_stream_tcp.c:
 3562 	  Resolved an issue where the inline normalization preprocessor
 3563 	  incorrectly resized packets when 'preprocessor normalize_tcp: trim'
 3564 	  was enabled.
 3565 
 3566     * src/decode.c, src/encode.c:
 3567       Added support for Cisco FabricPath decoding/encoding.
 3568       Ensure flow_id is copied into the DAQ_PktHdr_t.
 3569 
 3570     * src/snort.h, src/sfutil/sfrt.c, src/sfutil/sfrt.h
 3571       src/target-based/sftarget_reader.c:
 3572       Moved ntohl conversion inside of the sfrt api for both IPv4 and IPv6.
 3573 
 3574     * src/target-based/sftarget_protocol_reference.c
 3575       Lookup application protocol id only after the session is established.
 3576       Assign application protocol id to the session when using host attribute table.
 3577 
 3578     * src/util.c:
 3579       Changes for suppressing configuration logging.
 3580 
 3581     * src/file-process/file_service.c:
 3582       Assign the file config to a file context prior to checking if HTTP continuation.
 3583 
 3584 2014-10-10 Carter Waxman <cwaxman@cisco.com>
 3585 Snort 2.9.7.0
 3586     * src/build.h: updating build number to 149
 3587     
 3588     * src/dynamic-preprocessors/appid/spp_appid.c:
 3589       Fixed issue in which AppID would be disabled after a reload.
 3590     
 3591     * configure.in:
 3592       Added dependency for OpenSSL when building with --enable-openappid
 3593     
 3594     * doc/: README.http_inspect, snort_manual.pdf, snort_manual.tex:
 3595       Added documentation for the new Extended X-Forwarded-For
 3596       capabilities
 3597 
 3598     * src/preprocessors/Stream6/snort_stream_tcp.c:
 3599       Reused the TcpSessionCleanup logic to add a function to flush queued unacked segments.
 3600 
 3601 2014-09-15 Joel Cornett <jocornet@cisco.com>
 3602 Snort 2.9.7.0-rc
 3603     * src/build.h:
 3604       updating build number to 147
 3605 
 3606     * configure.in,
 3607       src/sfdaq.c:
 3608       Fixed C99 compliance issue with DAQ.
 3609 
 3610     * src/preprocessors/:
 3611       Stream6/snort_stream_tcp.c,
 3612       spp_session.c:
 3613       Improved stability of TCP session decoding.
 3614 
 3615     * tools/u2streamer/u2streamer.c:
 3616       Improved stability of u2streamer tool.
 3617 
 3618     * src/snort.c:
 3619       Fixed issue with daemonization mode. Thanks to Eugenio Perez
 3620       for noting the issue and proposing a fix.
 3621 
 3622     * src/:
 3623       dynamic-plugins/sf_dynamic_plugins.c,
 3624       dynamic-plugins/sf_dynamic_preprocessor.h,
 3625       preprocessor/Stream6/snort_stream_tcp.c,
 3626       encode.c, encode.h, snort.c, snort.h:
 3627       Added support to detect heartbleed attacks.
 3628 
 3629     * build/dobuild.sh,
 3630       rpm/README.build_rpms, rpm/generate-all-rpms, rpm/snort.spec,
 3631       src/dynamic-preprocessors/appid/Makefile.am:
 3632       Added OpenAppID to snort RPM.
 3633 
 3634     * doc/: README.active, README.file_ips, INSTALL, snort_manual.tex: 
 3635       Updated documentation.
 3636 
 3637     * doc/INSTALL:
 3638       Added common configuration mistakes and fixes to INSTALL.
 3639       Thanks to Bill Parker for the documentation.
 3640 
 3641     * src/dynamic-preprocessors/ftptelnet/pp_ftp.c:
 3642       Improved FTP traffic handling.
 3643 
 3644     * src/dynamic-preprocessors/appid/detector_plugins:
 3645       detector_http.c, detector_imap.c, detector_pop3.c:
 3646       Improved stability of OpenAppID preprocessor parsing HTTP
 3647       headers.
 3648 
 3649     * src/:
 3650       parser.c, snort.c, snort.h, util.c:
 3651       Added a new option `--suppress-config-log` to Snort command
 3652       line arguments. This option suppresses logging of
 3653       configuration information to output.
 3654 
 3655     * src/:
 3656       active.c, active.h,
 3657       preprocessors/Stream6/snort_stream_ip.c,
 3658       preprocessors/Stream6/snort_stream_tcp.c,
 3659       preprocessors/Stream6/snort_stream_udp.c:
 3660       Fixed issue with blacklisting of flow traffic.
 3661 
 3662     * src/preprocessors:
 3663       spp_session.c, spp_stream6.c:
 3664       Improved stability of Stream6 preprocessor.
 3665 
 3666     * configure.in,
 3667       src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 3668       src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
 3669       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 3670       src/dynamic-preprocessors/imap/snort_imap.c,
 3671       src/dynamic-preprocessors/imap/snort_imap.h,
 3672       src/dynamic-preprocessors/pop/snort_pop.c,
 3673       src/dynamic-preprocessors/pop/snort_pop.h,
 3674       src/dynamic-preprocessors/smtp/snort_smtp.c,
 3675       src/dynamic-preprocessors/smtp/snort_smtp.h,
 3676       src/dynamic-preprocessors/ssl_common/ssl_include.h,
 3677       src/dynamic-preprocessors/ssl_common/ssl_inspect.c,
 3678       src/dynamic-preprocessors/ssl_common/ssl_session.h,
 3679       src/encode.c:
 3680       Fixed encoding issue with DAQ packet headers.
 3681 
 3682     * doc/README.ssl,
 3683       doc/snort_manual.pdf,
 3684       doc/snort_manual.tex,
 3685       etc/gen-msg.map,
 3686       preproc_rules/preprocessor.rules,
 3687       src/dynamic-preprocessors/ssl_common/ssl.c,
 3688       src/dynamic-preprocessors/ssl_common/ssl.h,
 3689       src/dynamic-preprocessors/ssl_common/ssl_config.c,
 3690       src/dynamic-preprocessors/ssl_common/ssl_config.h,
 3691       src/dynamic-preprocessors/ssl_common/ssl_inspect.c,
 3692       src/dynamic-preprocessors/ssl_common/ssl_inspect.h,
 3693       src/dynamic-preprocessors/ssl_common/ssl_session.h:
 3694       Added support to detect heartbleed attacks.
 3695 
 3696     * doc/snort_manual.tex,
 3697       src/dynamic-examples/dynamic-rule/detection_lib_meta.h,
 3698       src/dynamic-plugins/sf_dynamic_engine.h,
 3699       src/dynamic-plugins/sf_dynamic_meta.h,
 3700       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 3701       src/dynamic-plugins/sf_engine/examples/detection_lib_meta.h,
 3702       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 3703       src/preprocessors/Stream6/snort_stream_tcp.c,
 3704       src/decode.c, src/decode.h, src/encode.c, src/parser.c,
 3705       src/parser.h, src/snort.c, src/snort.h:
 3706       Added a new config option `max_ip6_extensions` to change the
 3707       maximum number of IPv6 extension headers decoded. Thanks to
 3708       Antonio Atlasis for providing data to the ChangeLog.
 3709 
 3710     * src/dynamic-preprocessors/modbus/:
 3711       modbus_paf.h, modbus_roptions.c, spp_modbus.c:
 3712       Improved traffic handling by modbus preprocessor
 3713 
 3714     * src/:
 3715       dynamic-preprocessors/dns/spp_dns.c,
 3716       dynamic-preprocessors/imap/spp_imap.c,
 3717       dynamic-preprocessors/pop/spp_pop.c,
 3718       dynamic-preprocessors/smtp/spp_smtp.c,
 3719       dynamic-preprocessors/ssh/spp_ssh.c,
 3720       preprocessors/spp_session.c:
 3721       Fixed issue with stream configuration state changing across
 3722       reloads. Thanks to Eugenio Perez for noting the issue.
 3723 
 3724     * src/dynamic-preprocessors/appid/Makefile.am:
 3725       Fixed compilation issue with OpenAppID on OpenBSD.
 3726 
 3727     * src/plugbase.c:
 3728       Improved implementation of plugin API.
 3729 
 3730     * src:
 3731       detection-plugins/sp_ftpbounce.c,
 3732       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
 3733       Improved stability of FTP preprocessor.
 3734 
 3735     * configure.in,
 3736       src/dynamic-preprocessors/appid/appIdConfig.c,
 3737       src/dynamic-preprocessors/appid/appIdConfig.h,
 3738       src/dynamic-preprocessors/appid/flow.h,
 3739       src/dynamic-preprocessors/appid/fw_appid.c,
 3740       src/dynamic-preprocessors/appid/fw_appid.h,
 3741       src/dynamic-preprocessors/appid/luaDetectorApi.h:
 3742       Fixed compilation issues with OpenAppID on Mac OS X.
 3743 
 3744     * src/preprocessors/:
 3745       perf-flow.c, spp_perfmonitor.c:
 3746       Minimum flow-ip-memcap changed to 8200.
 3747 
 3748     * src/sf_sdlist.c:
 3749       Fixed implementation of `sf_sdlist`. Thanks to Yang Zhang
 3750       for noting the issue.
 3751 
 3752     * src/:
 3753       preprocessors/Stream6/snort_stream_tcp.c,
 3754       preprocessors/spp_frag3.c,
 3755       preprocessors/spp_normalize.c:
 3756       active.h, decode.c,
 3757       Check checksum configuration as well as na_policy_mode
 3758       setting before drop.
 3759 
 3760     * src/preprocessors/snort_httpinspect.c:
 3761       Improved handling in HTTPInspect preprocessor.
 3762 
 3763     * src/sfutil/mpse.c:
 3764       Fixed building snort with --disable-perfprofiling. Thanks to
 3765       Yonatan Ben-David for noting the issue.
 3766 
 3767     * src:
 3768       encode.c, encode.h:
 3769       Fixed ICMPv6 encoding issue.
 3770 
 3771     * etc/snort.conf,
 3772       src/detection-plugins/sp_file_type.c,
 3773       src/dynamic-preprocessors/Makefile.am,
 3774       src/dynamic-preprocessors/ftptelnet/Makefile.am,
 3775       src/dynamic-preprocessors/imap/Makefile.am,
 3776       src/dynamic-preprocessors/pop/Makefile.am,
 3777       src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 3778       src/dynamic-preprocessors/smtp/Makefile.am,
 3779       src/dynamic-preprocessors/ssl/Makefile.am,
 3780       src/preprocessors/Session/Makefile.am,
 3781       src/win32/WIN32-Prj/sf_engine.dsp,
 3782       src/win32/WIN32-Prj/snort.dsp,
 3783       src/win32/WIN32-Prj/snort.dsw,
 3784       src/win32/WIN32-Prj/snort_installer.nsi:
 3785       Fixed Win32 and distcheck build issues.
 3786 
 3787     * doc/OpenDetectorDeveloperGuide.docx,
 3788       doc/OpenDetectorDeveloperGuide.pdf,
 3789       src/dynamic-preprocessors/appid/Makefile.am,
 3790       src/dynamic-preprocessors/appid/appInfoTable.c,
 3791       src/dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 3792       src/dynamic-preprocessors/appid/detector_plugins/detector_http.h,
 3793       src/dynamic-preprocessors/appid/fw_appid.c,
 3794       src/dynamic-preprocessors/appid/httpCommon.h,
 3795       src/dynamic-preprocessors/appid/luaDetectorApi.c,
 3796       src/dynamic-preprocessors/appid/service_plugins/service_base.c,
 3797       src/dynamic-preprocessors/appid/service_plugins/service_rtmp.c,
 3798       src/dynamic-preprocessors/appid/service_plugins/service_rtmp.h:
 3799       Added RTMP detector (w/ metadata) to OpenAppID and updated
 3800       Lua API.
 3801 
 3802 2014-06-04 Carter Waxman <cwaxman@cisco.com>
 3803 Snort 2.9.7.0.beta
 3804     * src/build.h:
 3805       updating build number to 109
 3806 
 3807     * src/: detection-plugins/sp_base64_decode.c,
 3808       dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
 3809       Use correct buffer size for base64 decoding.
 3810       Fix the bound check for base64_decode rule. Thanks Joshua providing the
 3811       patch.
 3812 
 3813     * src/: detect.c,
 3814       dynamic-preprocessors/reputation/spp_reputation.c,
 3815       dynamic-preprocessors/reputation/shmem/shmem_config.h,
 3816       dynamic-preprocessors/reputation/shmem/shmem_mgmt.c,
 3817       preprocessors/session_api.h, preprocessors/spp_session.c:
 3818       Improved reputation performance by only checking IPs once per
 3819       session. Changed control socket to respond 0 when reloading empty IP
 3820       reputation lists. Avoid registering reputation preprocessor when there are no IP lists
 3821 
 3822     * src/: active.c, fpdetect.c,
 3823       dynamic-preprocessors/dcerpc2/dce2_smb.c,
 3824       file-process/file_resume_block.c: 
 3825       Fixed build issue when configuring with --disable-active-response
 3826       --disable-react --disable-flexresp3 (Reported by Jeremy Hoel)
 3827 
 3828     * src/parser.c
 3829       src/preprocessors/Session/stream5_ha.c,
 3830       src/preprocessors/Stream6/snort_stream_icmp.c,
 3831       src/preprocessors/Stream6/snort_stream_tcp.c,
 3832       src/preprocessors/Stream6/snort_stream_udp.c,
 3833       src/preprocessors/spp_session.c:
 3834       Fixed configuration parsing issues.
 3835 
 3836     * src/: fpcreate.c, fpdetect.c:
 3837       Fixed rule protocol mapping when using target-based detection.
 3838 
 3839     * src/preprocessors/perf-base.c: 
 3840       Added field in now files for number of normalizers used.
 3841 
 3842     * src/preprocessors/Stream6/snort_stream_tcp.c:
 3843       Fix handling of data on syn for Mac OSX reassembly.
 3844 
 3845     * src/dynamic-plugins/sf_dynamic_plugins.c:
 3846       Remove optional field check to improve compatiblity for DragonFlyBSD.
 3847       Thanks Joshua Kinard providing patch.
 3848 
 3849     * src/detect.c:
 3850       Fixed AppID not correctly handling packets without sessions (Discovered by
 3851       James Lay)
 3852 
 3853     * src/preprocessors/snort_httpinspect.c:
 3854       Fixed issue with HTTP session data handling. (Discovered by James Lay)
 3855 
 3856     * src/snort.c:
 3857       Fixed parsing of custom rule types on reload.
 3858 
 3859     * src/util.c:
 3860       Fixed timestamp arithmetic error (Reported by David Turnbull)
 3861 
 3862     * src/: sf_protocols.h, preprocessors/perf-base.c,
 3863       preprocessors/perf-base.h, preprocessors/session_api.h,
 3864       preprocessors/spp_session.c, preprocessors/spp_stream6.c,
 3865       preprocessors/stream_api.h,
 3866       preprocessors/Stream6/stream_common.c,
 3867       preprocessors/Stream6/stream_common.h:
 3868       Fixed IP protocol number type (Reported by Joshua Kinard)
 3869 
 3870     * src/: strlcatu.h, strlcpyu.h:
 3871       Wrap function signatures for strlcat/strlcpy.  Thanks to James
 3872       Golab for reporting the issue.
 3873 
 3874      * doc/: snort_manual.pdf, snort_manual.tex:
 3875       Typos fixed (Credit to Jenah J. Sigurdson)
 3876     
 3877     * src/: encode.h, parser.c, dynamic-preprocessors/imap/imap_paf.c,
 3878       dynamic-preprocessors/pop/pop_paf.c,
 3879       dynamic-preprocessors/smtp/smtp_paf.c,
 3880       file-process/file_mail_common.h, preprocessors/stream_api.h,
 3881       preprocessors/Stream6/stream_paf.c:
 3882       Fixed PAF flushing behavior when encountering gaps.
 3883       paf_max now has a hard flush limit of ~64,000. Email protocols will
 3884       flush within 1500 characters of paf_max.
 3885 
 3886     * src/: dynamic-preprocessors/dns/spp_dns.c,
 3887       dynamic-preprocessors/imap/snort_imap.c,
 3888       dynamic-preprocessors/pop/snort_pop.c,
 3889       preprocessors/session_api.h, preprocessors/spp_rpc_decode.c,
 3890       preprocessors/spp_session.c,
 3891       preprocessors/Stream6/snort_stream_tcp.c:
 3892       Changed flushing to use receiver's flush policy in all functions.
 3893       Updated POP, IMAP, DNS, RPC, and SSL to use the correct directions.
 3894       Added SSN_TO_SERVER(SSN_FROM_CLIENT) and SSN_TO_CLIENT(SSN_FROM_SERVER)
 3895       to make code more readable (Discovered by John Enure).
 3896 
 3897     * src/detection_util.c:
 3898       Fixed Http buffer name initialization.
 3899 
 3900     * src/preprocessors/HttpInspect/normalization/hi_norm.c:
 3901       Fixed URI parsing and normalization.
 3902 
 3903     * doc/README.file_ips, src/plugbase.c, src/rule_option_types.h,
 3904       src/detection-plugins/Makefile.am,
 3905       src/detection-plugins/detection_options.c,
 3906       src/detection-plugins/sp_file_type.c,
 3907       src/file-process/file_api.h, src/file-process/file_service.c,
 3908       src/file-process/libs/file_config.c,
 3909       src/file-process/libs/file_config.h,
 3910       src/file-process/libs/file_identifier.c,
 3911       src/file-process/libs/file_lib.c,
 3912       src/file-process/libs/file_lib.h:
 3913       Allow registration of the same file type callback.
 3914       Harden file_type and file_group rule options.
 3915       Fix file id to always use the matched file id.
 3916       File identifier rule options 'type' and 'ver' no longer accept
 3917       arbitrary ASCII characters as valid arguments, only
 3918       permitting [A-Za-z0-9_.] characters.
 3919       Snort's 'file_type' rule option now checks for trailing comma (,)
 3920       and pipe (|) separators and other typo like mistakes.
 3921 
 3922     * configure.in,
 3923       src/active.c,
 3924       src/active.h,
 3925       src/decode.c,
 3926       src/detection-plugins/detection_options.c,
 3927       src/detection-plugins/sp_replace.c,
 3928       src/dynamic-plugins/sf_dynamic_plugins.c,
 3929       src/parser.c,
 3930       src/parser.h,
 3931       src/preprocessors/Stream6/snort_stream_tcp.c,
 3932       src/preprocessors/normalize.c,
 3933       src/preprocessors/normalize.h,
 3934       src/preprocessors/perf-base.c,
 3935       src/preprocessors/perf-base.h,
 3936       src/preprocessors/spp_normalize.c,
 3937       src/preprocessors/spp_normalize.h,
 3938       src/preprocessors/spp_session.c,
 3939       src/snort.c,
 3940       src/snort.h:
 3941       Added would-normalize normalization statistics for inline_test mode.
 3942       Normalization behavior now enabled / configured using na_policy_mode.
 3943       Fix typos in spp_normalize.c (Thanks to Gregory S Thomas for mentioning).
 3944 
 3945     * doc/README.normalize, doc/snort_manual.pdf, doc/snort_manual.tex,
 3946       src/preprocessors/normalize.c, src/preprocessors/perf-base.c,
 3947       src/preprocessors/perf-base.h, src/preprocessors/spp_normalize.c,
 3948       src/preprocessors/spp_normalize.h,
 3949       src/preprocessors/Stream6/snort_stream_tcp.c:
 3950       TCP normalization configurations have been split into more granular options.
 3951       URP normalization is now ENABLED with the "urp" keyword instead of
 3952       DISABLED. New performance monitor stats have been introduced for these
 3953       changes.
 3954 
 3955     * src/decode.h,
 3956       src/detect.c,
 3957       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 3958       src/preprocessors/Session/session_expect.c,
 3959       src/preprocessors/Stream6/snort_stream_tcp.c,
 3960       src/preprocessors/spp_stream6.c,
 3961       src/preprocessors/stream_api.h:
 3962       Changed priority of ftp-telnet reassembly to improve performance.
 3963       Process end of file data correctly for ftp data channel.
 3964 
 3965     * etc/file_magic.conf, 
 3966       src/sfutil/sf_email_attach_decode.c:
 3967       File type UUENCODED is now all caps.
 3968       Set file data pointer correctly after UU decoding ends.
 3969 
 3970     * src/: dynamic-preprocessors/imap/imap_config.c,
 3971       dynamic-preprocessors/pop/pop_config.c,
 3972       dynamic-preprocessors/smtp/smtp_config.c,
 3973       file-process/file_mime_config.c, file-process/file_mime_config.h:
 3974       +0 and -0 are no longer valid values for decoding depth.
 3975     
 3976     * src/dynamic-preprocessors/dnp3/spp_dnp3.c:
 3977       Validate DNP3 packets before processing.
 3978     
 3979     * src/: snort.c, snort.h, sfutil/intel-soft-cpm.c,
 3980       sfutil/intel-soft-cpm.h:
 3981       Fixed issues during reload.
 3982 
 3983     * configure.in,
 3984       doc/README.http_inspect,
 3985       doc/snort_manual.pdf,
 3986       doc/snort_manual.tex,
 3987       etc/gen-msg.map,
 3988       preproc_rules/preprocessor.rules,
 3989       src/generators.h,
 3990       src/preprocessors/HttpInspect/Makefile.am,
 3991       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 3992       src/preprocessors/HttpInspect/files/Makefile.am,
 3993       src/preprocessors/HttpInspect/files/file_decomp.c,
 3994       src/preprocessors/HttpInspect/files/file_decomp_PDF.c,
 3995       src/preprocessors/HttpInspect/files/file_decomp_SWF.c,
 3996       src/preprocessors/HttpInspect/files/include/file_decomp.h,
 3997       src/preprocessors/HttpInspect/files/include/file_decomp_PDF.h
 3998       src/preprocessors/HttpInspect/include/Makefile.am,
 3999       src/preprocessors/HttpInspect/include/file_decomp.h,
 4000       src/preprocessors/HttpInspect/include/file_decomp_PDF.h,
 4001       src/preprocessors/HttpInspect/include/file_decomp_SWF.h,
 4002       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 4003       src/preprocessors/HttpInspect/include/hi_include.h,
 4004       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 4005       src/preprocessors/HttpInspect/server/hi_server.cr,
 4006       src/preprocessors/snort_httpinspect.c,
 4007       src/preprocessors/snort_httpinspect.h,
 4008       src/preprocessors/spp_httpinspect.c,
 4009       src/util.c:
 4010       Added ability for HttpInspect to decompress DEFLATE and LZMA encoded
 4011       SWF content and DEFLATE encoded pdf content.
 4012 
 4013     * src/preprocessors/spp_perfmonitor.c:
 4014       Fixed race condition in perf montitor during reload.
 4015 
 4016     * src/preprocessors/HttpInspect/client/hi_client.c,
 4017       src/preprocessors/HttpInspect/include/hi_client.h,
 4018       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 4019       src/preprocessors/HttpInspect/user_interface/hi_ui_config.c,
 4020       src/preprocessors/snort_httpinspect.c:
 4021       Added Enhanced XFF support to HttpInspect.
 4022 
 4023     * src/profiler.c:
 4024       Fixed duplicate profiler entries when using multiple policies.
 4025 
 4026     * configure.in, src/Makefile.am, src/dump.c, src/dump.h,
 4027       src/snort.c, src/control/sfcontrol.h, tools/control/Makefile.am,
 4028       tools/control/README.snort_dump_packets_control,
 4029       tools/control/sfcontrol.c, tools/control/snort_dump_packets.c:
 4030       Added control socket command to dump packets.
 4031 
 4032     * src/: preprocessors/snort_httpinspect.c,
 4033       preprocessors/snort_httpinspect.h,
 4034       preprocessors/HttpInspect/client/hi_client.c,
 4035       preprocessors/HttpInspect/include/hi_ui_config.h,
 4036       preprocessors/HttpInspect/include/hi_ui_iis_unicode_map.h,
 4037       preprocessors/HttpInspect/session_inspection/hi_si.c,
 4038       preprocessors/HttpInspect/user_interface/hi_ui_config.c,
 4039       preprocessors/HttpInspect/user_interface/hi_ui_iis_unicode_map.c,
 4040       sfutil/util_jsnorm.c, sfutil/util_jsnorm.h:
 4041       Removed dead max_pipeline and inspection_type configurations.
 4042       Improved memory efficiency of unicode->ascii map.
 4043       Expanded possible number of preprocessor alerts for HttpInspect from 31 to 63.
 4044 
 4045     * src/dynamic-preprocessors/sdf/sdf_pattern_match.c:
 4046       Fixed FindPiiRecursively to better handle partial matches.
 4047 
 4048     * src/dynamic-preprocessors/sip/sip_parser.c:
 4049       Fixed handling SDP when caller and callee have identical session
 4050       ids.
 4051 
 4052     * src/: dynamic-preprocessors/Makefile.am,
 4053       dynamic-preprocessors/sip/sip_config.h,
 4054       dynamic-preprocessors/sip/sip_dialog.c,
 4055       dynamic-preprocessors/sip/spp_sip.h, preprocessors/Makefile.am,
 4056       preprocessors/sip_common.h, preprocessors/spp_stream6.c,
 4057       preprocessors/stream_api.h:
 4058       Support better SIP parsing and call handling.
 4059     
 4060     * Makefile.am,
 4061       configure.in,
 4062       doc/Makefile.am,
 4063       doc/README,
 4064       doc/README.frag3,
 4065       doc/USAGE,
 4066       doc/WISHLIST,
 4067       doc/snort_manual.tex,
 4068       dynamic-plugins/sf_dynamic_plugins.c,
 4069       dynamic-plugins/sf_dynamic_preprocessor.h,
 4070       dynamic-preprocessors/ftptelnet/ftpp_si.c,
 4071       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 4072       dynamic-preprocessors/imap/snort_imap.c,
 4073       dynamic-preprocessors/pop/snort_pop.c,
 4074       dynamic-preprocessors/smtp/snort_smtp.c,
 4075       dynamic-preprocessors/ssl_common/ssl_config.c,
 4076       dynamic-preprocessors/ssl_common/ssl_include.h,
 4077       dynamic-preprocessors/ssl_common/ssl_inspect.c,
 4078       etc/Makefile.am,
 4079       etc/gen-msg.map,
 4080       libs/ssl_include.h,
 4081       rpm/snort.spec,
 4082       snort.8,
 4083       src/Makefile.am,
 4084       src/active.c,
 4085       src/active.h,
 4086       src/byte_extract.c,
 4087       src/checksum.h,
 4088       src/debug.c,
 4089       src/decode.c,
 4090       src/decode.h,
 4091       src/detect.c,
 4092       src/detect.h,
 4093       src/detection-plugins/detection_options.c,
 4094       src/detection-plugins/detection_options.h,
 4095       src/detection-plugins/sp_asn1.c,
 4096       src/detection-plugins/sp_asn1_detect.c,
 4097       src/detection-plugins/sp_byte_check.c,
 4098       src/detection-plugins/sp_byte_check.h,
 4099       src/detection-plugins/sp_byte_jump.c,
 4100       src/detection-plugins/sp_byte_jump.h,
 4101       src/detection-plugins/sp_clientserver.c,
 4102       src/detection-plugins/sp_clientserver.h,
 4103       src/detection-plugins/sp_dsize_check.c,
 4104       src/detection-plugins/sp_dsize_check.h,
 4105       src/detection-plugins/sp_flowbits.c,
 4106       src/detection-plugins/sp_flowbits.h,
 4107       src/detection-plugins/sp_ftpbounce.c,
 4108       src/detection-plugins/sp_ftpbounce.h,
 4109       src/detection-plugins/sp_icmp_code_check.c,
 4110       src/detection-plugins/sp_icmp_code_check.h,
 4111       src/detection-plugins/sp_icmp_id_check.c,
 4112       src/detection-plugins/sp_icmp_id_check.h,
 4113       src/detection-plugins/sp_icmp_seq_check.c,
 4114       src/detection-plugins/sp_icmp_seq_check.h,
 4115       src/detection-plugins/sp_icmp_type_check.c,
 4116       src/detection-plugins/sp_icmp_type_check.h,
 4117       src/detection-plugins/sp_ip_fragbits.c,
 4118       src/detection-plugins/sp_ip_fragbits.h,
 4119       src/detection-plugins/sp_ip_id_check.c,
 4120       src/detection-plugins/sp_ip_id_check.h,
 4121       src/detection-plugins/sp_ip_proto.c,
 4122       src/detection-plugins/sp_ip_proto.h,
 4123       src/detection-plugins/sp_ip_same_check.c,
 4124       src/detection-plugins/sp_ip_same_check.h,
 4125       src/detection-plugins/sp_ip_tos_check.c,
 4126       src/detection-plugins/sp_ip_tos_check.h,
 4127       src/detection-plugins/sp_ipoption_check.c,
 4128       src/detection-plugins/sp_ipoption_check.h,
 4129       src/detection-plugins/sp_isdataat.c,
 4130       src/detection-plugins/sp_isdataat.h,
 4131       src/detection-plugins/sp_pattern_match.c,
 4132       src/detection-plugins/sp_pattern_match.h,
 4133       src/detection-plugins/sp_pcre.c,
 4134       src/detection-plugins/sp_react.c,
 4135       src/detection-plugins/sp_react.h,
 4136       src/detection-plugins/sp_replace.c,
 4137       src/detection-plugins/sp_replace.h,
 4138       src/detection-plugins/sp_respond.h,
 4139       src/detection-plugins/sp_respond3.c,
 4140       src/detection-plugins/sp_rpc_check.c,
 4141       src/detection-plugins/sp_rpc_check.h,
 4142       src/detection-plugins/sp_session.c,
 4143       src/detection-plugins/sp_session.h,
 4144       src/detection-plugins/sp_tcp_ack_check.c,
 4145       src/detection-plugins/sp_tcp_ack_check.h,
 4146       src/detection-plugins/sp_tcp_flag_check.c,
 4147       src/detection-plugins/sp_tcp_flag_check.h,
 4148       src/detection-plugins/sp_tcp_seq_check.c,
 4149       src/detection-plugins/sp_tcp_seq_check.h,
 4150       src/detection-plugins/sp_tcp_win_check.c,
 4151       src/detection-plugins/sp_tcp_win_check.h,
 4152       src/detection-plugins/sp_ttl_check.c,
 4153       src/detection-plugins/sp_ttl_check.h,
 4154       src/detection_filter.c,
 4155       src/detection_filter.h,
 4156       src/detection_util.c,
 4157       src/detection_util.h,
 4158       src/dynamic-examples/Makefile.am,
 4159       src/dynamic-plugins/sf_convert_dynamic.c,
 4160       src/dynamic-plugins/sf_convert_dynamic.h,
 4161       src/dynamic-plugins/sf_dynamic_plugins.c,
 4162       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 4163       src/dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.c,
 4164       src/dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.h,
 4165       src/dynamic-plugins/sf_preproc_example/spp_nfs_setup.c,
 4166       src/dynamic-plugins/sf_preproc_example/spp_nfs_setup.h,
 4167       src/dynamic-plugins/sf_src/dynamic_plugins.c,
 4168       src/dynamic-plugins/sf_src/dynamic_preprocessor.h,
 4169       src/dynamic-plugins/sp_dynamic.c,
 4170       src/dynamic-plugins/sp_dynamic.h,
 4171       src/dynamic-plugins/sp_preprocopt.c,
 4172       src/dynamic-plugins/sp_preprocopt.h,
 4173       src/dynamic-preprocessors/Makefile.am,
 4174       src/dynamic-preprocessors/ftptelnet/Makefile.am,
 4175       src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 4176       src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
 4177       src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 4178       src/dynamic-preprocessors/ftptelnet/pp_telnet.c,
 4179       src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.dsp,
 4180       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 4181       src/dynamic-preprocessors/imap/Makefile.am,
 4182       src/dynamic-preprocessors/imap/imap_config.c,
 4183       src/dynamic-preprocessors/imap/imap_config.h,
 4184       src/dynamic-preprocessors/imap/imap_log.c,
 4185       src/dynamic-preprocessors/imap/imap_log.h,
 4186       src/dynamic-preprocessors/imap/imap_util.c,
 4187       src/dynamic-preprocessors/imap/imap_util.h,
 4188       src/dynamic-preprocessors/imap/sf_imap.dsp,
 4189       src/dynamic-preprocessors/imap/snort_imap.c,
 4190       src/dynamic-preprocessors/imap/snort_imap.h,
 4191       src/dynamic-preprocessors/imap/spp_imap.c,
 4192       src/dynamic-preprocessors/imap/spp_imap.h,
 4193       src/dynamic-preprocessors/libs/Makefile.am,
 4194       src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.dsp,
 4195       src/dynamic-preprocessors/libs/ssl.c,
 4196       src/dynamic-preprocessors/libs/ssl.h,
 4197       src/dynamic-preprocessors/libs/ssl_include.h,
 4198       src/dynamic-preprocessors/pop/Makefile.am,
 4199       src/dynamic-preprocessors/pop/pop_config.c,
 4200       src/dynamic-preprocessors/pop/pop_config.h,
 4201       src/dynamic-preprocessors/pop/pop_log.c,
 4202       src/dynamic-preprocessors/pop/pop_log.h,
 4203       src/dynamic-preprocessors/pop/pop_util.c,
 4204       src/dynamic-preprocessors/pop/pop_util.h,
 4205       src/dynamic-preprocessors/pop/sf_pop.dsp,
 4206       src/dynamic-preprocessors/pop/snort_pop.c,
 4207       src/dynamic-preprocessors/pop/snort_pop.h,
 4208       src/dynamic-preprocessors/pop/spp_pop.c,
 4209       src/dynamic-preprocessors/pop/spp_pop.h,
 4210       src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.c,
 4211       src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.h,
 4212       src/dynamic-preprocessors/reputation/shmem/shmem_common.h,
 4213       src/dynamic-preprocessors/reputation/shmem/shmem_config.c,
 4214       src/dynamic-preprocessors/reputation/shmem/shmem_config.h,
 4215       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c,
 4216       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.h,
 4217       src/dynamic-preprocessors/reputation/shmem/shmem_lib.c,
 4218       src/dynamic-preprocessors/reputation/shmem/shmem_lib.h,
 4219       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c,
 4220       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.h,
 4221       src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 4222       src/dynamic-preprocessors/sip/sf_sip.dsp,
 4223       src/dynamic-preprocessors/smtp/Makefile.am,
 4224       src/dynamic-preprocessors/smtp/sf_smtp.dsp,
 4225       src/dynamic-preprocessors/smtp/snort_smtp.c,
 4226       src/dynamic-preprocessors/smtp/snort_smtp.h,
 4227       src/dynamic-preprocessors/ssl/Makefile.am,
 4228       src/dynamic-preprocessors/ssl/sf_ssl.dsp,
 4229       src/dynamic-preprocessors/ssl_common/ssl.c,
 4230       src/dynamic-preprocessors/ssl_common/ssl.h,
 4231       src/dynamic-preprocessors/ssl_common/ssl_config.c,
 4232       src/dynamic-preprocessors/ssl_common/ssl_config.h,
 4233       src/dynamic-preprocessors/ssl_common/ssl_ha.c,
 4234       src/dynamic-preprocessors/ssl_common/ssl_ha.h,
 4235       src/dynamic-preprocessors/ssl_common/ssl_include.h,
 4236       src/dynamic-preprocessors/ssl_common/ssl_inspect.c,
 4237       src/dynamic-preprocessors/ssl_common/ssl_inspect.h,
 4238       src/dynamic-preprocessors/ssl_common/ssl_session.h,
 4239       src/encode.c,
 4240       src/encode.h,
 4241       src/event.h,
 4242       src/event_queue.c,
 4243       src/event_wrapper.c,
 4244       src/fpcreate.c,
 4245       src/fpcreate.h,
 4246       src/fpdetect.c,
 4247       src/fpdetect.h,
 4248       src/generators.h,
 4249       src/hashstring.c,
 4250       src/hashstring.h,
 4251       src/idle_processing.c,
 4252       src/log.c,
 4253       src/log.h,
 4254       src/log_text.c,
 4255       src/mempool.c,
 4256       src/mempool.h,
 4257       src/mstring.c,
 4258       src/mstring.h,
 4259       src/output-plugins/spo_alert_fast.c,
 4260       src/output-plugins/spo_alert_fast.h,
 4261       src/output-plugins/spo_alert_full.c,
 4262       src/output-plugins/spo_alert_full.h,
 4263       src/output-plugins/spo_alert_sf_socket.c,
 4264       src/output-plugins/spo_alert_syslog.c,
 4265       src/output-plugins/spo_alert_syslog.h,
 4266       src/output-plugins/spo_alert_test.c,
 4267       src/output-plugins/spo_alert_test.h,
 4268       src/output-plugins/spo_alert_unixsock.c,
 4269       src/output-plugins/spo_alert_unixsock.h,
 4270       src/output-plugins/spo_csv.c,
 4271       src/output-plugins/spo_csv.h,
 4272       src/output-plugins/spo_log_ascii.c,
 4273       src/output-plugins/spo_log_ascii.h,
 4274       src/output-plugins/spo_log_null.c,
 4275       src/output-plugins/spo_log_null.h,
 4276       src/output-plugins/spo_log_tcpdump.c,
 4277       src/output-plugins/spo_log_tcpdump.h,
 4278       src/output-plugins/spo_unified2.h,
 4279       src/packet_time.c,
 4280       src/parser.c,
 4281       src/parser.h,
 4282       src/parser/IpAddrSet.c,
 4283       src/parser/IpAddrSet.h,
 4284       src/pcrm.c,
 4285       src/pcrm.h,
 4286       src/plugbase.c,
 4287       src/plugbase.h,
 4288       src/plugin_enum.h,
 4289       src/ppm.c,
 4290       src/preprocessors/HttpInspect/include/hi_client.h,
 4291       src/preprocessors/HttpInspect/include/hi_paf.h,
 4292       src/preprocessors/HttpInspect/utils/hi_paf.c,
 4293       src/preprocessors/Session/stream5_ha.c,
 4294       src/preprocessors/normalize.c,
 4295       src/preprocessors/normalize.h,
 4296       src/preprocessors/perf-base.c,
 4297       src/preprocessors/perf-base.h,
 4298       src/preprocessors/perf-event.c,
 4299       src/preprocessors/perf-event.h,
 4300       src/preprocessors/perf-flow.c,
 4301       src/preprocessors/perf-flow.h,
 4302       src/preprocessors/perf.c,
 4303       src/preprocessors/perf.h,
 4304       src/preprocessors/session_api.h
 4305       src/preprocessors/sfprocpidstats.c,
 4306       src/preprocessors/sfprocpidstats.h,
 4307       src/preprocessors/spp_arpspoof.c,
 4308       src/preprocessors/spp_arpspoof.h,
 4309       src/preprocessors/spp_bo.c,
 4310       src/preprocessors/spp_bo.h,
 4311       src/preprocessors/spp_frag3.c,
 4312       src/preprocessors/spp_frag3.h,
 4313       src/preprocessors/spp_normalize.c,
 4314       src/preprocessors/spp_normalize.h,
 4315       src/preprocessors/spp_perfmonitor.c,
 4316       src/preprocessors/spp_perfmonitor.h,
 4317       src/preprocessors/spp_rpc_decode.c,
 4318       src/preprocessors/spp_rpc_decode.h,
 4319       src/preprocessors/spp_session.c,
 4320       src/preprocessors/spp_stream5.c,
 4321       src/preprocessors/spp_stream5.h,
 4322       src/preprocessors/stream_api.c,
 4323       src/preprocessors/stream_api.h,
 4324       src/preprocessors/stream_expect.c,
 4325       src/preprocessors/stream_expect.h,
 4326       src/profiler.c,
 4327       src/profiler.h,
 4328       src/rate_filter.c,
 4329       src/rate_filter.h,
 4330       src/rules.h,
 4331       src/sf_protocols.h,
 4332       src/sf_sdlist.c,
 4333       src/sf_sdlist.h,
 4334       src/sf_sdlist_types.h,
 4335       src/sfdaq.c,
 4336       src/sfdaq.h,
 4337       src/sfthreshold.c,
 4338       src/sfutil/acsmx.c,
 4339       src/sfutil/acsmx.h,
 4340       src/sfutil/acsmx2.c,
 4341       src/sfutil/bitop.h,
 4342       src/sfutil/bitop_funcs.h,
 4343       src/sfutil/getopt.h,
 4344       src/sfutil/mpse.c,
 4345       src/sfutil/mpse.h,
 4346       src/sfutil/sf_email_attach_decode.c,
 4347       src/sfutil/sf_email_attach_decode.h,
 4348       src/sfutil/sf_ip.c,
 4349       src/sfutil/sf_iph.c,
 4350       src/sfutil/sf_sechash.c,
 4351       src/sfutil/sf_sechash.h,
 4352       src/sfutil/sha2.h,
 4353       src/sfutil/util_jsnorm.c,
 4354       src/sfutil/util_jsnorm.h,
 4355       src/sfutil/util_unfold.c,
 4356       src/sfutil/util_unfold.h,
 4357       src/signature.h,
 4358       src/snort.c,
 4359       src/snort.h,
 4360       src/snort_debug.h,
 4361       src/spo_plugbase.h,
 4362       src/tag.c,
 4363       src/tag.h,
 4364       src/util.c,
 4365       src/util.h,
 4366       src/win32/WIN32-Code/getopt.c,
 4367       src/win32/WIN32-Code/inet_aton.c,
 4368       src/win32/WIN32-Code/misc.c,
 4369       src/win32/WIN32-Includes/config.h,
 4370       src/win32/WIN32-Includes/getopt.h,
 4371       src/win32/WIN32-Prj/snort_installer.nsi,
 4372       ssl/ssl_setup.c,
 4373       tools/control/sfcontrol.c:
 4374       Refactor SSL code to make a library for state processing across
 4375       non-native protocols that use SSL via STARTTLS. Update IMAP/POP/FTP/SSL
 4376       preprocessors to use new SSL library, and activation of PAF for those
 4377       protocols. Add ability to share basic state for SSL.
 4378 
 4379     * configure.in,
 4380       doc/README.session,
 4381       doc/README.stream5,
 4382       doc/snort_manual.pdf,
 4383       doc/snort_manual.tex,
 4384       dynamic-preprocessors/dns/spp_dns.c,
 4385       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 4386       dynamic-preprocessors/gtp/spp_gtp.c,
 4387       dynamic-preprocessors/imap/spp_imap.c,
 4388       dynamic-preprocessors/modbus/spp_modbus.c,
 4389       dynamic-preprocessors/pop/spp_pop.c,
 4390       dynamic-preprocessors/sip/spp_sip.c,
 4391       dynamic-preprocessors/smtp/spp_smtp.c,
 4392       dynamic-preprocessors/ssh/spp_ssh.c,
 4393       etc/sf_rule_options,
 4394       preprocessors/Session/session_common.c,
 4395       preprocessors/Session/session_common.h,
 4396       preprocessors/Session/session_expect.c,
 4397       preprocessors/Stream6/snort_stream_ip.c,
 4398       preprocessors/Stream6/snort_stream_tcp.c,
 4399       preprocessors/Stream6/snort_stream_tcp.h,
 4400       preprocessors/Stream6/snort_stream_udp.c,
 4401       preprocessors/Stream6/stream_common.h,
 4402       preprocessors/session_api.h,
 4403       preprocessors/snort_httpinspect.c,
 4404       preprocessors/spp_rpc_decode.c,
 4405       preprocessors/spp_session.c,
 4406       preprocessors/spp_stream6.c,
 4407       preprocessors/stream_api.h,
 4408       preprocids.h,
 4409       src/Makefile.am,
 4410       src/active.c,
 4411       src/active.h,
 4412       src/build.h,
 4413       src/detect.c,
 4414       src/detect.h,
 4415       src/detection-plugins/Makefile.am,
 4416       src/detection-plugins/sp_clientserver.c,
 4417       src/detection-plugins/sp_flowbits.c,
 4418       src/detection-plugins/sp_pattern_match.c,
 4419       src/detection-plugins/sp_pattern_match.h,
 4420       src/dynamic-examples/Makefile.am,
 4421       src/dynamic-examples/dynamic-preprocessor/spp_example.c,
 4422       src/dynamic-output/plugins/output_lib.h,
 4423       src/dynamic-output/plugins/output_plugin.c,
 4424       src/dynamic-plugins/sf_convert_dynamic.c,
 4425       src/dynamic-plugins/sf_dynamic_plugins.c,
 4426       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 4427       src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 4428       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 4429       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 4430       src/dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 4431       src/dynamic-plugins/sp_preprocopt.c,
 4432       src/dynamic-preprocessors/Makefile.am,
 4433       src/dynamic-preprocessors/dcerpc2/dce2_cl.c,
 4434       src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 4435       src/dynamic-preprocessors/dcerpc2/dce2_config.h,
 4436       src/dynamic-preprocessors/dcerpc2/dce2_paf.c,
 4437       src/dynamic-preprocessors/dcerpc2/dce2_roptions.c,
 4438       src/dynamic-preprocessors/dcerpc2/dce2_session.h,
 4439       src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
 4440       src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
 4441       src/dynamic-preprocessors/dcerpc2/snort_dce2.h,
 4442       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 4443       src/dynamic-preprocessors/dnp3/dnp3_roptions.c,
 4444       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 4445       src/dynamic-preprocessors/dnp3/spp_dnp3.h,
 4446       src/dynamic-preprocessors/dns/spp_dns.c,
 4447       src/dynamic-preprocessors/dns/spp_dns.h,
 4448       src/dynamic-preprocessors/file/file_agent.c,
 4449       src/dynamic-preprocessors/file/file_event_log.c,
 4450       src/dynamic-preprocessors/file/spp_file.c,
 4451       src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 4452       src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
 4453       src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 4454       src/dynamic-preprocessors/ftptelnet/pp_telnet.c,
 4455       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 4456       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 4457       src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 4458       src/dynamic-preprocessors/gtp/gtp_roptions.c,
 4459       src/dynamic-preprocessors/gtp/spp_gtp.c,
 4460       src/dynamic-preprocessors/imap/imap_config.c,
 4461       src/dynamic-preprocessors/imap/imap_config.h,
 4462       src/dynamic-preprocessors/imap/sf_imap.dsp,
 4463       src/dynamic-preprocessors/imap/snort_imap.c,
 4464       src/dynamic-preprocessors/imap/snort_imap.h,
 4465       src/dynamic-preprocessors/imap/spp_imap.c,
 4466       src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.dsp,
 4467       src/dynamic-preprocessors/modbus/modbus_decode.c,
 4468       src/dynamic-preprocessors/modbus/modbus_roptions.c,
 4469       src/dynamic-preprocessors/modbus/spp_modbus.c,
 4470       src/dynamic-preprocessors/modbus/spp_modbus.h,
 4471       src/dynamic-preprocessors/pop/pop_config.c,
 4472       src/dynamic-preprocessors/pop/pop_config.h,
 4473       src/dynamic-preprocessors/pop/pop_util.c,
 4474       src/dynamic-preprocessors/pop/sf_pop.dsp,
 4475       src/dynamic-preprocessors/pop/snort_pop.c,
 4476       src/dynamic-preprocessors/pop/snort_pop.h,
 4477       src/dynamic-preprocessors/pop/spp_pop.c,
 4478       src/dynamic-preprocessors/reputation/spp_reputation.c,
 4479       src/dynamic-preprocessors/sdf/spp_sdf.c,
 4480       src/dynamic-preprocessors/sip/sip_dialog.c,
 4481       src/dynamic-preprocessors/sip/sip_roptions.c,
 4482       src/dynamic-preprocessors/sip/spp_sip.c,
 4483       src/dynamic-preprocessors/smtp/sf_smtp.dsp,
 4484       src/dynamic-preprocessors/smtp/smtp_config.c,
 4485       src/dynamic-preprocessors/smtp/smtp_config.h,
 4486       src/dynamic-preprocessors/smtp/smtp_util.c,
 4487       src/dynamic-preprocessors/smtp/snort_smtp.c,
 4488       src/dynamic-preprocessors/smtp/spp_smtp.c,
 4489       src/dynamic-preprocessors/ssh/spp_ssh.c,
 4490       src/encode.c,
 4491       src/encode.h,
 4492       src/event_queue.c,
 4493       src/event_wrapper.c,
 4494       src/file-process/file_api.h,
 4495       src/file-process/file_mime_process.c,
 4496       src/file-process/file_mime_process.h,
 4497       src/file-process/file_service.c,
 4498       src/file-process/file_stats.c,
 4499       src/file-process/libs/file_config.c,
 4500       src/file-process/libs/file_config.h,
 4501       src/fpcreate.c,
 4502       src/fpdetect.c,
 4503       src/generators.h,
 4504       src/parser.c,
 4505       src/parser.h,
 4506       src/plugbase.c,
 4507       src/plugbase.h,
 4508       src/ppm.c,
 4509       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 4510       src/preprocessors/HttpInspect/session_inspection/hi_si.c,
 4511       src/preprocessors/Makefile.am,
 4512       src/preprocessors/Session/Makefile.am,
 4513       src/preprocessors/Session/session_common.c,
 4514       src/preprocessors/Session/session_common.h,
 4515       src/preprocessors/Session/session_expect.c,
 4516       src/preprocessors/Session/session_expect.h,
 4517       src/preprocessors/Session/snort_session.c,
 4518       src/preprocessors/Session/snort_session.h,
 4519       src/preprocessors/Session/stream5_ha.c,
 4520       src/preprocessors/Session/stream5_ha.h,
 4521       src/preprocessors/Stream6/Makefile.am,
 4522       src/preprocessors/Stream6/snort_stream_icmp.c,
 4523       src/preprocessors/Stream6/snort_stream_icmp.h,
 4524       src/preprocessors/Stream6/snort_stream_ip.c,
 4525       src/preprocessors/Stream6/snort_stream_ip.h,
 4526       src/preprocessors/Stream6/snort_stream_tcp.c,
 4527       src/preprocessors/Stream6/snort_stream_tcp.h,
 4528       src/preprocessors/Stream6/snort_stream_udp.c,
 4529       src/preprocessors/Stream6/snort_stream_udp.h,
 4530       src/preprocessors/Stream6/stream_common.c,
 4531       src/preprocessors/Stream6/stream_common.h,
 4532       src/preprocessors/Stream6/stream_paf.c,
 4533       src/preprocessors/Stream6/stream_paf.h,
 4534       src/preprocessors/perf-base.c,
 4535       src/preprocessors/portscan.c,
 4536       src/preprocessors/session_api.c,
 4537       src/preprocessors/session_api.h,
 4538       src/preprocessors/snort_httpinspect.c,
 4539       src/preprocessors/snort_httpinspect.h,
 4540       src/preprocessors/spp_arpspoof.c,
 4541       src/preprocessors/spp_bo.c,
 4542       src/preprocessors/spp_frag3.c,
 4543       src/preprocessors/spp_httpinspect.c,
 4544       src/preprocessors/spp_normalize.c,
 4545       src/preprocessors/spp_perfmonitor.c,
 4546       src/preprocessors/spp_rpc_decode.c,
 4547       src/preprocessors/spp_session.c, 
 4548       src/preprocessors/spp_session.h,
 4549       src/preprocessors/spp_sfportscan.c,
 4550       src/preprocessors/spp_stream5.c,
 4551       src/preprocessors/spp_stream5.h,
 4552       src/preprocessors/spp_stream6.c,
 4553       src/preprocessors/spp_stream6.h,
 4554       src/preprocessors/stream_api.h,
 4555       src/preprocessors/stream_expect.c,
 4556       src/preprocessors/stream_expect.h,
 4557       src/preprocids.h,
 4558       src/sf_sdlist.c,
 4559       src/sf_sdlist.h,
 4560       src/sfdaq.c,
 4561       src/sfdaq.h,
 4562       src/sfutil/sfPolicy.c,
 4563       src/sfutil/sfPolicy.h,
 4564       src/sfutil/sfPolicyData.h,
 4565       src/sfutil/sfPolicyUserData.h,
 4566       src/sfutil/sf_email_attach_decode.h,
 4567       src/sfutil/sfrf.c,
 4568       src/sfutil/sfthd.c,
 4569       src/sfutil/test/sf_ip_test.c,
 4570       src/snort.c,
 4571       src/snort.h,
 4572       src/target-based/sftarget_protocol_reference.c,
 4573       src/target-based/sftarget_reader.c,
 4574       src/target-based/sftarget_reader.h,
 4575       src/util.c,
 4576       src/win32/WIN32-Prj/snort.dsp,
 4577       tools/Makefile.a:
 4578       Split the session tracking and reassembly functionality of Stream5
 4579       into new Session and Stream preprocessors.
 4580 
 4581     * configure.in,
 4582       doc/INSTALL,
 4583       doc/Makefile.am,
 4584       doc/README.appid,
 4585       doc/snort_manual.tex,
 4586       src/detect.c,
 4587       src/detection-plugins/Makefile.am,
 4588       src/detection-plugins/detection_options.c,
 4589       src/detection-plugins/sp_appid.c,
 4590       src/detection-plugins/sp_appid.h
 4591       src/dynamic-plugins/sf_dynamic_common.h,
 4592       src/dynamic-plugins/sf_dynamic_define.h,
 4593       src/dynamic-plugins/sf_dynamic_meta.h,
 4594       src/dynamic-plugins/sf_dynamic_plugins.c,
 4595       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 4596       src/dynamic-plugins/sf_engine/Makefile.am,
 4597       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 4598       src/dynamic-preprocessors/Makefile.am
 4599       src/dynamic-preprocessors/Makefile.am,
 4600       src/dynamic-preprocessors/appid/Makefile.am,
 4601       src/dynamic-preprocessors/appid/appId.h,
 4602       src/dynamic-preprocessors/appid/appIdConfig.c,
 4603       src/dynamic-preprocessors/appid/appIdConfig.h,
 4604       src/dynamic-preprocessors/appid/appIdStats.c,
 4605       src/dynamic-preprocessors/appid/appIdStats.h,
 4606       src/dynamic-preprocessors/appid/appInfoTable.c,
 4607       src/dynamic-preprocessors/appid/appInfoTable.h,
 4608       src/dynamic-preprocessors/appid/attribute.h,
 4609       src/dynamic-preprocessors/appid/client_plugins/Makefile.am,
 4610       src/dynamic-preprocessors/appid/client_plugins/client_app_aim.c,
 4611       src/dynamic-preprocessors/appid/client_plugins/client_app_aim.h,
 4612       src/dynamic-preprocessors/appid/client_plugins/client_app_api.h,
 4613       src/dynamic-preprocessors/appid/client_plugins/client_app_base.c,
 4614       src/dynamic-preprocessors/appid/client_plugins/client_app_base.h,
 4615       src/dynamic-preprocessors/appid/client_plugins/client_app_bit.c,
 4616       src/dynamic-preprocessors/appid/client_plugins/client_app_bit_tracker.c,
 4617       src/dynamic-preprocessors/appid/client_plugins/client_app_msn.c,
 4618       src/dynamic-preprocessors/appid/client_plugins/client_app_msn.h,
 4619       src/dynamic-preprocessors/appid/client_plugins/client_app_rtp.c,
 4620       src/dynamic-preprocessors/appid/client_plugins/client_app_sip.c,
 4621       src/dynamic-preprocessors/appid/client_plugins/client_app_sip.h,
 4622       src/dynamic-preprocessors/appid/client_plugins/client_app_smtp.c,
 4623       src/dynamic-preprocessors/appid/client_plugins/client_app_smtp.h,
 4624       src/dynamic-preprocessors/appid/client_plugins/client_app_ssh.c,
 4625       src/dynamic-preprocessors/appid/client_plugins/client_app_template.c,
 4626       src/dynamic-preprocessors/appid/client_plugins/client_app_timbuktu.c,
 4627       src/dynamic-preprocessors/appid/client_plugins/client_app_tns.c,
 4628       src/dynamic-preprocessors/appid/client_plugins/client_app_vnc.c,
 4629       src/dynamic-preprocessors/appid/client_plugins/client_app_ym.c,
 4630       src/dynamic-preprocessors/appid/client_plugins/client_app_ym.h,
 4631       src/dynamic-preprocessors/appid/commonAppMatcher.c,
 4632       src/dynamic-preprocessors/appid/commonAppMatcher.h,
 4633       src/dynamic-preprocessors/appid/detector_plugins/Makefile.am,
 4634       src/dynamic-preprocessors/appid/detector_plugins/detector_api.h,
 4635       src/dynamic-preprocessors/appid/detector_plugins/detector_base.c,
 4636       src/dynamic-preprocessors/appid/detector_plugins/detector_base.h,
 4637       src/dynamic-preprocessors/appid/detector_plugins/detector_http.c,
 4638       src/dynamic-preprocessors/appid/detector_plugins/detector_http.h,
 4639       src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
 4640       src/dynamic-preprocessors/appid/detector_plugins/detector_kerberos.c,
 4641       src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
 4642       src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c,
 4643       src/dynamic-preprocessors/appid/detector_plugins/detector_sip.h,
 4644       src/dynamic-preprocessors/appid/detector_plugins/http_url_patterns.c,
 4645       src/dynamic-preprocessors/appid/detector_plugins/http_url_patterns.h,
 4646       src/dynamic-preprocessors/appid/diffScript.sh,
 4647       src/dynamic-preprocessors/appid/doxy_api.c,
 4648       src/dynamic-preprocessors/appid/flow.c,
 4649       src/dynamic-preprocessors/appid/flow.h,
 4650       src/dynamic-preprocessors/appid/flow_error.h,
 4651       src/dynamic-preprocessors/appid/fw_appid.c,
 4652       src/dynamic-preprocessors/appid/fw_appid.h,
 4653       src/dynamic-preprocessors/appid/hostPortAppCache.c,
 4654       src/dynamic-preprocessors/appid/hostPortAppCache.h,
 4655       src/dynamic-preprocessors/appid/host_tracker.h,
 4656       src/dynamic-preprocessors/appid/httpCommon.h,
 4657       src/dynamic-preprocessors/appid/luaDetectorApi.c,
 4658       src/dynamic-preprocessors/appid/luaDetectorApi.h,
 4659       src/dynamic-preprocessors/appid/luaDetectorFlowApi.c,
 4660       src/dynamic-preprocessors/appid/luaDetectorFlowApi.h,
 4661       src/dynamic-preprocessors/appid/luaDetectorModule.c,
 4662       src/dynamic-preprocessors/appid/luaDetectorModule.h,
 4663       src/dynamic-preprocessors/appid/rna_flow.h,
 4664       src/dynamic-preprocessors/appid/service_plugins/Makefile.am,
 4665       src/dynamic-preprocessors/appid/service_plugins/dcerpc.c,
 4666       src/dynamic-preprocessors/appid/service_plugins/dcerpc.h,
 4667       src/dynamic-preprocessors/appid/service_plugins/service_MDNS.c,
 4668       src/dynamic-preprocessors/appid/service_plugins/service_MDNS.h,
 4669       src/dynamic-preprocessors/appid/service_plugins/service_api.h,
 4670       src/dynamic-preprocessors/appid/service_plugins/service_base.c,
 4671       src/dynamic-preprocessors/appid/service_plugins/service_base.h,
 4672       src/dynamic-preprocessors/appid/service_plugins/service_battle_field.c,
 4673       src/dynamic-preprocessors/appid/service_plugins/service_battle_field.h,
 4674       src/dynamic-preprocessors/appid/service_plugins/service_bgp.c,
 4675       src/dynamic-preprocessors/appid/service_plugins/service_bgp.h,
 4676       src/dynamic-preprocessors/appid/service_plugins/service_bit.c,
 4677       src/dynamic-preprocessors/appid/service_plugins/service_bootp.c,
 4678       src/dynamic-preprocessors/appid/service_plugins/service_bootp.h,
 4679       src/dynamic-preprocessors/appid/service_plugins/service_dcerpc.c,
 4680       src/dynamic-preprocessors/appid/service_plugins/service_dcerpc.h,
 4681       src/dynamic-preprocessors/appid/service_plugins/service_direct_connect.c,
 4682       src/dynamic-preprocessors/appid/service_plugins/service_direct_connect.h,
 4683       src/dynamic-preprocessors/appid/service_plugins/service_dns.c,
 4684       src/dynamic-preprocessors/appid/service_plugins/service_dns.h,
 4685       src/dynamic-preprocessors/appid/service_plugins/service_flap.c,
 4686       src/dynamic-preprocessors/appid/service_plugins/service_flap.h,
 4687       src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
 4688       src/dynamic-preprocessors/appid/service_plugins/service_ftp.h,
 4689       src/dynamic-preprocessors/appid/service_plugins/service_irc.c,
 4690       src/dynamic-preprocessors/appid/service_plugins/service_irc.h,
 4691       src/dynamic-preprocessors/appid/service_plugins/service_lpr.c,
 4692       src/dynamic-preprocessors/appid/service_plugins/service_lpr.h,
 4693       src/dynamic-preprocessors/appid/service_plugins/service_mysql.c,
 4694       src/dynamic-preprocessors/appid/service_plugins/service_mysql.h,
 4695       src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
 4696       src/dynamic-preprocessors/appid/service_plugins/service_netbios.h,
 4697       src/dynamic-preprocessors/appid/service_plugins/service_nntp.c,
 4698       src/dynamic-preprocessors/appid/service_plugins/service_nntp.h,
 4699       src/dynamic-preprocessors/appid/service_plugins/service_ntp.c,
 4700       src/dynamic-preprocessors/appid/service_plugins/service_ntp.h,
 4701       src/dynamic-preprocessors/appid/service_plugins/service_pattern.c,
 4702       src/dynamic-preprocessors/appid/service_plugins/service_pattern.h,
 4703       src/dynamic-preprocessors/appid/service_plugins/service_radius.c,
 4704       src/dynamic-preprocessors/appid/service_plugins/service_radius.h,
 4705       src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
 4706       src/dynamic-preprocessors/appid/service_plugins/service_rexec.h,
 4707       src/dynamic-preprocessors/appid/service_plugins/service_rfb.c,
 4708       src/dynamic-preprocessors/appid/service_plugins/service_rfb.h,
 4709       src/dynamic-preprocessors/appid/service_plugins/service_rlogin.c,
 4710       src/dynamic-preprocessors/appid/service_plugins/service_rlogin.h,
 4711       src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
 4712       src/dynamic-preprocessors/appid/service_plugins/service_rpc.h,
 4713       src/dynamic-preprocessors/appid/service_plugins/service_rshell.c,
 4714       src/dynamic-preprocessors/appid/service_plugins/service_rshell.h,
 4715       src/dynamic-preprocessors/appid/service_plugins/service_rsync.c,
 4716       src/dynamic-preprocessors/appid/service_plugins/service_rsync.h,
 4717       src/dynamic-preprocessors/appid/service_plugins/service_sip.c,
 4718       src/dynamic-preprocessors/appid/service_plugins/service_sip.h,
 4719       src/dynamic-preprocessors/appid/service_plugins/service_smtp.c,
 4720       src/dynamic-preprocessors/appid/service_plugins/service_smtp.h,
 4721       src/dynamic-preprocessors/appid/service_plugins/service_snmp.c,
 4722       src/dynamic-preprocessors/appid/service_plugins/service_snmp.h,
 4723       src/dynamic-preprocessors/appid/service_plugins/service_ssh.c,
 4724       src/dynamic-preprocessors/appid/service_plugins/service_ssh.h,
 4725       src/dynamic-preprocessors/appid/service_plugins/service_ssl.c,
 4726       src/dynamic-preprocessors/appid/service_plugins/service_ssl.h,
 4727       src/dynamic-preprocessors/appid/service_plugins/service_telnet.c,
 4728       src/dynamic-preprocessors/appid/service_plugins/service_telnet.h,
 4729       src/dynamic-preprocessors/appid/service_plugins/service_template.c,
 4730       src/dynamic-preprocessors/appid/service_plugins/service_tftp.c,
 4731       src/dynamic-preprocessors/appid/service_plugins/service_tftp.h,
 4732       src/dynamic-preprocessors/appid/service_plugins/service_timbuktu.c,
 4733       src/dynamic-preprocessors/appid/service_plugins/service_tns.c,
 4734       src/dynamic-preprocessors/appid/service_plugins/service_util.h,
 4735       src/dynamic-preprocessors/appid/service_state.c,
 4736       src/dynamic-preprocessors/appid/service_state.h,
 4737       src/dynamic-preprocessors/appid/spp_appid.c,
 4738       src/dynamic-preprocessors/appid/spp_appid.h,
 4739       src/dynamic-preprocessors/appid/tools/u2openappid/Makefile.am,
 4740       src/dynamic-preprocessors/appid/tools/u2streamer/Makefile.am,
 4741       src/dynamic-preprocessors/appid/util/Makefile.am,
 4742       src/dynamic-preprocessors/appid/util/OutputFile.c,
 4743       src/dynamic-preprocessors/appid/util/OutputFile.h,
 4744       src/dynamic-preprocessors/appid/util/acsmx.c,
 4745       src/dynamic-preprocessors/appid/util/acsmx.h,
 4746       src/dynamic-preprocessors/appid/util/acsmx2.c,
 4747       src/dynamic-preprocessors/appid/util/acsmx2.h,
 4748       src/dynamic-preprocessors/appid/util/bnfa_search.c,
 4749       src/dynamic-preprocessors/appid/util/bnfa_search.h,
 4750       src/dynamic-preprocessors/appid/util/common_util.h,
 4751       src/dynamic-preprocessors/appid/util/fw_avltree.c,
 4752       src/dynamic-preprocessors/appid/util/fw_avltree.h,
 4753       src/dynamic-preprocessors/appid/util/ip_funcs.h,
 4754       src/dynamic-preprocessors/appid/util/mpse.c,
 4755       src/dynamic-preprocessors/appid/util/mpse.h,
 4756       src/dynamic-preprocessors/appid/util/sf_error.h,
 4757       src/dynamic-preprocessors/appid/util/sf_mlmp.c,
 4758       src/dynamic-preprocessors/appid/util/sf_mlmp.h,
 4759       src/dynamic-preprocessors/appid/util/sf_multi_mpse.c,
 4760       src/dynamic-preprocessors/appid/util/sf_multi_mpse.h,
 4761       src/dynamic-preprocessors/appid/util/sfghash.c,
 4762       src/dynamic-preprocessors/appid/util/sfghash.h,
 4763       src/dynamic-preprocessors/appid/util/sfhashfcn.c,
 4764       src/dynamic-preprocessors/appid/util/sfhashfcn.h,
 4765       src/dynamic-preprocessors/appid/util/sfksearch.c,
 4766       src/dynamic-preprocessors/appid/util/sfksearch.h,
 4767       src/dynamic-preprocessors/appid/util/sflsq.c,
 4768       src/dynamic-preprocessors/appid/util/sflsq.h,
 4769       src/dynamic-preprocessors/appid/util/sfmemcap.c,
 4770       src/dynamic-preprocessors/appid/util/sfmemcap.h,
 4771       src/dynamic-preprocessors/appid/util/sfutil.c,
 4772       src/dynamic-preprocessors/appid/util/sfutil.h,
 4773       src/dynamic-preprocessors/appid/util/sfxhash.c,
 4774       src/dynamic-preprocessors/appid/util/sfxhash.h,
 4775       src/dynamic-preprocessors/file/file_agent.c,
 4776       src/dynamic-preprocessors/imap/spp_imap.c,
 4777       src/event.h,
 4778       src/event_wrapper.c,
 4779       src/file-process/file_service.c,
 4780       src/file-process/file_stats.c,
 4781       src/file-process/file_stats.h,
 4782       src/log.c,
 4783       src/log.h,
 4784       src/output-plugins/spo_alert_unixsock.c,
 4785       src/output-plugins/spo_unified2.c,
 4786       src/plugbase.c,
 4787       src/plugin_enum.h,
 4788       src/ppm.c,
 4789       src/preprocessors/HttpInspect/client/hi_client.c,
 4790       src/preprocessors/HttpInspect/include/hi_client.h,
 4791       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 4792       src/preprocessors/HttpInspect/include/hi_util.h,
 4793       src/preprocessors/HttpInspect/server/hi_server.c,
 4794       src/preprocessors/perf-base.c,
 4795       src/preprocessors/snort_httpinspect.c,
 4796       src/preprocessors/spp_httpinspect.c,
 4797       src/preprocessors/spp_sfportscan.c,
 4798       src/preprocessors/spp_stream5.c,
 4799       src/preprocessors/str_search.c,
 4800       src/preprocessors/str_search.h,
 4801       src/preprocessors/stream_api.h,
 4802       src/preprocids.h,
 4803       src/rule_option_types.h,
 4804       src/sf_protocols.h,
 4805       src/sfutil/Makefile.am,
 4806       src/sfutil/Unified2_common.h,
 4807       src/sfutil/acsmx.c,
 4808       src/sfutil/acsmx2.c,
 4809       src/sfutil/bnfa_search.c,
 4810       src/sfutil/mpse.c,
 4811       src/sfutil/mpse.h,
 4812       src/sfutil/mpse_methods.h,
 4813       src/sfutil/sfPolicy.h,
 4814       src/sfutil/sf_ip.h,
 4815       src/sfutil/sfdebug.h,
 4816       src/sfutil/sfghash.c,
 4817       src/sfutil/sfghash.h,
 4818       src/sfutil/sfhashfcn.c,
 4819       src/sfutil/sfksearch.c,
 4820       src/sfutil/sflsq.c,
 4821       src/sfutil/sflsq.h,
 4822       src/sfutil/sfmemcap.c,
 4823       src/sfutil/sfrt.h,
 4824       src/sfutil/sfxhash.c,
 4825       src/sfutil/sfxhash.h,
 4826       src/signature.h,
 4827       src/snort.c,
 4828       src/snort.h,
 4829       src/snort_debug.h,
 4830       src/tag.c,
 4831       src/target-based/sftarget_protocol_reference.c,
 4832       src/target-based/sftarget_protocol_reference.h,
 4833       src/util.c,
 4834       tools/Makefile.am,
 4835       tools/file_server/file_server.c,
 4836       tools/u2openappid/Makefile.am,
 4837       tools/u2openappid/u2openappid.c,
 4838       tools/u2spewfoo/u2spewfoo.c
 4839       tools/u2spewfoo/u2spewfoo.c,
 4840       tools/u2streamer/Makefile.am,
 4841       tools/u2streamer/SpoolFileIterator.c,
 4842       tools/u2streamer/SpoolFileIterator.h,
 4843       tools/u2streamer/TimestampedFile.c,
 4844       tools/u2streamer/TimestampedFile.h,
 4845       tools/u2streamer/Unified2.c,
 4846       tools/u2streamer/Unified2.h,
 4847       tools/u2streamer/Unified2File.c,
 4848       tools/u2streamer/Unified2File.h,
 4849       tools/u2streamer/UnifiedLog.c,
 4850       tools/u2streamer/UnifiedLog.h,
 4851       tools/u2streamer/sf_error.c,
 4852       tools/u2streamer/sf_error.h,
 4853       src/dynamic-preprocessors/appid/util/common_util.c,
 4854       tools/u2streamer/u2streamer.c:
 4855       Improved support for AppID preprocessor.
 4856       Removed Lua dependency in favor of LuaJIT.
 4857       Fixed appid with Lua/LuaBitOp (no LuaJIT), support FreeBSD
 4858       Fixed OpenBSD, FreeBSD openAppId support, Removed support for Lua
 4859       Added metadata extraction to SSL for AppID. Changed some Lua API names.
 4860       Refactored to use common data structures.
 4861       Fixed return value checks for fseek(), strdup, malloc(), and stat()
 4862       and removed deprecated library calls (Thanks to Bill Parker for
 4863       reporting the issues).
 4864 
 4865 2014-02-21 Steven Sturges <ssturges@sourcefire.com>
 4866 	* configure.in, src/detect.c, src/event.h, src/event_wrapper.c,
 4867 	  src/log.c, src/log.h, src/plugbase.c, src/plugin_enum.h,
 4868 	  src/ppm.c, src/preprocids.h, src/rule_option_types.h,
 4869 	  src/sf_protocols.h, src/signature.h, src/snort.c, src/snort.h,
 4870 	  src/snort_debug.h, src/tag.c, src/detection-plugins/Makefile.am,
 4871 	  src/detection-plugins/detection_options.c,
 4872 	  src/dynamic-plugins/sf_dynamic_common.h,
 4873 	  src/dynamic-plugins/sf_dynamic_define.h,
 4874 	  src/dynamic-plugins/sf_dynamic_meta.h,
 4875 	  src/dynamic-plugins/sf_dynamic_plugins.c,
 4876 	  src/dynamic-plugins/sf_dynamic_preprocessor.h,
 4877 	  src/dynamic-plugins/sf_engine/Makefile.am,
 4878 	  src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 4879 	  src/dynamic-preprocessors/Makefile.am,
 4880 	  src/output-plugins/spo_alert_unixsock.c,
 4881 	  src/output-plugins/spo_unified2.c,
 4882 	  src/preprocessors/snort_httpinspect.c,
 4883 	  src/preprocessors/spp_httpinspect.c,
 4884 	  src/preprocessors/spp_sfportscan.c,
 4885 	  src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 4886 	  src/preprocessors/HttpInspect/client/hi_client.c,
 4887 	  src/preprocessors/HttpInspect/include/hi_client.h,
 4888 	  src/preprocessors/HttpInspect/include/hi_ui_config.h,
 4889 	  src/preprocessors/HttpInspect/include/hi_util.h,
 4890 	  src/preprocessors/HttpInspect/server/hi_server.c,
 4891 	  src/preprocessors/Stream5/stream5_common.h,
 4892 	  src/sfutil/Unified2_common.h, src/sfutil/sfPolicy.h,
 4893 	  src/sfutil/sf_ip.h, src/sfutil/sfrt.h,
 4894 	  src/target-based/sftarget_protocol_reference.c,
 4895 	  src/target-based/sftarget_protocol_reference.h,
 4896 	  tools/Makefile.am, tools/u2spewfoo/u2spewfoo.c,
 4897 	  tools/: Makefile.am, u2spewfoo/u2spewfoo.c,
 4898 	  u2openappid/Makefile.am, u2openappid/u2openappid.c,
 4899 	  u2streamer/Makefile.am, u2streamer/SpoolFileIterator.c,
 4900 	  u2streamer/SpoolFileIterator.h, u2streamer/TimestampedFile.c,
 4901 	  u2streamer/TimestampedFile.h, u2streamer/Unified2.c,
 4902 	  u2streamer/Unified2.h, u2streamer/Unified2File.c,
 4903 	  u2streamer/Unified2File.h, u2streamer/UnifiedLog.c,
 4904 	  u2streamer/UnifiedLog.h, u2streamer/sf_error.c,
 4905 	  u2streamer/sf_error.h, u2streamer/u2streamer.c,
 4906 	  src/dynamic-preprocessors/appid/: Makefile.am, appId.h,
 4907 	  appIdConfig.c, appIdConfig.h, appIdStats.c, appIdStats.h,
 4908 	  appInfoTable.c, appInfoTable.h, attribute.h, commonAppMatcher.c,
 4909 	  commonAppMatcher.h, diffScript.sh, doxy_api.c, flow.c, flow.h,
 4910 	  flow_error.h, fw_appid.c, fw_appid.h, hostPortAppCache.c,
 4911 	  hostPortAppCache.h, host_tracker.h, httpCommon.h,
 4912 	  luaDetectorApi.c, luaDetectorApi.h, luaDetectorFlowApi.c,
 4913 	  luaDetectorFlowApi.h, luaDetectorModule.c, luaDetectorModule.h,
 4914 	  rna_flow.h, service_state.c, service_state.h, spp_appid.c,
 4915 	  spp_appid.h, detector_plugins/Makefile.am,
 4916 	  detector_plugins/detector_api.h,
 4917 	  detector_plugins/detector_base.c,
 4918 	  detector_plugins/detector_base.h,
 4919 	  detector_plugins/detector_imap.c,
 4920 	  detector_plugins/detector_kerberos.c,
 4921 	  detector_plugins/detector_pop3.c,
 4922 	  detector_plugins/detector_http.c,
 4923 	  detector_plugins/detector_http.h,
 4924 	  detector_plugins/http_url_patterns.c,
 4925 	  detector_plugins/http_url_patterns.h,
 4926 	  util/Makefile.am, util/OutputFile.c, util/OutputFile.h,
 4927 	  util/acsmx.c, util/acsmx.h, util/acsmx2.c, util/acsmx2.h,
 4928 	  util/bnfa_search.c, util/bnfa_search.h, util/common_util.h,
 4929 	  util/fw_avltree.c, util/fw_avltree.h, util/ip_funcs.h,
 4930 	  util/mpse.c, util/mpse.h, util/sf_error.h, util/sf_mlmp.c,
 4931 	  util/sf_mlmp.h, util/sf_multi_mpse.c, util/sf_multi_mpse.h,
 4932 	  util/sfghash.c, util/sfghash.h, util/sfhashfcn.c,
 4933 	  util/sfhashfcn.h, util/sfksearch.c, util/sfksearch.h,
 4934 	  util/sflsq.c, util/sflsq.h, util/sfmemcap.c, util/sfmemcap.h,
 4935 	  util/sfutil.c, util/sfutil.h, util/sfxhash.c, util/sfxhash.h,
 4936 	  client_plugins/Makefile.am, client_plugins/client_app_aim.c,
 4937 	  client_plugins/client_app_aim.h, client_plugins/client_app_api.h,
 4938 	  client_plugins/client_app_base.c,
 4939 	  client_plugins/client_app_base.h,
 4940 	  client_plugins/client_app_bit.c,
 4941 	  client_plugins/client_app_bit_tracker.c,
 4942 	  client_plugins/client_app_msn.c, client_plugins/client_app_msn.h,
 4943 	  client_plugins/client_app_rtp.c, client_plugins/client_app_sip.c,
 4944 	  client_plugins/client_app_sip.h,
 4945 	  client_plugins/client_app_smtp.c,
 4946 	  client_plugins/client_app_smtp.h,
 4947 	  client_plugins/client_app_ssh.c,
 4948 	  client_plugins/client_app_template.c,
 4949 	  client_plugins/client_app_timbuktu.c,
 4950 	  client_plugins/client_app_tns.c, client_plugins/client_app_vnc.c,
 4951 	  client_plugins/client_app_ym.c, client_plugins/client_app_ym.h,
 4952 	  service_plugins/Makefile.am, service_plugins/dcerpc.c,
 4953 	  service_plugins/dcerpc.h, service_plugins/service_MDNS.c,
 4954 	  service_plugins/service_MDNS.h, service_plugins/service_api.h,
 4955 	  service_plugins/service_base.c, service_plugins/service_base.h,
 4956 	  service_plugins/service_battle_field.c,
 4957 	  service_plugins/service_battle_field.h,
 4958 	  service_plugins/service_bgp.c, service_plugins/service_bgp.h,
 4959 	  service_plugins/service_bit.c, service_plugins/service_bootp.c,
 4960 	  service_plugins/service_bootp.h,
 4961 	  service_plugins/service_dcerpc.c,
 4962 	  service_plugins/service_dcerpc.h,
 4963 	  service_plugins/service_direct_connect.c,
 4964 	  service_plugins/service_direct_connect.h,
 4965 	  service_plugins/service_dns.c, service_plugins/service_dns.h,
 4966 	  service_plugins/service_flap.c, service_plugins/service_flap.h,
 4967 	  service_plugins/service_ftp.c, service_plugins/service_ftp.h,
 4968 	  service_plugins/service_irc.c, service_plugins/service_irc.h,
 4969 	  service_plugins/service_lpr.c, service_plugins/service_lpr.h,
 4970 	  service_plugins/service_mysql.c, service_plugins/service_mysql.h,
 4971 	  service_plugins/service_netbios.c,
 4972 	  service_plugins/service_netbios.h,
 4973 	  service_plugins/service_nntp.c, service_plugins/service_nntp.h,
 4974 	  service_plugins/service_ntp.c, service_plugins/service_ntp.h,
 4975 	  service_plugins/service_pattern.c,
 4976 	  service_plugins/service_pattern.h,
 4977 	  service_plugins/service_radius.c,
 4978 	  service_plugins/service_radius.h,
 4979 	  service_plugins/service_rexec.c, service_plugins/service_rexec.h,
 4980 	  service_plugins/service_rfb.c, service_plugins/service_rfb.h,
 4981 	  service_plugins/service_rlogin.c,
 4982 	  service_plugins/service_rlogin.h, service_plugins/service_rpc.c,
 4983 	  service_plugins/service_rpc.h, service_plugins/service_rshell.c,
 4984 	  service_plugins/service_rshell.h,
 4985 	  service_plugins/service_rsync.c, service_plugins/service_rsync.h,
 4986 	  service_plugins/service_sip.c, service_plugins/service_sip.h,
 4987 	  service_plugins/service_smtp.c, service_plugins/service_smtp.h,
 4988 	  service_plugins/service_snmp.c, service_plugins/service_snmp.h,
 4989 	  service_plugins/service_ssh.c, service_plugins/service_ssh.h,
 4990 	  service_plugins/service_ssl.c, service_plugins/service_ssl.h,
 4991 	  service_plugins/service_telnet.c,
 4992 	  service_plugins/service_telnet.h,
 4993 	  service_plugins/service_template.c,
 4994 	  service_plugins/service_tftp.c, service_plugins/service_tftp.h,
 4995 	  service_plugins/service_timbuktu.c,
 4996 	  service_plugins/service_tns.c, service_plugins/service_util.h,
 4997 	  src/detection-plugins/: sp_appid.c, sp_appid.h,
 4998 	  doc/README.appid:
 4999 	  New Open App ID feature to identify application protocol, client,
 5000 	  server, and web application and be able to leverage that within
 5001 	  Snort rules.
 5002 
 5003 2014-02-19 Steven Sturges <ssturges@sourcefire.com>
 5004     * doc/snort_manual.pdf, doc/snort_manual.tex, src/active.c,
 5005       src/active.h, src/encode.h, src/detection-plugins/sp_react.c:
 5006       Added Active_SendBigData to active.c for sending multi-packet react
 5007       pages. Modified react.c to use Active_SendBigData to allow payload
 5008       that spans a single TCP packet (1500+ bytes).
 5009 
 5010     * src/: preprocessors/Stream5/snort_stream5_tcp.c,
 5011       preprocessors/Stream5/stream5_paf.c,
 5012       preprocessors/Stream5/stream5_paf.h,
 5013       dynamic-preprocessors/pop/Makefile.am,
 5014       dynamic-preprocessors/pop/pop_config.c,
 5015       dynamic-preprocessors/pop/pop_config.h,
 5016       dynamic-preprocessors/pop/pop_log.c,
 5017       dynamic-preprocessors/pop/pop_log.h,
 5018       dynamic-preprocessors/pop/pop_paf.c,
 5019       dynamic-preprocessors/pop/pop_paf.h,
 5020       dynamic-preprocessors/pop/pop_util.c,
 5021       dynamic-preprocessors/pop/sf_pop.dsp,
 5022       dynamic-preprocessors/pop/snort_pop.c,
 5023       dynamic-preprocessors/pop/snort_pop.h,
 5024       dynamic-preprocessors/pop/spp_pop.c,
 5025       dynamic-preprocessors/smtp/Makefile.am,
 5026       dynamic-preprocessors/smtp/sf_smtp.dsp,
 5027       dynamic-preprocessors/smtp/smtp_config.c,
 5028       dynamic-preprocessors/smtp/smtp_config.h,
 5029       dynamic-preprocessors/smtp/smtp_log.c,
 5030       dynamic-preprocessors/smtp/smtp_log.h,
 5031       dynamic-preprocessors/smtp/smtp_paf.c,
 5032       dynamic-preprocessors/smtp/smtp_paf.h,
 5033       dynamic-preprocessors/smtp/smtp_util.c,
 5034       dynamic-preprocessors/smtp/smtp_util.h,
 5035       dynamic-preprocessors/smtp/snort_smtp.c,
 5036       dynamic-preprocessors/smtp/snort_smtp.h,
 5037       dynamic-preprocessors/smtp/spp_smtp.c, file-process/Makefile.am,
 5038       file-process/file_api.h, file-process/file_mail_common.h,
 5039       file-process/file_mime_config.c, file-process/file_mime_config.h,
 5040       file-process/file_mime_process.c,
 5041       file-process/file_mime_process.h, file-process/file_service.c,
 5042       dynamic-preprocessors/imap/Makefile.am,
 5043       dynamic-preprocessors/imap/imap_config.c,
 5044       dynamic-preprocessors/imap/imap_config.h,
 5045       dynamic-preprocessors/imap/imap_log.c,
 5046       dynamic-preprocessors/imap/imap_log.h,
 5047       dynamic-preprocessors/imap/imap_paf.c,
 5048       dynamic-preprocessors/imap/imap_paf.h,
 5049       dynamic-preprocessors/imap/imap_util.c,
 5050       dynamic-preprocessors/imap/sf_imap.dsp,
 5051       dynamic-preprocessors/imap/snort_imap.c,
 5052       dynamic-preprocessors/imap/snort_imap.h,
 5053       dynamic-preprocessors/imap/spp_imap.c,
 5054       preprocessors/snort_httpinspect.c, preprocessors/stream_api.h,
 5055       preprocessors/HttpInspect/include/hi_ui_config.h,
 5056       sfutil/sf_email_attach_decode.h,
 5057       dynamic-preprocessors/Makefile.am,
 5058       dynamic-preprocessors/file/file_agent.c: 
 5059       add paf support to smtp/impa/pop protocols.
 5060 
 5061     * src/dynamic-preprocessors/ssh/spp_ssh.c: 
 5062       count the max_client_bytes once the session is encrypted. Fix the
 5063       ProcessSSHKeyExchange to parse server new keys
 5064 
 5065     * src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c: 
 5066       Fix ftp-data perfstats profiling.  
 5067 
 5068     * configure.in, src/decode.h, src/sfdaq.c, src/sfdaq.h,
 5069       src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 5070       src/dynamic-preprocessors/sip/sip_dialog.c,
 5071       src/dynamic-preprocessors/ssh/spp_ssh.c,
 5072       src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 5073       src/preprocessors/stream_expect.c,
 5074       src/preprocessors/stream_expect.h: 
 5075       Add ability to specify details about dynamic protocols/data channels
 5076       via DAQ.
 5077 
 5078     * src/preprocessors/Stream5/snort_stream5_tcp.c: 
 5079       Checked for existence of policy_id parameter on Stream5 TCP policy.  
 5080 
 5081     * src/preprocessors/perf-base.c: 
 5082       Ensure pkt_stats cannot go below zero 
 5083       
 5084     * etc/sf_rule_options, src/Makefile.am, src/fpcreate.c,
 5085       src/parser.c, src/parser.h, src/snort.c, src/snort.h,
 5086       src/detection-plugins/sp_pattern_match.c,
 5087       src/detection-plugins/sp_pattern_match.h,
 5088       src/dynamic-plugins/sf_convert_dynamic.c,
 5089       src/dynamic-plugins/sf_dynamic_define.h,
 5090       src/dynamic-plugins/sf_dynamic_meta.h,
 5091       src/dynamic-plugins/sf_engine/Makefile.am,
 5092       src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 5093       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 5094       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 5095       src/dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 5096       src/sfutil/Makefile.am, src/hashstring.c, src/hashstring.h,
 5097       sfutil/sf_sechash.c, sfutil/sf_sechash.h,
 5098       src/file-process/file_capture.c,
 5099       src/file-process/file_resume_block.c,
 5100       src/file-process/libs/Makefile.am,
 5101       src/file-process/libs/file_lib.c, src/sfutil/Makefile.am,
 5102       src/sfutil/md5.c, src/sfutil/md5.h, src/sfutil/sf_sechash.c,
 5103       src/sfutil/sf_sechash.h, src/sfutil/sha2.c, src/sfutil/sha2.h,
 5104       src/win32/WIN32-Prj/snort.dsp, configure.in, 
 5105       doc/snort_manual.pdf, doc/snort_manual.tex: 
 5106       Protected Rule Content feature.  Updating the minor revision number for
 5107       the engine API for share library rules.  Augmented the logic in configure.in
 5108       to force the -lcrypto library to be included in the link.  Added
 5109       implementations of SHA2 and MD5 algorithms to Snort to allow use with older
 5110       versions of OpenSSL.
 5111 
 5112     * doc/: snort_manual.pdf, snort_manual.tex: 
 5113       Modified descriptions of urilen, dsize, and flags rule options.  
 5114 
 5115     * doc/snort_manual.pdf, doc/snort_manual.tex,
 5116       src/sfutil/sfPolicy.c: 
 5117       Added check in binding mappings to prevent Snort from loading binding
 5118       policy_ids > 4095, having it reject the configuration on load. Updated
 5119       documentation to include config binding policy_id.  
 5120 
 5121     * src/preprocessors/spp_stream5.c: 
 5122       New minimum max_tcp sessions is now 2.
 5123 
 5124     * src/: dynamic-preprocessors/ftptelnet/pp_ftp.c,
 5125       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5126       dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 5127       preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 5128       preprocessors/stream_expect.c, preprocessors/stream_expect.h:
 5129       Change preprocessor order for when FTP data is handled.
 5130       
 5131     * src/: dynamic-examples/dynamic-preprocessor/Makefile.am,
 5132       dynamic-plugins/sf_engine/Makefile.am,
 5133       dynamic-preprocessors/dcerpc2/Makefile.am,
 5134       dynamic-preprocessors/dnp3/Makefile.am,
 5135       dynamic-preprocessors/dns/Makefile.am,
 5136       dynamic-preprocessors/file/Makefile.am,
 5137       dynamic-preprocessors/ftptelnet/Makefile.am,
 5138       dynamic-preprocessors/gtp/Makefile.am,
 5139       dynamic-preprocessors/imap/Makefile.am,
 5140       dynamic-preprocessors/modbus/Makefile.am,
 5141       dynamic-preprocessors/pop/Makefile.am,
 5142       dynamic-preprocessors/reputation/Makefile.am,
 5143       dynamic-preprocessors/rzb_saac/Makefile.am,
 5144       dynamic-preprocessors/sdf/Makefile.am,
 5145       dynamic-preprocessors/sip/Makefile.am,
 5146       dynamic-preprocessors/smtp/Makefile.am,
 5147       dynamic-preprocessors/ssh/Makefile.am,
 5148       dynamic-preprocessors/ssl/Makefile.am: 
 5149       Install libraries into user defined libdir.  Thanks to cjgd7-facebook
 5150 	  for reporting the issue.
 5151 
 5152     * src/: detection-plugins/detection_options.c,
 5153       detection-plugins/sp_pattern_match.c,
 5154       detection-plugins/sp_pattern_match.h,
 5155       dynamic-plugins/sf_convert_dynamic.c: 
 5156       Update 'within' rule limits to handle extraction of a 0
 5157       via byte_extract.
 5158 
 5159     * src/detection-plugins/: sp_byte_check.c, sp_byte_extract.h,
 5160       sp_byte_jump.c, sp_isdataat.c, sp_pattern_match.c: 
 5161       Modified error outputs to include the specific offending rule option.  
 5162 
 5163 2013-12-30 Steven Sturges <ssturges@sourcefire.com>
 5164 Snort 2.9.6.0
 5165 	* src/build.h:
 5166 	  updating build number to 47
 5167 
 5168 	* doc/README.file, doc/README.file_ips,
 5169 	  etc/file_magic.conf, etc/Makefile.am:
 5170 	  Added file_magic.conf and fixed a few typos.  Thanks to Joshua Kinard for
 5171 	  pointing them out.
 5172 
 5173 	* doc/snort_manual.tex: 
 5174       Update snort team members 
 5175 
 5176 	* src/detection-plugins/sp_file_type.h,
 5177 	  src/dynamic-preprocessors/libs/sf_preproc_info.h, 
 5178 	  tools/file_server/file_server.c: 
 5179       Clean up copyright and attribution.  
 5180  
 5181 	* src/dynamic-preprocessors/sdf/spp_sdf.c: 
 5182       Fix seconndary check for reassembled packets.  
 5183 
 5184 	* doc/: README.GTP, README.PerfProfiling, README.dcerpc2,
 5185 	  README.file, README.frag3, README.ftptelnet, README.http_inspect,
 5186 	  README.imap, README.multipleconfigs, README.normalize,
 5187 	  README.pop, README.reload, README.reputation, README.rpc_decode,
 5188 	  README.sfportscan, README.sip, README.unified2, USAGE, WISHLIST,
 5189 	  snort_manual.pdf, snort_manual.tex, README.SMTP, README.counts, 
 5190 	  README.asn1, README.active, README, NEWS, INSTALL: 
 5191 	  Corrected typos in documentation.  Thanks to Mahendra Ladhe for
 5192 	  pointing out the mistakes and providing a patch.  
 5193 
 5194 	* src/: file-process/file_capture.c,
 5195 	  file-process/file_mime_process.c,
 5196 	  dynamic-preprocessors/imap/snort_imap.c,
 5197 	  dynamic-preprocessors/smtp/snort_smtp.c,
 5198 	  dynamic-preprocessors/file/file_inspect_config.c,
 5199 	  dynamic-preprocessors/pop/snort_pop.c,
 5200 	  sfutil/sf_email_attach_decode.h: 
 5201       Enable detetion on all file data 
 5202 
 5203 	* src/sfutil/: sfxhash.c, sfxhash.h: 
 5204 	  Fix alignment of sfxhash node on sparc. Thanks to Markus Lude.
 5205 
 5206 	* src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c: 
 5207  	  Identify EOF on single segment PDU transimssions.
 5208 	  
 5209 	* src/dynamic-preprocessors/dcerpc2/dce2_memory.c: 
 5210  	  Avoid checking memcap for DCE/RPC configuration data.
 5211 
 5212 	* src/preprocessors/Stream5/snort_stream5_tcp.c: 
 5213  	  Tweak retransmit handling to ensure full right overlap condition holds 
 5214 
 5215 2013-11-22 Steven Sturges <ssturges@sourcefire.com>
 5216 Snort 2.9.6.0.rc
 5217 
 5218     * src/build.h: updating build number to 43
 5219 
 5220     * configure.in, doc/README.ha, doc/snort_manual.pdf,
 5221       doc/snort_manual.tex, doc/Makefile.am: 
 5222       Add Stream5 HA documentation and mark --enable-ha and
 5223       --enable-side-channel as experimental.
 5224 
 5225     * rpm/snort.spec: 
 5226       Install snort_control, u2boat, u2spewfoo from spec file.
 5227       Thanks to Bradley Turnbough for mentioning it.
 5228 
 5229     * src/preprocessors/Stream5/snort_stream5_tcp.c: 
 5230       using sequence number overlapping to trigger retransmission
 5231 	  handler.  This fixed issue on file blocking.  
 5232 
 5233     * src/dynamic-preprocessors/: pop/pop_log.c, smtp/smtp_log.c,
 5234       imap/imap_log.c: 
 5235  	  avoid mail decoding prepocessor alerts when they not enabled
 5236 	  in config.
 5237 
 5238     * doc/snort_manual.tex,
 5239       src/: active.c, active.h, decode.c, detect.c, fpdetect.c,
 5240       detection-plugins/sp_react.c,
 5241       dynamic-plugins/sf_dynamic_plugins.c,
 5242       file-process/file_resume_block.c, file-process/file_service.c,
 5243       output-plugins/spo_alert_fast.c, output-plugins/spo_unified2.c,
 5244       preprocessors/spp_bo.c, preprocessors/spp_frag3.c,
 5245       preprocessors/Stream5/snort_stream5_ip.c,
 5246       preprocessors/Stream5/snort_stream5_tcp.c,
 5247       preprocessors/Stream5/snort_stream5_udp.c: 
 5248  	  alerts get wdrop when active is suspended; code for cdrop is ready
 5249 	  but disabled 
 5250 
 5251     * src/: file-process/file_api.h, file-process/file_resume_block.c,
 5252       file-process/file_service.c, file-process/libs/file_lib.h,
 5253       dynamic-preprocessors/file/file_agent.c: 
 5254   	  Add file id to file API callbacks to support multiple file contexts.  
 5255 
 5256     * preproc_rules/decoder.rules, src/decode.c, src/generators.h: 
 5257  	  Validate authentication headers. New decoder rules (116:465 and 116:466).
 5258     
 5259 	* doc/snort_manual.pdf, doc/snort_manual.tex,
 5260       src/detection-plugins/sp_icmp_code_check.c: 
 5261  	  Added data validation checks to the icode rule option. The parser
 5262 	  phase will now throw fatal errors for illegal values.  
 5263       Update manual to reflect the additional data validation.
 5264 
 5265     * src/preprocessors/Stream5/: snort_stream5_ip.c,
 5266       snort_stream5_udp.c: 
 5267  	  Force block for block rule in inline test mode.  
 5268 
 5269     * src/: dynamic-preprocessors/imap/snort_imap.c,
 5270       dynamic-preprocessors/pop/snort_pop.c,
 5271       dynamic-preprocessors/smtp/snort_smtp.c,
 5272       preprocessors/stream_api.h,
 5273       preprocessors/Stream5/snort_stream5_tcp.c: 
 5274  	  Don't put gaps in reassembled packets 
 5275 
 5276     * src/: preprocessors/Stream5/snort_stream5_session.c,
 5277       side-channel/sidechannel.c: 
 5278  	  The global list in the session cache is ordered from MRU (head) to
 5279 	  LRU (tail), so correctly walk backward rather than forward from the
 5280 	  LRU looking for sessions to time out.  Clean up compiler warning in
 5281 	  Side Channel.  
 5282 
 5283     * src/file-process/: libs/file_lib.c, file_api.h, file_capture.c,
 5284       file_service.c, file_service.h: 
 5285       Add multiple file contexts support for file API.  
 5286 
 5287     * src/: dynamic-preprocessors/ftptelnet/ftpp_si.c,
 5288       dynamic-preprocessors/ftptelnet/ftpp_si.h,
 5289       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5290       dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 5291       preprocessors/Stream5/snort_stream5_tcp.c: 
 5292  	  Add EndOfFile stream event callback. Remove EOF logic from
 5293 	  FTP/Preprocessor in lieu of new callback.
 5294 
 5295     * src/: file-process/file_service.c,
 5296       file-process/file_service_config.c,
 5297       file-process/file_service_config.h, snort.c: 
 5298       make sure file configuration is initialized during reload.  
 5299 
 5300 2013-10-18 Hui Cao <hcao@sourcefire.com>
 5301 Snort 2.9.6.0.beta
 5302     * doc/: Makefile.am, README.file, README.file_ips: 
 5303  	  Add readme for experimental file type ips rule keywords.
 5304 
 5305     * src/detection-plugins/sp_icmp_code_check.c:
 5306       Allow a negative value in the ICMP icode x<>y range check.  This
 5307       permits the rule to include a check for zero
 5308 
 5309     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5310       Disable detection when the TCP connection was already closed.
 5311 
 5312     * src/: dynamic-preprocessors/ftptelnet/ftpp_si.h,
 5313       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 5314       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5315       file-process/file_api.h:
 5316       Fix FTP-Data file processing.
 5317 
 5318     * src/snort_bounds.h:
 5319       Avoid assertion for zero size memory copy
 5320 
 5321     * src/: dynamic-plugins/sf_dynamic_plugins.c,
 5322       detection-plugins/sp_react.c:
 5323       Only inject response page when session is established.
 5324 
 5325     * src/dynamic-preprocessors/smtp/smtp_log.h,
 5326       src/dynamic-preprocessors/smtp/snort_smtp.c,
 5327       src/dynamic-preprocessors/smtp/snort_smtp.h,
 5328       preproc_rules/preprocessor.rules, etc/gen-msg.map:
 5329       Add a new preprocessor alert to detect Cyrus SASL authentication
 5330       attack.
 5331 
 5332     * src/dynamic-preprocessors/ssh/spp_ssh.c:
 5333       Set_reassembly to ABSOLUTE only if the traffic is SSH.
 5334       Statefully process ssh version/ssh key exchange
 5335       init/key exchange and/or encrypted data within a single
 5336       reassembled packet. Thanks to Florian Westphal for reporting this.
 5337 
 5338     * src/file-process/file_mime_process.c:
 5339       For IMAP, the MIME and message will be inside fetch
 5340       body, which will be end at ")".
 5341 
 5342     * src/: dynamic-preprocessors/dns/spp_dns.c,
 5343       dynamic-preprocessors/ssh/spp_ssh.c,
 5344       Change preprocessor reassembly policy; Changed SSH preprocessor state
 5345       transition based on the dir rather than both.
 5346 
 5347     * src/: preprocessors/Stream5/snort_stream5_tcp.c:
 5348       Ignore the gap when turning on reassembly dynamically on the very
 5349       first packet of the session.
 5350 
 5351     * src/dynamic-preprocessors/dnp3/spp_dnp3.c:
 5352       Fix the incorrect mempool warnings. Thanks to Bram for reporting this
 5353 
 5354     * doc/snort_manual.pdf, doc/snort_manual.tex, configure.in,
 5355       src/snort.c, src/util.c:
 5356       Trim freed memory before and after configuration reload.
 5357 
 5358     * src/: dynamic-preprocessors/imap/snort_imap.c,
 5359       dynamic-preprocessors/pop/snort_pop.c,
 5360       dynamic-preprocessors/smtp/snort_smtp.c,
 5361       file-process/file_mime_process.c,
 5362       sfutil/sf_email_attach_decode.c:
 5363       Allow 7bit decoding of binary file attachments.
 5364  
 5365     * src/dynamic-preprocessors/sdf/: spp_sdf.c, spp_sdf.h:
 5366       Avoid partial rule tree match during reload.
 5367 
 5368     * src/tag.c:
 5369       Fix boundary check error so that the global tagged packet limit
 5370       doesn't allow an extra tag.
 5371 
 5372     * src/: file-process/file_mime_process.h, file-process/file_api.h,
 5373       file-process/file_mime_process.c, file-process/file_service.c,
 5374       dynamic-preprocessors/imap/snort_imap.c,
 5375       dynamic-preprocessors/imap/spp_imap.c,
 5376       dynamic-preprocessors/smtp/snort_smtp.c,
 5377       dynamic-preprocessors/pop/snort_pop.c,
 5378       dynamic-preprocessors/pop/spp_pop.c:
 5379       Add simple PAF support for POP and IMAP.
 5380 
 5381     * src/: util.c, util.h, sfutil/sf_ip.c, sfutil/sf_ip.h: Bugs
 5382       Add sfip_convert_ip_text_to_binary() to enforce platform agnostic
 5383       IPv4 syntax. Make sure xatou(), xatol(), and xatoup() return values
 5384       within specified range
 5385  
 5386     * doc/snort_manual.tex:
 5387       Update the document to include the '<=' and '>=' operators to
 5388       the byte_test command
 5389 
 5390     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5391       Make sure INTERNAL_EVENT_SESSION_ADD event only in the
 5392       ESTABLISHED state.
 5393 
 5394     * src/sfutil/sf_email_attach_decode.c:
 5395       Check the QP encoding string is valid to avoid decoding end of line
 5396       incorrectly.
 5397 
 5398     * src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
 5399       Tweak config output to correspond to config input.
 5400       Thanks to Reinoud Koornstra for the suggestion.
 5401 
 5402     * src/preprocessors/Stream5/: snort_stream5_icmp.c,
 5403       snort_stream5_ip.c, snort_stream5_tcp.c, snort_stream5_udp.c:
 5404       dynamic-preprocessors/pop/snort_pop.c,
 5405       dynamic-preprocessors/smtp/snort_smtp.c,
 5406       dynamic-preprocessors/ssl/spp_ssl.c,
 5407       encode.c, dynamic-preprocessors/dcerpc2/dce2_cl.c,
 5408       dynamic-preprocessors/dcerpc2/dce2_session.h,
 5409       dynamic-preprocessors/dcerpc2/snort_dce2.c,
 5410       dynamic-preprocessors/dns/spp_dns.c,
 5411       dynamic-preprocessors/imap/snort_imap.c:
 5412       preprocessors/spp_rpc_decode.c, preprocessors/spp_stream5.c,
 5413       preprocessors/stream_api.h, preprocessors/stream_expect.c:
 5414       Handle out of order SSL handshake in SMTP.
 5415       Thanks to Bram for the reporting this.
 5416 
 5417     * src/preprocessors/perf-base.c:
 5418       Update the header printed at top of now file.
 5419 
 5420     * src/preprocessors/perf-base.c:
 5421       Change name of stat from Blocked Packets to Block Verdicts.
 5422 
 5423     * src/preprocessors/Stream5/snort_stream5_session.c:
 5424       Timeout a session when session timeout reaches instead of waiting for
 5425       session nominal timeout.
 5426 
 5427     * configure.in, src/plugbase.c, src/rule_option_types.h,
 5428       src/snort.c, src/detection-plugins/Makefile.am,
 5429       src/detection-plugins/: sp_file_type.c, sp_file_type.h,
 5430       src/detection-plugins/detection_options.c,
 5431       src/dynamic-preprocessors/Makefile.am,
 5432       src/file-process/Makefile.am, src/file-process/file_api.h,
 5433       src/file-process/file_service.c,
 5434       src/file-process/file_service_config.c,
 5435       src/file-process/file_service_config.h,
 5436       src/file-process/libs/Makefile.am,
 5437       src/file-process/libs/file_config.c,
 5438       src/file-process/libs/file_config.h,
 5439       src/file-process/libs/file_lib.c,
 5440       src/file-process/libs/file_lib.h,
 5441       src/preprocessors/spp_stream5.c, tools/Makefile.am,
 5442       doc/: README.file, README.file_ips, Makefile.am:
 5443       File inspection keywords for IPS rules.
 5444 
 5445     * src/dynamic-preprocessors/sdf/: sdf_pattern_match.c,
 5446       sdf_pattern_match.h, spp_sdf.c, spp_sdf.h:
 5447       Add stateful pattern match of sdf patterns across packets.
 5448 
 5449     * mkinstalldirs, doc/snort_manual.tex, src/detect.c,
 5450       src/detection_util.h, src/fpdetect.c, src/parser.c, src/tag.c,
 5451       src/tag.h, src/target-based/sf_attribute_table.y,
 5452       tools/u2spewfoo/u2spewfoo.c:
 5453       Support single session capture via tag rule option.
 5454       Log all packets to the same place as original alert. 
 5455       Enable tagging on pass rules.
 5456 
 5457     * src/: dynamic-preprocessors/imap/snort_imap.c,
 5458       dynamic-preprocessors/imap/snort_imap.h,
 5459       dynamic-preprocessors/pop/snort_pop.c,
 5460       dynamic-preprocessors/pop/snort_pop.h,
 5461       dynamic-preprocessors/smtp/snort_smtp.c,
 5462       dynamic-preprocessors/smtp/snort_smtp.h, file-process/file_api.h,
 5463       file-process/file_mime_process.c, preprocessors/str_search.c,
 5464       preprocessors/str_search.h, sfutil/bnfa_search.c:
 5465       Add Stateful mime boundary search when split between packets.
 5466  
 5467     * src/preprocessors/HttpInspect/client/hi_client.c:
 5468       Change the uri search to start from method end instead of the start
 5469       of payload.
 5470 
 5471     * configure.in, doc/README.file, doc/snort_manual.pdf,
 5472       src/parser.c, src/preprocids.h, src/snort.c, src/util.c,
 5473       src/detection-plugins/.cvsignore,
 5474       src/dynamic-examples/Makefile.am,
 5475       src/dynamic-plugins/sf_engine/.cvsignore,
 5476       src/dynamic-preprocessors/Makefile.am,
 5477       src/dynamic-preprocessors/file/Makefile.am,
 5478       src/dynamic-preprocessors/file/file_agent.c,
 5479       src/dynamic-preprocessors/file/file_agent.h,
 5480       src/dynamic-preprocessors/file/file_event_log.c,
 5481       src/dynamic-preprocessors/file/file_event_log.h,
 5482       src/dynamic-preprocessors/file/file_inspect_config.c,
 5483       src/dynamic-preprocessors/file/file_inspect_config.h,
 5484       src/dynamic-preprocessors/file/file_sha.c,
 5485       src/dynamic-preprocessors/file/file_sha.h,
 5486       src/dynamic-preprocessors/file/sf_file.dsp,
 5487       src/dynamic-preprocessors/file/spp_file.c,
 5488       src/dynamic-preprocessors/file/spp_file.h,
 5489       src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 5490       src/file-process/Makefile.am, src/file-process/circular_buffer.c,
 5491       src/file-process/circular_buffer.h, src/file-process/file_api.h,
 5492       src/file-process/file_capture.c, src/file-process/file_capture.h,
 5493       src/file-process/file_mempool.c, src/file-process/file_mempool.h,
 5494       src/file-process/file_resume_block.c,
 5495       src/file-process/file_service.c, src/file-process/file_service.h,
 5496       src/file-process/file_service_config.c,
 5497       src/file-process/file_service_config.h,
 5498       src/file-process/file_stats.c, src/file-process/file_stats.h,
 5499       src/file-process/libs/file_config.c,
 5500       src/file-process/libs/file_config.h,
 5501       src/file-process/libs/file_identifier.c,
 5502       src/file-process/libs/file_identifier.h,
 5503       src/file-process/libs/file_lib.c,
 5504       src/file-process/libs/file_lib.h,
 5505       src/file-process/libs/file_sha256.h, tools/Makefile.am,
 5506       tools/file_server/Makefile.am,
 5507       tools/file_server/README.file_server,
 5508       tools/file_server/file_server.c:
 5509       Add file capture feature and introduce file inspect preprocessor
 5510 
 5511     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5512       Parse error if there are missing direction specifiers.
 5513       Thanks to Bram Fabeg for the report.
 5514  
 5515     * src/ipv6_port.h:
 5516       Remove duplicate macro for GET_ORIG_IPH_PROTO.
 5517 
 5518     * doc/: README.decode, README.gre, README.mpls, snort_manual.pdf,
 5519       snort_manual.tex:
 5520       Update manual and other docs related to tunneling.
 5521       Thanks to Jason Poley for noting it.
 5522 
 5523     * src/parser.c:
 5524       Not so silently skip duplicate service metadata.
 5525 
 5526     * src/: log.c, mempool.c, parser.c, snort.c, util.c,
 5527       detection-plugins/sp_ip_tos_check.c,
 5528       detection-plugins/sp_pattern_match.c,
 5529       detection-plugins/sp_replace.c, detection-plugins/sp_session.c,
 5530       detection-plugins/sp_tcp_win_check.c,
 5531       dynamic-preprocessors/dns/spp_dns.c,
 5532       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 5533       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5534       dynamic-preprocessors/sdf/sdf_pattern_match.c,
 5535       output-plugins/spo_log_ascii.c, output-plugins/spo_log_tcpdump.c,
 5536       preprocessors/HttpInspect/utils/hi_paf.c,
 5537       preprocessors/Stream5/snort_stream5_tcp.c:
 5538       Replace obsolete bzero and index calls.  Credits to Bill Parker
 5539 
 5540     * src/dynamic-preprocessors/: smtp/snort_smtp.c, ssl/spp_ssl.c,
 5541       libs/ssl.c, libs/ssl.h:
 5542       Check for SSL type only when the SSL handshake is not complete.
 5543       Don't check for type in SSL data.
 5544       Thanks to Bram Fabeg for reporting this.
 5545 
 5546     * src/preprocessors/: HttpInspect/server/hi_server.c,
 5547       HttpInspect/server/hi_server_norm.c, Stream5/snort_stream5_tcp.c:
 5548       Only check charset bom once per response body;
 5549       Only set charset once per charset=
 5550 
 5551     * src/profiler.c:
 5552       Fix issue when reading pcaps from command line and using multiple
 5553       policies and --pcap-reset.
 5554 
 5555     * src/detection-plugins/detection_options.c:
 5556       Don't count RTN perf time in OTN perf time.
 5557       Credits to Reinoud for reporting this.
 5558  
 5559     * doc/README.flowbits:
 5560       Fix typo in flowbits isnotset examples
 5561 
 5562     * src/snort.c, src/snort.h, src/util.c, snort.8,
 5563       doc/snort_manual.pdf, doc/snort_manual.tex:
 5564       Add a command line switch --no-interface-pidfile to snort.
 5565  
 5566     * src/preprocessors/: spp_stream5.c, Stream5/stream5_common.h:
 5567       Updated Stream's exit stats to use 'filtered' instead of dropped. 
 5568 
 5569     * src/: detection_util.h, dynamic-preprocessors/sip/spp_sip.c:
 5570       Don't set sip/http buffers to null
 5571 
 5572     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
 5573       Return mismatch if requested http buffer was not set
 5574 
 5575     * src/snort.c: Bugs Fixed:
 5576       Capture packet data for sigabrt and sigbus
 5577 
 5578     * doc/README.dcerpc2, doc/snort_manual.pdf, doc/snort_manual.tex,
 5579       etc/gen-msg.map, preproc_rules/preprocessor.rules, src/active.c,
 5580       src/active.h, src/encode.c, src/encode.h, src/generators.h,
 5581       src/dynamic-plugins/sf_dynamic_plugins.c,
 5582       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 5583       src/dynamic-preprocessors/dcerpc2/dce2_co.c,
 5584       src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 5585       src/dynamic-preprocessors/dcerpc2/dce2_config.h,
 5586       src/dynamic-preprocessors/dcerpc2/dce2_event.c,
 5587       src/dynamic-preprocessors/dcerpc2/dce2_event.h,
 5588       src/dynamic-preprocessors/dcerpc2/dce2_memory.c,
 5589       src/dynamic-preprocessors/dcerpc2/dce2_memory.h,
 5590       src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
 5591       src/dynamic-preprocessors/dcerpc2/dce2_smb.h,
 5592       src/dynamic-preprocessors/dcerpc2/dce2_stats.h,
 5593       src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
 5594       src/dynamic-preprocessors/dcerpc2/snort_dce2.h,
 5595       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 5596       src/dynamic-preprocessors/dcerpc2/spp_dce2.h,
 5597       src/dynamic-preprocessors/dcerpc2/includes/smb.h,
 5598       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5599       src/dynamic-preprocessors/imap/snort_imap.c,
 5600       src/dynamic-preprocessors/pop/snort_pop.c,
 5601       src/dynamic-preprocessors/smtp/snort_smtp.c,
 5602       src/file-process/file_api.h,
 5603       src/file-process/file_mime_process.c,
 5604       src/file-process/file_service.c,
 5605       src/file-process/libs/file_identifier.c,
 5606       src/file-process/libs/file_identifier.h,
 5607       src/file-process/libs/file_lib.c,
 5608       src/file-process/libs/file_lib.h,
 5609       src/preprocessors/snort_httpinspect.c,
 5610       src/preprocessors/Stream5/snort_stream5_tcp.c:
 5611       Add SMB file support
 5612 
 5613 2013-10-18 Steven Sturges <ssturges@sourcefire.com>
 5614 Snort 2.9.5.6
 5615     * src/build.h:
 5616       updating build number to 208
 5617 
 5618     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5619       add NULL check for preprocessors that check for PAF before
 5620       they check for any actual tcp session
 5621 
 5622     * src/detection-plugins/: sp_byte_check.c, sp_byte_jump.c,
 5623       sp_isdataat.c, sp_pattern_match.c:
 5624       Test if the byte extracted distance and/or offset is within
 5625       bounds of the search buffer.  Thanks to Nathan Fowler for
 5626       noting the issue.
 5627 
 5628     * src/preprocessors/HttpInspect/client/hi_client.c:
 5629       clear cookie normalization buffer to avoid accidental null
 5630       dereference in pipelined request.  Thanks to Michael Galapchuk
 5631       for reporting the problem.
 5632 
 5633 2013-09-02 Steven Sturges <ssturges@sourcefire.com>
 5634 Snort 2.9.5.5
 5635     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5636       disable all detection (not just content-base) for packets on previously
 5637       blocked sessions
 5638 
 5639     * src/preprocessors/perf.c:
 5640       Write perfmon entry when both packet count and time conditions are met,
 5641       rather than waiting for a multiple of the packet count after the time is
 5642       reached.
 5643 
 5644     * src/dynamic-preprocessors/smtp/snort_smtp.c:
 5645       Stop inspection of the entire session when TLS data is present with
 5646       ignore_tls_data enabled in SMTP - Check for midstream pickups and
 5647       gaps when we miss server hello, and stop inspection as soon as we get
 5648       client hello when ignore_tls_data is turned on
 5649 
 5650     * src/dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c:
 5651       changed pcre relative match with HTTP buffers to be not allowed in .so
 5652       rules (same as in text rules)
 5653 
 5654 2013-07-03 Steven Sturges <ssturges@sourcefire.com>
 5655 Snort 2.9.5.3
 5656     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5657       Fixed handling of partial segment purging.  Thanks to Lode Mertens
 5658       for reporting the issue.
 5659 
 5660     * configure.in, src/active.c, src/decode.c, src/decode.h,
 5661       src/detect.c, src/detection_util.c, src/detection_util.h,
 5662       src/encode.c, src/encode.h, src/fpcreate.c, src/fpdetect.c,
 5663       src/log_text.c, src/parser.c, src/plugbase.c, src/ppm.c,
 5664       src/ppm.h, src/profiler.c, src/snort.c, src/util.c, src/util.h,
 5665       src/detection-plugins/detection_options.c,
 5666       src/detection-plugins/sp_byte_check.c,
 5667       src/detection-plugins/sp_ftpbounce.c,
 5668       src/detection-plugins/sp_pattern_match.c,
 5669       src/detection-plugins/sp_pattern_match.h,
 5670       src/detection-plugins/sp_pcre.c, src/detection-plugins/sp_pcre.h,
 5671       src/detection-plugins/sp_replace.c,
 5672       src/detection-plugins/sp_rpc_check.c,
 5673       src/detection-plugins/sp_urilen_check.c,
 5674       src/dynamic-examples/dynamic-preprocessor/spp_example.c,
 5675       src/dynamic-plugins/sf_convert_dynamic.c,
 5676       src/dynamic-plugins/sf_dynamic_common.h,
 5677       src/dynamic-plugins/sf_dynamic_define.h,
 5678       src/dynamic-plugins/sf_dynamic_engine.h,
 5679       src/dynamic-plugins/sf_dynamic_meta.h,
 5680       src/dynamic-plugins/sf_dynamic_plugins.c,
 5681       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 5682       src/dynamic-plugins/sp_dynamic.c,
 5683       src/dynamic-plugins/sf_engine/Makefile.am,
 5684       src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 5685       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 5686       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 5687       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 5688       src/dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 5689       src/dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 5690       src/dynamic-plugins/sf_engine/examples/bug26266.c,
 5691       src/dynamic-plugins/sf_engine/examples/detection_lib_meta.h,
 5692       src/dynamic-plugins/sf_engine/examples/fake_snort.c,
 5693       src/dynamic-plugins/sf_preproc_example/spp_nfs_setup.c,
 5694       src/dynamic-preprocessors/dcerpc2/dce2_http.h,
 5695       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 5696       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 5697       src/dynamic-preprocessors/dns/spp_dns.c,
 5698       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5699       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 5700       src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 5701       src/dynamic-preprocessors/gtp/spp_gtp.c,
 5702       src/dynamic-preprocessors/imap/snort_imap.c,
 5703       src/dynamic-preprocessors/imap/spp_imap.c,
 5704       src/dynamic-preprocessors/isakmp/spp_isakmp.c,
 5705       src/dynamic-preprocessors/modbus/spp_modbus.c,
 5706       src/dynamic-preprocessors/pop/snort_pop.c,
 5707       src/dynamic-preprocessors/pop/spp_pop.c,
 5708       src/dynamic-preprocessors/reputation/reputation_config.h,
 5709       src/dynamic-preprocessors/reputation/spp_reputation.c,
 5710       src/dynamic-preprocessors/rzb_saac/spp_rzb-saac.c,
 5711       src/dynamic-preprocessors/sdf/spp_sdf.c,
 5712       src/dynamic-preprocessors/sip/sip_dialog.c,
 5713       src/dynamic-preprocessors/sip/sip_parser.c,
 5714       src/dynamic-preprocessors/sip/spp_sip.c,
 5715       src/dynamic-preprocessors/smtp/spp_smtp.c,
 5716       src/dynamic-preprocessors/ssh/spp_ssh.c,
 5717       src/dynamic-preprocessors/ssl/spp_ssl.c,
 5718       src/file-process/file_service.c,
 5719       src/file-process/libs/file_config.c,
 5720       src/output-plugins/spo_unified2.c, src/preprocessors/portscan.c,
 5721       src/preprocessors/snort_httpinspect.c,
 5722       src/preprocessors/spp_arpspoof.c, src/preprocessors/spp_bo.c,
 5723       src/preprocessors/spp_frag3.c,
 5724       src/preprocessors/spp_httpinspect.c,
 5725       src/preprocessors/spp_perfmonitor.c,
 5726       src/preprocessors/spp_rpc_decode.c,
 5727       src/preprocessors/spp_sfportscan.c,
 5728       src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 5729       src/preprocessors/HttpInspect/client/hi_client.c,
 5730       src/preprocessors/HttpInspect/normalization/hi_norm.c,
 5731       src/preprocessors/Stream5/snort_stream5_tcp.c,
 5732       src/preprocessors/Stream5/snort_stream5_udp.c,
 5733       src/preprocessors/Stream5/stream5_common.h, src/sfutil/sf_iph.c,
 5734       src/sfutil/sf_iph.h, src/sfutil/test/unit_hacks.c:
 5735       Performance improvements and other refactorings. Notable changes
 5736       include: improved HTTP buffer implementation and replaced run-time
 5737       packet checks with assertions.
 5738 
 5739     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5740       Ensure proper counting of sessions initializing.
 5741 
 5742     * doc/Makefile.am, doc/faq.pdf, doc/faq.tex:
 5743       Remove Snort FAQ from source package since its now live on the web.
 5744 
 5745     * src/preprocessors/: spp_stream5.c, stream_expect.c,
 5746       stream_expect.h:
 5747       Add a memcap to expected session tracking.
 5748 
 5749     * src/sfutil/sfrt_flat.c:
 5750       Check for memory allocation failure in both IPV4 and IPV6 tables.
 5751 
 5752     * src/control/sfcontrol.c:
 5753       Do not timeout during shutdown and fix stop processing code in the
 5754       control socket thread.  Add the thread to the list before creation
 5755       of the thread to prevent a race condition.
 5756 
 5757 2013-06-04 Steven Sturges <ssturges@sourcefire.com>
 5758 Snort 2.9.5
 5759     * src/: snort.c, preprocessors/spp_stream5.c:
 5760       when block rules fire during shutdown, log them as alert instead
 5761       of drop
 5762 
 5763     * src/: active.c, active.h,
 5764       preprocessors/Stream5/snort_stream5_session.c:
 5765       don't allow blocks or actions from pruned sessions (unrelated to
 5766       current packet)
 5767 
 5768     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5769       don't generate 129:1 in syn-sent
 5770 
 5771     * src/preprocessors/Stream5/: snort_stream5_tcp.c,
 5772       snort_stream5_udp.c, stream5_common.h:
 5773       don't apply window or mss on midstream pickups
 5774       remove unused flags
 5775       eliminate read-mode check when determining window
 5776 
 5777     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5778       don't reassemble on the tracked whitelisted flows
 5779       fix sequence number validation on ack to zero window syn+ack
 5780       fix timestamp tracking to use window base instead of next expected
 5781 
 5782     * src/preprocessors/spp_stream5.c:
 5783       when stream5 disables inspection, ensure non-content rules are not run
 5784 
 5785     * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
 5786       When removing a pipe tracker, NULL out static request tracker's
 5787       pipe tracker for pipe tracker that was dynamically allocated. 
 5788 
 5789     * src/file-process/libs/file_identifier.c:
 5790       Update some comments and avoid adding the same file magic
 5791 
 5792     * src/preprocessors/: spp_stream5.c, stream_api.h,
 5793       Stream5/snort_stream5_tcp.c:
 5794       swap client/server on midstream pickup if we identify server by service
 5795       using client port
 5796 
 5797     * src/file-process/libs/file_identifier.c:
 5798       Remove the code that parent file type might overwrite child file type.
 5799 
 5800     * preproc_rules/preprocessor.rules, src/generators.h,
 5801       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 5802       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 5803       src/preprocessors/HttpInspect/utils/hi_paf.c,
 5804       src/preprocessors/Stream5/snort_stream5_tcp.c:
 5805       HTTP PAF abort improvements
 5806 
 5807     * doc/: README.frag3, snort_manual.pdf, snort_manual.tex:
 5808       Added config event_trace description to Snort manual.  Removed
 5809       commas from Frag3 example configurations, thanks to Nicholas
 5810       Horton for mentioning this.
 5811  
 5812     * src/: dynamic-preprocessors/reputation/reputation_config.c,
 5813       sfutil/sfrt_flat.c, sfutil/sfrt_flat.h, sfutil/sfrt_flat_dir.c:
 5814       Copy reputation info from another list when a duplicate address is
 5815       inserted. 
 5816 
 5817     * src/dynamic-preprocessors/smtp/snort_smtp.c:
 5818       Fix issue when SMTP BDAT command specifies 0 length.
 5819 
 5820     * src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c:
 5821       Don't sort the manifest file.
 5822 
 5823     * src/: snort.h, util.c:
 5824       Fix FatalError to actually exit when initializing in the failopen
 5825       thread. 
 5826 
 5827     * src/dynamic-preprocessors/reputation/reputation_config.c:
 5828       Update to use more accurate ip list file parsing and validation. 
 5829 
 5830     * src/: active.h, snort.c, dynamic-plugins/sf_dynamic_plugins.c,
 5831       preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 5832       preprocessors/Stream5/snort_stream5_tcp.c:
 5833       ensure that force blocks persist
 5834 
 5835     * src/dynamic-preprocessors/reputation/shmem/: shmem_config.c,
 5836       shmem_config.h, shmem_datamgmt.c, shmem_datamgmt.h, shmem_mgmt.c:
 5837       Refactor/cleanup of shared memory, data management logic. 
 5838 
 5839     * src/: dynamic-examples/dynamic-rule/detection_lib_meta.h,
 5840       dynamic-plugins/sf_dynamic_meta.h,
 5841       dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 5842       preprocessors/spp_stream5.c, preprocessors/stream_api.h:
 5843       Add a stream API function to populate a session key given a packet.
 5844       Also, export REQ_ENGINE_LIB_MAJOR and REQ_ENGINE_LIB_MINOR from snort
 5845 
 5846     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 5847       allow stream5 to track whitelisted sessions
 5848 
 5849     * src/: snort.c, dynamic-preprocessors/dnp3/spp_dnp3.c,
 5850       preprocessors/Stream5/snort_stream5_tcp.c,
 5851       preprocessors/Stream5/stream5_paf.c, sfutil/sfPolicy.c,
 5852       sfutil/sfPolicy.h:
 5853       disable config by vlan or net selection if -DPOLICY_BY_ID_ONLY
 5854 
 5855     * src/: snort.c, snort.h, dynamic-preprocessors/smtp/spp_smtp.c,
 5856       preprocessors/Stream5/stream5_ha.c,
 5857       preprocessors/Stream5/stream5_ha.h, win32/WIN32-Code/misc.c,
 5858       win32/WIN32-Includes/config.h, win32/WIN32-Prj/snort.dsp:
 5859       don't compile pcap reload for Win, add function for ffs() which
 5860       is not defined in windows. 
 5861 
 5862     * src/preprocessors/snort_httpinspect.c:
 5863       Support large file processing in post raw data (not in MIME format)
 5864 
 5865     * src/: decode.c, decode.h, fpcreate.c, fpdetect.c, parser.c,
 5866       parser.h, plugbase.c, plugbase.h, rate_filter.c, rate_filter.h,
 5867       sfthreshold.c, sfthreshold.h, snort.c, snort.h, spo_plugbase.h,
 5868       util.c, util.h, control/sfcontrol.c, control/sfcontrol.h,
 5869       detection-plugins/detection_options.c,
 5870       detection-plugins/detection_options.h,
 5871       detection-plugins/sp_asn1.c, detection-plugins/sp_base64_data.c,
 5872       detection-plugins/sp_base64_decode.c,
 5873       detection-plugins/sp_byte_check.c,
 5874       detection-plugins/sp_byte_extract.c,
 5875       detection-plugins/sp_byte_jump.c,
 5876       detection-plugins/sp_clientserver.c, detection-plugins/sp_cvs.c,
 5877       detection-plugins/sp_dsize_check.c,
 5878       detection-plugins/sp_file_data.c,
 5879       detection-plugins/sp_flowbits.c,
 5880       detection-plugins/sp_ftpbounce.c,
 5881       detection-plugins/sp_icmp_code_check.c,
 5882       detection-plugins/sp_icmp_id_check.c,
 5883       detection-plugins/sp_icmp_seq_check.c,
 5884       detection-plugins/sp_icmp_type_check.c,
 5885       detection-plugins/sp_ip_fragbits.c,
 5886       detection-plugins/sp_ip_id_check.c,
 5887       detection-plugins/sp_ip_proto.c,
 5888       detection-plugins/sp_ip_same_check.c,
 5889       detection-plugins/sp_ip_tos_check.c,
 5890       detection-plugins/sp_ipoption_check.c,
 5891       detection-plugins/sp_isdataat.c,
 5892       detection-plugins/sp_pattern_match.c,
 5893       detection-plugins/sp_pattern_match.h,
 5894       detection-plugins/sp_pcre.c, detection-plugins/sp_pcre.h,
 5895       detection-plugins/sp_pkt_data.c, detection-plugins/sp_react.c,
 5896       detection-plugins/sp_replace.c, detection-plugins/sp_replace.h,
 5897       detection-plugins/sp_respond3.c,
 5898       detection-plugins/sp_rpc_check.c, detection-plugins/sp_session.c,
 5899       detection-plugins/sp_tcp_ack_check.c,
 5900       detection-plugins/sp_tcp_flag_check.c,
 5901       detection-plugins/sp_tcp_seq_check.c,
 5902       detection-plugins/sp_tcp_win_check.c,
 5903       detection-plugins/sp_ttl_check.c,
 5904       detection-plugins/sp_urilen_check.c,
 5905       dynamic-examples/dynamic-preprocessor/sf_preproc_info.h,
 5906       dynamic-examples/dynamic-preprocessor/spp_example.c,
 5907       dynamic-examples/dynamic-rule/detection_lib_meta.h,
 5908       dynamic-output/libs/output_lib.c,
 5909       dynamic-output/plugins/output_api.h,
 5910       dynamic-output/plugins/output_common.h,
 5911       dynamic-output/plugins/output_lib.h,
 5912       dynamic-output/plugins/output_plugin.c,
 5913       dynamic-plugins/sf_convert_dynamic.c,
 5914       dynamic-plugins/sf_convert_dynamic.h,
 5915       dynamic-plugins/sf_dynamic_detection.h,
 5916       dynamic-plugins/sf_dynamic_engine.h,
 5917       dynamic-plugins/sf_dynamic_plugins.c,
 5918       dynamic-plugins/sf_dynamic_preprocessor.h,
 5919       dynamic-plugins/sp_dynamic.c, dynamic-plugins/sp_dynamic.h,
 5920       dynamic-plugins/sp_preprocopt.c, dynamic-plugins/sp_preprocopt.h,
 5921       dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 5922       dynamic-plugins/sf_engine/sf_snort_detection_engine.h,
 5923       dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 5924       dynamic-plugins/sf_engine/sf_snort_plugin_loop.c,
 5925       dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 5926       dynamic-plugins/sf_engine/examples/sfsnort_dynamic_detection_lib.c,
 5927       dynamic-plugins/sf_preproc_example/sf_preproc_info.h,
 5928       dynamic-preprocessors/dcerpc2/dce2_config.c,
 5929       dynamic-preprocessors/dcerpc2/dce2_config.h,
 5930       dynamic-preprocessors/dcerpc2/dce2_paf.c,
 5931       dynamic-preprocessors/dcerpc2/dce2_paf.h,
 5932       dynamic-preprocessors/dcerpc2/dce2_roptions.c,
 5933       dynamic-preprocessors/dcerpc2/dce2_roptions.h,
 5934       dynamic-preprocessors/dcerpc2/snort_dce2.c,
 5935       dynamic-preprocessors/dcerpc2/spp_dce2.c,
 5936       dynamic-preprocessors/dnp3/dnp3_paf.c,
 5937       dynamic-preprocessors/dnp3/dnp3_paf.h,
 5938       dynamic-preprocessors/dnp3/dnp3_roptions.c,
 5939       dynamic-preprocessors/dnp3/dnp3_roptions.h,
 5940       dynamic-preprocessors/dnp3/spp_dnp3.c,
 5941       dynamic-preprocessors/dns/spp_dns.c,
 5942       dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.c,
 5943       dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.h,
 5944       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 5945       dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 5946       dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 5947       dynamic-preprocessors/gtp/gtp_roptions.c,
 5948       dynamic-preprocessors/gtp/gtp_roptions.h,
 5949       dynamic-preprocessors/gtp/spp_gtp.c,
 5950       dynamic-preprocessors/imap/imap_config.h,
 5951       dynamic-preprocessors/imap/snort_imap.c,
 5952       dynamic-preprocessors/imap/spp_imap.c,
 5953       dynamic-preprocessors/modbus/modbus_paf.c,
 5954       dynamic-preprocessors/modbus/modbus_paf.h,
 5955       dynamic-preprocessors/modbus/modbus_roptions.c,
 5956       dynamic-preprocessors/modbus/modbus_roptions.h,
 5957       dynamic-preprocessors/modbus/spp_modbus.c,
 5958       dynamic-preprocessors/pop/snort_pop.c,
 5959       dynamic-preprocessors/pop/spp_pop.c,
 5960       dynamic-preprocessors/reputation/reputation_config.c,
 5961       dynamic-preprocessors/reputation/reputation_config.h,
 5962       dynamic-preprocessors/reputation/spp_reputation.c,
 5963       dynamic-preprocessors/reputation/shmem/shmem_common.h,
 5964       dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c,
 5965       dynamic-preprocessors/reputation/shmem/shmem_datamgmt.h,
 5966       dynamic-preprocessors/sdf/sdf_detection_option.c,
 5967       dynamic-preprocessors/sdf/sdf_detection_option.h,
 5968       dynamic-preprocessors/sdf/spp_sdf.c,
 5969       dynamic-preprocessors/sdf/spp_sdf.h,
 5970       dynamic-preprocessors/sip/sip_roptions.c,
 5971       dynamic-preprocessors/sip/sip_roptions.h,
 5972       dynamic-preprocessors/sip/spp_sip.c,
 5973       dynamic-preprocessors/sip/spp_sip.h,
 5974       dynamic-preprocessors/smtp/smtp_config.c,
 5975       dynamic-preprocessors/smtp/snort_smtp.c,
 5976       dynamic-preprocessors/smtp/spp_smtp.c,
 5977       dynamic-preprocessors/ssh/spp_ssh.c,
 5978       dynamic-preprocessors/ssl/spp_ssl.c, file-process/file_service.c,
 5979       output-plugins/spo_alert_fast.c, output-plugins/spo_alert_full.c,
 5980       output-plugins/spo_alert_sf_socket.c,
 5981       output-plugins/spo_alert_syslog.c,
 5982       output-plugins/spo_alert_test.c,
 5983       output-plugins/spo_alert_unixsock.c, output-plugins/spo_csv.c,
 5984       output-plugins/spo_log_ascii.c, output-plugins/spo_log_null.c,
 5985       output-plugins/spo_log_tcpdump.c, output-plugins/spo_unified2.c,
 5986       parser/IpAddrSet.c, parser/IpAddrSet.h, preprocessors/portscan.c,
 5987       preprocessors/portscan.h, preprocessors/spp_arpspoof.c,
 5988       preprocessors/spp_bo.c, preprocessors/spp_frag3.c,
 5989       preprocessors/spp_httpinspect.c, preprocessors/spp_normalize.c,
 5990       preprocessors/spp_perfmonitor.c, preprocessors/spp_rpc_decode.c,
 5991       preprocessors/spp_sfportscan.c, preprocessors/spp_stream5.c,
 5992       preprocessors/stream_api.h,
 5993       preprocessors/HttpInspect/include/hi_paf.h,
 5994       preprocessors/HttpInspect/include/hi_ui_server_lookup.h,
 5995       preprocessors/HttpInspect/user_interface/hi_ui_server_lookup.c,
 5996       preprocessors/HttpInspect/utils/hi_paf.c,
 5997       preprocessors/Stream5/snort_stream5_session.h,
 5998       preprocessors/Stream5/snort_stream5_tcp.c,
 5999       preprocessors/Stream5/snort_stream5_tcp.h,
 6000       preprocessors/Stream5/snort_stream5_udp.c,
 6001       preprocessors/Stream5/snort_stream5_udp.h,
 6002       preprocessors/Stream5/stream5_common.c,
 6003       preprocessors/Stream5/stream5_common.h,
 6004       preprocessors/Stream5/stream5_ha.c,
 6005       preprocessors/Stream5/stream5_ha.h,
 6006       preprocessors/Stream5/stream5_paf.c,
 6007       preprocessors/Stream5/stream5_paf.h, sfutil/Makefile.am,
 6008       sfutil/acsmx.c, sfutil/acsmx.h, sfutil/acsmx2.c, sfutil/acsmx2.h,
 6009       sfutil/bnfa_search.c, sfutil/bnfa_search.h,
 6010       sfutil/intel-soft-cpm.c, sfutil/intel-soft-cpm.h, sfutil/mpse.c,
 6011       sfutil/mpse.h, sfutil/sfPolicy.c, sfutil/sfPolicy.h,
 6012       sfutil/sfPolicyData.h, sfutil/sfPolicyUserData.c,
 6013       sfutil/sfPolicyUserData.h, sfutil/sfksearch.c,
 6014       sfutil/sfksearch.h, sfutil/sfrf.c, sfutil/sfrf.h, sfutil/sfrt.c,
 6015       sfutil/sfrt.h, sfutil/sfthd.c, sfutil/sfthd.h,
 6016       sfutil/test/sfrf_test.c, sfutil/test/sfthd_test.c,
 6017       sfutil/test/unit_hacks.c, sfutil/test/unit_hacks.h,
 6018       target-based/sftarget_reader.c, target-based/sftarget_reader.h:
 6019       Add a control channel command that reloads the snort configuration.  If
 6020       a restart is needed, the command will return an error and the new
 6021       configuration will be freed.    Using this can replace the HUP signal,
 6022       which does not have a means of feedback to the user.
 6023 
 6024     * preproc_rules/preprocessor.rules, src/generators.h,
 6025       src/dynamic-preprocessors/imap/imap_log.c,
 6026       src/dynamic-preprocessors/imap/imap_log.h,
 6027       src/dynamic-preprocessors/pop/pop_log.c,
 6028       src/dynamic-preprocessors/pop/pop_log.h,
 6029       src/dynamic-preprocessors/smtp/smtp_log.c,
 6030       src/dynamic-preprocessors/smtp/smtp_log.h,
 6031       doc/README.imap, doc/README.pop:
 6032       Removed the decoding failure alert for bitencoded/non-encoded
 6033       attachments since it was invalid as we don't decoded these attachments. 
 6034 
 6035     * src/preprocessors/spp_frag3.c:
 6036       Continue to track fragments if rebuilt packet caused a drop.
 6037 
 6038     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6039       Fixed POST_SESSION_CLEANUP() macro to not log messages when Stream5
 6040       is configured with "prune_log_max 0".  Thanks to Gregory S Thomas
 6041       for pointing out the issue.
 6042 
 6043     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6044       Skip MAC address verification on packets being routed by a DAQ Module. 
 6045 
 6046     * src/: decode.c, parser.c:
 6047       Disallow rule-type decode rules with a sid that exceed
 6048       DECODE_INDEX_MAX. 
 6049 
 6050     * src/decode.c:
 6051       Fixed MPLS header length check. Credits to Jacob Baines for the
 6052       find.
 6053  
 6054     * src/fpdetect.c:
 6055       When decoding Teredo and the inner IPv6 doesn't have any payload,
 6056       reset do_detect_content to ensure content matches are checked when
 6057       evaluating rules against the outer IPv4 'payload'.  Thanks to Yun
 6058       Zheng Hu & L0rd Ch0de1m0rt for reporting the issue & crafting
 6059       traffic to reproduce. 
 6060 
 6061     * doc/snort_manual.tex:
 6062       Add reference 'msb' to the list of valid ones in the Snort manual. 
 6063 
 6064     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6065       flush and free application data on receipt of TCP RST in the
 6066       close-wait state
 6067 
 6068     * src/: snort.c, preprocessors/spp_stream5.c,
 6069       preprocessors/stream_api.h, preprocessors/stream_expect.c,
 6070       preprocessors/Stream5/snort_stream5_icmp.c,
 6071       preprocessors/Stream5/snort_stream5_ip.c,
 6072       preprocessors/Stream5/snort_stream5_session.c,
 6073       preprocessors/Stream5/snort_stream5_tcp.c,
 6074       preprocessors/Stream5/snort_stream5_tcp.h,
 6075       preprocessors/Stream5/snort_stream5_udp.c,
 6076       preprocessors/Stream5/snort_stream5_udp.h,
 6077       preprocessors/Stream5/stream5_common.c,
 6078       preprocessors/Stream5/stream5_common.h,
 6079       preprocessors/Stream5/stream5_ha.c,
 6080       preprocessors/Stream5/stream5_ha.h, side-channel/Makefile.am,
 6081       side-channel/dmq.c, side-channel/dmq.h, side-channel/rbmq.c,
 6082       side-channel/rbmq.h, side-channel/sidechannel.c,
 6083       side-channel/sidechannel_define.h,
 6084       configure.in:
 6085       Add the ability to share basic session state for Stream via a
 6086       side channel
 6087 
 6088     * src/: fpdetect.c, parser.c, snort.c, snort.h, util.c,
 6089       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 6090       dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 6091       dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 6092       preprocessors/Stream5/snort_stream5_tcp.c,
 6093       preprocessors/Stream5/stream5_paf.c:
 6094       Improve some processing performance for small packets
 6095 
 6096     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6097       fix alerts on packets with same src/dst ports
 6098       fix prior alert tracking to prevent redundant alerts
 6099       fix missing u2 packets.
 6100  
 6101     * src/dynamic-preprocessors/smtp/snort_smtp.c:
 6102       Copy remaining data to normalization buffer if already normalizing
 6103       and in AUTH state.
 6104  
 6105     * src/ppm.c:
 6106       Apply event filter support for PPM rules. 
 6107 
 6108     * src/: preprocessors/snort_httpinspect.c,
 6109       dynamic-preprocessors/dcerpc2/snort_dce2.c,
 6110       dynamic-plugins/sf_engine/sf_snort_packet.h,
 6111       detection-plugins/detection_options.c,
 6112       detection-plugins/detection_options.h, decode.h,
 6113       detection_util.c, encode.c, encode.h, fpdetect.c:
 6114       update the packet number check in detection to include
 6115       the rebuilt packet count.
 6116 
 6117     * doc/snort_manual.tex:
 6118       Update description for rawbytes rule option
 6119 
 6120     * src/sfutil/sfrt_flat.c:
 6121       correct return value for memory allocation failures
 6122 
 6123     * src/: file-process/file_mime_process.c,
 6124       dynamic-preprocessors/imap/snort_imap.c,
 6125       dynamic-preprocessors/pop/snort_pop.c,
 6126       dynamic-preprocessors/smtp/snort_smtp.c:
 6127       Check log_state in case of allocation failure
 6128 
 6129     * src/: file-process/file_mime_process.c,
 6130       dynamic-preprocessors/imap/snort_imap.c,
 6131       dynamic-preprocessors/smtp/snort_smtp.c,
 6132       dynamic-preprocessors/pop/snort_pop.c:
 6133       Processing each mime attachment after the boundary is found. 
 6134 
 6135     * doc/README.http_inspect, doc/faq.pdf, doc/snort_manual.pdf,
 6136       etc/gen-msg.map, preproc_rules/preprocessor.rules,
 6137       src/generators.h,
 6138       src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 6139       src/preprocessors/spp_stream5.c,
 6140       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 6141       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 6142       src/preprocessors/HttpInspect/utils/hi_paf.c,
 6143       src/preprocessors/Stream5/snort_stream5_tcp.c:
 6144       Correct handling of head responses
 6145       Flush extra line feeds with following PDUs (skipped over by http_inspect)
 6146       add profiling for PAF
 6147       Make PAF debug output more readable
 6148 
 6149     * src/: detect.c, detect.h, generators.h, snort.c, snort.h, util.c,
 6150       output-plugins/spo_log_tcpdump.c, preprocessors/perf-base.c,
 6151       preprocessors/perf-base.h:
 6152       Add a new column for total_alert_pkts to permonitor stats. 
 6153 
 6154     * src/preprocessors/: perf-base.c, perf.c:
 6155       Fix insolent file handling in perfmonitor. 
 6156 
 6157     * src/sfutil/sf_vartable.c:
 6158       Free allocation on failure. 
 6159 
 6160     * src/sfutil/sf_ipvar.c:
 6161       Refactor sfip_node_t list freeing; Free sfip_node_t list on
 6162       allocation failure. 
 6163 
 6164     * snort.8:
 6165       Update snort.8
 6166 
 6167     * src/: dynamic-preprocessors/ftptelnet/hi_util_kmap.c,
 6168       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 6169       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 6170       preprocessors/HttpInspect/utils/hi_util_kmap.c:
 6171       Check for NULL parameter pointer before copying into file name.
 6172       Alloc key node after checking for zero length.  Remove
 6173       unnecessary curr_ch NULL check. 
 6174 
 6175     * src/control/sfcontrol.c:
 6176       Fix error checks for CS_TYPE_MAX to be greater than or equal to.
 6177 
 6178     * src/dynamic-preprocessors/dcerpc2/: dce2_smb.c, dce2_smb.h:
 6179       Remove unneccessary NULL check of session pointer.  Fix set SMB
 6180       fingerprint functions to just set flag and not return anything. 
 6181 
 6182     * src/dynamic-preprocessors/sdf/sdf_us_ssn.c:
 6183       Closed file before returning on error.  NULL terminated string gotten
 6184       from fread() before passing to strtok_r.    Checked return value of
 6185       fseek(), ftell() and fread().  Added log messages for errors. 
 6186 
 6187     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6188       don't do PAF on midstream pickup sessions
 6189       do midstream pickup on SYN/ACK when packet is within require_3whs
 6190       grace period. 
 6191 
 6192     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6193       fix midstream pickup when server data is seen before client.  Thanks to
 6194       John Eure for reporting the issue. 
 6195 
 6196     * src/preprocessors/perf-flow.c:
 6197       Don't skip logging of flows with 0 packet count for flow-ip tracking. 
 6198 
 6199     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6200       fix multi-pdu per segment flushing
 6201 
 6202     * src/preprocessors/snort_httpinspect.c:
 6203       check http session tracker for file upload processing
 6204 
 6205     * src/: encode.c, preprocessors/snort_httpinspect.c,
 6206       preprocessors/spp_frag3.c,
 6207       preprocessors/Stream5/snort_stream5_tcp.c:
 6208       Adjust stream reassembly for a few edge cases
 6209  
 6210     * src/preprocessors/snort_httpinspect.c:
 6211       fix the parsing of max gzip mem
 6212 
 6213     * src/: snort.c, dynamic-output/plugins/output.h,
 6214       dynamic-output/plugins/output_base.c:
 6215       Print dynamic output modules with other plugins durring startup. 
 6216 
 6217     * doc/snort_manual.pdf, etc/gen-msg.map,
 6218       preproc_rules/decoder.rules, src/decode.c, src/decode.h,
 6219       src/encode.c, src/generators.h, src/sf_protocols.h:
 6220       Add decoding support for ERSpan type 2 and type 3 when ERSpan
 6221       is inside GRE. 
 6222 
 6223     * src/: snort.c, snort.h:
 6224       Add --pcap-reload Snort flag to reload between pcap runs. 
 6225 
 6226     * doc/README.daq, doc/faq.pdf, doc/snort_manual.pdf,
 6227       doc/snort_manual.tex, src/decode.h, src/fpdetect.c, src/snort.c,
 6228       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 6229       src/dynamic-preprocessors/imap/snort_imap.c,
 6230       src/dynamic-preprocessors/pop/snort_pop.c,
 6231       src/dynamic-preprocessors/smtp/smtp_util.c,
 6232       src/dynamic-preprocessors/smtp/snort_smtp.c,
 6233       src/file-process/file_mime_process.c,
 6234       src/output-plugins/spo_unified2.c,
 6235       src/preprocessors/snort_httpinspect.c,
 6236       src/preprocessors/snort_httpinspect.h,
 6237       src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 6238       src/preprocessors/Stream5/snort_stream5_tcp.c,
 6239       src/preprocessors/Stream5/snort_stream5_tcp.h:
 6240       Ensure logging of extra data captured after alert
 6241 
 6242     * src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c:
 6243       When a writer is in read mode, ensure the size is the shared memory
 6244       segment size.
 6245 
 6246     * src/file-process/: libs/file_lib.c, file_service.c:
 6247       Only display the file stats for types in the current configuration
 6248 
 6249     * src/: dynamic-preprocessors/ftptelnet/ftpp_si.h,
 6250       preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 6251       preprocessors/Stream5/snort_stream5_session.c,
 6252       control/sfcontrol.c:
 6253       Add a stream api function to return the session key given a session
 6254       pointer.  Expose the SessionKey structure to dynamic preprocessors. 
 6255       For ICMP "sessions", include ICMP type as an element in the key,
 6256       thereby making it a different "session" if the type varies.  Echo
 6257       replies are keyed the same as requests.
 6258 
 6259     * doc/snort_manual.pdf, doc/snort_manual.tex, src/parser.c,
 6260       src/parser.h, src/snort.c, src/snort.h, doc/README.reload:
 6261       Remove "config read_bin_file" documentation
 6262 
 6263     * src/: decode.c, decode.h, sfutil/sf_ip.h, sfutil/sf_iph.c,
 6264       preprocessors/perf-base.c,
 6265       dynamic-preprocessors/dcerpc2/snort_dce2.c,
 6266       dynamic-plugins/sf_engine/sf_snort_packet.h,
 6267       dynamic-preprocessors/sdf/spp_sdf.c:
 6268       Update IP6RawHdr structure and fix version extraction for little
 6269       endian machines.  Reduce size of sfip_t by 4 bytes. 
 6270 
 6271     * src/detection-plugins/sp_pattern_match.c:
 6272       Error if relative rule option used after fast pattern only. 
 6273 
 6274     * preproc_rules/decoder.rules, src/decode.c, src/generators.h:
 6275       Add decoder alert for IPv6 Routing Type 0 headers. 
 6276 
 6277     * src/encode.c:
 6278       Replace usage of ScAdapterInlineMode() with DAQ_GetInterfaceMode(). 
 6279 
 6280     * src/: rate_filter.h, dynamic-preprocessors/sdf/sdf_us_ssn.h,
 6281       dynamic-preprocessors/sdf/spp_sdf.h, sfutil/sfrt_flat_dir.h:
 6282       Cleanup recursive header inclusions. 
 6283 
 6284     * src/decode.h:
 6285       Fix macros for token ring header field extraction. 
 6286 
 6287     * src/dynamic-preprocessors/sdf/sdf_us_ssn.c:
 6288       Move SSN advertisement check before stricter validation. 
 6289 
 6290     * doc/: README.dcerpc2, snort_manual.pdf, snort_manual.tex:
 6291       Update dce_stub_data documentation. 
 6292 
 6293     * src/parser.c:
 6294       Cleanup function ValidateIPList().
 6295  
 6296     * src/dynamic-output/plugins/output_base.c:
 6297       Remove dead code path.
 6298 
 6299     * src/detection-plugins/sp_respond3.c:
 6300       FatalError if Resp3_Parse() is called with bad parameters. 
 6301 
 6302     * src/: snort_bounds.h, preprocessors/perf-base.c:
 6303       Add error recovery to the perfstats logging code.
 6304  
 6305     * src/output-plugins/: spo_alert_fast.c, spo_alert_full.c:
 6306       Add printing of GID:SID:Rev even if there is no msg in a rule. 
 6307 
 6308     * src/dynamic-preprocessors/: smtp/spp_smtp.c, pop/spp_pop.c,
 6309       imap/spp_imap.c:
 6310       Initialize file depth to all the configurations, not just the default.
 6311 
 6312     * configure.in, src/decode.h,
 6313       src/detection-plugins/sp_clientserver.c,
 6314       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 6315       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 6316       src/dynamic-preprocessors/dcerpc2/dce2_paf.c,
 6317       src/dynamic-preprocessors/dcerpc2/dce2_paf.h,
 6318       src/dynamic-preprocessors/dcerpc2/dce2_session.h,
 6319       src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
 6320       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 6321       src/dynamic-preprocessors/dnp3/dnp3_paf.c,
 6322       src/dynamic-preprocessors/dnp3/dnp3_paf.h,
 6323       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 6324       src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 6325       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 6326       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 6327       src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 6328       src/dynamic-preprocessors/modbus/modbus_paf.c,
 6329       src/dynamic-preprocessors/modbus/modbus_paf.h,
 6330       src/dynamic-preprocessors/modbus/spp_modbus.c,
 6331       src/file-process/file_mime_process.c,
 6332       src/preprocessors/snort_httpinspect.c,
 6333       src/preprocessors/spp_httpinspect.c,
 6334       src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 6335       src/preprocessors/HttpInspect/client/hi_client.c,
 6336       src/preprocessors/HttpInspect/include/hi_paf.h,
 6337       src/preprocessors/HttpInspect/mode_inspection/hi_mi.c,
 6338       src/preprocessors/HttpInspect/server/hi_server.c,
 6339       src/preprocessors/HttpInspect/utils/hi_paf.c,
 6340       src/preprocessors/Stream5/snort_stream5_tcp.c,
 6341       src/preprocessors/Stream5/snort_stream5_tcp.h,
 6342       src/preprocessors/Stream5/stream5_paf.c,
 6343       src/preprocessors/Stream5/stream5_paf.h:
 6344       Add support for PAF activation by service and hardened PAF (removed
 6345       --disable-paf from configure.in)
 6346 
 6347     * etc/gen-msg.map, src/decode.c, src/decode.h, src/generators.h,
 6348       preproc_rules/decoder.rules:
 6349       Support decoding of ICMPv6 Node Info Query and Node Info Response.
 6350       Added decoder event for invalid codes therein. 
 6351 
 6352     * src/preprocessors/: HttpInspect/mode_inspection/hi_mi.c,
 6353       HttpInspect/client/hi_client.c, HttpInspect/include/hi_client.h,
 6354       snort_httpinspect.h:
 6355       Log XFF data on raw packet when reassembly is turned off.
 6356 
 6357     * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
 6358       Refactor dead code path in DCE2_SmbTransactionGetName(). 
 6359 
 6360     * src/dynamic-preprocessors/ftptelnet/ftpp_ui_client_lookup.c:
 6361       Factor out dead code path in ftpp_ui_client_lookup_add().
 6362 
 6363     * src/preprocessors/spp_bo.c:
 6364       Remove redundant dereferences to array pointer.
 6365 
 6366     * src/sfutil/sfrf.c:
 6367       Factor out dead code path in SFRF_ConfigAdd(). 
 6368 
 6369     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6370       Factor out dead code path in Stream5ProcessTcp().
 6371  
 6372     * src/fpcreate.c:
 6373       Factor out dead code path in fpCreatePortObject2PortGroup(). 
 6374 
 6375     * src/dynamic-preprocessors/dcerpc2/dce2_roptions.c,
 6376       src/dynamic-preprocessors/dcerpc2/dce2_config.c:
 6377       Factor out dead code paths in DCE2 Preproc. 
 6378 
 6379     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
 6380       Factor out dead code paths in SetCursorInternal().
 6381  
 6382     * src/dynamic-preprocessors/sip/: sip_roptions.c, spp_sip.c,
 6383       spp_sip.h:
 6384       add user defined SIP method to parsing policy instead of running policy
 6385 
 6386     * src/preprocessors/HttpInspect/include/hi_eo_events.h,
 6387       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 6388       etc/gen-msg.map, src/generators.h,
 6389       preproc_rules/preprocessor.rules,
 6390       src/preprocessors/HttpInspect/client/hi_client.c:
 6391       Add preprocessor alert when snort sees unescaped space within the URI
 6392       Log IPs followed by portnum from the XFF header
 6393 
 6394     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6395       Remove unnecessary check for NULL on array type. 
 6396 
 6397     * src/preprocessors/spp_frag3.c:
 6398       Remove unnecessary check for NULL on array type. 
 6399 
 6400     * src/snort.c:
 6401       Remove unnecessary check for NULL on array type. 
 6402 
 6403     * tools/u2boat/u2boat.c:
 6404       Make sure ConvertRecord func pointer is valid before called. 
 6405 
 6406     * src/detection-plugins/sp_byte_extract.c:
 6407       Fix value check for byte extract "multiplier" arg. 
 6408 
 6409     * src/: util.c, util.h:
 6410       Remove dead functions from util.c
 6411 
 6412     * tools/u2spewfoo/u2spewfoo.c:
 6413       Check for error and prevent leaks with realloc in u2spewfoo.
 6414       Thanks to William Parker for reporting it.
 6415 
 6416     * src/: parser.c, dynamic-plugins/sf_dynamic_plugins.c,
 6417       dynamic-preprocessors/dcerpc2/dce2_config.c,
 6418       dynamic-preprocessors/dns/spp_dns.c:
 6419       Fix dead code paths
 6420 
 6421     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6422       Reset overlap count when 129:7 is triggered to avoid repeated false
 6423       positives
 6424 
 6425     * src/dynamic-preprocessors/smtp/: snort_smtp.c, snort_smtp.h:
 6426       Handle 535 response codes - authentication failed. 
 6427 
 6428     * doc/README.SMTP, doc/snort_manual.tex,
 6429       src/dynamic-preprocessors/smtp/smtp_config.c,
 6430       src/dynamic-preprocessors/smtp/smtp_config.h,
 6431       src/dynamic-preprocessors/smtp/snort_smtp.c,
 6432       src/dynamic-preprocessors/smtp/snort_smtp.h:
 6433       Added new configuration options "data_cmds", "binary_data_cmds" and
 6434       "auth_cmds" to the smtp preprocessor.
 6435 
 6436     * doc/README.reload, doc/snort_manual.tex, src/snort.c,
 6437       src/preprocessors/perf-base.c, src/preprocessors/perf-base.h,
 6438       src/preprocessors/perf-flow.c, src/preprocessors/perf-flow.h,
 6439       src/preprocessors/perf.c, src/preprocessors/perf.h,
 6440       src/preprocessors/spp_perfmonitor.c,
 6441       src/preprocessors/Stream5/snort_stream5_tcp.c:
 6442       Added "flow-file" configuration option and optional arguments
 6443       to "atexitonly" for perfmonitor preprocessor.
 6444  
 6445     * src/: detection-plugins/sp_pattern_match.c,
 6446       dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 6447       Adjust detection option pointer and distance for content matches
 6448       with negative distances that put pointer before start of buffer. 
 6449 
 6450     * src/preprocessors/HttpInspect/session_inspection/hi_si.c:
 6451       Ensure all request and response fields are reset
 6452  
 6453     * src/generators.h, preproc_rules/preprocessor.rules,
 6454       src/preprocessors/spp_frag3.c:
 6455       Remove dead preprocessor alerts from Frag3, GIDs 123:9, 123:10
 6456       that are covered by 116:458. 
 6457 
 6458     * src/: dynamic-preprocessors/ftptelnet/ftpp_si.c,
 6459       dynamic-preprocessors/ftptelnet/ftpp_si.h,
 6460       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 6461       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 6462       dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 6463       dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 6464       preprocessors/stream_api.h,
 6465       preprocessors/Stream5/snort_stream5_tcp.c:
 6466       Set reassembly on ftp-data for file processing and file_data ptr
 6467       for ftp-data channel.
 6468 
 6469     * src/: decode.c, decode.h, encode.c, sf_protocols.h, snort.c:
 6470       Whitelist encrypted ESP tunnels if decoding ESP traffic. 
 6471 
 6472     * src/detection-plugins/sp_react.c:
 6473       Fix issue where react action was lost when Snort reloads. 
 6474 
 6475     * src/dynamic-preprocessors/: imap/snort_imap.c, imap/spp_imap.c,
 6476       smtp/snort_smtp.c, smtp/spp_smtp.c, pop/snort_pop.c,
 6477       pop/spp_pop.c:
 6478       Enforce target based config setting for file processing.
 6479 
 6480     * src/file-process/file_mime_process.c:
 6481       Make sure signature context is created at any file position. 
 6482 
 6483     * src/dynamic-preprocessors/: pop/snort_pop.c, pop/snort_pop.h,
 6484       smtp/snort_smtp.c, smtp/snort_smtp.h:
 6485       Using boundary to check end of file
 6486 
 6487     * src/: decode.h, dynamic-plugins/sf_engine/sf_snort_packet.h,
 6488       output-plugins/spo_unified2.c, preprocessors/spp_sfportscan.c:
 6489       Update portscan unified2 events to log type of portscan in
 6490       protocol field instead of 0xFF.
 6491  
 6492     * doc/: README.asn1, snort_manual.pdf, snort_manual.tex:
 6493       Update asn1 rule option documentation to remove reference to
 6494       byte_test updating relative pointer.  Thanks to Brandon Castel
 6495       for bringing this to our attention. 
 6496 
 6497     * src/: file-process/file_mime_process.c,
 6498       file-process/file_mime_process.h,
 6499       preprocessors/HttpInspect/client/hi_client.c,
 6500       file-process/Makefile.am, file-process/file_api.h,
 6501       file-process/file_mime_config.c, file-process/file_mime_config.h,
 6502       file-process/file_resume_block.c,
 6503       file-process/file_resume_block.h, file-process/file_service.c,
 6504       file-process/file_service.h, file-process/file_service_config.c,
 6505       preprocessors/snort_httpinspect.c,
 6506       preprocessors/snort_httpinspect.h,
 6507       preprocessors/spp_httpinspect.c,
 6508       preprocessors/HttpInspect/include/hi_client.h,
 6509       preprocessors/HttpInspect/include/hi_ui_config.h,
 6510       dynamic-preprocessors/imap/spp_imap.c,
 6511       file-process/libs/file_config.c, file-process/libs/file_config.h,
 6512       sfutil/sf_email_attach_decode.c, snort.c:
 6513       Add support for http file upload. 
 6514 
 6515     * doc/: PROBLEMS, README.WIN32, README.daq, faq.tex,
 6516       snort_manual.tex:
 6517       Update READMEs and FAQ and Snort Manual to standardize the format of
 6518       references to libpcap.  Also update location of winpcap.  Thanks to
 6519       Joshua Kinard and Bryan Jones for pointing out the discrepancies. 
 6520 
 6521     * src/preprocessors/spp_sfportscan.c:
 6522       Fix portscan to only prep a pseudo-packet if actually generating an alert
 6523 
 6524     * src/file-process/: file_api.h, file_service.c:
 6525       Add packet to file api calls to determine if the session is inline. 
 6526 
 6527     * src/dynamic-preprocessors/sip/sip_config.c:
 6528       Fatal error during SIP preprocessor configuration
 6529       if a standard or user defined method cannot be allocated. 
 6530 
 6531     * src/: file-process/file_resume_block.c,
 6532       file-process/file_service.c, file-process/file_service.h,
 6533       snort.c:
 6534       Move file resume cache clean to restart or snort exit
 6535 
 6536     * src/file-process/: file_api.h, file_resume_block.c:
 6537       File API change to support logging file resume blocking.
 6538 
 6539     * src/: preprocessors/Stream5/snort_stream5_tcp.c,
 6540       file-process/Makefile.am, file-process/file_api.h,
 6541       file-process/file_mime_process.c,
 6542       file-process/file_mime_process.h,
 6543       file-process/file_resume_block.c,
 6544       file-process/file_resume_block.h, file-process/file_service.c,
 6545       file-process/file_service_config.c,
 6546       dynamic-preprocessors/pop/pop_config.c,
 6547       dynamic-preprocessors/pop/pop_config.h,
 6548       dynamic-preprocessors/pop/snort_pop.c,
 6549       dynamic-preprocessors/pop/snort_pop.h,
 6550       dynamic-preprocessors/pop/spp_pop.c,
 6551       dynamic-preprocessors/smtp/smtp_config.c,
 6552       dynamic-preprocessors/smtp/smtp_config.h,
 6553       dynamic-preprocessors/smtp/smtp_util.c,
 6554       dynamic-preprocessors/smtp/smtp_util.h,
 6555       dynamic-preprocessors/smtp/snort_smtp.c,
 6556       dynamic-preprocessors/smtp/snort_smtp.h,
 6557       dynamic-preprocessors/smtp/spp_smtp.c,
 6558       dynamic-preprocessors/imap/imap_config.c,
 6559       dynamic-preprocessors/imap/imap_config.h,
 6560       dynamic-preprocessors/imap/snort_imap.c,
 6561       dynamic-preprocessors/imap/snort_imap.h,
 6562       dynamic-preprocessors/imap/spp_imap.c, util.c, util.h,
 6563       file-process/libs/file_config.c, file-process/libs/file_config.h,
 6564       file-process/libs/file_lib.h,
 6565       dynamic-plugins/sf_dynamic_plugins.c,
 6566       dynamic-plugins/sf_dynamic_preprocessor.h:
 6567       File blocking, http resume blocking, file statistics, and file name
 6568       support for pop, imap. 
 6569 
 6570     * src/output-plugins/spo_alert_unixsock.c:
 6571       Update to use memset and memmove instead of bzero/bcopy.    Thanks to
 6572       Bill Parker for the suggestion. 
 6573 
 6574     * doc/: README.dcerpc2, snort_manual.pdf, snort_manual.tex:
 6575       Update dcerpc2 preprocessor documentation to remove -1 as a default
 6576       and valid value to max_frag_len. 
 6577 
 6578     * src/preprocessors/spp_perfmonitor.c:
 6579       Make sure perfmonitor evaluation function is added to each policy's
 6580       preprocessor evaluation list. 
 6581 
 6582     * configure.in, doc/INSTALL, doc/README.reputation,
 6583       doc/snort_manual.pdf, doc/snort_manual.tex, src/fpcreate.c,
 6584       src/fpcreate.h, src/parser.c, src/parser.h,
 6585       src/rule_option_types.h, src/snort.c, src/snort.h,
 6586       src/detection-plugins/detection_options.c,
 6587       src/dynamic-examples/Makefile.am, src/dynamic-output/Makefile.am,
 6588       src/dynamic-output/libs/Makefile.am,
 6589       src/dynamic-plugins/sf_convert_dynamic.c,
 6590       src/dynamic-plugins/sf_dynamic_plugins.c,
 6591       src/dynamic-plugins/sp_dynamic.c,
 6592       src/dynamic-plugins/sp_preprocopt.c,
 6593       src/dynamic-preprocessors/Makefile.am,
 6594       src/dynamic-preprocessors/dcerpc2/sf_dce2.dsp,
 6595       src/dynamic-preprocessors/dnp3/sf_dnp3.dsp,
 6596       src/dynamic-preprocessors/dns/sf_dns.dsp,
 6597       src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.dsp,
 6598       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 6599       src/dynamic-preprocessors/gtp/sf_gtp.dsp,
 6600       src/dynamic-preprocessors/imap/sf_imap.dsp,
 6601       src/dynamic-preprocessors/isakmp/sf_isakmp.dsp,
 6602       src/dynamic-preprocessors/libs/Makefile.am,
 6603       src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.dsp,
 6604       src/dynamic-preprocessors/modbus/sf_modbus.dsp,
 6605       src/dynamic-preprocessors/pop/sf_pop.dsp,
 6606       src/dynamic-preprocessors/reputation/sf_reputation.dsp,
 6607       src/dynamic-preprocessors/sdf/sf_sdf.dsp,
 6608       src/dynamic-preprocessors/sip/sf_sip.dsp,
 6609       src/dynamic-preprocessors/smtp/sf_smtp.dsp,
 6610       src/dynamic-preprocessors/ssh/sf_ssh.dsp,
 6611       src/dynamic-preprocessors/ssl/sf_ssl.dsp,
 6612       src/preprocessors/spp_httpinspect.c,
 6613       src/preprocessors/Stream5/snort_stream5_tcp.c,
 6614       src/preprocessors/Stream5/stream5_common.c,
 6615       src/win32/WIN32-Prj/sf_engine.dsp,
 6616       src/win32/WIN32-Prj/sf_testdetect.dsp,
 6617       src/win32/WIN32-Prj/snort.dsp:
 6618       Removed --disable-dynamicplugin configure option and hardened
 6619       dynamic plugin code. 
 6620 
 6621     * src/: dynamic-plugins/sf_engine/sf_snort_packet.h,
 6622       dynamic-preprocessors/ftptelnet/ftpp_si.c,
 6623       dynamic-preprocessors/ftptelnet/ftpp_si.h,
 6624       dynamic-preprocessors/ftptelnet/ftpp_ui_config.h,
 6625       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 6626       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 6627       preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 6628       preprocessors/Stream5/snort_stream5_tcp.c:
 6629       File processing for ftp-data channel.
 6630 
 6631     * src/dynamic-preprocessors/dcerpc2/: dce2_smb.c, dce2_smb.h:
 6632       Remove NetBIOS session state. 
 6633 
 6634     * src/: plugbase.c, output-plugins/Makefile.am,
 6635       output-plugins/spo_unified.c, output-plugins/spo_unified.h:
 6636       Remove deprecated unified support.  Same functionality is
 6637       supported with unified2. 
 6638 
 6639     * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
 6640       Correct setting FID in reassembled packets on big endian systems. 
 6641 
 6642     * doc/INSTALL, doc/snort_manual.pdf, doc/snort_manual.tex,
 6643       src/output-plugins/spo_alert_unixsock.c:
 6644       Update alert_unixsock output plugin and documentation for use on FreeBSD.
 6645 
 6646     * src/: decode.c, decode.h:
 6647       Add RFC 5925 (The TCP Authentication Option) option as a valid TCP
 6648       option and tag RFC 2385 (Protection of BGP Sessions via the TCP MD5
 6649       Signature Option) option as obsolete. 
 6650 
 6651     * rpm/snort.spec, doc/snort_manual.tex,
 6652       src/win32/WIN32-Prj/snort_installer.nsi,
 6653       src/win32/WIN32-Includes/config.h:
 6654       Set version to 2.9.5
 6655 
 6656 2013-04-18 Steven Sturges <ssturges@sourcefire.com>
 6657 Snort 2.9.4.6
 6658     * src/build.h:
 6659       updating build number to 73
 6660 
 6661     * doc/README.counts, doc/snort_manual.pdf, doc/snort_manual.tex,
 6662       src/decode.c, src/parser.c, src/snort.h:
 6663       Added config tunnel_verdicts and tunnel bypass for whitelist and
 6664       blacklist verdicts for 6in4 or 4in6 encapsulated traffic.
 6665 
 6666     * src/preprocessors/spp_frag3.c:
 6667       Don't update IP options length and count in frag3 after allocating
 6668       option buffer when receiving duplicate 0 offset fragments with IP
 6669       options.
 6670 
 6671 2013-03-20 Steven Sturges <ssturges@sourcefire.com>
 6672 Snort 2.9.4.5
 6673     * src/build.h:
 6674       updating build number to 71
 6675 
 6676     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6677       prevent pruning when dup'ing a seglist node to avoid broken
 6678       flushed packets
 6679 
 6680     * src/detection-plugins/detection_options.c:
 6681       recursively search patterns within the HTTP uri
 6682       buffers until the buffer ends.
 6683 
 6684     * src/preprocessors/HttpInspect/: client/hi_client.c,
 6685       client/hi_client_norm.c, include/hi_client.h:
 6686       Remove proxy information from the normalized URI buffer.  Thanks
 6687       to L0rd Ch0de1m0rt for reporting the issue.
 6688 
 6689     * src/: control/sfcontrol.c, preprocessors/Stream5/snort_stream5_tcp.c:
 6690       fix logging of unified2 packet data when alerting on a packet containing
 6691       multiple HTTP PDUs
 6692 
 6693 2013-02-19 Bhagyashree Bantwal <bbantwal@sourcefire.com>
 6694 Snort 2.9.4.1
 6695     * src/build.h: updating build number to 69
 6696 
 6697     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 6698       Only check for TCP Window Slam on client packets.
 6699 
 6700     * src/: control/sfcontrol.c, control/sfcontrol.h,
 6701       preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 6702       preprocessors/Stream5/snort_stream5_session.c,
 6703       preprocessors/Stream5/stream5_common.h
 6704       Add a stream API function to return a session key given a session.
 6705       Expose the session key
 6706 
 6707     * src/target-based/sftarget_reader.c:
 6708       Change routing table layout for ip6 attribute lookups to
 6709       be more space efficient
 6710 
 6711     * src/preprocessors/spp_frag3.c:
 6712       Forcibly drop excessive overlaps
 6713 
 6714     * src/preprocessors/spp_frag3.c:
 6715       Propagate address_space_id from raw packet to frag3
 6716           rebuilt packet DAQ header
 6717 
 6718     * src/: encode.c, encode.h,
 6719       preprocessors/Stream5/snort_stream5_tcp.c:
 6720       Update packet encoding to propagate the address_space_id in DAQ header
 6721 
 6722     * configure.in, src/decode.c:
 6723       Define NO_NON_ETHER_DECODER by default in Snort builds. Add
 6724       --enable-non-ether-decoders as a configure flag.
 6725 
 6726     * src/dynamic-preprocessors/: pop/snort_pop.c, pop/snort_pop.h,
 6727       smtp/snort_smtp.c, smtp/snort_smtp.h:
 6728       Use MIME boundary for end of file indication even for the last file
 6729 
 6730     * src/dynamic-preprocessors/reputation/spp_reputation.c:
 6731       only inspect ingress zone for passive interface.
 6732 
 6733     * doc/README.reputation:
 6734     * src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c:
 6735       When a writer is in read mode, the size should be the shared
 6736           memory segment size.
 6737 
 6738     * src/: control/sfcontrol.c, control/sfcontrol.h,
 6739       dynamic-preprocessors/reputation/spp_reputation.c:
 6740       Only decode outer header in main control section. Payload is handled by the handler.
 6741 
 6742     * src/dynamic-preprocessors/reputation/: spp_reputation.c
 6743       shmem/shmem_mgmt.c:
 6744       update share memory for snort readers that are idle.
 6745 
 6746     * src/parser.c:
 6747       make sure otn is different from original and and that option functions weren't
 6748       already freed before freeing the dup list.
 6749 
 6750     * src/dynamic-preprocessors/: smtp/spp_smtp.c, imap/spp_imap.c,
 6751       pop/spp_pop.c:
 6752       Initialize file depth to all the policies, not just default
 6753       policy
 6754 
 6755     * src/dynamic-preprocessors/: pop/spp_pop.c, smtp/snort_smtp.c,
 6756       imap/spp_imap.c:
 6757       check whether mime decoding is disabled before allocating memory.
 6758 
 6759     * doc/: snort_manual.pdf, snort_manual.tex:
 6760       changed doc default to 10 max_attribute_services_per_host.
 6761 
 6762     * src/: parser.c, parser.h, snort.c, snort.h,
 6763       preprocessors/spp_frag3.c,
 6764       preprocessors/Stream5/snort_stream5_tcp.c,
 6765       target-based/sftarget_hostentry.c,
 6766       target-based/sftarget_reader.c, target-based/sftarget_reader.h:
 6767       remove unused AttributeData and change attribute table to use uints instead of
 6768       AttributeData to reduce host/service from 5208/5192 to 80/16
 6769       bytes respectively.  Add config max_attribute_services_per_host
 6770       to change from default of 10.  Unused AttributeData includes
 6771       operating system, vendor, and version for host and application
 6772       and version for service.  Note that the data is still parsed from
 6773       hosts.xml but not actually stored in memory.    Also tweak some
 6774       stream5 debug code that threw warnings.
 6775 
 6776     * src/: file-process/file_service.c,
 6777       preprocessors/snort_httpinspect.c:
 6778       avoid processing partial HTTP content.
 6779 
 6780     * src/: encode.c, encode.h,
 6781       preprocessors/Stream5/snort_stream5_tcp.c:
 6782       Make sure daq supports zones and interfaces in the daq header.
 6783 
 6784     * src/: encode.c, encode.h,
 6785       preprocessors/Stream5/snort_stream5_tcp.c:
 6786       Maintain ingress and egress interfaces and zones and daq flags
 6787       in the tcp session to be used to populate reassembled packets correctly.
 6788 
 6789 2012-10-30 Steven Sturges <ssturges@sourcefire.com>
 6790 Snort 2.9.4
 6791     * src/build.h:
 6792       updating build number to 37
 6793 
 6794     * doc/README.counts, doc/snort_manual.tex, doc/snort_manual.pdf,
 6795       src/active.c, src/active.h, src/decode.c, src/parser.c,
 6796       src/parser.h, src/snort.c, src/snort.h, src/util.c:
 6797       added config tunnel_verdicts and tunnel bypass for whitelist and
 6798       blacklist verdicts for gtp or teredo encapsulated traffic.
 6799 
 6800     * src/dynamic-preprocessors/smtp/: snort_smtp.c, snort_smtp.h:
 6801       Handle MS Exchange X-EXPS and XEXCH50 commands in the SMTP
 6802       preprocessor.
 6803 
 6804 2012-10-16 Steven Sturges <ssturges@sourcefire.com>
 6805 Snort 2.9.4 RC
 6806     * src/build.h:
 6807       updating build number to 35
 6808 
 6809     * src/file-process/libs/: file_identifier.c, file_identifier.h
 6810       Fixed one issue when inserting a file magic in between another
 6811       file magic. In addition, avoid cloning nodes which are not used
 6812       by other node.  This improves memory assuage (from 10M down to
 6813       4M)
 6814 
 6815     * src/: detect.c, plugbase.c, plugbase.h, snort.c, snort.h,
 6816       dynamic-plugins/sf_dynamic_plugins.c,
 6817       dynamic-plugins/sf_dynamic_preprocessor.h
 6818       Added 2 new dpd functions. One turns off detection, the other
 6819       re-enables a given preprocessor. After the preprocessors are
 6820       configured, the preprocessor list is filtered if detection is
 6821       off.
 6822 
 6823     * src/active.c :
 6824       allow TCP RST response to segments w/o data
 6825 
 6826     * src/dynamic-plugins/sf_engine/: sf_snort_detection_engine.c,
 6827       sf_snort_plugin_api.c, sf_snort_plugin_api.h,
 6828       sf_snort_plugin_byte.c, sf_snort_plugin_content.c,
 6829       sf_snort_plugin_hdropts.c, sf_snort_plugin_pcre.c
 6830       Changed logic of option evaluations for SO rules that use a custom
 6831       evaluation function to match that of the SO rule builtin logic
 6832       when the NOT_FLAG is used.
 6833 
 6834     * src/detection-plugins/: sp_flowbits.c, sp_flowbits.h
 6835       Use appropriate interger types and comparisons.
 6836 
 6837     * src/preprocessors/HttpInspect/: client/hi_client.c,
 6838       server/hi_server.c
 6839       fix win32 warnings
 6840 
 6841     * src/: active.c, fpdetect.c, preprocessors/spp_stream5.c
 6842       don't enable active response unless configured
 6843 
 6844     * src/: dynamic-plugins/sf_engine/sf_snort_packet.h,
 6845       preprocessors/spp_stream5.c, file-process/file_service.c,
 6846       decode.h
 6847       avoid logging incorrect file name/file size when multiple files
 6848       within one packet.
 6849 
 6850     * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
 6851       Fix Win32 build warnings.
 6852 
 6853 2012-09-20 Steven Sturges <ssturges@sourcefire.com>
 6854 Snort 2.9.4 Beta
 6855     * configure.in, doc/snort_manual.pdf, src/parser.c, src/parser.h,
 6856       src/sfdaq.h, src/snort.h,
 6857       src/dynamic-preprocessors/sip/sip_dialog.c,
 6858       src/preprocessors/spp_frag3.c, src/preprocessors/spp_stream5.c,
 6859       src/preprocessors/stream_api.h,
 6860       src/preprocessors/Stream5/snort_stream5_session.c,
 6861       src/preprocessors/Stream5/snort_stream5_session.h,
 6862       src/preprocessors/Stream5/stream5_common.h:
 6863       Add use of address_space_id in stream & frag hash keys when DAQ
 6864       provides it.
 6865 
 6866     * src/: dynamic-preprocessors/imap/snort_imap.c,
 6867       dynamic-preprocessors/pop/snort_pop.c,
 6868       dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 6869       dynamic-preprocessors/smtp/snort_smtp.c,
 6870       preprocessors/snort_httpinspect.c,
 6871       preprocessors/Stream5/snort_stream5_tcp.c,
 6872       sfutil/sf_email_attach_decode.h,
 6873       win32/WIN32-Prj/sf_testdetect.dsp, win32/WIN32-Prj/snort.dsp,
 6874       win32/WIN32-Prj/snort.dsw:
 6875       Fix a few Win32 warnings.
 6876 
 6877     * src/preprocessors/Stream5/snort_stream5_tcp.c
 6878       ensure that the LWS policy matches that of the server (instead of
 6879       the dest)
 6880 
 6881     * COPYING, LICENSE, contrib/snortpp.c, doc/README, src/active.h,
 6882       src/byte_extract.c, src/byte_extract.h, src/checksum.h,
 6883       src/cpuclock.h, src/debug.c, src/decode.h, src/detect.c,
 6884       src/detect.h, src/detection_filter.c, src/detection_filter.h,
 6885       src/detection_util.c, src/detection_util.h, src/encode.c,
 6886       src/encode.h, src/event.h, src/event_queue.c, src/event_queue.h,
 6887       src/event_wrapper.c, src/event_wrapper.h, src/fpcreate.c,
 6888       src/fpcreate.h, src/fpdetect.c, src/fpdetect.h, src/generators.h,
 6889       src/idle_processing.c, src/idle_processing.h,
 6890       src/idle_processing_funcs.h, src/ipv6_port.h, src/log.c,
 6891       src/log.h, src/log_text.c, src/log_text.h, src/mempool.c,
 6892       src/mempool.h, src/mstring.c, src/mstring.h, src/obfuscation.c,
 6893       src/obfuscation.h, src/packet_time.c, src/packet_time.h,
 6894       src/parser.c, src/parser.h, src/pcap_pkthdr32.h, src/pcrm.c,
 6895       src/pcrm.h, src/plugbase.c, src/plugbase.h, src/plugin_enum.h,
 6896       src/ppm.c, src/ppm.h, src/preprocids.h, src/profiler.c,
 6897       src/profiler.h, src/rate_filter.c, src/rate_filter.h,
 6898       src/rule_option_types.h, src/rules.h, src/sf_protocols.h,
 6899       src/sf_sdlist.c, src/sf_sdlist.h, src/sf_sdlist_types.h,
 6900       src/sf_types.h, src/sfdaq.c, src/sfdaq.h, src/sfthreshold.c,
 6901       src/sfthreshold.h, src/signature.c, src/signature.h, src/snort.c,
 6902       src/snort.h, src/snort_bounds.h, src/snort_debug.h,
 6903       src/snprintf.c, src/snprintf.h, src/spo_plugbase.h,
 6904       src/strlcatu.h, src/strlcpyu.h, src/tag.c, src/tag.h,
 6905       src/treenodes.h, src/util.c, src/util.h, src/control/sfcontrol.c,
 6906       src/control/sfcontrol.h, src/control/sfcontrol_funcs.h,
 6907       src/detection-plugins/detection_options.h,
 6908       src/detection-plugins/sp_asn1.c, src/detection-plugins/sp_asn1.h,
 6909       src/detection-plugins/sp_asn1_detect.c,
 6910       src/detection-plugins/sp_asn1_detect.h,
 6911       src/detection-plugins/sp_base64_data.c,
 6912       src/detection-plugins/sp_base64_data.h,
 6913       src/detection-plugins/sp_base64_decode.c,
 6914       src/detection-plugins/sp_base64_decode.h,
 6915       src/detection-plugins/sp_byte_check.h,
 6916       src/detection-plugins/sp_byte_extract.h,
 6917       src/detection-plugins/sp_byte_jump.h,
 6918       src/detection-plugins/sp_clientserver.c,
 6919       src/detection-plugins/sp_clientserver.h,
 6920       src/detection-plugins/sp_cvs.c, src/detection-plugins/sp_cvs.h,
 6921       src/detection-plugins/sp_dsize_check.c,
 6922       src/detection-plugins/sp_dsize_check.h,
 6923       src/detection-plugins/sp_file_data.c,
 6924       src/detection-plugins/sp_file_data.h,
 6925       src/detection-plugins/sp_flowbits.c,
 6926       src/detection-plugins/sp_flowbits.h,
 6927       src/detection-plugins/sp_ftpbounce.c,
 6928       src/detection-plugins/sp_ftpbounce.h,
 6929       src/detection-plugins/sp_hdr_opt_wrap.c,
 6930       src/detection-plugins/sp_hdr_opt_wrap.h,
 6931       src/detection-plugins/sp_icmp_code_check.c,
 6932       src/detection-plugins/sp_icmp_code_check.h,
 6933       src/detection-plugins/sp_icmp_id_check.c,
 6934       src/detection-plugins/sp_icmp_id_check.h,
 6935       src/detection-plugins/sp_icmp_seq_check.c,
 6936       src/detection-plugins/sp_icmp_seq_check.h,
 6937       src/detection-plugins/sp_icmp_type_check.c,
 6938       src/detection-plugins/sp_icmp_type_check.h,
 6939       src/detection-plugins/sp_ip_fragbits.c,
 6940       src/detection-plugins/sp_ip_fragbits.h,
 6941       src/detection-plugins/sp_ip_id_check.c,
 6942       src/detection-plugins/sp_ip_id_check.h,
 6943       src/detection-plugins/sp_ip_proto.c,
 6944       src/detection-plugins/sp_ip_proto.h,
 6945       src/detection-plugins/sp_ip_same_check.c,
 6946       src/detection-plugins/sp_ip_same_check.h,
 6947       src/detection-plugins/sp_ip_tos_check.c,
 6948       src/detection-plugins/sp_ip_tos_check.h,
 6949       src/detection-plugins/sp_ipoption_check.c,
 6950       src/detection-plugins/sp_ipoption_check.h,
 6951       src/detection-plugins/sp_isdataat.c,
 6952       src/detection-plugins/sp_isdataat.h,
 6953       src/detection-plugins/sp_pattern_match.c,
 6954       src/detection-plugins/sp_pattern_match.h,
 6955       src/detection-plugins/sp_pcre.h,
 6956       src/detection-plugins/sp_pkt_data.c,
 6957       src/detection-plugins/sp_pkt_data.h,
 6958       src/detection-plugins/sp_react.c,
 6959       src/detection-plugins/sp_react.h,
 6960       src/detection-plugins/sp_replace.c,
 6961       src/detection-plugins/sp_replace.h,
 6962       src/detection-plugins/sp_respond.h,
 6963       src/detection-plugins/sp_respond3.c,
 6964       src/detection-plugins/sp_rpc_check.c,
 6965       src/detection-plugins/sp_rpc_check.h,
 6966       src/detection-plugins/sp_session.c,
 6967       src/detection-plugins/sp_session.h,
 6968       src/detection-plugins/sp_tcp_ack_check.c,
 6969       src/detection-plugins/sp_tcp_ack_check.h,
 6970       src/detection-plugins/sp_tcp_flag_check.c,
 6971       src/detection-plugins/sp_tcp_flag_check.h,
 6972       src/detection-plugins/sp_tcp_seq_check.c,
 6973       src/detection-plugins/sp_tcp_seq_check.h,
 6974       src/detection-plugins/sp_tcp_win_check.c,
 6975       src/detection-plugins/sp_tcp_win_check.h,
 6976       src/detection-plugins/sp_ttl_check.c,
 6977       src/detection-plugins/sp_ttl_check.h,
 6978       src/detection-plugins/sp_urilen_check.c,
 6979       src/detection-plugins/sp_urilen_check.h,
 6980       src/dynamic-examples/dynamic-preprocessor/sf_preproc_info.h,
 6981       src/dynamic-examples/dynamic-preprocessor/spp_example.c,
 6982       src/dynamic-examples/dynamic-rule/detection_lib_meta.h,
 6983       src/dynamic-examples/dynamic-rule/rules.c,
 6984       src/dynamic-examples/dynamic-rule/sid109.c,
 6985       src/dynamic-examples/dynamic-rule/sid637.c,
 6986       src/dynamic-output/libs/output_lib.c,
 6987       src/dynamic-output/plugins/output.h,
 6988       src/dynamic-output/plugins/output_api.h,
 6989       src/dynamic-output/plugins/output_base.c,
 6990       src/dynamic-output/plugins/output_common.h,
 6991       src/dynamic-output/plugins/output_lib.h,
 6992       src/dynamic-output/plugins/output_plugin.c,
 6993       src/dynamic-plugins/sf_convert_dynamic.h,
 6994       src/dynamic-plugins/sf_dynamic_common.h,
 6995       src/dynamic-plugins/sf_dynamic_define.h,
 6996       src/dynamic-plugins/sf_dynamic_detection.h,
 6997       src/dynamic-plugins/sf_dynamic_engine.h,
 6998       src/dynamic-plugins/sf_dynamic_meta.h,
 6999       src/dynamic-plugins/sp_dynamic.h,
 7000       src/dynamic-plugins/sp_preprocopt.h,
 7001       src/dynamic-plugins/sf_engine/bmh.c,
 7002       src/dynamic-plugins/sf_engine/bmh.h,
 7003       src/dynamic-plugins/sf_engine/sf_decompression.c,
 7004       src/dynamic-plugins/sf_engine/sf_decompression.h,
 7005       src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 7006       src/dynamic-plugins/sf_engine/sf_snort_detection_engine.h,
 7007       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 7008       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 7009       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 7010       src/dynamic-plugins/sf_engine/sf_snort_plugin_byte.c,
 7011       src/dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 7012       src/dynamic-plugins/sf_engine/sf_snort_plugin_hdropts.c,
 7013       src/dynamic-plugins/sf_engine/sf_snort_plugin_loop.c,
 7014       src/dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 7015       src/dynamic-plugins/sf_engine/sf_snort_plugin_rc4.c,
 7016       src/dynamic-plugins/sf_engine/examples/sfsnort_dynamic_detection_lib.c,
 7017       src/dynamic-plugins/sf_engine/examples/sfsnort_dynamic_detection_lib.h,
 7018       src/dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.c,
 7019       src/dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.h,
 7020       src/dynamic-plugins/sf_preproc_example/sf_preproc_info.h,
 7021       src/dynamic-plugins/sf_preproc_example/spp_nfs_setup.c,
 7022       src/dynamic-plugins/sf_preproc_example/spp_nfs_setup.h,
 7023       src/dynamic-preprocessors/dcerpc2/dce2_cl.c,
 7024       src/dynamic-preprocessors/dcerpc2/dce2_cl.h,
 7025       src/dynamic-preprocessors/dcerpc2/dce2_co.c,
 7026       src/dynamic-preprocessors/dcerpc2/dce2_co.h,
 7027       src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 7028       src/dynamic-preprocessors/dcerpc2/dce2_config.h,
 7029       src/dynamic-preprocessors/dcerpc2/dce2_debug.c,
 7030       src/dynamic-preprocessors/dcerpc2/dce2_debug.h,
 7031       src/dynamic-preprocessors/dcerpc2/dce2_event.c,
 7032       src/dynamic-preprocessors/dcerpc2/dce2_event.h,
 7033       src/dynamic-preprocessors/dcerpc2/dce2_http.c,
 7034       src/dynamic-preprocessors/dcerpc2/dce2_http.h,
 7035       src/dynamic-preprocessors/dcerpc2/dce2_list.c,
 7036       src/dynamic-preprocessors/dcerpc2/dce2_list.h,
 7037       src/dynamic-preprocessors/dcerpc2/dce2_memory.c,
 7038       src/dynamic-preprocessors/dcerpc2/dce2_memory.h,
 7039       src/dynamic-preprocessors/dcerpc2/dce2_paf.c,
 7040       src/dynamic-preprocessors/dcerpc2/dce2_paf.h,
 7041       src/dynamic-preprocessors/dcerpc2/dce2_roptions.c,
 7042       src/dynamic-preprocessors/dcerpc2/dce2_roptions.h,
 7043       src/dynamic-preprocessors/dcerpc2/dce2_session.h,
 7044       src/dynamic-preprocessors/dcerpc2/dce2_smb.h,
 7045       src/dynamic-preprocessors/dcerpc2/dce2_stats.c,
 7046       src/dynamic-preprocessors/dcerpc2/dce2_stats.h,
 7047       src/dynamic-preprocessors/dcerpc2/dce2_tcp.c,
 7048       src/dynamic-preprocessors/dcerpc2/dce2_tcp.h,
 7049       src/dynamic-preprocessors/dcerpc2/dce2_udp.c,
 7050       src/dynamic-preprocessors/dcerpc2/dce2_udp.h,
 7051       src/dynamic-preprocessors/dcerpc2/dce2_utils.c,
 7052       src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
 7053       src/dynamic-preprocessors/dcerpc2/snort_dce2.h,
 7054       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 7055       src/dynamic-preprocessors/dcerpc2/spp_dce2.h,
 7056       src/dynamic-preprocessors/dcerpc2/includes/dcerpc.h,
 7057       src/dynamic-preprocessors/dcerpc2/includes/smb.h,
 7058       src/dynamic-preprocessors/dnp3/dnp3_map.h,
 7059       src/dynamic-preprocessors/dnp3/dnp3_paf.c,
 7060       src/dynamic-preprocessors/dnp3/dnp3_paf.h,
 7061       src/dynamic-preprocessors/dnp3/dnp3_reassembly.c,
 7062       src/dynamic-preprocessors/dnp3/dnp3_reassembly.h,
 7063       src/dynamic-preprocessors/dnp3/dnp3_roptions.c,
 7064       src/dynamic-preprocessors/dnp3/dnp3_roptions.h,
 7065       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 7066       src/dynamic-preprocessors/dnp3/spp_dnp3.h,
 7067       src/dynamic-preprocessors/dns/spp_dns.c,
 7068       src/dynamic-preprocessors/dns/spp_dns.h,
 7069       src/dynamic-preprocessors/ftptelnet/ftp_bounce_lookup.c,
 7070       src/dynamic-preprocessors/ftptelnet/ftp_bounce_lookup.h,
 7071       src/dynamic-preprocessors/ftptelnet/ftp_client.h,
 7072       src/dynamic-preprocessors/ftptelnet/ftp_cmd_lookup.c,
 7073       src/dynamic-preprocessors/ftptelnet/ftp_cmd_lookup.h,
 7074       src/dynamic-preprocessors/ftptelnet/ftp_server.h,
 7075       src/dynamic-preprocessors/ftptelnet/ftpp_eo.h,
 7076       src/dynamic-preprocessors/ftptelnet/ftpp_eo_events.h,
 7077       src/dynamic-preprocessors/ftptelnet/ftpp_eo_log.c,
 7078       src/dynamic-preprocessors/ftptelnet/ftpp_eo_log.h,
 7079       src/dynamic-preprocessors/ftptelnet/ftpp_include.h,
 7080       src/dynamic-preprocessors/ftptelnet/ftpp_return_codes.h,
 7081       src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 7082       src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
 7083       src/dynamic-preprocessors/ftptelnet/ftpp_ui_client_lookup.c,
 7084       src/dynamic-preprocessors/ftptelnet/ftpp_ui_client_lookup.h,
 7085       src/dynamic-preprocessors/ftptelnet/ftpp_ui_config.c,
 7086       src/dynamic-preprocessors/ftptelnet/ftpp_ui_config.h,
 7087       src/dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.c,
 7088       src/dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.h,
 7089       src/dynamic-preprocessors/ftptelnet/ftpp_util_kmap.h,
 7090       src/dynamic-preprocessors/ftptelnet/hi_util_kmap.c,
 7091       src/dynamic-preprocessors/ftptelnet/hi_util_kmap.h,
 7092       src/dynamic-preprocessors/ftptelnet/hi_util_xmalloc.c,
 7093       src/dynamic-preprocessors/ftptelnet/hi_util_xmalloc.h,
 7094       src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 7095       src/dynamic-preprocessors/ftptelnet/pp_ftp.h,
 7096       src/dynamic-preprocessors/ftptelnet/pp_telnet.c,
 7097       src/dynamic-preprocessors/ftptelnet/pp_telnet.h,
 7098       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 7099       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h,
 7100       src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 7101       src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.h,
 7102       src/dynamic-preprocessors/gtp/gtp_config.c,
 7103       src/dynamic-preprocessors/gtp/gtp_config.h,
 7104       src/dynamic-preprocessors/gtp/gtp_debug.h,
 7105       src/dynamic-preprocessors/gtp/gtp_parser.c,
 7106       src/dynamic-preprocessors/gtp/gtp_parser.h,
 7107       src/dynamic-preprocessors/gtp/gtp_roptions.c,
 7108       src/dynamic-preprocessors/gtp/gtp_roptions.h,
 7109       src/dynamic-preprocessors/gtp/spp_gtp.c,
 7110       src/dynamic-preprocessors/gtp/spp_gtp.h,
 7111       src/dynamic-preprocessors/imap/imap_config.c,
 7112       src/dynamic-preprocessors/imap/imap_config.h,
 7113       src/dynamic-preprocessors/imap/imap_log.c,
 7114       src/dynamic-preprocessors/imap/imap_log.h,
 7115       src/dynamic-preprocessors/imap/imap_util.c,
 7116       src/dynamic-preprocessors/imap/imap_util.h,
 7117       src/dynamic-preprocessors/imap/snort_imap.c,
 7118       src/dynamic-preprocessors/imap/snort_imap.h,
 7119       src/dynamic-preprocessors/imap/spp_imap.c,
 7120       src/dynamic-preprocessors/imap/spp_imap.h,
 7121       src/dynamic-preprocessors/isakmp/spp_isakmp.c,
 7122       src/dynamic-preprocessors/isakmp/spp_isakmp.h,
 7123       src/dynamic-preprocessors/libs/sf_preproc_info.h,
 7124       src/dynamic-preprocessors/libs/sfcommon.h,
 7125       src/dynamic-preprocessors/libs/sfparser.c,
 7126       src/dynamic-preprocessors/libs/ssl.c,
 7127       src/dynamic-preprocessors/libs/ssl.h,
 7128       src/dynamic-preprocessors/modbus/modbus_decode.c,
 7129       src/dynamic-preprocessors/modbus/modbus_decode.h,
 7130       src/dynamic-preprocessors/modbus/modbus_paf.c,
 7131       src/dynamic-preprocessors/modbus/modbus_paf.h,
 7132       src/dynamic-preprocessors/modbus/modbus_roptions.c,
 7133       src/dynamic-preprocessors/modbus/modbus_roptions.h,
 7134       src/dynamic-preprocessors/modbus/spp_modbus.c,
 7135       src/dynamic-preprocessors/modbus/spp_modbus.h,
 7136       src/dynamic-preprocessors/pop/pop_config.c,
 7137       src/dynamic-preprocessors/pop/pop_config.h,
 7138       src/dynamic-preprocessors/pop/pop_log.c,
 7139       src/dynamic-preprocessors/pop/pop_log.h,
 7140       src/dynamic-preprocessors/pop/pop_util.c,
 7141       src/dynamic-preprocessors/pop/pop_util.h,
 7142       src/dynamic-preprocessors/pop/snort_pop.c,
 7143       src/dynamic-preprocessors/pop/snort_pop.h,
 7144       src/dynamic-preprocessors/pop/spp_pop.c,
 7145       src/dynamic-preprocessors/pop/spp_pop.h,
 7146       src/dynamic-preprocessors/reputation/reputation_config.h,
 7147       src/dynamic-preprocessors/reputation/reputation_debug.h,
 7148       src/dynamic-preprocessors/reputation/reputation_utils.c,
 7149       src/dynamic-preprocessors/reputation/reputation_utils.h,
 7150       src/dynamic-preprocessors/reputation/spp_reputation.c,
 7151       src/dynamic-preprocessors/reputation/spp_reputation.h,
 7152       src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.c,
 7153       src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.h,
 7154       src/dynamic-preprocessors/reputation/shmem/shmem_common.h,
 7155       src/dynamic-preprocessors/reputation/shmem/shmem_config.c,
 7156       src/dynamic-preprocessors/reputation/shmem/shmem_config.h,
 7157       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c,
 7158       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.h,
 7159       src/dynamic-preprocessors/reputation/shmem/shmem_lib.c,
 7160       src/dynamic-preprocessors/reputation/shmem/shmem_lib.h,
 7161       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c,
 7162       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.h,
 7163       src/dynamic-preprocessors/rzb_saac/spp_rzb-saac.c,
 7164       src/dynamic-preprocessors/sdf/sdf_credit_card.c,
 7165       src/dynamic-preprocessors/sdf/sdf_credit_card.h,
 7166       src/dynamic-preprocessors/sdf/sdf_detection_option.c,
 7167       src/dynamic-preprocessors/sdf/sdf_detection_option.h,
 7168       src/dynamic-preprocessors/sdf/sdf_pattern_match.c,
 7169       src/dynamic-preprocessors/sdf/sdf_pattern_match.h,
 7170       src/dynamic-preprocessors/sdf/sdf_us_ssn.c,
 7171       src/dynamic-preprocessors/sdf/sdf_us_ssn.h,
 7172       src/dynamic-preprocessors/sdf/spp_sdf.h,
 7173       src/dynamic-preprocessors/sip/sip_config.h,
 7174       src/dynamic-preprocessors/sip/sip_debug.h,
 7175       src/dynamic-preprocessors/sip/sip_dialog.c,
 7176       src/dynamic-preprocessors/sip/sip_dialog.h,
 7177       src/dynamic-preprocessors/sip/sip_parser.c,
 7178       src/dynamic-preprocessors/sip/sip_parser.h,
 7179       src/dynamic-preprocessors/sip/sip_roptions.h,
 7180       src/dynamic-preprocessors/sip/sip_utils.c,
 7181       src/dynamic-preprocessors/sip/sip_utils.h,
 7182       src/dynamic-preprocessors/sip/spp_sip.c,
 7183       src/dynamic-preprocessors/sip/spp_sip.h,
 7184       src/dynamic-preprocessors/sip/test/sip_test.c,
 7185       src/dynamic-preprocessors/smtp/smtp_config.c,
 7186       src/dynamic-preprocessors/smtp/smtp_config.h,
 7187       src/dynamic-preprocessors/smtp/smtp_log.c,
 7188       src/dynamic-preprocessors/smtp/smtp_log.h,
 7189       src/dynamic-preprocessors/smtp/smtp_normalize.c,
 7190       src/dynamic-preprocessors/smtp/smtp_normalize.h,
 7191       src/dynamic-preprocessors/smtp/smtp_util.c,
 7192       src/dynamic-preprocessors/smtp/smtp_util.h,
 7193       src/dynamic-preprocessors/smtp/smtp_xlink2state.c,
 7194       src/dynamic-preprocessors/smtp/smtp_xlink2state.h,
 7195       src/dynamic-preprocessors/smtp/snort_smtp.c,
 7196       src/dynamic-preprocessors/smtp/snort_smtp.h,
 7197       src/dynamic-preprocessors/smtp/spp_smtp.h,
 7198       src/dynamic-preprocessors/ssh/spp_ssh.c,
 7199       src/dynamic-preprocessors/ssh/spp_ssh.h,
 7200       src/dynamic-preprocessors/ssl/spp_ssl.c,
 7201       src/dynamic-preprocessors/ssl/spp_ssl.h,
 7202       src/output-plugins/spo_alert_fast.c,
 7203       src/output-plugins/spo_alert_fast.h,
 7204       src/output-plugins/spo_alert_full.c,
 7205       src/output-plugins/spo_alert_full.h,
 7206       src/output-plugins/spo_alert_sf_socket.c,
 7207       src/output-plugins/spo_alert_sf_socket.h,
 7208       src/output-plugins/spo_alert_syslog.c,
 7209       src/output-plugins/spo_alert_syslog.h,
 7210       src/output-plugins/spo_alert_test.c,
 7211       src/output-plugins/spo_alert_test.h,
 7212       src/output-plugins/spo_alert_unixsock.h,
 7213       src/output-plugins/spo_csv.c, src/output-plugins/spo_csv.h,
 7214       src/output-plugins/spo_log_ascii.c,
 7215       src/output-plugins/spo_log_ascii.h,
 7216       src/output-plugins/spo_log_null.c,
 7217       src/output-plugins/spo_log_null.h,
 7218       src/output-plugins/spo_log_tcpdump.c,
 7219       src/output-plugins/spo_log_tcpdump.h,
 7220       src/output-plugins/spo_unified.c,
 7221       src/output-plugins/spo_unified.h,
 7222       src/output-plugins/spo_unified2.c,
 7223       src/output-plugins/spo_unified2.h, src/parser/IpAddrSet.c,
 7224       src/parser/IpAddrSet.h, src/preprocessors/normalize.c,
 7225       src/preprocessors/normalize.h, src/preprocessors/perf-base.c,
 7226       src/preprocessors/perf-base.h, src/preprocessors/perf-event.c,
 7227       src/preprocessors/perf-event.h, src/preprocessors/perf-flow.c,
 7228       src/preprocessors/perf-flow.h, src/preprocessors/perf.c,
 7229       src/preprocessors/perf.h, src/preprocessors/portscan.c,
 7230       src/preprocessors/portscan.h, src/preprocessors/sfprocpidstats.c,
 7231       src/preprocessors/sfprocpidstats.h,
 7232       src/preprocessors/snort_httpinspect.c,
 7233       src/preprocessors/snort_httpinspect.h,
 7234       src/preprocessors/spp_arpspoof.c,
 7235       src/preprocessors/spp_arpspoof.h, src/preprocessors/spp_bo.c,
 7236       src/preprocessors/spp_bo.h, src/preprocessors/spp_frag3.c,
 7237       src/preprocessors/spp_frag3.h,
 7238       src/preprocessors/spp_httpinspect.h,
 7239       src/preprocessors/spp_normalize.c,
 7240       src/preprocessors/spp_normalize.h,
 7241       src/preprocessors/spp_perfmonitor.h,
 7242       src/preprocessors/spp_rpc_decode.c,
 7243       src/preprocessors/spp_rpc_decode.h,
 7244       src/preprocessors/spp_sfportscan.c,
 7245       src/preprocessors/spp_sfportscan.h,
 7246       src/preprocessors/spp_stream5.c, src/preprocessors/spp_stream5.h,
 7247       src/preprocessors/str_search.c, src/preprocessors/str_search.h,
 7248       src/preprocessors/stream_api.c, src/preprocessors/stream_api.h,
 7249       src/preprocessors/stream_expect.c,
 7250       src/preprocessors/stream_expect.h,
 7251       src/preprocessors/HttpInspect/anomaly_detection/hi_ad.c,
 7252       src/preprocessors/HttpInspect/client/hi_client_norm.c,
 7253       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 7254       src/preprocessors/HttpInspect/include/hi_ad.h,
 7255       src/preprocessors/HttpInspect/include/hi_client.h,
 7256       src/preprocessors/HttpInspect/include/hi_client_norm.h,
 7257       src/preprocessors/HttpInspect/include/hi_client_stateful.h,
 7258       src/preprocessors/HttpInspect/include/hi_cmd_lookup.h,
 7259       src/preprocessors/HttpInspect/include/hi_eo.h,
 7260       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 7261       src/preprocessors/HttpInspect/include/hi_eo_log.h,
 7262       src/preprocessors/HttpInspect/include/hi_include.h,
 7263       src/preprocessors/HttpInspect/include/hi_mi.h,
 7264       src/preprocessors/HttpInspect/include/hi_norm.h,
 7265       src/preprocessors/HttpInspect/include/hi_paf.h,
 7266       src/preprocessors/HttpInspect/include/hi_reqmethod_check.h,
 7267       src/preprocessors/HttpInspect/include/hi_return_codes.h,
 7268       src/preprocessors/HttpInspect/include/hi_server.h,
 7269       src/preprocessors/HttpInspect/include/hi_server_norm.h,
 7270       src/preprocessors/HttpInspect/include/hi_si.h,
 7271       src/preprocessors/HttpInspect/include/hi_stateful_inspect.h,
 7272       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 7273       src/preprocessors/HttpInspect/include/hi_ui_iis_unicode_map.h,
 7274       src/preprocessors/HttpInspect/include/hi_ui_server_lookup.h,
 7275       src/preprocessors/HttpInspect/include/hi_uri.h,
 7276       src/preprocessors/HttpInspect/include/hi_urilen_check.h,
 7277       src/preprocessors/HttpInspect/include/hi_util.h,
 7278       src/preprocessors/HttpInspect/include/hi_util_hbm.h,
 7279       src/preprocessors/HttpInspect/include/hi_util_kmap.h,
 7280       src/preprocessors/HttpInspect/include/hi_util_xmalloc.h,
 7281       src/preprocessors/HttpInspect/mode_inspection/hi_mi.c,
 7282       src/preprocessors/HttpInspect/normalization/hi_norm.c,
 7283       src/preprocessors/HttpInspect/server/hi_server_norm.c,
 7284       src/preprocessors/HttpInspect/session_inspection/hi_si.c,
 7285       src/preprocessors/HttpInspect/user_interface/hi_ui_config.c,
 7286       src/preprocessors/HttpInspect/user_interface/hi_ui_iis_unicode_map.c,
 7287       src/preprocessors/HttpInspect/user_interface/hi_ui_server_lookup.c,
 7288       src/preprocessors/HttpInspect/utils/hi_cmd_lookup.c,
 7289       src/preprocessors/HttpInspect/utils/hi_paf.c,
 7290       src/preprocessors/HttpInspect/utils/hi_util_hbm.c,
 7291       src/preprocessors/HttpInspect/utils/hi_util_kmap.c,
 7292       src/preprocessors/HttpInspect/utils/hi_util_xmalloc.c,
 7293       src/preprocessors/Stream5/snort_stream5_icmp.c,
 7294       src/preprocessors/Stream5/snort_stream5_icmp.h,
 7295       src/preprocessors/Stream5/snort_stream5_ip.c,
 7296       src/preprocessors/Stream5/snort_stream5_ip.h,
 7297       src/preprocessors/Stream5/snort_stream5_session.c,
 7298       src/preprocessors/Stream5/snort_stream5_session.h,
 7299       src/preprocessors/Stream5/snort_stream5_tcp.c,
 7300       src/preprocessors/Stream5/snort_stream5_tcp.h,
 7301       src/preprocessors/Stream5/snort_stream5_udp.c,
 7302       src/preprocessors/Stream5/snort_stream5_udp.h,
 7303       src/preprocessors/Stream5/stream5_common.c,
 7304       src/preprocessors/Stream5/stream5_common.h,
 7305       src/preprocessors/Stream5/stream5_paf.c,
 7306       src/preprocessors/Stream5/stream5_paf.h,
 7307       src/sfutil/Unified2_common.h, src/sfutil/acsmx.c,
 7308       src/sfutil/acsmx.h, src/sfutil/acsmx2.h, src/sfutil/asn1.c,
 7309       src/sfutil/asn1.h, src/sfutil/bitop.h, src/sfutil/bitop_funcs.h,
 7310       src/sfutil/bnfa_search.h, src/sfutil/getopt.h,
 7311       src/sfutil/intel-soft-cpm.c, src/sfutil/intel-soft-cpm.h,
 7312       src/sfutil/ipobj.c, src/sfutil/ipobj.h, src/sfutil/mpse.c,
 7313       src/sfutil/segment_mem.c, src/sfutil/segment_mem.h,
 7314       src/sfutil/sfActionQueue.c, src/sfutil/sfActionQueue.h,
 7315       src/sfutil/sfPolicy.c, src/sfutil/sfPolicy.h,
 7316       src/sfutil/sfPolicyUserData.c, src/sfutil/sfPolicyUserData.h,
 7317       src/sfutil/sf_base64decode.c, src/sfutil/sf_base64decode.h,
 7318       src/sfutil/sf_email_attach_decode.c,
 7319       src/sfutil/sf_email_attach_decode.h, src/sfutil/sf_ip.c,
 7320       src/sfutil/sf_ip.h, src/sfutil/sf_iph.h, src/sfutil/sf_ipvar.c,
 7321       src/sfutil/sf_ipvar.h, src/sfutil/sf_seqnums.h,
 7322       src/sfutil/sf_textlog.c, src/sfutil/sf_textlog.h,
 7323       src/sfutil/sf_vartable.c, src/sfutil/sf_vartable.h,
 7324       src/sfutil/sfeventq.c, src/sfutil/sfeventq.h,
 7325       src/sfutil/sfghash.c, src/sfutil/sfghash.h,
 7326       src/sfutil/sfhashfcn.c, src/sfutil/sfhashfcn.h,
 7327       src/sfutil/sfksearch.c, src/sfutil/sfksearch.h,
 7328       src/sfutil/sflsq.c, src/sfutil/sflsq.h, src/sfutil/sfmemcap.c,
 7329       src/sfutil/sfmemcap.h, src/sfutil/sfportobject.c,
 7330       src/sfutil/sfportobject.h, src/sfutil/sfprimetable.c,
 7331       src/sfutil/sfprimetable.h, src/sfutil/sfrf.c, src/sfutil/sfrf.h,
 7332       src/sfutil/sfrim.c, src/sfutil/sfrt.c, src/sfutil/sfrt.h,
 7333       src/sfutil/sfrt_dir.c, src/sfutil/sfrt_dir.h,
 7334       src/sfutil/sfrt_flat.c, src/sfutil/sfrt_flat.h,
 7335       src/sfutil/sfrt_flat_dir.c, src/sfutil/sfrt_flat_dir.h,
 7336       src/sfutil/sfrt_lctrie.c, src/sfutil/sfrt_lctrie.h,
 7337       src/sfutil/sfrt_trie.h, src/sfutil/sfsnprintfappend.c,
 7338       src/sfutil/sfsnprintfappend.h, src/sfutil/sfthd.c,
 7339       src/sfutil/sfthd.h, src/sfutil/sfxhash.c, src/sfutil/sfxhash.h,
 7340       src/sfutil/strvec.c, src/sfutil/strvec.h,
 7341       src/sfutil/util_jsnorm.c, src/sfutil/util_jsnorm.h,
 7342       src/sfutil/util_math.c, src/sfutil/util_math.h,
 7343       src/sfutil/util_net.c, src/sfutil/util_net.h,
 7344       src/sfutil/util_str.c, src/sfutil/util_str.h,
 7345       src/sfutil/util_unfold.c, src/sfutil/util_unfold.h,
 7346       src/sfutil/util_utf.c, src/sfutil/util_utf.h,
 7347       src/sfutil/test/sf_ip_test.c, src/sfutil/test/sfrf_test.c,
 7348       src/sfutil/test/sfrt_test.c, src/sfutil/test/sfthd_test.c,
 7349       src/sfutil/test/unit_hacks.c, src/sfutil/test/unit_hacks.h,
 7350       src/target-based/sf_attribute_table.y,
 7351       src/target-based/sftarget_hostentry.c,
 7352       src/target-based/sftarget_hostentry.h,
 7353       src/target-based/sftarget_protocol_reference.c,
 7354       src/target-based/sftarget_protocol_reference.h,
 7355       src/target-based/sftarget_reader.c,
 7356       src/target-based/sftarget_reader.h,
 7357       src/win32/WIN32-Code/getopt.c, src/win32/WIN32-Code/inet_aton.c,
 7358       src/win32/WIN32-Code/misc.c, src/win32/WIN32-Code/name.h,
 7359       src/win32/WIN32-Code/win32_service.c,
 7360       src/win32/WIN32-Includes/config.h,
 7361       src/win32/WIN32-Includes/getopt.h,
 7362       src/win32/WIN32-Includes/inttypes.h,
 7363       src/win32/WIN32-Includes/stdint.h,
 7364       src/win32/WIN32-Includes/WinPCAP/pthread.h,
 7365       src/win32/WIN32-Includes/WinPCAP/sched.h,
 7366       src/win32/WIN32-Includes/WinPCAP/semaphore.h,
 7367       tools/control/sfcontrol.c, tools/u2boat/u2boat.c,
 7368       tools/u2boat/u2boat.h, tools/u2spewfoo/u2spewfoo.c:
 7369       Updated the address of the Free Software Foundation.
 7370 
 7371     * src/dynamic-preprocessors/dnp3/spp_dnp3.c:
 7372       Check default config before dereferencing memcap.
 7373 
 7374     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 7375       fix handling of gaps in PAF.
 7376 
 7377     * src/dynamic-preprocessors/smtp/: smtp_util.c, snort_smtp.c,
 7378       snort_smtp.h:
 7379       get individual file names for multiple file attachments within
 7380       one smtp packet
 7381 
 7382     * src/dynamic-output/plugins/output_plugin.c:
 7383       Don't change vlanId into network byte order in the dynamic output API.
 7384 
 7385     * src/dynamic-preprocessors/imap/: snort_imap.c, snort_imap.h:
 7386       Add a flag to indicate end of MIME to avoid incorrect data end marker
 7387 
 7388     * src/sfutil/sf_email_attach_decode.h:
 7389       change decode length calculation when file depth is larger than max int
 7390 
 7391     * src/: preprocessors/HttpInspect/include/hi_paf.h,
 7392       sfutil/sf_email_attach_decode.h,
 7393       preprocessors/HttpInspect/utils/hi_paf.c:
 7394       auto enable http ports when file policy is enabled
 7395 
 7396     * src/sfutil/sfthd.c:
 7397       Global thresholds can be disabled with count -1.
 7398 
 7399     * src/sfutil/sfthd.c:
 7400       allow gen_id 0 sig_id 0 and gen_id X sig_id 0 together
 7401 
 7402     * src/: decode.h, preprocessors/snort_httpinspect.c:
 7403       file data is only valid with PAF processing
 7404 
 7405     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 7406       don't flag missing packets when PAF flushing to allow better recovery
 7407       from gaps
 7408 
 7409     * src/dynamic-preprocessors/: smtp/smtp_config.c,
 7410       imap/imap_config.c, imap/spp_imap.c, pop/pop_config.c,
 7411       pop/spp_pop.c:
 7412       Enable file data configurations for preprocessors when file processing
 7413       is enabled
 7414 
 7415     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 7416       fixed check for hole in seglist while PAF scanning
 7417 
 7418     * src/: snort.c, dynamic-examples/Makefile.am,
 7419       dynamic-plugins/Makefile.am, dynamic-preprocessors/Makefile.am,
 7420       dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 7421       preprocessors/spp_stream5.c, target-based/Makefile.am,
 7422       target-based/sftarget_reader.c, target-based/sftarget_reader.h:
 7423       Add an API call to add a service to a host in the attribute table.
 7424       Remove the unused live attribute table code.
 7425 
 7426     * doc/README.ppm, doc/snort_manual.tex, etc/gen-msg.map,
 7427       preproc_rules/preprocessor.rules, src/detect.c, src/generators.h,
 7428       src/parser.c, src/ppm.c, src/ppm.h:
 7429       added 134:3 and IPs and ports to log messages for PPM packet events
 7430 
 7431     * src/snort.c:
 7432       force drop TCP/UDP now gets DAQ blacklist instead of DAQ block verdict
 7433 
 7434     * doc/README.stream5, etc/gen-msg.map,
 7435       preproc_rules/preprocessor.rules, src/generators.h,
 7436       src/preprocessors/Stream5/snort_stream5_tcp.c:
 7437       add 129:20 for midstream traffic we don't pick up.
 7438 
 7439     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 7440       fix normalize_tcp to not block duplicate SYNs
 7441 
 7442     * src/parser.c, src/snort.c, src/preprocessors/snort_httpinspect.c,
 7443       src/preprocessors/snort_httpinspect.h, src/snort.h,
 7444       src/dynamic-preprocessors/smtp/smtp_config.h,
 7445       src/dynamic-preprocessors/smtp/snort_smtp.c,
 7446       src/dynamic-preprocessors/imap/imap_config.h,
 7447       src/dynamic-preprocessors/imap/snort_imap.c,
 7448       src/dynamic-preprocessors/imap/spp_imap.c,
 7449       src/dynamic-preprocessors/pop/pop_config.h,
 7450       src/dynamic-preprocessors/pop/snort_pop.c,
 7451       src/dynamic-preprocessors/pop/spp_pop.c,
 7452       src/sfutil/sf_email_attach_decode.h,
 7453       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 7454       configure.in, src/detection-plugins/sp_file_data.c:
 7455       file_depth integration, openssl integration, reload configuration
 7456 
 7457     * src/dynamic-preprocessors/: libs/ssl.c, libs/ssl.h,
 7458       ssl/spp_ssl.c:
 7459       Add SSLv3/TLS backwards compatibiltiy with SSLv2 ClientHello in the
 7460       ssl preprocessor.
 7461 
 7462     * src/: preprocessors/snort_httpinspect.c,
 7463       src/dynamic-preprocessors/: imap/snort_imap.c, pop/snort_pop.c,
 7464       smtp/snort_smtp.c:
 7465       add file type id support for HTTP post, smtp, imap, and pop
 7466 
 7467     * src/: snort_debug.h, control/sfcontrol.c,
 7468       preprocessors/Stream5/snort_stream5_tcp.c:
 7469       Do not delete application session data on last ACK.
 7470 
 7471     * src/output-plugins/spo_unified.c:
 7472       Add deprecated warning for unified output plugin.
 7473 
 7474     * src/decode.h:
 7475       Add support for decoding PPP type 0x57 (IPv6) for PPPoE
 7476 
 7477     * src/Makefile.am, src/generators.h, src/parser.c, src/parser.h,
 7478       src/preprocids.h, src/snort.c, src/snort_debug.h, configure.in,
 7479       src/dynamic-preprocessors/Makefile.am,
 7480       src/preprocessors/snort_httpinspect.c,
 7481       src/detection-plugins/sp_file_data.c,
 7482       src/dynamic-examples/Makefile.am:
 7483       add file type identification and file signature sha256 calculation
 7484       for HTTP.
 7485 
 7486     * src/: util.c, dynamic-preprocessors/dcerpc2/spp_dce2.c,
 7487       dynamic-preprocessors/dnp3/spp_dnp3.c,
 7488       dynamic-preprocessors/dns/spp_dns.c,
 7489       dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 7490       dynamic-preprocessors/gtp/spp_gtp.c,
 7491       dynamic-preprocessors/imap/spp_imap.c,
 7492       dynamic-preprocessors/isakmp/spp_isakmp.c,
 7493       dynamic-preprocessors/modbus/spp_modbus.c,
 7494       dynamic-preprocessors/pop/spp_pop.c,
 7495       dynamic-preprocessors/reputation/spp_reputation.c,
 7496       dynamic-preprocessors/sip/spp_sip.c,
 7497       dynamic-preprocessors/ssh/spp_ssh.c,
 7498       dynamic-preprocessors/ssl/spp_ssl.c:
 7499       Remove IPv6 tag from snort -V
 7500 
 7501     * configure.in, doc/README.ipv6, doc/README.unified2,
 7502       doc/README.variables, doc/snort_manual.tex, src/decode.h,
 7503       src/detect.c, src/detect.h, src/encode.c, src/fpdetect.c,
 7504       src/ipv6_port.h, src/log.c, src/log_text.c, src/parser.c,
 7505       src/sf_protocols.h, src/snort.c, src/snort.h, src/tag.c,
 7506       src/util.c, src/util.h, src/detection-plugins/sp_ftpbounce.c,
 7507       src/detection-plugins/sp_icmp_id_check.c,
 7508       src/detection-plugins/sp_icmp_seq_check.c,
 7509       src/detection-plugins/sp_ip_same_check.c,
 7510       src/detection-plugins/sp_session.c,
 7511       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 7512       src/dynamic-preprocessors/dynamic_preprocessors.dsp,
 7513       src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 7514       src/dynamic-preprocessors/dcerpc2/sf_dce2.dsp,
 7515       src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
 7516       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 7517       src/dynamic-preprocessors/dnp3/sf_dnp3.dsp,
 7518       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 7519       src/dynamic-preprocessors/dns/sf_dns.dsp,
 7520       src/dynamic-preprocessors/dns/spp_dns.c,
 7521       src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
 7522       src/dynamic-preprocessors/ftptelnet/ftpp_ui_client_lookup.c,
 7523       src/dynamic-preprocessors/ftptelnet/ftpp_ui_server_lookup.c,
 7524       src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
 7525       src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.dsp,
 7526       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 7527       src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
 7528       src/dynamic-preprocessors/gtp/sf_gtp.dsp,
 7529       src/dynamic-preprocessors/gtp/spp_gtp.c,
 7530       src/dynamic-preprocessors/imap/sf_imap.dsp,
 7531       src/dynamic-preprocessors/imap/spp_imap.c,
 7532       src/dynamic-preprocessors/isakmp/spp_isakmp.c,
 7533       src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.dsp,
 7534       src/dynamic-preprocessors/modbus/sf_modbus.dsp,
 7535       src/dynamic-preprocessors/modbus/spp_modbus.c,
 7536       src/dynamic-preprocessors/pop/sf_pop.dsp,
 7537       src/dynamic-preprocessors/pop/spp_pop.c,
 7538       src/dynamic-preprocessors/reputation/sf_reputation.dsp,
 7539       src/dynamic-preprocessors/reputation/spp_reputation.c,
 7540       src/dynamic-preprocessors/sdf/sf_sdf.dsp,
 7541       src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 7542       src/dynamic-preprocessors/sip/sf_sip.dsp,
 7543       src/dynamic-preprocessors/sip/sip_dialog.c,
 7544       src/dynamic-preprocessors/sip/spp_sip.c,
 7545       src/dynamic-preprocessors/smtp/sf_smtp.dsp,
 7546       src/dynamic-preprocessors/ssh/sf_ssh.dsp,
 7547       src/dynamic-preprocessors/ssh/spp_ssh.c,
 7548       src/dynamic-preprocessors/ssl/sf_ssl.dsp,
 7549       src/dynamic-preprocessors/ssl/spp_ssl.c,
 7550       src/output-plugins/spo_alert_sf_socket.c,
 7551       src/output-plugins/spo_log_ascii.c,
 7552       src/output-plugins/spo_unified2.c, src/parser/IpAddrSet.c,
 7553       src/parser/IpAddrSet.h, src/preprocessors/normalize.c,
 7554       src/preprocessors/perf-base.c, src/preprocessors/perf-base.h,
 7555       src/preprocessors/perf-flow.c, src/preprocessors/portscan.c,
 7556       src/preprocessors/snort_httpinspect.c,
 7557       src/preprocessors/spp_arpspoof.c, src/preprocessors/spp_frag3.c,
 7558       src/preprocessors/spp_normalize.c,
 7559       src/preprocessors/spp_normalize.h,
 7560       src/preprocessors/spp_sfportscan.c,
 7561       src/preprocessors/spp_stream5.c,
 7562       src/preprocessors/stream_expect.c,
 7563       src/preprocessors/HttpInspect/session_inspection/hi_si.c,
 7564       src/preprocessors/HttpInspect/user_interface/hi_ui_server_lookup.c,
 7565       src/preprocessors/Stream5/snort_stream5_icmp.c,
 7566       src/preprocessors/Stream5/snort_stream5_session.c,
 7567       src/preprocessors/Stream5/snort_stream5_tcp.c,
 7568       src/preprocessors/Stream5/snort_stream5_udp.c,
 7569       src/preprocessors/Stream5/stream5_common.c,
 7570       src/preprocessors/Stream5/stream5_common.h, src/sfutil/ipobj.c,
 7571       src/sfutil/ipobj.h, src/sfutil/sfPolicy.c, src/sfutil/sf_ip.h,
 7572       src/sfutil/sf_iph.h, src/sfutil/sf_ipvar.h, src/sfutil/sfrf.c,
 7573       src/sfutil/sfrt.c, src/sfutil/sfrt.h, src/sfutil/sfrt_dir.c,
 7574       src/sfutil/sfrt_flat.c, src/sfutil/sfrt_flat.h,
 7575       src/sfutil/sfrt_flat_dir.c, src/sfutil/sfthd.c,
 7576       src/sfutil/util_net.c, src/sfutil/util_net.h,
 7577       src/sfutil/test/Makefile.am, src/sfutil/test/sfrf_test.c,
 7578       src/sfutil/test/sfthd_test.c, src/sfutil/test/unit_hacks.c,
 7579       src/sfutil/test/unit_hacks.h,
 7580       src/target-based/sf_attribute_table.y,
 7581       src/target-based/sftarget_reader.c,
 7582       src/target-based/sftarget_reader.h,
 7583       src/win32/WIN32-Prj/build_all.dsp,
 7584       src/win32/WIN32-Prj/sf_engine.dsp,
 7585       src/win32/WIN32-Prj/sf_engine_initialize.dsp,
 7586       src/win32/WIN32-Prj/snort.dsp,
 7587       src/win32/WIN32-Prj/snort_initialize.dsp,
 7588       src/win32/WIN32-Prj/snort_installer.nsi:
 7589       Remove IPv4 only code paths
 7590 
 7591 2012-07-30 Hui Cao <hcao@sourcefire.com>
 7592 Snort 2.9.3.1
 7593     * src/build.h:
 7594       Updated build number to 40
 7595 
 7596     * src/sfutil/acsmx2.c:
 7597       Release memory during return.
 7598 
 7599     * src/dynamic-preprocessors/sip/sip_config.c:
 7600       Free method struct when method->methodName is NULL.
 7601 
 7602     * src/: detection-plugins/detection_options.c,
 7603       detection-plugins/sp_byte_check.c,
 7604       detection-plugins/sp_byte_extract.c,
 7605       detection-plugins/sp_byte_jump.c, dynamic-plugins/sp_dynamic.c,
 7606       dynamic-plugins/sp_preprocopt.c:
 7607       Fix constant expression in hashing routines for 64bit platforms.
 7608 
 7609     * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
 7610       Fix Samba chained OpenAndX -> Write command handling. 
 7611 
 7612     * src/active.c:
 7613       Check for TCP RST flag regardless of other flags to block resetting
 7614       resets.
 7615 
 7616     * src/: active.c, decode.c, detection-plugins/sp_pcre.c,
 7617       dynamic-plugins/sf_convert_dynamic.c,
 7618       dynamic-plugins/sf_dynamic_plugins.c,
 7619       dynamic-plugins/sf_dynamic_preprocessor.h,
 7620       dynamic-plugins/sp_dynamic.c,
 7621       dynamic-preprocessors/dnp3/dnp3_map.c,
 7622       dynamic-preprocessors/reputation/reputation_config.c,
 7623       dynamic-preprocessors/sdf/spp_sdf.c,
 7624       dynamic-preprocessors/sip/sip_config.c,
 7625       dynamic-preprocessors/sip/sip_roptions.c,
 7626       dynamic-preprocessors/smtp/spp_smtp.c,
 7627       output-plugins/spo_alert_unixsock.c,
 7628       preprocessors/spp_httpinspect.c, preprocessors/spp_perfmonitor.c,
 7629       preprocessors/HttpInspect/client/hi_client.c,
 7630       preprocessors/HttpInspect/server/hi_server.c,
 7631       sfutil/bnfa_search.c, sfutil/sf_iph.c,
 7632       target-based/sf_attribute_table_parser.l:
 7633        Parse time memory cleanup
 7634 
 7635     * src/dynamic-preprocessors/dcerpc2/dce2_utils.h:
 7636        Fixed issue on big endian systems where behaviour was incorrect.
 7637 
 7638 2012-07-10 Todd Wease <twease@sourcefire.com>
 7639 Snort 2.9.3
 7640 
 7641     * src/build.h:
 7642       Updated build number to 37
 7643 
 7644     * src/preprocessors/HttpInspect/server/hi_server.c:
 7645       When paf is turned on, the flow depth on raw packets should be checking
 7646       if max_seq was set.
 7647 
 7648     * src/preprocessors/HttpInspect/client/hi_client.c:
 7649       Rearranged check in hi_client_extract_header() to stop processing when
 7650       there is no more data.
 7651 
 7652     * src/dynamic-preprocessors/smtp/: smtp_util.c, snort_smtp.c:
 7653       Clear flags for filename logging if there are no ending quotes for MIME
 7654       attachement filename.  Thanks to Rick Chisholm for helping us track down
 7655       the issue.
 7656 
 7657     * doc/CREDITS:
 7658       Update rmkml's email address.
 7659 
 7660     * src/preprocessors/: snort_httpinspect.h, HttpInspect/server/hi_server.c:
 7661       Fix application of flow_depth for transfers of files over 2GB.
 7662 
 7663 2012-06-06 Russ Combs <rcombs@sourcefire.com>
 7664 Snort 2.9.3 RC
 7665 
 7666     * src/build.h: updating build number to 33
 7667 
 7668     * src/: checksum.h, decode.c, encode.c:
 7669 
 7670       Dropped dnets checksumming functionality.
 7671 
 7672     * src/: decode.h, encode.c,
 7673       dynamic-plugins/sf_engine/sf_snort_packet.h:
 7674 
 7675       Remove unused policyEngineData.
 7676 
 7677     * src/preprocessors/: Stream5/snort_stream5_tcp.c,
 7678       HttpInspect/utils/hi_paf.c:
 7679 
 7680       Need to check for NULL since a timeout can release proto specific
 7681       data.
 7682 
 7683       Fix mid-stream pickup sequence tracking.
 7684 
 7685     * src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
 7686       HttpInspect/server/hi_server.c:
 7687 
 7688       Apply server flow depth to session when PAF is turned on.
 7689 
 7690     * src/preprocessors/Stream5/: snort_stream5_session.c,
 7691       stream5_common.h:
 7692 
 7693       Change SessionKey to a SessionKey pointer.
 7694 
 7695     * src/dynamic-output/plugins/: output_lib.h, output_plugin.c:
 7696 
 7697       Add dynamic output API for DAQ interface mode.
 7698 
 7699     * src/: dynamic-output/plugins/output_base.c, plugbase.c,
 7700       spo_plugbase.h:
 7701 
 7702       Remove older output plugin when new one is available.
 7703 
 7704     * src/dynamic-plugins/: sf_dynamic_plugins.c,
 7705       sf_engine/sf_snort_detection_engine.c:
 7706 
 7707       Force exact versioning match of running dynamic engine and dynamic
 7708       engine used to build SO rules.
 7709 
 7710     * src/: sfdaq.c, sfdaq.h, dynamic-plugins/sf_dynamic_plugins.c,
 7711       dynamic-plugins/sf_dynamic_preprocessor.h:
 7712 
 7713       Add API for checking whether DAQ can whitelist.
 7714 
 7715     * src/: parser.c, parser.h, snort.c:
 7716 
 7717       Added config disable-attribute-reload-thread to snort.conf.
 7718 
 7719       Snort now provides snort.conf(line #) on errors durring parsing.
 7720 
 7721     * src/: parser.c, detection-plugins/sp_pattern_match.c,
 7722       detection-plugins/sp_pattern_match.h:
 7723 
 7724       Warn users when rules contain relative options off of
 7725       fast_pattern:only content matches.
 7726 
 7727     * src/dynamic-preprocessors/sdf/spp_sdf.c:
 7728 
 7729       SDF now only looks at rebuilt packets.
 7730 
 7731     * src/control/sfcontrol.c,
 7732       src/dynamic-preprocessors/reputation/reputation_config.c,
 7733       src/dynamic-preprocessors/reputation/reputation_config.h,
 7734       src/dynamic-preprocessors/reputation/spp_reputation.c,
 7735       src/dynamic-preprocessors/reputation/spp_reputation.h,
 7736       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c,
 7737       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.h,
 7738       tools/control/sfcontrol.c:
 7739 
 7740       Add ability to query reputation pp with control socket.
 7741 
 7742       User can now query reputation pp for routing table and management
 7743       information.
 7744 
 7745       Fixed bug to prevent IP Reputation from trying to allocate too much
 7746       memory.
 7747 
 7748     * doc/: Makefile.am, README.unified2, snort_manual.tex:
 7749 
 7750       Add README.unified2 to Makefile.am.
 7751 
 7752       Add documentation for unified2 file format.
 7753 
 7754       Add smb_fingerprint_policy documentation to snort manual.
 7755 
 7756     * src/preprocessors/Stream5/stream5_paf.c:
 7757 
 7758       Ensure PAF is configured on reload the same as it was on restart.
 7759 
 7760     * src/preprocessors/spp_stream5.c:
 7761 
 7762       Fix stream5 issue on reload were it wasn't validating or registering
 7763       preprocessor function when new policy is added.
 7764 
 7765     * configure.in, doc/INSTALL, doc/README.decoder_preproc_rules,
 7766       doc/snort_manual.pdf, doc/snort_manual.tex, etc/snort.conf,
 7767       rpm/snort.spec, src/event_queue.c, src/event_queue.h,
 7768       src/event_wrapper.c, src/fpcreate.c, src/fpcreate.h,
 7769       src/fpdetect.c, src/fpdetect.h, src/parser.c, src/parser.h,
 7770       src/ppm.c, src/signature.h, src/snort.h,
 7771       src/detection-plugins/detection_options.c,
 7772       src/detection-plugins/detection_options.h,
 7773       src/preprocessors/spp_frag3.c, src/sfutil/sfeventq.c,
 7774       src/sfutil/sfeventq.h, src/win32/WIN32-Prj/snort.dsp:
 7775 
 7776       Removed --enable-decoder-preprocessor-rules configure option and
 7777       hardened preprocessor and decoder rule event code.  To enable old
 7778       behavior such that specific preprocessor and decoder rules don't
 7779       have to be explicity added to snort.conf, add "config
 7780       autogenerate_preprocessor_decoder_rules" to your snort.conf.
 7781 
 7782     * src/: profiler.h, dynamic-output/plugins/output_lib.h,
 7783       dynamic-plugins/sf_dynamic_preprocessor.h, sfutil/sfPolicy.h,
 7784       sfutil/sf_ip.h:
 7785 
 7786       Added a function, sfip_fast_equals_raw, that does the minimum needed
 7787       to determine if 2 IPs are equal.  Added profiler macros that allow for
 7788       unique variable names.  Moved GetPolicyFunc definition to sfPolicy.h.
 7789 
 7790     * src/: snort.c, detection-plugins/sp_flowbits.c,
 7791       detection-plugins/sp_flowbits.h, dynamic-plugins/sp_dynamic.c:
 7792 
 7793       Fix flowbit group toggle.
 7794 
 7795       Fix issue with SO rules that reuse a flowbits structure when all
 7796       stubs aren't enabled.
 7797 
 7798     * src/dynamic-preprocessors/smtp/: smtp_config.c, snort_smtp.c,
 7799       snort_smtp.h, spp_smtp.c:
 7800 
 7801       SMTP PP now only allocates its mempools 1 time.
 7802 
 7803       Fix build on legacy systems that don't support c99 declarations.
 7804 
 7805       Fix memory leak on reload.
 7806 
 7807     * src/: detect.c, ppm.c:
 7808 
 7809       Fix PPM when PPM rules are dynamically generated and there are
 7810       multiple policies.
 7811 
 7812 2012-04-26 Russ Combs <rcombs@sourcefire.com>
 7813 Snort 2.9.3 Beta
 7814 
 7815     * src/build.h:
 7816 
 7817       Updating build number to 22.
 7818 
 7819     * src/: snort.c, control/sfcontrol.c:
 7820 
 7821       Stop daq before tearing down control socket and freeing idle
 7822       processors.
 7823 
 7824     * src/control/sfcontrol.c, src/control/sfcontrol.h,
 7825       tools/control/sfcontrol.c:
 7826 
 7827       - Return the correct codes with responses.
 7828       - Use macros to define the codes.
 7829       - Update the client to receive multiple status (0x0009) messages
 7830         followed by a success or error message.
 7831 
 7832     * doc/snort_manual.tex,
 7833       src/preprocessors/Stream5/snort_stream5_session.c,
 7834       src/preprocessors/Stream5/stream5_common.h,
 7835       src/preprocessors/spp_stream5.c,
 7836       src/detection-plugins/sp_flowbits.c,
 7837       src/detection-plugins/sp_flowbits.h, src/parser.c, src/snort.h:
 7838 
 7839       - Flowbits can belong to multiple groups.
 7840       - Restrict the syntax of flowbit name and group names to alphanumeric
 7841         string including periods, dashes, and underscores.
 7842       - Changed the maximal flowbit size to be 2048.
 7843       - Changes the error syntax when maximum number of flowbit ID
 7844         exceeds allowed value.
 7845       - Thanks to Cees <celzinga@gmail.com> for providing information about
 7846         the size bug.
 7847 
 7848     * src/: preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 7849       dynamic-preprocessors/sip/sip_dialog.c:
 7850 
 7851       Ignore sessions already started through updated stream API. 
 7852 
 7853     * src/decode.h, src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 7854       src/output-plugins/spo_unified2.c, src/sfutil/Unified2_common.h,
 7855       tools/u2spewfoo/u2spewfoo.c:
 7856 
 7857       - Remove *_NG logging from Unified2.
 7858       - Snort unified2 doesn't log to *_NG formats anymore.
 7859 
 7860     * src/tag.c:
 7861 
 7862       Fix compiler warning on FreeBSD in mis-matched format string.
 7863 
 7864     * src/preprocessors/spp_arpspoof.c:
 7865 
 7866       - Fix handling when arpspoof_detect_host was set without arpspoof.
 7867       - Fix compiler warnings on FreeBSD by utilizing modern ip6 code.
 7868       - Verify snort works correctly, and doesn't cause warnings on
 7869         FreeBSD.
 7870 
 7871     * src/: detection-plugins/Makefile.am,
 7872       dynamic-plugins/sf_engine/sf_snort_plugin_hdropts.c:
 7873 
 7874       Remove unnecessary cruft.
 7875 
 7876     * src/output-plugins/spo_alert_unixsock.c:
 7877 
 7878       Don't rely on UNIX_PATH_MAX value being 108.
 7879 
 7880     * src/: active.c, encode.c, encode.h:
 7881 
 7882       Force drop/resets resulting in ICMP unreachables will have the
 7883       code for administratively prohibited while ips ICMP unreachables
 7884       remain port unreachable.
 7885 
 7886     * src/dynamic-output/: dynamic_output.dsp Makefile.am,
 7887       src/dynamic-output/libs: Makefile.am output_lib.c snort_output.pc.in,
 7888       src/dynamic-output/plugins: Makefile.am output_api.h output_base.c,
 7889       output_common.h output.h output_lib.h output_plugin.c
 7890 
 7891       Added dynamic output plugin support.
 7892 
 7893     * configure.in, snort.8, contrib/Makefile.am, contrib/README,
 7894       contrib/create_mssql, contrib/create_mysql,
 7895       contrib/create_oracle.sql, contrib/create_postgresql,
 7896       contrib/mysql.php3, contrib/pgsql.php3, contrib/snortdb-extra.gz,
 7897       doc/INSTALL, doc/Makefile.am, doc/README.ARUBA,
 7898       doc/README.database, doc/faq.tex, doc/snort_manual.tex,
 7899       etc/snort.conf, m4/Makefile.am, m4/libprelude.m4, rpm/snort.spec,
 7900       src/plugbase.c, src/snort.c, src/snort.h,
 7901       src/output-plugins/Makefile.am,
 7902       src/plugins/output_base.c, plugins/output_lib.h,
 7903       src/plugins/output_plugin.c,
 7904       src/output-plugins/spo_alert_arubaaction.c,
 7905       src/output-plugins/spo_alert_arubaaction.h,
 7906       src/output-plugins/spo_alert_prelude.c,
 7907       src/output-plugins/spo_alert_prelude.h,
 7908       src/output-plugins/spo_database.c,
 7909       src/output-plugins/spo_database.h,
 7910       src/win32/Makefile.am,
 7911       src/win32/WIN32-Prj/snort_installer.nsi,
 7912       win32/WIN32-Prj/snort.dsp, win32/WIN32-Prj/snort.dsw:
 7913       win32/WIN32-Prj/snort_installer.nsi,
 7914       win32/WIN32-Prj/snort_installer_options.ini:
 7915 
 7916       Remove deprecated output plugins aruba, prelude, mysql, oracle and
 7917       mssql from Snort. 
 7918 
 7919     * src/detection-plugins/sp_flowbits.c,
 7920       src/detection-plugins/sp_flowbits.h,
 7921       src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 7922       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 7923       src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 7924       src/snort_debug.h, src/dynamic-plugins/sf_convert_dynamic.c,
 7925       src/dynamic-plugins/sf_dynamic_engine.h,
 7926       src/dynamic-plugins/sp_dynamic.c,
 7927       src/dynamic-plugins/sp_dynamic.h, doc/README.flowbits,
 7928       doc/snort_manual.tex, doc/snort_manual.pdf:
 7929 
 7930       Flowbit OR feature.  Fixed the so_rules check issue and also the so stub
 7931       file generated.
 7932 
 7933     * doc/README.SMTP, doc/README.imap, doc/README.pop,
 7934       doc/snort_manual.tex, etc/gen-msg.map,
 7935       src/dynamic-preprocessors/imap/imap_config.c,
 7936       src/dynamic-preprocessors/imap/imap_log.h,
 7937       src/dynamic-preprocessors/imap/imap_util.c,
 7938       src/dynamic-preprocessors/imap/imap_util.h,
 7939       src/dynamic-preprocessors/imap/snort_imap.c,
 7940       src/dynamic-preprocessors/pop/pop_config.c,
 7941       src/dynamic-preprocessors/pop/pop_log.h,
 7942       src/dynamic-preprocessors/pop/pop_util.c,
 7943       src/dynamic-preprocessors/pop/pop_util.h,
 7944       src/dynamic-preprocessors/pop/snort_pop.c,
 7945       src/dynamic-preprocessors/smtp/smtp_config.c,
 7946       src/dynamic-preprocessors/smtp/smtp_log.h,
 7947       src/dynamic-preprocessors/smtp/smtp_util.c,
 7948       src/dynamic-preprocessors/smtp/smtp_util.h,
 7949       src/dynamic-preprocessors/smtp/snort_smtp.c,
 7950       src/dynamic-preprocessors/smtp/spp_smtp.c:
 7951 
 7952       - SMTP/IMAP/POP will now extract non-encoded attachments when
 7953         content-type MIME headers are present.
 7954       - SMTP will not decode when ignore_data is present.
 7955       - Content-Transfer-Encoding should take precendence over
 7956         Content-Type.
 7957       - Content-type should first check if boundary in non MIME header
 7958         state.
 7959       - Fix SMTP stat msg.
 7960 
 7961     * doc/README.http_inspect, doc/faq.pdf, doc/snort_manual.pdf,
 7962       doc/snort_manual.tex, src/preprocessors/snort_httpinspect.c,
 7963       src/preprocessors/snort_httpinspect.h,
 7964       src/preprocessors/spp_httpinspect.c,
 7965       src/preprocessors/HttpInspect/server/hi_server.c:
 7966 
 7967       Update http_inspect decompression to not allocate compress/decompress
 7968       buffers per session.
 7969 
 7970     * src/preprocessors/HttpInspect/normalization/hi_norm.c:
 7971 
 7972       - Fix the handling of % encoded ?.  HI no longer treats % encoded
 7973         ? as start of query string.
 7974 
 7975     * src/preprocessors/HttpInspect/: include/hi_paf.h, utils/hi_paf.c:
 7976 
 7977       Provide access method for HI main to handle simple responses.
 7978 
 7979     * src/preprocessors/HttpInspect/: server/hi_server.c,
 7980       client/hi_client.c:
 7981 
 7982       - Fix extraction of Transfer-Encoding header.
 7983       - Handle chunk extensions when de-chunking.
 7984       - Fix handling of packets beyond flow depth when PAF is turned on.
 7985       - Add code to handle simple responses and not generate false
 7986         positive.
 7987 
 7988     * src/dynamic-plugins/sf_engine/sf_snort_packet.h:
 7989 
 7990       Frag related fixes:
 7991 
 7992       - Check ip6 extension order on frags, including inner on first frag.
 7993       - Added 116:458 for no offset and no more.
 7994       - Added 116:459 for frag w/o data.
 7995 
 7996     * src/: decode.c, decode.h:
 7997 
 7998       - Properly decode pflog version 4.
 7999       - Salutations to Ryan McBride for the pflog v4 patch. 
 8000 
 8001     * src/dynamic-preprocessors/sip/sip_parser.c:
 8002 
 8003       Add compact form support of VIA header to SIP.
 8004 
 8005     * src/dynamic-preprocessors/ftptelnet/pp_telnet.c:
 8006 
 8007       Don't presume 3 bytes of junk in a telnet stream is encryption
 8008       unless midstream pickup.
 8009 
 8010     * src/: fpdetect.c, pcrm.c, pcrm.h:
 8011 
 8012       Process any->any rules even when a service matches in the attribute
 8013       table
 8014 
 8015     * src/preprocessors/spp_frag3.c:
 8016 
 8017       - Drop bad fragments BEFORE inserting them into tracker.
 8018       - Ensure that all fragments are dropped in inline mode when the
 8019         first fragment is bad.
 8020 
 8021     * src/target-based/sftarget_reader_live.c:
 8022 
 8023       - Initialize the value of ret and fix some obscure formatting.
 8024       - Thanks to William Parker for notifying us.
 8025 
 8026     * src/: debug.c, snort.c:
 8027 
 8028       Fix placement of int error to avoid warning.
 8029 
 8030     * doc/README.dcerpc2, doc/faq.pdf, doc/snort_manual.pdf,
 8031       doc/snort_manual.tex, etc/gen-msg.map,
 8032       preproc_rules/preprocessor.rules, src/generators.h,
 8033       src/dynamic-preprocessors/Makefile.am,
 8034       src/dynamic-preprocessors/dcerpc2/dce2_cl.c,
 8035       src/dynamic-preprocessors/dcerpc2/dce2_co.c,
 8036       src/dynamic-preprocessors/dcerpc2/dce2_co.h,
 8037       src/dynamic-preprocessors/dcerpc2/dce2_config.c,
 8038       src/dynamic-preprocessors/dcerpc2/dce2_config.h,
 8039       src/dynamic-preprocessors/dcerpc2/dce2_debug.h,
 8040       src/dynamic-preprocessors/dcerpc2/dce2_event.c,
 8041       src/dynamic-preprocessors/dcerpc2/dce2_event.h,
 8042       src/dynamic-preprocessors/dcerpc2/dce2_http.c,
 8043       src/dynamic-preprocessors/dcerpc2/dce2_list.c,
 8044       src/dynamic-preprocessors/dcerpc2/dce2_list.h,
 8045       src/dynamic-preprocessors/dcerpc2/dce2_memory.c,
 8046       src/dynamic-preprocessors/dcerpc2/dce2_memory.h,
 8047       src/dynamic-preprocessors/dcerpc2/dce2_paf.c,
 8048       src/dynamic-preprocessors/dcerpc2/dce2_roptions.c,
 8049       src/dynamic-preprocessors/dcerpc2/dce2_session.h,
 8050       src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
 8051       src/dynamic-preprocessors/dcerpc2/dce2_smb.h,
 8052       src/dynamic-preprocessors/dcerpc2/dce2_stats.h,
 8053       src/dynamic-preprocessors/dcerpc2/dce2_tcp.c,
 8054       src/dynamic-preprocessors/dcerpc2/dce2_tcp.h,
 8055       src/dynamic-preprocessors/dcerpc2/dce2_udp.c,
 8056       src/dynamic-preprocessors/dcerpc2/dce2_utils.c,
 8057       src/dynamic-preprocessors/dcerpc2/dce2_utils.h,
 8058       src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
 8059       src/dynamic-preprocessors/dcerpc2/snort_dce2.h,
 8060       src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
 8061       src/dynamic-preprocessors/dcerpc2/spp_dce2.h,
 8062       src/dynamic-preprocessors/dcerpc2/includes/smb.h,
 8063       src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 8064       src/sfutil/Makefile.am, src/sfutil/sf_seqnums.h,
 8065       src/win32/WIN32-Prj/snort.dsp:
 8066 
 8067       Update SMB request/response handling to handle server to client
 8068       evasions where SMB header values aren't echoed in response.
 8069  
 8070       - Add support for SMB_COM_WRITE_ANDX "raw" mode.
 8071       - Add support for additional commands for opening, reading from and
 8072         writing to SMB named pipes
 8073       - Update handling of SMB_COM_WRITE_RAW.
 8074       - Add global configuration option for determining Windows/Samba policy
 8075         on a per session basis and new preprocessor events.
 8076       - Add tracking of named pipe state - byte or message mode.
 8077       - Update SMB_COM_TRANSACTION handling to better support out of order
 8078         displacements and parameters.
 8079       - Updates to SMB ByteCount, data offset and data length handling.
 8080       - Update for Transaction error, where Samba throws out transaction
 8081         on error and correct data offset passed in to function.
 8082       - Don't set dcerpc2 rule options and stop processing dcerpc data
 8083         when server response indicates encrypted packet privacy.
 8084       - Fix dcerpc2 PAF when target based is enabled to not abort if
 8085         protocol undefined.
 8086       - Added processing of chained SMB_COM_WRITE_ANDXs for Samba policies. 
 8087 
 8088     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8089 
 8090       - Correctly log TCP segments to unified2 when there are multiple alerts on
 8091         the same reassembled packet.
 8092       - Purge after flush at session shutdown to avoid reprocessing it when the
 8093         cache is freed causing strange dce2 alerts.
 8094 
 8095     * configure.in:
 8096 
 8097       If pkg-config macros do not exist then configure script would be
 8098       invalid. If it does not exist define a macro that does nothing and
 8099       continue.
 8100 
 8101     * configure.in, src/debug.c, src/decode.c, src/log.c, src/parser.c,
 8102       src/snort_debug.h, src/util.c,
 8103       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 8104       src/dynamic-preprocessors/libs/ssl.c,
 8105       src/dynamic-preprocessors/modbus/spp_modbus.c,
 8106       src/sfutil/sf_ip.c,
 8107       src/sfutil/sf_ip.h, tools/u2boat/u2boat.c,
 8108       tools/u2spewfoo/u2spewfoo.c:
 8109 
 8110       Fix compilation warnings.
 8111 
 8112     * src/snort.c:
 8113 
 8114       Check return of DAQ_Acquire in failopen thread see description.
 8115 
 8116     * src/dynamic-preprocessors/reputation/shmem/: shmem_config.h,
 8117       shmem_mgmt.c, shmem_mgmt.h,
 8118       src/sfutil/sfrt_flat_dir.c:
 8119 
 8120       - Disable timeout for shared memory readers.
 8121       - Readers and writer updates their own active flags.
 8122       - Update the entry value along with length update.
 8123 
 8124     * src/Makefile.am, src/decode.h, src/parser.c, src/parser.h,
 8125       src/snort.c, src/snort.h,
 8126       src/dynamic-preprocessors/reputation/reputation_config.c,
 8127       src/dynamic-preprocessors/reputation/reputation_config.h,
 8128       src/dynamic-preprocessors/reputation/spp_reputation.c,
 8129       src/dynamic-preprocessors/reputation/spp_reputation.h,
 8130       src/dynamic-preprocessors/reputation/shmem/shmem_common.h,
 8131       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c,
 8132       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.h,
 8133       src/dynamic-output/libs/Makefile.am,
 8134       src/dynamic-output/libs/output_lib.c, configure.in,
 8135       src/sfutil/sfrt.h, src/sfutil/sfrt_flat.c,
 8136       src/sfutil/sfrt_flat.h, src/sfutil/sfrt_flat_dir.c,
 8137       src/sfutil/sfrt_flat_dir.h,
 8138       src/dynamic-plugins/sf_dynamic_plugins.c,
 8139       src/dynamic-plugins/sf_dynamic_preprocessor.h,
 8140       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 8141       doc/: README.reputation, snort_manual.pdf, snort_manual.tex:
 8142 
 8143       - Reputation preprocessor updates to support zones and handle
 8144         ingress/egress groups and zone zero.
 8145       - Enforce default policy for reputation preprocessor.
 8146       - Check for NULL when servicing the shared memory.
 8147       - Update documents for white action configuration, manifest file
 8148         for reputation Preprocessor.
 8149 
 8150     * rpm/snort.spec:
 8151 
 8152       Remove all of the dead cruft from snort.spec.
 8153 
 8154     * src/parser.c:
 8155 
 8156       Fix a parsing memory leak scenario by freeing the tokens on failure.
 8157 
 8158     * preproc_rules/decoder.rules:
 8159 
 8160       Update decoder rules to have more accurate names.  Same alert,
 8161       new name.
 8162 
 8163     * src/output-plugins/spo_unified2.c:
 8164 
 8165       Set would drop when interface not inline.
 8166 
 8167     * src/: dynamic-preprocessors/imap/snort_imap.c,
 8168       dynamic-preprocessors/pop/snort_pop.c,
 8169       dynamic-preprocessors/smtp/snort_smtp.c,
 8170       sfutil/sf_email_attach_decode.c, sfutil/sf_email_attach_decode.h,
 8171       doc/: README.SMTP, README.imap, README.pop, snort_manual.tex:
 8172 
 8173       SMTP/POP/IMAP decoding changes:
 8174  
 8175       - Change the memory allocation for decoding. Allocate only when we see
 8176         attachments.  Do not allocate at the beginning of the session.
 8177       - Apply the decoding depths to attachments instead of all attachments in
 8178         a session.
 8179       - Alert when decoding fails and not when decoding depths are exceeded.
 8180       - Reset decode bytes read only after processing the entire attachment.
 8181         Attachments can span multiple packets.
 8182 
 8183 2012-3-17 Steven Sturges <ssturges@sourcefire.com>
 8184 Snort 2.9.2.2
 8185     * src/build.h:
 8186         Updated to build 121.
 8187 
 8188     * src/preprocessors/HttpInspect/normalization/hi_norm.c:
 8189         Fix HTTP URI normalization when URI has more than 2k slashes. 
 8190 
 8191     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8192         Fixed split fin-ack tracking and flush/free app data on reset
 8193         when listener is in fin-wait-1, fin-wait-2, or closing state.
 8194 
 8195     * src/: encode.c, encode.h, snort.c, snort.h,
 8196         Fix generation of response packets on fragmented IPv6 packet
 8197         by using the frag reassembled packet to encode.
 8198 
 8199     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8200         Fix logical byte count and remove unreachable code
 8201 
 8202     * src/dynamic-plugins/sf_engine/sf_snort_plugin_hdropts.c:
 8203         Update to handle IPv6 traffic for processing of IP header
 8204         options within .so rules.
 8205 
 8206     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8207         Expand slam threshold to <= 4 and fix for non-reassembled
 8208         sessions.
 8209 
 8210     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8211         Check seq within window relative to window base.
 8212 
 8213     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
 8214         Fix flow flags for single segment PDUs from PAF. 
 8215 
 8216     * doc/: faq.pdf, faq.tex, snort_manual.pdf, snort_manual.tex:
 8217         Remove references to deprecated servers.
 8218 
 8219     * src/dynamic-preprocessors/sip/sip_parser.c:
 8220         Unknown method alert is generated only after verifying the
 8221         packet is SIP. Don't generate alerts for a. multiple SIP
 8222         messages within one UDP packet (140:17) and b. mismatched
 8223         content length (140:18) simultaneously.
 8224 
 8225     * doc/: INSTALL, snort_manual.pdf, snort_manual.tex:
 8226         Updates to the manual to fix formatting, clarify detection_filter,
 8227         and remove obsolete configure options. Thanks to Larry Hughes,
 8228         Eoin Miller, Beenph and Joshua Kinard for reading it!
 8229 
 8230     * doc/README.sip, doc/snort_manual.pdf, doc/snort_manual.tex,
 8231       src/dynamic-preprocessors/sip/sip_config.c,
 8232       src/dynamic-preprocessors/sip/sip_config.h,
 8233       src/dynamic-preprocessors/sip/sip_dialog.c,
 8234       src/dynamic-preprocessors/sip/sip_dialog.h,
 8235       src/dynamic-preprocessors/sip/spp_sip.c,
 8236       src/dynamic-preprocessors/sip/spp_sip.h, etc/gen-msg.map:
 8237         Limit number of dialogs within a stream session.  Thanks
 8238         to Filip Valder for providing the information. 
 8239 
 8240     * src/active.c:
 8241         Allow repeated responses to non-TCP/UDP traffic.
 8242 
 8243     * src/: sfdaq.c, sfdaq.h, output-plugins/spo_unified2.c:
 8244         Correctly log blocked flag in unified2 events when an interface
 8245         is passive. 
 8246 
 8247     * doc/: README.filters, snort_manual.pdf, snort_manual.tex:
 8248         Update README & manual to document -1 as acceptable value for
 8249         event_filter.
 8250 
 8251     * src/: snort.c:
 8252         Add stats output to dirty pig shutdown.
 8253 
 8254     * src/: preprocessors/Stream5/stream5_common.c:
 8255         Update initialization for stream_ip.
 8256 
 8257     * doc/snort_manual.pdf, src/byte_extract.c, src/util.h,
 8258       src/dynamic-plugins/sf_engine/sf_snort_plugin_byte.c:
 8259         Make byte extraction of strings only allow for positive values.
 8260  
 8261     * src/preprocessors/HttpInspect/client/hi_client.c:
 8262         Check for paf_max before marking a packet as request body.
 8263 
 8264     * doc/: README.SMTP, snort_manual.pdf, snort_manual.tex,
 8265       preproc_rules/preprocessor.rules, src/generators.h,
 8266       src/dynamic-preprocessors/smtp/smtp_config.h,
 8267       src/dynamic-preprocessors/smtp/smtp_util.c,
 8268       src/dynamic-preprocessors/smtp/snort_smtp.c,
 8269       src/dynamic-preprocessors/smtp/spp_smtp.c:
 8270         Added SMTP preproc shutdown stats.  Remove the decoding memcap
 8271         exceeded alert and displaying this info instead. 
 8272 
 8273     * src/dynamic-preprocessors/ftptelnet/: snort_ftptelnet.c,
 8274       spp_ftptelnet.c:
 8275         Update parsing for ftptelnet config.
 8276 
 8277     * src/dynamic-preprocessors/modbus/spp_modbus.c:
 8278         Update to free the modbus session data.
 8279 
 8280     * src/: snort_bounds.h,
 8281       preprocessors/HttpInspect/server/hi_server_norm.c:
 8282         Update javascript normalization to call a safeboundsmemmove
 8283         function when the src and dst buffers overlap.
 8284 
 8285     * src/preprocessors/HttpInspect/client/hi_client.c:
 8286         Change the code to not look for POST data (while parsing method)
 8287         when PAF is enabled and process request packets when the
 8288         method is undefined.
 8289 
 8290     * src/dynamic-preprocessors/pop/: snort_pop.c, snort_pop.h:
 8291         Decode data following +OK response without the octets string.
 8292 
 8293     * src/dynamic-preprocessors/dcerpc2/dce2_utils.h:
 8294         Made macro in dcerpc2 preprocessor used for progressing through
 8295         data more robust. 
 8296 
 8297     * src/preprocessors/: snort_httpinspect.h,
 8298       HttpInspect/client/hi_client.c, HttpInspect/server/hi_server.c:
 8299         Eliminate false positives (no content-length or transfer-encoding)
 8300         when chunk size spans across multiple packets. Thanks to Daniel
 8301         Dallmann for reporting the issue.
 8302 
 8303     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8304         Update handling of retransmitted segments overlapping the
 8305         window on the left
 8306 
 8307     * src/preprocessors/HttpInspect/server/hi_server.c:
 8308         Set the file_data to the raw HTTP response body (de-chunked/
 8309         normalized) when decompression fails due to false GZIP headers.
 8310         Set the inspect_body flag after resetting the decompress_data
 8311         flag to allow extraction of HTTP response body across packets
 8312         when decompression fails entirely.  Thanks to Eoin Miller for
 8313         reporting this issue. 
 8314 
 8315     * doc/: README.http_inspect, snort_manual.pdf, snort_manual.tex,
 8316       src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h:
 8317         Remove the Max on the gzip memcap. Thanks to Eoin Miller for
 8318         the request.
 8319 
 8320     * src/dynamic-preprocessors/dcerpc2/: dce2_co.c, dce2_paf.c,
 8321       dce2_session.h, dce2_smb.c, dce2_smb.h, snort_dce2.c,
 8322       snort_dce2.h:
 8323         State tracking improvements to SMB processing in the dcerpc2
 8324         preprocessor when missing packets on a session.
 8325 
 8326     * tools/u2spewfoo/u2spewfoo.c:
 8327         Tweaks to dump u2 files in the presence of certain errors.
 8328 
 8329     * src/encode.c:
 8330         Fix overhead calculation to ensure sufficient buffer space for
 8331         defragging a maximum length IP datagram regardless of encapsulations.
 8332 
 8333     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8334         Fix false positives on 129:16.
 8335 
 8336     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8337         Fix stream5 to not purge too early when normalizing streams.
 8338 
 8339     * src/decode.c:
 8340         Remove redundant clearing of pointer in error case.  Thanks
 8341         to Josh Kinard for pointing out the error.
 8342 
 8343     * src/preprocessors/spp_normalize.c:
 8344         Change normalizer priority to ensure ahead of frag3 regardless
 8345         of conf ordering.
 8346 
 8347     * src/detection-plugins/sp_react.c, doc/README.active,
 8348       doc/snort_manual.pdf, doc/snort_manual.tex:
 8349         Don't allow more than one % in a user-defined HTML page used
 8350         for react rule options.  Thanks to Cleber S. Brandão for
 8351         reporting the issue.
 8352 
 8353     * configure.in:
 8354         Update configure script to correctly display 'Disable' help
 8355         verbage for the --disable-xxx options.  Thanks to Kungu Panda for
 8356         pointing it out. 
 8357 
 8358     * src/: plugbase.c, plugbase.h, snort.c,
 8359       output-plugins/spo_alert_arubaaction.c,
 8360       output-plugins/spo_alert_fast.c, output-plugins/spo_alert_full.c,
 8361       output-plugins/spo_alert_prelude.c,
 8362       output-plugins/spo_alert_syslog.c,
 8363       output-plugins/spo_alert_test.c,
 8364       output-plugins/spo_alert_unixsock.c, output-plugins/spo_csv.c,
 8365       output-plugins/spo_database.c, output-plugins/spo_log_ascii.c,
 8366       output-plugins/spo_log_null.c, output-plugins/spo_log_tcpdump.c,
 8367       output-plugins/spo_unified.c, output-plugins/spo_unified2.c:
 8368         Update unified2 output to rotate the unified2 file on reload. 
 8369 
 8370     * src/dynamic-preprocessors/smtp/smtp_util.c:
 8371         Truncate the trailing end of the email id when the
 8372         rcpt to or mail from addresses are too long.
 8373 
 8374     * doc/snort_manual.tex, doc/README.GTP, src/:
 8375       dynamic-plugins/sf_dynamic_plugins.c, util.c, util.h:
 8376         Throttle the so rules memcap error message.
 8377 
 8378 2012-1-17 16:16  Hui Cao <hcao@sourcefire.com>
 8379 Snort 2.9.2.1
 8380      All files: updated copyright to 2012
 8381 
 8382     * src/build.h: pdated build number to 107
 8383 
 8384     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8385         Fixed building when -DREG_TEST not used with --enable-debug. 
 8386         Tweaked r_win_base initialization upon midstream pickup to work with tighter
 8387         sequence number validation.
 8388         Updated TCP session tracking to avoid requeuing retransmitted data
 8389         Add tweaks for paf_max flushing of chunked http data
 8390 
 8391     * src/dynamic-preprocessors/reputation/shmem/: shmem_config.c,
 8392       shmem_config.h, shmem_mgmt.c, shmem_mgmt.h:
 8393         Avoided writer updating reader's zero segment pointer.
 8394         Changed shared memory update timeout to a larger value.
 8395 
 8396     * src/generators.h,
 8397       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 8398       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 8399       src/preprocessors/HttpInspect/utils/hi_paf.c,
 8400       doc/README.http_inspect, etc/gen-msg.map,
 8401       preproc_rules/preprocessor.rules:
 8402         Added an alert on http/0.9 simple requests (119:32)
 8403 
 8404     * preproc_rules/: decoder.rules, preprocessor.rules:
 8405         Bump a few rule rev's that were out of sync w/ VRT
 8406 
 8407     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8408         Changed Warning -> WARNING
 8409         Don't attempt to flush if the grinder failed when pruning a session
 8410 
 8411     * src/: preprocessors/Stream5/snort_stream5_tcp.c,
 8412       preprocessors/Stream5/stream5_common.h, sfutil/test/unit_hacks.c:
 8413          Auto-disable stream reassembly on paf abort if auto-enabled
 8414 
 8415 
 8416     * src/: detection-plugins/sp_dsize_check.c,
 8417       dynamic-preprocessors/dnp3/spp_dnp3.c,
 8418       preprocessors/Stream5/snort_stream5_tcp.c,
 8419       preprocessors/Stream5/stream5_paf.c:
 8420         Fixed handling PAF flushing anomalies but purging afflicted segments
 8421 
 8422     * src/sfutil/: sfrt_dir.c, sfrt_flat_dir.c, sfrt_flat_dir.h:
 8423         Fixed the wrong value of calculating memory allocated.
 8424         Changed sfrt length field from char to uint8_t
 8425 
 8426     * src/: decode.c, dynamic-preprocessors/gtp/gtp_parser.c:
 8427         Added checking invalid extension header length for GTPv1
 8428 
 8429     * src/: preprocessors/stream_expect.c, profiler.h:
 8430         Fixed some compiler warnings
 8431 
 8432     * src/: decode.c, dynamic-preprocessors/gtp/gtp_parser.c
 8433         Added checking invalid extension header length
 8434 
 8435     * doc/: README.GTP, snort_manual.pdf, snort_manual.tex:
 8436         Added a simple user case to the GTP document.
 8437 
 8438     * src/dynamic-preprocessors/modbus/modbus_decode.c:
 8439         Fixed a couple errors in modbus request/response length checking.
 8440  
 8441     * etc/reference.config:
 8442         Added 'msb' to reference.conf for Microsoft Bulletin url
 8443 
 8444     * src/detection-plugins/sp_flowbits.c:
 8445         When same flowbit is defined both in default group and user specified group,
 8446         that flowbit will be changed to specified group. 
 8447 
 8448     * src/dynamic-preprocessors/dnp3/: dnp3_paf.c, dnp3_reassembly.c,
 8449       spp_dnp3.c, spp_dnp3.h:
 8450         Added #define statements for several "magic numbers" in DNP3 code
 8451 
 8452     * src/dynamic-preprocessors/dnp3/dnp3_reassembly.c:
 8453         Fixed a bug where the DNP3 preprocessor would generate alerts for "reserved
 8454         function" on valid DNP3 functions. 
 8455 
 8456     * src/dynamic-preprocessors/dnp3/dnp3_roptions.c:
 8457        Added parser errors for missing dnp3_func and dnp3_ind arguments. 
 8458 
 8459     * src/: generators.h, preprocessors/HttpInspect/client/hi_client.c,
 8460       preprocessors/HttpInspect/event_output/hi_eo_log.c,
 8461       preprocessors/HttpInspect/include/hi_eo_events.h:
 8462         Added a preprocessor alert to alert when a HTTP method being parsed is not a GET
 8463         or a POST or not defined by the user.
 8464 
 8465     * src/preprocessors/HttpInspect/: client/hi_client.c,
 8466       server/hi_server.c:
 8467        Added checking bounds before unfolding. 
 8468 
 8469     * Makefile.am, configure.in:
 8470         Cleanup very dated rules files. 
 8471 
 8472     * src/: snort.c, win32/WIN32-Includes/stdint.h:
 8473         Don't add handlers signal values that aren't supported on Windows.
 8474 
 8475     * src/dynamic-preprocessors/reputation/reputation_config.c:
 8476         Corrected the variable name called to create IP talbe. 
 8477  
 8478 2011-12-14 Ryan Jordan <ryan.jordan@sourcefire.com>
 8479 Snort 2.9.2
 8480     * src/build.h: updating build number to 78
 8481 
 8482     * snort.8:
 8483         Fixed spelling errors. Thanks to Neline van Ginkel for the report.
 8484 
 8485     * src/: snort.c, preprocessors/spp_perfmonitor.c:
 8486         Perfmonitor "now" files are created after Snort drops privileges.
 8487 
 8488     * src/output-plugins/spo_unified2.c:
 8489         Only log IPv6 extra data when the packet is IPv6.
 8490 
 8491     * src/preprocessors/HttpInspect/: server/hi_server.c, client/hi_client.c:
 8492         Fixed unfolding of HTTP Headers across packet boundaries.
 8493         Thanks to Jim Hranicky for reporting this issue on the RC build.
 8494 
 8495     * src/preprocessors/spp_httpinspect.c:
 8496         HTTP Inspect should check for hi_swap_config in HttpInspectInit()
 8497         only when snort is compiled with --enable-reload.
 8498         Fixed build errors on Win32.
 8499 
 8500     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8501         When pruning a session, don't attempt to flush if the grinder
 8502         failed to decode a TCP header.
 8503         Thanks to Jim Hranicky for reporting this issue on the RC build.
 8504 
 8505 2011-11-23 Ryan Jordan <ryan.jordan@sourcefire.com>
 8506 Snort 2.9.2 RC
 8507     * src/build.h: updating build number to 75
 8508 
 8509     * src/preprocessors/spp_httpinspect.c:
 8510         Fixed an issue with HTTP Inspect server conf reload
 8511         (when the HTTP Inspect is turned on from off between a reload)
 8512 
 8513     * src/preprocessors/spp_stream5.c:
 8514         Fixed a memory leak caused by initializing the expected channel
 8515         more than once.
 8516 
 8517     * src/dynamic-preprocessors/dcerpc2/spp_dce2.c:
 8518         Fixed a segfault during dcerpc2 startup when stream5 is not enabled.
 8519 
 8520     * src/preprocessors/spp_normalize.c:
 8521         Added support to turn normalization off or on during a Snort reload.
 8522 
 8523     * src/dynamic-preprocessors/modbus/spp_modbus.c:
 8524         Moved the check for truncated PDUs past the port check, to avoid
 8525         false positives.
 8526 
 8527     * src/sfutil/bitop_funcs.h:
 8528         Fixed an error in the allocation of flowbit groups, where bytes
 8529         were interpreted as bits.
 8530 
 8531     * src/detection-plugins/sp_flowbits.c:
 8532         Fixed a flowbits issue where the "isset" operation failed when
 8533         there was only a single flowbit in a group.
 8534         Fixed the error message logged when the same flowbit is added
 8535         to two groups.
 8536 
 8537     * src/ipv6_port.h:
 8538     * src/: dynamic-preprocessors/gtp/gtp_parser.c,
 8539       dynamic-preprocessors/gtp/gtp_roptions.c,
 8540       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 8541       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 8542       dynamic-preprocessors/reputation/reputation_config.c,
 8543       sfutil/segment_mem.c, encode.c:
 8544         Compiler warning cleanup.
 8545 
 8546     * doc/: README.reload, snort_manual.pdf, snort_manual.tex:
 8547         Updated the reload documentation to mention the caveat that exists
 8548         with reload and fail-open in OpenBSD when Snort is run on primary
 8549         network interface.
 8550 
 8551     * src/dynamic-preprocessors/dnp3/: dnp3_reassembly.c,
 8552       dnp3_reassembly.h, dnp3_roptions.c, spp_dnp3.c:
 8553         Added support for multiple DNP3 PDUs in a single DNP3 payload.
 8554         Fixed an issue where the DNP3 preprocessor only identified the
 8555         minimum reserved address, instead of all reserved addresses.
 8556 
 8557     * src/dynamic-preprocessors/dnp3/spp_dnp3.h:
 8558         Updated an incorrect minimum DNP3 memcap to match the documented
 8559         minimum of 4144 bytes.
 8560 
 8561     * src/output-plugins/spo_unified2.c:
 8562         Snort will fatal error when the user configures the same filename
 8563         for options "alert_unified2" and "log_unified2".
 8564 
 8565     * src/sfutil/: sfrt.c, sfrt.h, sfrt_dir.c, sfrt_dir.h:
 8566         Added the ability to delete entries in the sfrt table.
 8567 
 8568     * src/preprocessors/snort_httpinspect.c,
 8569       src/preprocessors/spp_frag3.c, src/preprocessors/spp_normalize.c,
 8570       src/preprocessors/spp_stream5.c,
 8571       src/preprocessors/Stream5/snort_stream5_tcp.c,
 8572       src/preprocessors/Stream5/stream5_common.c,
 8573       src/dynamic-preprocessors/reputation/reputation_config.c,
 8574       etc/gen-msg.map, src/detection-plugins/sp_flowbits.c,
 8575       src/detection-plugins/sp_replace.c,
 8576       src/output-plugins/spo_alert_sf_socket.c, src/decode.c,
 8577       src/detect.c, src/generators.h, src/sfdaq.c, src/snort.c,
 8578       src/tag.c, src/util.c, src/dynamic-plugins/sf_dynamic_plugins.c,
 8579       src/sfutil/acsmx2.c, configure.in,
 8580       src/dynamic-preprocessors/dnp3/spp_dnp3.c,
 8581       src/target-based/sftarget_protocol_reference.c:
 8582     * src/dynamic-preprocessors/dnp3/dnp3_roptions.c:
 8583         Made the format of warning messages consistent.
 8584 
 8585     * src/dynamic-preprocessors/: dnp3/spp_dnp3.c, modbus/spp_modbus.c:
 8586         Providing an empty port list now causes a fatal error.
 8587 
 8588     * src/dynamic-preprocessors/dnp3/spp_dnp3.h:
 8589         Fixed reserved address check on big-endian machines.
 8590 
 8591     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8592         Changed identification of TCP retransmits by comparing payloads
 8593         instead of TCP checksums.
 8594 
 8595     * src/decode.h, src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 8596       src/dynamic-preprocessors/imap/snort_imap.c,
 8597       src/dynamic-preprocessors/pop/snort_pop.c,
 8598       src/dynamic-preprocessors/smtp/smtp_util.c,
 8599       src/dynamic-preprocessors/smtp/snort_smtp.c,
 8600       src/output-plugins/spo_unified2.c,
 8601       src/preprocessors/snort_httpinspect.c,
 8602       src/preprocessors/snort_httpinspect.h,
 8603       src/preprocessors/spp_httpinspect.c,
 8604       src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 8605       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 8606       src/sfutil/Unified2_common.h, tools/u2spewfoo/u2spewfoo.c:
 8607         Enable logging of normalized JavaScript to unified2 when built
 8608         without --enable-sourcefire.
 8609             - Changed extra data logging to log packet-specific data
 8610               (gzip/normalized) after each packet.
 8611             - Updated u2spewfoo to read the normalized JavaScript
 8612               extra data.
 8613 
 8614     * src/dynamic-preprocessors/dnp3/dnp3_reassembly.c:
 8615         Fixed a bug where "dnp3_data" rules would not work if the content
 8616         was broken up by CRCs or split across multiple DNP3 segments.
 8617         As a result, DNP3 rules that inspect the DNP3 headers now require
 8618         "rawbytes" to work correctly, as the DNP3 reassembly buffer is
 8619         inspected by default.
 8620 
 8621     * etc/gen-msg.map, preproc_rules/preprocessor.rules,
 8622       src/dynamic-preprocessors/dnp3/spp_dnp3.h:
 8623         Removed DNP3 rule 145:5, and decremented the SIDs of rules 145:6
 8624         and 145:7. The old 145:5 was never able to be triggered.
 8625         Updated references for rules 119:15 and 137:1.
 8626 
 8627     * rpm/snort.spec:
 8628         Updated the RPM spec file to use wildcards for linking and installing
 8629         preprocessors. Thanks to Tim Brigham for the suggestion.
 8630 
 8631     * src/detection_util.h:
 8632         Increased the URI buffer size from 4096 to 8192 to normalize and
 8633         detect longer URIs.
 8634 
 8635     * src/preprocessors/: spp_frag3.c, spp_stream5.c,
 8636       Stream5/snort_stream5_tcp.c, Stream5/snort_stream5_udp.c:
 8637         Change the printing function of tracker/session sizes
 8638         (TcpSession/UdpSession/StreamLWSession/FragTarcker) from fprintf
 8639         to LogMessage.
 8640         Fix handling of "first" and "vista" policies in stream5 that,
 8641         under certain circumstances with overlaps and gaps, could cause
 8642         the stream5 segmentation list to get out of order.
 8643 
 8644     * doc/snort_manual.pdf, doc/snort_manual.tex,
 8645       src/detection-plugins/sp_dsize_check.c:
 8646         Enable the "dsize" rule option with rebuilt packets, if it is the
 8647         start of a PDU. Thanks to Dave Bertouille for reporting this problem.
 8648 
 8649     * src/dynamic-preprocessors/modbus/modbus_decode.c:
 8650         Added length checking for Modbus "Read File Record" and
 8651         "Write File Record" requests.
 8652 
 8653     * src/output-plugins/spo_unified2.c, src/sfutil/Unified2_common.h,
 8654       tools/u2spewfoo/u2spewfoo.c:
 8655         Added new Unified2 event structs with extra application ID data.
 8656         Updated u2spewfoo to read these fields.
 8657 
 8658     * src/detection-plugins/: sp_asn1_detect.c, sp_byte_check.c,
 8659       sp_byte_jump.c, sp_isdataat.c:
 8660         Allow rule evaluation to continue if the doe_ptr reaches the end
 8661         of a buffer, but a negative offset brings it back in-bounds.
 8662         Thanks again to Dave Bertouille for the suggestion.
 8663 
 8664     * src/target-based/sf_attribute_table.y:
 8665         Allow empty attribute_value in attribute table.
 8666 
 8667     * configure.in,
 8668       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
 8669         Added Protocol-Aware Flushing support for FTP.
 8670 
 8671     * snort.8:
 8672         Updated the man page to include more signals that have been used.
 8673         Made some format changes, thanks to Markus Lude.
 8674 
 8675     * doc/Makefile.am:
 8676         Fixed an error while running "make distcleancheck".
 8677 
 8678     * doc/snort_manual.pdf, doc/snort_manual.tex,
 8679       src/win32/WIN32-Includes/config.h, configure.in, src/snort.c,
 8680       src/snort.h, src/util.c, src/control/sfcontrol.c,
 8681       src/target-based/sftarget_reader.c:
 8682         Redefined default signals, and added support for signal
 8683         customization.
 8684 
 8685 
 8686 2011-10-28 Ryan Jordan <ryan.jordan@sourcefire.com>
 8687 Snort 2.9.2 Beta
 8688     * src/build.h: updating build number to 64
 8689 
 8690     * src/preprocessors/: snort_httpinspect.c,
 8691       HttpInspect/include/hi_ui_config.h,
 8692       HttpInspect/server/hi_server.c,
 8693       HttpInspect/server/hi_server_norm.c,
 8694       HttpInspect/user_interface/hi_ui_config.c:
 8695     * src/sfutil/: util_jsnorm.c, util_jsnorm.h:
 8696         Updated the HTTP preprocessor to normalize HTTP responses that include
 8697         javascript escaped data in their bodies. This expands Snort's coverage
 8698         in detecting HTTP client-side attacks.
 8699         See the Snort Manual and README.http_inspect for configuration details.
 8700 
 8701     * doc/README.modbus:
 8702     * src/dynamic-preprocessors/modbus/: Makefile.am, modbus_decode.c,
 8703       modbus_decode.h, modbus_paf.c, modbus_paf.h, modbus_roptions.c,
 8704       modbus_roptions.h, sf_modbus.dsp, spp_modbus.c, spp_modbus.h:
 8705         Added the Modbus preprocessor, which decodes the Modbus protocol and
 8706         provides new rule options for some protocol fields.
 8707         See the Snort Manual and README.modbus for more details.
 8708 
 8709     * doc/README.dnp3:
 8710     * src/dynamic-preprocessors/dnp3/: Makefile.am, dnp3_map.c, dnp3_map.h,
 8711       dnp3_paf.c, dnp3_paf.h, dnp3_reassembly.c, dnp3_reassembly.h,
 8712       dnp3_roptions.c, dnp3_roptions.h, sf_dnp3.dsp, spp_dnp3.c, spp_dnp3.h:
 8713         Added the DNP3 preprocessor, which decodes the DNP3 protocol
 8714         and provides new rule options for some protocol fields.
 8715         The preprocessor also performs reassembly of segmented DNP3 traffic.
 8716         See the Snort Manual and README.dnp3 for more details.
 8717 
 8718     * doc/README.gtp:
 8719     * src/decode.c:
 8720     * src/dynamic-preprocessors/gtp/: Makefile.am, gtp_config.c,
 8721       gtp_config.h, gtp_debug.h, gtp_parser.c, gtp_parser.h, gtp_roptions.c,
 8722       gtp_roptions.h, sf_gtp.dsp, spp_gtp.c, spp_gtp.h
 8723         Added a packet decoder and preprocessor for the GTP protocol.
 8724         These support detecting attacks over GTP (GPRS Tunneling Protocol).
 8725         See the Snort Manual and README.gtp for more details.
 8726 
 8727     * doc/faq.pdf, doc/faq.tex, src/Makefile.am, src/debug.c,
 8728       src/smalloc.h, src/snort_debug.h,
 8729       src/dynamic-plugins/sf_dynamic_common.h,
 8730       src/dynamic-preprocessors/dcerpc2/dce2_paf.c,
 8731       src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 8732       src/dynamic-preprocessors/gtp/gtp_debug.h,
 8733       src/dynamic-preprocessors/sip/sip_debug.h,
 8734       src/parser/IpAddrSet.c,
 8735       src/preprocessors/HttpInspect/utils/hi_paf.c,
 8736       src/preprocessors/Stream5/stream5_paf.c:
 8737         Expanded the debug bits from 32 to 64 bits.
 8738 
 8739     * src/preprocessors/: spp_stream5.c, Stream5/snort_stream5_icmp.c,
 8740       Stream5/snort_stream5_icmp.h, Stream5/snort_stream5_ip.c,
 8741       Stream5/snort_stream5_ip.h, Stream5/snort_stream5_udp.c,
 8742       Stream5/snort_stream5_udp.h:
 8743         Cleaned up application data for non-TCP sessions after
 8744         a block or timeout.
 8745 
 8746     * src/preprocessors/spp_sfportscan.c:
 8747         Negative memcap numbers are no longer allowed.
 8748 
 8749     * src/preprocessors/HttpInspect/server/hi_server.c:
 8750         HTTP responses with incorrect status messages are now inspected.
 8751 
 8752     * src/preprocessors/Stream5/stream5_paf.c:
 8753         Fixed PAF callback registration during Snort reload.
 8754 
 8755     * src/parser.c:
 8756         Fixed crash when setting HOME_NET to an empty variable.
 8757         Thanks to Elof for reporting this issue.
 8758 
 8759     * src/preprocessors/spp_normalize.c:
 8760         Don't register the packet callback if Snort is not inline.
 8761         Fixed a crash in the normalizer during Snort reload.
 8762 
 8763     * src/: sfdaq.c, sfdaq.h, snort.c, snort.h, util.c:
 8764         Fixed a possible segfault upon fatal error during Snort reload.
 8765 
 8766     * src/win32/WIN32-Prj/snort_installer.nsi:
 8767         Updated Windows project files for new preprocessors.
 8768 
 8769     * doc/: snort_manual.pdf, snort_manual.tex:
 8770         Updated the Snort manual for new features.
 8771         Updated the names of contributors to match those found on snort.org.
 8772         Updated the 'config cs_dir' path to be relative to pid-path.
 8773 
 8774         Described the FlowIP CSV file format. Thanks to Eoin Miller for
 8775         pointing out the lack of documentation.
 8776 
 8777     * src/preprocessors/: perf-base.c, perf-base.h, perf.c, perf.h,
 8778       spp_frag3.c, spp_frag3.h, Stream5/snort_stream5_tcp.c:
 8779         Added frag3 and stream5 memory usage to perfmon output.
 8780 
 8781     * src/control/sfcontrol.c:
 8782         Added counters to bypass the work queue mutex when nothing
 8783         is queued.
 8784         Cleaned up compiler warnings.
 8785 
 8786     * src/preprocessors/HttpInspect/client/hi_client.c:
 8787         When the same IP is parsed multiple times for XFF/True-client-IP
 8788         , the duplicate entries are freed from memory.
 8789 
 8790     * src/preprocessors/: stream_expect.c, spp_stream5.c, stream_api.h,
 8791       stream_expect.h, Stream5/snort_stream5_session.c,
 8792       Stream5/snort_stream5_session.h, Stream5/stream5_common.h:
 8793         Changed instances of "char" to "uint8_t" when dealing with
 8794         protocol numbers, preventing a potential issue when Snort
 8795         supports protocols > 128. Thanks to Joshua Kinard for
 8796         providing a patch for this issue.
 8797 
 8798     * src/detection-plugins/sp_react.c:
 8799         Added a content-length header to the react responses.
 8800 
 8801     * src/: decode.h, dynamic-plugins/sf_engine/sf_snort_packet.h,
 8802       dynamic-preprocessors/imap/snort_imap.c,
 8803       dynamic-preprocessors/pop/snort_pop.c,
 8804       dynamic-preprocessors/smtp/smtp_config.h,
 8805       dynamic-preprocessors/smtp/smtp_util.c,
 8806       dynamic-preprocessors/smtp/smtp_util.h,
 8807       dynamic-preprocessors/smtp/snort_smtp.c,
 8808       dynamic-preprocessors/smtp/snort_smtp.h,
 8809       dynamic-preprocessors/smtp/spp_smtp.c,
 8810       output-plugins/spo_unified2.c, preprocessors/snort_httpinspect.c,
 8811       preprocessors/snort_httpinspect.h,
 8812       preprocessors/spp_httpinspect.c, preprocessors/spp_stream5.c,
 8813       preprocessors/stream_api.h,
 8814       preprocessors/HttpInspect/include/hi_ui_config.h,
 8815       preprocessors/Stream5/snort_stream5_tcp.c,
 8816       preprocessors/Stream5/snort_stream5_tcp.h,
 8817       preprocessors/Stream5/stream5_common.h:
 8818         Reduced the memory usage per TCP session for extra data event
 8819         logging.
 8820 
 8821     * src/dynamic-preprocessors/sip/spp_sip.c:
 8822         Changed a description in the SIP exit stats.
 8823 
 8824     * configure.in, src/snort.c, src/util.c,
 8825       src/target-based/sftarget_reader.c:
 8826         Where possible, sigaction() is used instead of signal() to
 8827         establish signal handlers.
 8828 
 8829     * src/util.c:
 8830         Fixed an error in the calculation of dropped packets.
 8831         Thanks to Will Metcalf for identifying the issue.
 8832 
 8833     * src/preprocessors/: perf-flow.c, perf-flow.h:
 8834         Fixed a bug where packets longer than 4500 bytes were not logged
 8835         in the perfmon flow stats.
 8836 
 8837     * src/: active.c, decode.c, decode.h, encode.c, parser.c,
 8838       sf_protocols.h, snort.c:
 8839         Fix PPPoE support and active responses to ICMP.
 8840         Thanks to Eric Lauzon for identifying an issue with PPPoE traffic.
 8841 
 8842     * etc/gen-msg.map, preproc_rules/preprocessor.rules,
 8843       src/generators.h,
 8844       src/preprocessors/HttpInspect/client/hi_client.c,
 8845       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 8846       src/preprocessors/HttpInspect/include/hi_client.h,
 8847       src/preprocessors/HttpInspect/include/hi_eo_events.h:
 8848         Added new preprocessor alerts:
 8849           1) Both true-client-ip and XFF headers exist in single packet
 8850           2) Multiple client-ips with different values in the same session
 8851 
 8852     * etc/gen-msg.map:
 8853         Fixed an error with incorrect SID numbers for some SMTP preprocessor
 8854         rules. Thanks to Eric Olsen for identifying the issue.
 8855 
 8856     * src/: decode.h, detect.c, encode.c, encode.h, plugbase.c,
 8857       plugbase.h, snort.c, snort.h,
 8858       detection-plugins/detection_options.c,
 8859       dynamic-plugins/sf_dynamic_plugins.c,
 8860       dynamic-plugins/sf_dynamic_preprocessor.h,
 8861       dynamic-plugins/sf_engine/sf_snort_packet.h,
 8862       dynamic-preprocessors/dcerpc2/snort_dce2.c,
 8863       dynamic-preprocessors/sdf/spp_sdf.c,
 8864       output-plugins/spo_alert_fast.c, preprocessors/spp_frag3.c,
 8865       preprocessors/spp_rpc_decode.c, preprocessors/spp_sfportscan.c,
 8866       preprocessors/stream_api.h,
 8867       preprocessors/Stream5/snort_stream5_tcp.c,
 8868       preprocessors/Stream5/stream5_common.c:
 8869         Refactored packet flags. Added new packet flags for raw in-order
 8870         stream segment discrimination.
 8871 
 8872     * src/preprocessors/snort_httpinspect.c:
 8873         Fixed an issue where gzip logging code misinterpreted the data
 8874         being passed to it.
 8875 
 8876         Increased max_method_len to 256.
 8877         Thanks to rmkml for identifying the issue.
 8878 
 8879     * src/: preprocessors/spp_rpc_decode.c,
 8880       dynamic-preprocessors/dcerpc2/dce2_roptions.c,
 8881       dynamic-preprocessors/dcerpc2/dce2_smb.c:
 8882         Fixed compiler warnings.
 8883 
 8884     * src/sfutil/bnfa_search.c:
 8885         Fixed code defined by #ifdef ALLOW_NFA_FULL to compile and run.
 8886         Thanks to Brian Hwang for reporting the issue.
 8887 
 8888     * src/: dynamic-plugins/sf_dynamic_plugins.c,
 8889       dynamic-plugins/sf_dynamic_preprocessor.h,
 8890       dynamic-plugins/sp_dynamic.h,
 8891       dynamic-preprocessors/reputation/reputation_config.c,
 8892       dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c,
 8893       dynamic-preprocessors/reputation/shmem/shmem_datamgmt.h:
 8894         The paths to whitelist & blacklist files are now relative to
 8895         the location of snort.conf.
 8896 
 8897     * src/preprocessors/Stream5/snort_stream5_session.c:
 8898         Don't prune blocked sessions if pruning for memcap.
 8899 
 8900     * src/preprocessors/spp_stream5.c:
 8901         Fixed session data lookup for meta data messages.
 8902 
 8903     * etc/: sf_rule_options, sf_rule_validation.conf:
 8904         Updated rule validation files with new rule options.
 8905 
 8906     * configure.in, doc/INSTALL, doc/README.ARUBA, doc/README.database,
 8907       doc/README.ipv6, doc/snort_manual.tex,
 8908       src/output-plugins/spo_alert_arubaaction.c,
 8909       src/output-plugins/spo_alert_prelude.c,
 8910       src/output-plugins/spo_database.c:
 8911         Added deprecation warnings for database, alert_aruba_action,
 8912         and alert_prelude output plugins. These output plugins are
 8913         considered deprecated with this release and will be removed
 8914         in Snort 2.9.3.
 8915 
 8916     * src/: plugbase.c, plugbase.h, preprocids.h, profiler.c, sfdaq.c,
 8917       sfdaq.h, snort.c, snort.h, dynamic-plugins/sf_dynamic_plugins.c,
 8918       dynamic-plugins/sf_dynamic_preprocessor.h,
 8919       preprocessors/spp_stream5.c, preprocessors/stream_api.h,
 8920       preprocessors/Stream5/snort_stream5_icmp.c,
 8921       preprocessors/Stream5/snort_stream5_ip.c,
 8922       preprocessors/Stream5/snort_stream5_session.c,
 8923       preprocessors/Stream5/snort_stream5_session.h:
 8924         Added API and DAQ functions to get flow start and end events
 8925         directly from the DAQ when no stream data is available.
 8926 
 8927     * src/sfdaq.c:
 8928         Prevent underflow when calculating outstanding packets.
 8929         Thanks to Hussein Bahaidarah for reporting this issue.
 8930 
 8931         Don't unload daq modules if --disable-dlclose was a configure
 8932         option.
 8933 
 8934     * src/: active.c, dynamic-plugins/sf_dynamic_plugins.c,
 8935       dynamic-plugins/sf_dynamic_preprocessor.h:
 8936         Snort dynamic API changes to inject response packets.
 8937 
 8938 2011-10-20 Ryan Jordan <ryan.jordan@sourcefire.com>
 8939 Snort 2.9.1.2
 8940     * configure.in,
 8941       rpm/snort.spec,
 8942       src/build.h,
 8943       src/win32/WIN32-Includes/config.h,
 8944       src/win32/WIN32-Prj/snort_installer.nsi:
 8945         Incremented version numbers to Snort 2.9.1.2, Build 84.
 8946 
 8947     * src/preprocessors/snort_httpinspect.c,
 8948       src/sfutil/util_utf.c:
 8949         Fixed an issue where Snort would sometimes stop processing traffic
 8950         in a persistent HTTP 1.1 connection with a UTF-32 encoded response
 8951         followed by a UTF-16 encoded response.
 8952 
 8953 2011-10-05 Ryan Jordan <ryan.jordan@sourcefire.com>
 8954 Snort 2.9.1.1
 8955     * src/decode.c:
 8956         Fixed decode.c to allow building with --enable-debug.
 8957 
 8958     * src/: dynamic-plugins/sf_engine/sf_decompression.c,
 8959       dynamic-plugins/sf_engine/sf_decompression.h,
 8960       preprocessors/snort_httpinspect.h,
 8961       preprocessors/HttpInspect/server/hi_server.c:
 8962         Fixed http_inspect decompression and decompression API to decompress
 8963         both raw and zlib deflated data.
 8964         Support locating utf charset when spaces are present.
 8965 
 8966     * src/: preprocessors/HttpInspect/server/hi_server_norm.c,
 8967       sfutil/util_utf.h:
 8968         Added "Byte Order Mark" support for unicode in http_inspect.
 8969 
 8970     * src/detection-plugins/sp_urilen_check.c:
 8971         Fixed potential false positives when using urilen detection option.
 8972 
 8973     * src/preprocessors/Stream5/stream5_paf.c:
 8974         Fixed flushing beyond "paf_max".
 8975         Verify paf configuration before enabling.
 8976 
 8977     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 8978         Free application and protocol state when a session is blocked.
 8979         Ensure that seglist_next is NULL after being freed.
 8980 
 8981     * src/dynamic-preprocessors/smtp/smtp_util.c:
 8982         Fixed an issue with SMTP logging while running in inline mode.
 8983 
 8984     * src/dynamic-preprocessors/reputation/Makefile.am,
 8985       src/dynamic-preprocessors/reputation/reputation_config.c,
 8986       src/dynamic-preprocessors/reputation/reputation_config.h,
 8987       src/dynamic-preprocessors/reputation/spp_reputation.c,
 8988       src/dynamic-preprocessors/reputation/spp_reputation.h,
 8989       src/Makefile.am, src/idle_processing.c, src/idle_processing.h,
 8990       src/idle_processing_funcs.h, src/plugbase.c, src/plugbase.h,
 8991       src/snort.c, src/snort.h, src/util.c, src/util.h,
 8992       src/dynamic-examples/Makefile.am,
 8993       src/dynamic-preprocessors/reputation/shmem/shmem_config.c,
 8994       src/dynamic-preprocessors/reputation/shmem/shmem_config.h,
 8995       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.h,
 8996       src/dynamic-preprocessors/reputation/shmem/shmem_lib.c,
 8997       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c,
 8998       src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.h,
 8999       src/control/Makefile.am, src/control/sfcontrol.c,
 9000       src/control/sfcontrol.h, src/control/sfcontrol_funcs.h,
 9001       src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.c,
 9002       src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.h,
 9003       src/dynamic-preprocessors/reputation/shmem/shmem_common.h,
 9004       src/dynamic-preprocessors/reputation/shmem/shmem_datamgmt.c,
 9005       src/dynamic-preprocessors/reputation/shmem/shmem_lib.h,
 9006       src/sfutil/Makefile.am, src/sfutil/segment_mem.c,
 9007       src/sfutil/segment_mem.h, src/sfutil/sfrt_flat.c,
 9008       src/sfutil/sfrt_flat.h, src/sfutil/sfrt_flat_dir.c,
 9009       src/sfutil/sfrt_flat_dir.h,
 9010       src/dynamic-preprocessors/Makefile.am, tools/control/Makefile.am,
 9011       tools/control/README.snort_control, tools/control/sfcontrol.c,
 9012       src/dynamic-plugins/sf_dynamic_plugins.c,
 9013       src/dynamic-plugins/sf_dynamic_preprocessor.h, configure.in,
 9014       tools/Makefile.am:
 9015         - Added support for shared memory between Snort processes.
 9016           This is used in the IP Reputation preprocessor to share a single copy
 9017           of IP whitelists & blacklists.
 9018         - Added a control channel, so that commands may be issued to
 9019           a running Snort process by way of a Unix socket.
 9020 
 9021     * src/preprocessors/HttpInspect/utils/hi_paf.c:
 9022         Ensure HTTP 1.1 responses without length indicators (e.g. 304)
 9023         are flushed at the end of the headers.
 9024         Preprocessor rule 120:8 is fired at end of headers if content-length
 9025         and transfer-encoding: chunked are not present, but not for response
 9026         codes 1XX, 204, 304.
 9027 
 9028     * doc/README.reputation, doc/snort_manual.pdf,
 9029       doc/snort_manual.tex:
 9030         Updated Snort documentation, added documentation for Shared Memory
 9031         and the Control Socket.
 9032 
 9033     * src/: dynamic-preprocessors/reputation/sf_reputation.dsp,
 9034       dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 9035       win32/WIN32-Includes/stdint.h, win32/WIN32-Prj/snort.dsp,
 9036       win32/WIN32-Prj/snort.dsw:
 9037         Updated Win32 build files.
 9038 
 9039 
 9040 2011-08-23 Ryan Jordan <ryan.jordan@sourcefire.com>
 9041 Snort 2.9.1
 9042     * src/build.h:
 9043         Updated build number to 71.
 9044 
 9045     * etc/gen-msg.map, preproc_rules/decoder.rules, src/decode.c,
 9046       src/decode.h, src/generators.h, src/snort.c,
 9047       src/dynamic-plugins/sf_engine/sf_snort_packet.h:
 9048         Fixed an issue with decoding large numbers of IPv6 extension headers.
 9049         Added rule 116:456 to safeguard against too many IPv6 extension headers.
 9050         Thanks to Martin Sch�tte for reporting the issue.
 9051 
 9052     * src/detection-plugins/sp_urilen_check.c,
 9053       src/detection-plugins/sp_urilen_check.h:
 9054         Fixed the urilen rule option to look at reassembled packets.
 9055         Added an extra parameter to specify whether to check raw or normalized
 9056         uri buffer. Will check raw uri buffer by default.
 9057 
 9058     * src/: dynamic-preprocessors/dcerpc2/sf_dce2.dsp,
 9059       dynamic-preprocessors/dns/sf_dns.dsp,
 9060       dynamic-preprocessors/ftptelnet/sf_ftptelnet.dsp,
 9061       dynamic-preprocessors/imap/sf_imap.dsp,
 9062       dynamic-preprocessors/isakmp/sf_isakmp.dsp,
 9063       dynamic-preprocessors/pop/sf_pop.dsp,
 9064       dynamic-preprocessors/reputation/sf_reputation.dsp,
 9065       dynamic-preprocessors/sdf/sf_sdf.dsp,
 9066       dynamic-preprocessors/sip/sf_sip.dsp,
 9067       dynamic-preprocessors/smtp/sf_smtp.dsp,
 9068       dynamic-preprocessors/ssh/sf_ssh.dsp,
 9069       dynamic-preprocessors/ssl/sf_ssl.dsp,
 9070       win32/WIN32-Prj/sf_engine.dsp:
 9071         Fixed a bug where the sensitive_data preprocessor gave an error while
 9072         loading sensitive data rules.
 9073  
 9074     * doc/README.http_inspect, etc/gen-msg.map,
 9075       preproc_rules/preprocessor.rules, src/generators.h,
 9076       src/preprocessors/snort_httpinspect.c,
 9077       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 9078       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 9079       src/preprocessors/HttpInspect/utils/hi_paf.c:
 9080         Added two HTTP Inspect preprocessor rules:
 9081         119:28 - post w/o content-length or transfer-encoding: chunked
 9082         120:8 - message with invalid content-length or chunk size
 9083  
 9084     * src/preprocessors/spp_httpinspect.c:
 9085         Fixed a bug where Snort wouldn't reload, giving the error that
 9086         "Changing decompress_depth requries a restart".
 9087 
 9088     * etc/gen-msg.map:
 9089         Commented out four rules from gen-msg.map, 133:44 through 133:47,
 9090         because they were not yet implemented. 
 9091 
 9092     * preproc_rules/preprocessor.rules:
 9093         Added a CVE reference for Rule 119:19.
 9094         Added a reference to SMTP preprocessor rule 124:4. 
 9095         Added a preprocessor rule, 125:9, for an FTPTelnet preprocessor
 9096         alert that was missing the corresponding rule.
 9097 
 9098     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
 9099         PAF tweak for single-segment full PDUs matching only-stream
 9100 
 9101     * src/snort.c:
 9102         Fixed a bug where Snort wouldn't reload on SIGHUP with OpenBSD.
 9103         Set default paf_max to 16K.
 9104 
 9105     * doc/: README.reputation, snort_manual.pdf, snort_manual.tex:
 9106         Added a use case in the IP Reputation preprocessor documentation.
 9107 
 9108     * src/: dynamic-preprocessors/reputation/reputation_config.c,
 9109       dynamic-preprocessors/reputation/sf_reputation.dsp,
 9110       win32/WIN32-Prj/snort.dsw, win32/WIN32-Prj/snort_installer.nsi:
 9111         Fixed the IP Reputation preprocessor so that it would build on Windows.
 9112 
 9113     * src/preprocessors/HttpInspect: client/hi_client.c, include/hi_client.h,
 9114       server/hi-server.c, utils/hi_paf.c:
 9115         Support up to full 32-bit content-lengths
 9116 
 9117     * src/preprocessors/Stream5/stream5_paf.c:
 9118         Fixed compilation with the options "--disable-target-based --enable-paf".
 9119 
 9120     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 9121         Fixed an error in IDS mode when segments overlap and the sequence
 9122         number wraps.
 9123 
 9124     * tools/u2spewfoo/Makefile.am:
 9125         Added the u2spewfoo Windows project file to the Snort source tarball.
 9126 
 9127 2011-07-19 Ryan Jordan <ryan.jordan@sourcefire.com>
 9128 Snort 2.9.1 RC
 9129     * doc/README.sip, doc/snort_manual.pdf, doc/snort_manual.tex,
 9130       preproc_rules/preprocessor.rules,
 9131       src/dynamic-preprocessors/sip/sip_parser.c,
 9132       src/dynamic-preprocessors/sip/spp_sip.h, etc/gen-msg.map:
 9133         Added three new SIP preprocessor alerts.
 9134 
 9135     * src/preprocessors/Stream5/: snort_stream5_tcp.c, stream5_paf.c,
 9136       stream5_paf.h:
 9137         Allow multiple preprocs to scan for PDUs on the same port.
 9138         This fixes a problem with DCE autodetect using the same
 9139         ports as HTTP.
 9140 
 9141     * src/build.h:
 9142         Updated build number to 63.
 9143 
 9144     * src/: fpcreate.c, log.c, detection-plugins/sp_byte_extract.c,
 9145       detection-plugins/sp_tcp_win_check.c,
 9146       dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 9147       dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 9148       preprocessors/spp_normalize.c:
 9149         Fixed some compiler warnings.
 9150 
 9151     * src/: detection-plugins/detection_options.c,
 9152       detection-plugins/sp_flowbits.h,
 9153       dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
 9154         Only set/clear/toggle/unset a flowbit when all of the rule
 9155         matches, including the IPs and Ports. Thanks to Eoin Miller
 9156         for reporting the issue.
 9157 
 9158     * src/dynamic-preprocessors/: Makefile.am, dcerpc2/Makefile.am,
 9159       dns/Makefile.am, ftptelnet/Makefile.am, imap/Makefile.am,
 9160       pop/Makefile.am, reputation/Makefile.am, rzb_saac/Makefile.am,
 9161       sdf/Makefile.am, sip/Makefile.am, smtp/Makefile.am,
 9162       ssh/Makefile.am, ssl/Makefile.am:
 9163         Fixed dynamic preprocesor Makefiles so that they can be built
 9164         in parallel.
 9165 
 9166     * doc/README.http_inspect, doc/snort_manual.pdf,
 9167       doc/snort_manual.tex, etc/gen-msg.map,
 9168       preproc_rules/preprocessor.rules, src/generators.h,
 9169       src/preprocessors/snort_httpinspect.c,
 9170       src/preprocessors/snort_httpinspect.h,
 9171       src/preprocessors/HttpInspect/client/hi_client.c,
 9172       src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
 9173       src/preprocessors/HttpInspect/include/hi_eo_events.h,
 9174       src/preprocessors/HttpInspect/include/hi_ui_config.h,
 9175       src/preprocessors/HttpInspect/include/hi_util.h,
 9176       src/preprocessors/HttpInspect/user_interface/hi_ui_config.c,
 9177       src/sfutil/util_unfold.c:
 9178         Added a new HTTP Inspect preprocessor rule, GID 119 SID 26.
 9179         This rule checks for 200+ whitespaces in a folded header line
 9180         from an HTTP request. A new config option was added to configure
 9181         the allowable amount whitespace.
 9182 
 9183         Added a new configuration option to http_inspect server configuration:
 9184         "small_chunk_length { <chunk_size> <num_consec_chunks> }", with
 9185         preprocessor rules for both client and server. Consecutive chunk lengths
 9186         less than or equal to <chunk_size> will cause an event to be generated.
 9187 
 9188         See README.http_inspect for more information.
 9189 
 9190     * src/: dynamic-preprocessors/dcerpc2/sf_dce2.dsp,
 9191       dynamic-preprocessors/dns/sf_dns.dsp,
 9192       dynamic-preprocessors/ftptelnet/sf_ftptelnet.dsp,
 9193       dynamic-preprocessors/imap/sf_imap.dsp,
 9194       dynamic-preprocessors/isakmp/sf_isakmp.dsp,
 9195       dynamic-preprocessors/sdf/sf_sdf.dsp,
 9196       dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp,
 9197       dynamic-preprocessors/sip/sf_sip.dsp,
 9198       dynamic-preprocessors/smtp/sf_smtp.dsp,
 9199       dynamic-preprocessors/ssh/sf_ssh.dsp,
 9200       dynamic-preprocessors/ssl/sf_ssl.dsp,
 9201       win32/WIN32-Prj/sf_engine.dsp,
 9202       win32/WIN32-Prj/sf_engine_initialize.dsp,
 9203       win32/WIN32-Prj/sf_testdetect.dsp, win32/WIN32-Prj/snort.dsp:
 9204         Fixed the Win32 build to (1) not use .pch, and (2) correct sed
 9205         patterns on ipv6_port.h.
 9206 
 9207     * src/output-plugins/spo_alert_sf_socket.c:
 9208         Fixed a problem where Snort's generic IP address structure was
 9209         being sent by the socket output plugin.
 9210         The output plugin now only generates events for IPv4 packets,
 9211         and is guaranteed to use uint32_t IPv4 addresses for interoperability.
 9212 
 9213     * src/sfutil/: sfrt.c, sfrt.h:
 9214         Optimized some memory usage.
 9215 
 9216     * configure.in:
 9217         Add check for pkg-config and provide instructions to get it if
 9218         pkg-config is not installed.
 9219 
 9220     * src/preprocessors/Stream5/: snort_stream5_tcp.c,
 9221       stream5_common.h:
 9222         Show single segment PAF packets and only short-circuit at
 9223         correct sequence.
 9224         When aborting PAF, flush at paf_max.
 9225         Tweaked retransmission check to use actual sequence numbers
 9226         instead of the adjusted sequence numbers.
 9227         Changed the pseudo-random flush point after each flush.
 9228 
 9229     * src/snort.c:
 9230         Fixed a compilation error when active response is disabled.
 9231 
 9232     * src/snort.h:
 9233         Fixed a bug where Snort wouldn't daemonize on OpenBSD if the
 9234         process was running as root. Thanks to Olaf Schreck for reporting
 9235         this issue.
 9236 
 9237     * src/preprocessors/: perf-base.c, perf-base.h, perf-event.c,
 9238       perf-event.h, perf-flow.c, perf-flow.h, perf.c, perf.h,
 9239       spp_perfmonitor.c:
 9240         Split out Perfmon submodule Init and Reset, so that everything is
 9241         initialized when the Perfmonitor preprocessor is initialized.
 9242         Previously, some data was initialized on the first packet.
 9243 
 9244     * src/detection-plugins/sp_tcp_flag_check.c:
 9245         Fixed a couple spots where the "1" and "2"
 9246         flags weren't renamed to "C" and "E". Thanks to Joshua Kinard for
 9247         reporting the issue and supplying a patch.
 9248 
 9249     * doc/README.sip, doc/snort_manual.pdf, doc/snort_manual.tex,
 9250       src/dynamic-preprocessors/sip/sip_parser.c,
 9251       src/dynamic-preprocessors/sip/spp_sip.h,
 9252       preproc_rules/preprocessor.rules, etc/gen-msg.map:
 9253         Added a new SIP preprocessor alert for missing content type headers.
 9254         Fixed an issue where the SIP preprocessor checked for Stream5 even if
 9255         the SIP preprocessor was disabled.
 9256 
 9257     * etc/unicode.map:
 9258         Updated unicode.map to match the unicode standard on Windows 7 SP1.
 9259 
 9260     * etc/snort.conf:
 9261         Sync'ed to VRT's latest snort.conf.
 9262 
 9263     * src/: decode.c, detect.c:
 9264         Tweaked the preprocessing loop to bypass app preprocs if no
 9265         app data.
 9266 
 9267     * src/sfutil/sf_ip.c, src/sfutil/sf_ip.h, src/sfutil/sfrt_dir.c,
 9268       src/dynamic-preprocessors/reputation/Makefile.am,
 9269       src/dynamic-preprocessors/reputation/reputation_config.h,
 9270       src/dynamic-preprocessors/reputation/reputation_utils.c,
 9271       src/dynamic-preprocessors/reputation/sf_reputation.dsp,
 9272       src/dynamic-preprocessors/reputation/spp_reputation.c,
 9273       src/dynamic-preprocessors/reputation/spp_reputation.h,
 9274       src/dynamic-preprocessors/reputation/reputation_config.c,
 9275       src/dynamic-preprocessors/reputation/reputation_debug.h,
 9276       src/dynamic-preprocessors/reputation/reputation_utils.h,
 9277       doc/README.reputation, doc/Makefile.am, doc/snort_manual.pdf,
 9278       doc/snort_manual.tex, preproc_rules/preprocessor.rules,
 9279       src/dynamic-preprocessors/Makefile.am, configure.in,
 9280       src/preprocids.h, etc/gen-msg.map:
 9281         Added the IP Reputation preprocessor. This preprocessor provides
 9282         the ability to whitelist and blacklist packets based on IP addresses.
 9283         See README.reputation for more information.
 9284 
 9285     * src/: sf_types.h, dynamic-plugins/sf_dynamic_plugins.c,
 9286       dynamic-preprocessors/dcerpc2/Makefile.am,
 9287       dynamic-preprocessors/dcerpc2/dce2_config.c,
 9288       dynamic-preprocessors/dcerpc2/dce2_debug.h,
 9289       dynamic-preprocessors/dcerpc2/dce2_paf.c,
 9290       dynamic-preprocessors/dcerpc2/dce2_paf.h,
 9291       dynamic-preprocessors/dcerpc2/sf_dce2.dsp,
 9292       dynamic-preprocessors/dcerpc2/snort_dce2.c:
 9293         Added protocol-aware flushing support for the dcerpc2 preprocessor.
 9294 
 9295     * src/dynamic-plugins/sf_convert_dynamic.c:
 9296         Added the ability to convert shared object rules that use the
 9297         preprocessor rule option.
 9298 
 9299     * src/preprocessors/: snort_httpinspect.c, spp_httpinspect.c,
 9300       HttpInspect/include/hi_paf.h, HttpInspect/utils/hi_paf.c,
 9301       Stream5/snort_stream5_tcp.c:
 9302         Don't enable paf unless stream ports configured
 9303         for the given direction; add "(PAF)" to http inspect ports output
 9304         to indicate when enabled; and only register port for given
 9305         direction if corresponding flow depth is set.
 9306 
 9307         Support full 32-bit content-lengths and chunk sizes, and flush/abort
 9308         when exceeded.
 9309 
 9310     * doc/README.SMTP, doc/snort_manual.tex,
 9311       src/dynamic-preprocessors/smtp/smtp_config.h,
 9312       src/dynamic-preprocessors/smtp/smtp_util.c,
 9313       src/dynamic-preprocessors/smtp/snort_smtp.c,
 9314       src/dynamic-preprocessors/smtp/snort_smtp.h,
 9315       src/dynamic-preprocessors/smtp/spp_smtp.c:
 9316         Fixed performance issue: allocate the buffers used
 9317         for filename, mailfrom and rcptto logging using mempool
 9318         ('memcap' used to allocate the mempool).
 9319         Added a fatal error when b64_decode_depth is used with
 9320         enable_mime_decoding.
 9321 
 9322 2011-06-13 Ryan Jordan <ryan.jordan@sourcefire.com>
 9323 Snort 2.9.1 Beta
 9324     * configure.in:
 9325         Updates to configure.in.
 9326         - Fix zlib checks to use correctly named variable for checking zlib
 9327           header and library existence.
 9328         - Enable IPv6 by default in builds.  Can use --disable-ipv6 to turn it off.
 9329           using --enable-zlib, configure should fail.  snort -V should show
 9330           IPv6 by default and VRT config should load without modification.
 9331         - Added a new option, "--enable-large-pcap", which allows Snort to read
 9332           pcap files that are larger than 2 GB.
 9333         - Changed the default ./configure options to match the requirements
 9334           for the bundled snort.conf
 9335     * doc/: INSTALL, README.imap, README.pop,
 9336       README.SMTP, README.stream5, README.sip, README.tag,
 9337       README.http_inspect, README.counts, README.normalize,
 9338       snort_manual.pdf, snort_manual.tex:
 9339         Updated documentation for Snort 2.9.1:
 9340         - Added documentation for new SIP, POP and IMAP preprocessors
 9341         - Updated README.stream5 with documentation for
 9342           Protocol Aware Flushing (PAF)
 9343         - Updated README.http_inspect with memcap information,
 9344           clarified "http_cookie" information, and documentation for
 9345           "log_uri" and "log_hostname".
 9346         - Fixed a typo in README.counts
 9347         - Updated "byte_extract" section to reflect syntax changes
 9348         - Improved the explanation of "max_queued_events"
 9349         - Added documentation for the ESP decoder, which is now configurable
 9350         - Improved the explanation of "rawbytes"
 9351         - Fixed an incorrect example in README.tag.
 9352     * etc/snort.conf:
 9353         Synced snort.conf with VRT's latest version.
 9354 
 9355         Added configurations for new preprocessors.
 9356     * preproc_rules/: decoder.rules, preprocessor.rules
 9357         Added new preprocessor rules for SIP, SMTP, POP, and IMAP.
 9358 
 9359         Added decoder rules 116:453, 116:454, and 116:455. These rules
 9360         were formerly covered by VRT rules.
 9361     * src/build.h: Updated build number to 46
 9362     * src/decode.c:
 9363         TCP and UDP decoder rules that require a fully-decoded packet will
 9364         only fire if the checksum is correct and the port number is not ignored.
 9365 
 9366         ESP decoding is now configurable, and off by default.
 9367 
 9368         The "config enable_decode_oversized_alerts" option now applies to
 9369         packets where the UDP header claims there is more data than actually exists.
 9370         The Teredo decoder now only processes packets in the Teredo prefix
 9371         (2001:0000::/32) or the link-local prefix (fe80::/16).
 9372     * src/detection-plugins/sp_cvs.c:
 9373         Fixed a false positive in the CVS detection plugin.
 9374     * doc/snort_manual.tex, src/detection-plugins/sp_byte_extract.c:
 9375         Made some changes to the byte_extract syntax:
 9376         - Writing "string" without a number type defaults to decimal.
 9377         - The "string" and "hex/dec/oct" options are now independent of each
 9378           other, like in byte_test and byte_jump.
 9379           You can write "string,dec", "hex,string", "string,relative,oct", etc.
 9380         - Specifying one of "hex", "dec", and "oct" without using "string"
 9381           results in an error.
 9382         - byte_extract options can no longer be delimited by spaces.
 9383           This does not affect "align <num>" or "multiplier <num>".
 9384     * src/: parser.c, util.c, util.h,
 9385       detection-plugins/sp_base64_decode.c,
 9386       dynamic-plugins/sf_dynamic_plugins.c,
 9387       dynamic-plugins/sf_dynamic_preprocessor.h,
 9388       dynamic-plugins/sp_dynamic.c,
 9389       dynamic-preprocessors/smtp/smtp_util.c,
 9390       preprocessors/HttpInspect/client/hi_client.c,
 9391       preprocessors/HttpInspect/server/hi_server.c,
 9392       sfutil/sf_base64decode.c, sfutil/sf_base64decode.h:
 9393         Changes include the following:
 9394         - Attempt dechunkind only when transfer-encoding: chunked is present.
 9395         - Override the content length with transfer encoding
 9396         - SnortStrcasestr uses slen now.
 9397         - unfolding : trim spaces when required.
 9398     * src/: pcap_pkthdr32.h, preprocessors/spp_frag3.c,
 9399       preprocessors/Stream5/snort_stream5_tcp.c,
 9400       preprocessors/Stream5/stream5_common.h, sfutil/sf_ipvar.c,
 9401       sfutil/sf_ipvar.h, sfutil/sf_vartable.c:
 9402         Update Frag3/Stream5 to print bound addresses, better descriptsions of detect
 9403         anomalies and port lists.
 9404         - Updated Frag3/Stream5 to print bound addresses for IPv6 enabled builds
 9405         - Updated Frag3 to print meaningful detect anomalies configuration
 9406         - Updated Stream5 to print that there are more ports than those printed.
 9407     * src/dynamic-plugins/sf_engine/: Makefile.am, sf_decompression.c,
 9408       sf_decompression.h, sf_snort_detection_engine.c,
 9409       sf_snort_plugin_api.h:
 9410         Added a Decompression API that wraps Zlib for use with dynamic
 9411         plugins. See sf_decompression.h for more details.
 9412     * src/: fpcreate.c, fpdetect.c, treenodes.h:
 9413         Update pattern matcher and sort functions to
 9414         correctly sort by priority as well as implement sorting by
 9415         content_length (which was never done with 2.8.2 addition of rule
 9416         option tree).
 9417 
 9418         Added a warning when max-pattern-len is defined twice.
 9419 
 9420         Packets will no longer be tagged or logged if they are filtered or passed.
 9421     * src/preprocessors/Stream5:
 9422         Ensured that reassembly doesn't require packet dropping in IPS mode.
 9423         The message "additional ports configured but not printed" is only printed
 9424         when that is actually the case.
 9425     * src/snort.c:
 9426         fix output of filename / shutdown alerts sequence when iterating over multiple
 9427         pcaps with --pcap-show --pcap-reset and console alerts (eg -A cmg or
 9428         -A console:test).
 9429 
 9430         Fixed an issue with reloading Snort while the default output options
 9431         were used.
 9432 
 9433         When reading several pcap files with --pcap-dir, Snort will move on
 9434         to the next file if one fails to load.
 9435     * src/output-plugins/spo_alert_full.c:
 9436         Update alert_full to print rule references, regardless of whether
 9437         there is TCP/UDP/etc.
 9438     * src/output-plugins/spo_log_tcpdump.c:
 9439         convert DLT_IPV{4,6} to DLT_RAW for compatibility with libpcap 1.0.0
 9440         fix 'mixed decls and code' compiler warning
 9441     * src/: decode.h, detect.c, detection_util.c, detection_util.h,
 9442       fpcreate.c, fpdetect.c, log.c, log_text.c, parser.h, plugbase.c,
 9443       rule_option_types.h, detection-plugins/Makefile.am,
 9444       detection-plugins/detection_options.c,
 9445       detection-plugins/sp_base64_data.c,
 9446       detection-plugins/sp_byte_check.c,
 9447       detection-plugins/sp_byte_extract.c,
 9448       detection-plugins/sp_byte_jump.c,
 9449       detection-plugins/sp_file_data.c,
 9450       detection-plugins/sp_ftpbounce.c,
 9451       detection-plugins/sp_isdataat.c,
 9452       detection-plugins/sp_pattern_match.c,
 9453       detection-plugins/sp_pcre.c, detection-plugins/sp_pkt_data.c,
 9454       detection-plugins/sp_pkt_data.h,
 9455       dynamic-plugins/sf_convert_dynamic.c,
 9456       dynamic-plugins/sf_dynamic_common.h,
 9457       dynamic-plugins/sf_dynamic_define.h,
 9458       dynamic-plugins/sf_dynamic_engine.h,
 9459       dynamic-plugins/sf_dynamic_plugins.c,
 9460       dynamic-plugins/sf_dynamic_preprocessor.h,
 9461       dynamic-plugins/sp_dynamic.c, dynamic-plugins/sp_dynamic.h,
 9462       dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 9463       dynamic-plugins/sf_engine/sf_snort_packet.h,
 9464       dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 9465       dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 9466       dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 9467       dynamic-preprocessors/ftptelnet/pp_ftp.c,
 9468       dynamic-preprocessors/ftptelnet/pp_telnet.c,
 9469       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
 9470       dynamic-preprocessors/smtp/smtp_util.c,
 9471       dynamic-preprocessors/smtp/snort_smtp.c,
 9472       dynamic-preprocessors/smtp/snort_smtp.h,
 9473       preprocessors/snort_httpinspect.c,
 9474       preprocessors/snort_httpinspect.h,
 9475       preprocessors/spp_rpc_decode.c,
 9476       preprocessors/HttpInspect/server/hi_server.c,
 9477       preprocessors/HttpInspect/server/hi_server_norm.c,
 9478       preprocessors/Stream5/snort_stream5_tcp.c:
 9479         The "file_data" and "base64_data" rule options now set the buffer
 9480         for any rule options that follow them. This applies to both relative
 9481         and non-relative rule options.
 9482 
 9483         The detection code now uses 3 separate buffers:
 9484         - "Alt Detect": set by file_data, base64_data, etc.
 9485         - "Alt Decode": set by preprocessor normalization, e.g. HTTP Inspect
 9486         - Raw packet data
 9487 
 9488         The AltDetect buffer can also be set by custom .so rules.
 9489     * src/parser.c, src/parser.h, src/snort.h, src/output-plugins/spo_unified2.c,
 9490       src/sfutil/Unified2_common.h:
 9491         IPv6 source and destination addresses are now logged in Unified2
 9492         as extra data events. This is configured with "config log_ipv6_extra_data".
 9493     * src/dynamic-preprocessors/sip/Makefile.am,
 9494       src/dynamic-preprocessors/sip/sf_sip.dsp,
 9495       src/dynamic-preprocessors/sip/sip_config.c,
 9496       src/dynamic-preprocessors/sip/sip_config.h,
 9497       src/dynamic-preprocessors/sip/sip_debug.h,
 9498       src/dynamic-preprocessors/sip/sip_dialog.c,
 9499       src/dynamic-preprocessors/sip/sip_dialog.h,
 9500       src/dynamic-preprocessors/sip/sip_parser.c,
 9501       src/dynamic-preprocessors/sip/sip_parser.h,
 9502       src/dynamic-preprocessors/sip/sip_roptions.c,
 9503       src/dynamic-preprocessors/sip/spp_sip.c,
 9504       src/dynamic-preprocessors/sip/spp_sip.h,
 9505       src/dynamic-preprocessors/sip/sip_roptions.h,
 9506       src/dynamic-preprocessors/sip/sip_utils.c,
 9507       src/dynamic-preprocessors/sip/sip_utils.h, doc/README.sip,
 9508       etc/gen-msg.map, src/dynamic-preprocessors/sip/test/Makefile.am,
 9509       src/dynamic-preprocessors/sip/test/sip_test.c, configure.in,
 9510       src/dynamic-preprocessors/Makefile.am:
 9511         Added a new preprocessor for SIP traffic.
 9512         See README.sip and the Snort Manual for more information.
 9513     * src/: dynamic-preprocessors/dcerpc2/dce2_utils.c,
 9514       dynamic-preprocessors/dcerpc2/spp_dce2.c,
 9515       preprocessors/spp_frag3.c:
 9516         Make Frag3 OpenBSD Vuln alert only happen if the frag policy is
 9517         'linux' (which includes OpenBSD).  The 'bsd' policy is NOT used
 9518         for OpenBSD, which is the only OS on which the vulnerability was
 9519         present.
 9520 
 9521         This reduces false positives to only occur when frag3 policy is
 9522         linux and its an actual linux system, rather than the alert
 9523         occuring regardless of frag policy.
 9524     * src/: detection-plugins/Makefile.am,
 9525       detection-plugins/sp_byte_extract.c,
 9526       detection-plugins/sp_byte_extract.h,
 9527       dynamic-plugins/sf_convert_dynamic.c,
 9528       dynamic-plugins/sf_engine/Makefile.am,
 9529       dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 9530       dynamic-plugins/sf_engine/sf_snort_detection_engine.h,
 9531       dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
 9532       dynamic-plugins/sf_engine/sf_snort_plugin_api.h,
 9533       dynamic-plugins/sf_engine/sf_snort_plugin_byte.c,
 9534       dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
 9535       dynamic-plugins/sf_engine/sf_snort_plugin_hdropts.c,
 9536       dynamic-plugins/sf_engine/sf_snort_plugin_loop.c,
 9537       dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
 9538         Added support for ByteExtract variables to the .so rule versions of
 9539         Content, ByteTest, ByteJump, and isdataat.
 9540     * src/: encode.c, preprocessors/spp_normalize.c,
 9541       preprocessors/Stream5/snort_stream5_tcp.c,
 9542       preprocessors/Stream5/stream5_common.c:
 9543         Fixed the TTL on encoded response packets.
 9544     * src/: fpcreate.c, fpdetect.c,
 9545       detection-plugins/sp_pattern_match.c,
 9546       detection-plugins/sp_pattern_match.h,
 9547       dynamic-plugins/sf_dynamic_define.h,
 9548       dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
 9549       dynamic-plugins/sf_engine/sf_snort_plugin_api.h:
 9550         Update to not inspect HTTP method buffer with Snort's fast pattern engine.
 9551         Rules with only HTTP method content end up as non-content rules.
 9552         This eliminates a short cycle of searches with fast pattern on every
 9553         initial HTTP request.
 9554     * src/dynamic-preprocessors/pop/: all files
 9555         Added a new preprocessor for POP traffic.
 9556         See README.pop for more information.
 9557     * src/dynamic-preprocessors/imap/: all files
 9558         Added a new preprocessor for IMAP traffic.
 9559         See README.imap for more information.
 9560     * src/sfutil/: sf_email_attach_decode.c, sf_email_attach_decode.h:
 9561         Base64 decoding was moved to its own section in sfutil, for use
 9562         by the new email preprocessors.
 9563 
 9564         Added support for uuencoded email attachments.
 9565     * src/dynamic-preprocessors/sdf/spp_sdf.c:
 9566         The Sensitive Data preprocessor now inspects the "file_data" buffer, used
 9567         for HTTP response bodies & decoded email attachments.
 9568     * src/: snort.c, preprocessors/spp_stream5.c,
 9569       preprocessors/stream_api.h:
 9570         Update Snort to return a DAQ verdict of whitelist (meaning don't
 9571         send Snort any more packets) for sessions that are being ignored
 9572         in both directions or ports that are configured to ignore.  For
 9573         DAQ modules and hardware that supports it, this should result in
 9574         a performance gain because Snort no longer has to decode packets
 9575         that are part of that connection.
 9576     * src/util.c:
 9577         Added an error message when opening a pid file fails.
 9578     * src/preprocessors/HttpInspect/: client/hi_client.c,
 9579       server/hi_server.c:
 9580         The Set-Cookie: and Cookie: headers wont be included in the cookie buffers.
 9581     * configure.in, src/active.c, src/active.h, src/decode.h,
 9582       src/encode.c, src/encode.h, src/log_text.c, src/log_text.h,
 9583       src/parser.c, src/parser.h, src/sf_types.h, src/sfdaq.c,
 9584       src/sfdaq.h, src/snort.h, src/snort_debug.h,
 9585       src/detection-plugins/sp_react.c,
 9586       src/detection-plugins/sp_respond3.c,
 9587       src/dynamic-plugins/sf_dynamic_define.h,
 9588       src/dynamic-plugins/sf_engine/sf_snort_packet.h,
 9589       src/preprocessors/snort_httpinspect.c,
 9590       src/preprocessors/spp_httpinspect.c,
 9591       src/preprocessors/spp_stream5.c, src/preprocessors/stream_api.h,
 9592       src/preprocessors/HttpInspect/Makefile.am,
 9593       src/preprocessors/HttpInspect/include/Makefile.am,
 9594       src/preprocessors/HttpInspect/include/hi_paf.h,
 9595       src/preprocessors/HttpInspect/mode_inspection/hi_mi.c,
 9596       src/preprocessors/HttpInspect/server/hi_server.c,
 9597       src/preprocessors/HttpInspect/utils/Makefile.am,
 9598       src/preprocessors/HttpInspect/utils/hi_paf.c,
 9599       src/preprocessors/Stream5/Makefile.am,
 9600       src/preprocessors/Stream5/snort_stream5_icmp.c,
 9601       src/preprocessors/Stream5/snort_stream5_session.c,
 9602       src/preprocessors/Stream5/snort_stream5_tcp.c,
 9603       src/preprocessors/Stream5/snort_stream5_tcp.h,
 9604       src/preprocessors/Stream5/snort_stream5_udp.c,
 9605       src/preprocessors/Stream5/stream5_common.c,
 9606       src/preprocessors/Stream5/stream5_common.h,
 9607       src/preprocessors/Stream5/stream5_paf.c,
 9608       src/preprocessors/Stream5/stream5_paf.h, src/sfutil/sf_textlog.h:
 9609         Added support in Stream5 for Protocol Aware Flushing (PAF).
 9610         PAF allows Snort to statefully scan a stream and reassemble a complete
 9611         PDU regardless of segmentation.
 9612 
 9613         Added PAF support to HTTP Inspect, allowing the preprocessor to determine
 9614         when HTTP sessions are flushed by Stream5.
 9615 
 9616         See README.stream5 for more details.
 9617     * src/preprocessors/: stream_ignore.h, stream_ignore.c,
 9618       Stream5/snort_stream5_udp.c:
 9619         added support for ignoring UDP channels. Light weight session
 9620         will be created to track UDP channel, even ports are not
 9621         monitored.
 9622     * src/win32/: most files
 9623         Updated Snort and its libraries to build/link against MFC.
 9624 
 9625 2011-03-23 Steven Sturges <ssturges@sourcefire.com>
 9626   * src/build.h:
 9627       Increment Snort build number to 134
 9628   * src/: decode.h, encode.c:
 9629   * src/dynamic-plugins/sf_engine/: sf_snort_packet.h:
 9630   * src/preprocessors/: spp_sfportscan.c, spp_frag3.c:
 9631   * src/output-plugins/: spo_alert_fast.c:
 9632   * src/preprocessors/Stream5/: stream5_common.c:
 9633       Updated portscan to set protocol correctly in raw packet for
 9634       IPv6 and changed the encoder to recognize portscan packets as pseudo
 9635       packets so that the checksum isn't calculated
 9636   * src/: sfdaq.c, util.c:
 9637       Improve handling of DAQ failure codes when Snort is shutting down.
 9638   * src/preprocessors/spp_perfmonitor.c:
 9639       Update perfmonitor to create now files prior to dropping privs
 9640 
 9641 2011-03-16 Ryan Jordan <ryan.jordan@sourcefire.com>
 9642 Snort 2.9.0.5
 9643   * src/build.h:
 9644       Increment Snort build number to 132
 9645   * src/snort.c:
 9646   * src/preprocessors/: normalize.c, perf-base.c, perf-base.h,
 9647     Stream5/snort_stream5_tcp.c:
 9648       TCP timestamp options are only NOPed by the Normalization preprocessor
 9649       if Stream5 has seen a full 3-way handshake, and timestamps weren't
 9650       negotiated.
 9651 
 9652       The IPS mode reassembly policy has been refactored to do stream
 9653       normalization within the first policy.
 9654 
 9655       Packets injected by the normalization preprocessor are now counted
 9656       in the packet statistics.
 9657   * doc/snort_manual.tex:
 9658   * src/: parser.c, parser.h:
 9659   * src/preprocessors/: spp_frag3.c, Stream5/snort_stream5_session.c:
 9660       Added a "config vlan_agnostic" setting that globally disables Stream's
 9661       use of vlan tag in session tracking.
 9662   * src/: snort.c, preprocessors/normalize.c,
 9663     preprocessors/spp_normalize.c, preprocessors/spp_normalize.h,
 9664     preprocessors/perf-base.c, preprocessors/perf-base.h:
 9665   * doc/: README.normalize, snort_manual.pdf, snort_manual.tex:
 9666       Fixed the normalization preprocessor to call its post-initialization
 9667       config functions during a policy reload.
 9668 
 9669       Packets can no longer be trimmed below the minimum ethernet frame
 9670       length. Trimming is now configurable with the "normalize_ip4: trim;"
 9671       option. TOS clearing is now configurable with "normalize_ip4: tos;".
 9672 
 9673       The "normalize_ip4: trim" option is automatically disabled if the
 9674       DAQ can't inject packets. If the DAQ tries and fails to inject
 9675       a given packet, the wire packet is not blocked.
 9676 
 9677       Updated documentation regarding these changes.
 9678   * src/detection-plugins/sp_cvs.c:
 9679       Fixed a false positive in the CVS detection plugin. It was incorrectly
 9680       parsing CVS entries that had a '+' in between the 3rd and 4th slashes.
 9681   * src/preprocessors/HttpInspect/: client/hi_client.c,
 9682     server/hi_server.c:
 9683       Changed a pointer comparison to a size check for code readability.
 9684       Belated thanks to Dwane Atkins and Parker Crook for reporting a
 9685       related issue that was fixed in Snort 2.9.0.4 build 111.
 9686 
 9687       Moved the zlib initialization such that gzipped responses are still
 9688       inspected if the zipped data starts after the first Stream-reassembled
 9689       packet is inspected.
 9690   * src/decode.c:
 9691       Fixed an issue with decoding too many IP layers in a single packet. The
 9692       Teredo proto bit was not unset after hitting the limit on IP layers.
 9693       Thanks to Dwane Atkins for reporting this issue.
 9694 
 9695       IPv6 fragmented packets are no longer inspected unless they have an
 9696       offset of zero and the next layer is UDP. This behavior is consistent
 9697       with IPv4 decoding.
 9698       Thanks to Martin Sch�tte for reporting an issue where fragged ICMPv6
 9699       packets were being inspected.
 9700 
 9701       The decoder no longer attempts to decode Teredo packets inside of
 9702       IPv4 fragments, instead waiting for the reassembled packet.
 9703   * src/encode.c:
 9704       Fixed a problem where encoded packets had their lengths calculated
 9705       incorrectly. This caused the active response feature to generate
 9706       incorrect RST packets if the original packet had a VLAN tag.
 9707   * preproc_rules/preprocessor.rules:
 9708       Updated references to rule 125:1:1
 9709   * src/preprocessors/spp_perfmonitor.c:
 9710       Perfmonitor files are now created after Snort changes uid/gid.
 9711   * src/dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.c:
 9712       Fixed the size formatting of an error message argument when
 9713       compiling with --enable-rzb-saac.
 9714       Thanks to Cleber S. Brand�o for reporting this issue.
 9715   * etc/snort.conf:
 9716       Updated the default snort.conf with max compress and decompress
 9717       depths to enable unlimited decompression of gzipped HTTP responses.
 9718   * snort.8:
 9719       Fixed the man page's URL regarding the location of Snort rules.
 9720       Thanks to Michael Scheidell for reporting an out-of-date man page section.
 9721   * doc/README.http_inspect, doc/snort_manual.tex,
 9722     src/preprocessors/snort_httpinspect.c:
 9723       HTTP Inspect's "unlimited_decompress" option now requires that
 9724       "compress_depth" and "decompress_depth" are set to their max values.
 9725   * src/: fpcreate.c, dynamic-plugins/sf_dynamic_define.h,
 9726     dynamic-plugins/sf_dynamic_engine.h,
 9727     preprocessors/Stream5/snort_stream5_tcp.c:
 9728       Fixed an error that prevented compiling with --disable-dynamicplugin.
 9729       Thanks to Jason Wallace for reporting this issue.
 9730   * src/dynamic-preprocessors/ftptelnet/: snort_ftptelnet.c,
 9731     snort_ftptelnet.h, spp_ftptelnet.c:
 9732       Changed the names of ProcessGlobalConf() and PrintGlobalConf() inside
 9733       the ftp_telnet preprocessor to avoid a naming conflict with similar
 9734       functions in HTTP Inspect.
 9735       Thanks to Bruce Corwin for reporting this issue.
 9736   * src/preprocessors/: perf.c, perf-base.c, perf-base.h, perf-flow.c,
 9737     perf-flow.h:
 9738       Fixed comparisons between signed and unsigned int, which lead to
 9739       a faulty length check.
 9740       Thanks to Cihan Ayyildiz and Jason Wallace for helping us debug this
 9741       issue.
 9742 
 9743 2011-02-28 Ryan Jordan <ryan.jordan@sourcefire.com>
 9744 Snort 2.9.0.4
 9745   * src/build.h:
 9746       Increment Snort build number to 111.
 9747   * src/preprocessors/HttpInspect/client/hi_client.c:
 9748     src/preprocessors/HttpInspect/server/hi_server.c:
 9749       Fixed a bug in the way partial HTTP headers are handled.
 9750 
 9751 2011-02-10 Ryan Jordan <ryan.jordan@sourcefire.com>
 9752 Snort 2.9.0.4
 9753   * src/build.h: Increment Snort build number to 110
 9754   * snort.8, src/snort.c:
 9755     Updated Snort man page to match the output of "snort --help".
 9756     Removed "-o" from the list of valid options, since it was removed
 9757     a while ago.
 9758     The verdict from defragged packets are no longer cleared, so that
 9759     they can be applied to the raw packet.
 9760     Thanks to Markus Lude for submitting a patch that fixed errors in the
 9761     man page.
 9762   * src/fpcreate.c:
 9763     Deletec the call to fpDeletePortGroup() prior to calling FatalError().
 9764   * src/parser.c:
 9765     Fixed portvar parsing code to correctly dislpay names of undefined
 9766     portvars.
 9767   * src/preprocessors/Stream5/snort_stream5_tcp.c:
 9768     Fixed a FIN sequence number handling issue, where RST after FIN caused a
 9769     false positive on Stream5 preprocessor rule 129:15.
 9770     Thanks to Jason Wallace for pointing out the issue.
 9771   * doc/: INSTALL, README.frag3, README.http_inspect, README.stream5,
 9772     snort_manual.tex, snort_manual.pdf:
 9773     Added documentation for the option "small-segments".
 9774     Updated team members.
 9775     Clarified some undocumented "flow" options.
 9776     Minor edits to punctuation on "ssl_version" examples.
 9777     Re-worded uricontent's description.
 9778     Added missing semicolons to rule option examples.
 9779     Updated "enable_cookie" documentation.
 9780     Added documentation for "iis_encode" in http_encode keywords.
 9781     Improved the description of the "disable" keyword.
 9782     Added "--enable-sourcefire" description.
 9783     Thanks to Joshua Kinard for sending in several patches to the manual.
 9784   * doc/: Makefile.am, README.rzb_saac:
 9785     Added SaaC readme. 
 9786   * configure.in, doc/Makefile.am, doc/README.rzb_saac, src/snort.c,
 9787     src/util.c, src/util.h,
 9788     src/dynamic-plugins/sf_engine/examples/Makefile.am,
 9789     src/dynamic-preprocessors/Makefile.am,
 9790     src/dynamic-preprocessors/dns/spp_dns.c,
 9791     src/dynamic-preprocessors/rzb_saac/Makefile.am,
 9792     src/dynamic-preprocessors/rzb_saac/rzb_debug.c,
 9793     src/dynamic-preprocessors/rzb_saac/rzb_debug.h,
 9794     src/dynamic-preprocessors/rzb_saac/rzb_http-client.c,
 9795     src/dynamic-preprocessors/rzb_saac/rzb_http-client.h,
 9796     src/dynamic-preprocessors/rzb_saac/rzb_http-collector.h,
 9797     src/dynamic-preprocessors/rzb_saac/rzb_http-fileinfo.c,
 9798     src/dynamic-preprocessors/rzb_saac/rzb_http-fileinfo.h,
 9799     src/dynamic-preprocessors/rzb_saac/rzb_http-server.c,
 9800     src/dynamic-preprocessors/rzb_saac/rzb_http-server.h,
 9801     src/dynamic-preprocessors/rzb_saac/rzb_http.h,
 9802     src/dynamic-preprocessors/rzb_saac/rzb_smtp-collector.c,
 9803     src/dynamic-preprocessors/rzb_saac/rzb_smtp-collector.h,
 9804     src/dynamic-preprocessors/rzb_saac/sf_preproc_info.h,
 9805     src/dynamic-preprocessors/rzb_saac/spp_rzb-saac.c:
 9806     Added Razorback SaaC to the dynamic-preprocessors.
 9807     Use --enable-rzb-saac to build it.  Moved the initgroups call to a
 9808     separate function and call it from the main thread.
 9809   * src/detection-plugins/sp_clientserver.c:
 9810     Fixed an erroneous error check so that "no_frag" and "no_stream" can be
 9811     used in the same "flow" rule option.
 9812   * src/detection-plugins/sp_pattern_match.c:
 9813     Rules that use a "depth" value lower than the length of their content
 9814     now cause an error. Depth should be >= the content length.
 9815   * src/detection-plugins/sp_tcp_flag_check.c:
 9816     Changed the reserved bits flags "1, 2" to "C, E". The old values can still
 9817     be used for backwards compatability.
 9818   * preproc_rules/preprocessor.rules:
 9819     Added references to FTP and SMTP preprocessor rules. 
 9820   * src/dynamic-plugins/sf_engine/examples/: detection_lib_meta.h:
 9821     Removed extraneous ifdef
 9822   * src/: preprocessors/spp_frag3.c, preprocessors/spp_sfportscan.c,
 9823     dynamic-preprocessors/dcerpc2/dce2_config.c:
 9824     Added startup log message to show that the preprocessors are
 9825     inactive when added to snort.conf as "disabled".
 9826     Updated frag3 startup log to indicate the memcap frmo which prealloc
 9827     fragments were generated.
 9828   * src/preprocessors/: spp_frag3.c, Stream5/snort_stream5_session.c:
 9829     Updated the Frag3KeyCmp and Stream5KeyCmp functions to handle 32bit
 9830     sparc platforms where 64bit pointer comparisons can cause bus
 9831     errors. Thanks to Stephan for reporting this issue.
 9832   * src/: preprocessors/portscan.c, win32/WIN32-Includes/config.h:
 9833     Portscan preprocessor's hash table is now allocated based on
 9834     the memcap, instead of being the same size.
 9835   * src/dynamic-preprocessors/dcerpc2/: dce2_co.c, dce2_utils.c, dce2_smb.c:
 9836     Fixed a bug that caused dcerpc2 to reassemble some segments incorrectly.
 9837     If extra bytes at the end of a request corrupt the next request, they
 9838     will be discarded.
 9839   * src/dynamic-preprocessors/ssl/spp_ssl.c:
 9840     Updated the SSL preproc to count the packets it processes,
 9841     instead of counting all packets to enter the intiial function.
 9842   * doc/: faq.tex, faq.pdf:
 9843     Updated FAQ based on snort.org reorganization. 
 9844   * doc/: README.http_inspect, snort_manual.pdf, snort_manual.tex:
 9845     Updated cookie documentation.
 9846     Cookie buffer includes "Cookie" header name for HTTP requests and
 9847     "Set-Cookie" for HTTP responses. When enable_cookie is disabled,
 9848     cookie buffer points to the HTTP header
 9849   * src/preprocessors/snort_httpinspect.c:
 9850     Fixed the error message during parsing of HTTP inspect
 9851     server config. Make it a warning. 
 9852   * src/: detection_util.h, preprocessors/snort_httpinspect.c,
 9853     preprocessors/spp_httpinspect.c,
 9854     preprocessors/HttpInspect/client/hi_client.c,
 9855     preprocessors/HttpInspect/include/hi_client.h,
 9856     preprocessors/HttpInspect/include/hi_norm.h,
 9857     preprocessors/HttpInspect/include/hi_ui_config.h,
 9858     preprocessors/HttpInspect/normalization/hi_norm.c,
 9859     preprocessors/HttpInspect/server/hi_server.c:
 9860       Fixed a false positive due to a large chunk length followed
 9861       by a small packet.
 9862       Moved the lookup table such that they are initialized only once.
 9863       When de-chunking returns error, the data is now inspected as a
 9864       normal body.
 9865       Moved the Initialize function out of hi_ui_config.h.
 9866       CRLFs are no longer placed in the status message buffer.
 9867   * many files:
 9868     Updated all Sourcefire copyright notices to the year 2011.
 9869 
 9870 2010-12-20 Ryan Jordan <ryan.jordan@sourcefire.com>
 9871 Snort 2.9.0.3
 9872   * src/build.h:
 9873       Increment Snort build number to 98
 9874   * doc/: snort_manual.tex, snort_manual.pdf:
 9875       Fixed Snort manual descriptions of some rule options.
 9876       Changed whitespace in several areas to be more consistent.
 9877       Max mime mem example changed from 1000 to 4000.
 9878       Updated manual for distance / within / offset / depth combos.
 9879       Thanks to Joshua Kinard for submitting several fixes.
 9880   * doc/INSTALL:
 9881       Update doc/INSTALL with instructions for building on OpenBSD.
 9882   * src/dynamic-preprocessors/smtp/smtp_config.c:
 9883       Print alert_unknown_commands in SMTP config of snort output.
 9884       Print the SMTP MIME config details with snort output.
 9885   * src/: decode.c, decode.h, snort.c:
 9886       discriminate between ip4 and ip6 raw packets
 9887       Thanks to Gerald Maziarski for reporting this issue.
 9888   * src/detection-plugins/: detection_options.c, sp_byte_jump.c,
 9889       sp_pattern_match.c:
 9890       restore doe flags along with doe pointer.
 9891   * preproc_rules/preprocessor.rules:
 9892       Updated preprocessor.rules references to match VRT.
 9893   * src/dynamic-preprocessors/smtp/spp_smtp.c:
 9894       When the SMTP preprocessor is started in a
 9895       "disabled" state, it no longer requires Stream5.
 9896   * src/decode.c:
 9897       Truncated ESP traffic is now handled correctly.
 9898       Thanks to rmkml for bringing the issue to our attention.
 9899   * src/: decode.c, fpdetect.c:
 9900       Fixed a problem with handling UDP/IPv6 over Teredo where the inner UDP
 9901       header was malformed.
 9902   * preproc_rules/preprocessor.rules:
 9903       Added a reference to preprocessor.rules.
 9904   * src/dynamic-preprocessors/smtp/spp_smtp.c:
 9905       When the SMTP preprocessor is started in a
 9906       "disabled" state, it no longer requires Stream5.
 9907   * src/detection-plugins/: detection_options.c, sp_pattern_match.c:
 9908       Update content to check for HTTP_RESP_BODY in packet flag
 9909       if option is relative and not using rawbytes.
 9910   * etc/snort.conf:
 9911       Update with snort.conf from VRT
 9912   * src/dynamic-plugins/sf_engine/examples/detection_lib_meta.h:
 9913       Bumped minor version number in  example detection lib.
 9914   * src/preprocessors/spp_frag3.c:
 9915       Fix memory leak when there are two zero offset
 9916       fragments with different IP options.  Previous code was blindly
 9917       copying new IP options over top of existing ones.
 9918   * src/dynamic-plugins/sf_engine/: sf_snort_detection_engine.c,
 9919       sf_snort_plugin_api.h:
 9920       Fixed overlaps in various flags in the Shared Object rule API.
 9921       Shared Object rules from previous 2.9.0 versions need to be recompiled.
 9922   * src/detection-plugins/sp_pattern_match.c:
 9923       Moved non-zero initializations in the PatternMatchData struct
 9924       to the NewNode() function. This fixes the use of depth, offset,
 9925       distance, and within on uricontent options.
 9926       Reject invalid combinations of distance/within and offset/depth
 9927       including repeated keywords.
 9928       Thanks to Dave Bertouille and Daniel Clemens for pointing out issues here.
 9929   * src/: snort.c, util.c, util.h:
 9930       write correct pid to file for glibc2.2 / linux threads
 9931   * src/preprocessors/: snort_httpinspect.c,
 9932       HttpInspect/mode_inspection/hi_mi.c:
 9933       Fixed an instance where HTTP session data was not checked.
 9934 DAQ 0.5
 9935   * daq/os-daq-modules/Makefile.am:
 9936       The IPFW DAQ now builds on OpenBSD.
 9937       Thanks to Ross Lawrie, Randall Rioux, and many others for reporting this.
 9938 
 9939 2010-11-15 Ryan Jordan <ryan.jordan@sourcefire.com>
 9940 Snort 2.9.0.2
 9941     * preproc_rules/preprocessor.rules:
 9942           Added a reference to an 0day ProFTP bug in a FTP
 9943           preprocessor rule.
 9944     * src/build.h:
 9945           Increment Snort build number to 92
 9946     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 9947           Count only acked segs for flushing post-ack.  Thanks to Eoin Miller
 9948           for helping track this issue and provide test scenarios.
 9949     * src/detection_util.h:
 9950     * src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
 9951     * src/preprocessors/Stream5/snort_stream5_tcp.c:
 9952           fix file_data:mime in So rules. content matches following
 9953           file_data:mime should not enter fast pattern matcher. Reset file_data_ptr once
 9954           stream flush is done and stream reassembled packet is processed.
 9955     * src/dynamic-preprocessors/ssl/spp_ssl.c:
 9956           Fix return value for SSL rule options
 9957     * src/: plugbase.h, preprocessors/snort_httpinspect.c:
 9958           Set the dce preproc bit in HTTP only when server flow depth is -1
 9959     * src/dynamic-preprocessors/dcerpc2/: dce2_co.c, dce2_smb.c,
 9960       dce2_utils.c, dce2_utils.h, includes/smb.h:
 9961           use offset or remaining fields and overwrite
 9962           as appropriate instead of always appending data
 9963     * src/preprocessors/HttpInspect/server/hi_server.c:
 9964     * src/preprocessors/HttpInspect/client/hi_client.c:
 9965           Fixed a couple of memory leaks.
 9966     * src/preprocessors/HttpInspect/mode_inspection/hi_mi.c:
 9967           Fixed an error in the handling of HTTP Session Data.
 9968     * doc/: README.http_inspect,snort_manual.pdf, snort_manual.tex:
 9969           Update to the snort manual. remove the stream5
 9970           alerts. reference the gen-msg.map.
 9971     * preprocessors/Stream5/snort_stream5_tcp.c:
 9972           urgent pointer handling corrected for one
 9973           byte of urgent data at the start of a segment.  The general case
 9974           of an N-byte urgent payload prefix would be handled here by
 9975           removing the == 1 limit in urg_offset == 1 but that restrictio
 9976           is not safe until we flush urgent data.  As is, urgent data is
 9977           never flushed in reassembled packets and can only be detected i
 9978           raw packets.
 9979           pointer handling.
 9980     * src/: decode.h, detection_util.h, plugbase.h,
 9981       preprocessors/snort_httpinspect.c,
 9982       preprocessors/snort_httpinspect.h,
 9983       preprocessors/HttpInspect/server/hi_server.c,
 9984           Apply server flow depth on a session basis
 9985           rather than per packet basis.  This change improves the
 9986           performance by disabling detect on packet when the packet is
 9987           beyond the specified flow depth. server_flow_depth now takes
 9988           values from -1 to 65535
 9989     * src/parser.c:
 9990           Correct setting of dup_opt_func and cleanup existing opt_func list before
 9991           hand to address parse-time leak.
 9992 
 9993 2010-11-01 Ryan Jordan <ryan.jordan@sourcefire.com>
 9994 Snort 2.9.0.1
 9995     * doc/: snort_manual.pdf, snort_manual.tex:
 9996            Added "flush_factor".
 9997            Fixed incorrect line wrap (thx Shawn Thompson). 
 9998            values for within and depth updated
 9999     * src/build.h:
10000            Increment Snort build number to 82.
10001     * src/preprocessors/HttpInspect/: client/hi_client.c,
10002       server/hi_server.c:
10003            HTTP header buffers (raw/normalized) now include the missing \n (of \r\n\r\n). 
10004     * src/target-based/sf_attribute_table.y:
10005           Set YYMAXDEPTH to something that covers large number of services for a single host. 
10006     * src/parser.c, src/preprocessors/spp_stream5.c,
10007       doc/snort_manual.pdf, doc/snort_manual.tex:
10008            Fix use of config flowbits_size and update default to 1024. 
10009     * src/detection-plugins/sp_pcre.c:
10010            Correct calculation of offset to its original now that libpcre is fixed. 
10011     * src/: detection-plugins/sp_pcre.c, win32/WIN32-Includes/pcre.h,
10012       win32/WIN32-Includes/pcreposix.h, win32/WIN32-Libraries/pcre.lib:
10013            Update Win32 libpcre to newer version and use --enable-newline-is-cr instead of
10014            --enable-newline-is-any.  Also added comments to sp_pcre.c in terms of how Snort is
10015            interpreting the ovector from pcre_exec.
10016     * etc/gen-msg.map:
10017            Added rules 120:4 and 120:5 to gen-msg.map. 
10018     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10019            Fix issue when handling overlap limit enforcement.  Thanks to rmkml
10020            and Miguel Alvarez for pointing out the issue.
10021     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10022            fix flush after initial when acks are withheld
10023            conditional on NORMALIZER
10024            process stream after window slam unless normalizing
10025            fully separate pre-ack flush from post-ack flush to ensure switching on policy for listener direction;
10026            allow window limit greater than 16-bit; tweak flush point tracing.
10027            added preprocessor rule 129:19, window slam
10028     * src/preprocessors/Stream5/: snort_stream5_tcp.c,
10029       stream5_common.h:
10030            add stream5_tcp: flush_factor <#>
10031     * doc/snort_manual.tex, src/detection-plugins/sp_ttl_check.c:
10032           Allow >= and <= with ttl keyword. Also fix the parsing for ttl. Update manual
10033     * src/util.c:
10034            Make parent_wait variable volatile so it doesn't get optimized out.
10035     * src/decode.c:
10036            In CheckIPv4_MinTTL(), use the ttl passed as an argument instead of the packet's IP header.
10037     * preproc_rules/preprocessor.rules:
10038            adds preprocessor rule 129:19
10039     * etc/gen-msg.map, preproc_rules/decoder.rules, src/decode.c,
10040       src/generators.h:
10041            Ported .so rule for ICMP DOS to decoder. 
10042     * etc/gen-msg.map, src/generators.h,
10043     * src/: active.c, encode.c, detection-plugins/sp_react.c:
10044            set ack number appropriately
10045     * src/preprocessors/snort_httpinspect.c:
10046           file data ptr should be set to the decode buffer when the http response body is normalized. 
10047     * src/preprocessors/HttpInspect/: client/hi_client.c,
10048       server/hi_server.c:
10049           inspect stream inserted packets to check if they have a valid HTTP response.
10050           When there is a single segment HTTP response inspect the body.
10051           Dont wait for the reassembled packet ( due to flush point issues)
10052     * src/: detection_util.h, fpdetect.c,
10053       detection-plugins/sp_byte_check.c,
10054       detection-plugins/sp_byte_extract.c,
10055       detection-plugins/sp_byte_jump.c,
10056       detection-plugins/sp_ftpbounce.c,
10057       detection-plugins/sp_isdataat.c,
10058       detection-plugins/sp_pattern_match.c,
10059       detection-plugins/sp_pcre.c, preprocessors/snort_httpinspect.c,
10060       preprocessors/HttpInspect/server/hi_server.c:
10061            When extended_response_inspection is not enabled check for "HTTP".
10062            If present, apply flow depth otherwise do not disable detect and dont apply flow depth. 
10063     * doc/: README.http_inspect, snort_manual.pdf, snort_manual.tex:
10064            Update Manual and README.http_inspect
10065     * src/signature.c:
10066            remove commented out printfs
10067     * src/preprocessors/HttpInspect/server/hi_server.c:
10068           inspect stream reassembled packets only when stream reassembly is turned on. 
10069     * tools/u2boat/Makefile.am:
10070           Update Makefile to include docdir
10071     * src/encode.c:
10072            don't calculate checksum for pseudo-packets
10073     * src/: decode.c, decode.h, detect.c, detection_util.c,
10074       detection_util.h, fpdetect.c, log.c, log_text.c, mstring.c,
10075       detection-plugins/detection_options.c,
10076       detection-plugins/sp_asn1.c, detection-plugins/sp_base64_data.c,
10077       detection-plugins/sp_base64_decode.c,
10078       detection-plugins/sp_byte_check.c,
10079       detection-plugins/sp_byte_extract.c,
10080       detection-plugins/sp_byte_jump.c,
10081       detection-plugins/sp_file_data.c,
10082       detection-plugins/sp_ftpbounce.c,
10083       detection-plugins/sp_isdataat.c,
10084       detection-plugins/sp_pattern_match.c,
10085       detection-plugins/sp_pcre.c, detection-plugins/sp_urilen_check.c,
10086       dynamic-plugins/sf_dynamic_common.h,
10087       dynamic-plugins/sf_dynamic_engine.h,
10088       dynamic-plugins/sf_dynamic_plugins.c,
10089       dynamic-plugins/sf_dynamic_preprocessor.h,
10090       dynamic-plugins/sf_engine/sf_snort_detection_engine.c,
10091       dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
10092       dynamic-plugins/sf_engine/sf_snort_plugin_content.c,
10093       dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c,
10094       dynamic-preprocessors/ftptelnet/pp_ftp.c,
10095       dynamic-preprocessors/ftptelnet/pp_telnet.c,
10096       dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
10097       dynamic-preprocessors/smtp/smtp_util.c,
10098       dynamic-preprocessors/smtp/snort_smtp.c,
10099       output-plugins/spo_unified2.c, preprocessors/snort_httpinspect.c,
10100       preprocessors/spp_httpinspect.c, preprocessors/spp_rpc_decode.c,
10101       preprocessors/HttpInspect/client/hi_client.c,
10102       preprocessors/HttpInspect/normalization/hi_norm.c,
10103       preprocessors/HttpInspect/server/hi_server.c,
10104       preprocessors/HttpInspect/server/hi_server_norm.c,
10105       preprocessors/Stream5/snort_stream5_tcp.c:
10106           add buffer length attribute to alt decode buffer and don't set alt decode flag for alt_dsize changes
10107           which are indicated by that value being non-zero. 
10108     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10109           purge listener for pre-ack
10110           Flip the direction to match that the configurations in stream5_tcp. 
10111     * src/: decode.h, preprocessors/spp_httpinspect.c,
10112       preprocessors/HttpInspect/normalization/hi_norm.c:
10113           add new keyword to http_encode to detect ascii encoding
10114     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
10115            Propigate noalert back to detection option tree.
10116     * src/: parser.c, signature.c, signature.h:
10117           Allow multiple .so rules to reference a single soid metadata. 
10118     * doc/: README.active, README.daq, snort_manual.pdf,
10119       snort_manual.tex:
10120           clarify use of multiple --daq and config daq. 
10121     * src/parser.c:
10122           error on  multiple --daq args
10123 
10124 2010-10-04 Ryan Jordan <ryan.jordan@sourcefire.com>
10125 Snort 2.9.0
10126     * doc/Makefile.am:
10127     * doc/README.FLEXRESP:
10128     * doc/README.FLEXRESP2:
10129     * doc/README.http_inspect:
10130     * doc/README.INLINE:
10131     * doc/README.ipv6:
10132     * doc/README.stream5:
10133     * doc/README.wireless:
10134     * doc/snort_manual.tex:
10135       Removed obsolete README files. Updated README.ipv6.
10136       Documented other changes made below.
10137 
10138     * etc/gen-msg.map:
10139     * preproc_rules/preprocessor.rules:
10140     * src/generators.h:
10141       Added new preprocessor rules for HTTP Inspect and Frag3.
10142       Removed an old preprocessor rule for the already-removed dcerpc
10143       preprocessor.
10144 
10145     * rpm/snort.spec:
10146     * src/build.h:
10147       Updated version numbers.
10148 
10149     * src/dynamic-plugins/sp_dynamic.c:
10150     * src/fpcreate.c:
10151       Shared Object rules which use HTTP Content as their Fast Pattern
10152       should now work correctly.
10153 
10154     * src/decode.c:
10155     * src/decode.h:
10156     * src/detection-plugins/detection_options.c:
10157     * src/dynamic-plugins/sf_dynamic_engine.h:
10158     * src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
10159     * src/dynamic-plugins/sf_engine/sf_snort_packet.h:
10160     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h:
10161     * src/dynamic-plugins/sp_preprocopt.c:
10162     * src/dynamic-preprocessors/dcerpc2/dce2_roptions.c:
10163     * src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
10164     * src/dynamic-preprocessors/sdf/sdf_detection_option.c:
10165     * src/dynamic-preprocessors/sdf/sdf_pattern_match.c:
10166     * src/dynamic-preprocessors/sdf/spp_sdf.c:
10167     * src/dynamic-preprocessors/ssl/spp_ssl.c:
10168     * src/parser.c:
10169     * src/ppm.c:
10170     * src/ppm.h:
10171     * src/profiler.c:
10172     * src/target-based/sf_attribute_table_parser.l:
10173       Miscellaneous code cleanup.
10174       Other preprocessor rules had to be modified as part of the new Stream5
10175       rule option listed below.
10176 
10177     * src/preprocessors/HttpInspect/client/hi_client.c:
10178     * src/preprocessors/HttpInspect/event_output/hi_eo_log.c:
10179     * src/preprocessors/HttpInspect/include/hi_eo_events.h:
10180     * src/preprocessors/HttpInspect/include/hi_norm.h:
10181     * src/preprocessors/HttpInspect/include/hi_server_norm.h:
10182     * src/preprocessors/HttpInspect/include/hi_ui_config.h:
10183     * src/preprocessors/HttpInspect/normalization/hi_norm.c:
10184     * src/preprocessors/HttpInspect/server/hi_server.c:
10185     * src/preprocessors/HttpInspect/server/hi_server_norm.c:
10186     * src/preprocessors/HttpInspect/user_interface/hi_ui_config.c:
10187     * src/preprocessors/snort_httpinspect.c:
10188     * src/preprocessors/snort_httpinspect.h:
10189     * src/preprocessors/spp_httpinspect.c:
10190     * src/sfutil/util_utf.c:
10191     * src/sfutil/util_utf.h:
10192     * src/sfutil/Makefile.am:
10193     * snort_head/snort/src/win32/WIN32-Prj/snort.dsp:
10194       HTTP Inspect now handles "chunked" Transfer-Encoding for any Content-Encoding,
10195       not just for gzipped responses.
10196       HTTP Inspect now decompresses responses with "Content-Encoding: deflate".
10197       HTTP Inspect now normalizes server responses that use UTF-16 or UTF-32
10198       charsets.
10199 
10200     * src/preprocessors/portscan.c:
10201     * src/preprocessors/spp_sfportscan.c:
10202     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10203       Fixed an issue with some Stream5 sessions not being cleared until shutdown.
10204       Fixed a bug that caused false positives on Stream5 rule 129:4.
10205       Fixed a bug where Stream5 reassembled on all ports when sfportscan was in
10206       snort.conf, but in a "disabled" state.
10207       Added a preprocessor rule option, enabled by Stream5. The syntax is
10208       "reassembly: <on|off>,<client|server|both> [,noalert]". It enables/disables
10209       Stream reassembly for the session that matches the rule.
10210 
10211 2010-09-03 Ryan Jordan <ryan.jordan@sourcefire.com>
10212 Snort 2.9.0 RC
10213     * Fixed clean shutdown after reload.
10214     * Fixed tagging to log tagged packets regardless of filtering.
10215     * Fixed mempool initialization of free list count bug reported by
10216       zhangz@risinginfo.com.
10217     * Snort resized packets are now dropped and injected as required by DAQs.
10218     * Fixed Snort I/O Totals reporting injected packets with IPFW when NO
10219       packets are injected externally.
10220     * Tweaked Snort's dynamic preprocessor example.
10221     * More informative dynamic preprocessor loading error messages.
10222     * Added preprocessor alerts added to alert when Snort sees a client hello
10223       after a server hello or when Snort sees a server hello without a client
10224       hello when trustservers is disabled.
10225     * Documentation Updates: Updates to HTTP inspect README and Snort Manual.
10226     * Added parser error to fragoffset: Error when !, < and > operators are
10227       used with each other.
10228     * Updated README for daq with updated information on firewalls with FreeBSD
10229       and OpenBSD
10230     * Added more complete error checking to "byte_extract" rule option parsing.
10231     * The Sensitive Data preprocessor no longer searches HTTP headers for PII, as
10232       this introduced unnecessary false positives. In addition, the
10233       "us_social_nodashes" rule is now off by default to avoid false positives.
10234     * Added a new decoder alert for IPv6 extension headers that don't follow the
10235       RFC's recommended order.
10236     * Fixed a bug in the validation of IPv6 option lengths.
10237     * Fixed a bug in the normalization of HTTP responses with both gzipped
10238       Content-Encoding and chunked Transfer-Encoding.
10239     * Teredo packets with another layer of UDP on top will now display the correct
10240       port numbers in console output.
10241     * Reduced false positives on decoder alerts when "config deep_teredo_inspection"
10242       is enabled.
10243     * Fixed a problem with evaulating UDP rules on Teredo traffic, where the result
10244       of rule evaluation on the outer UDP
10245     * Changed the default search methond in snort.conf from "ac-bnfa" to "ac-split".
10246 
10247 2010-06-23 Steven Sturges <ssturges@sourcefire.com>
10248     * doc/README.active:
10249     * doc/README.http_inspect:
10250     * doc/README.ssl:
10251     * doc/snort_manual.tex:
10252       Updated descripgions of rule options.
10253     * etc/gen-msg.map:
10254       Update messages for IPv6 decoder events.
10255     * src/win32/Makefile.am:
10256     * src/win32/WIN32-Includes/libnet/Devioctl.h:
10257     * src/win32/WIN32-Includes/libnet/gnuc.h:
10258     * src/win32/WIN32-Includes/libnet/ifaddrlist.h:
10259     * src/win32/WIN32-Includes/libnet/IPExport.h:
10260     * src/win32/WIN32-Includes/libnet/IPHlpApi.h:
10261     * src/win32/WIN32-Includes/libnet/IPTypes.h:
10262     * src/win32/WIN32-Includes/libnet/libnet-asn1.h:
10263     * src/win32/WIN32-Includes/libnet/libnet-functions.h:
10264     * src/win32/WIN32-Includes/libnet/libnet.h:
10265     * src/win32/WIN32-Includes/libnet/libnet-headers.h:
10266     * src/win32/WIN32-Includes/libnet/libnet-macros.h:
10267     * src/win32/WIN32-Includes/libnet/LibnetNT.h:
10268     * src/win32/WIN32-Includes/libnet/libnet-ospf.h:
10269     * src/win32/WIN32-Includes/libnet/libnet-structures.h:
10270     * src/win32/WIN32-Includes/libnet/Ntddpack.h:
10271     * src/win32/WIN32-Includes/libnet/packet_types.h:
10272     * src/win32/WIN32-Includes/libnet/NTDDNDIS.H:
10273     * src/win32/WIN32-Includes/libnet/PACKET32.H:
10274     * src/win32/WIN32-Includes/mysql/config-netware.h:
10275     * src/win32/WIN32-Includes/mysql/config-os2.h:
10276     * src/win32/WIN32-Includes/mysql/config-win.h:
10277     * src/win32/WIN32-Includes/mysql/libmysqld.def:
10278     * src/win32/WIN32-Includes/mysql/libmysql.def:
10279     * src/win32/WIN32-Includes/mysql/m_ctype.h:
10280     * src/win32/WIN32-Includes/mysql/m_string.h:
10281     * src/win32/WIN32-Includes/mysql/my_dbug.h:
10282     * src/win32/WIN32-Includes/mysql/my_getopt.h:
10283     * src/win32/WIN32-Includes/mysql/my_global.h
10284     * src/win32/WIN32-Includes/mysql/my_pthread.h:
10285     * src/win32/WIN32-Includes/mysql/mysqld_error.h:
10286     * src/win32/WIN32-Includes/mysql/mysql_embed.h:
10287     * src/win32/WIN32-Includes/mysql/my_sys.h:
10288     * src/win32/WIN32-Includes/mysql/raid.h:
10289     * src/win32/WIN32-Libraries/libnet/LibnetNT.lib:
10290     * src/inline.c:
10291     * src/inline.h:
10292     * src/detection-plugins/sp_respond.c:
10293     * src/detection-plugins/sp_respond2.c:
10294       Remove dead files.
10295     * src/active.c:
10296     * src/preprocessors/normalize.c:
10297     * src/preprocessors/spp_normalize.c:
10298       DAQ capability updates
10299     * src/decode.c:
10300     * src/decode.h:
10301     * src/generators.h:
10302       IPv6 decoding updates
10303     * src/decode.c:
10304     * src/log.c:
10305     * src/log.h:
10306     * src/log_text.c:
10307     * src/log_text.h:
10308       Improvement of packet output when obfuscating IP addresses.
10309     * src/detection-plugins/sp_byte_jump.c:
10310       Updates to multiplier parameter handling.
10311     * src/detection-plugins/sp_react.c:
10312       Added HTTP header to response payload.
10313     * src/dynamic-preprocessors/ftptelnet/pp_ftp.c:
10314       Update to handling string format detection.
10315     * src/dynamic-preprocessors/libs/ssl.c:
10316     * src/dynamic-preprocessors/libs/ssl.h:
10317     * src/dynamic-preprocessors/ssl/spp_ssl.c:
10318       Updates to handling of SSL rule options when handshake says SSLv2
10319       but certificate is SSLv3 and interaction with Stream reassembled
10320       packets.
10321     * src/dynamic-preprocessors/sdf/spp_sdf.c:
10322       Display configuration information at startup.
10323     * src/fpdetect.c:
10324       Improved handling of gzip decoded buffer for fast pattern searches.
10325     * src/parser.c:
10326       Updates to parsing of IP variables with negated IP ranges.
10327     * src/preprocessors/HttpInspect/client/hi_client.c:
10328     * src/preprocessors/HttpInspect/server/hi_server.c:
10329       Chunk encoding processing updates.
10330     * src/preprocessors/HttpInspect/client/hi_client.c:
10331     * src/preprocessors/HttpInspect/include/hi_ui_config.h:
10332     * src/preprocessors/HttpInspect/include/Makefile.am:
10333     * src/preprocessors/HttpInspect/include/hi_cmd_lookup.h:
10334     * src/preprocessors/HttpInspect/Makefile.am:
10335     * src/preprocessors/HttpInspect/user_interface/hi_ui_config.c:
10336     * src/preprocessors/HttpInspect/user_interface/hi_ui_server_lookup.c:
10337     * src/preprocessors/HttpInspect/utils/Makefile.am:
10338     * src/preprocessors/HttpInspect/utils/hi_cmd_lookup.c:
10339     * src/preprocessors/snort_httpinspect.c:
10340     * src/preprocessors/snort_httpinspect.h:
10341     * src/preprocessors/spp_httpinspect.c:
10342       Use lookup for HTTP method validation.
10343     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10344       Updated state tracking for FIN_WAIT_2 and LAST_ACK
10345     * src/sfdaq.c:
10346     * src/sfdaq.h:
10347     * src/snort.c:
10348     * src/util.c:
10349       Handle -g/-u limited with DAQ modules that require root privs.
10350 
10351 2010-06-16 Ryan Jordan <ryan.jordan@sourcefire.com>
10352 Snort 2.9.0 Beta
10353     * Snort uses the DAQ library for packet acquisition and injection.
10354       ./configure --enable-inline and --enable-ipfw are deleted.  Just run ./snort
10355       -Q to activate inline mode for DAQs that support it.  See the README.daq there
10356       for more.
10357     * A normalizer preprocessor has been added to help minimize evasion vectors.
10358       Use ./configure --enable-normalizer to build and config normalize_* to
10359       enable.  See README.normalize for more.
10360     * Flexresp and flexresp2 have been replaced with a new flexresp3 module that
10361       supports the rule keywords from each.  ./configure --enable-flexresp
10362       --enable-flexresp2 are deprecated.
10363     * The react rule option has been rewritten to correct a number of issues.  You
10364       can also customize the injected content with config react.  Use ./configure
10365       --enable-react to build.
10366     * config min_ttl is now policy specific.  You can also set a normalization
10367       value with config new_ttl.
10368     * Snort has a new active response capability.  Build it with ./configure
10369       --enable-active-response.  This mode enables automatically sending TCP resets
10370       and ICMP unreachables.  See README.active for more.
10371     * Passive mode Snort can now inject packets for drop, sdrop, and reject rules.
10372       In addition, block and sblock rules have been added as synonyms for drop and
10373       sdrop to help avoid confusion between dropped packets and blocked packets.
10374       Configure with config response.
10375     * Snort shutdown output now includes new counts so you can see if any events
10376       are not being reported due to event queue and pattern matching
10377       configurations.  Also, ./configure --enable-timestats has been eliminated but
10378       the shutdown output of packet rates has been made standard.
10379     * BPFs can be written for IPv6.
10380     * ./snort -T has bee expanded to validate more than just the conf.  For
10381       example, you can now validate BPFs.
10382     * Snort no longer depends on libnet and uses libdnet instead.
10383     * Added the "byte_extract" detection option. This saves bytes from the packet
10384       into variables for use by other options.
10385     * Added support for byte_extract variables in the following rule options
10386       * content (offset, depth, distance, within)
10387       * byte_test (offset, comparison value)
10388       * byte_jump (offset)
10389       * isdataat (offset)
10390     * Added decoder support for Teredo tunneling (IPv6 over UDP over IPv4).
10391     * Added decoder support for Encapsulated Security Payload (ESP) with NULL encryption.
10392     * Added 18 decoder rules for different types of malformed IPv6 headers.
10393     * Moved 24 content-less rules into the packet decoder.
10394     * The Sensitive Data preprocessor now prints its configuration on startup.
10395     * Fixed the Snort RPM so that it installs the Sensitive Data preprocessor.
10396     * Updated the description of the "-h" option in the Snort help output.
10397     * Added a tools directory, with "u2boat" and "u2spewfoo". These programs can be
10398       used to turn Unified2 files into pcaps and console output, respectively.
10399     * Replaced Unified with Unified2 in snort.conf.
10400     * Moved the rules/ directory into its own separate tarball.
10401     * Snort will print encapsulated layers in text output.
10402     * Initial iteration of DCE/RPC preprocessor removed.
10403     * SO rule updates.  Updated storeRuleData() and getRuleData() API
10404       functions.  Added dynamic allocation functions allocRuleData() and
10405       freeRuleData() mainly for data stored on a stream session and to
10406       utilize a new configuration option to put a memcap on the amount of
10407       data SO rules allocate.
10408     * Fixed possible non-runtime memory leak in SO rule preprocessor rule
10409       options.
10410     * Added negation support to SSL preprocessor rule options ssl_state and
10411       ssl_version
10412     * Added support for Intel's Soft CPM for use as a fast pattern matcher.
10413     * Fixed issue when specifying a --pcap-dir where Snort would fatal
10414       error if there was a broken symbolic link under the directory.
10415     * Fixed an issue where copying an SO rule stub to modify the rule
10416       action, IPs and/or ports didn't work as expected.
10417     * Set state in SSL preprocessor even if record is truncated.
10418     * Fixed inconsistency with flowbits behaviour if stream session timed
10419       out.  stream5 now resets flowbits on a timeout.
10420     * Snort will now fatal error if adaptive profiles is enabled in any
10421       policy other than the default policy.
10422     * Fixed false positives caused by using the fast_pattern option with
10423       the "only" argument on an http content in a rule.
10424     * Fix OpenBSD compile with --enable-prelude.
10425     * Fixed issue in SO rules converted to text rules that were not
10426       setting mutliplier correctly.
10427     * Fixed inconsistencies in behaviour with user defined rule types.
10428     * Snort will now throw validation error for ipvar definition with
10429       negated ip list that is more general that other ip list in
10430       definition.
10431     * Added support for IP variable substitution.
10432     * Created new decoder event for ICMP PATH MTU denial of service
10433       attempt.
10434     * Fixed SSL preprocessor to potentially update state before
10435       reassmebled packet is decoded.
10436     * Added a new argument "mime" to the detection option "file_data".
10437       This argument will set the doe_ptr to the start of the base64 decoded
10438       MIME attachment. New config options "enable_mime_decoding", "max_mime_depth"
10439       and "max_mime_mem" are added to SMTP configuration to support this feature.
10440     * Added the "base64_decode" and "base64_data" detection option.
10441       The "base64_decode" decodes the base64 encoded data. The "base64_data"
10442       points the doe_ptr to the start of the base64 decoded buffer.
10443     * Added a new mode "inline-test". This mode simulates the inline mode of snort,
10444       allowing evaluation of inline behavior without affecting traffic. The command
10445       line option --enable-inline-test and snort config option policy_mode:inline_test
10446       added to support this feature. The drop rules will be loaded and will be
10447       triggered as a Wdrop (Would Drop) alert.
10448     * Added the support to extract the original client IP from the X-Forwarded-For
10449       or True-Client-IP headers. This client IP will now be logged to the unified2
10450       output when HTTP Inspect is configured with enable_xff.
10451     * Added support to u2spewfoo to read the Orginal Client IP, Wdrop Alerts, Gzip decompressed Data.
10452     * Added support to print the Gzip decompressed data with cmg output.
10453 
10454 2010-04-16 Ryan Jordan <ryan.jordan@sourcefire.com>
10455     * doc/README.dcerpc:
10456     * doc/README.dcerpc2:
10457     * doc/README.flowbits:
10458     * doc/README.frag3:
10459     * doc/README.http_inspect:
10460     * doc/README.PerfProfiling:
10461     * doc/README.sensitive_data:
10462     * doc/README.sfportscan:
10463     * doc/README.stream5:
10464     * doc/snort_manual.tex:
10465        Updated Snort documentation
10466 
10467     * etc/classification.config:
10468     * etc/gen-msg.map:
10469     * etc/snort.conf:
10470        Replaced snort.conf with the version we ship in the rules tarball.
10471        Fixed a duplicate entry in gen-msg.map.
10472 
10473     * src/decode.c:
10474     * src/decode.h:
10475       Added alert for IPv6/UDP packets with zero checksum.
10476 
10477     * src/detection-plugins/detection_options.c:
10478     * src/detection-plugins/sp_byte_check.c:
10479     * src/detection-plugins/sp_byte_jump.c:
10480     * src/detection-plugins/sp_isdataat.c:
10481        For byte_test, byte_jump, and isdataat, only do an in bounds check of
10482        the doe_ptr if the rule option is relative and will be using the doe_ptr.
10483     * src/detection-plugins/sp_pattern_match.c:
10484        Fixed a valgrind error.
10485     * src/detection-plugins/sp_react.c:
10486        Removed instances of the word "porn" from Snort.
10487 
10488     * src/dynamic-plugins/sf_convert_dynamic.c:
10489     * src/dynamic-plugins/sf_engine/sf_snort_packet.h:
10490     * src/dynamic-plugins/sp_dynamic.c:
10491        Changed the parsing of dynamic detection plugins to register dynamic
10492        rules per policy.
10493 
10494     * src/dynamic-preprocessors/ftptelnet/pp_ftp.c:
10495     * src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c:
10496     * src/preprocessors/spp_stream5.c:
10497     * src/preprocessors/stream_api.h:
10498     * src/preprocessors/stream_ignore.h:
10499     * src/target-based/sftarget_protocol_reference.c:
10500        The FTP preprocessor now marks data channels with the "ftp-data"
10501        service identifier. Adaptive profiling must be turned on for this.
10502 
10503     * src/dynamic-preprocessors/sdf/sdf_credit_card.c:
10504     * src/dynamic-preprocessors/sdf/sdf_detection_option.c:
10505     * src/dynamic-preprocessors/sdf/sdf_pattern_match.c:
10506     * src/dynamic-preprocessors/sdf/sdf_pattern_match.h:
10507     * src/dynamic-preprocessors/sdf/sdf_us_ssn.c:
10508     * src/dynamic-preprocessors/sdf/spp_sdf.c:
10509     * src/dynamic-preprocessors/sdf/spp_sdf.h:
10510     * src/generators.h:
10511        Moved the sensitive data preprocessor's preproc rule to GID 139.
10512        Fixed the ability to reload Snort with sensitive_data turned on.
10513        Fixed bugs in the parsing of "sd_pattern" rules that overlapped.
10514        U.S. Social Security numbers are now required to have non-digits on
10515          either side in order to cause a match.
10516 
10517     * src/mempool.c:
10518     * src/preprocessors/HttpInspect/client/hi_client.c:
10519     * src/preprocessors/HttpInspect/include/hi_include.h:
10520     * src/preprocessors/HttpInspect/include/hi_mi.h:
10521     * src/preprocessors/HttpInspect/include/hi_server.h:
10522     * src/preprocessors/HttpInspect/include/hi_ui_config.h:
10523     * src/preprocessors/HttpInspect/include/hi_util.h:
10524     * src/preprocessors/HttpInspect/mode_inspection/hi_mi.c:
10525     * src/preprocessors/HttpInspect/normalization/hi_norm.c:
10526     * src/preprocessors/HttpInspect/server/hi_server.c:
10527     * src/preprocessors/HttpInspect/user_interface/hi_ui_config.c:
10528     * src/preprocessors/snort_httpinspect.c:
10529     * src/preprocessors/snort_httpinspect.h:
10530        Added a "max_gzip_mem" option to http_inspect. Use this to set
10531          the maximum amount of memory used for gzip decompression.
10532        The "+" sign is now normalized to a space.
10533        Added a "disable" option to http_inspect so that a memcap can
10534          be set without enabling http_inspect across all VLANs.
10535 
10536     * src/preprocessors/sfprocpidstats.c:
10537     * src/preprocessors/sfprocpidstats.h:
10538     * src/preprocessors/spp_perfmonitor.c:
10539        Fixed a memory leak.
10540 
10541     * src/preprocessors/Stream5/snort_stream5_session.c:
10542     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10543     * src/preprocessors/Stream5/snort_stream5_udp.c:
10544        Fixed an issue that could cause Snort to take minutes to reload.
10545 
10546     * src/snort.c:
10547        Unblocked signals that Snort does not handle itself.
10548 
10549     * src/win32/Makefile.am:
10550     * src/win32/WIN32-Includes/config.h:
10551     * src/win32/WIN32-Includes/mysql/config-netware.h:
10552     * src/win32/WIN32-Includes/mysql/config-os2.h:
10553     * src/win32/WIN32-Includes/mysql/config-win.h:
10554     * src/win32/WIN32-Includes/mysql/errmsg.h:
10555     * src/win32/WIN32-Includes/mysql/libmysqld.def:
10556     * src/win32/WIN32-Includes/mysql/libmysql.def:
10557     * src/win32/WIN32-Includes/mysql/m_ctype.h:
10558     * src/win32/WIN32-Includes/mysql/m_string.h:
10559     * src/win32/WIN32-Includes/mysql/my_alloc.h:
10560     * src/win32/WIN32-Includes/mysql/my_dbug.h:
10561     * src/win32/WIN32-Includes/mysql/my_getopt.h:
10562     * src/win32/WIN32-Includes/mysql/my_global.h:
10563     * src/win32/WIN32-Includes/mysql/my_list.h:
10564     * src/win32/WIN32-Includes/mysql/my_pthread.h:
10565     * src/win32/WIN32-Includes/mysql/mysql_com.h:
10566     * src/win32/WIN32-Includes/mysql/mysqld_error.h:
10567     * src/win32/WIN32-Includes/mysql/mysql_embed.h:
10568     * src/win32/WIN32-Includes/mysql/mysql.h:
10569     * src/win32/WIN32-Includes/mysql/mysql_time.h:
10570     * src/win32/WIN32-Includes/mysql/mysql_version.h:
10571     * src/win32/WIN32-Includes/mysql/my_sys.h:
10572     * src/win32/WIN32-Includes/mysql/raid.h:
10573     * src/win32/WIN32-Includes/mysql/typelib.h:
10574     * src/win32/WIN32-Prj/snort.dsw:
10575     * src/win32/WIN32-Prj/snort_installer.nsi:
10576        Updated the MySQL client library in the Windows build.
10577        Fixed a conflict between MSSQL headers and the newer Windows Platform SDK.
10578 
10579 
10580 2010-01-27 Ryan Jordan <ryan.jordan@sourcefire.com>
10581     * doc/Makefile.am:
10582        Added README.sensitive_data
10583     * doc/README.dcerpc2:
10584        Removed "events" from default configuration.
10585     * doc/README.http_inspect:
10586        Added support for extended ascii codes in HTTP request URI using a new configurable option "extended_ascii_uri"
10587        Changed the pattern match to search only the HTTP response body when extended response inspection is enabled. Also copy only the decompressed data into the decode buffer.
10588     * doc/README.INLINE:
10589        Content replacement now allows replacement strings of varying sizes.
10590     * doc/README.multipleconfigs:
10591        Limit number of individual networks per line to 512.
10592     * doc/README.stream5:
10593        Removed "min_ttl" option, added the latest stream alerts.
10594     * doc/snort_manual.tex:
10595        Fixed typos, updated the Snort manual to match the README updates.
10596        Eliminated the kick-ass and the lotion.
10597        Updated with new PCRE options.
10598     * etc/classification.config:
10599        Cleaned up classification.config. Thanks to Guise McAllaster for reporting this issue.
10600     * etc/gen-msg.map:
10601        Added sig ID for http_inspect's chunk size mismatch.
10602     * etc/snort.conf:
10603        Fixed typos. Default "dynamicengine" entry is now specified by directory.
10604     * src/build.h:
10605        Updated build number.
10606     * src/checksum.h:
10607       checksum calculation for icmpv6 added . also fixed a warning in hi_client.c
10608     * src/configure.in:
10609       Updated makefile/configure script to optionally build dynamic examples.
10610       Thanks to Markus Lude for raising the issue.
10611 
10612       Fixed linker option on Solaris 10 to use nanosleep.
10613       Thanks to Randal T. Rioux for reporting this issue.
10614     * src/decode.c:
10615       checksum calculation for icmpv6 added . also fixed a warning in hi_client.c
10616     * src/decode.h:
10617       Change the pattern match to search only the HTTP response body when extended response inspection is enabled. Also copy only the decompressed data into the decode buffer.
10618     * src/detect.c:
10619        Formatting changes.
10620     * src/detection-plugins/sp_asn1.c:
10621     * src/detection-plugins/sp_byte_check.c:
10622     * src/detection-plugins/sp_ip_proto.c:
10623        Replaced strol and strtoul with inline functions that reset errno first.
10624     * src/detection-plugins/sp_pattern_match.c:
10625        Check if file_data is within the packet boundaries and set the search depth accordingly.
10626     * src/detection-plugins/sp_pcre.c:
10627        Pcre new options fix. Raw options and status options werent matching as expected.
10628     * src/detection-plugins/sp_replace.c:
10629        checksum calculation for icmpv6 added . also fixed a warning in hi_client.c
10630     * src/dynamic-examples/Makefile.am:
10631     * src/Makefile.am:
10632        Update makefile/configure script to optionally build dynamic examples.
10633     * src/dynamic-plugins/sf_dynamic_plugins.c:
10634        Replaced strol and strtoul with inline functions that reset errno first.
10635     * src/dynamic-plugins/sf_dynamic_preprocessor.h:
10636     * src/event_queue.c:
10637     * src/event_queue.h:
10638     * src/preprocessors/spp_frag3.c:
10639     * src/dynamic-preprocessors/dcerpc2/snort_dce2.c:
10640     * src/sfutil/sfeventq.h:
10641     * src/snort.c:
10642     * src/snort.h:
10643        Fixed a bug where Snort would log a packet other than the one triggering the alert.
10644     * src/dynamic-preprocessors/dcerpc2/dce2_debug.c:
10645     * src/dynamic-preprocessors/dcerpc2/dce2_roptions.c:
10646     * src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
10647     * src/dynamic-preprocessors/libs/sfparser.c:
10648     * src/output-plugins/spo_unified2.c:
10649     * src/parser.c:
10650     * src/preprocessors/spp_perfmonitor.c:
10651     * src/preprocessors/Stream5/snort_stream5_tcp.c:
10652        Replaced strol and strtoul with inline functions that reset errno first.
10653     * src/dynamic-preprocessors/dcerpc2/sf_preproc_info.h:
10654     * src/dynamic-preprocessors/dns/sf_preproc_info.h:
10655     * src/dynamic-preprocessors/ftptelnet/sf_preproc_info.h:
10656     * src/dynamic-preprocessors/smtp/sf_preproc_info.h:
10657     * src/dynamic-preprocessors/ssh/sf_preproc_info.h:
10658     * src/dynamic-preprocessors/ssl/sf_preproc_info.h:
10659        Updated build version number.
10660     * src/dynamic-preprocessors/sdf/.cvsignore:
10661        Added .cvsignore file
10662     * src/dynamic-preprocessors/sdf/sdf_credit_card.c:
10663     * src/dynamic-preprocessors/sdf/sdf_credit_card.h:
10664        Added license text.
10665        Added check for the Issuer Number in credit card numbers.
10666     * src/dynamic-preprocessors/sdf/sdf_detection_option.c:
10667     * src/dynamic-preprocessors/sdf/sdf_detection_option.h:
10668     * src/dynamic-preprocessors/sdf/sdf_pattern_match.c:
10669     * src/dynamic-preprocessors/sdf/sdf_pattern_match.h:
10670        Added license text.
10671        Fixed error when using the same sensitive data rule in multiple policies.
10672        Sensitive data rules must use the preprocessor's generator ID.
10673     * src/dynamic-preprocessors/sdf/sdf_us_ssn.c:
10674     * src/dynamic-preprocessors/sdf/sdf_us_ssn.h:
10675        Added license text.
10676     * src/dynamic-preprocessors/sdf/spp_sdf.c:
10677     * src/dynamic-preprocessors/sdf/spp_sdf.h:
10678        Fixed double-free when the preprocessor was enabled in multiple policies.
10679        Added the ability to search HTTP Uri buffers for sensitive data.
10680        Fixed the pcap header for pseudo-packets generated by the preprocessor.
10681     * src/fpcreate.c:
10682        OpenBSD update
10683     * src/generators.h:
10684        Added alert for HTTP chunk size mismatch.
10685     * src/obfuscation.c:
10686        Made a debug message optionally compilable.
10687     * src/output-plugins/spo_log_tcpdump.c:
10688        Fix use of -L option to work correctly.
10689        Thanks to Allan Adkins for reporting this issue.
10690     * src/preprocessors/HttpInspect/client/hi_client.c:
10691     * src/preprocessors/HttpInspect/event_output/hi_eo_log.c:
10692     * src/preprocessors/HttpInspect/include/hi_eo_events.h:
10693     * src/preprocessors/HttpInspect/include/hi_ui_config.h:
10694     * src/preprocessors/HttpInspect/include/hi_include.h:
10695     * src/preprocessors/HttpInspect/include/hi_util.h:
10696     * src/preprocessors/HttpInspect/server/hi_server.c:
10697       Added http response stats.
10698       Added support for extended ascii codes in HTTP request URI
10699         using a new configurable option "extended_ascii_uri"
10700       Added an alert for incorrect chunk size fields.
10701     * src/preprocessors/perf.c:
10702        Fixed null deref when "rotate stats" signal was caught w/out perfmon enabled.
10703     * src/preprocessors/snort_httpinspect.c:
10704        Fixed a case where the HTTP Inspect preprocessor would disable the Sensitive Data preprocessor.
10705     * src/preprocessors/spp_httpinspect.c:
10706        Decompressed bytes read will now be based on the total out of zstream.
10707     * src/target-based/sftarget_reader.c:
10708        attribute table printing - converting to host order before printing the ip address
10709     * src/util.c:
10710     * src/util.h:
10711       adding zlib version information for snort -V
10712     * src/win32/Makefile.am:
10713        Add zlib 1.2.3 to Win32 build.
10714     * src/win32/WIN32-Includes/config.h:
10715     * src/win32/WIN32-Includes/zlib/zconf.h:
10716     * src/win32/WIN32-Includes/zlib/zlib.h:
10717     * src/win32/WIN32-Prj/snort.dsp:
10718        Add zlib 1.2.3 to Win32 build.
10719     * src/win32/WIN32-Prj/snort_installer.nsi:
10720        Added Sensitive Data preproc to Windows installer script.
10721 
10722 2009-12-21 Ryan Jordan <ryan.jordan@sourcefire.com>
10723     * doc/README.dcerpc:
10724       Added deprecation notice.
10725     * doc/README.dcerpc2:
10726       Added note about fast pattern contents.
10727     * doc/README.filters:
10728       Slight change to indicate that filters were introduced in 2.8.5,
10729       which is no longer the current version.
10730     * doc/README.flowbits:
10731       Added documentation for flowbit groups.
10732     * doc/README.http_inspect:
10733       Added documentation for new HTTP rule options.
10734     * doc/snort_manual.tex:
10735       Updated for HTTP rule options and other cleanup.
10736     * doc/TODO:
10737       Removed obfuscation code from the TODO.
10738     * etc/gen-msg.map:
10739       Added new Stream5 alert for the "TCP 4-way handshake"
10740     * etc/snort.conf:
10741       Fixed typos. Added examples for Unified2 output and Sensitive Data
10742       preprocessor config.
10743     * rpm/snort.spec:
10744       Updated version number.
10745     * src/bounds.h:
10746       Formatting change. Added "SafeMemCheck" function. Modified "SafeMemcpy"
10747       and "SafeMemset" to use it.
10748     * src/build.h:
10749       Updated build number.
10750     * src/debug.c:
10751       Moved definition for snort_conf.
10752     * src/decode.h:
10753       Made changes for HTTP response gzip support.
10754     * src/detect.c:
10755       Updated to use new Obfuscation API.
10756     * src/sfutil/mpse.c:
10757     * src/sfutil/mpse.h:
10758     * src/fpcreate.c:
10759     * src/fpcreate.h:
10760     * src/sfutil/acsmx2.c:
10761     * src/sfutil/acsmx2.h:
10762       Added support for ac "split" pattern matcher to use less memory with
10763       improved performance over ac-bnfa.  Thanks to Charlie Lasswell for
10764       the ideas!
10765     * src/detect.h:
10766     * src/event_wrapper.c:
10767     * src/event_wrapper.h:
10768     * src/inline.c:
10769     * src/profiler.c:
10770     * src/rate_filter.h:
10771     * src/rules.h:
10772     * src/tag.c:
10773     * src/tag.h:
10774     * src/treenodes.h:
10775       OTNs and RTNs were moved to their own header file.
10776     * src/detection-plugins/detection_options.c:
10777     * src/detection-plugins/Makefile.am:
10778     * src/detection-plugins/sp_file_data.c:
10779     * src/detection-plugins/sp_file_data.h:
10780       New detection option "file_data" was added.
10781     * src/detection-plugins/detection_options.h:
10782     * src/rule_option_types.h:
10783       Moved option_type_t to its own header file.
10784     * src/detection-plugins/sp_flowbits.c:
10785     * src/detection-plugins/sp_flowbits.h:
10786       allowing flowbits group name only with set and toggle operations
10787       check if the content rules have http modifiers.
10788     * src/detection-plugins/sp_replace.c:
10789       need to check from the relative depth for bounds
10790       adjust the bounds while replacing to prevent buffer overflow.
10791       allow replace with different size strings. enhancement to replace.
10792     * src/detection-plugins/sp_isdataat.c:
10793       negated isdataat support.
10794     * src/detection-plugins/sp_pattern_match.c:
10795     * src/detection-plugins/sp_pattern_match.h:
10796       Update pattern match parsing to error on invalid rules.
10797     * src/detection-plugins/sp_asn1.c:
10798     * src/detection-plugins/sp_byte_check.c:
10799     * src/detection-plugins/sp_byte_jump.c:
10800     * src/detection-plugins/sp_clientserver.c:
10801     * src/detection-plugins/sp_cvs.c:
10802     * src/detection-plugins/sp_dsize_check.c:
10803     * src/detection-plugins/sp_ftpbounce.c:
10804     * src/detection-plugins/sp_icmp_code_check.c:
10805     * src/detection-plugins/sp_icmp_id_check.c:
10806     * src/detection-plugins/sp_icmp_seq_check.c:
10807     * src/detection-plugins/sp_icmp_type_check.c:
10808     * src/detection-plugins/sp_ip_fragbits.c:
10809     * src/detection-plugins/sp_ip_id_check.c:
10810     * src/detection-plugins/sp_ipoption_check.c:
10811     * src/detection-plugins/sp_ip_proto.c:
10812     * src/detection-plugins/sp_ip_proto.h:
10813     * src/detection-plugins/sp_ip_same_check.c:
10814     * src/detection-plugins/sp_ip_tos_check.c:
10815     * src/detection-plugins/sp_pcre.c:
10816     * src/detection-plugins/sp_pcre.h:
10817     * src/detection-plugins/sp_react.c:
10818     * src/detection-plugins/sp_respond2.c:
10819     * src/detection-plugins/sp_respond.c:
10820     * src/detection-plugins/sp_rpc_check.c:
10821     * src/detection-plugins/sp_session.c:
10822     * src/detection-plugins/sp_tcp_ack_check.c:
10823     * src/detection-plugins/sp_tcp_flag_check.c:
10824     * src/detection-plugins/sp_tcp_seq_check.c:
10825     * src/detection-plugins/sp_tcp_win_check.c:
10826     * src/detection-plugins/sp_ttl_check.c:
10827     * src/detection-plugins/sp_urilen_check.c:
10828     * src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c:
10829     * src/dynamic-preprocessors/ssl/spp_ssl.c:
10830       Updated calls to RegisterRuleOption() to match new definiton.
10831     * src/dynamic-plugins/sf_convert_dynamic.c:
10832       Updated conversion of Content and PCRE rule options to match HTTP changes.
10833     * src/dynamic-plugins/sf_dynamic_common.h:
10834       Updated HTTP flags.
10835     * src/dynamic-plugins/sf_dynamic_engine.h:
10836     * src/dynamic-plugins/sp_preprocopt.c:
10837     * src/dynamic-plugins/sp_preprocopt.h:
10838       Added definition of OTN Handler.  A detection option or preprocessor can
10839       register one of these to get the OTN of any rule using its rule option.
10840     * src/dynamic-plugins/sf_dynamic_plugins.c:
10841     * src/dynamic-plugins/sf_dynamic_preprocessor.h:
10842     * src/dynamic-plugins/sf_preproc_example/sf_dynamic_preproc_lib.c:
10843       Added several items to DynamicPreprocessorData, to allow dynamic
10844       preprocessors to call more Snort functions.
10845     * src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
10846     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.c:
10847     * src/dynamic-plugins/sf_engine/sf_snort_plugin_api.h:
10848     * src/dynamic-plugins/sf_engine/sf_snort_plugin_content.c:
10849     * src/dynamic-plugins/sf_engine/sf_snort_plugin_pcre.c:
10850     * src/dynamic-plugins/sp_dynamic.c:
10851     * src/dynamic-plugins/sp_dynamic.h:
10852       Check for HTTP modifiers to Content and PCRE options in shared object
10853       rules.
10854     * src/dynamic-plugins/sf_engine/sf_snort_packet.h:
10855       Added missing Packet member to SFSnortPacket.
10856     * src/dynamic-preprocessors/dcerpc/dcerpc.c:
10857     * src/dynamic-preprocessors/dcerpc/dcerpc.h:
10858       Moved DCERPC_FragType definition.
10859     * src/dynamic-preprocessors/dcerpc/dcerpc_config.c:
10860     * src/dynamic-preprocessors/dcerpc/snort_dcerpc.h:
10861     * src/dynamic-preprocessors/dcerpc/spp_dcerpc.c:
10862     * src/dynamic-preprocessors/dcerpc2/dce2_co.c:
10863     * src/dynamic-preprocessors/dcerpc2/dce2_config.c:
10864     * src/dynamic-preprocessors/dcerpc2/snort_dce2.c:
10865     * src/preprocessors/portscan.h:
10866     * src/preprocessors/spp_frag3.c:
10867     * src/preprocessors/spp_sfportscan.c:
10868       Added "disabled" option to frag3_global, stream5_global, portscan,
10869       dcerpc, and dcerpc2 preprocessor configurations so that memcaps can be
10870       specified in the default configuration w/o enabling that preprocessor.
10871       This allows specification of the preprocessors only in the desired
10872       configuration.
10873     * src/dynamic-preprocessors/dcerpc/Makefile.am:
10874     * src/dynamic-preprocessors/dcerpc2/Makefile.am:
10875     * src/dynamic-preprocessors/dns/Makefile.am:
10876     * src/dynamic-preprocessors/dns/sf_dns.dsp:
10877     * src/dynamic-preprocessors/ftptelnet/Makefile.am:
10878     * src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.dsp:
10879     * src/dynamic-preprocessors/smtp/Makefile.am:
10880     * src/dynamic-preprocessors/ssh/Makefile.am:
10881     * src/dynamic-preprocessors/ssl/Makefile.am:
10882     * src/dynamic-preprocessors/smtp/sf_smtp.dsp:
10883     * src/dynamic-preprocessors/ssh/sf_ssh.dsp:
10884     * src/dynamic-preprocessors/ssl/sf_ssl.dsp:
10885       Fix make dist to include all required files.
10886     * src/dynamic-preprocessors/dcerpc2/dce2_event.c:
10887     * src/dynamic-preprocessors/dcerpc2/dce2_list.h:
10888     * src/dynamic-preprocessors/dcerpc2/dce2_utils.c:
10889     * src/dynamic-preprocessors/dcerpc2/dce2_utils.h:
10890     * src/dynamic-preprocessors/dcerpc2/includes/dcerpc.h:
10891       Changed use of some integers to enumerated types.
10892     * src/dynamic-preprocessors/dcerpc2/dce2_roptions.c:
10893       Added dce_iface options to the fast pattern matcher.
10894     * src/dynamic-preprocessors/dcerpc2/snort_dce2.h:
10895     * src/dynamic-preprocessors/dcerpc2/dce2_config.h:
10896     * src/dynamic-preprocessors/smtp/snort_smtp.c:
10897       Added sensitive data to the list of preprocs that get re-enabled after
10898       disabling detection.
10899     * src/dynamic-preprocessors/dcerpc2/spp_dce2.c:
10900       Removed config file/line from error message since not set at this point.
10901       Also removed redundant "dcerpc2 configuration" text.
10902     * src/dynamic-preprocessors/Makefile.am:
10903     * src/dynamic-preprocessors/treenodes.sed:
10904       Included more header files for use in dynamic preprocessors.
10905     * src/dynamic-preprocessors/sdf/Makefile.am:
10906     * src/dynamic-preprocessors/sdf/sdf_credit_card.c:
10907     * src/dynamic-preprocessors/sdf/sdf_credit_card.h:
10908     * src/dynamic-preprocessors/sdf/sdf_detection_option.c:
10909     * src/dynamic-preprocessors/sdf/sdf_detection_option.h:
10910     * src/dynamic-preprocessors/sdf/sdf_pattern_match.c:
10911     * src/dynamic-preprocessors/sdf/sdf_pattern_match.h:
10912     * src/dynamic-preprocessors/sdf/sdf_us_ssn.c:
10913     * src/dynamic-preprocessors/sdf/sdf_us_ssn.h:
10914     * src/dynamic-preprocessors/sdf/sf_preproc_info.h:
10915     * src/dynamic-preprocessors/sdf/sf_sdf.dsp:
10916     * src/dynamic-preprocessors/sdf/spp_sdf.c:
10917     * src/dynamic-preprocessors/sdf/spp_sdf.h:
10918     * src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp:
10919     * src/preprocids.h:
10920     * doc/README.sensitive_data:
10921     * doc/snort_manual.tex:
10922       Added Sensitive Data preprocessor. It performs detection of Personally
10923       Identifiable Information, such as credit card numbers and U.S. Social
10924       Security numbers.
10925     * src/dynamic-preprocessors/ssh/spp_ssh.c:
10926       Formatting change.
10927     * src/fpcreate.c:
10928     * src/fpcreate.h:
10929     * src/fpdetect.c:
10930       Content rules with the new HTTP modifiers can use the fast pattern
10931       matcher.
10932     * src/generators.h:
10933       Added SIDs for new preprocessor alerts.
10934     * src/Makefile.am:
10935       Added new files to Makefile.
10936     * src/obfuscation.c:
10937     * src/obfuscation.h:
10938     * src/util.c:
10939     * src/util.h:
10940       Fixed output obfuscation, and added an Obfuscation API for use in
10941       preprocessors & output plugins.
10942     * src/log.c:
10943     * src/log.h:
10944     * src/log_text.c:
10945     * src/log_text.h:
10946     * src/output-plugins/spo_alert_fast.c:
10947     * src/output-plugins/spo_alert_full.c:
10948     * src/output-plugins/spo_alert_prelude.c:
10949     * src/output-plugins/spo_alert_sf_socket.c:
10950     * src/output-plugins/spo_alert_syslog.c:
10951     * src/output-plugins/spo_alert_test.c:
10952     * src/output-plugins/spo_alert_unixsock.c:
10953     * src/output-plugins/spo_csv.c:
10954     * src/output-plugins/spo_database.c:
10955     * src/output-plugins/spo_log_ascii.c:
10956     * src/output-plugins/spo_log_null.c:
10957     * src/output-plugins/spo_log_tcpdump.c:
10958     * src/output-plugins/spo_unified2.c:
10959     * src/output-plugins/spo_unified.c:
10960       Modified several output plugins to print obfuscated data using the new
10961       Obfuscation API.
10962     * src/parser.c:
10963     * src/parser.h:
10964       Added support for OTN handlers.  Added support for using new http
10965       content options with the fast pattern matcher.
10966     * src/pcrm.c:
10967     * src/pcrm.h:
10968       Formatting changes.
10969     * src/plugbase.c:
10970     * src/plugbase.h:
10971       Added OTN handler argument to the RegisterRuleOption() function.
10972       Initialized the "file_data" rule option.
10973     * src/ppm.c:
10974     * src/ppm.h:
10975       Remove non-portlists code.
10976     * src/preprocessors/HttpInspect/client/hi_client.c:
10977     * src/preprocessors/HttpInspect/client/hi_client_norm.c:
10978     * src/preprocessors/HttpInspect/include/hi_client.h:
10979     * src/preprocessors/HttpInspect/include/hi_eo_events.h:
10980     * src/preprocessors/HttpInspect/include/hi_mi.h:
10981     * src/preprocessors/HttpInspect/include/hi_norm.h:
10982     * src/preprocessors/HttpInspect/include/hi_server.h:
10983     * src/preprocessors/HttpInspect/include/hi_server_norm.h:
10984     * src/preprocessors/HttpInspect/include/hi_ui_config.h:
10985     * src/preprocessors/HttpInspect/include/hi_util.h:
10986     * src/preprocessors/HttpInspect/include/Makefile.am:
10987     * src/preprocessors/HttpInspect/Makefile.am:
10988     * src/preprocessors/HttpInspect/mode_inspection/hi_mi.c:
10989     * src/preprocessors/HttpInspect/normalization/hi_norm.c:
10990     * src/preprocessors/HttpInspect/server/hi_server.c:
10991     * src/preprocessors/HttpInspect/server/hi_server_norm.c:
10992     * src/preprocessors/HttpInspect/server/Makefile.am:
10993     * src/preprocessors/HttpInspect/session_inspection/hi_si.c:
10994     * src/preprocessors/HttpInspect/user_interface/hi_ui_config.c:
10995     * src/preprocessors/snort_httpinspect.c:
10996     * src/preprocessors/snort_httpinspect.h:
10997     * src/preprocessors/spp_httpinspect.c:
10998       New feature for HTTP Inspect to split requests into 5 components -
10999       Method, URI, Header (non-cookie), Cookies, Body.
11000       Added HTTP server specific configurations to normalize HTTP header
11001       and/or cookie buffers.  Provided content and PCRE modifiers to allow
11002       searches within one or more of those individual buffers.  Added content
11003       modifier to allow rule writer to specify content to be used for fast
11004       pattern matcher.  Updated dynamic rule API to allow searches within
11005       the new buffers.
11006     * src/preprocessors/perf.c:
11007     * src/preprocessors/spp_perfmonitor.c:
11008     * src/preprocessors/perf-flow.c:
11009     * src/preprocessors/perf-flow.h:
11010     * src/preprocessors/perf.h:
11011     * src/preprocessors/Stream5/snort_stream5_udp.c:
11012       Add Flow-IP stats to the Performance Monitor preprocessor.
11013       Write out a commented line to the now file the first time perfmon
11014       Reduce performance overhead when FlowIP stats aren't enabled.
11015     * src/preprocessors/sfprocpidstats.c:
11016       Changed GetCpuName() to catch errno when sscanf() sets it.
11017     * src/preprocessors/spp_rpc_decode.c:
11018       Fixed warnings when compiled in Win32.
11019     * src/preprocessors/spp_stream5.c:
11020     * src/preprocessors/Stream5/snort_stream5_session.h:
11021     * src/preprocessors/Stream5/snort_stream5_tcp.c:
11022     * src/preprocessors/Stream5/snort_stream5_tcp.h:
11023     * src/preprocessors/Stream5/stream5_common.c:
11024     * src/preprocessors/Stream5/stream5_common.h:
11025     * src/preprocessors/stream_api.h:
11026       Added detection of "4-way TCP Handshake" when require_3whs is enabled.
11027       Added "disabled" option so that memcaps can be configured in the default
11028       policy w/out enabling the preprocessor.  Added support for output
11029       obfuscation.
11030     * src/prototypes.h:
11031     * src/sys_include.h:
11032       Removed more obsolete/unused files.
11033     * src/sfthreshold.c:
11034     * src/sfutil/acsmx2.c:
11035     * src/sfutil/acsmx2.h:
11036     * src/sfutil/bnfa_search.c:
11037     * src/sfutil/ipobj.c:
11038     * src/sfutil/ipobj.h:
11039     * src/sfutil/Makefile.am:
11040     * src/sfutil/mpse.c:
11041     * src/sfutil/mpse.h:
11042     * src/sfutil/sf_ip.c:
11043     * src/sfutil/sf_ip.h:
11044     * src/sfutil/sf_iph.c:
11045     * src/sfutil/sf_ipvar.c:
11046     * src/sfutil/sfksearch.c:
11047     * src/sfutil/sfPolicyUserData.c:
11048     * src/sfutil/sfPolicyUserData.h:
11049     * src/sfutil/sfportobject.c:
11050     * src/sfutil/sfxhash.c:
11051     * src/sfutil/sfrf.c:
11052     * src/sfutil/sfrt_trie.h:
11053     * src/sfutil/sf_vartable.c:
11054       Cleaned up warnings, especially when compiled with ICC.
11055     * src/sfutil/util_net.c:
11056     * src/sfutil/util_net.h:
11057       Fix ip obfuscation to not modify packet data and only obfuscate for
11058       text outputs.
11059     * src/signature.c:
11060     * src/signature.h:
11061     * src/snort.c:
11062     * src/snort.h:
11063       Remove non-portlists code.
11064     * src/target-based/sf_attribute_table_parser.l:
11065     * src/target-based/sftarget_reader.c:
11066       Use bison built in YYACCEPT and YYABORT so stack is cleaned up and freed.
11067     * src/win32/WIN32-Code/syslog.c:
11068     * src/win32/WIN32-Code/win32_service.c:
11069     * src/win32/WIN32-Includes/config.h:
11070     * src/win32/WIN32-Prj/snort.dsp:
11071     * src/win32/WIN32-Prj/snort.dsw:
11072     * src/win32/WIN32-Prj/snort_installer.nsi:
11073       Win32 project files updated to reflect Makefile changes.
11074 
11075 2009-12-15 Ryan Jordan <ryan.jordan@sourcefire.com>
11076     * doc/snort_manual.tex:
11077       Clarified the documentation for output plugins alert_fast, alert_full,
11078       log_tcpdump, and alert_csv. Added documentation for log limits.
11079     * etc/gen-msg.map:
11080     * src/generators.h:
11081     * src/preprocessors/HttpInspect/client/hi_client.c:
11082     * src/preprocessors/HttpInspect/event_output/hi_eo_log.c:
11083     * src/preprocessors/HttpInspect/include/hi_client.h:
11084     * src/preprocessors/HttpInspect/include/hi_eo_events.h:
11085       Changes to improve handling of pipelined requests and chunked
11086       encodings based on content length header field.
11087     * src/preprocessors/snort_httpinspect.c:
11088       Fix error message for validation of client_flow_depth.
11089     * src/build.h:
11090       Updated build number
11091     * src/codes.c:
11092     * src/codes.h:
11093     * src/detection-plugins/sp_respond2.h:
11094       Removed unused code.
11095     * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
11096     * src/dynamic-preprocessors/dcerpc2/snort_dce2.c:
11097       Set IPv6 UDP DCE/RPC reassembly headers.
11098     * src/dynamic-preprocessors/Makefile.am:
11099       Exported more files to allow re-building of some .so files on NetBSD.
11100     * src/dynamic-preprocessors/ssh/spp_ssh.c:
11101     * src/dynamic-preprocessors/ssh/spp_ssh.h:
11102       Fixed an issue where the SSH preprocessor would erroneously alert on
11103       "protocol mismatch" when autodetect was turned on.
11104     * src/log.h:
11105     * src/parser.c:
11106       Fixed reloading of auto-iface variables after privileges had been dropped.
11107       Thanks to Pablo Catalina for reporting this issue.
11108     * src/output-plugins/spo_alert_prelude.c:
11109       Fixed compiling on AIX 6, or with --enable-prelude and --enable-ipv6.
11110       Thanks to Rnadall Rioux for reporting the AIX issues.
11111       Thanks to Markus Lude for reporting the prelude & IPv6 issues.
11112     * src/preprocessors/spp_rpc_decode.c:
11113     * src/preprocessors/spp_stream5.c:
11114     * src/preprocessors/Stream5/snort_stream5_tcp.c:
11115     * src/preprocessors/Stream5/snort_stream5_tcp.h:
11116     * src/preprocessors/stream_api.h:
11117       Set smaller flush point appropriate for RPC header.
11118     * src/sfutil/Makefile.am:
11119     * src/sfutil/sf_ipvar.c:
11120       Fixed an error where negative IP lists were not always being checked.
11121     * src/sfutil/sfPolicy.c:
11122     * src/sfutil/sfPolicy.h:
11123       Fix to return correct vlan/ip id.
11124     * src/sfutil/sfrt.h:
11125     * src/sfutil/sfrt_trie.h:
11126       More compile fixes on AIX 6.
11127     * src/snort.c:
11128     * src/target-based/sftarget_reader.c:
11129       Fix issues at startup and perfstats rotation with old versions of
11130       libc (2.2, 2.3) & linux threads.
11131     * src/util.h:
11132       Added a function prototype for InitTimeStats.
11133     * src/win32/WIN32-Includes/config.h:
11134       Formatting changes.
11135 
11136 2009-10-21 Ryan Jordan <ryan.jordan@sourcefire.com>
11137     * doc/README.filters:
11138       added missing _.
11139     * doc/snort_manual.tex:
11140       Update to add PCRE modifiers that were left out of table 3.8.
11141       Fixed typos.
11142     * src/build.h:
11143       Updated build number.
11144     * src/codes.c:
11145     * src/codes.h:
11146       Removed unused code.
11147     * src/decode.c:
11148       When label > NUM_RESERVED_LABELS, iRet should be set based on the payload
11149       type
11150     * src/configure.in:
11151     * src/Makefile.am:
11152     * src/dynamic-examples/Makefile.am:
11153     * src/dynamic-examples/dynamic-preprocessor/Makefile.am:
11154     * src/dynamic-examples/dynamic-preprocessor/spp_example.c:
11155       Added the dynamic-examples back to the Makefile, and updated the example
11156       preprocessor to support multiple policies & config reloading.
11157     * src/detection-plugins/sp_pcre.c:
11158       fixed warning: ISO C90 forbids mixed declarations and code
11159     * src/detection-plugins/sp_respond2.h:
11160       separate flexresp interface from implementation
11161       Made react, resp, and resp2 independent except that libnet is only
11162       initialized/closed once regardless of build combinations.
11163     * src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
11164       Fixed a bug where dynamic rules were not initialized correctly after a
11165       snort.conf reload.
11166     * src/dynamic-preprocessors/dcerpc/spp_dcerpc.c:
11167     * src/dynamic-preprocessors/dcerpc2/dce2_config.c:
11168     * src/dynamic-preprocessors/dcerpc2/spp_dce2.c:
11169     * src/dynamic-preprocessors/dns/spp_dns.c:
11170     * src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c:
11171     * src/dynamic-preprocessors/smtp/spp_smtp.c:
11172     * src/dynamic-preprocessors/ssl/spp_ssl.c:
11173     * src/parser.c:
11174     * src/preprocessors/spp_httpinspect.c:
11175     * src/preprocessors/spp_rpc_decode.c:
11176     * src/preprocessors/spp_stream5.c:
11177     * src/preprocessors/Stream5/snort_stream5_session.c:
11178     * src/preprocessors/Stream5/snort_stream5_session.h:
11179     * src/preprocessors/Stream5/snort_stream5_tcp.c:
11180     * src/preprocessors/Stream5/snort_stream5_tcp.h:
11181     * src/preprocessors/Stream5/snort_stream5_udp.c:
11182     * src/preprocessors/Stream5/snort_stream5_udp.h:
11183     * src/preprocessors/Stream5/stream5_common.h:
11184     * src/preprocessors/stream_api.h:
11185       Fixed segfault when adding policies on reload
11186       Fixed potentially freed stream5 configuration being read on clean exit
11187       Fixed potentially wrong stream5 configuration being used during reload
11188     * src/dynamic-preprocessors/dcerpc2/dce2_co.c:
11189       Make log message a debug message
11190     * src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
11191       changing the return value
11192     * src/dynamic-preprocessors/ssh/spp_ssh.c:
11193       Fixed SSH preprocessor to use "FLPOLICY_IGNORE" when turning off Stream
11194       reassembly, as opposed to "FLPOLICY_NONE"
11195     * src/fpcreate.c:
11196     * src/profiler.c:
11197       Updated uses of IPPROTO_IP to ETHERNET_TYPE_IP
11198     * src/output-plugins/spo_alert_sf_socket.c:
11199       fixed otn lookup; due to not calling "first" function the configured
11200       gid/sids would not be found and so no no alerts would go out the socket
11201       and no errors reported.
11202     * src/log.c:
11203       use orig api and family for embedded icmp packet printing.
11204       Fixed out-of-bounds access when printing IPv6 packets using -v.
11205     * src/output-plugins/spo_database.c:
11206       Included missing "last_cid" column when inserting a new sensor into the
11207       table while "ignore_bpf" was turned on.
11208     * src/preprocessors/perf-base.c:
11209       Fixed inaccurate wire speed stats.
11210     * src/preprocessors/HttpInspect/client/hi_client.c:
11211       Updated previous bugfix to check for more possible return values.
11212     * src/preprocessors/spp_perfmonitor.c:
11213       Check if packet is stream rebuilt.  Don't include in stats.
11214     * src/sfutil/sf_ip.h:
11215       processing of 0.0.0.0/x enabled. Only 0.0.0.0/32 is considered as "any".
11216     * src/sfutil/sfPolicy.c:
11217       fixed segfault when more than 10 policies were applied.
11218     * src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.dsp:
11219     * src/output-plugins/spo_alert_syslog.c:
11220     * src/win32/WIN32-Code/syslog.c:
11221     * src/win32/WIN32-Prj/sf_engine_initialize.dsp:
11222     * src/win32/WIN32-Prj/snort_initialize.dsp:
11223       Fix syslog output under Windows.
11224     * src/snort.c:
11225       enable -Q output with --help for !IPFW && !WIN32 builds; change text to
11226       be more accurrate.
11227     * src/snort.h:
11228       Handled MPLS BOS.
11229     * src/target-based/sf_attribute_table_parser.l:
11230     * src/target-based/sf_attribute_table.y:
11231     * src/target-based/sftarget_reader.c:
11232       Use bison built in YYACCEPT and YYABORT so stack is cleaned up and freed
11233       Free host entries that are not inserted into routing table due to
11234       max_attribute_hosts limit
11235 
11236 2009-09-15 Ryan Jordan <ryan.jordan@sourcefire.com>
11237     * doc/README.frag3:
11238       Removed ttl_limit option, as it has been deprecated.
11239     * doc/README.ftptelnet:
11240       Added the ignore_telnet_erase_cmds option.
11241     * doc/README.ssh:
11242       Fixed the documentation to reflect changes in SSH for 2.8.5.
11243     * doc/snort_manual.tex:
11244       Duplicated the above doc changes for the manual. Clarified order
11245       of rule actions.
11246     * etc/gen-msg.map:
11247       Punctuation changes.
11248     * etc/snort.conf:
11249       Fix the example SSH configuration, and turn it on by default. This
11250       should increase performance in situations where a lot of SSH traffic
11251       was inspected.
11252     * rpm/snort.spec:
11253       Updated version number.
11254     * src/build.h:
11255       Updated build number.
11256     * configure.in:
11257       Added configure switch to disable core files.
11258     * src/codes.c:
11259     * src/codes.h:
11260       Removed old/unused code.
11261     * src/debug.c:
11262     * src/sfutil/sfportobject.c:
11263     * src/snort.c:
11264     * src/snort.h:
11265     * src/util.c:
11266       redirect stdin/stdout/stderr to /dev/null
11267       for debug write to file and change ownership of file to dropped privs
11268     * src/decode.c:
11269       Allow support for label values of 0 or 2 at locations other than bottom
11270       of stack.
11271     * src/decode.h:
11272     * src/win32/WIN32-Prj/snort_installer.nsi:
11273       Moved a couple rules into the decoder.
11274     * src/detection-plugins/detection_options.c:
11275     * src/detection-plugins/detection_options.h:
11276     * src/detection-plugins/Makefile.am:
11277     * src/detection-plugins/sp_pattern_match.c:
11278     * src/detection-plugins/sp_pattern_match.h:
11279     * src/detection-plugins/sp_react.c:
11280     * src/detection-plugins/sp_react.h:
11281     * src/detection-plugins/sp_respond2.c:
11282     * src/detection-plugins/sp_respond2.h:
11283     * src/detection-plugins/sp_respond.c:
11284     * src/detection-plugins/sp_respond.h:
11285     * src/detection-plugins/sp_session.c:
11286     * src/win32/WIN32-Prj/snort.dsp:
11287       Made react, resp, and resp2 independent except that libnet is only
11288       initialized/closed once regardless of build combinations.
11289     * src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
11290       Added a new check to handle loading of older libraries.
11291     * src/dynamic-plugins/sf_dynamic_preprocessor.h:
11292     * src/dynamic-preprocessors/dcerpc/sf_preproc_info.h:
11293     * src/dynamic-preprocessors/dcerpc/snort_dcerpc.c:
11294     * src/dynamic-preprocessors/dcerpc2/sf_preproc_info.h:
11295     * src/dynamic-preprocessors/dcerpc2/snort_dce2.c:
11296     * src/dynamic-preprocessors/dcerpc2/spp_dce2.c:
11297     * src/dynamic-preprocessors/dns/sf_preproc_info.h:
11298     * src/dynamic-preprocessors/dns/spp_dns.c:
11299     * src/dynamic-preprocessors/ftptelnet/ftpp_si.c:
11300     * src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
11301     * src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c:
11302     * src/dynamic-preprocessors/smtp/sf_preproc_info.h:
11303     * src/dynamic-preprocessors/ssh/sf_preproc_info.h:
11304     * src/dynamic-preprocessors/ssh/spp_ssh.h:
11305     * src/dynamic-preprocessors/ssl/sf_preproc_info.h:
11306       Changed the build numbers of preprocessors.
11307     * src/dynamic-preprocessors/dcerpc/spp_dcerpc.c:
11308     * src/preprocessors/spp_arpspoof.c:
11309     * src/preprocessors/spp_stream5.c:
11310     * src/sfutil/acsmx2.c:
11311     * src/sfutil/acsmx2.h:
11312       Fixed compile warnings.
11313     * src/preprocessors/spp_sfportscan.c:
11314       Don't include vlan header in portscan event/log packet.
11315     * src/preprocessors/Stream5/snort_stream5_tcp.c:
11316       Fix core by adjusting IPv6 buffer size
11317     * src/profiler.c:
11318       Clean up preprocessor profiler formatting.
11319     * src/dynamic-preprocessors/ssh/spp_ssh.c:
11320       Changed limit on max_server_version_len to 255.
11321     * src/dynamic-preprocessors/smtp/smtp_log.h:
11322     * src/dynamic-preprocessors/smtp/smtp_xlink2state.c:
11323     * src/dynamic-preprocessors/smtp/spp_smtp.c:
11324     * src/generators.h:
11325       Gave xlink2state smtp preprocessor alert a unique sid.
11326     * src/dynamic-plugins/sf_engine/sf_snort_detection_engine.c:
11327       Fixed memory leaks.
11328     * src/fpcreate.c:
11329       Fixed potential segfault with multiplie policies.
11330     * src/fpdetect.c:
11331     * src/fpdetect.h:
11332     * src/preprocessors/perf-base.c:
11333     * src/preprocessors/perf.c:
11334     * src/preprocessors/perf-event.c:
11335     * src/preprocessors/perf-event.h:
11336     * src/preprocessors/perf-flow.c:
11337     * src/preprocessors/perf-flow.h:
11338     * src/preprocessors/spp_frag3.c:
11339     * src/preprocessors/spp_perfmonitor.c:
11340     * src/sfutil/sfActionQueue.c:
11341       IPv6-related changes.
11342     * src/mempool.c:
11343       Check return values from mempool_init and fatal if bad when freeing
11344       pools, set to NULL.
11345     * src/preprocessors/Stream5/snort_stream5_icmp.c:
11346     * src/preprocessors/Stream5/snort_stream5_tcp.c:
11347     * src/preprocessors/Stream5/snort_stream5_udp.c:
11348     * src/sfutil/sfPolicy.c:
11349       Added additional error-checking.
11350     * src/output-plugins/spo_unified.c:
11351     * src/parser.c:
11352     * src/parser.h:
11353     * src/signature.c:
11354     * src/signature.h:
11355       Fixed a couple invalid reads & writes.
11356     * src/plugbase.c:
11357       Check configuration for all policies.
11358     * snort_head/snort/snort.8:
11359       Updated man page to reflect doc changes.
11360 
11361 2009-07-13 Ryan Jordan <ryan.jordan@sourcefire.com>
11362     * src/win32/WIN32-Prj/sf_testdetect.dsp:
11363     * src/win32/WIN32-Prj/snort.dsp:
11364     * src/win32/WIN32-Prj/snort.dsw:
11365        Win32 updates.
11366     * configure.in:
11367        Update for module pack confliction.
11368     * snort.8:
11369        Removed obsolete option -o
11370     * doc/CREDITS:
11371        Updated credits to reflect Snort 2.8.5 work
11372     * doc/INSTALL:
11373        Indentation changes, update for Mac
11374     * doc/Makefile.am:
11375        Added README.filters
11376     * doc/README.filters:
11377        New README, describes the new filtering features in Snort 2.8.5
11378     * doc/README.frag3:
11379        Added the overlap_limit and min_fragment_length options
11380     * doc/README.ftptelnet:
11381        Indentation changes
11382     * doc/README.http_inspect:
11383        Added post_depth option.
11384     * doc/README.INLINE:
11385        Changed "snort_inline" to "Snort Inline"
11386     * doc/README.PerfProfiling:
11387        Updated stats output to reflect "Rev" column
11388     * doc/README.reload:
11389        New README, describes how to reload a Snort configuration in 2.8.5
11390     * doc/README.ssh:
11391        Updated the README to reflect changes in the SSH preprocessor for 2.8.5
11392     * doc/README.thresholding:
11393        Updated to indicate that "threshold" is deprecated in favor of "event_filter".
11394     * doc/snort_manual.tex:
11395        Updated to include 2.8.5 features, formatting updates.
11396        Removed old references to Stream4.
11397     * etc/gen-msg.map:
11398        Moved XMAS attack handling to decoder.
11399        Gave xlink2state smtp preprocessor alert unique sid.
11400     * etc/threshold.conf:
11401        Updated with formatting changes, deprecation notice for "threshold"
11402     * src/build.h:
11403        New build number.
11404     * src/codes.c:
11405     * src/codes.h:
11406        Removed unused files.
11407     * src/decode.c:
11408     * src/decode.h:
11409        Made some options policy-specific. Removed a couple poorly-performing
11410        rules and made them into decoder checks instead.
11411     * src/detect.c:
11412     * src/ppm.h:
11413        Don't reset packet time
11414     * src/detection-plugins/sp_asn1.c:
11415     * src/detection-plugins/sp_asn1_detect.c:
11416        Removed redundant check.
11417     * src/detection-plugins/sp_isdataat.c:
11418     * src/detection-plugins/sp_isdataat.h:
11419        Moved flags & struct to header file.
11420     * src/detection-plugins/sp_pattern_match.c:
11421     * src/detection-plugins/sp_replace.c:
11422     * src/detection-plugins/sp_replace.h:
11423        Check for combination of "replace" and "http_*" options, which are
11424        incompatible.
11425     * src/detection-plugins/sp_respond2.c:
11426     * src/detection-plugins/sp_respond.c:
11427        Renamed respond'