New features for v1.7.x:
1. Support excluding custom routes
2. `udp_disable_domain_unmapping` for inbound listen option
3. `HTTPUpgrade` transport
4. Migrate multiplex and UoT server to inbound and multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.
5. TCP Brutal support for multiplex
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.76.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.76.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-12-03
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
* do not use standalone grep-package dependent syntax to get the remote
file size
* various bugfixes to prevent attempts to change/commit if dnsmasq/smartdns
are not installed
Signed-off-by: Stan Grishin <stangri@melmac.ca>
41.0.6 included a fix for CVE-2023-49083 (loading certificates from a
PKCS#7 bundle could lead to a null-pointer-dereference and segfault).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also includes a test.sh script for the packages feed CI.
From the README:
When writing desktop application, finding the right location to store
user data and configuration varies per platform. Even for
single-platform apps, there may by plenty of nuances in figuring out the
right location.
This kind of thing is what the platformdirs package is for.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* bugfix: correct URL to config-update file
* bugfix: check if uci configs exist before chacking for changes
* add support for smartdns ipset-based blocking
* add support for smartfns nftset-based blocking
* disallow non-ascii symbols for smartdns blocking
* add check wherever fw4 restart is needed before calling
procd_set_config_changed firewall
* improve clean-up code in resolver()
* improve case code for different resolver settings
* modify load_validate_config to allow smartdns.ipset and smartdns.nftset
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Clixon is a YANG-based configuration manager, with interactive CLI,
NETCONF and RESTCONF interfaces, an embedded database and transaction
mechanism.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
uspot is an OpenWrt-native captive portal system.
It leverages existing OpenWrt tools such as uhttpd, dnsmasq, firewall4,
ucode, without needing any external kernel module.
It can achieve the maximum performance allowed by nftables (flow
offloading works).
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* add support for smartdns
* switch from using `uci` commands to `uci_` functions
* rename `_resolver_config` to `_dnsmasq_instance_config`
* introduce `_smartdns_instance_config`
* improve resolvers restart code on changes
* update load_validate_config to allow for smartdns option
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If no GSM but only 4G is available and a special APN must be used, it
is necessary to set an inital EPS bearer beforehand. If this is not set,
then modem cannot log in and register in the mobile network.
The new option 'init_epsbearer' could be set to the following options.
* none: No init EPS bearer is used and the old one is deleted (default)
* default: Use init EPS bearer with the following config options
'iptype', 'allowedauth', 'password', 'user' and 'apn' as for the
connection bearer.
* custom: Other parameters are used that do not match those of the
default connection bearer. These have an 'init_' prefix and are named
in the same way as the default connection bearer config options.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
With this change the following modem 'state' are checked before a
connection attempt setup.
* failed: Stop connection attempt because of sim-missing
* locked: Stop connection attempt if no pincode is set
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- Add many options to config file.
- Move rules and generated snort.lua to /tmp.
- Add script for downloading rules.
- Add preliminary reporting capabilites.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Fix the problem that cannot create new task after clearing checksum option
Other bug fix and user interface optimization
Support overriding aria2 global settings with empty content when create new download task (#712)
Other bug fix and user interface optimization
Update Traditional Chinese translation (#705, thx @ChiaYen-Kan)
Other bug fix and user interface optimization
Add check-integrity to task settings tab (#693, thx @raytrap)
Fix a spelling mistake (#696, thx @rusq)
fix due to the index.html (1.3.6) cite these 2 png files. To keep the page looks fine without 404, added these 2 png files.
Signed-off-by: Ariel Xiong <ArielHeleneto@outlook.com>
Add experimental PCRE2 support patch as PCRE is EOL and won't receive
any new updates anymore.
Since PCRE2 API changed, also snort plugins API changed and require some
tweka for any user downstream that compile custom plugins. The examples
are all updated and conversion patch contains additional info on the
changes required to the plugins.
Plugins needs to be compiled and require updates anyway so there isn't a
problem with user trying to load incompatible plugins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
