New upstream release. Changelog:
appid: configurable midstream service discovery
appid: prefer QUIC client appid over SSL
appid: prevent out-of-bounds read in bootp option parsing
appid: prevent out-of-bounds read in sslv2 server-hello detection
control: refactor connection ownership model and improve thread safety
extractor: avoid reporting default values for missing SSL fields
file_api: coverity fix
flow: refactor dump_flows command to dump flow state in binary format
mime: fix compile issues
react: block flow when packets are not reset candidates
show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow
smtp: handle split CRLF in multi-line response parsing
ssl: ssl client hello event is published with empty hostname
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.10.2.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.24
Using Vectorscan version 5.4.12 2026-01-11
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.5.4 30 Sep 2025
Using PCRE2 version 10.47 2025-10-21
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
New upstream release. Changelog:
alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix
alert_json: add support for logging appid, thanks to ssam18 on GitHub for suggesting this change
appid: add check to avoid setting brute force state for pending sessions that are pruned
appid: allow out-of-order packet inspection in third-party engine
appid: check for Lua table errors during initialization and cleanup
appid: enable out-of-order inspection by default
appid: fix client process regex mapping logic
appid: fix eve process handler event debug logging
appid: fix setting global ssh ignore flag
appid: fix size check in TFTP service detector
appid: mDNS TXT records parsing and deviceinfo event generation
appid: prevent multiple out-of-bounds reads in ssl
build: address compilation warnings
build: fix Coverity warnings in related components
cmake: fix pkg-config path for libdir, thanks to brianmcgillion on GitHub for submitting a similar fix
decoder: adding encode function for TransbridgeCodec
dns: add fix infinite recursion vulnerability
file: use new EVP functions rather than deprecated SHA functions
flow: add logs to show different ways a flow can fail to create
ftp_telnet: fix coverity errors and improve cmd_len configurability
ftp_telnet: fix ftp_cmd_pipe_index handling
ftp_telnet: Handle malformed traffic in ftp to generate alert
hash: update hashes to use new EVP functions, thanks to
http_inspect: add urlencoded to content-type list
http_inspect: fix coverity error
iec104: fix IEC 104 SQ0 bounds checks by removing duplicate asdu_size_map entries and using IO_GROUP sizes, preventing out-of-bounds reads
iec104: validate Type I length to prevent ASDU out-of-bounds read
ips_options: fix cursor position for byte_extract
ips_options: reset PCRE rule counts on new configuration loaded
main: update dioctl daqSnort latency common change
mime: add unit tests for data fitting memory limit
mime: add unit tests for data over memory limit
mime: add unit tests for file logging
mime: fix mime boundary parsing
mime: ignore field collection if not configured
mime: implement content parsing of multipart/form_data
mime: improve form-data collection for incomplete boundaries
mime: leave room for null-character in case of size limit hit
mime: remove unused forward-declaration
mime: rename class field to comply with the style
mime: return error code if cannot add headers for logging
pub_sub: add is_urlencoded method
sip: fix out-of-bounds reads in sip_parse_sdp_m
smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns
smtp: usage of config cmds
snort2lua: fix failure in converting patterns containing commas
snort_ml: enable client body scanning by default
snort_ml: scan multipart form data
ssl: free certificate data if certificate length is 0
ssl: tls client hello check out of bounds fix
unified2: use proper API for obtaining VLAN ID from packet
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.10.1.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.24
Using Vectorscan version 5.4.12 2026-01-11
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.5.4 30 Sep 2025
Using PCRE2 version 10.47 2025-10-21
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://github.com/snort3/snort3/releases/tag/3.9.7.0
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.9.7.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.22
Using Vectorscan version 5.4.12 2025-11-02
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.5.4 30 Sep 2025
Using PCRE2 version 10.46 2025-08-27
Using ZLIB version 1.3.1
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Running as a dedicated user is better from both a security and an
isolation perspective than running as root.
Signed-off-by: John Audia <therealgraysky@proton.me>
Add a comment to the package description to inform users that the build
system will not automatically pick gperftools-runtime and vectorscan-
runtime when building from source.
References to performance benefits of using them:
c1b4e80825b6b2d1e305
Signed-off-by: John Audia <therealgraysky@proton.me>
Release notes: https://github.com/snort3/snort3/releases/tag/3.9.6.0
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.9.6.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.21
Using Vectorscan version 5.4.12 2025-10-06
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.6.0 1 Oct 2025
Using PCRE2 version 10.46 2025-08-27
Using ZLIB version 1.3.1
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Since vectorscan-runtime was dropped in the following commit, need to
replace references to it with just vectorscan in order to compile
snort3 against it: 8a3c7a69e6
Without this change, even having CONFIG_PACKAGE_vectorscan=y in the
.config will result in a failure to compile against it, e.g:
...
Feature options:
DAQ Modules: Dynamic
libatomic: User-specified
Hyperscan: OFF
...
Signed-off-by: John Audia <therealgraysky@proton.me>
The gperftools and vectorscan packages have been simplified by removing
their -runtime and -headers splits. Update snort3 to use the new package
names.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This simplifies checks enabling/disabling features, if packages are present
instead of having checks for specific architectures.
TCMALLOC_LIBRARIES is removed as it's auto-detected, unlike vectorscan
which requires explicit HS_INCLUDE_DIRS.
Fixes: 126364e105 ("snort3: refactor architecture-specific dependencies and CMake options")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The libtirpc package is only needed when building with musl, as glibc
includes the required RPC functionality. This change makes libtirpc a
conditional dependency and adjusts the build flags accordingly.
Building with x86_64-glibc:
...
Feature options:
DAQ Modules: Dynamic
libatomic: User-specified
Hyperscan: ON
ICONV: ON
Libunwind: OFF
LZMA: ON
RPC DB: Built-in
SafeC: OFF
TCMalloc: ON
JEMalloc: OFF
UUID: ON
NUMA: OFF
LibML: OFF
...
Building with aarch64_cortex-a76_musl:
...
Feature options:
DAQ Modules: Dynamic
libatomic: User-specified
Hyperscan: ON
ICONV: ON
Libunwind: OFF
LZMA: ON
RPC DB: TIRPC
SafeC: OFF
TCMalloc: ON
JEMalloc: OFF
UUID: ON
NUMA: OFF
LibML: OFF
...
Build system: x86/64
Build-tested: x86/64-glibc, bcm27flogic/xiaomi_redmi-router-ax6000-ubootmod (for musl)
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
1. Enabled hyperscan/vectorscan together with adding dependency only for x86_64 and aarch64.
2. Disabled tmalloc (from gperftools package) for powerpc and mips.
By doing this refactor, snort3 is going to be available for more OpenWrt devices
(as it was in the past) as currently it was compiled only for x86_x64 and aarch64 by mistake.
Fixes: 257e2fc38a ("snort3: fix logic in gpertools-runtime depends")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
When snort is run with the --version option, it advertises components'
versions in the output. Add a patch to modify the output to clearly
show vectorscan is in use.
Signed-off-by: John Audia <therealgraysky@proton.me>
* Replacement of hyperscan-runtime reference with vectorscan-runtime
* Added support for all aarch64 targets which I believe is exhaustive
For x86 and x86/64, I found that vectorscan is truly a drop-in
replacement for hyperscan as assessed by speedtests with snort3 running
on my Intel N150 PC. CPU load during the test with each condition was
nearly saturating on a single core for both cases on a symmetrical
Gbps line.
Using: https://www.waveform.com/tools/bufferbloat in IPS mode:
Download speed w/ hyperscan: 950-960 Mbit/s (n=2)
Download speed w/ vectorscan: 942-960 Mbit/s (n=2)
Using: https://www.speedtest.net in IPS mode:
Download speed w/ hyperscan: 996-1002 Mbit/s (n=2)
Download speed w/ vectorscan: 993-988 Mbit/s (n=2)
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc (Intel N150 based box running snort3)
Signed-off-by: John Audia <therealgraysky@proton.me>
Drop 100-remove-HAVE_HS_COMPILE_LIT-to-work-around-upstream-b.patch as
it was only needed to fix the build against hyperscan. Vectorscan
builds fine without it.
Signed-off-by: John Audia <therealgraysky@proton.me>
Simplification of Makefile: replace complex sed calls with a patch to
improve readability. This commit also renames an existing patch.
Signed-off-by: John Audia <therealgraysky@proton.me>
Use upstream tarballs for source rather than using git. If we ever need
to build from git we can cherry pick and make a patch. This gives a
cleaner Makefile and faster build.
Signed-off-by: John Audia <therealgraysky@proton.me>
The logic in e57cc9898a was flawed causing
gperftools-runtime to fail to get detected when building resulting in:
...
ninja: Entering directory `/scratch/union/build_dir/target-x86_64_glibc/snort3-3.9.1.0'
ninja: error: '/scratch/union/staging_dir/target-x86_64_glibc/usr/lib/libtcmalloc.so', needed by 'src/snort', missing and no known rule to make it
make[2]: *** [Makefile:161: /scratch/union/build_dir/target-x86_64_glibc/snort3-3.9.1.0/.built] Error 1
It was missed due testing in build root that already had gperftools-runtime
built only discovered when building from a clean build root.
This commit fixes this flaw.
Test:
cat <<EOF > .config
CONFIG_TARGET_x86=y
CONFIG_TARGET_x86_64=y
CONFIG_TARGET_x86_64_DEVICE_generic=y
CONFIG_PACKAGE_snort3=y
EOF
make defconfig
grep gperftools-run .config
CONFIG_PACKAGE_gperftools-runtime=y
cat <<EOF > .config
CONFIG_TARGET_qoriq=y
CONFIG_TARGET_qoriq_generic=y
CONFIG_TARGET_qoriq_generic_DEVICE_watchguard_firebox-m300=y
CONFIG_PACKAGE_snort3=y
EOF
make defconfig
grep gperftools-run .config
Signed-off-by: John Audia <therealgraysky@proton.me>
Add conditional to disable gperftools-runtime depends for powerpc and mips due to inability
to compile introduced with 7345b73c30
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: John Audia <therealgraysky@proton.me>
hangelog: https://github.com/snort3/snort3/releases/tag/3.9.1.0
% # snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.9.1.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.20
Using Hyperscan version 5.4.2 2025-06-30
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.6.2
Using OpenSSL 3.5.0 8 Apr 2025
Using PCRE2 version 10.42 2022-12-11
Using ZLIB version 1.3.1
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://github.com/snort3/snort3/releases/tag/3.8.1.0
,,_ -*> Snort++ <*-
o" )~ Version 3.8.1.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.19
Using Hyperscan version 5.4.2 2025-05-27
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.6.2
Using OpenSSL 3.5.0 8 Apr 2025
Using PCRE2 version 10.42 2022-12-11
Using ZLIB version 1.3.1
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
This patch is wrongly rebased and applied twice as
the same change might be possible and it does not break anything.
Since that, the patch is still being refreshed and included in
this repository.
No need as the patch is already included in the snort3 repository:
70b811ca11
Drop it once for all. :-)
Fixes: 65f6fee7c0 ("snort3: update to 3.1.84.0")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Changelog: https://github.com/snort3/snort3/releases/tag/3.6.2.0
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.6.2.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.18
Using Hyperscan version 5.4.2 2025-01-28
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.6.2
Using OpenSSL 3.0.15 3 Sep 2024
Using PCRE2 version 10.42 2022-12-11
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
- Take advantage of bug fix in jsonfilter to get rid of array hack, should
improve memory footprint quite a bit
- Implement substring matching in dates so you can collect data for a specific
day, hour or run bin reports for histograms
- Report title now contains specified date range, footer percentages
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Other targets should be able to build against gperftools and
realize speed and efficiency gains.
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
- Parameter not set in two places:
/usr/bin/snort-mgr: eval: line 125: options: parameter not set
Reported-by: @klingon888
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Add experimental patch and move package to PCRE2 as PCRE is EOL and
won't receive any security updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
1. Update to latest version
2. Remove redundant section in Makefile
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.84.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.84.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-04-10
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.82.0
Removed patches/010-gcc13.patch
,,_ -*> Snort++ <*-
o" )~ Version 3.1.82.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-03-06
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Should provide increases in snort3 performance thanks to thread-
caching malloc provided by gperftools. Avg CPU usage is down.
Another user reported higher throughput achieved with snort3
compiled with this on samba transfers on system with CPU-limited
snort3 performance.[1]
1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.81.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.81.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-02-16
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
- Enable missing variable checking by default
- Explicitly check variables are defined in all 'rm' commands
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Reporting
- Use json alert data for 10x speed improvement in report generation
- Include both gid and sid, plus packet direction in report output
- Add by-date incident filtering
- Add verbose mode which displays actual rules triggered and their source
- Attempt to look up host names from IPs in verbose mode
- Clean up display of port number involved in incidents
Rules
- Complete downloader for subscription rules using oinkcode (only tested
with snort.org's "free" tier subscription)
- Auto-detect multiple rules files and include them in lua 'ips.rules'
- Add '--backup' option to copy out current rules before installing new
- Add '--persistent' option to 'snort-rules', storing in persistent location
CLI interface
- Completely rework command line option parsing in all user scripts
- Allow options and commands to be in any order on command line
- Add long-form names for all options ('--help' for '-h' and so on)
- Detect errors properly in options, enhance help pages
Bug fixes
- Use 'mkdir -p' on all directory creation
- Use proper tmp directory from 'snort.snort.temp_dir' everywhere
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Upstream bump
,,_ -*> Snort++ <*-
o" )~ Version 3.1.78.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2024-01-15
Using LZMA version 5.4.4
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Allow use of rules as-defined, and don't override their actions. This
is generally the best way to use the ruleset, and overriding their
actions should only be undertaken when you fully understand how it
affects their use.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
This PR adds the ability of snort to process rules that target
swf and pdf files requiring lzma decompression to look for
malicious payloads therein. This change only increases the size
of the snort3 executable by a fraction of a KB and the added
dependency of liblzma (based on currently offered 5.4.4-1) is
only a 169 KB shared object. Based on CPU requirements of snort,
x86 users likely represent the majority user-base and space their
rootfs is not an issue as it may be for lower-powered SoCs.
Size of snort3-3.1.76.0-2: 7354403 bytes
Size of snort3-3.1.76.0-3: 7354435 bytes
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.77.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.77.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-12-20
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
- Delete legacy configuration files homenet.lua and local.lua
- Add snort config 'include' to allow user customizations in the lua
- Enhance 'check' to test generated nftables file
- Suppress inclusion of rules file when doing silent config check
- Suppress warnings on configuration check unless '-v'erbose
- Replace text logging with json logging to reduce footprint and make reports easier
- Fix some typos in the snort.uc template
- Fix up some error messages suggesting solutions
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
