[Oisf-devel] Suricata Development Meeting Update

Matt Jonkman jonkman at jonkmans.com
Thu Mar 4 18:12:11 UTC 2010


The OISF Team conducted a major development and planning session the
last week of February in preparation for the next phase of Suricata
Development. We have made some incredible progress in a very short time
and much of that progress is due to the great feedback and testing we
receive from the community. We are extremely grateful for the support
both from individuals and large corporations who are putting the engine
to the test in their environments. The amount of code and and patches
flowing in has been very exciting and we have progressed farther and
faster than our expectations!

We are still in Phase One of our development plan and we are officially
announcing a feature freeze and release date for a final phase one
production ready engine!

The feature freeze is now in effect for Phase One. We will have a Phase
One Release Candidate available for testing on Monday May 3rd, 2010. We
will then release the final production ready Phase One engine on July
1st, 2010.

In addition to what Suricata does so well now, the following additional
features will be made available with this production release:

Complete Snort Syntax and Keyword Support (A few details to finalize,
yet we will support 2.8.5 and prior syntax)
SMB Preprocessor Completion (Features such as request logging, etc)
Complete LibHTP Integration, and added keywords to make use of those
capabilities
Complete Documentation of the Engine, Configuration, and Tuning
Configurable Run Modes will be available
CUDA GPU Acceleration Support as an Experimental Feature
Fully tested Windows Binaries will be available
Basic Performance Statistics Available (Very advanced statistics will be
made available in Phase Two)
Detailed Error Codes and associated Documentation
Local IP Reputation Support and GeoIP capabilities (Distributed
Reputation functionality to be released in Phase Two)

Included in this cycle will be some major internal performance tuning.
We are learning a lot with the multi-threaded nature of this engine, and
it’s being tested on some incredibly high speed links. Throughput rates
are very impressive, but we're seeing where we can make it even better!

The above features are in addition to what Suricata is already doing
well. As a reminder, some of the more exciting features already
functional and in the current release are:

Multi-Threading
Native IPv6 Support
FlowInts
HTTP logging
LibHTP from Ivan Ristic
Mac OS X & FreeBSD inline

And many more...

Further announcements will be made in the near future including the new
features we are targeting for Phase Two, upcoming brainstorming meetings
near you, and some new ancillary projects. So stay tuned, and thanks for
supporting the Foundation, this is a community project and we are proud
to be a part of it!

Please Stay Tuned! And keep the feedback and patches coming!

----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



More information about the Oisf-devel mailing list