[Oisf-devel] post-2.0 roadmap

[Christophe Vandeplas]

On Tue, Apr 1, 2014 at 6:01 PM, Victor Julien <victor at inliniac.net> wrote:
> Hi all,
>
> With 2.0 finally out it's time to look ahead. I have done so a bit here:
> http://blog.inliniac.net/2014/03/25/suricata-2-0-and-beyond/, but I
> think a lot more can be said on what the future should look like.
>
> In the short term, we'll focus on 2.0.1. In this release we're
> addressing bugs that are being reported in 2.0. As always, despite betas
> and release candidates, real testing begins after you've declared
> something stable, and of course there are always some issues.
>
> There is a tentative list of features and other tickets for 2.1 here:
> https://redmine.openinfosecfoundation.org/versions/55. It's certainly
> not set in stone, so feedback is most welcome. Keep in mind though,
> because we're a small team, thats feedback is nice, offers for help are
> nicer :)
>
> Some things that are already in the works for 2.1:
>
> - protocols: smtp file extraction, smtp logging. Other email protocols.
> - protocols: Improved ftp.
> - protocols: TLS update
> - performance increases in various places
> - output: eve upgrades, more stuff to log
> - output: lua scripting
> - detection: improved lua detection capabilities
> - packet capture: nflog, netmap
> ... and more ...
>
> I personally would like to make this dev cycle quite a bit shorter than
> the 2.0 cycle, which lasted over a year. A July release goal is what I'd
> like to see, so that the gap between what we're working on and what most
> people are using isn't as big as it was lately.
>
> So what do you want to see in 2.1? And how can you help us to make it
> happen?

- Neflow generation based on the session info that already exists.
- bringing eve DNS request/responses in one single json object. This
would be a lot easier for the analyst to process the data that belongs
together.

thanks !