[Discussion] Suricata 1.2beta1 released

Mon Dec 19 18:38:29 UTC 2011

The OISF development team is proud to announce Suricata 1.2beta1. This
is the first beta release for the upcoming 1.2 version. It brings major
new features.

This release has been the result of very rapid development the last
month, as can be seen in the change stats:
234 files changed, 24250 insertions(+), 6813 deletions(-)

As a result of these significant changes the release is expected to be
of beta quality.

Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.2beta1.tar.gz

Compilation of this code requires the magic library and development
files. The library is usually already installed, the development files
are usually not. On Debian/Ubuntu install libmagic-dev, on Fedora
file-devel.

New features

- File name, type inspection and extraction for HTTP
 - filename, fileext, filemagic and filestore keywords added
 - "file" output for storing extracted files to disk
- file_data keyword support, inspecting normalized, dechunked,
decompressed HTTP response body (feature #241
 - new keyword http_server_body, pcre regex /S option
- Option to enable/disable core dumping from the suricata.yaml (enabled
by default)
- Human readable size limit settings in suricata.yaml (bug #333)
- PF_RING bpf support (required PF_RING >= 5.1) (feature #334)
- tos keyword support (feature #364)
- IPFW IPS mode does now support multiple divert sockets
- New IPS running modes, Linux and FreeBSD do now support "worker" and
"autofp"

Improvements

- improved alert accuracy in autofp and single runmodes
- major performance optimizations for the ac-gfbs pattern matcher
implementation
- unified2 output fixes
- PF_RING supports privilege dropping now (bug #367)
- Improved detection of duplicate signatures
- Improved performance in virtual machines (bug 382)

Known issues & missing features

In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.
-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------