[Discussion] Suricata 1.3beta1 is ready for testing

Victor Julien victor at inliniac.net
Wed Apr 4 16:10:31 UTC 2012


The OISF development team is proud to announce Suricata 1.3beta1. This
is the first beta release for the upcoming 1.3 version. It is the result
of major effort by the OISF team with _significant_ help from the community.

Performance and scalability has been a major focus point in this cycle
as well as further file inspection and extraction improvement. This has
lead massive code changes:

 312 files changed, 29321 insertions(+), 15643 deletions(-)

As a result of these significant changes the release is expected to be
of beta quality.

Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.3beta1.tar.gz


New features

- TLS/SSL handshake parser, tls.subjectdn and tls.issuerdn keywords
(#296, contributed by Pierre Chifflier)
- Napatech capture card support (contributed by Randy Caldejon -- nPulse)
- Scripts for looking up files / file md5's at Virus Total and others
(contributed by Martin Holste)
- Test mode: -T option to test the config (#271)
- Ringbuffer and zero copy support for AF_PACKET
- Commandline options to list supported app layer protocols and keywords
(#344, #414)
- File extraction for HTTP POST request that do not use multipart bodies
- On the fly md5 checksum calculation of extracted files
- Line based file log, in json format
- Basic support for including other yaml files into the main yaml
- New multi pattern engine: ac-bs
- Profiling improvements, added lock profiling code

Improvements

- Improved HTTP CONNECT support in libhtp (#427, Brian Rectanus -- Qualys)
- Unified yaml naming convention, including fallback support (by Nikolay
Denev)
- Improved Endace DAG support (#431, Jason Ish -- Endace)
- New default runmode: "autofp" (#433)
- Major rewrite of flow engine, improving scalability.
- Improved http_stat_msg and http_stat_code keywords (#394)
- Improved scalability for Tag and Threshold subsystems
- Made the rule keyword parser much stricter in detecting syntax errors
- Split "file" output into "file-store" and "file-log" outputs
- Much improved file extraction

Fixes

- CUDA build fixes (#421)
- Various FP's reported by Rmkml (#403, #405, #411)
- IPv6 decoding and detection issues (reported by Michel Sarborde)
- PCAP logging crash (#422)
- Fixed many (potential) issues with the help of the Coverity source
code analyzer
- Fixed several (potential) issues with the help of the cppcheck and
clang/scan-build source code analyzers

Credits

We'd like to thank the following people and corporations for their
contributions and feedback:

  Brian Rectanus -- Qualys
  Randy Caldejon -- nPulse
  Pierre Chifflier
  Coverity
  Nikolay Denev
  Endace -- Jason Ish
  Martin Holste
  Napatech
  Rmkml
  Michel Sarborde
  Chris Wakelin
  Joshua White

  And of course new OISF dev Xavier Lange!

Known issues & missing features

In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Discussion mailing list