[Discussion] Suricata 2.0beta1 Available!
Victor Julien
victor at inliniac.net
Thu Jul 18 15:35:13 UTC 2013
The OISF development team is proud to announce Suricata 2.0beta1. This
is the first beta release for the upcoming 2.0 version.
This release greatly improved our HTTP handling by upgrading libhtp
support to 0.5.5 and by redesigning transaction handling, which
increases HTTP performance as well[1]. On the performance side, a large
CUDA overhaul greatly improves our GPU performance[2]. Also new in this
release is a DNS parser, logger and detection support.
Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-2.0beta1.tar.gz
[1]
http://www.poona.me/2013/05/suricata-transaction-engine-re-designed.html#performance
[2]
http://www.poona.me/2013/06/suricata-cuda-engine-re-designed.html#performance
New features
- Luajit flow vars and flow ints support (#593)
- DNS parser, logger and keyword support (#792), funded by Emerging Threats
- deflate support for HTTP response bodies (#470, #775)
Improvements
- update to libhtp 0.5 (#775)
- improved gzip support for HTTP response bodies (#470, #775)
- redesigned transaction handling, improving both accuracy and
performance (#753)
- redesigned CUDA support (#729)
- Be sure to always apply verdict to NFQ packet (#769)
- stream engine: SACK allocs should adhere to memcap (#794)
- stream: deal with multiple different SYN/ACK's better (#796)
- stream: Randomize stream chunk size for raw stream inspection (#804)
- Introduce per stream thread ssn pool (#519)
- "pass" IP-only rules should bypass detection engine after matching (#718)
- Generate error if bpf is used in IPS mode (#777)
- Add support for batch verdicts in NFQ, thanks to Florian Westphal
- Update Doxygen config, thanks to Phil Schroeder
- Improve libnss detection, thanks to Christian Kreibich
Fixes
- Fix a FP on rules looking for port 0 and fragments (#847), thanks to Rmkml
- OS X unix socket build fixed (#830)
- bytetest, bytejump and byteextract negative offset failure (#827)
- Fix fast.log formatting issues (#771), thanks to Rmkml
- Invalidate negative depth (#774), thanks to Rmkml
- Fixed accuracy issues with relative pcre matching (#791)
- Fix deadlock in flowvar capture code (#802)
- Improved accuracy of file_data keyword (#817)
- Fix af-packet ips mode rule processing bug (#819), thanks to Laszlo
Madarassy
- stream: fix injecting pseudo packet too soon leading to FP (#883),
thanks to Francis Trudeau
Special thanks
We'd like to thank the following people and corporations for their
contributions and feedback:
- Rmkml
- Laszlo Madarassy
- Ken Steele, Tilera
- Florian Westphal
- Christian Kreibich
- Francis Trudeau
- Phil Schroeder
- Ivan Ristic
- Emerging Threats
- Coverity
Known issues & missing features
In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal. With this in mind, please notice the list we have included of
known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Discussion
mailing list