[Oisf-announce] Suricata 1.3beta1 is ready for testing
Victor Julien
victor at inliniac.net
Wed Apr 4 16:12:30 UTC 2012
The OISF development team is proud to announce Suricata 1.3beta1. This
is the first beta release for the upcoming 1.3 version. It is the result
of major effort by the OISF team with _significant_ help from the community.
Performance and scalability has been a major focus point in this cycle
as well as further file inspection and extraction improvement. This has
lead massive code changes:
312 files changed, 29321 insertions(+), 15643 deletions(-)
As a result of these significant changes the release is expected to be
of beta quality.
Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.3beta1.tar.gz
New features
- TLS/SSL handshake parser, tls.subjectdn and tls.issuerdn keywords
(#296, contributed by Pierre Chifflier)
- Napatech capture card support (contributed by Randy Caldejon -- nPulse)
- Scripts for looking up files / file md5's at Virus Total and others
(contributed by Martin Holste)
- Test mode: -T option to test the config (#271)
- Ringbuffer and zero copy support for AF_PACKET
- Commandline options to list supported app layer protocols and keywords
(#344, #414)
- File extraction for HTTP POST request that do not use multipart bodies
- On the fly md5 checksum calculation of extracted files
- Line based file log, in json format
- Basic support for including other yaml files into the main yaml
- New multi pattern engine: ac-bs
- Profiling improvements, added lock profiling code
Improvements
- Improved HTTP CONNECT support in libhtp (#427, Brian Rectanus -- Qualys)
- Unified yaml naming convention, including fallback support (by Nikolay
Denev)
- Improved Endace DAG support (#431, Jason Ish -- Endace)
- New default runmode: "autofp" (#433)
- Major rewrite of flow engine, improving scalability.
- Improved http_stat_msg and http_stat_code keywords (#394)
- Improved scalability for Tag and Threshold subsystems
- Made the rule keyword parser much stricter in detecting syntax errors
- Split "file" output into "file-store" and "file-log" outputs
- Much improved file extraction
Fixes
- CUDA build fixes (#421)
- Various FP's reported by Rmkml (#403, #405, #411)
- IPv6 decoding and detection issues (reported by Michel Sarborde)
- PCAP logging crash (#422)
- Fixed many (potential) issues with the help of the Coverity source
code analyzer
- Fixed several (potential) issues with the help of the cppcheck and
clang/scan-build source code analyzers
Credits
We'd like to thank the following people and corporations for their
contributions and feedback:
Brian Rectanus -- Qualys
Randy Caldejon -- nPulse
Pierre Chifflier
Coverity
Nikolay Denev
Endace -- Jason Ish
Martin Holste
Napatech
Rmkml
Michel Sarborde
Chris Wakelin
Joshua White
And of course new OISF dev Xavier Lange!
Known issues & missing features
In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal. With this in mind, please notice the list we have included of
known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-announce
mailing list