[Oisf-devel] Suricata 3.1 released!

Victor Julien victor at inliniac.net
Mon Jun 20 11:14:39 UTC 2016


We're proud to announce *Suricata 3.1*.

This release brings significant improvements on the performance side:
- Hyperscan integration for Multi Pattern Matcher and Single Pattern
  Matcher. If installed, Hyperscan is now the default.
- Rewrite of the detection engine, simplifying rule grouping. This
  improves performance, while reducing memory usage and startup time
  in many scenarios.

Packet capture got a lot of attention:
- AF_PACKET support for tpacket-v3 (experimental)
- NETMAP usability improvements, especially on FreeBSD

Config:
- Reorganised default configuration layout provides for intuitive
  and easy set up.

This release also comes with libhtp 0.5.20, in which we address a number
of issues Steffen Ullrich of HTTP Evader reported.

A new keyword ‘tls_sni’ was added, including MPM support. It allows
matching on the TLS SNI field.

Other than that, lots of cleanups and optimizations:
- locking has been much simplified
- TCP and IPv6 decoder optimizations
- unittest cleanups
- AFL fuzz testing options were added

Have a look at the full changelog:
https://github.com/inliniac/suricata/blob/0e9134930d4840de49295d65a5a2e7c81dd103ee/ChangeLog


*Changes since 3.1RC1*

- AF_PACKETv2 is the default as v3 is still experimental.
- NFQ runmode workers was fixed.

Get the release here:
http://www.openinfosecfoundation.org/download/suricata-3.1.tar.gz


*Upgrading your code*

Some guidance and notes on how to upgrade your 3.0 based code changes to
3.1 can be found here
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/DevelUpgrade3031


*Special thanks*

Intel Corporation, FireEye, Stamus Networks, NorCert, ANSSI,
AFL project, CoverityScan

Mats Klepsland, Andreas Moe, Justin Viiret, Zachary Rasmor
Aleksey Katargin, Alexander Gozman, Arturo Borrero Gonzalez
David Diallo, Torgeir Natvig, Steffen Ullrich


*Known issues & missing features*

In a release candidate like this things may not be as polished yet. So
please handle with care. That said, if you encounter issues, please let
us know! As always, we are doing our best to make you aware of
continuing development and items within the engine that are not yet
complete or optimal. With this in mind, please notice the list we have
included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_is
sues for a discussion and time line for the major issues.


*SuriCon 2.0*

Join us in Washington, D.C. November 9-11 for the 2nd Suricata User
Conference. http://suricon.net/


*Training & Support*

Need help installing, updating, validating and tuning Suricata? We have
trainings coming up. September 12-16 in Paris, November 7 & 8 in
Washington, D.C.: see http://suricata-ids.org/training/

For support options also see http://suricata-ids.org/support/


*About Suricata*

Suricata is a high performance Network Threat Detection, IDS, IPS and
Network Security Monitoring engine. Open Source and owned by a community
run non-profit foundation, the Open Information Security Foundation
(OISF). Suricata is developed by the OISF, its supporting vendors and
the community.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------



More information about the Oisf-devel mailing list