[Oisf-devel] 4.0dev is now open

Victor Julien victor at inliniac.net
Thu Feb 16 12:51:16 UTC 2017

With the merge of [1] the 4.0dev branch is now officially opened.

There are some larger changes that will affect a lot of ppl:

1. we're unifying the app-layer API around the 'TX' api. Protocols that
don't have meaningful transactions will use their per flow state as a
fake tx. Goal here is to clean up internals and remove confusing
combinations of tx/non-tx detection.

See [2] for an example of how this was done for SMB.

2. The branch I just merged cleans up the process of adding detection
keywords a lot, but it will very likely break your old out of tree code.
Types have changed, const was added in many places and most of the hard
coded detection lists were removed.

3. We're planning to add Rust protocol parsers to 4.0 as an experimental
feature. I'll write more about these plans later, but the short story is
that after Pierre's talk at SuriCon and our own experiments afterwards,
we've become convinced that using this safe language for dealing with
our untrusted and often malicious input is a good idea.

4. There is a significant list of pull requests waiting for merge. These
will mostly have to be rebased before they can be considered.

5. we will drop support for CentOS5 as it's almost EOL. This means we
can remove old libpcap code and remove some hacks [3]

Our goal is to release 4.0final in May, and have one or more beta and RC
releases before that.


[1] https://github.com/inliniac/suricata/pull/2559
[3] https://redmine.openinfosecfoundation.org/issues/1759

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list