[Oisf-users] Suricata 1.3rc1 Available!

Alex Shim r3dham at gmail.com
Mon Jul 2 05:31:34 UTC 2012


I can't compile suricata-1.3rc1 on FreeBSD9.

# ./configure


Suricata Configuration:
  AF_PACKET support:                       no
  PF_RING support:                         no
  NFQueue support:                         no
  IPFW support:                            no
  DAG enabled:                             no
  Napatech enabled:                        no

  libnss support:                          no
  libnspr support:                         no
  Prelude support:                         no
  PCRE jit:                                yes
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  CUDA enabled:                            no

  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no
  Profiling enabled:                       no
  Profiling locks enabled:                 no

Generic build parameters:
  Installation prefix (--prefix):          /usr/local
  Configuration directory (--sysconfdir):  /usr/local/etc/suricata/
  Log directory (--localstatedir) :        /usr/local/var/log/suricata/

  Host:                                    x86_64-unknown-freebsd9.0
  GCC binary:                              gcc
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     no


# make


flow-manager.c: In function 'FlowManagerThread':
flow-manager.c:426: error: expected expression before '<' token
*** Error code 1

Stop in /usr/local/src/suricata-1.3rc1/src.
*** Error code 1

Stop in /usr/local/src/suricata-1.3rc1/src.
*** Error code 1

Stop in /usr/local/src/suricata-1.3rc1.
*** Error code 1

Stop in /usr/local/src/suricata-1.3rc1.

Suricata1.3beta2 had no problem for compiling before.


2012. 6. 30., pm 3:36, Victor Julien wrote:

The OISF development team is proud to announce Suricata 1.3rc1, the
first (and hopefully only) release candidate for Suricata 1.3. This
release improves stability and accuracy, in addition to adding a few new
exciting features.

Get the new release here:

The new release comes with a number of important improvements and fixes.

New features

- http_user_agent keyword for matching on the HTTP User-Agent header
- experimental live rule reload by sending a USR2 signal (#279)
- AF_PACKET BPF support (#449)
- AF_PACKET live packet loss counters (#441)
- Rule analyzer (#349)
- add pcap workers runmode for use with libpcap wrappers that support
load balancing, such as  Napatech's or Myricom's
- negated filemd5 matching, allowing for md5 whitelisting


- signatures with depth and/or offset are now checked against packets in
addition to the stream (#404)
- http_cookie keyword now also inspects "Set-Cookie" header (#479)
- filemd5 keyword no longer depends on log-file output module (#447)
- http_raw_header keyword inspects original header line terminators (#475)
- deal with double encoded URI (#464)


- improved SMB/SMB2/DCERPC robustness
- ICMPv6 parsing fixes
- improve HTTP body inspection
- stream.inline accuracy issues fixed (#339)
- general stability fixes (#482, #486)
- missing unittests added (#471)
- "threshold.conf not found" error made more clear (#446)
- IPS mode segment logging for Unified2 improved

Known issues & missing features

This is a "release candidate"-quality release so the stability should be
good although unexpected corner cases might happen. If you encounter
one, please let us know!

As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
for a discussion and time line for the major issues.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

Oisf-users mailing list
Oisf-users at openinfosecfoundation.org

More information about the Oisf-users mailing list