[Emerging-Sigs] Suricata 1.1beta3 Available!

Victor Julien victor at inliniac.net
Tue Oct 25 11:10:03 EDT 2011


The OISF development team is proud to announce Suricata 1.1 beta 3. This
release is the result of 6 months of work. At our last brainstorm
session at the RAID 2011 conference[1], one of the things that was
decided is do more frequent releases. It's our intent to do a release at
least once a month with a stable at least once every two months. Today's
1.1beta3 release is starting this new cycle.

Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.1beta3.tar.gz

The new beta comes with a great number of improvements and fixes.

New features

- af-packet support for high speed packet capture
- "replace" keyword support (#303)
- new "workers" runmode for multi-dev and/or clustered PF_RING,
AF_PACKET, pcap
- added "stream-event" keyword to match on TCP session anomalies
- support for suppress keyword was added (#274)
- byte_extract keyword support was added

Improvements

- improved handling of timed out TCP sessions in the detection engine
- unified2 payload logging if detection was in the HTTP state (#264)
- improved accuracy of the HTTP transaction logging
- support for larger (64 bit) Flow/Stream memcaps (#332)
- major speed improvements for PCRE, including support for PCRE JIT
- support setting flowbits in ip-only rules (#292)

Under the hood

- performance increases on SSE3+ CPU's
- overhaul of the packet acquisition subsystem
- packet based performance profiling subsystem was added
- TCP SACK support was added to the stream engine
- updated included libhtp to 0.2.6 which fixes several issues
- 297 files changed, 41525 insertions(+), 9032 deletions(-)

Notable Fixes

- ip_proto related FN fixed (#340)
- "tag" fixes and cleanups
-
https://redmine.openinfosecfoundation.org/projects/suricata/issues?fixed_version_id=15&set_filter=1&status_id=c

Known issues & missing features

This is a beta release so it can be a little rough although the
stability should be good.

As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.

[1]
http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/136-brainstorming-meeting-summary-and-phase-three-development-roadmap-draft

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------



More information about the Emerging-sigs mailing list