diff --git a/ChangeLog b/ChangeLog index e69de29bb2..570349297d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -0,0 +1,94 @@ +1.1 -- 2011-11-10 + +- CUDA build fixed +- minor pcap, AF_PACKET and PF_RING fixes (#368) +- bpf handling fix +- Windows CYGWIN build +- more cleanups + +1.1rc1 -- 2011-11-03 + +- extended HTTP request logging for use with (among other things) http_agent for Sguil (#38) +- AF_PACKET report drop stats on shutdown (#325) +- new counters in stats.log for flow and stream engines (#348) +- SMTP parsing code support for BDAT command (#347) +- HTTP URI normalization no longer converts to lowercase (#362) +- AF_PACKET works with privileges dropping now (#361) +- Prelude output for state matches (#264, #355) +- update of the pattern matching code that should improve accuracy +- rule parser was made more strict (#295, #312) +- multiple event suppressions for the same SID was fixed (#366) +- several accuracy fixes +- removal of the unified1 output plugins (#353) + +1.1beta3 -- 2011-10-25 + +- af-packet support for high speed packet capture +- "replace" keyword support (#303) +- new "workers" runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap +- added "stream-event" keyword to match on TCP session anomalies +- support for suppress keyword was added (#274) +- byte_extract keyword support was added +- improved handling of timed out TCP sessions in the detection engine +- unified2 payload logging if detection was in the HTTP state (#264) +- improved accuracy of the HTTP transaction logging +- support for larger (64 bit) Flow/Stream memcaps (#332) +- major speed improvements for PCRE, including support for PCRE JIT +- support setting flowbits in ip-only rules (#292) +- performance increases on SSE3+ CPU's +- overhaul of the packet acquisition subsystem +- packet based performance profiling subsystem was added +- TCP SACK support was added to the stream engine +- updated included libhtp to 0.2.6 which fixes several issues + +1.1beta2 -- 2011-04-13 + +- New keyword support: http_raw_uri (including /I for pcre), ssl_state, ssl_version (#258, #259, #260, #262). +- Inline mode for the stream engine (#230, #248). +- New keyword support: nfq_set_mark +- Included an example decoder-events.rules file +- api for adding and selecting runmodes was added +- pcap logging / recording output was added +- basic SCTP protocol parsing was added +- more fine grained CPU affinity setting support was added +- stream engine inspects stream in larger chunks +- fast_pattern support for http_method content modifier (#255) +- negation support for isdataat keyword (#257) +- configurable interval for stats.log updates (#247) +- new pf_ring runmode was added that scales better +- pcap live mode now handles the monitor interface going up and down +- several QA additions to "make check" +- NFQ (linux inline) mode was improved +- Alerts classification fix (#275) +- compiles and runs on big-endian systems (#63) +- unified2 output works around barnyard2 issues with DLT_RAW + IPv6 + +1.1beta1 -- 2010-12-21 + +- New keyword support: http_raw_header, http_stat_msg, http_stat_code. +- A new default pattern matcher, Aho-Corasick based, that uses much less memory. +- reference.config support as supplied by ET/ETpro and VRT. +- Much improved fast_pattern support, including for http_uri, http_client_body, http_header, http_raw_header. +- Improved parsers, especially the DCERPC parser. +- Much improved performance & accuracy. + +1.0.5 -- 2011-07-25 + +- Fix stream reassembly bug #300. Thanks to Rmkml for the report. +- Fix several (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat. + +1.0.4 -- 2011-06-24 + +- LibHTP updated to 0.2.6 +- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat. +- Large number of (potential) issues fixed after source code scans with the Clang static analizer. + +1.0.3 -- 2011-04-13 + +- Fix broken checksum calculation for TCP/UDP in some cases +- Fix errors in the byte_test, byte_jump, http_method and http_header keywords +- Fix a ASN1 parsing issue +- Improve LibHTP memory handling +- Fix a defrag issue +- Fix several stream engine issues + diff --git a/doc/INSTALL b/doc/INSTALL index 2b071df096..886e34b9ec 100644 --- a/doc/INSTALL +++ b/doc/INSTALL @@ -8,6 +8,8 @@ Suricata and the HTP library are licensed under the GPLv2. A copy of this license is available in this tarball, or at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt +Up to date installation guides are available online, at: +https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation Build Requirements ================== diff --git a/doc/INSTALL.PF_RING b/doc/INSTALL.PF_RING index 983eb7dd1a..3c7fe732b8 100644 --- a/doc/INSTALL.PF_RING +++ b/doc/INSTALL.PF_RING @@ -1,3 +1,6 @@ +An up to date version of this document is available online at: +https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_PF_RING + #Install DKMS apt-get install dkms diff --git a/doc/INSTALL.WINDOWS b/doc/INSTALL.WINDOWS index 1067a9517e..f03bd37bfc 100644 --- a/doc/INSTALL.WINDOWS +++ b/doc/INSTALL.WINDOWS @@ -1,3 +1,13 @@ +Before you start +================ + +An up to date version of this document can be found online: +https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows + +Alternatively, an installation document for using CYGWIN instead of MinGW can +be found here: +https://redmine.openinfosecfoundation.org/attachments/download/676/SurWinInstallGuide.pdf + This file describes how to build and run Suricata on Windows. Currently Windows XP and above are supported.