mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
119 lines
5.0 KiB
Plaintext
119 lines
5.0 KiB
Plaintext
1.2beta1 -- 2011-12-19
|
|
|
|
- File name, type inspection and extraction for HTTP
|
|
- filename, fileext, filemagic and filestore keywords added
|
|
- "file" output for storing extracted files to disk
|
|
- file_data keyword support, inspecting normalized, dechunked, decompressed HTTP response body (feature #241
|
|
- new keyword http_server_body, pcre regex /S option
|
|
- Option to enable/disable core dumping from the suricata.yaml (enabled by default)
|
|
- Human readable size limit settings in suricata.yaml
|
|
- PF_RING bpf support (required PF_RING >= 5.1) (feature #334)
|
|
- tos keyword support (feature #364)
|
|
- IPFW IPS mode does now support multiple divert sockets
|
|
- New IPS running modes, Linux and FreeBSD do now support "worker" and "autofp"
|
|
- Improved alert accuracy in autofp and single runmodes
|
|
- major performance optimizations for the ac-gfbs pattern matcher implementation
|
|
- unified2 output fixes
|
|
- PF_RING supports privilege dropping now (bug #367)
|
|
- Improved detection of duplicate signatures
|
|
|
|
1.1.1 -- 2011-12-07
|
|
|
|
- Fix for a error in the smtp parser that could crash Suricata.
|
|
- Fix for AF_PACKET not compiling on modern linux systems like Fedora 16.
|
|
|
|
1.1 -- 2011-11-10
|
|
|
|
- CUDA build fixed
|
|
- minor pcap, AF_PACKET and PF_RING fixes (#368)
|
|
- bpf handling fix
|
|
- Windows CYGWIN build
|
|
- more cleanups
|
|
|
|
1.1rc1 -- 2011-11-03
|
|
|
|
- extended HTTP request logging for use with (among other things) http_agent for Sguil (#38)
|
|
- AF_PACKET report drop stats on shutdown (#325)
|
|
- new counters in stats.log for flow and stream engines (#348)
|
|
- SMTP parsing code support for BDAT command (#347)
|
|
- HTTP URI normalization no longer converts to lowercase (#362)
|
|
- AF_PACKET works with privileges dropping now (#361)
|
|
- Prelude output for state matches (#264, #355)
|
|
- update of the pattern matching code that should improve accuracy
|
|
- rule parser was made more strict (#295, #312)
|
|
- multiple event suppressions for the same SID was fixed (#366)
|
|
- several accuracy fixes
|
|
- removal of the unified1 output plugins (#353)
|
|
|
|
1.1beta3 -- 2011-10-25
|
|
|
|
- af-packet support for high speed packet capture
|
|
- "replace" keyword support (#303)
|
|
- new "workers" runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap
|
|
- added "stream-event" keyword to match on TCP session anomalies
|
|
- support for suppress keyword was added (#274)
|
|
- byte_extract keyword support was added
|
|
- improved handling of timed out TCP sessions in the detection engine
|
|
- unified2 payload logging if detection was in the HTTP state (#264)
|
|
- improved accuracy of the HTTP transaction logging
|
|
- support for larger (64 bit) Flow/Stream memcaps (#332)
|
|
- major speed improvements for PCRE, including support for PCRE JIT
|
|
- support setting flowbits in ip-only rules (#292)
|
|
- performance increases on SSE3+ CPU's
|
|
- overhaul of the packet acquisition subsystem
|
|
- packet based performance profiling subsystem was added
|
|
- TCP SACK support was added to the stream engine
|
|
- updated included libhtp to 0.2.6 which fixes several issues
|
|
|
|
1.1beta2 -- 2011-04-13
|
|
|
|
- New keyword support: http_raw_uri (including /I for pcre), ssl_state, ssl_version (#258, #259, #260, #262).
|
|
- Inline mode for the stream engine (#230, #248).
|
|
- New keyword support: nfq_set_mark
|
|
- Included an example decoder-events.rules file
|
|
- api for adding and selecting runmodes was added
|
|
- pcap logging / recording output was added
|
|
- basic SCTP protocol parsing was added
|
|
- more fine grained CPU affinity setting support was added
|
|
- stream engine inspects stream in larger chunks
|
|
- fast_pattern support for http_method content modifier (#255)
|
|
- negation support for isdataat keyword (#257)
|
|
- configurable interval for stats.log updates (#247)
|
|
- new pf_ring runmode was added that scales better
|
|
- pcap live mode now handles the monitor interface going up and down
|
|
- several QA additions to "make check"
|
|
- NFQ (linux inline) mode was improved
|
|
- Alerts classification fix (#275)
|
|
- compiles and runs on big-endian systems (#63)
|
|
- unified2 output works around barnyard2 issues with DLT_RAW + IPv6
|
|
|
|
1.1beta1 -- 2010-12-21
|
|
|
|
- New keyword support: http_raw_header, http_stat_msg, http_stat_code.
|
|
- A new default pattern matcher, Aho-Corasick based, that uses much less memory.
|
|
- reference.config support as supplied by ET/ETpro and VRT.
|
|
- Much improved fast_pattern support, including for http_uri, http_client_body, http_header, http_raw_header.
|
|
- Improved parsers, especially the DCERPC parser.
|
|
- Much improved performance & accuracy.
|
|
|
|
1.0.5 -- 2011-07-25
|
|
|
|
- Fix stream reassembly bug #300. Thanks to Rmkml for the report.
|
|
- Fix several (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
|
|
|
|
1.0.4 -- 2011-06-24
|
|
|
|
- LibHTP updated to 0.2.6
|
|
- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
|
|
- Large number of (potential) issues fixed after source code scans with the Clang static analizer.
|
|
|
|
1.0.3 -- 2011-04-13
|
|
|
|
- Fix broken checksum calculation for TCP/UDP in some cases
|
|
- Fix errors in the byte_test, byte_jump, http_method and http_header keywords
|
|
- Fix a ASN1 parsing issue
|
|
- Improve LibHTP memory handling
|
|
- Fix a defrag issue
|
|
- Fix several stream engine issues
|
|
|