Snort mailing list archives
Snort++ Build 213 Available Now!
From: Snort Releases <snortreleases () snort org>
Date: Wed, 28 Sep 2016 10:10:37 -0400
Snort++ build 213 is now available on snort.org. This is the latest monthly update available for download. You can also get the latest updates from github (snortadmin/snort3) which is updated weekly. Snort++ is very close to overtaking Snort 2.X and with any luck Alpha 4 will be completed with the next monthly release. If you haven't tried out Snort++ nowis a good time to do so. Enhancements: * added dce udp snort2lua * added file detection when they are transferred in segments in SMB2 * added dce iface fast pattern for tcp * added --enable-tsc-clock to build/use TSC register (on x86) * updated latency to use ticks during runtime * updated default stream cache sizes to match 2.X * close tcp on rst in close wait, closing, fin wait 1, and fin wait 2 * separate idle timeouts from session timeouts counts * ported full retransmit changes from snort 2X * ported Smbv2/3 file support * ported mpls encode fixes from 2983 * ported smb file processing * ported the 2.9.8 ciscometadata decoder * ported the 2.9.8 double and triple vlan tagging changes * started dce_udp porting Bug Fixes: * fixed carved smb2 filenames * fixed multithread hyperscan mpse * fixed sd_pattern iterative validation * fixed another case of CPPUTest header order issues * fixed lua conflict with _L macro from ctype.h on OpenBSD * fixed hyperscan detection with nocase * fixed shutdown sequence * fixed --dirty-pig * fixed FreeBSD build re appid / service_rpc * fixed tcp_connector_test for OSX build * fixed binder make files to include binder.h * fixed double counting of ip and udp timeouts and prunes * fixed clearing of SYN - RST flows * fixed inverted detection_filter logic * fixed stream profile stats parents * fixed most bogus gap counts * fixed unit test for high availability, hyperscan, and regex * fixed for TCP high availability * fixed install of file_decomp.h for consistency between Snort and extras * fixed regex as fast pattern with hyperscan mpse * fixed http_inspect and tcp valgrind errors * fixed extra auto build from dist * numerous fixes, cleanup, and refactoring for appid * numerous fixes, cleanup, and refactoring for high availability Other Changes: * removed unused -w commandline option * added HA details to stream/* dev_notes * added stream.ip_frag_only to avoid tracking unwanted flows * added smtp client counters and unit tests * added appid counts for rsync * added http_inspect alerts for Transfer-Encoding and Content-Encoding abuse * tcp stream reassembly tweaks * use sd_pattern as a fast-pattern * rewrite and fix the rpc option * cleanup fragbits option implementation * finish up cutover to the new http_inspect by default * moved file capture to offload thread * updated style guide for 'using' statements and underscores * cmake: clean dead variables out of config.cmake.h * build: fixed 32-bit compiler warnings * build: fixed illumos/OpenSolaris build and remove SOLARIS/SUNOS defines * build: remove superfluous LINUX and MACOS definitions * build: remove superfluous OPENBSD and FREEBSD definitions * build: entering 'std' namespace should be after all headers are included * build: clean up u_int*_t usage * build: remove SPARC support * build: clean up some DAQ header inclusion creep * cleaned up compiler warnings Please submit bugs, questions, and feedback to bugs () snort org or the Snort-Users mailing list. Happy Snorting! The Snort Release Team ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort++ Build 213 Available Now! Snort Releases (Sep 28)