[ANN]: Firestorm 0.5.5 a.k.a. "It's just a ride"

[Gianni Tedesco <gianni () scaramanga co uk>]

Hi,

After an extended development period, Firestorm 0.5.5 has been released.
You can pick up source code and RPMs from:

        http://www.scaramanga.co.uk/firestorm/download.html

In this version there have been significant performance increases in the
signature matching department. A new n-ary tree approach replaces the
old btree system, this has a number of advantages including more
flexibility and lowered stack recursion. It seems to have produced a 25%
boost in overall sensor performance. More work is being done in this
area including plans to move to an Interval Decision Diagram (IDD) type
lookup which is expected to produce a 5-10% improvement again. You
should check out Mikkel Christiansen and Emmanuel Fleurys paper on the
topic 'An Interval Decision Diagram Based Firewall' if interested.

An HTTP normalization plugin was added and tcp stream reassembly
accuracy was improved. Also the console has recieved a few interface
improvements including moving to the new GtkFileChooser API and
implementing basic UI for the index-optimised filtering features of
ELOG.

But most importantly, a number of bugs have been fixed and limitations
removed:

 o Large file support added.
 o Removed a lot of redundant API cruft and cleaned out a substancial
   number of plugins.
 o Write index files safely.
 o Properly strip escapes in snort messages.
 o Enforce log timeout periods even if no packets have been sent using
   an interval timer.
 o Fix some signal handling bugs.
 o Fixed a TCP state serialization/deserialization bug.
 o Lots of minor bug fixes fixes such as signed comparisons
 o Fixed a niggling memory leakage-to-file bug in elog output
 o Allow string fields to be queried on elog databases
 o Fix depth/nocase/offset if they dont occur right after 'content'
 o Elog indexes are automatically created when elogs are opened in
   the console.
 o Allow firestorm to run with soft realtime scheduling priority
 o Dynamically expand initial log buffer
 o Allow specifiying UID/GID by name in firestorm.conf
 o NULL/LOOPBACK now supported (for BSD virtual interfaces)
 o Fix endian problems with Linux SLL and NULL/LOOPBACK protocol
 o Help messages in firecat now display plugins and arguments
 o Fix bugs where capdevs were setting wrong packet flags
 o Use RTLD_LAZY if RTLD_NOW not supported
 o gcc2 bug workarounds
 o removed limits on log message sizes

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part