aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add content to ChangeLog and add links to more up to date versions of various docs.

Browse Source
remotes/origin/master-1.1.x suricata-1.1
Victor Julien 14 years ago
parent c484b7a59e
commit 6256d6b598
4 changed files with 109 additions and 0 deletions
Show Stats Download Patch File Download Diff File

94
ChangeLog
Unescape Escape View File

@ -0,0 +1,94 @@
1.1 -- 2011-11-10
- CUDA build fixed
- minor pcap, AF_PACKET and PF_RING fixes (#368)
- bpf handling fix
- Windows CYGWIN build
- more cleanups
1.1rc1 -- 2011-11-03
- extended HTTP request logging for use with (among other things) http_agent for Sguil (#38)
- AF_PACKET report drop stats on shutdown (#325)
- new counters in stats.log for flow and stream engines (#348)
- SMTP parsing code support for BDAT command (#347)
- HTTP URI normalization no longer converts to lowercase (#362)
- AF_PACKET works with privileges dropping now (#361)
- Prelude output for state matches (#264, #355)
- update of the pattern matching code that should improve accuracy
- rule parser was made more strict (#295, #312)
- multiple event suppressions for the same SID was fixed (#366)
- several accuracy fixes
- removal of the unified1 output plugins (#353)
1.1beta3 -- 2011-10-25
- af-packet support for high speed packet capture
- "replace" keyword support (#303)
- new "workers" runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap
- added "stream-event" keyword to match on TCP session anomalies
- support for suppress keyword was added (#274)
- byte_extract keyword support was added
- improved handling of timed out TCP sessions in the detection engine
- unified2 payload logging if detection was in the HTTP state (#264)
- improved accuracy of the HTTP transaction logging
- support for larger (64 bit) Flow/Stream memcaps (#332)
- major speed improvements for PCRE, including support for PCRE JIT
- support setting flowbits in ip-only rules (#292)
- performance increases on SSE3+ CPU's
- overhaul of the packet acquisition subsystem
- packet based performance profiling subsystem was added
- TCP SACK support was added to the stream engine
- updated included libhtp to 0.2.6 which fixes several issues
1.1beta2 -- 2011-04-13
- New keyword support: http_raw_uri (including /I for pcre), ssl_state, ssl_version (#258, #259, #260, #262).
- Inline mode for the stream engine (#230, #248).
- New keyword support: nfq_set_mark
- Included an example decoder-events.rules file
- api for adding and selecting runmodes was added
- pcap logging / recording output was added
- basic SCTP protocol parsing was added
- more fine grained CPU affinity setting support was added
- stream engine inspects stream in larger chunks
- fast_pattern support for http_method content modifier (#255)
- negation support for isdataat keyword (#257)
- configurable interval for stats.log updates (#247)
- new pf_ring runmode was added that scales better
- pcap live mode now handles the monitor interface going up and down
- several QA additions to "make check"
- NFQ (linux inline) mode was improved
- Alerts classification fix (#275)
- compiles and runs on big-endian systems (#63)
- unified2 output works around barnyard2 issues with DLT_RAW + IPv6
1.1beta1 -- 2010-12-21
- New keyword support: http_raw_header, http_stat_msg, http_stat_code.
- A new default pattern matcher, Aho-Corasick based, that uses much less memory.
- reference.config support as supplied by ET/ETpro and VRT.
- Much improved fast_pattern support, including for http_uri, http_client_body, http_header, http_raw_header.
- Improved parsers, especially the DCERPC parser.
- Much improved performance & accuracy.
1.0.5 -- 2011-07-25
- Fix stream reassembly bug #300. Thanks to Rmkml for the report.
- Fix several (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
1.0.4 -- 2011-06-24
- LibHTP updated to 0.2.6
- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
- Large number of (potential) issues fixed after source code scans with the Clang static analizer.
1.0.3 -- 2011-04-13
- Fix broken checksum calculation for TCP/UDP in some cases
- Fix errors in the byte_test, byte_jump, http_method and http_header keywords
- Fix a ASN1 parsing issue
- Improve LibHTP memory handling
- Fix a defrag issue
- Fix several stream engine issues

2
doc/INSTALL
Unescape Escape View File

@ -8,6 +8,8 @@ Suricata and the HTP library are licensed under the GPLv2. A copy of this
license is available in this tarball, or at: license is available in this tarball, or at:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Up to date installation guides are available online, at:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
Build Requirements Build Requirements
================== ==================

3
doc/INSTALL.PF_RING
Unescape Escape View File

@ -1,3 +1,6 @@
An up to date version of this document is available online at:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_PF_RING
#Install DKMS #Install DKMS
apt-get install dkms apt-get install dkms

10
doc/INSTALL.WINDOWS
Unescape Escape View File

@ -1,3 +1,13 @@
Before you start
================
An up to date version of this document can be found online:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
Alternatively, an installation document for using CYGWIN instead of MinGW can
be found here:
https://redmine.openinfosecfoundation.org/attachments/download/676/SurWinInstallGuide.pdf
This file describes how to build and run Suricata on Windows. Currently This file describes how to build and run Suricata on Windows. Currently
Windows XP and above are supported. Windows XP and above are supported.

Write Preview
Loading…
Cancel
Save