aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ef46345792'
${ noResults }
suricata/ChangeLog

149 lines
6.4 KiB
Plaintext
Raw Blame History

1.2.1 -- 2012-01-20
- fix malformed unified2 records when writing alerts trigger by stream inspection (#402)
- only force a pseudo packet inspection cycle for TCP streams in a state >= established
1.2 -- 2012-01-19
- improved Windows/CYGWIN path handling (#387)
- fixed some issues with passing an interface or ip address with -i
- make live worker runmode threads adhere to the 'detect' cpu affinity settings
1.2rc1 -- 2012-01-11
- app-layer-events keyword: similar to the decoder-events and stream-events, this will allow matching on HTTP and SMTP events
- auto detection of checksum offloading per interface (#311)
- urilen options to match on raw or normalized URI (#341)
- flow keyword option "only_stream" and "no_stream"
- unixsock output options for all outputs except unified2 (PoC python script in the qa/ dir) (#250)
- in IPS mode, reject rules now also drop (#399)
- http_header now also inspects response headers (#389)
- "worker" runmodes for NFQ and IPFW
- performance improvement for "ac" pattern matcher
- allow empty/non-initialized flowints to be incremented
- PCRE-JIT is now enabled by default if available (#356)
- many file inspection and extraction improvements
- flowbits and flowints are now modified in a post-match action list
- general performance increasements
- fixed parsing really high sid numbers >2 Billion (#393)
- fixed ICMPv6 not matching in IP-only sigs (#363)
1.2beta1 -- 2011-12-19
- File name, type inspection and extraction for HTTP
- filename, fileext, filemagic and filestore keywords added
- "file" output for storing extracted files to disk
- file_data keyword support, inspecting normalized, dechunked, decompressed HTTP response body (feature #241
- new keyword http_server_body, pcre regex /S option
- Option to enable/disable core dumping from the suricata.yaml (enabled by default)
- Human readable size limit settings in suricata.yaml
- PF_RING bpf support (required PF_RING >= 5.1) (feature #334)
- tos keyword support (feature #364)
- IPFW IPS mode does now support multiple divert sockets
- New IPS running modes, Linux and FreeBSD do now support "worker" and "autofp"
- Improved alert accuracy in autofp and single runmodes
- major performance optimizations for the ac-gfbs pattern matcher implementation
- unified2 output fixes
- PF_RING supports privilege dropping now (bug #367)
- Improved detection of duplicate signatures
1.1.1 -- 2011-12-07
- Fix for a error in the smtp parser that could crash Suricata.
- Fix for AF_PACKET not compiling on modern linux systems like Fedora 16.
1.1 -- 2011-11-10
- CUDA build fixed
- minor pcap, AF_PACKET and PF_RING fixes (#368)
- bpf handling fix
- Windows CYGWIN build
- more cleanups
1.1rc1 -- 2011-11-03
- extended HTTP request logging for use with (among other things) http_agent for Sguil (#38)
- AF_PACKET report drop stats on shutdown (#325)
- new counters in stats.log for flow and stream engines (#348)
- SMTP parsing code support for BDAT command (#347)
- HTTP URI normalization no longer converts to lowercase (#362)
- AF_PACKET works with privileges dropping now (#361)
- Prelude output for state matches (#264, #355)
- update of the pattern matching code that should improve accuracy
- rule parser was made more strict (#295, #312)
- multiple event suppressions for the same SID was fixed (#366)
- several accuracy fixes
- removal of the unified1 output plugins (#353)
1.1beta3 -- 2011-10-25
- af-packet support for high speed packet capture
- "replace" keyword support (#303)
- new "workers" runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap
- added "stream-event" keyword to match on TCP session anomalies
- support for suppress keyword was added (#274)
- byte_extract keyword support was added
- improved handling of timed out TCP sessions in the detection engine
- unified2 payload logging if detection was in the HTTP state (#264)
- improved accuracy of the HTTP transaction logging
- support for larger (64 bit) Flow/Stream memcaps (#332)
- major speed improvements for PCRE, including support for PCRE JIT
- support setting flowbits in ip-only rules (#292)
- performance increases on SSE3+ CPU's
- overhaul of the packet acquisition subsystem
- packet based performance profiling subsystem was added
- TCP SACK support was added to the stream engine
- updated included libhtp to 0.2.6 which fixes several issues
1.1beta2 -- 2011-04-13
- New keyword support: http_raw_uri (including /I for pcre), ssl_state, ssl_version (#258, #259, #260, #262).
- Inline mode for the stream engine (#230, #248).
- New keyword support: nfq_set_mark
- Included an example decoder-events.rules file
- api for adding and selecting runmodes was added
- pcap logging / recording output was added
- basic SCTP protocol parsing was added
- more fine grained CPU affinity setting support was added
- stream engine inspects stream in larger chunks
- fast_pattern support for http_method content modifier (#255)
- negation support for isdataat keyword (#257)
- configurable interval for stats.log updates (#247)
- new pf_ring runmode was added that scales better
- pcap live mode now handles the monitor interface going up and down
- several QA additions to "make check"
- NFQ (linux inline) mode was improved
- Alerts classification fix (#275)
- compiles and runs on big-endian systems (#63)
- unified2 output works around barnyard2 issues with DLT_RAW + IPv6
1.1beta1 -- 2010-12-21
- New keyword support: http_raw_header, http_stat_msg, http_stat_code.
- A new default pattern matcher, Aho-Corasick based, that uses much less memory.
- reference.config support as supplied by ET/ETpro and VRT.
- Much improved fast_pattern support, including for http_uri, http_client_body, http_header, http_raw_header.
- Improved parsers, especially the DCERPC parser.
- Much improved performance & accuracy.
1.0.5 -- 2011-07-25
- Fix stream reassembly bug #300. Thanks to Rmkml for the report.
- Fix several (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
1.0.4 -- 2011-06-24
- LibHTP updated to 0.2.6
- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
- Large number of (potential) issues fixed after source code scans with the Clang static analizer.
1.0.3 -- 2011-04-13
- Fix broken checksum calculation for TCP/UDP in some cases
- Fix errors in the byte_test, byte_jump, http_method and http_header keywords
- Fix a ASN1 parsing issue
- Improve LibHTP memory handling
- Fix a defrag issue
- Fix several stream engine issues
Reference in New Issue View Git Blame Copy Permalink