The OISF development team is proud to announce Suricata 1.2rc1, the first (and hopefully only) release candidate for Suricata 1.2. It brings performance increases, file inspection and extraction improvements and much more!
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.2rc1.tar.gz
The new release comes with a number of important improvements and fixes.New features
- app-layer-events keyword: similar to the decoder-events and stream-events, this will allow matching on HTTP and SMTP events
- auto detection of checksum offloading per interface (#311)
- urilen options to match on raw or normalised URI (#341)
- flow keyword option "only_stream" and "no_stream"
- unixsock output options for all outputs except unified2 (PoC python script in the qa/ dir) (#250)Improvements
- in IPS mode, reject rules now also drop (#399)
- http_header now also inspects response headers (#389)
- "worker" runmodes for NFQ and IPFW
- performance improvement for "ac" pattern matcher
- allow empty/non-initialized flowints to be incrementedUnder the hood
- PCRE-JIT is now enabled by default if available (#356)
- many file inspection and extraction improvements
- flowbits and flowints are now modified in a post-match action list
- general performance improvementsNotable Fixes & Changes
- fixed parsing really high sid numbers >2 Billion (#393)
- fixed ICMPv6 not matching in IP-only sigs (#363)Known issues & missing features
This is a "release candidate"-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know!
As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.