[Snort-devel] Snort++ Build 213 Available Now!

Snort Releases snortreleases at ...835...
Wed Sep 28 10:10:37 EDT 2016

Snort++ build 213 is now available on snort.org.  This is the latest 
monthly update available for download.  You can also get the latest 
updates from github (snortadmin/snort3) which is updated weekly.

Snort++ is very close to overtaking Snort 2.X and with any luck Alpha 4 
will be completed with the next monthly release.  If you haven't tried 
out Snort++ nowis a good time to do so.


* added dce udp snort2lua
* added file detection when they are transferred in segments in SMB2
* added dce iface fast pattern for tcp
* added --enable-tsc-clock to build/use TSC register (on x86)
* updated latency to use ticks during runtime
* updated default stream cache sizes to match 2.X
* close tcp on rst in close wait, closing, fin wait 1, and fin wait 2
* separate idle timeouts from session timeouts counts

* ported full retransmit changes from snort 2X
* ported Smbv2/3 file support
* ported mpls encode fixes from 2983
* ported smb file processing
* ported the 2.9.8 ciscometadata decoder
* ported the 2.9.8 double and triple vlan tagging changes
* started dce_udp porting

Bug Fixes:

* fixed carved smb2 filenames
* fixed multithread hyperscan mpse
* fixed sd_pattern iterative validation
* fixed another case of CPPUTest header order issues
* fixed lua conflict with _L macro from ctype.h on OpenBSD
* fixed hyperscan detection with nocase
* fixed shutdown sequence
* fixed --dirty-pig
* fixed FreeBSD build re appid / service_rpc
* fixed tcp_connector_test for OSX build
* fixed binder make files to include binder.h
* fixed double counting of ip and udp timeouts and prunes
* fixed clearing of SYN - RST flows
* fixed inverted detection_filter logic
* fixed stream profile stats parents
* fixed most bogus gap counts
* fixed unit test for high availability, hyperscan, and regex
* fixed for TCP high availability
* fixed install of file_decomp.h for consistency between Snort and extras
* fixed regex as fast pattern with hyperscan mpse
* fixed http_inspect and tcp valgrind errors
* fixed extra auto build from dist
* numerous fixes, cleanup, and refactoring for appid
* numerous fixes, cleanup, and refactoring for high availability

Other Changes:

* removed unused -w commandline option
* added HA details to stream/* dev_notes
* added stream.ip_frag_only to avoid tracking unwanted flows
* added smtp client counters and unit tests
* added appid counts for rsync
* added http_inspect alerts for Transfer-Encoding and Content-Encoding abuse
* tcp stream reassembly tweaks
* use sd_pattern as a fast-pattern
* rewrite and fix the rpc option
* cleanup fragbits option implementation
* finish up cutover to the new http_inspect by default
* moved file capture to offload thread
* updated style guide for 'using' statements and underscores

* cmake: clean dead variables out of config.cmake.h
* build: fixed 32-bit compiler warnings
* build: fixed illumos/OpenSolaris build and remove SOLARIS/SUNOS defines
* build: remove superfluous LINUX and MACOS definitions
* build: remove superfluous OPENBSD and FREEBSD definitions
* build: entering 'std' namespace should be after all headers are included
* build: clean up u_int*_t usage
* build: remove SPARC support
* build: clean up some DAQ header inclusion creep
* cleaned up compiler warnings

Please submit bugs, questions, and feedback to bugs at ...835... or the 
Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

More information about the Snort-devel mailing list