[Snort-users] Snort 3.0 Beta 3 is available.
roesch at ...1935...
Wed Apr 1 16:17:22 EDT 2009
Go get it here:
>From the RELEASE.NOTES
* Updated snort analytic to 22.214.171.124.
* Added dynamic-plugins/sf_engine/examples/ and tweaked sspiffy.sh to handle SO
* Hardened PORTLISTS code.
* Fixed load balancing bug in framework.
* Better integration of the Snort analytic with the framework. Packet decoding
and flow computation are now done solely by the framework.
* Added more options to sspiffy.sh.
* Added single threaded mode (configure --enable-single-threaded). More on
* Reduced thread local storage (TLS) accesses.
* Changed shared objects to use hidden visibility by default to reduce
The SnortSP architecture was designed to be as flexible as possible to obtain
the best performance for your security software on any given platform. In this
3rd Beta release, you can build SnortSP in two basic ways:
* Multithreaded mode (original): this is the default. In this mode the core
functions like packet acquisition, decoding, and flowing are peformed by the
framework in one thread and the analytics perform detection in their own
* Single-threaded mode (new): this is enabled by configure
--enable-single-threaded. In this mode, the framework and analytics are
"stacked" up to run sequentially in the same thread. You can even configure
multiple stacks to run in parallel.
In either mode, you can pin the engine and analytics to specific
processors on multicore systems.
That's the basics. I'll be doing a more extensive posting to cover
the architectural changes shortly.
Thanks to the Snort Team and everyone at Sourcefire who helped get
this one out the door!
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
More information about the Snort-users