Wednesday, September 21, 2016

Snort++ Update

Pushed build 210 to github (snortadmin/snort3):
  • started dce_udp porting
  • added HA details to stream/* dev_notes
  • added stream.ip_frag_only to avoid tracking unwanted flows
  • updated default stream cache sizes to match 2.X
  • fixed tcp_connector_test for OSX build
  • fixed binder make files to include binder.h
  • fixed double counting of ip and udp timeouts and prunes
  • fixed clearing of SYN - RST flows
Pushed build 209 to github last week:
  • add dce iface fast pattern for tcp
  • add --enable-tsc-clock to build/use TSC register (on x86)
  • update latency to use ticks during runtime
  • tcp stream reassembly tweaks
  • fix inverted detection_filter logic
  • fix stream profile stats parents
  • fix most bogus gap counts
  • unit test fixes for high availability, hyperscan, and regex