Thursday, January 29, 2015

Snort++ build 135 is now available!

Snort++ build 135 is now available.  This is the first monthly update of the download on  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Fixes for issues reported from the community:

  • fix cmake issues (reported by Y M)
  • add missing sanity checks and g++ dependency (reported by Bill Parker)
  • add general fp re-search solution for fp buffers further restricted during rule eval (reported by @rmkml)
  • fixes for large file support on 32-bit Linux systems (reported by Y M)

Partial code sync with Snort 2.9.7:

  • malloc info output with -v at shutdown (if supported)
  • sync Mpse and add SearchTool
  • sync for sfghash, sfxhash, tag, u2spewfoo, profiler and target based
  • addition of mime decoding stats and updates to mime detection limits
  • added md5, sha256, and sha512 rule options based on Snort 2.X protected_content
  • misc bug fixes and variable renaming

Other updates:

  • fix asciidoc formatting and update default manuals
  • updated source copyrights for 2015 and reformatted license foo for consistency
  • fix default init for new_http_inspect
  • fixed active rule actions (react, reject, rewrite)
  • moved http_inspect profile defaults to snort_defaults.lua
  • add generalized infractions tracking to new_http_inspect
  • updated snort2lua to override default tables (x = { t = v }; x.t.a = 1)
  • added pflog codecs
  • fixed stream_size rule option
  • snort2lua changed to add bindings for default ports if not explicitly configured
Please take a look, download, and test out this release for Snort++ and provide us feedback on the snort-users mailing list.