New Features
- ported smtp inspector from Snort
- ported file capture from Snort
- added file_magic.lua
- added socket DAQ to input payload only with flow tuple
- added hext DAQ to for packet input in hex and plain text
- added file DAQ for plain file input (w/o packets)
- added socket codec for use with above DAQs
- added stream_user for payload only processing
- added stream_file for file inspection and processing
Enhancements
- changed new_http_inspect parsing and event handling
- changed stream_tcp to reassemble payload only
- changed -K to -L (log type)
- changed hex dumps to 20 hex bytes per line instead of 16
- rewrote alert_csv with all new default format
Bug fixes
- fixed dns inspector typo for tcp checks
- fixed config error for inspection of rebuilt packets
- fixed autotools build of manual wrt plugins
- fixed xcode static analysis issues
- fixed other misc bugs
Other Changes
- updated default manuals
- updated usage from blog
- updated unified2 to support data only packets
- deleted alert_test
- deleted obsolete REG_TEST logging
Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.
Happy Snorting!
The Snort Release Team