Snort++ is very close to overtaking Snort 2.X and with any luck Alpha 4 will be completed with the next monthly release. If you haven't tried out Snort++ now is a good time to do so.
Enhancements:
- added dce udp snort2lua
- added file detection when they are transferred in segments in SMB2
- added dce iface fast pattern for tcp
- added --enable-tsc-clock to build/use TSC register (on x86)
- updated latency to use ticks during runtime
- updated default stream cache sizes to match 2.X
- close tcp on rst in close wait, closing, fin wait 1, and fin wait 2
- separate idle timeouts from session timeouts counts
- ported full retransmit changes from snort 2X
- ported Smbv2/3 file support
- ported mpls encode fixes from 2983
- ported smb file processing
- ported the 2.9.8 ciscometadata decoder
- ported the 2.9.8 double and triple vlan tagging changes
- started dce_udp porting
- fixed carved smb2 filenames
- fixed multithread hyperscan mpse
- fixed sd_pattern iterative validation
- fixed another case of CPPUTest header order issues
- fixed lua conflict with _L macro from ctype.h on OpenBSD
- fixed hyperscan detection with nocase
- fixed shutdown sequence
- fixed --dirty-pig
- fixed FreeBSD build re appid / service_rpc
- fixed tcp_connector_test for OSX build
- fixed binder make files to include binder.h
- fixed double counting of ip and udp timeouts and prunes
- fixed clearing of SYN - RST flows
- fixed inverted detection_filter logic
- fixed stream profile stats parents
- fixed most bogus gap counts
- fixed unit test for high availability, hyperscan, and regex
- fixed for TCP high availability
- fixed install of file_decomp.h for consistency between Snort and extras
- fixed regex as fast pattern with hyperscan mpse
- fixed http_inspect and tcp valgrind errors
- fixed extra auto build from dist
- numerous fixes, cleanup, and refactoring for appid
- numerous fixes, cleanup, and refactoring for high availability
- removed unused -w commandline option
- added HA details to stream/* dev_notes
- added stream.ip_frag_only to avoid tracking unwanted flows
- added smtp client counters and unit tests
- added appid counts for rsync
- added http_inspect alerts for Transfer-Encoding and Content-Encoding abuse
- tcp stream reassembly tweaks
- use sd_pattern as a fast-pattern
- rewrite and fix the rpc option
- cleanup fragbits option implementation
- finish up cutover to the new http_inspect by default
- moved file capture to offload thread
- updated style guide for 'using' statements and underscores
- cmake: clean dead variables out of config.cmake.h
- build: fixed 32-bit compiler warnings
- build: fixed illumos/OpenSolaris build and remove SOLARIS/SUNOS defines
- build: remove superfluous LINUX and MACOS definitions
- build: remove superfluous OPENBSD and FREEBSD definitions
- build: entering 'std' namespace should be after all headers are included
- build: clean up u_int*_t usage
- build: remove SPARC support
- build: clean up some DAQ header inclusion creep
- cleaned up compiler warnings
Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.
Happy Snorting!
The Snort Release Team