"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/upgrade/snort_upgrade.text" between
snort3-3.1.29.0.tar.gz and snort3-3.1.30.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

snort_upgrade.text  (snort3-3.1.29.0):snort_upgrade.text  (snort3-3.1.30.0)
--------------------------------------------------------------------- ---------------------------------------------------------------------
Snort 3 Upgrade Manual Snort 3 Upgrade Manual
--------------------------------------------------------------------- ---------------------------------------------------------------------
The Snort Team The Snort Team
Revision History Revision History
Revision 3.1.29.0 2022-05-04 08:06:54 EDT TST Revision 3.1.30.0 2022-05-19 00:39:56 EDT TST
--------------------------------------------------------------------- ---------------------------------------------------------------------
Table of Contents Table of Contents
1. Overview 1. Overview
1.1. Efficacy 1.1. Efficacy
1.2. Performance 1.2. Performance
1.3. Scalability 1.3. Scalability
skipping to change at line 74 skipping to change at line 74
* Hyperscan support * Hyperscan support
* Rewritten TCP handling * Rewritten TCP handling
* New rule parser and syntax * New rule parser and syntax
* Service rules like alert http * Service rules like alert http
* Rule "sticky" buffers * Rule "sticky" buffers
* Way better SO rules * Way better SO rules
* New HTTP inspector * New HTTP inspector
* New performance monitor * New performance monitor
* New time and space profiling * New time and space profiling
* New latency monitoring and enforcement * New latency monitoring and enforcement
* Piglets to facilitate component testing
* Inspection Events * Inspection Events
* Autogenerate reference documentation * Autogenerate reference documentation
1.1. Efficacy 1.1. Efficacy
-------------- --------------
* Detects and blocks all but 10 HTTP Evader tests (see https:// * Detects and blocks all but 10 HTTP Evader tests (see https://
noxxi.de/research/http-evader.html). noxxi.de/research/http-evader.html).
* Autodetection of services reduces misses due to incorrect or out * Autodetection of services reduces misses due to incorrect or out
skipping to change at line 165 skipping to change at line 164
--------------------------------------------------------------------- ---------------------------------------------------------------------
2.1. Features New to Snort 3 2.1. Features New to Snort 3
-------------- --------------
Some things Snort++ can do today that Snort can not do: Some things Snort++ can do today that Snort can not do:
* regex fast patterns, not just literals * regex fast patterns, not just literals
* FlatBuffers and JSON perf monitor logs * JSON perf monitor logs
* LuaJIT scriptable rule options and loggers * LuaJIT scriptable rule options and loggers
* pub/sub inspection events (currently used by sip and http_inspect * pub/sub inspection events (currently used by sip and http_inspect
to appid) to appid)
* JIT buffer stuffers (notably with new http_inspect) * JIT buffer stuffers (notably with new http_inspect)
* C-style comments in rules * C-style comments in rules
* #begin … #end comment blocks in rules * #begin … #end comment blocks in rules
* rule remarks (comment is part of rule, not just in it) * rule remarks (comment is part of rule, not just in it)
* process raw files (eg read a PDF and do file processing) * process raw files (eg read a PDF and do file processing)
* process raw payload (eg bridge 2 sockets and do inspection) * process raw payload (eg bridge 2 sockets and do inspection)
* fast pattern offload to separate thread (experimental) * fast pattern offload to separate thread (experimental)
 End of changes. 3 change blocks. 
3 lines changed or deleted 2 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)