Snort v3.1.76 releases: Intrusion Prevention System
Snort++
The Snort++ (Snort 3) project has been hard at work for a while now and we have released the fourth alpha of the next generation Snort IPS (Intrusion Prevention System). This file will show you what Snort++ has to offer and guide you through the steps from download to demo.
This version of Snort++ includes new features as well as all Snort 2.X features and bug fixes for the base version of Snort except as indicated below:
Project = Snort++ Binary = snort Version = 3.0.0-a4 build 235 Base = 2.9.8 build 383
Here are some key features of Snort++:
- Support multiple packet processing threads
- Use a shared configuration and attribute table
- Use a simple, scriptable configuration
- Make key components pluggable
- Autodetect services for portless configuration
- Support sticky buffers in rules
- Autogenerate reference documentation
- Provide better cross-platform support
- Facilitate component testing
Additional features on the roadmap include:
- Use a shared network map
- Support pipelining of packet processing
- Support hardware offload and data plane integration
- Support proxy mode
- Windows support
Changelog v3.1.76
Changes in this release since 3.1.75.0:
- appid: added missed cppcheck warning
- appid: adding support for memory profiling of third party lib
- appid: additional check for lua logging
- appid: fixing coverity issues
- dns: fix parsing ‘additionals’ section in dns response
- flow_cache: added new protocol base counters
- pegs: make add_peg_count and set_peg_count protected to be available for the derived class
- perf_mon: fix variable name issue reported by cppcheck