Firestorm :: Developers

home :: news :: download :: developers :: documentation

Bugs/Patches/Support
You can send all three to the wonderful magical mailing list. You don't need to be subscribed to send messages, just send them straight to <firestorm at scaramanga dot co dot uk>.

Mailing List
You can subscribe to the firestorm mailing list by sending a blank email message to <firestorm-subscribe at scaramanga dot co dot uk>. After a short conversation with Mr. Ezmlm, our mailing list manager, you will be signed on to the mailing list.

Mailing List Archive
The mailing list is archived online.

I'm a big mouthed programmer but I don't know where to start!
Check the TODO file for a short-term idea of whats happening with firestorm development, this file is updated fairly regularly. Alternatively you can take a look at the HACKING file for an idea of perrenial TODO items that always need working on. Some of the C files have TODO lists in the header comments. If you dig GNOME you can always make UI improvements. How about i18n support? Icons? If still nothing seems interesting mail me or the list, given the size of my mental TODO list, I'm sure we can think of *something* fun.

Profiles and Benchmarks
Here is a recent profile of firestorm clocking 257mbps with a full ruleset on an old celeron 900. The functions template_match, ip_src_detect and ip_dst_detect are shortly to be optimized with a new algorithm. The overhead of tcp_csum may be ameliorated by using inline assembly and MMX/SSE/Altivec etc.

And here are some old profiles of both firestorm and snort using the excellent oprofile low-overhead full system profiler. Snort is here for comparison as it is not only firestorms main competition but also a fantastic tool and the gold standard of network intrusion detection.

• Hardware: Dell 2500: PIII-1.2GHz 512MB RAM, SCSI disks. cpuinfo meminfo lspci
• Firestorm: firestorm-0.5.2: [config]
• Snort: snort-1.9.0: [config]
• Snort2: snort2-cvs, checked out on 2003-02-02: [config]
• Kernel: Linux 2.5.59: [dmesg] [config] [uname]
• Data: Lincoln Labs 1998-testing week1-monday (396MB) [md5sum]. This dataset was chosen because it fit entirely in to page cache (RAM) eliminating disk seek-time noisiness in the profiles.
• Signatures: About 1600 snort signatures were taken from some cvs version, possibly modified.

Firestorm ran to completion in 19 seconds, snort took 30 seconds, thats a 50% performance boost using firestorm over snort (snort2-cvs actually ran in 22 seconds which is a major improvement!). I will produce some exact timings and results at some later date. I have left kernel and libraries and EVERYTHING in the profiles, enjoy ;)

• oprofile: firestorm-0.5.2: Fri Jan 31 2003
• oprofile: snort-1.9.0: Fri Jan 31 2003
• oprofile: snort2-cvs: Mon Feb 03 2003

I will do some more realistic tests at some point in the future. I need a realistic test machine, some better datasets (I have some good private ones, but will use some public data aswell so people can reproduce my results). I also need to use the newer snort2 rulesets.

Plugin API Specs
Coming real soon now™ I'm basically just waiting for it to become a bit more stable before even bothering to start writing anything. This should come together over the 0.6.x series.

<processed-meat-arachnid at scaramanga dot co dot uk>

This page is public domain. No trademarks, no patents, no copywrongs.