Firestorm update.

[Gianni Tedesco <gianni@xxxxxxxxxxxxxxxx>]

Hello one and all.

Just an update on the various invisible changes which have been
happening in firestorm since version 0.5.4.

Back in December I mentioned that "I have a new idea for the signature
engine to make it go faster". Well that came to fruition and packet
matching in the latest snapshot release does go about 25% faster now.
There are still some optimisations that can be made though, and when I
get around to them, I expect another 5-10% boost in performance.

I'm also working on a unified 'field' API which unifies decode and
matcher plugins. Most of the matcher plugins are now gone. It does this
by allowing protocols to register a list of fields for themselves and a
callback for retreiving the value. The advantage of this approach is
unification, there is now no code duplication between signature matching
and index creation. This will expand over time to cover more cases and
allow for more types etc.

I have also split out elog writing in to a target plugin. I am planning
to pull all of the elog spooling code out of core firestorm and in to
that plugin. This will allow for any target plugin to be used as
firestorm output (as before) and also ease the implementation of some of
the planned enhancements to the elog system such as:
 o elog substreams (for tagging and adaptive throttling)
 o compression support:
    o gzip
    o bzip2
    o firestorm delta compression
    o rsync delta compression
 o multi-threaded backend

For sure, the 0.5.5 release will contain a *lot* of changes from 0.5.4.
I wouldn't mind releasing this week, but I still have packaging issues
to sort out, so if anyone steps forward to build RPMs and debs, in the
mean time that will speed things up.

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D