[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANN]: Firestorm 0.5.5 a.k.a. "It's just a ride"



Hi,

After an extended development period, Firestorm 0.5.5 has been released.
You can pick up source code and RPMs from:

	http://www.scaramanga.co.uk/firestorm/download.html

In this version there have been significant performance increases in the
signature matching department. A new n-ary tree approach replaces the
old btree system, this has a number of advantages including more
flexibility and lowered stack recursion. It seems to have produced a 25%
boost in overall sensor performance. More work is being done in this
area including plans to move to an Interval Decision Diagram (IDD) type
lookup which is expected to produce a 5-10% improvement again. You
should check out Mikkel Christiansen and Emmanuel Fleurys paper on the
topic 'An Interval Decision Diagram Based Firewall' if interested.

The GNOME-based console has recieved a few interface improvements
including moving to the new GtkFileChooser API and implementing basic UI
for the index-optimised filtering features of ELOG.

But most importantly, a number of bugs have been fixed and limitations
removed:

 o Large file support added.
 o Removed a lot of redundant API cruft and cleaned out a substancial
   number of plugins.
 o Write index files safely.
 o Properly strip escapes in snort messages.
 o Enforce log timeout periods even if no packets have been sent using
   an interval timer.
 o Fix some signal handling bugs.
 o Fixed a TCP state serialization/deserialization bug.
 o Lots of minor bug fixes fixes such as signed comparisons
 o Fixed a niggling memory leakage-to-file bug in elog output
 o Allow string fields to be queried on elog databases
 o Fix depth/nocase/offset if they dont occur right after 'content'
 o Elog indexes are automatically created when elogs are opened in
   the console.
 o Allow firestorm to run with soft realtime scheduling priority
 o Dynamically expand initial log buffer
 o Allow specifiying UID/GID by name in firestorm.conf
 o NULL/LOOPBACK now supported (for BSD virtual interfaces)
 o Fix endian problems with Linux SLL and NULL/LOOPBACK protocol
 o Help messages in firecat now display plugins and arguments
 o Fix bugs where capdevs were setting wrong packet flags
 o Use RTLD_LAZY if RTLD_NOW not supported
 o gcc2 bug workarounds
 o removed limits on log message sizes

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part