snort @2.9.7.6: update to 2.9.8.0

[Schamschula (Marius Schamschula)]

snort has been updated to version 2.9.8.0.New this version:

New additions

• SMBv2/SMBv3 support for file inspection.
• Port override for metadata service in IPS rules.
• AppID Lua detector performance profiling.
• Perfmon dumps stats at fixed intervals from absolute time.
• New preprocessor alert (120:18) to detect SSH tunneling over HTTP
• New config option |disable_replace| to disable replace rule option.
• New Stream configuration |log_asymmetric_traffic| to control logging to syslog.
• New shell script in tools to create simple Lua detectors for AppID.

Improvements

• sfip_t refactored to use struct in6_addr for all ip addresses.
• Post-detection callback for preprocessors.
• AppID support for multiple server/client detectors evaluating on same flow.
• AppID API for DNS packets.
• Memory optimizations throughout.
• Support sending UDP active responses.
• Fix perfmon tracking of pruned packets.
• Stability improvements for AppID.
• Stability improvements for Stream6 preprocessor.
• Added improved support to block malware in FTP preprocessor.
• Added support to differentiate between active and passive FTP connections.
• Improvements done in Stream6 preprocessor to avoid having duplicate packets in the DAQ retry queue.
• Resolved an issue where reputation config incorrectly displayed 'blacklist' in priority field even though 'whitelist' option was configured.
• Added support for multiple expected sessions created per packet
• Active response now supports MPLS

[kurthindenburg (Kurt Hindenburg)]

Cc Me!

[kurthindenburg (Kurt Hindenburg)]

done r144124

I noticed this

Error: ---> Unknown pidfile style /opt/local/var/run/snort_en1.pid presented to startupitem.pidfile