Emva kweminyaka esixhenxe yophuhliso, UCisco ukhuphe ukhuphelo lokuqala oluzinzileyo Inkqubo yokuthintela ukuhlaselwa Snort 3 eyayihlengahlengiswa ngokupheleleyo, Ukongeza kokwenza lula ukucwangciswa kunye nokumiliselwa kweSnort, kunye ne ukubanakho ukuzenzekelayo, yenza lula ulwimi olusebenzayo, ibhaqe ngokuzenzekelayo zonke iiprotocol, ukubonelela nge iqokobhe lolawulo lomgca wokuyalela, Ukufunda okuninzi ngokusebenzayo kunye nokufikelela okwabelwanayo kwabalawuli abahlukeneyo kuqwalaselo olunye nangaphezulu.
Kwabo abangamaziyo uSnort, kuya kufuneka uyazi loo nto Unokuhlalutya ukugcwala ngexesha langempela, uphendule kwisenzo esibi kunye nokugcina uluhlu lwephakheji eneenkcukacha zohlalutyo lweziganeko lwamva
I-Snort 3 yesebe, ekwabizwa ngokuba yiprojekthi ye-Snort ++, iye yaphinda yawucingisisa umxholo kunye noyilo lwemveliso yazo.
Umsebenzi kwi-Snort 3 waqala ngo-2005 kodwa kungekudala washiywa kwaye waqala kwakhona ngo-2013 emva kokuba uCisco ethathe iprojekthi.
Snort 3 iindaba eziphambili
Kwinguqulelo entsha ye Snort 3 utshintshelwe kwinkqubo entsha yokuseta, Inika is syntax esenziwe lula kwaye ivumela ukusetyenziswa kweskripthi ukwenza ngamandla ubumbeko. I-LuaJIT isetyenziselwa ukwenza iifayile zoqwalaselo, kwaye iiplagi ezisekwe kwi-LuaJIT zinokhetho olongezelelekileyo lwemigaqo kunye nenkqubo yobhaliso.
Olunye utshintsho olwahlukileyo kukuba i-injini iye yaphuculwa ukuze ibone uhlaselo, imigaqo ihlaziyiwe, kongezwe amandla okubopha ii-buffers kwimithetho (i-stickers buffers) kunye ne-injini ye-Hyperscan yokukhangela nayo isetyenzisiwe, eyenza ukuba kube lula ukusebenzisa iipatheni ezibangele ngokukhawuleza nangokuchanekileyo ngokuchanekileyo ngokusekwe kumabinzana aqhelekileyo kwimigaqo;
Kwakhona, kwi-Snort 3 yongeze indlela entsha yokubonisa kwi-HTTP Yiseshoni echazayo kwaye igubungela i-99% yemeko exhaswa yi-HTTP Evader test suite, kunye nenkqubo yokuhlola eyongeziweyo ye-HTTP / 2 yezithuthi.
Ukusebenza kwendlela yokuhlola ipakethi enzulu kuphuculwe kakhulu. Ukongezwa kwamandla okupakisha iipakethe, ukuvumela ukwenziwa ngaxeshanye kwemisonto emininzi kunye nabaphathi bepakethi kunye nokubonelela ngokulinganisa okuthe ngqo ngokusekwe kwinani lee-CPU cores.
Ugcino oluqhelekileyo lweetafile zoqwalaselo luphunyeziwe kunye neempawu, ekwabelwana ngazo kwiinkqubo ezahlukeneyo, ezinciphise kakhulu ukusetyenziswa kwememori ngokususa ukuphindaphindwa kolwazi.
Ngaphezu koko utshintsho kuyilo lweemodyuli lubonakalisiwe, Ukukwazi ukwandisa ukusebenza ngeeplagi-ins kunye nokuphunyezwa kweenkqubo eziphambili zohlobo lwee-plug-ins ezinokubuyiselwa.
Kukho iiplagi ezingaphezu kwama-200 ze-Snort 3 okwangoku, egubungela usetyenziso olwahlukeneyo, njengokuvumela ukongeza ii-codecs zakho, iindlela zokubonisa, iindlela zobhaliso, iintshukumo, kunye nokhetho kwimithetho.
Olunye utshintsho olwahlukileyo kuhlobo olutsha:
- Yongezwe inkxaso yefayile ukukhawulezisa ngaphezulu useto olunxulumene noseto olungagqibekanga.
- Ukusetyenziswa kwe snort_config.lua kunye ne-SNORT_LUA_PATH kuyekisiwe ukwenza lula uqwalaselo.
- Yongeze inkxaso yokulayisha kwakhona useto kubhabho.
- Inkqubo entsha yelog yomsitho esebenzisa ifomathi yeJSON kwaye idityaniswa ngokulula namaqonga angaphandle anje nge-Elastic Stack.
- Ukufunyanwa okuzenzekelayo kweenkonzo ezisebenzayo, ukuphelisa isidingo sokuchaza ngesandla izibuko lenethiwekhi esebenzayo.
- Ikhowudi ibonelela ngesakhono sokusebenzisa ii-C ++ zokwakha ezichazwe kumgangatho we-C ++ 14 (indibano ifuna umhlanganisi oxhasa i-C ++ 14).
- Isilawuli esitsha se-VXLAN songezwa.
- Ukuphuculwa kophendlo lweentlobo zomxholo ngomxholo kusetyenziswa ezinye iindlela zokuhlaziya zeBoyer-Moore kunye ne-Hyperscan algorithms.
- Ukukhululwa ngokukhawuleza ngokusebenzisa imisonto emininzi ukwenza amaqela olawulo;
- Yongeza indlela entsha yobhaliso.
- Inkqubo yokuhlola ye-RNA (yokwazisa ngenethiwekhi yeXesha leNene) yongezwa, eqokelela ulwazi malunga nezixhobo, imikhosi, usetyenziso kunye neenkonzo ezikhoyo kwinethiwekhi.
Gqibela ukuba ufuna ukwazi ngakumbi ngayo malunga nohlobo olutsha, ungakhangela iinkcukacha kwikhonkco elilandelayo.