Cisco inguqulo yokugcina ye-beta yesistimu yokuvimbela ukuhlasela eklanywe kabusha ngokuphelele , eyaziwa nangokuthi iphrojekthi ye-Snort++, ibilokhu iqhubeka njalo kusukela ngo-2005. Umuntu ozokhululwa kuhlelwe ukuthi ashicilelwe ngasekupheleni kwalo nyaka.
Egatsheni elisha, umqondo womkhiqizo ucatshangelwe kabusha ngokuphelele futhi izakhiwo ziklanywe kabusha. Ezindaweni ezigcizelelwe lapho kulungiswa igatsha elisha, kukhona ukwenziwa lula kokumisa nokusebenzisa i-Snort, ukucushwa okuzenzakalelayo, ukwenziwa lula kolimi lokwakha umthetho, ukutholwa okuzenzakalelayo kwazo zonke izivumelwano, ukuhlinzeka ngegobolondo lokulawula kusuka kulayini womyalo, ukusetshenziswa okusebenzayo. yokuhlanganisa okuningi ngokufinyelela okwabelwanayo kwezibambi ezihlukene ekucushweni okukodwa.
Lokhu okuqanjwa okusha okubalulekile kusetshenziswe:
- Ushintsho oluya ohlelweni olusha lokumisa lwenziwe, lunikeza i-syntax eyenziwe lula futhi luvumela ukusetshenziswa kwemibhalo ukukhiqiza izilungiselelo ngendlela eguquguqukayo. I-LuaJIT isetshenziselwa ukucubungula amafayela okumisa. Ama-plugin asekelwe e-LuaJIT anikezwa ukuqaliswa kwezinketho ezengeziwe zemithetho kanye nesistimu yokungena;
- Injini yokuthola ukuhlaselwa yenziwe yaba yesimanjemanje, imithetho ibuyekeziwe, ikhono lokubopha izigcinalwazi emithethweni (izibhafa ezinamathelayo) zengeziwe. Injini yokusesha ye-Hyperscan yasetshenziswa, eyenza kube nokwenzeka ukusebenzisa izifanekiso ezisheshayo nezinembe kakhulu ngokusekelwe emazwini avamile emithethweni;
- Kwengezwe imodi entsha yokuhlola ye-HTTP eneseshini eshoyo futhi ehlanganisa u-99% wezimo ezisekelwa i-test suite . Ikhodi yosekelo lwe-HTTP/2 ingaphansi kokuthuthukiswa;
- Ukusebenza kwemodi ye-Deep Packet Inspection kuthuthukiswe kakhulu. Kwengezwe ikhono lokucutshungulwa kwephakethe lemicu eminingi, okuvumela ukusetshenziswa ngasikhathi sinye kwemicu eminingana ngezibambi zephakethe nokuhlinzeka ngokulinganisa komugqa kuye ngenani lama-CPU cores;
- Kwenziwa inqolobane evamile yokucushwa kanye namathebula esibaluli, okwabelwana ngawo phakathi kwamasistimu angaphansi ahlukene, okuye kwanciphisa kakhulu ukusetshenziswa kwenkumbulo ngenxa yokuqedwa kokuphindwaphindwa kolwazi;
- Uhlelo olusha lokugawula imicimbi olusebenzisa ifomethi ye-JSON futhi luhlanganiswe kalula nezinkundla zangaphandle ezifana ne-Elastic Stack;
- Ukushintshela ekwakhiweni kwe-modular, ikhono lokwandisa ukusebenza ngoxhumo lwama-plug-in kanye nokuqaliswa kwamasistimu angaphansi abalulekile ngendlela yama-plug-in ashintshwayo. Njengamanje, ama-plugin angamakhulu amaningana asevele asetshenziswe ku-Snort 3, ehlanganisa izindawo ezihlukahlukene zohlelo lokusebenza, isibonelo, ukuvumela ukuthi wengeze ama-codec akho, izindlela zokuzihlola, izindlela zokungena, izenzo kanye nezinketho emithethweni;
- Ukutholwa okuzenzakalelayo kwamasevisi asebenzayo, okususa isidingo sokucacisa mathupha izimbobo zenethiwekhi ezisebenzayo.
Izinguquko kusukela ekukhishweni kokuhlolwa kokugcina, okushicilelwe ngo-2018:
- Ukwesekwa okwengeziwe kwamafayela ukuze kukhishwe ngokushesha izilungiselelo ngokuhlobene nokucushwa okuzenzakalelayo;
- Ikhodi inikeza ikhono lokusebenzisa ukwakhiwa kwe-C++ okuchazwe ezingeni le-C++14 (ukwakha kudinga umdidiyeli osekela i-C++14);
- Kwengezwe isibambi esisha se-VXLAN;
- Ukusesha okuthuthukisiwe kwezinhlobo zokuqukethwe ngokuqukethwe kusetshenziswa okunye ukusetshenziswa okubuyekeziwe kwama-algorithms ΠΈ ;
- Uhlelo lokuhlolwa kwethrafikhi lwe-HTTP/2 selulethwe ngokugcwele;
- Ukuqalisa kuyasheshiswa ngenxa yokusetshenziswa kwemicu eminingana yokuhlanganisa amaqembu emithetho;
- Kwengezwe indlela entsha yokugawula;
- Ukutholwa kwephutha kwe-Lua okuthuthukisiwe kanye nokugunyazwa okulungiselelwe;
- Izinguquko zenziwe ukuze kusetshenziswe izilungiselelo zokulayisha kabusha ngokuhamba kwesikhathi;
- Kwengezwe isistimu yokuhlola ye-RNA (Real-time Network Awareness) eqoqa ulwazi mayelana nezinsiza, ababungazi, izinhlelo zokusebenza namasevisi atholakala kunethiwekhi;
- Ukusetshenziswa kwe-snort_config.lua ne-SNORT_LUA_PATH kuhoxisiwe ukuze kwenziwe ukumisa kube lula.
Source: opennet.ru