Cisco ekuthuthukisweni kwekhandidethi lokukhululwa kwesistimu yokuvimbela ukuhlasela eklanywe kabusha ngokuphelele , eyaziwa nangokuthi iphrojekthi ye-Snort++, ebisebenza ngezikhathi ezithile kusukela ngo-2005. Ukukhishwa okuzinzile kuhlelwe ukuthi kushicilelwe phakathi nenyanga.
Egatsheni le-Snort 3, umqondo womkhiqizo ucatshangelwe kabusha ngokuphelele futhi nezakhiwo ziklanywe kabusha. Phakathi kwezindawo ezibalulekile zokuthuthukiswa kwe-Snort 3: ukwenza lula ukusetha nokusebenzisa i-Snort, ukuzenzekelayo kokucushwa, ukwenziwa lula kolimi lokwakha imithetho, ukutholwa okuzenzakalelayo kwazo zonke izivumelwano, ukuhlinzekwa kwegobolondo lokulawula kusuka kulayini womyalo, ukusetshenziswa okusebenzayo i-multithreading enokufinyelela okuhlangene kwamaphrosesa ahlukene ekucushweni okukodwa.
Lokhu okuqanjwa okusha okubalulekile kusetshenziswe:
- Ushintsho oluya ohlelweni olusha lokumisa lwenziwe, lunikeza i-syntax eyenziwe lula futhi luvumela ukusetshenziswa kwemibhalo ukukhiqiza izilungiselelo ngendlela eguquguqukayo. I-LuaJIT isetshenziselwa ukucubungula amafayela okumisa. Ama-plugin asekelwe e-LuaJIT anikezwa ukuqaliswa kwezinketho ezengeziwe zemithetho kanye nesistimu yokungena;
- Injini yokuthola ukuhlaselwa yenziwe yaba yesimanjemanje, imithetho ibuyekeziwe, ikhono lokubopha izigcinalwazi emithethweni (izibhafa ezinamathelayo) zengeziwe. Injini yokusesha ye-Hyperscan yasetshenziswa, eyenza kube nokwenzeka ukusebenzisa izifanekiso ezisheshayo nezinembe kakhulu ngokusekelwe emazwini avamile emithethweni;
- Kwengezwe imodi entsha yokuhlola ye-HTTP eneseshini eshoyo futhi ehlanganisa u-99% wezimo ezisekelwa i-test suite . Kwengezwe uhlelo lokuhlola ithrafikhi lwe-HTTP/2;
- Ukusebenza kwemodi ye-Deep Packet Inspection kuthuthukiswe kakhulu. Kwengezwe ikhono lokucutshungulwa kwephakethe lemicu eminingi, okuvumela ukusetshenziswa ngasikhathi sinye kwemicu eminingana ngezibambi zephakethe nokuhlinzeka ngokulinganisa komugqa kuye ngenani lama-CPU cores;
- Kwenziwa inqolobane evamile yokucushwa kanye namathebula esibaluli, okwabelwana ngawo phakathi kwamasistimu angaphansi ahlukene, okuye kwanciphisa kakhulu ukusetshenziswa kwenkumbulo ngenxa yokuqedwa kokuphindwaphindwa kolwazi;
- Uhlelo olusha lokugawula imicimbi olusebenzisa ifomethi ye-JSON futhi luhlanganiswe kalula nezinkundla zangaphandle ezifana ne-Elastic Stack;
- Ukushintshela ekwakhiweni kwe-modular, ikhono lokwandisa ukusebenza ngoxhumo lwama-plug-in kanye nokuqaliswa kwamasistimu angaphansi abalulekile ngendlela yama-plug-in ashintshwayo. Njengamanje, ama-plugin angamakhulu amaningana asevele asetshenziswe ku-Snort 3, ehlanganisa izindawo ezihlukahlukene zohlelo lokusebenza, isibonelo, ukuvumela ukuthi wengeze ama-codec akho, izindlela zokuzihlola, izindlela zokungena, izenzo kanye nezinketho emithethweni;
- Ukutholwa okuzenzakalelayo kwamasevisi asebenzayo, okususa isidingo sokucacisa mathupha izimbobo zenethiwekhi ezisebenzayo.
- Kwengezwe ukusekelwa kwamafayela ukuze kukhishwe ngokushesha izilungiselelo ngokuhlobene nokucushwa okuzenzakalelayo. Ukuze wenze ukumisa kube lula, ukusetshenziswa kwe-snort_config.lua kanye ne-SNORT_LUA_PATH kunqanyuliwe.
Ukwesekwa okwengeziwe kokulayisha kabusha izilungiselelo ngokundiza; - Ikhodi inikeza ikhono lokusebenzisa ukwakhiwa kwe-C++ okuchazwe ezingeni le-C++14 (ukwakha kudinga umdidiyeli osekela i-C++14);
- Kwengezwe isibambi esisha se-VXLAN;
- Ukusesha okuthuthukisiwe kwezinhlobo zokuqukethwe ngokuqukethwe kusetshenziswa okunye ukusetshenziswa okubuyekeziwe kwama-algorithms ΠΈ ;
- Ukuqalisa kuyasheshiswa ngenxa yokusetshenziswa kwemicu eminingana yokuhlanganisa amaqembu emithetho;
- Kwengezwe indlela entsha yokugawula;
- Isistimu yokuhlola ye-RNA (Real-time Network Awareness) yengeziwe, eqoqa ulwazi mayelana nezinsiza, ababungazi, izinhlelo zokusebenza namasevisi atholakala kunethiwekhi.
Source: opennet.ru