Upgrading your code from 3.0 to 3.1¶
Detection engine and locking¶
The detection engine now has a much simplified locking scheme. If your code is called from the detection engine, you can assume that if you have a Packet::flow, then it's locked.
File API needs a config argument¶
The File API uses a new underlying API called the StreamBuffer API.
Here is the updated FileOpen call: https://github.com/inliniac/suricata/pull/2008/files#diff-c55860046f9110db7359adf0c01b6f1cR436
Here is how SMTP handles it:
Unittests registration has been simplified. It's no longer possible to register the value that signifies 'success'. For this the value of 1 is now hardcoded.
A set of macro's has been added:
- use FAIL_IF and friends
- use no conditional logic
- clean up memory only for the success case
See https://github.com/inliniac/suricata/commit/d7d05b007cffd92003a50f5b3861010a6b30505f for examples