The most significant new features with 1.2 are dynamic protocol detection
and a large set of enhancements to the BinPAC system for generating protocol
analyzers. The appended changelog lists numerous other features/changes/fixes.
The old STABLE release, based on the 0.9 release, remains available at
Awesome! I'm really looking forward to working with the new functionality in 1.2.
- A much more complete BinPAC compiler, along with new HTTP, DNS, and
RPC/Portmap analyzers in binpac (Ruoming Pang). The flag "--use-binpac"
activates the BinPAC-based analyzers (currently for HTTP and DNS).
See www.cs.princeton.edu/~rpang/binpac-paper.pdf for a description of
BinPAC, and let Ruoming know if you are interested in using BinPAC to build
new analyzers.
The --use-binpac flag doesn't work in the downloadable package. Are the binpac analyzers being used by default?
Sigh... I should try looking around a little longer in the future. I thought that --use-binpac was a configure option, but I see now that it's an option for the bro binary. Thanks for the quick response.