Suricata 2.1beta4 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.1beta4. This is the fourth beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch.

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.1beta4.tar.gz

New Features

  • Feature #1448: xbits support
  • Feature #336: Add support for NETMAP to Suricata
  • Feature #885: smtp file_data support
  • Feature #1394: Improve TCP reuse support
  • Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces using PPPoE
  • Feature #1447: Ability to reject ICMP traffic
  • Feature #1410: add alerts to EVE’s drop logs

Improvements

  • Optimization #1014: app layer reassembly fast-path
  • Optimization #1377: flow manager: reduce (try)locking
  • Optimization #1403: autofp packet pool performance problems
  • Optimization #1409: http pipeline support for stateful detection
  • Bug #1314: http-events performance issues

Bugs

  • Bug #1340: null ptr dereference in Suricata v2.1beta2
  • Bug #1352: file list is not cleaned up
  • Bug #1358: Gradual memory leak using reload (kill -USR2 $pid)
  • Bug #1366: Crash if default_packet_size is below 32 bytes
  • Bug #1378: stats api doesn’t call thread deinit funcs
  • Bug #1384: tcp midstream window issue (master)
  • Bug #1388: pcap-file hangs on systems w/o atomics support (master)
  • Bug #1392: http uri parsing issue (master)
  • Bug #1393: CentOS 5.11 build failures
  • Bug #1398: DCERPC traffic parsing issue (master)
  • Bug #1401: inverted matching on incomplete session
  • Bug #1402: When re-opening files on HUP (rotation) always use the append flag.
  • Bug #1417: no rules loaded – latest git – rev e250040
  • Bug #1425: dead lock in de_state vs flowints/flowvars
  • Bug #1426: Files prematurely truncated by detection engine even though force-md5 is enabled
  • Bug #1429: stream: last_ack update issue leading to stream gaps
  • Bug #1435: EVE-Log alert payload option loses data
  • Bug #1441: Local timestamps in json events
  • Bug #1446: Unit ID check in Modbus packet error
  • Bug #1449: smtp parsing issue
  • Bug #1451: Fix list-keywords regressions
  • Bug #1463: modbus parsing issue

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Kostya Kortchinsky of the Google Security Team
  • the Yahoo Pentest Team
  • Giuseppe Longo
  • Alexander Gozman
  • Ken Steele
  • Andreas Moe
  • David Diallo
  • David Cannings
  • David Maciejak
  • Pierre Chifflier
  • Tom DeCanio
  • Zachary Rasmor
  • Aleksey Katargin
  • FireEye
  • ANSSI
  • Emerging Threats
  • AFL project
  • Coverity Scan
  • Travis Green
  • Darien Huss
  • Greg Siemon
  • Alessandro Guido
  • Antti Tönkyrä
  • Ray Ruvinskiy
  • Eduardo Arada
  • Michael Rash

Known issues & missing features

In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

Training & Support

Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see http://suricata-ids.org/training/

For support options also see http://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.