Suricata 3.1.4 available!


We’re pleased to announce Suricata 3.1.4. The most important fix is for a IPv4 defrag issue that allows evasion of detection and logging, found and reported by Jérémy Beaume. Otherwise this release is mostly a collection of smaller fixes.



  • Bug #2024: No error on missing semicolon between depth and classtype (3.1.x)
  • Bug #2025: hostbits/xbits memory leak (3.1.x)
  • Bug #2026: log-pcap: pcap files created with invalid snaplen (3.1.x)
  • Bug #2027: BUG_ON body sometimes contains side-effectual code (3.1.x)
  • Bug #2028: Mpm Ac: int overflow during init (3.1.x)
  • Bug #2029: EVE Log Missing Fields (3.1.x)
  • Bug #2030: Incoherent sizes between request, capture and http length (master 3.1.x)
  • Bug #2031: tls-store: bug that cause Suricata to crash (3.1.x)
  • Bug #2032: VLAN tags not forwarded in afpacket inline mode (3.1.x)
  • Bug #2033: IPv4 defrag evasion issue (3.1.x)

Special thanks

Jérémy Beaume, Alexander Gozman, Mats Klepsland, Sascha Steinbiss, Tom DeCanio, AFL, Coverity Scan

Training & Support

The next user training will be at the Troopers17 conference in Germany, March 20 and 21. Sign up at

For support options also see

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.