Are you redistributing Suricata source code and/or binaries outside your organization?

  • No -> Don’t worry, be happy. 🙂

Yes, I am distributing Suricata binaries outside of my organization.

  • Distributing Suricata binaries requires either strict compliance with the GPLv2, or a license to redistribute Suricata from the OISF.
  • GPLv2 compliance requires:
    • Making the Suricata source code available to all end users of the binaries upon request including any modifications (patches/enhancements) made to the Suricata source code under a GPLv2 compatible license.
    • Making sure that all libraries linked to by Suricata are also GPLv2 compatible, and making the source code to those, plus any modifications available to the end user.
    • If Suricata is linked against non-GPLv2 compatible libraries, including proprietary libraries of your organizations you CAN NOT redistribute Suricata in a GPLv2 compliant manner and should contact the OISF for options.
    • You may not add additional restrictions limiting your customers rights as provided by version 2 of the GPL license to the Suricata source code, modifications and other source code required for your use of Suricata.

I have not modified Suricata in any way, and I am only linking against libraries to make use of special hardware.

  • You are likely to fall into this category if you are distributing unmodified Suricata code but are linking against non-GPLv2 compatible libraries to access a dedicated capture card or some other form of hardware acceleration and/or offload.
  • Suricata binaries linked with such libraries cannot be released in a GPLv2 compliant manner as the libraries are most likely licensed with a non-GPLv2 compatible license by the hardware vendor, which would require you, the distributor to contact the OISF regarding licensing options to distribute Suricata.
  • Tests
    • Do your end-users have access to the hardware vendor’s library source code? Are they allowed to distribute it to others under the terms of the GPLv2? If no, you need a license from the OISF.
    • If your end-user replaced the Suricata binary as shipped by you, with one compiled from the unmodified source code, would your device continue to work? If no, you likely need a license.

Yes, I have modified Suricata.

  • If you have modified Suricata you may still be able to distribute it without a license provided all your modifications are made available with the Suricata source code and licensed in a GPLv2 compatible manner. The source code plus your modifications must be made available to your end-users upon request. And they are allowed to redistribute it under the terms of the GPLv2.
  • If you want to, or need to keep your modifications proprietary you must contact the OISF regarding licensing.

Yes, I have modified Suricata and/or am linking to libraries developed by us.

  • This is pretty much the same as having modified Suricata, as you most likely have modified Suricata to call functions in the libraries you have developed.
  • This will require redistribution of the modified Suricata source code along with any linked to library source code under the terms of the GPLv2.
  • If you cannot distribute your libraries under the GPL you will need to contact the OISF.

I’m confused, can you tell me what to do?

  • We can likely provide some guidance even if that guidance is to recommend you seek legal advice. If reaching out to us, please provide the following information:
    • Have you modified Suricata in any way?
    • Are you linking Suricata against any libraries NOT included in your software distribution?
      • If yes, what are they?

If in doubt, please contact the OISF –


GNU General Public License, version 2

Frequently Asked Questions about version 2 of the GNU GPL