[Oisf-devel] Suricata 2.0beta2 Available!

Victor Julien victor at inliniac.net
Wed Dec 18 14:43:36 UTC 2013

The OISF development team is proud to announce Suricata 2.0beta2. This
big update is the second beta release for the upcoming 2.0 version.

Some notable improvements are:

- This release overhauls the protocol detection feature. It now
considers both sides of connection, and will raise events on mismatches.
- DNS parser and logger was much improved.
- Tilera support was greatly improved.
- Lots of performance and code quality improvements.

Get the new release here:

New features

- Feature #234: add option disable/enable individual app layer protocol
inspection modules
- Feature #417: ip fragmentation time out feature in yaml
- Feature #478: XFF (X-Forwarded-For) support in Unified2
- Feature #602: availability for http.log output - identical to apache
log format
- Feature #751: Add invalid packet counter
- Feature #813: VLAN flow support
- Feature #901: VLAN defrag support
- Feature #878: add storage api
- Feature #944: detect nic offloading
- Feature #956: Implement IPv6 reject
- Feature #983: Provide rule support for specifying icmpv4 and icmpv6.
- Feature #1008: Optionally have http_uri buffer start with uri path for
use in proxied environments
- Feature #1009: Yaml file inclusion support
- Feature #1032: profiling: per keyword stats

Improvements and Fixes

- Bug #463: Suricata not fire on http reply detect if request are not http
- Feature #986: set htp request and response size limits
- Bug #895: response: rst packet bug
- Feature #940: randomize http body chunks sizes
- Feature #904: store tx id when generating an alert
- Feature #752: Improve checksum detection algorithm
- Feature #746: Decoding API modification
- Optimization #1018: clean up counters api
- Bug #907: icmp_seq and icmp_id keywords broken with icmpv6 traffic
- Bug #967: threshold rule clobbers suppress rules
- Bug #968: unified2 not logging tagged packets
- Bug #995: tag keyword: tagging sessions per time is broken

Many more issues were fixed, please see:
- https://redmine.openinfosecfoundation.org/versions/51

Special thanks

We'd like to thank the following people and corporations for their
contributions and feedback:

- Ken Steele -- Tilera
- Jason Ish -- Endace/Emulex
- Duarte Silva
- Giuseppe Longo
- Ignacio Sanchez
- Nelson Escobar
- Chris Wakelin
- Emerging Threats
- Coverity
- Alessandro Guido
- Amin Latifi
- Darrell Enns
- Ignacio Sanchez
- Mark Ashley
- Paolo Dangeli
- rmkml
- Will Metcalf

Known issues & missing features

In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF). Suricata is
developed by the OISF, its supporting vendors and the community.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list