[Oisf-users] Suricata 2.0rc1 Available!

Phil Daws uxbod at splatnix.net
Thu Feb 13 13:27:23 UTC 2014

Upgrading from 2.0beta produced the following with latest rules:

<Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;)" from file /usr/local/etc/suricata/rules/dns-events.rules at line 7

Thanks, P.

----- Original Message -----
From: "Victor Julien" <victor at inliniac.net>
To: oisf-users at openinfosecfoundation.org
Sent: Thursday, 13 February, 2014 11:28:27 AM
Subject: [Oisf-users] Suricata 2.0rc1 Available!

The OISF development team is proud to announce Suricata 2.0rc1. This is
the first release candidate for Suricata 2.0. This release improves
performance, stability and accuracy, in addition to adding exciting new

Get the new release here:

Notable changes

- unified JSON output for almost all log types (eve-log). Written by Tom
Decanio of nPulse Technologies
- QinQ VLAN handling
- Alerting over PCIe bus (Tilera only), by Ken Steel of Tilera
- Add –set commandline option to override any YAML option, by Jason Ish
of Emulex
- Various scalability improvements, clean ups and fixes by Ken Steel of
- ICMPv6 handling improvements by Jason Ish of Emulex
- memcaps for DNS and HTTP handling were added
- Several fixes and improvements of AF_PACKET and PF_RING
- NSM runmode, where detection engine is disabled. Development supported
by nPulse Technologies

All closed tickets

- Feature #424: App layer registration cleanup – Support specifying same
alproto names in rules for different ip protocols
- Feature #542: TLS JSON output
- Feature #597: case insensitive fileext match
- Feature #772: JSON output for alerts
- Feature #814: QinQ tag flow support
- Feature #894: clean up output
- Feature #921: Override conf parameters
- Feature #1007: united output
- Feature #1040: Suricata should compile with -Werror
- Feature #1067: memcap for http inside suricata
- Feature #1086: dns memcap
- Feature #1093: stream: configurable segment pools
- Feature #1102: Add a decoder.QinQ stats in stats.log
- Feature #1105: Detect icmpv6 on ipv4
- Bug #839: http events alert multiple times
- Bug #954: VLAN decoder stats with AF Packet get written to the first
thread only – stats.log
- Bug #980: memory leak in http buffers at shutdown
- Bug #1066: logger API’s for packet based logging and tx based logging
- Bug #1068: format string issues with size_t + qa not catching them
- Bug #1072: Segmentation fault in 2.0beta2: Custom HTTP log
segmentation fault
- Bug #1073: radix tree lookups are not thread safe
- Bug #1075: CUDA 5.5 doesn’t compile with 2.0 beta 2
- Bug #1079: Err loading rules with variables that contain negated content.
- Bug #1080: segfault – 2.0dev (rev 6e389a1)
- Bug #1081: 100% CPU utilization with suricata 2.0 beta2+
- Bug #1082: af-packet vlan handling is broken
- Bug #1103: stats.log not incrementing decoder.ipv4/6 stats when
reading in QinQ packets
- Bug #1104: vlan tagged fragmentation
- Bug #1106: Git compile fails on Ubuntu Lucid
- Bug #1107: flow timeout causes decoders to run on pseudo packets

Special thanks

We’d like to thank the following people and corporations for their
contributions and feedback:

- Ken Steele — Tilera
- Jason Ish — Endace/Emulex
- Tom Decanio — nPulse
- Duarte Silva
- Alessandro Guido
- Petr Chmelar

Known issues & missing features

This is a “release candidate”-quality release so the stability should be
good although unexpected corner cases might happen. If you encounter
one, please let us know! As always, we are doing our best to make you
aware of continuing development and items within the engine that are not
yet complete or optimal.  With this in mind, please notice the list we
have included of known items we are working on.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF). Suricata is
developed by the OISF, its supporting vendors and the community.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/

More information about the Oisf-users mailing list