[Oisf-users] Suricata 3.2 and mpipe

Michael J. Sheldon msheldon at godaddy.com
Thu Dec 1 20:03:38 UTC 2016

Probably not many affected, but Suricata 3.2 will not compile with mpipe support due to the function 'void SetupOutputs(ThreadVars *tv)' having been removed.

Michael Sheldon
Dev-DNS Services

From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> on behalf of Victor Julien <victor at inliniac.net>
Sent: Thursday, December 1, 2016 03:25
To: oisf-users at openinfosecfoundation.org
Subject: [Oisf-users] Suricata 3.2 released!

The OISF and Suricata development team is really proud to announce the
availability of Suricata 3.2. This was a real community effort with 12
different contributors from 9 different countries that added to the work
of Suricata core team. Thanks a lot for these contributions!

Suricata 3.2 comes with some new features that can help a Meerkat to
stay awake when on a guard watch. The support of industrial networks has
been greatly improved with the addition of two new protocols, DNP3 and
CIP/ENIP. But we can't forget the improvements on the TLS side with new
fields available for matching and logging such as certificate validity
dates. On file matching and logging, it is now possible to use
SHA1/SHA256 in addition to the obsolete MD5.

On the performance side, Suricata 3.2 run as fast as a Cheetah with the
addition of the bypass mechanism that can help to fix the challenging
Elephant flows. Another big improvement comes from the pre-filter system
that allows packet inspecting keywords to be much faster.

Documentation has received a huge overhaul, with PDF and other formats
now available: http://suricata.readthedocs.io/en/suricata-3.2/

On usability side, one can note that incompatible NIC offloading is now
switched off by default. Also, the unix command socket is now enabled by

For those of you into lists, here you are:

*Big changes*
 - bypass
 - pre-filter -- fast packet keywords
 - TLS improvements
 - ICS protocol additions: DNP3 CIP/ENIP
 - SHA1/SHA256 for file matching, logging & extraction
 - Sphinx documentation

*Visible smaller changes*
- NIC offloading disabled by default
- unix socket enabled by default
- App Layer stats

*Under the hood*
- threading simplification (log api + no more thread restarts)
- flow manager optimization
- simplify adding keywords
- luajit improvements wrt memory handling in large deployments



*Special thanks*

Stamus Networks, NorCert, Solana Networks, FireEye, Proofpoint, CoverityScan

Mats Klepsland, Giuseppe Longo, Duarte Silva, Tom Decanio, Kevin Wong,
Nicolas Thill, Duarte Silva, Thomas Andrejak, Paulo Pacheco, Priit Laes,
Alexander Gozman

*Training & Support*

Need help installing, updating, validating and tuning Suricata? OISF
organizes regular user and developer training sessions. See

For support options also see http://suricata-ids.org/support/

*About Suricata*

Suricata is a high performance Network Threat Detection, IDS, IPS and
Network Security Monitoring engine. Open Source and owned by a community
run non-profit foundation, the Open Information Security Foundation
(OISF). Suricata is developed by the OISF, its supporting vendors and
the community.
Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://suricon.net

More information about the Oisf-users mailing list