[Oisf-announce] announcing Suricata 5.0.0-beta1

Victor Julien victor at inliniac.net
Tue Apr 30 13:51:57 UTC 2019 

We're happy to present the first beta in the upcoming Suricata 5.0
series. In 5.0 we're making a couple of large changes.

*Rust*

The most visible is that our Rust support is no longer optional. We're
convinced that Rust is a perfect match for Suricata, and we plan to
increase its footprint in our code base steadily. By making it mandatory
we're able to remove parallel implementations and focus fully on making
the Rust code better.

*Protocol Detection*

The protocol detection engine has been extended to provide better
accuracy as well as support for dealing with asynchronous flows. These
async flows are sometimes picked up in the wrong direction and the
protocol detection engine can now reverse them.

*Decoder Anomaly records in EVE*

A new log record type has been added: 'anomaly'. This logs the stream
and decoder events that are set by the packet decoders. This is inspired
by Zeeks (Bro) 'weird' log.

*EVE improvements*

VLAN and capture interface is now part of many more EVE records, even if
they are flow records or records based on flow time out.

An option to log all HTTP headers to the EVE http records has been added.

*Packet Capture*

Netmap support has been rewritten so the more advanced features of
netmap, such as vale switches, can be used now.

Napatech usability has been improved.

*Rule language: Sticky Buffers (in progress)*

As discussed at the Suricon 2018 brainstorm session, a new rule keyword
scheme is being introduced. It takes the existing 'sticky buffer'
approach with new keyword names to avoid confusion. The new scheme is
<proto>.<buffer>, so for example 'http.uri' for the URI inspection.

A number of HTTP keywords have been added.

Unified Lua inspection mixed with the sticky buffers has also been
implemented.

*Python 3*

With Python 2's EOL approaching, we've made sure that all Suricata's
python code is Python 3 compliant.

*Removals*

Following our deprecation policy, we have removed the following
parts: the plain text dns.log, the old files-json.log and support
for the Tilera architecture.

https://suricata-ids.org/about/deprecation-policy/

*Many more things:*
https://redmine.openinfosecfoundation.org/versions/115

*Time line*

We're planning the first release candidate in about a month, with the
final about a month later. So early July.

*Get involved*

If you're interested in helping out, we'd be happy to accept patches,
documentation, test reports and other kind of feedback.

*Download from:*
https://www.openinfosecfoundation.org/downloads/suricata-5.0.0-beta1.tar.gz

Regards,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-announce mailing list