[Oisf-devel] Call for testing: Suricata 4.1rc1 released

Victor Julien victor at inliniac.net
Fri Jul 20 13:59:06 UTC 2018

It's summer, so an excellent time for some testing! Suricata 4.1 release
candidate 1 is here to be tried out. The release brings a lot of new

Get the release here:

Main new features are inclusion of the protocols SMBv1/2/3, NFSv4,
Kerberos,FTP, DHCP, IKEv2, as well as improvements on Linux
capture side via AF_PACKET XDP support and on Windows IPS side via
WinDivert. The progress in Rust usage inside Suricata continues as most
of the new protocols have been implemented in Rust.

*Protocol updates*

SMBv1/2/3 parsing, logging, file extraction
JA3 TLS client fingerprinting (Mats Klepsland)
TFTP: basic logging (Pascal Delalande and Clément Galland)
FTP: file extraction
Kerberos parser and logger (Pierre Chifflier)
IKEv2 parser and logger (Pierre Chifflier)
DHCP parser and logger
Flow tracking for ICMPv4
Initial NFS4 support
HTTP: handle sessions that only have a response, or start with a response
HTTP Flash file decompression support (Giuseppe Longo)

*Output and logging*

File extraction v2: deduplication; hash-based naming; json metadata and
cleanup tooling
Eve metadata: from rules (metadata keyword) and traffic (flowbits etc)
Eve: new more compact DNS record format (Giuseppe Longo)
Pcap directory mode: process all pcaps in a directory (Danny Browning)
Compressed PCAP logging (Max Fillinger)
Expanded XFF support (Maurizio Abba)

*Packet Capture*

AF_PACKET XDP and eBPF support for high speed packet capture
Windows IPS: WinDivert support (Jacob Masen-Smith)


Windows: MinGW is now supported
Detect: transformation keyword support
Bundled Suricata-Update

*Major changes since 4.1beta1*

WinDivert support
Kerberos parser and logger
IKEv2 parser and logger
DHCP parser and logger
Flow tracking for ICMPv4
Initial NFS4 support
Compressed PCAP logging
Expanded XFF support
Decode GRE over IP (Paulo Pacheco)
Multi-tenancy fixes
SMB improvements for midstream pickup
Update Suricata-Update to 1.0.0rc1


CVE-2018-10242, CVE-2018-10244 (suricata)
CVE-2018-10243 (libhtp)

Get paid to work on Suricata!

Enjoying the testing? Or want to help out with other parts of the project?
We are looking for people, so reach out to us if you're interested.

*Special thanks*

Henning Perl, Kirill Shipulin, Pierre Chifflier, Mats Klepsland,
Max Fillinger, Alexander Gozman, Danny Browning, Giuseppe Longo,
Maurizio Abba, Pascal Delalande, Chris Speidel, Elazar Broad,
Jacob Masen-Smith, Renato Botelho, Paulo Pacheco, Jason Taylor


Check out the latest training offerings at


SuriCon 2018 Vancouver agenda is up! https://suricon.net/agenda-vancouver/

*About Suricata*

Suricata is a high performance Network Threat Detection, IDS, IPS and
Network Security Monitoring engine. Open Source and owned by a community
run non-profit foundation, the Open Information Security Foundation
(OISF). Suricata is developed by the OISF, its supporting vendors and
the community.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list