[Oisf-users] Please help us test Suricata 5.0.0-rc1

Victor Julien vjulien at oisf.net
Tue Sep 24 14:31:09 UTC 2019


We are looking for testers for a new development release in the Suricata
5 series: Suricata 5.0.0-rc1. Please help us test so we can release the
final on October 15th.

Curious about whats new? Here are the highlights:


RDP, SNMP, FTP and SIP

Three new protocol parsers and loggers, both community contributions.
Zach Kelley created a Rust RDP parser, while Giuseppe Longo created SIP
support. Rust master Pierre Chifflier contributed SNMP support. Since
RDP and SIP were merged late in our development cycle they are disabled
by default in the configuration. For FTP we have added a EVE logging
facility.

JA3S

After contributing JA3 support in Suricata 4.1, Mats Klepsland has been
working on JA3S support. JA3S is now available to the rule language and
in the TLS logging output.


eBPF/XDP

Eric Leblond has been working hard to getting hardware offload support
working for eBPF. On Netronome cards the eBPF based flow bypass can now
be offloaded to the NIC.


Datasets

Still experimental at this time, the initial work to support datasets is
part of this release. It allows matching on large amounts of data. It is
controlled from the rule language and will work with any 'sticky
buffer'.
https://suricata.readthedocs.io/en/suricata-5.0.0-rc1/rules/datasets.html


HTTP evader

We've been working hard to cover the final set of HTTP evader cases.
This work has mostly gone into the bundled libhtp 0.5.31.


More 5.0 changes

Please see the beta1 announcement for many more changes in the upcoming
5.0 release:
https://suricata-ids.org/2019/04/30/call-for-testing-announcing-suricata-5-0-0-beta1/

For a complete list of closed tickets in 5.0.0-rc1, please see
https://redmine.openinfosecfoundation.org/versions/128


Release schedule

This release has been delayed quite a bit. We had originally hoped to
have it ready for you in July. This means that to get the final out
before Suricon next month we have quite an aggressive schedule. We want
to release the final no later than October 15th. We can use all the help
we can get with testing and polishing to meet that goal. Thanks in advance!

Download from:
https://www.openinfosecfoundation.org/downloads/suricata-5.0.0-rc1.tar.gz

-- 
Victor Julien
Suricata Lead Developer
suricata-ids.org


More information about the Oisf-users mailing list