Please help us test Suricata 5.0.0-rc1

We are looking for testers for a new development release in the Suricata 5 series: Suricata 5.0.0-rc1. Please help us test so we can release the final on October 15th.

Curious about whats new? Here are the highlights:

RDP, SNMP, FTP and SIP

Three new protocol parsers and loggers, both community contributions. Zach Kelley created a Rust RDP parser, while Giuseppe Longo created SIP support. Rust master Pierre Chifflier contributed SNMP support. Since RDP and SIP were merged late in our development cycle they are disabled by default in the configuration. For FTP we have added a EVE logging facility.

JA3S

After contributing JA3 support in Suricata 4.1, Mats Klepsland has been working on JA3S support. JA3S is now available to the rule language and in the TLS logging output.

eBPF/XDP

Eric Leblond has been working hard to getting hardware offload support working for eBPF. On Netronome cards the eBPF based flow bypass can now be offloaded to the NIC.

Datasets

Still experimental at this time, the initial work to support datasets is part of this release. It allows matching on large amounts of data. It is controlled from the rule language and will work with any ‘sticky buffer’. https://suricata.readthedocs.io/en/suricata-5.0.0-rc1/rules/datasets.html

HTTP evader

We’ve been working hard to cover the final set of HTTP evader cases. This work has mostly gone into the bundled libhtp 0.5.31.

More 5.0 changes

Please see the beta1 announcement for many more changes in the upcoming 5.0 release: https://suricata-ids.org/2019/04/30/call-for-testing-announcing-suricata-5-0-0-beta1/

For a complete list of closed tickets in 5.0.0-rc1, please see https://redmine.openinfosecfoundation.org/versions/128

Release schedule

This release has been delayed quite a bit. We had originally hoped to have it ready for you in July. This means that to get the final out before Suricon next month we have quite an aggressive schedule. We want to release the final no later than October 15th. We can use all the help we can get with testing and polishing to meet that goal. Thanks in advance!

Download from:

https://www.openinfosecfoundation.org/downloads/suricata-5.0.0-rc1.tar.gz