We are looking for testers for a new development release in the Suricata 5 series: Suricata 5.0.0-rc1. Please help us test so we can release the final on October 15th.
Curious about whats new? Here are the highlights:
RDP, SNMP, FTP and SIP
Three new protocol parsers and loggers, both community contributions. Zach Kelley created a Rust RDP parser, while Giuseppe Longo created SIP support. Rust master Pierre Chifflier contributed SNMP support. Since RDP and SIP were merged late in our development cycle they are disabled by default in the configuration. For FTP we have added a EVE logging facility.
JA3S
After contributing JA3 support in Suricata 4.1, Mats Klepsland has been working on JA3S support. JA3S is now available to the rule language and in the TLS logging output.
eBPF/XDP
Eric Leblond has been working hard to getting hardware offload support working for eBPF. On Netronome cards the eBPF based flow bypass can now be offloaded to the NIC.
Datasets
Still experimental at this time, the initial work to support datasets is part of this release. It allows matching on large amounts of data. It is controlled from the rule language and will work with any ‘sticky buffer’. https://suricata.readthedocs.io/en/suricata-5.0.0-rc1/rules/datasets.html
HTTP evader
We’ve been working hard to cover the final set of HTTP evader cases. This work has mostly gone into the bundled libhtp 0.5.31.
More 5.0 changes
Please see the beta1 announcement for many more changes in the upcoming 5.0 release: https://suricata-ids.org/2019/04/30/call-for-testing-announcing-suricata-5-0-0-beta1/
For a complete list of closed tickets in 5.0.0-rc1, please see https://redmine.openinfosecfoundation.org/versions/128
Release schedule
This release has been delayed quite a bit. We had originally hoped to have it ready for you in July. This means that to get the final out before Suricon next month we have quite an aggressive schedule. We want to release the final no later than October 15th. We can use all the help we can get with testing and polishing to meet that goal. Thanks in advance!
Download from:
https://www.openinfosecfoundation.org/downloads/suricata-5.0.0-rc1.tar.gz