Support Status¶
Levels of Support¶
Tier 1¶
Core team develops and supports. Compiler errors or functional failures block git merges and releases. Functionality is enabled by default on the platforms it supports.
Tier 2¶
Core team develops and supports, sometimes with help from community members. Compiler errors or functional failures block git merges. Functionality problems such as 'known issues' or might still going into releases. Functionality may be disabled by default.
Community¶
When a feature of Suricata is community supported, it means the OISF/Suricata development team won't support it. This to avoid overloading the team.
When accepting a feature into the code base anyway, it will come with a number of limits and conditions:
- submitter must commit to maintaining it:
- make sure code compiles and correctly functions after Suricata and/or external (e.g. library) changes.
- support users when they encounter problems on the mailinglists and redmine tickets - the code will be disabled by default and will not become part of the QA setup. This means it will be enabled only by a --enable-<feature> configure flag.
If the feature get lots of traction, and/or if the team just considers it very useful, it may get 'promoted' to being officially supported.
On the other hand, the feature will be removed if the submitter stops maintaining it and no-one steps up to take over.
Unmaintained¶
When a feature is unmaintained it is very likely broken and may be (partially) removed during cleanups and code refactoring. No end-user support is done by the core team. If someone wants to help maintain and support such a feature, we recommend talking to the core team before spending a lot of time on it.
Distributions¶
| Tier 1 | Distribution | Version | Support | QA | Notes |
|---|---|---|---|---|---|
| RHEL/CentOS | 7 | Core team | |||
| RHEL/Alma/Rocky | 8 | Core team | |||
| RHEL/Alma/Rocky | 9 | Core team | |||
| Ubuntu | 20.04 | Core team | |||
| Ubuntu | 22.04 | Core team | |||
| Debian | 10 (Buster) | Core team | Foundation of SELKS | ||
| Debian | 11 (Bullseye) | Core team | |||
| FreeBSD | 12 | Core team | Foundation of OPNsense, pfSense | ||
| FreeBSD | 13 | Core team | Foundation of OPNSense | ||
| Tier 2 | Distribution | Version | Support | QA | Notes |
| CentOS | Stream | Core team | |||
| Fedora | Active | Core team | |||
| FreeBSD | 11 | Core team | |||
| OpenBSD | 6.8 | Core team | |||
| OpenBSD | 6.9 | Core team | |||
| OSX/macOS | ?? | Core team | |||
| Windows/MinGW64 | Windows 10 | Core team | 5.0+ | ||
| Community | Architecture | Support | QA | Notes | |
| Windows/MinGW32 | Windows 10 | Core team | 5.0+ |
Architecture Support¶
| Tier 1 | Architecture | Support | QA | Notes |
|---|---|---|---|---|
| x86_64 | Core team | |||
| ARM8-64bit | Core team | |||
| Tier 2 | Architecture | Support | QA | Notes |
| ARM7-32bit | Core team | |||
| i386 | Core team | |||
| Community | Architecture | Support | QA | Notes |
| PPC64el | Part of Fedora automated QA | Access can be arranged through IBM dev cloud | ||
| PPC64 | Victor Julien | No access except an old Mac G5 Victor has | ||
| PPC32 | Victor Julien | No access except an old Mac G4 Victor has |
High Level Features¶
Capture support¶
| Tier 1 | Capture Type | Maintainer | QA | Notes |
|---|---|---|---|---|
| AF_PACKET | Core team / Eric Leblond | Used by Security Onion, SELKS | ||
| NETMAP (FreeBSD) | Core team / Victor Julien + Aleksey Katargin | Used by OPNsense | ||
| NFQUEUE | Core team / Andreas Herz | |||
| libpcap | Core team | |||
| Tier 2 | Capture Type | Maintainer | QA | Notes |
| PF_RING | Core team | |||
| AF_PACKET (eBPF/XDP) | Eric Leblond | Bleeding edge | ||
| NETMAP (Linux) | Core team / Victor Julien + Aleksey Katargin | |||
| Community | Capture Type | Maintainer | QA | Notes |
| NFLOG | Community / Giuseppe Longo | |||
| Endace/DAG | Community / | |||
| Napatech | Community / Napatech | |||
| AF_XDP | Community | |||
| Unmaintained | Capture Type | Maintainer | QA | Notes |
| IPFW |
Detection¶
| Tier 1 | Detect | Maintainer | QA | Notes |
|---|---|---|---|---|
| content | Core team / Victor Julien | includes modifiers, sticky buffers, pcre, isdataat, etc | ||
| lua | Core team | |||
| file | Core team | file keywords | ||
| hyperscan | Core team | |||
| Tier 2 | Detect | Maintainer | QA | Notes |
| multi-tenancy | Core team / Victor Julien | |||
| Community | Detect | Maintainer | QA | Notes |
| GeoIP |
Outputs¶
| Tier 1 | Type | Maintainer | QA | Notes |
|---|---|---|---|---|
| EVE | Core team | |||
| fast.log | Core team | |||
| Unified2 | Core team / Jason Ish | scheduled for removal | ||
| Lua | Core team | |||
| tls-store | Core team | |||
| file-store | Core team | |||
| Tier 2 | Type | Maintainer | QA | Notes |
| http.log | Core team | |||
| dns.log | Core team | scheduled for removal | ||
| tls.log | Mats Klepsland (Core team as backup) | scheduled for removal | ||
| pcap-log | Core team | |||
| Community | Type | Maintainer | QA | Notes |
| prelude | Thomas ANDREJAK | |||
| Scheduled for removal | Type | Maintainer | QA | Notes |
| files-json | Superceded by eve.fileinfo |
AppLayer Protocols¶
| Tier 1 | Protocol | Maintainer | QA | Notes |
|---|---|---|---|---|
| http | Core team / Victor Julien | includes libhtp | ||
| dns | Core team / Jason Ish | |||
| ssl/tls | Mats Klepsland (Core team as backup) | |||
| smb/dcerpc | Core team / Victor Julien | |||
| smtp | Core team | |||
| ssh | Core team | |||
| dnp3 | Core team / Jason Ish | |||
| Tier 2 | Protocol | Maintainer | QA | Notes |
| ftp | Core team | Currently only used for 'ftpbounce' keyword | ||
| rust/nfs | Core team / Victor Julien | Rust support currently experimental | ||
| rust/dns | Core team / Jason Ish | Rust support currently experimental | ||
| Community | Protocol | Maintainer | QA | Notes |
| modbus | David Diallo | |||
| enip/cip | Kevin Wong | |||
| rust/ntp | Pierre Chifflier | Experimental Rust support |
Operation modes¶
| Tier 1 | Mode | Maintainer | QA | Notes |
|---|---|---|---|---|
| IDS (passive) | Core team | |||
| IPS (active) | Core team | |||
| Offline pcap file | Core team | |||
| Tier 2 | Mode | Maintainer | QA | Notes |
| Unix socket mode | Core team / Eric Leblond | |||
| IDS (active) | Core team | Active responses, reject keyword |
Output methods¶
| Tier 1 | Method | Maintainer | QA | Notes |
|---|---|---|---|---|
| files | Core team | |||
| unix socket | Core team | |||
| Tier 2 | Method | Maintainer | QA | Notes |
| syslog | Core team | |||
| redis | Core team | |||
| Unmaintained | Method | Maintainer | QA | Notes |
| pcie (tile) |