Suricata-daily serving up 5.0.2-dev by default

Hey all. I’m trying to use https://launchpad.net/~oisf/+archive/ubuntu/suricata-daily. But if i do an apt update, it installs 5.0.2-dev, i’d like to install 6.0.1 Beta to test H2 functionality. Am i missing a silly ubuntu thing, should i target a specific build some how. Victor Julien led me down this approach, so i presume i’m just doing something dumb.

@pevma are you still keeping the daily ppa updated?

@Jeff_Dyke right now the difference between 6.0 and 6.0.1-dev is minimal. So you should be able to use 6.0 stable.

Currently not up to daily gitmaster it needs an update with latest packaging - but will be in sync this week.
Will post back up here when the lattes dev pkg is returning successful tests.

Thank you both.
Perhaps i’m just messing up the config, which i’m always happy to be the root cause of my own problem. How much http2 support should be in 6.0.0? (time passes…), I’m definitely starting to think this is my fault. I’m not getting http2 events into the logs. As long as its confirmed its there, at least partially, I won’t waste any more time.

2 things to check:

  • http2 support needs to be enabled in the config, both in the app-layer block and in your eve-log config.
  • in many/most(/all?) cases http2 will be encrypted, so you’ll have to make sure Suricata sees it after another tool did the decryption

In 6.0 you should see http2 events in your eve log if those conditions are met.

I’ll close this if i can, mostly from bad approaches by me. This is what i’m currently experiencing. Configuring HTTP2. If anyone could fine a hole in that config i’d appreciate it.