From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bCBzW3PYMz332v for ; Wed, 4 Jun 2025 15:57:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bCBzR6yx1z2ywH for ; Wed, 4 Jun 2025 15:57:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bCBzP6GY8z83; Wed, 4 Jun 2025 15:57:05 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1749052626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1DtGigItLHBY2hdUu3Ov1FbKRemWgOCPeAO14iyKuHA=; b=lzy1lIwvYLfAZ0YgP6yseiVjY7ZWfXY2Tgwec7lCjlKCEyNFNGJxxtAZvbDm3fdbao8IkF 865p3hYt7YBlvIDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1749052626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1DtGigItLHBY2hdUu3Ov1FbKRemWgOCPeAO14iyKuHA=; b=RP7O8lFDbthydreIkDVhW7MaJ1Pf7zhpu+ZavwCchpnM2IUO9khvQds4yjeaYaJ/ekmBIL 0b+LKBmjJ5gLiNhN2iWhKg9QoFbxaUChvjqkzvx9e/yGdNeErjUKKC7VJil67Gdlg9WjSP pGeW17hBX7mgWn/3w7LacvctoYV7dPEP17GT9RAy5OO6zjLs5bVkWF8ao6tZm5Fu16/z7v gzhg0+o8XwZsWq1Yd7xJvnAIl1laM/vleBc1VyosoBAZFEdUOZD6FAHs4l5OvQ5TpmZsyr 9MqIWHki3zWBcFFhPVEQecvaf9yTZqRY10eyZW0+LFiESav0D+hi2eX61R/mBw== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Feedback on evaluation of Suricata-8.0.0-beta1 From: Michael Tremer In-Reply-To: <248818c8-c129-4642-84a7-b2bb6db68184@ipfire.org> Date: Wed, 4 Jun 2025 16:57:05 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <7A8F58EE-4BFA-4131-BAF7-82B68B871C2B@ipfire.org> References: <98524397-9ffa-4a72-91d3-0d13da6aa04f@ipfire.org> <248818c8-c129-4642-84a7-b2bb6db68184@ipfire.org> To: Adolf Belka Hello Adolf, Cool, this is valuable stuff. If you have the changes, feel free to push them into a branch in your = Git repository so that whenever there is a final release available, we = have the changes ready and just need to update. Best, -Michael > On 4 Jun 2025, at 12:56, Adolf Belka wrote: >=20 > Hi All, >=20 > On 03/06/2025 21:00, Adolf Belka wrote: >> Hi everyone, >> So I have good news and bad news. >> The good news is that, apart from minor adjustment of the patch to = disable sid-2210059, suricata-8.0.0-beta1 built without any issues. >> I then installed the iso I had built with it and the IPS started up = and worked as expected, so also good news. >> Suricata-8 has some new capabilities such as landlocked is enabled by = default now, Suricata can be used via sockets and encrypted traffic = bypass has been decoupled from stream.bypass setting. >> These may or may not require or benefit from modifications in how = Suricata is used in IPFire. I am not knowledgeable enough currently to = judge that. >> The bad news is that the syslog output is deprecated in Suricata-8 = and will be removed in Suricata-9. >> It will still work in Suricata-8 but we will need to figure out how = to change how we log some things before we move to Suricata-9 but at = least we have some time, so better to find this out now. >> libhtp is no longer being used by Suricata. They have replaced it = with a rust version. So libhtp should be able to be removed. >> I will test this out. >=20 > I built suricata-8.0.0-beta1 with libhtp removed from the build and it = completed without any issues. I installed the IPFire created with that = build and the IPS worked without any issues. So libhtp can be removed = when suricata-8 is installed. >=20 >> I tried ./make.sh find-dependencies on libhtp.so.2 and = libhtp.so.2.0.0 but both with Suricata 8 and the existing suricata 7 = version the command showed no dependencies on libhtp. I would have = expected it to be shown as a dependency for suricata. >> We have a libhtp section in the suricata.yaml file. >=20 > I tested out doing the suricata-7.0.10 build with libhtp removed and = it stopped and complained about the missing libhtp. >=20 > I then added libhtp back in and reran the build and then did the = find-dependencies and this time it flagged up suricata. So yesterday I = must have made some error when doing the find-dependencies. >=20 > So everything is clear. Suricata-7 requires libhtp but suricata-8 will = not as replaced by a rust equivalent. >=20 > Regards, >=20 > Adolf. >=20 >> Regards, >> Adolf. >=20 >=20