From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bLP4B68v6z32yq for ; Mon, 16 Jun 2025 08:56:10 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bLP472XNYz2y3W for ; Mon, 16 Jun 2025 08:56:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bLP464qxmz69; Mon, 16 Jun 2025 08:56:06 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1750064166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tF/TpezkVbgMk6+Fs2bYVN/loZjhFBkC+OjPO9QZF5M=; b=G+cRqadadvYE1fIbD61nC6j2y3c1F0zXS//QCra1dPvt0v6HdQIsrJvNpXE+K2OiDKYxkW VDPX2kRFF725PTCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1750064166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tF/TpezkVbgMk6+Fs2bYVN/loZjhFBkC+OjPO9QZF5M=; b=eTOHDTkp6lr/KRpeJWtNolFzx4CuTkODQGgfZTDE69dVbPk1F6uEZvULbZnOD6HhjmmnwH 1SlCojx1a5SD3Rz287cBfIEEjsl5gB9jCL2V9ZUT+32Nu+5mOGaXcBu9uad5REFOmXS7X4 T9TEsjlV6rryKVUkmio2KbMaVXuVoNHpvmOF5QW3n5jFD/srVi8sMctO6T468w40jinL6G e488wNXdLDsox5tZd4d47RzbA+Hw17E3wdtBK7R2TnW7OAsbZoJxZZGey6GkxtsI2NKNZ7 JUOddOJhETuHU3scik6j3HpLkfKt/IJ35QjU+Q2eterc8lGR+CIGiQiPZxWURw== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Feedback on evaluation of Suricata-8.0.0-beta1 From: Michael Tremer In-Reply-To: Date: Mon, 16 Jun 2025 09:56:06 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <869F0D9F-C174-4305-8F4F-BCC54A04FAF6@ipfire.org> References: <98524397-9ffa-4a72-91d3-0d13da6aa04f@ipfire.org> <248818c8-c129-4642-84a7-b2bb6db68184@ipfire.org> <7A8F58EE-4BFA-4131-BAF7-82B68B871C2B@ipfire.org> To: Adolf Belka Nice! According to their roadmap, the beta version arrived 6 days late, which = is well within timing. I suppose we will see a final version in about a month time then which = we should then conduct some further testing on. As things are looking = like right now, we should be able to release this all very soon, too. Best, -Michael > On 15 Jun 2025, at 19:47, Adolf Belka wrote: >=20 > Hi everyone, >=20 > The suricata-8.0.0-rc1 version has been released. >=20 > I have built it and tested it and it worked the same as the = suricata-8.0.0-beta1 version. >=20 > Tested it out in an IPFire install using the testing approach from the = suricata documentation >=20 > = https://docs.suricata.io/en/suricata-8.0.0-rc1/quickstart.html#alerting >=20 > and it worked the same as for 7.0.10 and 8.0.0-beta1 >=20 > Both the beta1 and rc1 commits have been pushed into my ipfire repo. >=20 > https://git.ipfire.org/?p=3Dpeople/bonnietwin/ipfire-2.x.git;a=3Dsummary= >=20 > Regards, >=20 > Adolf. >=20 > On 04/06/2025 17:57, Michael Tremer wrote: >> Hello Adolf, >> Cool, this is valuable stuff. >> If you have the changes, feel free to push them into a branch in your = Git repository so that whenever there is a final release available, we = have the changes ready and just need to update. >> Best, >> -Michael >>> On 4 Jun 2025, at 12:56, Adolf Belka wrote: >>>=20 >>> Hi All, >>>=20 >>> On 03/06/2025 21:00, Adolf Belka wrote: >>>> Hi everyone, >>>> So I have good news and bad news. >>>> The good news is that, apart from minor adjustment of the patch to = disable sid-2210059, suricata-8.0.0-beta1 built without any issues. >>>> I then installed the iso I had built with it and the IPS started up = and worked as expected, so also good news. >>>> Suricata-8 has some new capabilities such as landlocked is enabled = by default now, Suricata can be used via sockets and encrypted traffic = bypass has been decoupled from stream.bypass setting. >>>> These may or may not require or benefit from modifications in how = Suricata is used in IPFire. I am not knowledgeable enough currently to = judge that. >>>> The bad news is that the syslog output is deprecated in Suricata-8 = and will be removed in Suricata-9. >>>> It will still work in Suricata-8 but we will need to figure out how = to change how we log some things before we move to Suricata-9 but at = least we have some time, so better to find this out now. >>>> libhtp is no longer being used by Suricata. They have replaced it = with a rust version. So libhtp should be able to be removed. >>>> I will test this out. >>>=20 >>> I built suricata-8.0.0-beta1 with libhtp removed from the build and = it completed without any issues. I installed the IPFire created with = that build and the IPS worked without any issues. So libhtp can be = removed when suricata-8 is installed. >>>=20 >>>> I tried ./make.sh find-dependencies on libhtp.so.2 and = libhtp.so.2.0.0 but both with Suricata 8 and the existing suricata 7 = version the command showed no dependencies on libhtp. I would have = expected it to be shown as a dependency for suricata. >>>> We have a libhtp section in the suricata.yaml file. >>>=20 >>> I tested out doing the suricata-7.0.10 build with libhtp removed and = it stopped and complained about the missing libhtp. >>>=20 >>> I then added libhtp back in and reran the build and then did the = find-dependencies and this time it flagged up suricata. So yesterday I = must have made some error when doing the find-dependencies. >>>=20 >>> So everything is clear. Suricata-7 requires libhtp but suricata-8 = will not as replaced by a rust equivalent. >>>=20 >>> Regards, >>>=20 >>> Adolf. >>>=20 >>>> Regards, >>>> Adolf. >>>=20 >>>=20 >=20