From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bBg5B1G8Bz3359 for ; Tue, 3 Jun 2025 19:00:14 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bBg56577Vz2y97 for ; Tue, 3 Jun 2025 19:00:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bBg556Rq3z1Ss for ; Tue, 3 Jun 2025 19:00:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748977210; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XXgwO4gozTjxHTGAa1P6LSN1bvZYe5LWVbdPPN/Eqjo=; b=cMFY0pHSgTFur86hM8xUhE5HfH4FY6Bz8zg1IPBWktgARjCRh3CrM8fKkCoCVo9MAYbId0 u6XHqA1DdkjQxADQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748977210; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XXgwO4gozTjxHTGAa1P6LSN1bvZYe5LWVbdPPN/Eqjo=; b=n5w90nZiQKhLcHfAV7wDL0qRGPZIE46/Tt67JKTycfEzZ0iXn/A+EXao/44oiaGUf//dHp HFtLaUYSx19HkiOO9pJjJF7z4si0dz0hsIgFGJUSnPV0Oas/o7lecC59c1VA6wK6LcfkgK IjaD2DfZnfgE+LN9wqyLLfbN2lf4SPFQx+mrP2uUKksNizJ/cryHGRXHh1mLjx7EXnEpDO Olna0SAk/kATAYG2haiAmsUrqBdldsW8P4KDf8htKXv3Y4i2Em8ceCUoleP+ZJ+mcjN4sm 5ToEvPBGolzFS6aC91u9afImYTG2O08aO2W7fqJJ0XtN2rGm/grRX9OoF//+PQ== Message-ID: <98524397-9ffa-4a72-91d3-0d13da6aa04f@ipfire.org> Date: Tue, 3 Jun 2025 21:00:05 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Language: en-GB To: "IPFire: Development-List" From: Adolf Belka Subject: Feedback on evaluation of Suricata-8.0.0-beta1 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi everyone, So I have good news and bad news. The good news is that, apart from minor adjustment of the patch to disable sid-2210059, suricata-8.0.0-beta1 built without any issues. I then installed the iso I had built with it and the IPS started up and worked as expected, so also good news. Suricata-8 has some new capabilities such as landlocked is enabled by default now, Suricata can be used via sockets and encrypted traffic bypass has been decoupled from stream.bypass setting. These may or may not require or benefit from modifications in how Suricata is used in IPFire. I am not knowledgeable enough currently to judge that. The bad news is that the syslog output is deprecated in Suricata-8 and will be removed in Suricata-9. It will still work in Suricata-8 but we will need to figure out how to change how we log some things before we move to Suricata-9 but at least we have some time, so better to find this out now. libhtp is no longer being used by Suricata. They have replaced it with a rust version. So libhtp should be able to be removed. I will test this out. I tried ./make.sh find-dependencies on libhtp.so.2 and libhtp.so.2.0.0 but both with Suricata 8 and the existing suricata 7 version the command showed no dependencies on libhtp. I would have expected it to be shown as a dependency for suricata. We have a libhtp section in the suricata.yaml file. Regards, Adolf.