From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bL2Fh5zlDz333H for ; Sun, 15 Jun 2025 18:48:08 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bL2Fd2SGQz2yTw for ; Sun, 15 Jun 2025 18:48:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bL2Fb73Qjz9T; Sun, 15 Jun 2025 18:48:03 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1750013284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B+cHGkHQog7aCf7SSgmOUbWRGMjimJTOrelZHn07boc=; b=iKAVQR1yh+/pdtIta7y/qPqd715U+u3RjO4quqVhwtI5b3oMlmS+My27JC0ivE1z/hBMK1 lxzaJn+lgZnOZxDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1750013284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B+cHGkHQog7aCf7SSgmOUbWRGMjimJTOrelZHn07boc=; b=RxP6WyKqeDRNJu/Oipw8D1K3G8E59wokF7UyhzV67PRZY+Cnvd1NVlmirMFl6foeXW3NYg NaiPcMSVDDlqPv8GGqVAAb3cSsK4otawDXP37FEn+SXGQ5cO2CyLpUKMM/BofdHU++kaxU 4peMLxQoIAwWxM2EkfJ2wZdomd/ApojU7Pt33awgMKoKwbsStDYYsu5cF7SFsE8Os4Fmjy nGk+sTmvwGLPTUACB09+lGAQa8GB399/QLFrLsecxsEsjPKB/SzkGM6VckslDLsvxHeTGo W2ZAQ6h9yg/hwhfT6cB5t9pr1aoPvR9BqdswVUm13e71uwiMRKnRKwmXz7LsZg== Message-ID: Date: Sun, 15 Jun 2025 20:47:59 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: Feedback on evaluation of Suricata-8.0.0-beta1 To: Michael Tremer Cc: "IPFire: Development-List" References: <98524397-9ffa-4a72-91d3-0d13da6aa04f@ipfire.org> <248818c8-c129-4642-84a7-b2bb6db68184@ipfire.org> <7A8F58EE-4BFA-4131-BAF7-82B68B871C2B@ipfire.org> Content-Language: en-GB From: Adolf Belka In-Reply-To: <7A8F58EE-4BFA-4131-BAF7-82B68B871C2B@ipfire.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi everyone, The suricata-8.0.0-rc1 version has been released. I have built it and tested it and it worked the same as the suricata-8.0.0-beta1 version. Tested it out in an IPFire install using the testing approach from the suricata documentation https://docs.suricata.io/en/suricata-8.0.0-rc1/quickstart.html#alerting and it worked the same as for 7.0.10 and 8.0.0-beta1 Both the beta1 and rc1 commits have been pushed into my ipfire repo. https://git.ipfire.org/?p=people/bonnietwin/ipfire-2.x.git;a=summary Regards, Adolf. On 04/06/2025 17:57, Michael Tremer wrote: > Hello Adolf, > > Cool, this is valuable stuff. > > If you have the changes, feel free to push them into a branch in your Git repository so that whenever there is a final release available, we have the changes ready and just need to update. > > Best, > -Michael > >> On 4 Jun 2025, at 12:56, Adolf Belka wrote: >> >> Hi All, >> >> On 03/06/2025 21:00, Adolf Belka wrote: >>> Hi everyone, >>> So I have good news and bad news. >>> The good news is that, apart from minor adjustment of the patch to disable sid-2210059, suricata-8.0.0-beta1 built without any issues. >>> I then installed the iso I had built with it and the IPS started up and worked as expected, so also good news. >>> Suricata-8 has some new capabilities such as landlocked is enabled by default now, Suricata can be used via sockets and encrypted traffic bypass has been decoupled from stream.bypass setting. >>> These may or may not require or benefit from modifications in how Suricata is used in IPFire. I am not knowledgeable enough currently to judge that. >>> The bad news is that the syslog output is deprecated in Suricata-8 and will be removed in Suricata-9. >>> It will still work in Suricata-8 but we will need to figure out how to change how we log some things before we move to Suricata-9 but at least we have some time, so better to find this out now. >>> libhtp is no longer being used by Suricata. They have replaced it with a rust version. So libhtp should be able to be removed. >>> I will test this out. >> >> I built suricata-8.0.0-beta1 with libhtp removed from the build and it completed without any issues. I installed the IPFire created with that build and the IPS worked without any issues. So libhtp can be removed when suricata-8 is installed. >> >>> I tried ./make.sh find-dependencies on libhtp.so.2 and libhtp.so.2.0.0 but both with Suricata 8 and the existing suricata 7 version the command showed no dependencies on libhtp. I would have expected it to be shown as a dependency for suricata. >>> We have a libhtp section in the suricata.yaml file. >> >> I tested out doing the suricata-7.0.10 build with libhtp removed and it stopped and complained about the missing libhtp. >> >> I then added libhtp back in and reran the build and then did the find-dependencies and this time it flagged up suricata. So yesterday I must have made some error when doing the find-dependencies. >> >> So everything is clear. Suricata-7 requires libhtp but suricata-8 will not as replaced by a rust equivalent. >> >> Regards, >> >> Adolf. >> >>> Regards, >>> Adolf. >> >> >