Created attachment 237997 [details] beta1 test Hi, This is a work in progress for inclusion of Suricata version 7. The first beta was just released so there is more work to be done on their side as well as the port side: NETMAP option now requires API v14 support in FreeBSD which may not work in older supported FreeBSD releases, but I want to check this later and first provide a patch set to try out for interested parties. Please DO NOT update the security/suricata port at this point. Cheers, Franco
Sorry, typo in the subject, this is for suricata, not strongswan :/
Thanks for the patch, Franco. Why not send the patch once it is ready instead of risking someone seeing the PR and pushing it by mistake?
Because the last time a FreeBSD committer went ahead and created a suricata-devel port unbeknownst to us. We do work with Suricata team to ensure test coverage for FreeBSD when they cannot and just spoke to them last week about the next major update timeline. While version 7 isn't ready from a QA perspective we would also like to encourage users to try the patch and avoid duplicate submissions and port splits in the meantime. Cheers, Franco
PS: I suppose removing [WIP] from the subject doesn't help point this out, or does it?
(In reply to Franco Fichtner from comment #4) The removal of [WIP] as a tag was broadly in line with <https://wiki.freebsd.org/Bugzilla/DosAndDonts#DON.27TS>, which is usual advice. It's understood that this is an unusual bug report; please do whatever will be most useful to progress things. (There's also the option of changing the status from Open, to In Progress, when appropriate.) Thanks
Any chance we will see a update to 7 soon? Would be nice to have conditional PCAP available on FreeBSD. Not to mention file extraction is a lot more reliable on 7 as well.
Been testing here with Suricata 7 and it builds and works fine on FreeBSD. That said the current patches made to it don't play nicely with 7. Compiles and works fine out of the box with the required depends and configure args.
Created attachment 244652 [details] final update
Just a few comments: * The (broken) Prelude support was removed upstream. * Netmap API support requires version 14 now. Otherwise it has to be disabled to build. * Caveats may still apply as no stable release was published yet. OPNsense users are reporting instability issues with Netmap compared to version 6.0.13, but as these things move quite slowly and demand is high the update shall go in since it is an official release. Cheers, Franco
(In reply to Franco Fichtner from comment #9) Hello Franco, > ... > * Caveats may still apply as no stable release was published yet. Should I include this on commit msg? Isn't 7.0.0 a stable release? Cheers
Hi Nuno, Sorry, I meant "no further" stable release here (7.0.x). Case in point the Netmap V14 changes were broken on Suricata 7 branch for a long time and the only reason the regression was caught prior to 7.0.0 was the fact that a backport to 6.0.x broke the previous major version too. From early indication more bugs cold be in there, but it doesn't have to be said in the commit message. It's more tailored for the scope of this bug report. Cheers, Franco
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=62bc0aebb14376ceb0637656997eb0beb57a35d2 commit 62bc0aebb14376ceb0637656997eb0beb57a35d2 Author: Franco Fichtner <franco@opnsense.org> AuthorDate: 2023-09-10 19:13:33 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-09-10 19:17:51 +0000 security/suricata: Update to 7.0.0 * The (broken) Prelude support was removed upstream. * Netmap API support requires version 14 now. Otherwise it has to be disabled to build. * Caveats may still apply as no stable release was published yet. OPNsense users are reporting instability issues with Netmap compared to version 6.0.13, but as these things move quite slowly and demand is high the update shall go in since it is an official release. ChangeLog: https://suricata.io/2023/07/18/suricata-7-0-0-released/ PR: 267688 security/suricata/Makefile | 21 ++++---------------- security/suricata/distinfo | 6 +++--- security/suricata/files/patch-configure.ac (gone) | 24 ----------------------- security/suricata/pkg-plist | 4 +++- 4 files changed, 10 insertions(+), 45 deletions(-)
Committed, thanks!