@PalisadesTahoe said in After upgrade to pf+ 23.09 Surricata says it's starting but..:
Noticed this morning that Suricata 7.0.2 was now available in the packages repository. I've upgraded and switched one of my LANs back to using Hyperscan. Although it seemed to run an little bit longer before crashing, it did eventually do so with the same error: "Hyperscan returned fatal error". Not sure if we were expecting Hyperscan to also be updated, but it is still at 5.4.0, which is odd since 5.4.2 has been out since 2023-04-19.
No, no change in the HyperScan library yet. I need to first see if I can reproduce the problem. The upstream Suricata team says 5.4.0 should be okay, but that definitely 5.4.1 is broken for Suricata. The fact 5.4.0 suddenly is giving issues is puzzling to the upstream guys, too.
And just to keep things clear-- there are currently two reported issues with Suricata, and they are NOT related.
One is the issue with a Signal 11 fault when Legacy Blocking Mode is enabled with the
Kill States option checked. That bug has been hopefully identified and fixed. Some new binaries will appear soon reflecting that fix. I believe some posts in this thread are actually a result of that bug and not necessarily the HyperScan one.
The second bug appears to revolve around the Intel HyperScan library. That one is now under investigation. I initially thought 7.0.2 would take care of that, but it apparently has not. So, now I will see about replicating the issue so a fix can be identified for it. This one may take longer to find and fix, and so is likely not to be part of the upcoming package update correcting the Signal 11 fault.