PHP errors

bmeeks

@jc1976:
But you have not told me what version you are attempting to install. Is it 7.0.4?

Post the first two dozen lines of code from the file /usr/local/pkg/suricata/suricata.inc and let me see what version is actually there.

I'm specifically looking for these lines:

// Suricata GUI needs at least 512MB to manipulate large rules arrays
if (get_php_default_memory() < 512)
	ini_set("memory_limit", "512M");

bmeeks

I found an error in the new code that prevents it from honoring the user-set limit. I will need to submit a fix for the Netgate team to review and merge.

bmeeks

Look for a package update to 7.0.4_1 to post in the near future. I've sent a review request to the Netgate developers. Here is the pull request: https://github.com/pfsense/FreeBSD-ports/pull/1360.

jc1976

@bmeeks

yes, 7.0.4, latest in the package manager. all was working fine up until today, it's really odd. i updated it to the latest version when it came out. I tend to apply updates when they are made available.

keep in mind i had edited the "512" to 2048 as instructed to resolve a php error in the previous version. The only reason why it says 512 now is because i figured i had nothing to lose if i tried to set it back to the default.. Also, i found it odd that setting my php to 2048 (of whatever i set it to) didn't translate to that line. It seems like it's holding onto a setting somewhere. as i previously stated, i deleted every suricata file that i could find in doing a search through winscp. i know sometimes files get 'locked' and keep reappearing even after being deleted.

as requested:

<?php
/*

suricata.inc
part of pfSense (https://www.pfsense.org)
Copyright (c) 2006-2023 Rubicon Communications, LLC (Netgate)
Copyright (c) 2005 Bill Marquette bill.marquette@gmail.com.
Copyright (c) 2003-2004 Manuel Kasper mk@neon1.net.
Copyright (c) 2009 Robert Zelaya Sr. Developer
Copyright (c) 2023 Bill Meeks
All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

require_once("pfsense-utils.inc");
require_once("config.inc");
require_once("globals.inc");
require_once("functions.inc");
require_once("services.inc");
require_once("service-utils.inc");
require_once("pkg-utils.inc");
require_once("filter.inc");
require_once("notices.inc");
require_once("util.inc");
require_once("xmlrpc_client.inc");
require_once("openvpn.inc");
require("/usr/local/pkg/suricata/suricata_defs.inc");

global $g;

// Suricata GUI needs at least 512MB to manipulate large rules arrays
if (get_php_default_memory($ARCH) < 512)
ini_set("memory_limit", "512M");

function suricata_generate_id() {

while (true) {
	$suricata_uuid = mt_rand(1, 65535);
	foreach (config_get_path('installedpackages/suricata/rule', []) as $value) {
		if ($value['uuid'] == $suricata_uuid) {
			continue 2;
		}
	}
	break;
}

return $suricata_uuid;

}

bmeeks

@jc1976:
See my post immediately above your last one. The new code contained a logic error. A fix for that has been submitted and a new package version 7.0.4_1 should appear soon (after the Netgate team reviews and merges my change).

It likely worked for you immediately after updating because it found and used your modified suricata.inc file from the PHP cache. Subsequent runs of the update code would have used the newly installed suricata.inc file (the one with the logic error) because those subsequent runs will be a new PHP session and will not use the cached file.

Long story short is there is nothing you can do on the install side until the updated package is posted (the 7.0.4_1 version).

jc1976

@bmeeks

so basically uninstall suricata completely and wait for the update?

Thanks!!

bmeeks

@jc1976 said in PHP errors:

@bmeeks

so basically uninstall suricata completely and wait for the update?

Thanks!!

Yes, or if you care to try, you can make the edit as shown in the git diff here:

[https://github.com/pfsense/FreeBSD-ports/pull/1360/commits/cd8e87d4f365cbb3f5ac7fc997001569c9e840aa](https://github.com/pfsense/FreeBSD-

and then navigate to <firewall_ip>/suricata/suricata_interfaces.php and start the instances from the GUI. When the package update comes out, then you can remove and reinstall.

bmeeks

A new Suricata package containing a fix for this should be available now. The new version is 7.0.4_1.

jc1976

@bmeeks

AND WE'RE BACK!!!

Meeks you beauty!

Thank you!!

smolka_J

@bmeeks Thank you sir, should allow for much more streamline of upgrades for anyone running Suricata, especially remote updating. Hour away leaving the gas station took seconds from a cell phone to update and load 90,773 signatures/rules successfully without the need to be logged into the console ready on standby. PfSense updates for me at least should now be just as streamlined and fast from this one update alone. Gracias!!!