Suricata 5.0 buzzing on Twitter

NollipfSense

Will we have to wait til 2.5 to see Suricata 5.0?

bmeeks

@NollipfSense said in Suricata 5.0 buzzing on Twitter:

Will we have to wait til 2.5 to see Suricata 5.0?

Don't know yet. Depends on the versions of dependent libraries required. I have not yet tried compiling Suricata 5 in my test system.

NRgia

As an update to @bmeeks and @NollipfSense . As I can see here: https://www.freshports.org/security/suricata/ - version 5.0.0 is available now.

Thanks

bmeeks

Look for Suricata 5.0.0 on pfSense in the near future. Working now on the package. Good news is the new binary compiles just fine for AMD64 hardware with the custom blocking plugin used on pfSense.

The small snag I'm working through is how to separate out and support two Suricata binary versions (4.1.5 for the 32-bit ARM hardware and 5.0.0 for AMD64 hardware). Working with the pfSense team to get that sorted out.

NRgia

@bmeeks Thank you, for the great news and your dedication.

bmeeks

Here is an update for this thread on Suricata 5.0 --

I've been keeping an eye on the Suricata Redmine bug site, and there are a few fairly significant apparent bugs in Suricata 5.0.0 that are being worked. Some are already fixed, and it looks like a Suricata 5.0.1 release is coming out soon. Therefore I decided to slow down on deploying Suricata 5.0 to pfSense. I will wait until at least Suricata 5.0.1 has been out a little while to be sure the more onerous bugs are fixed.

NRgia

@bmeeks
Giving the fact that there are some big changes in version 5.0 , it's better to be safe than sorry.

Going through the release notes, I read that Netmap support has been rewritten...but they don't say what benefits this new code will bring.

Also do you think it's best to wait for FreeBsd 12, (pfSense 2.5.0) maybe the new release will also bring more compatibility with the new Netmap code?

What do you think?
Thank you

bmeeks

@NRgia said in Suricata 5.0 buzzing on Twitter:

@bmeeks
Giving the fact that there are some big changes in version 5.0 , it's better to be safe than sorry.

Going through the release notes, I read that Netmap support has been rewritten...but they don't say what benefits this new code will bring.

Also do you think it's best to wait for FreeBsd 12, (pfSense 2.5.0) maybe the new release will also bring more compatibility with the new Netmap code?

What do you think?
Thank you

The Netmap interface of Suricata was rewritten by Victor Julien (the Suricata lead developer) to use the newer Netmap API library calls. I don't know what impact that will have on Suricata operation with Netmap overall as compared to the current code. Might help some, but most of the heavy lifting for Netmap is the FreeBSD kernel module. I have not tracked FreeBSD 12 work in that area. Have any netmap-related changes been made in the FreeBSD kernel?

NRgia

@bmeeks said in Suricata 5.0 buzzing on Twitter:

@NRgia said in Suricata 5.0 buzzing on Twitter:

@bmeeks
Giving the fact that there are some big changes in version 5.0 , it's better to be safe than sorry.

Going through the release notes, I read that Netmap support has been rewritten...but they don't say what benefits this new code will bring.

Also do you think it's best to wait for FreeBsd 12, (pfSense 2.5.0) maybe the new release will also bring more compatibility with the new Netmap code?

What do you think?
Thank you

The Netmap interface of Suricata was rewritten by Victor Julien (the Suricata lead developer) to use the newer Netmap API library calls. I don't know what impact that will have on Suricata operation with Netmap overall as compared to the current code. Might help some, but most of the heavy lifting for Netmap is the FreeBSD kernel module. I have not tracked FreeBSD 12 work in that area. Have any netmap-related changes been made in the FreeBSD kernel?

I didn't saw anything in the release notes regarding Netmap. It was more like a question.

NollipfSense