Suricata v4.1.6_1 - Package update Release Notes

RonpfS

Yes it look the same. So until @bmeeks find what's wrong, disable GeoIP update in Suricata use the pfblockerNG one

mv /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb.tar.gz
ln -s /usr/local/share/GeoIP/GeoLite2-Country.mmdb /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb

jm1384

@RonpfS said in Suricata v4.1.6_1 - Package update Release Notes:

@jm1384 said in Suricata v4.1.6_1 - Package update Release Notes:

-rw-r--r-- 1 root wheel 2076656 Jan 19 20:56:37 2020 GeoLite2-Country.mmdb

From the size I guessed that the mmdb is still in a tar format :

tar -tvf /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb
drwxr-xr-x  0 0      0           0 Jan 15 09:22 GeoLite2-Country_20200114/
-rw-r--r--  0 0      0         398 Jan 15 09:22 GeoLite2-Country_20200114/LICENSE.txt
-rw-r--r--  0 0      0          55 Jan 15 09:22 GeoLite2-Country_20200114/COPYRIGHT.txt
-rw-r--r--  0 0      0     4083997 Jan 15 09:22 GeoLite2-Country_20200114/GeoLite2-Country.mmdb

ok
your are right about untar archive, wait and see if @bmeeks can resolve this issue.

bmeeks

I promise this was working correctly when I tested prior to submitting the pull request. Let me do a fresh install in a test VM to see what's happening.

RonpfS

@bmeeks I upgraded on Jan 18.
To be on the safe side, I uninstalled and installed 1 hour ago. same results.

total 1994
drwxr-xr-x  2 root  wheel        4 Jan 19 18:25 .
drwxr-xr-x  4 root  wheel        4 Jan 19 18:25 ..
-rw-r--r--  1 root  wheel  2076656 Jan 19 18:25 GeoLite2-Country.mmdb
-rw-r--r--  1 root  wheel       32 Jan 19 18:25 GeoLite2-Country.mmdb.tar.gz.md5

bmeeks

I screwed the new code up. Working on correcting it. I don't know what I tested, but it did work. Must be losing my mind ... .

Will get a correction posted soon.

bmeeks

Okay. Sorry about the previous screw-up with the GeoIP database. The new fix is posted here for the pfSense team to review and merge. If you want to make the changes yourself in your file before the fix is posted, you can look at the edits in the linked pull request.

Look for a package update to version 4.1.6_3 in the near future.

I don't even have a good lie to use to try and cover this one up. I will just have to own the mistake up front ...

RonpfS

@bmeeks said in Suricata v4.1.6_1 - Package update Release Notes:

If you want to make the changes yourself in your file before the fix is posted,

Just did the test and the DB is extracted ok now

rm /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb*
php /usr/local/pkg/suricata/suricata_geoipupdate.php

ls -al
total 2
drwxr-xr-x  2 root  wheel        4 Jan 19 20:56 .
drwxr-xr-x  4 root  wheel        4 Jan 19 18:25 ..
-rw-r--r--  1 root  wheel  4083997 Jan 19 20:56 GeoLite2-Country.mmdb
-rw-r--r--  1 root  wheel       32 Jan 19 20:56 GeoLite2-Country.mmdb.tar.gz.md5

jm1384

@bmeeks said in Suricata v4.1.6_1 - Package update Release Notes:

If you want to make the changes yourself in your file before the fix is posted, you can look at the edits in the linked pull request.

same as @RonpfS , the fix working good @bmeeks
Thank you !

Bob.Dig

Probably another silly question...
pfSense is crashing when I run a speed test on speedtest.net. I have installed pfSense 2.5 and Suricata 4.1.6_3 is running in inline Mode the first time.
I use Hyper-V and so the NICs are called hn0 and hn1, which is probably the reason why it is crashing?

TIA
Bob

NollipfSense

@Bob-Dig Yes, Netmap doesn't support your NIC.

Bob.Dig

@NollipfSense Thanks. Then I will have to go back to legacy mode.