Suricata-6.0.0 Package Update -- Release Notes

bmeeks

Suricata-6.0.0

This package update provides support for the latest 6.0.0 Suricata binary and fixes four bugs. No new features are added.

This is the new 6.0.0 Suricata branch, so take that into account when deciding whether or not you want to upgrade at this time. This new 6.x branch of Suricata has had limited testing. This new branch is currently available for pfSense-2.5 Snapshot users, but it will also be available a bit later for pfSense-2.4.5 users.

New Features:
None

Bug Fixes:

1. Check that LRO, TSO and all Hardware Checksumming is disabled in pfSense when user enables and saves "IPS Inline" mode configuration.

2. Potential YAML key indentation issue with libhtp policy settings in suricata.yaml conf file.

3. Add input validation to prevent users from choosing Netmap Inline IPS Mode with incompatible physical NICs. See Redmine Issue 10950 from Snort for details. Suricata needs the same input validation.

4. Complete implementation of fix for Redmine Issue 9789 (from Snort) since Suricata is susceptible to the same issues.

bmeeks

WARNING!!!!
Several issues have been reported with the Suricata 6.0.0 binary branch!

I strongly suggest that users hold off on this update for now. I may well wind up asking the pfSense team to pull the 6.0.0 binary and replace it with the older 5.0.3 version as all of the latest Suricata binary updates appear to have issues (4.1.9, 5.0.4 and 6.0.0).

Edit: further testing after my original post revealed the issues are isolated to the 6.0.0 binary only.

bmeeks

Suricata binary reverted to 5.0.4 in the latest 6.0.0_1 GUI package.

The latest Suricata-6.0.0_1 package reverts the underlying binary to 5.0.4 from the problematic 6.0.0 version. When the upstream Suricata team releases a new 6.x version (hopefully a 6.0.1 update i the near future), I will revisit updating the Suricata binary to the 6.x branch.