New Verison Suricata 3.1 Status



  • Any near term plans to update Pfsense 2.3.1 with Suricata 3.1 new version just released?



  • As soon as it updates in FreeBSD ports I will look at getting it submitted to the pfSense folks.  We always wait for the FreeBSD ports tree to update before adding the new version to pfSense.

    This new version has some Netmap fixes for FreeBSD and hyperscan support!

    Bill



  • Bill:

    Thanks for the update.

    Howard



  • What is the process for getting Suricata into the FreeBSD ports?  Are we just waiting on some volunteer to do it?  Is there a typical time frame that it happens in?  I'm a Windows programmer, so I don't have a ton of FreeBSD experience.  Is the process of getting into FreeBSD ports tedious?  It certainly looks like compiling and installing on FreeBSD is quite easy (from the Suricata instructions).  I'm not being pushy…I just want to understand the process and adjust my expectations.  I'm currently having some trouble with inline mode and I'd like to see if 3.1 addresses my problem.

    Thanks.



  • There is an official maintainer of the port within FreeBSD ports.  He usually waits until a new version goes RELEASE before including it in the ports tree.  Last I checked this particular Suricata update was still pre-release.  You can visit here and see all the ports and who the maintainers are:  http://www.freshports.org/.

    Bill



  • Thanks for the info. Am I missing something about the release you are talking about?  The Suricata website has 3.1 listed as Stable Release. Is there some other version or waiting period to get incorporated into FreeBSD?  Thanks.



  • @AsgardianFW:

    Thanks for the info. Am I missing something about the release you are talking about?  The Suricata website has 3.1 listed as Stable Release. Is there some other version or waiting period to get incorporated into FreeBSD?  Thanks.

    At the time I first replied, I had not looked on the Suricata site for several days.  The last time I had checked the 3.1 version was still in pre-release.  I see it was released on June 20.  Now we have to wait for the FreeBSD ports maintainer to update the package there.  Here is the link to all the ports versions for FreeBSD:  http://www.freshports.org/.

    Once Suricata is updated there, I will pull it down down and produce the update for pfSense.

    Bill



  • Thank you Bill. I just took a quick look at freshports - no update as of this post. Looks like koobs@freebsd.org is the maintainer. Hopefully s/he will have a chance to look it over soon.



  • @Wisiwyg:

    Thank you Bill. I just took a quick look at freshports - no update as of this post. Looks like koobs@freebsd.org is the maintainer. Hopefully s/he will have a chance to look it over soon.

    I emailed koobs back on the 5th  (nice fellow) and he said that after some more QA it'll be committed shortly.

    He mentioned this patch if one didn't want to wait – looks like there's been some activity since his email.  Apparently it's not as simple as compiling from source into a package:
    https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210490



  • @Tantamount:

    @Wisiwyg:

    Thank you Bill. I just took a quick look at freshports - no update as of this post. Looks like koobs@freebsd.org is the maintainer. Hopefully s/he will have a chance to look it over soon.

    I emailed koobs back on the 5th  (nice fellow) and he said that after some more QA it'll be committed shortly.

    He mentioned this patch if one didn't want to wait – looks like there's been some activity since his email.  Apparently it's not as simple as compiling from source into a package:
    https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210490

    Yeah, there are some other fixes required to integrate Hyperscan into Suricata on FreeBSD.  The FreeBSD maintainer will get it worked out.  I will keep an eye on the progress and start working on the pfSense Suricata package as soon as FreeBSD ports is updated.  I also have to be sure the special patch we apply on pfSense for the legacy mode blocking works on the new version, so that adds a little extra time to the cycle.

    Bill


Log in to reply