Suricata Package v4.1.4 -- Release Notes



  • Suricata version 4.1.4 has been ported into the pfSense-2.4.4-RELEASE tree. This update contains the latest Suricata 4.1.4 binary and a bug fix for the GUI package. Release notes for the Suricata 4.1.4 binary can be found here.

    Note that this package version has been available in the pfSense-2.5-DEVEL tree for quite some time, so if you are using 2.5-DEVEL snapshots, there is no need to update Suricata.

    New Features:
    None

    Bug Fixes:

    1. On the SID MGMT tab, when the blocking mode for an interface does not meet all the criteria, the user can be prevented from deleting a previously assigned DROP SID or REJECT_SID list even if the list is no longer applicable for the selected blocking mode.


  • Thank you for making this available, for stable version also.

    One question, shouldn't Rust package also be installed with Suricata?

    When I run pkg -version I don't see any Rust package

    Thank you



  • @NRgia said in Suricata Package v4.1.4 -- Release Notes:

    Thank you for making this available, for stable version also.

    One question, shouldn't Rust package also be installed with Suricata?

    When I run pkg -version I don't see any Rust package

    Thank you

    Rust is a build requirement for Suricata but not a runtime requirement. Rust can be thought of as a type of C compiler (not precise, but it's the best analogy I could come up with). Rust produces supposedly robust binary code that is much more immune from programmer-induced crashes than code from the C compilers. So Rust gets used during the build process to create some of the binary pieces of Suricata in much the same way a C compiler is used to generate the other binary pieces. But once the binary code is generated, there is no further need of the compiler so it does not get installed when the binary is installed.

    Also, for SG-3100 and any other applicances based on the ARM architecture, Rust is disabled during the build and all of the Rust-required new Suricata features are disabled. This is because there are currently build-time issues with building Rust using the qemu emulator when cross-compiling for ARM hardware on an Intel-based builder machine.



  • Thank you for the clarification.

    Reading from this https://suricata-ids.org/2019/04/30/call-for-testing-announcing-suricata-5-0-0-beta1/ under RUST section, and from your explanations, does it mean that starting with version 5, Suricata package can only be built with Rust enabled? That means no package for ARM ?



  • @NRgia said in Suricata Package v4.1.4 -- Release Notes:

    Thank you for the clarification.

    Reading from this https://suricata-ids.org/2019/04/30/call-for-testing-announcing-suricata-5-0-0-beta1/ under RUST section, and from your explanations, does it mean that starting with version 5, Suricata package can only be built with Rust enabled? That means no package for ARM ?

    Hopefully it does not mean that. The pfSense team is, I believe, working towards a native-build platform for their ARM and AARCH64 products. Software for those has been built thus far using a cross-compiler system based on qemu on FreeBSD. It is that cross-compilation environment that has the Rust issue. Cross-compilation is where you build code for a CPU whose architecture is different from the CPU you are running the compiler on. So in this case it meant using an Intel AMD64 CPU to build binary code for an ARM CPU. Last time I corresponded with one of the lead pfSense developers he told me they were working on getting a native ARM-based platform constructed to build ARM software on. That will solve the Rust isssue since qemu won't be needed there.

    For now, Rust is disabled for the Suricata builds for ARM hardware. That requires removing certain configuration parameters from the GUI because those binary parts are missing in Suricata without Rust. Several of the new protocol parsers, for instance, require Rust during the build. All of this was spelled out in some detail in the release notes for the Suricata 4.x package release. I don't recall the exact version at the moment, though.

    Edit: I found that Release Notes thread that discussed what's missing in Suricata for SG-3100 appliances due to the Rust exclusion. It is here: https://forum.netgate.com/topic/139365/suricata-v4-1-2_1-package-update-release-notes.



  • Thank you again for explaining


Log in to reply