Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    After upgrade to pf+ 23.09 Surricata says it's starting but..

    Scheduled Pinned Locked Moved
    IDS/IPS
    9
    61
    6.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks @PalisadesTahoe
      last edited by bmeeks

      @PalisadesTahoe said in After upgrade to pf+ 23.09 Surricata says it's starting but..:

      Noticed this morning that Suricata 7.0.2 was now available in the packages repository. I've upgraded and switched one of my LANs back to using Hyperscan. Although it seemed to run an little bit longer before crashing, it did eventually do so with the same error: "Hyperscan returned fatal error". Not sure if we were expecting Hyperscan to also be updated, but it is still at 5.4.0, which is odd since 5.4.2 has been out since 2023-04-19.

      No, no change in the HyperScan library yet. I need to first see if I can reproduce the problem. The upstream Suricata team says 5.4.0 should be okay, but that definitely 5.4.1 is broken for Suricata. The fact 5.4.0 suddenly is giving issues is puzzling to the upstream guys, too.

      And just to keep things clear-- there are currently two reported issues with Suricata, and they are NOT related.

      1. One is the issue with a Signal 11 fault when Legacy Blocking Mode is enabled with the Kill States option checked. That bug has been hopefully identified and fixed. Some new binaries will appear soon reflecting that fix. I believe some posts in this thread are actually a result of that bug and not necessarily the HyperScan one.
      2. The second bug appears to revolve around the Intel HyperScan library. That one is now under investigation. I initially thought 7.0.2 would take care of that, but it apparently has not. So, now I will see about replicating the issue so a fix can be identified for it. This one may take longer to find and fix, and so is likely not to be part of the upcoming package update correcting the Signal 11 fault.
      1 Reply Last reply Reply Quote 1
      • First post
        Last post