Hello Adolf, Cool, this is valuable stuff.
If you have the changes, feel free to push them into a branch in your Git repository so that whenever there is a final release available, we have the changes ready and just need to update. Best, -Michael > On 4 Jun 2025, at 12:56, Adolf Belka <[email protected]> wrote: > > Hi All, > > On 03/06/2025 21:00, Adolf Belka wrote: >> Hi everyone, >> So I have good news and bad news. >> The good news is that, apart from minor adjustment of the patch to disable >> sid-2210059, suricata-8.0.0-beta1 built without any issues. >> I then installed the iso I had built with it and the IPS started up and >> worked as expected, so also good news. >> Suricata-8 has some new capabilities such as landlocked is enabled by >> default now, Suricata can be used via sockets and encrypted traffic bypass >> has been decoupled from stream.bypass setting. >> These may or may not require or benefit from modifications in how Suricata >> is used in IPFire. I am not knowledgeable enough currently to judge that. >> The bad news is that the syslog output is deprecated in Suricata-8 and will >> be removed in Suricata-9. >> It will still work in Suricata-8 but we will need to figure out how to >> change how we log some things before we move to Suricata-9 but at least we >> have some time, so better to find this out now. >> libhtp is no longer being used by Suricata. They have replaced it with a >> rust version. So libhtp should be able to be removed. >> I will test this out. > > I built suricata-8.0.0-beta1 with libhtp removed from the build and it > completed without any issues. I installed the IPFire created with that build > and the IPS worked without any issues. So libhtp can be removed when > suricata-8 is installed. > >> I tried ./make.sh find-dependencies on libhtp.so.2 and libhtp.so.2.0.0 but >> both with Suricata 8 and the existing suricata 7 version the command showed >> no dependencies on libhtp. I would have expected it to be shown as a >> dependency for suricata. >> We have a libhtp section in the suricata.yaml file. > > I tested out doing the suricata-7.0.10 build with libhtp removed and it > stopped and complained about the missing libhtp. > > I then added libhtp back in and reran the build and then did the > find-dependencies and this time it flagged up suricata. So yesterday I must > have made some error when doing the find-dependencies. > > So everything is clear. Suricata-7 requires libhtp but suricata-8 will not as > replaced by a rust equivalent. > > Regards, > > Adolf. > >> Regards, >> Adolf. > >
