IPFW suricata 6: not recommended to upgrade

First off, I found error messages in the update jobs. In case You read these You will figure it, otherwise suricata will just NOT update it's knowledge rules (if configured to do so in an automated fashion). I don't think this is good; the reason is that new files were not added to the package plist, and are therefore missing.

This is not the worst. I also found the traffic stalling soon, and then working only in an irregular fashion (or not at all). At the same time suricata will no longer be killable by normal sigTERM. So, something gets stuck inside and blocks the signal handling, probably among other things.

The IPFW integration of suricata seems not so very well maintained (as I already reported earlier), but at first glance I now didn't see a change in Rel .6 related to IPFW, so this may or may not be related.

The first issue is easy to fix, the other looks more difficult and is, eh, under investigation (that means, I have reverted to Rel. 5 ;) ).

Code:
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 889a0baefc09..46e949251d63 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -129,6 +129,12 @@ man/man1/suricata.1.gz
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/util.pyc
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/version.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/version.pyc
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/matchers.py
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/matchers.pyc
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/osinfo.py
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/osinfo.pyc
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/parsers.py
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/parsers.pyc
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata_update-1.2.1-py%%PYTHON_VER%%.egg-info
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
 
Update: maintainer is informed and aware. This went into quarterly 2021Q2 by some mistake.
So if You do not want to dig into the whole stuff (there seem to be bugreports for further information), better stay with 5.0.6 for now and wait until this (hopefully) clears up in due time.
 
Back
Top