Message ID | 20201212091435.20982-1-matthias.fischer@ipfire.org |
---|---|
State | Superseded |
Commit | 3b8e39553d7295d6aa7cf5545f73f0191622d7f9 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CtMRl3r0Lz3wg0 for <patchwork@web04.haj.ipfire.org>; Sat, 12 Dec 2020 09:14:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CtMRk3RHNz1mG; Sat, 12 Dec 2020 09:14:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CtMRk24sPz2xpb; Sat, 12 Dec 2020 09:14:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CtMRj1Wg4z2xny for <development@lists.ipfire.org>; Sat, 12 Dec 2020 09:14:41 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CtMRh5cXTz104 for <development@lists.ipfire.org>; Sat, 12 Dec 2020 09:14:40 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1607764480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=rtpWa7aluAxfTMN0vYBQ07pV2emwhOUItwP7XqrgnA4=; b=HHQcSexBiuooIr2Wt8QoPu/0qUlRrrQPuk064cTBlhaJy4M8MRQmM7Rq4nll9DDWctIGjt EF6Z2oYCxrRh3gDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1607764480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=rtpWa7aluAxfTMN0vYBQ07pV2emwhOUItwP7XqrgnA4=; b=isRLrBfFEpmtMBNRJfnO2ypJTkZ7T4WvtjNBOdmhZe3y2wJN2rlNf0ZPpiTKaPZ4sgnZzG FC/bFTnGwJIV6CqMWxo3IkDbs6t1Q5XxqRBsWLmfMSBEv+9Q+qTmwTA+n60BQcizKRhnER U90N4rPAeIajalKVt/UunXB8mfzDuyqpFmt+Rgld4vpZwRaP1DwMryDskPLvBB/ag04oCL 0T2Ufowfzh99ObBc6ZimnFAzCpiASP24beSq1yUdv+c0bmmMpxptmPgROQbYDNorb+4fZ+ 242hupVPxZeA6XK+FPv68wJel6S6Ew4g02R7iVYxWu8opVdYleEckaF49qaIpA== From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] suricata: 'Downdate' to 5.0.5 Date: Sat, 12 Dec 2020 10:14:35 +0100 Message-Id: <20201212091435.20982-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
suricata: 'Downdate' to 5.0.5
|
|
Commit Message
Matthias Fischer
Dec. 12, 2020, 9:14 a.m. UTC
Triggered by https://lists.ipfire.org/pipermail/development/2020-December/008868.html
Workaround for https://bugzilla.ipfire.org/show_bug.cgi?id=12548
Downgrading to 'suricata 5.0.5' bypasses Bug #12548 for now,
but its only a temporary workaround...
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/suricata | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Hi, Thank you for submitting this patch. I am not sure if I want to merge this, yet. I will consider this when we move closer to a release, but upstream didn’t provide a solution, yet. I suppose it is okay if we burn through a little bit more of CPU as long as the system is secure. The overhead seems to be small enough for me to not cause any significant impact on throughput or latency. Is this an acceptable benchmark for you? Best, -Michael > On 12 Dec 2020, at 10:14, Matthias Fischer <matthias.fischer@ipfire.org> wrote: > > Triggered by https://lists.ipfire.org/pipermail/development/2020-December/008868.html > > Workaround for https://bugzilla.ipfire.org/show_bug.cgi?id=12548 > > Downgrading to 'suricata 5.0.5' bypasses Bug #12548 for now, > but its only a temporary workaround... > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > lfs/suricata | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lfs/suricata b/lfs/suricata > index 2871d8e7b..c5dc46af4 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -24,7 +24,7 @@ > > include Config > > -VER = 6.0.0 > +VER = 5.0.5 > > THISAPP = suricata-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -44,7 +44,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = bbddcf2f209930206ef21977d40120d2 > +$(DL_FILE)_MD5 = fe039cc4571eb56828874ddc0b71dc51 > > install : $(TARGET) > > -- > 2.18.0 >
On 14.12.2020 10:33, Michael Tremer wrote: > Hi, Hi, > Thank you for submitting this patch. > > I am not sure if I want to merge this, yet. Yep. Looking at the changelogs I would prefer 6.0.1, but I just wanted to have an alternative ready in case it was needed. > I will consider this when we move closer to a release, but upstream didn’t provide a solution, yet. > > I suppose it is okay if we burn through a little bit more of CPU as long as the system is secure. The overhead seems to be small enough for me to not cause any significant impact on throughput or latency. > > Is this an acceptable benchmark for you? For me: yes. No problem. ;-) Best, Matthias > Best, > -Michael > >> On 12 Dec 2020, at 10:14, Matthias Fischer <matthias.fischer@ipfire.org> wrote: >> >> Triggered by https://lists.ipfire.org/pipermail/development/2020-December/008868.html >> >> Workaround for https://bugzilla.ipfire.org/show_bug.cgi?id=12548 >> >> Downgrading to 'suricata 5.0.5' bypasses Bug #12548 for now, >> but its only a temporary workaround... >> >> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> >> --- >> lfs/suricata | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/lfs/suricata b/lfs/suricata >> index 2871d8e7b..c5dc46af4 100644 >> --- a/lfs/suricata >> +++ b/lfs/suricata >> @@ -24,7 +24,7 @@ >> >> include Config >> >> -VER = 6.0.0 >> +VER = 5.0.5 >> >> THISAPP = suricata-$(VER) >> DL_FILE = $(THISAPP).tar.gz >> @@ -44,7 +44,7 @@ objects = $(DL_FILE) >> >> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> >> -$(DL_FILE)_MD5 = bbddcf2f209930206ef21977d40120d2 >> +$(DL_FILE)_MD5 = fe039cc4571eb56828874ddc0b71dc51 >> >> install : $(TARGET) >> >> -- >> 2.18.0 >> >
Hi, I am now convinced that the impact is bad enough that we will need to revert. I would like to be able to release c153 before Christmas and I am not sure if upstream will be able to provide a hotfix. -Michael > On 14 Dec 2020, at 21:02, Matthias Fischer <matthias.fischer@ipfire.org> wrote: > > On 14.12.2020 10:33, Michael Tremer wrote: >> Hi, > > Hi, > >> Thank you for submitting this patch. >> >> I am not sure if I want to merge this, yet. > > Yep. > > Looking at the changelogs I would prefer 6.0.1, but I just wanted to > have an alternative ready in case it was needed. > >> I will consider this when we move closer to a release, but upstream didn’t provide a solution, yet. >> >> I suppose it is okay if we burn through a little bit more of CPU as long as the system is secure. The overhead seems to be small enough for me to not cause any significant impact on throughput or latency. >> >> Is this an acceptable benchmark for you? > > For me: yes. No problem. ;-) > > Best, > Matthias > >> Best, >> -Michael >> >>> On 12 Dec 2020, at 10:14, Matthias Fischer <matthias.fischer@ipfire.org> wrote: >>> >>> Triggered by https://lists.ipfire.org/pipermail/development/2020-December/008868.html >>> >>> Workaround for https://bugzilla.ipfire.org/show_bug.cgi?id=12548 >>> >>> Downgrading to 'suricata 5.0.5' bypasses Bug #12548 for now, >>> but its only a temporary workaround... >>> >>> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> >>> --- >>> lfs/suricata | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/lfs/suricata b/lfs/suricata >>> index 2871d8e7b..c5dc46af4 100644 >>> --- a/lfs/suricata >>> +++ b/lfs/suricata >>> @@ -24,7 +24,7 @@ >>> >>> include Config >>> >>> -VER = 6.0.0 >>> +VER = 5.0.5 >>> >>> THISAPP = suricata-$(VER) >>> DL_FILE = $(THISAPP).tar.gz >>> @@ -44,7 +44,7 @@ objects = $(DL_FILE) >>> >>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>> >>> -$(DL_FILE)_MD5 = bbddcf2f209930206ef21977d40120d2 >>> +$(DL_FILE)_MD5 = fe039cc4571eb56828874ddc0b71dc51 >>> >>> install : $(TARGET) >>> >>> -- >>> 2.18.0 >>> >> >
diff --git a/lfs/suricata b/lfs/suricata index 2871d8e7b..c5dc46af4 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 6.0.0 +VER = 5.0.5 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = bbddcf2f209930206ef21977d40120d2 +$(DL_FILE)_MD5 = fe039cc4571eb56828874ddc0b71dc51 install : $(TARGET)