Summary: | net-analyzer/suricata [new use flags] | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Wojciech Myrda <vojcek> |
Component: | Current packages | Assignee: | Sławek Lis (RETIRED) <slis> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | kalin, treecleaner |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Deadline: | 2019-12-31 | ||
Attachments: | suricata-4.0.3.ebuild |
Description
Wojciech Myrda
2018-01-24 08:53:52 UTC
Thank you for your report. Some of the options you've mentioned are already included but commented in ebuild, because as you said - they depends on another opened bugs. I didn't opened a bug before as I didn't know if someone would be interested in suricata. Now it may be a good idea to track those dependencies here. It may be a good idea to use $PN, and when some changes appear we could still use $P then. I have been using suricata with PF_RING for some years now (albeit from time to time). The initial source of the ebuilds predates my move to github, but I guess it was initially in Pentoo. I guess sorting the dependencies between the 3 bugs mentioned, choosing a name for the PF_RING kernel module and library needs to be done. My pkalin overlay is available at https://github.com/thinrope/pkalin and I just revbumped the 3 ebuilds in question, trying to match the vanilla tree as much as possible. There are some subtle differences in syntax, but I guess someone needs to choose and/or mix and push to portage, then it can be tested. Now, I haven't used prelude, so no idea what is needed. New maintainer of net-analyzer/suricata here. Seeing as this ticket is almost 2 years old I am now closing it as obsolete, that said by all means do ask if there is still interest in any of these features. My comments regarding some of them: - rust - as of suricata-5.0.0 this is no longer optional - pfring - I used to use this a lot in the past (under Debian) but it seems that these days PF_RING mode only outperforms AF_PACKET mode when used in conjunction with non-free additional components? Plus I do not know if the former works with eBGP/XDP; - prelude - sounds like a good feature to add but it should be clarified why some parts of the tree still mention Prelude as having been masked for removal; - ipfw - we no longer support FreeBSD so I think it's safe to assume this will never be needed after all. |