Upgrade Suricata to 7.0 #6589
Merged
Upgrade Suricata to 7.0 #6589
Commits on Aug 27, 2024
-
Suricata 6.0 is now end-of-life so we upgrade to 7.0: https://forum.suricata.io/t/suricata-6-is-now-end-of-life-eol/4790 Suricata 7.0 includes support for some new protocols, including HTTP/2 and QUIC, which means we could start supporting these protocols in L7NetworkPolicies. Two changes were required in Antrea for this upgrade: * The /etc/suricata/rules no longer seems to be created by default in the antrea-agent container image, when installing the Suricata package. So we create it if needed when starting Suricata from the Antrea Agent. * The alert events logged by Suricata for our default drop rules no longer include app-layer metadata. This should be expected for an ip rule, and the earlier behavior was probably invalid in a way. See also https://redmine.openinfosecfoundation.org/issues/7199. As a result of this behavioral change, e2e tests as well as L7NP documentation had to be updated. Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
-
Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.