suricata: Make stateless

packages/s/suricata/abi_used_libs

@@ -1,11 +1,16 @@
 ld-linux-x86-64.so.2
+libbpf.so.1
 libc.so.6
 libcap-ng.so.0
 libgcc_s.so.1
+libhiredis.so.1.0.0
 libjansson.so.4
 liblz4.so.1
 libm.so.6
 libmagic.so.1
+libmaxminddb.so.0
+libnetfilter_queue.so.1
+libnfnetlink.so.0
 libpcap.so.1
 libpcre2-8.so.0
 libyaml-0.so.2

packages/s/suricata/abi_used_symbols

@@ -1,4 +1,24 @@
 ld-linux-x86-64.so.2:__tls_get_addr
+libbpf.so.1:bpf_map__fd
+libbpf.so.1:bpf_map__name
+libbpf.so.1:bpf_map__set_ifindex
+libbpf.so.1:bpf_map_delete_elem
+libbpf.so.1:bpf_map_get_next_key
+libbpf.so.1:bpf_map_lookup_elem
+libbpf.so.1:bpf_map_update_elem
+libbpf.so.1:bpf_obj_get
+libbpf.so.1:bpf_obj_pin
+libbpf.so.1:bpf_object__load
+libbpf.so.1:bpf_object__next_map
+libbpf.so.1:bpf_object__next_program
+libbpf.so.1:bpf_object__open
+libbpf.so.1:bpf_program__fd
+libbpf.so.1:bpf_program__section_name
+libbpf.so.1:bpf_program__set_ifindex
+libbpf.so.1:bpf_program__set_type
+libbpf.so.1:bpf_xdp_attach
+libbpf.so.1:libbpf_get_error
+libbpf.so.1:libbpf_strerror
 libc.so.6:__assert_fail
 libc.so.6:__ctype_b_loc
 libc.so.6:__ctype_tolower_loc
@@ -108,6 +128,7 @@ libc.so.6:getc
 libc.so.6:getcwd
 libc.so.6:getenv
 libc.so.6:getgrnam
+libc.so.6:gethostname
 libc.so.6:getopt_long
 libc.so.6:getpagesize
 libc.so.6:getpeername
@@ -127,6 +148,7 @@ libc.so.6:glob
 libc.so.6:globfree
 libc.so.6:gmtime_r
 libc.so.6:gnu_get_libc_version
+libc.so.6:if_nametoindex
 libc.so.6:inet_addr
 libc.so.6:inet_ntop
 libc.so.6:inet_pton
@@ -266,6 +288,7 @@ libc.so.6:sigaction
 libc.so.6:sigaddset
 libc.so.6:sigaltstack
 libc.so.6:sigemptyset
+libc.so.6:sigfillset
 libc.so.6:signal
 libc.so.6:sleep
 libc.so.6:snprintf
@@ -337,6 +360,13 @@ libgcc_s.so.1:_Unwind_RaiseException
 libgcc_s.so.1:_Unwind_Resume
 libgcc_s.so.1:_Unwind_SetGR
 libgcc_s.so.1:_Unwind_SetIP
+libhiredis.so.1.0.0:freeReplyObject
+libhiredis.so.1.0.0:redisAppendCommand
+libhiredis.so.1.0.0:redisCommand
+libhiredis.so.1.0.0:redisConnect
+libhiredis.so.1.0.0:redisConnectUnix
+libhiredis.so.1.0.0:redisFree
+libhiredis.so.1.0.0:redisGetReply
 libjansson.so.4:json_array
 libjansson.so.4:json_array_append_new
 libjansson.so.4:json_array_get
@@ -389,6 +419,34 @@ libmagic.so.1:magic_close
 libmagic.so.1:magic_error
 libmagic.so.1:magic_load
 libmagic.so.1:magic_open
+libmaxminddb.so.0:MMDB_close
+libmaxminddb.so.0:MMDB_get_value
+libmaxminddb.so.0:MMDB_lookup_sockaddr
+libmaxminddb.so.0:MMDB_open
+libmaxminddb.so.0:MMDB_strerror
+libnetfilter_queue.so.1:nfq_bind_pf
+libnetfilter_queue.so.1:nfq_close
+libnetfilter_queue.so.1:nfq_create_queue
+libnetfilter_queue.so.1:nfq_destroy_queue
+libnetfilter_queue.so.1:nfq_get_indev
+libnetfilter_queue.so.1:nfq_get_msg_packet_hdr
+libnetfilter_queue.so.1:nfq_get_nfmark
+libnetfilter_queue.so.1:nfq_get_outdev
+libnetfilter_queue.so.1:nfq_get_payload
+libnetfilter_queue.so.1:nfq_get_timestamp
+libnetfilter_queue.so.1:nfq_handle_packet
+libnetfilter_queue.so.1:nfq_nfnlh
+libnetfilter_queue.so.1:nfq_open
+libnetfilter_queue.so.1:nfq_set_mode
+libnetfilter_queue.so.1:nfq_set_queue_flags
+libnetfilter_queue.so.1:nfq_set_queue_maxlen
+libnetfilter_queue.so.1:nfq_set_verdict
+libnetfilter_queue.so.1:nfq_set_verdict2
+libnetfilter_queue.so.1:nfq_set_verdict_batch
+libnetfilter_queue.so.1:nfq_set_verdict_batch2
+libnetfilter_queue.so.1:nfq_unbind_pf
+libnfnetlink.so.0:nfnl_fd
+libnfnetlink.so.0:nfnl_rcvbufsiz
 libpcap.so.1:pcap_activate
 libpcap.so.1:pcap_breakloop
 libpcap.so.1:pcap_close

packages/s/suricata/files/0001-Implement-stateless-config.patch

@@ -0,0 +1,61 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Evan Maddock <maddock.evan@vivaldi.net>
+Date: Fri, 17 Oct 2025 15:20:23 -0400
+Subject: [PATCH 1/5] Implement stateless config
+
+Signed-off-by: Evan Maddock <maddock.evan@vivaldi.net>
+---
+ src/suricata.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/src/suricata.c b/src/suricata.c
+index f7b62c9dd..732f2160d 100644
+--- a/src/suricata.c
++++ b/src/suricata.c
+@@ -150,6 +150,8 @@
+ #include "win32-syscall.h"
+ #endif
+
++#include <unistd.h>
++
+ /*
+  * we put this here, because we only use it here in main.
+  */
+@@ -1018,6 +1020,9 @@ TmEcode SCLoadYamlConfig(void)
+     if (suri->conf_filename == NULL)
+         suri->conf_filename = DEFAULT_CONF_FILE;
+
++    if (access("/etc/suricata/suricata.yaml", F_OK) == 0)
++        suri->conf_filename = "/etc/suricata/suricata.yaml";
++
+     if (SCConfYamlLoadFile(suri->conf_filename) != 0) {
+         /* Error already displayed. */
+         SCReturnInt(TM_ECODE_FAILED);
+@@ -2397,13 +2402,25 @@ int SCStartInternalRunMode(int argc, char **argv)
+             if (suri->conf_filename != NULL) {
+                 return ListAppLayerProtocols(suri->conf_filename);
+             } else {
+-                return ListAppLayerProtocols(DEFAULT_CONF_FILE);
++                const char *conf_file = NULL;
++                if (access("/etc/suricata/suricata.yaml", F_OK) == 0)
++                    conf_file = "/etc/suricata/suricata.yaml";
++                else
++                    conf_file = DEFAULT_CONF_FILE;
++
++                return ListAppLayerProtocols(conf_file);
+             }
+         case RUNMODE_LIST_APP_LAYER_HOOKS:
+             if (suri->conf_filename != NULL) {
+                 return ListAppLayerHooks(suri->conf_filename);
+             } else {
+-                return ListAppLayerHooks(DEFAULT_CONF_FILE);
++                const char *conf_file = NULL;
++                if (access("/etc/suricata/suricata.yaml", F_OK) == 0)
++                    conf_file = "/etc/suricata/suricata.yaml";
++                else
++                    conf_file = DEFAULT_CONF_FILE;
++
++                return ListAppLayerHooks(conf_file);
+             }
+         case RUNMODE_PRINT_VERSION:
+             PrintVersion();

packages/s/suricata/files/0002-Implement-stateless-classification-config.patch

@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Evan Maddock <maddock.evan@vivaldi.net>
+Date: Fri, 17 Oct 2025 15:32:33 -0400
+Subject: [PATCH 2/5] Implement stateless classification config
+
+Signed-off-by: Evan Maddock <maddock.evan@vivaldi.net>
+---
+ src/util-classification-config.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/util-classification-config.c b/src/util-classification-config.c
+index d7f4e9cc8..154fa997f 100644
+--- a/src/util-classification-config.c
++++ b/src/util-classification-config.c
+@@ -36,6 +36,8 @@
+ #include "util-fmemopen.h"
+ #include "util-byte.h"
+
++#include <unistd.h>
++
+ /* Regex to parse the classtype argument from a Signature.  The first substring
+  * holds the classtype name, the second substring holds the classtype the
+  * classtype description, and the third argument holds the priority */
+@@ -162,12 +164,18 @@ static const char *SCClassConfGetConfFilename(const DetectEngineCtx *de_ctx)
+          * fails. */
+         if (SCConfGet(config_value, &log_filename) != 1) {
+             if (SCConfGet("classification-file", &log_filename) != 1) {
+-                log_filename = (char *)SC_CLASS_CONF_DEF_CONF_FILEPATH;
++                if (access("/etc/suricata/classification.config", F_OK) == 0)
++                    log_filename = "/etc/suricata/classification.config";
++                else
++                    log_filename = (char *)SC_CLASS_CONF_DEF_CONF_FILEPATH;
+             }
+         }
+     } else {
+         if (SCConfGet("classification-file", &log_filename) != 1) {
+-            log_filename = (char *)SC_CLASS_CONF_DEF_CONF_FILEPATH;
++            if (access("/etc/suricata/classification.config", F_OK) == 0)
++                log_filename = "/etc/suricata/classification.config";
++            else
++                log_filename = (char *)SC_CLASS_CONF_DEF_CONF_FILEPATH;
+         }
+     }
+

packages/s/suricata/files/0003-Implement-stateless-reference-config.patch

@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Evan Maddock <maddock.evan@vivaldi.net>
+Date: Fri, 17 Oct 2025 15:36:38 -0400
+Subject: [PATCH 3/5] Implement stateless reference config
+
+Signed-off-by: Evan Maddock <maddock.evan@vivaldi.net>
+---
+ src/util-reference-config.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/util-reference-config.c b/src/util-reference-config.c
+index 677a891c3..625b1cb80 100644
+--- a/src/util-reference-config.c
++++ b/src/util-reference-config.c
+@@ -32,6 +32,8 @@
+ #include "util-debug.h"
+ #include "util-fmemopen.h"
+
++#include <unistd.h>
++
+ /* Regex to parse each line from reference.config file.  The first substring
+  * is for the system name and the second for the url */
+ /*-----------------------------------------------------------system-------------------url----*/
+@@ -152,12 +154,18 @@ static const char *SCRConfGetConfFilename(const DetectEngineCtx *de_ctx)
+          * fails. */
+         if (SCConfGet(config_value, &path) != 1) {
+             if (SCConfGet("reference-config-file", &path) != 1) {
+-                return (char *)SC_RCONF_DEFAULT_FILE_PATH;
++                if (access("/etc/suricata/reference.config", F_OK) == 0)
++                    return "/etc/suricata/reference.config";
++                else
++                    return (char *)SC_RCONF_DEFAULT_FILE_PATH;
+             }
+         }
+     } else {
+         if (SCConfGet("reference-config-file", &path) != 1) {
+-            return (char *)SC_RCONF_DEFAULT_FILE_PATH;
++            if (access("/etc/suricata/reference.config", F_OK) == 0)
++                return "/etc/suricata/reference.config";
++            else
++                return (char *)SC_RCONF_DEFAULT_FILE_PATH;
+         }
+     }
+     return path;

packages/s/suricata/files/0004-Implement-stateless-threshold-config.patch

@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Evan Maddock <maddock.evan@vivaldi.net>
+Date: Fri, 17 Oct 2025 15:40:03 -0400
+Subject: [PATCH 4/5] Implement stateless threshold config
+
+Signed-off-by: Evan Maddock <maddock.evan@vivaldi.net>
+---
+ src/util-threshold-config.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c
+index e665d1ca9..63a8a2843 100644
+--- a/src/util-threshold-config.c
++++ b/src/util-threshold-config.c
+@@ -51,6 +51,8 @@
+ #include "util-debug.h"
+ #include "util-fmemopen.h"
+
++#include <unistd.h>
++
+ typedef enum ThresholdRuleType {
+     THRESHOLD_TYPE_EVENT_FILTER,
+     THRESHOLD_TYPE_THRESHOLD,
+@@ -141,12 +143,18 @@ static const char *SCThresholdConfGetConfFilename(const DetectEngineCtx *de_ctx)
+          * fails. */
+         if (SCConfGet(config_value, &log_filename) != 1) {
+             if (SCConfGet("threshold-file", &log_filename) != 1) {
+-                log_filename = (char *)THRESHOLD_CONF_DEF_CONF_FILEPATH;
++                if (access("/etc/suricata/threshold.config", F_OK) == 0)
++                    log_filename = "/etc/suricata/threshold.config";
++                else
++                    log_filename = (char *)THRESHOLD_CONF_DEF_CONF_FILEPATH;
+             }
+         }
+     } else {
+         if (SCConfGet("threshold-file", &log_filename) != 1) {
+-            log_filename = (char *)THRESHOLD_CONF_DEF_CONF_FILEPATH;
++            if (access("/etc/suricata/threshold.config", F_OK) == 0)
++                log_filename = "/etc/suricata/threshold.config";
++            else
++                log_filename = (char *)THRESHOLD_CONF_DEF_CONF_FILEPATH;
+         }
+     }
+     return log_filename;

packages/s/suricata/files/0005-Fix-service-file-for-Solus.patch

@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Evan Maddock <maddock.evan@vivaldi.net>
+Date: Fri, 17 Oct 2025 20:05:02 -0400
+Subject: [PATCH 5/5] Fix service file for Solus
+
+Signed-off-by: Evan Maddock <maddock.evan@vivaldi.net>
+---
+ etc/suricata.service.in | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/etc/suricata.service.in b/etc/suricata.service.in
+index cce1baad6..46a521049 100644
+--- a/etc/suricata.service.in
++++ b/etc/suricata.service.in
+@@ -1,16 +1,23 @@
+ # Sample Suricata systemd unit file.
+ [Unit]
+ Description=Suricata Intrusion Detection Service
+-After=syslog.target network-online.target
++After=syslog.target network-online.target systemd-tmpfiles-setup.service
++Documentation=man:suricata(1)
+
+ [Service]
+ # Environment file to pick up $OPTIONS. On Fedora/EL this would be
+ # /etc/sysconfig/suricata, or on Debian/Ubuntu, /etc/default/suricata.
+-#EnvironmentFile=-/etc/sysconfig/suricata
++EnvironmentFile=-/etc/sysconfig/suricata
+ #EnvironmentFile=-/etc/default/suricata
+-ExecStartPre=/bin/rm -f @e_rundir@suricata.pid
+-ExecStart=/sbin/suricata -c @e_sysconfdir@suricata.yaml --pidfile @e_rundir@suricata.pid $OPTIONS
+-ExecReload=/bin/kill -USR2 $MAINPID
++ExecStartPre=/usr/bin/rm -f @e_rundir@suricata.pid
++ExecStart=/usr/bin/suricata -c @e_sysconfdir@suricata.yaml --pidfile @e_rundir@suricata.pid $OPTIONS
++ExecReload=/usr/bin/kill -USR2 $MAINPID
++
++# Security settings
++MemoryDenyWriteExecute=true
++LockPersonality=true
++ProtectControlGroups=true
++ProtectKernelModules=true
+
+ [Install]
+ WantedBy=multi-user.target

packages/s/suricata/files/suricata-5.0.4-geolite-path-fixup.patch

@@ -0,0 +1,12 @@
+diff -urp suricata-5.0.4.orig/suricata.yaml.in suricata-5.0.4/suricata.yaml.in
+--- suricata-5.0.4.orig/suricata.yaml.in	2020-10-07 17:01:44.000000000 -0400
++++ suricata-5.0.4/suricata.yaml.in	2020-10-15 12:07:08.731747692 -0400
+@@ -1062,7 +1062,7 @@ unix-command:
+
+ # GeoIP2 database file. Specify path and filename of GeoIP2 database
+ # if using rules with "geoip" rule option.
+-#geoip-database: /usr/local/share/GeoLite2/GeoLite2-Country.mmdb
++#geoip-database: /usr/share/GeoIP/GeoLite2-Country.mmdb
+
+ legacy:
+   uricontent: enabled

packages/s/suricata/files/suricata-6.0.3-log-path-fixup.patch

@@ -0,0 +1,23 @@
+diff -urp suricata-6.0.3.orig/configure.ac suricata-6.0.3/configure.ac
+--- suricata-6.0.3.orig/configure.ac	2021-06-30 12:24:47.000000000 -0400
++++ suricata-6.0.3/configure.ac	2021-07-01 13:19:04.292513777 -0400
+@@ -2752,7 +2752,7 @@ if test "$WINDOWS_PATH" = "yes"; then
+         e_rustdir="$e_abs_srcdir/rust"
+     fi
+ else
+-    EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/")
++    EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata")
+     EXPAND_VARIABLE(localstatedir, e_rundir, "/run/")
+     EXPAND_VARIABLE(localstatedir, e_logfilesdir, "/log/suricata/files")
+     EXPAND_VARIABLE(localstatedir, e_logcertsdir, "/log/suricata/certs")
+Only in suricata-6.0.3: configure.ac.orig
+diff -urp suricata-6.0.3.orig/etc/suricata.logrotate.in suricata-6.0.3/etc/suricata.logrotate.in
+--- suricata-6.0.3.orig/etc/suricata.logrotate.in	2021-06-30 12:19:54.000000000 -0400
++++ suricata-6.0.3/etc/suricata.logrotate.in	2021-07-01 13:19:44.455509467 -0400
+@@ -1,5 +1,5 @@
+ # Sample /etc/logrotate.d/suricata configuration file.
+-@e_logdir@*.log @e_logdir@*.json {
++@e_logdir@/*.log @e_logdir@/*.json {
+     daily
+     missingok
+     rotate 5

packages/s/suricata/files/suricata.sysusers

@@ -0,0 +1 @@
+u suricata - - - -

packages/s/suricata/files/suricata.tmpfiles

@@ -1 +1,3 @@
-d /run/suricata 0755 root root -
+d /run/suricata 0755 suricata suricata -
+d /var/lib/suricata 0755 suricata suricata -
+d /var/log/suricata 0755 suricata suricata -