Bug #372
closedCygwin build needs escapes for interface argument
Description
In the Mingw build (a version or two ago) no escapes were needed to specify the network interface, but the cygwin builds require them when using the NIC UUID (not the IP). Actually even when using IP it "fails" at first, but somehow goes on:
USING THE IP ( -i 1.2.3.4 )
[4716] 10/11/2011 -- 16:13:42 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log [4716] 10/11/2011 -- 16:13:42 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log [4716] 10/11/2011 -- 16:13:42 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value [4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} [4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0
USING THE NIC UUID (-i \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} )
[5084] 10/11/2011 -- 16:17:05 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log [5084] 10/11/2011 -- 16:17:05 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log [5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A, using default value [4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A [4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0 [5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:226) <Info> (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:346) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:358) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:368) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:374) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:380) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disabled [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:397) <Info> (StreamTcpInitConfig) -- stream "checksum_validation": enabled [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:407) <Info> (StreamTcpInitConfig) -- stream."inline": disabled [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:416) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:426) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:449) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:451) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560 [4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:376) <Error> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error Error opening adapter: The system cannot find the device specified. (20) [5084] 10/11/2011 -- 16:17:05 - (tm-threads.c:1793) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "ReceivePcap" closed on initialization. [5084] 10/11/2011 -- 16:17:05 - (suricata.c:1551) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
You can see that the backslashes are missing as well as the curly braces, but escaping them again and it works, I guess this fails at first too... ( -i \\Device\\NPF_\{BF708D28-C021-405D-B63A-9B0DF8BB586A\} )
[3832] 10/11/2011 -- 16:19:20 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log [3832] 10/11/2011 -- 16:19:20 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log [3832] 10/11/2011 -- 16:19:20 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value [5996] 10/11/2011 -- 16:19:20 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}
Updated by Peter Manev about 13 years ago
"..Actually even when using IP it "fails" at first..." - on this particular part, it works fine with my tests (never fails).
Updated by Rich Rumble about 13 years ago
What I meant was:
[4716] 10/11/2011 -- 16:13:42 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value
Says unable to find the interface, then the very next line says it does find the interface, however the first "error" is in runmode-pcap.c and the non-error is from source-pcap.c. It could be expected, I just wanted to clarify what I meant about "failed"
[4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}
Updated by Victor Julien over 12 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 1.4
Updated by Victor Julien over 12 years ago
- Target version changed from 1.4 to 1.4beta3
Updated by Victor Julien about 12 years ago
- Target version changed from 1.4beta3 to 1.4rc1
Updated by Victor Julien about 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Shell removes the backslash, passing us the string without them.
Added a fix/workaround in commit:
commit 3ab1458abf29e2b84b82f6f0e6af0dd77c29389b Author: Victor Julien <victor@inliniac.net> Date: Thu Nov 22 17:56:31 2012 +0100 pcap: fix windows commandline mangling win device string