Project

General

Profile

Actions

Bug #372

closed

Cygwin build needs escapes for interface argument

Added by Rich Rumble about 11 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the Mingw build (a version or two ago) no escapes were needed to specify the network interface, but the cygwin builds require them when using the NIC UUID (not the IP). Actually even when using IP it "fails" at first, but somehow goes on:
USING THE IP ( -i 1.2.3.4 )

[4716] 10/11/2011 -- 16:13:42 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
[4716] 10/11/2011 -- 16:13:42 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
[4716] 10/11/2011 -- 16:13:42 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value
[4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}
[4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0

USING THE NIC UUID (-i \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} )

[5084] 10/11/2011 -- 16:17:05 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
[5084] 10/11/2011 -- 16:17:05 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
[5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A, using default value
[4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A
[4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0
[5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:226) <Info> (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:346) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:358) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:368) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:374) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:380) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:397) <Info> (StreamTcpInitConfig) -- stream "checksum_validation": enabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:407) <Info> (StreamTcpInitConfig) -- stream."inline": disabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:416) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:426) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:449) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:451) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560
[4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:376) <Error> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error Error opening adapter: The system cannot find the device specified. (20)
[5084] 10/11/2011 -- 16:17:05 - (tm-threads.c:1793) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "ReceivePcap" closed on initialization.
[5084] 10/11/2011 -- 16:17:05 - (suricata.c:1551) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...


You can see that the backslashes are missing as well as the curly braces, but escaping them again and it works, I guess this fails at first too... ( -i \\Device\\NPF_\{BF708D28-C021-405D-B63A-9B0DF8BB586A\} )
[3832] 10/11/2011 -- 16:19:20 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
[3832] 10/11/2011 -- 16:19:20 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
[3832] 10/11/2011 -- 16:19:20 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value
[5996] 10/11/2011 -- 16:19:20 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}

Actions #1

Updated by Peter Manev about 11 years ago

"..Actually even when using IP it "fails" at first..." - on this particular part, it works fine with my tests (never fails).

Actions #2

Updated by Rich Rumble about 11 years ago

What I meant was:
[4716] 10/11/2011 -- 16:13:42 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value

Says unable to find the interface, then the very next line says it does find the interface, however the first "error" is in runmode-pcap.c and the non-error is from source-pcap.c. It could be expected, I just wanted to clarify what I meant about "failed"

[4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}

Actions #3

Updated by Victor Julien over 10 years ago

  • Description updated (diff)
Actions #4

Updated by Victor Julien over 10 years ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 1.4
Actions #5

Updated by Victor Julien over 10 years ago

  • Target version changed from 1.4 to 1.4beta3
Actions #6

Updated by Victor Julien about 10 years ago

  • Target version changed from 1.4beta3 to 1.4rc1
Actions #7

Updated by Victor Julien about 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Shell removes the backslash, passing us the string without them.

Added a fix/workaround in commit:

commit 3ab1458abf29e2b84b82f6f0e6af0dd77c29389b
Author: Victor Julien <victor@inliniac.net>
Date:   Thu Nov 22 17:56:31 2012 +0100

    pcap: fix windows commandline mangling win device string

Actions

Also available in: Atom PDF