Project

General

Profile

Actions

Bug #4347

closed

--with-sysroot and/or --with-pcap-xxxx flags fail to find pcap.h

Added by Donald Hoskins about 3 years ago. Updated about 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Building inside the OpenWrt buildsystem with --with-sysroot= and --with-libpcap-includes/--with-libpcap-libraries, fails to find the pcap.h file.

grommish@DESKTOP-N35LRJ4:~/openwrt/staging_dir/target-mips64_octeonplus_64_musl$ find ./* -name libpcap*
./usr/lib/libpcap.a
./usr/lib/libpcap.so.1
./usr/lib/libpcap.so.1.9.1
./usr/lib/libpcap.so
grommish@DESKTOP-N35LRJ4:~/openwrt/staging_dir/target-mips64_octeonplus_64_musl$ find ./* -name pcap.h
./usr/include/pcap/pcap.h
./usr/include/pcap.h

Invoked with the following:

CARGO_HOME=/home/grommish/openwrt/staging_dir/hostpkg ac_cv_path_CARGO="/home/grommish/openwrt/staging_dir/hostpkg/bin/cargo" ac_cv_path_RUSTC="/home/grommish/openwrt/staging_dir/hostpkg/bin/rustc"  ./configure --target=mips64-openwrt-linux --host=mips64-openwrt-linux --build=x86_64-pc-linux-gnu --program-prefix="" --program-suffix="" --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls  --prefix="/usr" --sysconfdir="/etc" --localstatedir="/var" --with-sysroot="/home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl" --with-libpcap-includes="/home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl/usr/include/pcap" --with-libpcap-libraries="/home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl/usr/lib" --enable-nfqueue --enable-af-packet --enable-unittests --enable-luajit --enable-geoip --enable-debug --enable-hiredis --enable-profiling --enable-profiling-locks --host=mips64-openwrt-linux-musl --build=x86_64-unknown-linux-gnu ; fi; )
configure: loading site script /home/grommish/openwrt/include/site/mips64
checking whether make supports nested variables... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for mips64-openwrt-linux-musl-strip... mips64-openwrt-linux-musl-strip
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether UID '1000' is supported by ustar format... yes
checking whether GID '1000' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking build system type... x86_64-unknown-linux-gnu
checking host system type... mips64-openwrt-linux-musl
checking how to print strings... printf
checking for style of include used by make... GNU
checking for mips64-openwrt-linux-musl-gcc... mips64-openwrt-linux-musl-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... yes
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether mips64-openwrt-linux-musl-gcc accepts -g... yes
checking for mips64-openwrt-linux-musl-gcc option to accept ISO C89... none needed
checking whether mips64-openwrt-linux-musl-gcc understands -c and -o together... yes
checking dependency style of mips64-openwrt-linux-musl-gcc... gcc3
checking for a sed that does not truncate output... /home/grommish/openwrt/staging_dir/host/bin/sed
checking for grep that handles long lines and -e... /home/grommish/openwrt/staging_dir/host/bin/grep
checking for egrep... /home/grommish/openwrt/staging_dir/host/bin/grep -E
checking for fgrep... /home/grommish/openwrt/staging_dir/host/bin/grep -F
checking for ld used by mips64-openwrt-linux-musl-gcc... mips64-openwrt-linux-musl-ld
checking if the linker (mips64-openwrt-linux-musl-ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... mips64-openwrt-linux-musl-gcc-nm
checking the name lister (mips64-openwrt-linux-musl-gcc-nm) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to mips64-openwrt-linux-musl format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for mips64-openwrt-linux-musl-ld option to reload object files... -r
checking for mips64-openwrt-linux-musl-objdump... mips64-openwrt-linux-musl-objdump
checking how to recognize dependent libraries... pass_all
checking for mips64-openwrt-linux-musl-dlltool... no
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for mips64-openwrt-linux-musl-ar... mips64-openwrt-linux-musl-gcc-ar
checking for archiver @FILE support... @
checking for mips64-openwrt-linux-musl-strip... (cached) mips64-openwrt-linux-musl-strip
checking for mips64-openwrt-linux-musl-ranlib... mips64-openwrt-linux-musl-gcc-ranlib
checking command to parse mips64-openwrt-linux-musl-gcc-nm output from mips64-openwrt-linux-musl-gcc object... ok
checking for sysroot... /home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl
checking for mips64-openwrt-linux-musl-mt... no
checking for mt... mt
configure: WARNING: using cross tools not prefixed with host triplet
checking if mt is a manifest tool... no
checking how to run the C preprocessor... mips64-openwrt-linux-musl-gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if mips64-openwrt-linux-musl-gcc supports -fno-rtti -fno-exceptions... no
checking for mips64-openwrt-linux-musl-gcc option to produce PIC... -fPIC -DPIC
checking if mips64-openwrt-linux-musl-gcc PIC flag -fPIC -DPIC works... yes
checking if mips64-openwrt-linux-musl-gcc static flag -static works... yes
checking if mips64-openwrt-linux-musl-gcc supports -c -o file.o... yes
checking if mips64-openwrt-linux-musl-gcc supports -c -o file.o... (cached) yes
checking whether the mips64-openwrt-linux-musl-gcc linker (mips64-openwrt-linux-musl-ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking pkg-config is at least version 0.9.0... yes
checking whether GCC or Clang is our compiler... gcc
checking for clang... no
checking gcc version... 10.2.0
checking for gawk... (cached) gawk
checking for mips64-openwrt-linux-musl-gcc... (cached) mips64-openwrt-linux-musl-gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether mips64-openwrt-linux-musl-gcc accepts -g... (cached) yes
checking for mips64-openwrt-linux-musl-gcc option to accept ISO C89... (cached) none needed
checking whether mips64-openwrt-linux-musl-gcc understands -c and -o together... (cached) yes
checking dependency style of mips64-openwrt-linux-musl-gcc... (cached) gcc3
checking how to run the C preprocessor... mips64-openwrt-linux-musl-gcc -E
checking for mips64-openwrt-linux-musl-ranlib... (cached) mips64-openwrt-linux-musl-gcc-ranlib
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for grep that handles long lines and -e... (cached) /home/grommish/openwrt/staging_dir/host/bin/grep
checking for cygpath... no
checking for pkg-config... /home/grommish/openwrt/staging_dir/host/bin/pkg-config
checking for python3... /home/grommish/openwrt/staging_dir/hostpkg/bin/python3
checking for python-distutils... yes
checking for python-yaml... no
checking for wget... /home/grommish/openwrt/staging_dir/host/bin/wget
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking assert.h usability... yes
checking assert.h presence... yes
checking for assert.h... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking for inttypes.h... (cached) yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking poll.h usability... yes
checking poll.h presence... yes
checking for poll.h... yes
checking sched.h usability... yes
checking sched.h presence... yes
checking for sched.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking stdarg.h usability... yes
checking stdarg.h presence... yes
checking for stdarg.h... yes
checking for stdint.h... (cached) yes
checking stdio.h usability... yes
checking stdio.h presence... yes
checking for stdio.h... yes
checking for stdlib.h... (cached) yes
checking stdbool.h usability... yes
checking stdbool.h presence... yes
checking for stdbool.h... yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking sys/prctl.h usability... yes
checking sys/prctl.h presence... yes
checking for sys/prctl.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking for sys/stat.h... (cached) yes
checking sys/syscall.h usability... yes
checking sys/syscall.h presence... yes
checking for sys/syscall.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking time.h usability... yes
checking time.h presence... yes
checking for time.h... yes
checking for unistd.h... (cached) yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking for sys/ioctl.h... (cached) yes
checking linux/if_ether.h usability... yes
checking linux/if_ether.h presence... yes
checking for linux/if_ether.h... yes
checking linux/if_packet.h usability... yes
checking linux/if_packet.h presence... yes
checking for linux/if_packet.h... yes
checking linux/filter.h usability... yes
checking linux/filter.h presence... yes
checking for linux/filter.h... yes
checking linux/ethtool.h usability... yes
checking linux/ethtool.h presence... yes
checking for linux/ethtool.h... yes
checking linux/sockios.h usability... yes
checking linux/sockios.h presence... yes
checking for linux/sockios.h... yes
checking glob.h usability... yes
checking glob.h presence... yes
checking for glob.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking pwd.h usability... yes
checking pwd.h presence... yes
checking for pwd.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking fnmatch.h usability... yes
checking fnmatch.h presence... yes
checking for fnmatch.h... yes
checking sys/resource.h usability... yes
checking sys/resource.h presence... yes
checking for sys/resource.h... yes
checking for sys/types.h... (cached) yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/random.h usability... yes
checking sys/random.h presence... yes
checking for sys/random.h... yes
checking utime.h usability... yes
checking utime.h presence... yes
checking for utime.h... yes
checking libgen.h usability... yes
checking libgen.h presence... yes
checking for libgen.h... yes
checking mach/mach.h usability... no
checking mach/mach.h presence... no
checking for mach/mach.h... no
checking stdatomic.h usability... yes
checking stdatomic.h presence... yes
checking for stdatomic.h... yes
checking for sys/socket.h... (cached) yes
checking for net/if.h... yes
checking for sys/mman.h... yes
checking for linux/if_arp.h... yes
checking for windows.h... no
checking for winsock2.h... no
checking for ws2tcpip.h... no
checking for w32api/wtypes.h... no
checking for w32api/winbase.h... no
checking for wincrypt.h... no
checking for inline... inline
checking for C/C++ restrict keyword... __restrict
checking for pid_t... yes
checking for mode_t... yes
checking for size_t... yes
checking for ssize_t... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for u_int... yes
checking for u_short... yes
checking for u_long... yes
checking for u_char... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for struct tm.tm_zone... yes
checking for ptrdiff_t... yes
checking for stdbool.h that conforms to C99... (cached) yes
checking for _Bool... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... (cached) yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible realloc... (cached) yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... cross
configure: WARNING: result yes guessed because of cross compilation
checking for working vfork... (cached) yes
checking whether time.h and sys/time.h may both be included... yes
checking for sys/time.h... (cached) yes
checking for unistd.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for sys/param.h... (cached) yes
checking for alarm... yes
checking for working mktime... no
checking for getpagesize... yes
checking for working mmap... no
checking for working strtod... no
checking for pow... yes
checking for memmem... yes
checking for memset... yes
checking for memchr... yes
checking for memrchr... yes
checking for memmove... yes
checking for strcasecmp... yes
checking for strchr... yes
checking for strrchr... yes
checking for strdup... yes
checking for strndup... yes
checking for strncasecmp... yes
checking for strtol... yes
checking for strtoul... yes
checking for strstr... yes
checking for strpbrk... yes
checking for strtoull... yes
checking for strtoumax... yes
checking for strerror... (cached) yes
checking for gethostname... yes
checking for inet_ntoa... yes
checking for uname... yes
checking for gettimeofday... (cached) yes
checking for clock_gettime... yes
checking for utime... yes
checking for strptime... yes
checking for tzset... yes
checking for localtime_r... yes
checking for socket... yes
checking for setenv... yes
checking for select... yes
checking for putenv... yes
checking for dup2... yes
checking for endgrent... yes
checking for endpwent... yes
checking for atexit... yes
checking for munmap... yes
checking for fwrite_unlocked... yes
checking whether getrandom is declared... yes
checking for strlcpy... yes
checking for strlcat... yes
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking host os... installation for mips64-openwrt-linux-musl OS... ok
checking for c11 support... yes
checking for thread local storage gnu __thread support... yes
checking for dlfcn.h... (cached) yes
checking for plugin support... yes
checking checking if mips64-openwrt-linux-musl-gcc supports -march=native... no
checking for spatch... no
checking zlib.h usability... yes
checking zlib.h presence... yes
checking for zlib.h... yes
checking for inflate in -lz... yes
checking pcre.h usability... yes
checking pcre.h presence... yes
checking for pcre.h... yes
checking for pcre_get_substring in -lpcre... yes
checking for LIBPCREVERSION... no
checking for pcre_dfa_exec in -lpcre... yes
checking for PCRE JIT support... yes
checking for PCRE JIT support usability... yes
checking for PCRE JIT exec availability... no
checking for libhs... no
checking hs.h usability... no
checking hs.h presence... no
checking for hs.h... no
checking yaml.h usability... yes
checking yaml.h presence... yes
checking for yaml.h... yes
checking for yaml_parser_initialize in -lyaml... yes
checking for pthread_create in -lpthread... yes
checking for pthread_spin_unlock... yes
checking jansson.h usability... yes
checking jansson.h presence... yes
checking for jansson.h... yes
checking for json_dump_callback in -ljansson... yes
checking for libnetfilter_queue... yes
checking for nfnl_fd in -lnfnetlink... yes
checking for libnetfilter_queue/libnetfilter_queue.h... yes
checking for nfq_open in -lnetfilter_queue... yes
checking for nfq_set_queue_maxlen in -lnetfilter_queue... yes
checking for nfq_set_verdict2 in -lnetfilter_queue... yes
checking for nfq_set_queue_flags in -lnetfilter_queue... yes
checking for nfq_set_verdict_batch in -lnetfilter_queue... yes
checking for signed nfq_get_payload payload argument... no
checking whether OS_WIN32 is declared... no
checking for libnet.h version 1.1.x... no
checking for pcap.h... no
configure: error: pcap.h not found ...

Files

config.log (461 KB) config.log Donald Hoskins, 02/22/2021 07:48 PM
Actions #1

Updated by Donald Hoskins about 3 years ago

Built 6.0.1 from git-source, HEADER e860b9eee96cb112a45151237d4b23fd0a9efb22

Actions #2

Updated by Victor Julien about 3 years ago

Can you attach your config.log?

Actions #3

Updated by Donald Hoskins about 3 years ago

Attached.

Actions #4

Updated by Jeff Lucovsky about 3 years ago

I think the answer is in your config.log

Look at lines 4933 - 5046. There you'll see that u_int, u_char, u_short are unknown.

Actions #5

Updated by Donald Hoskins about 3 years ago

Jeff Lucovsky wrote in #note-4:

I think the answer is in your config.log

Look at lines 4933 - 5046. There you'll see that u_int, u_char, u_short are unknown.

I think it's safe to say this can be closed. While the error is misleading, it doesn't have to do with Suricata :) (which is great).

For whatever reason, OpenWrt's buildroot/usr/include/pcap.h is just an empty file with #<include/pcap.h>, which is great unless you don't have libpcap-dev installed. This is an OpenWrt-based issue.

Actions #6

Updated by Donald Hoskins about 3 years ago

In looking at the log more @Jeff Williams Lucovsky, I see that earlier in the configuration script, it finds:

checking for u_int... yes
checking for u_short... yes
checking for u_long... yes
configure:16715: mipsel-openwrt-linux-musl-gcc -c -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves >In file included from /home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/include/pcap/pcap.h:133,
                 from /home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/include/pcap.h:43,
                 from conftest.c:159:

config.log:configure:16715: mipsel-openwrt-linux-musl-gcc -c -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -fmacro-prefix-map=/home/grommish/openwrt/build_dir/target-mipsel_24kc_musl/suricata-6.0.2=suricata-6.0.2 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libiconv-stub/include -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libintl-stub/include -std=c11 -I/home/grommish/openwrt/staging_dir/toolchain-mipsel_24kc_gcc-10.2.0_musl/usr/include -I/home/grommish/openwrt/staging_dir/toolchain-mipsel_24kc_gcc-10.2.0_musl/include/fortify -I/home/grommish/openwrt/staging_dir/toolchain-mipsel_24kc_gcc-10.2.0_musl/include -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libiconv-stub/include -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libintl-stub/include conftest.c >&5

conftest.c is what is having issues.  Is this internal autoconfig?  Should there be an include that the build system isn't putting in?  OpenWrt is using the libpcap 1.10.0 in the buildroot.  This wouldn't be an issue, would it (it was released Dec 2020).

Actions #7

Updated by Donald Hoskins about 3 years ago

Figured it out!

Required

TARGET_CFLAGS += -D_GNU_SOURCE
TARGET_CXXFLAGS += -latomic
TARGET_LDFLAGS += -latomic

Up and running on a Edgerouter 10X (mipsel 24kc) :)

Actions #8

Updated by Donald Hoskins about 3 years ago

21/3/2021 -- 08:53:08 - <Notice> - This is Suricata version 6.0.2 RELEASE running in SYSTEM mode
21/3/2021 -- 08:53:08 - <Info> - CPUs/cores online: 4
21/3/2021 -- 08:53:08 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32516 and 'request-body-inspect-window' set to 4267 after randomization.
21/3/2021 -- 08:53:08 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 41679 and 'response-body-inspect-window' set to 16808 after randomization.
21/3/2021 -- 08:53:08 - <Config> - SMB stream depth: 0
21/3/2021 -- 08:53:08 - <Config> - Protocol detection and parser disabled for modbus protocol.
21/3/2021 -- 08:53:08 - <Config> - Protocol detection and parser disabled for enip protocol.
21/3/2021 -- 08:53:08 - <Config> - Protocol detection and parser disabled for DNP3.
21/3/2021 -- 08:53:08 - <Info> - Found an MTU of 1500 for 'eth0'
21/3/2021 -- 08:53:08 - <Info> - Found an MTU of 1500 for 'eth0'
21/3/2021 -- 08:53:08 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/3/2021 -- 08:53:08 - <Config> - preallocated 1000 hosts of size 84
21/3/2021 -- 08:53:08 - <Config> - host memory usage: 346144 bytes, maximum: 33554432
21/3/2021 -- 08:53:08 - <Config> - Core dump size set to unlimited.
21/3/2021 -- 08:53:08 - <Config> - allocated 2097152 bytes of memory for the defrag hash... 65536 buckets of size 32
21/3/2021 -- 08:53:09 - <Config> - preallocated 65535 defrag trackers of size 116
21/3/2021 -- 08:53:09 - <Config> - defrag memory usage: 9699212 bytes, maximum: 33554432
21/3/2021 -- 08:53:09 - <Config> - flow size 228, memcap allows for 588674 flows. Per hash row in perfect conditions 8
21/3/2021 -- 08:53:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/3/2021 -- 08:53:09 - <Config> - stream "memcap": 67108864
21/3/2021 -- 08:53:09 - <Config> - stream "midstream" session pickups: disabled
21/3/2021 -- 08:53:09 - <Config> - stream "async-oneside": disabled
21/3/2021 -- 08:53:09 - <Config> - stream "checksum-validation": enabled
21/3/2021 -- 08:53:09 - <Config> - stream."inline": disabled
21/3/2021 -- 08:53:09 - <Config> - stream "bypass": disabled
21/3/2021 -- 08:53:09 - <Config> - stream "max-synack-queued": 5
21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "memcap": 268435456
21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "depth": 1048576
21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "toserver-chunk-size": 2562
21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "toclient-chunk-size": 2606
21/3/2021 -- 08:53:09 - <Config> - stream.reassembly.raw: enabled
21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "segment-prealloc": 2048
21/3/2021 -- 08:53:09 - <Info> - fast output device (regular) initialized: fast.log
21/3/2021 -- 08:53:09 - <Info> - eve-log output device (regular) initialized: eve.json
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'alert'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'anomaly'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'http'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'dns'
21/3/2021 -- 08:53:09 - <Config> - eve-log dns version not set, defaulting to version 2
21/3/2021 -- 08:53:09 - <Config> - eve-log dns version not set, defaulting to version 2
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'tls'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'files'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'smtp'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'ftp'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'rdp'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'nfs'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'smb'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'tftp'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'ikev2'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'dcerpc'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'krb5'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'snmp'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'rfb'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'sip'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'dhcp'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'ssh'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'mqtt'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'stats'
21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'flow'
21/3/2021 -- 08:53:09 - <Info> - stats output device (regular) initialized: stats.log
21/3/2021 -- 08:53:09 - <Config> - Delayed detect disabled
21/3/2021 -- 08:53:09 - <Info> - Running in live mode, activating unix socket
21/3/2021 -- 08:53:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/3/2021 -- 08:53:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/3/2021 -- 08:53:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/3/2021 -- 08:53:09 - <Config> - prefilter engines: MPM
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_uri
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_uri
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_request_line
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_client_body
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_response_line
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header_names
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header_names
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_accept
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_accept_enc
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_accept_lang
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_referer
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_connection
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_len
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_len
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_type
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_type
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http.server
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http.location
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_protocol
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_protocol
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_start
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_start
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_header
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_header
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_method
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_cookie
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_cookie
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_user_agent
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_host
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_host
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_stat_msg
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_stat_code
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header_name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header_name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dns_query
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dnp3_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dnp3_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.sni
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_issuer
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_subject
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_serial
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.certs
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3.hash
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3.string
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3s.hash
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3s.string
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for smb_named_pipe
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for smb_share
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.proto
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.proto
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh_software
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh_software
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh.server
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh.string
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for krb5_cname
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for krb5_sname
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.method
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.uri
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.protocol
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.protocol
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.method
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.stat_msg
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.request_line
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.response_line
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for rfb.name
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for snmp.community
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for snmp.community
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.username
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.password
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.publish.message
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for icmpv4.hdr
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tcp.hdr
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for udp.hdr
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for icmpv6.hdr
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ipv4.hdr
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ipv6.hdr
21/3/2021 -- 08:53:09 - <Config> - IP reputation disabled
21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/suricata.rules
21/3/2021 -- 08:53:09 - <Config> - No rules loaded from suricata.rules.
21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded!
21/3/2021 -- 08:53:09 - <Info> - Threshold config parsed: 0 rule(s) found
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tcp-packet
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tcp-stream
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for udp-packet
21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for other-ip
21/3/2021 -- 08:53:09 - <Info> - 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
21/3/2021 -- 08:53:09 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/3/2021 -- 08:53:09 - <Perf> - TCP toserver: 0 port groups, 0 unique SGH's, 0 copies
21/3/2021 -- 08:53:09 - <Perf> - TCP toclient: 0 port groups, 0 unique SGH's, 0 copies
21/3/2021 -- 08:53:09 - <Perf> - UDP toserver: 0 port groups, 0 unique SGH's, 0 copies
21/3/2021 -- 08:53:09 - <Perf> - UDP toclient: 0 port groups, 0 unique SGH's, 0 copies
21/3/2021 -- 08:53:09 - <Perf> - OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies
21/3/2021 -- 08:53:09 - <Perf> - OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies
21/3/2021 -- 08:53:09 - <Perf> - Unique rule groups: 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toserver TCP packet": 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toclient TCP packet": 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toserver TCP stream": 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toclient TCP stream": 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toserver UDP packet": 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toclient UDP packet": 0
21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "other IP packet": 0
21/3/2021 -- 08:53:09 - <Config> - Using flow cluster mode for AF_PACKET (iface eth0)
21/3/2021 -- 08:53:09 - <Config> - Using defrag kernel functionality for AF_PACKET (iface eth0)
21/3/2021 -- 08:53:09 - <Perf> - 4 cores, so using 4 threads
21/3/2021 -- 08:53:09 - <Perf> - Using 4 AF_PACKET threads for interface eth0
21/3/2021 -- 08:53:09 - <Perf> - eth0: disabling tso offloading
21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'eth0': Not supported (122)
21/3/2021 -- 08:53:09 - <Perf> - eth0: disabling sg offloading
21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'eth0': Not supported (122)
21/3/2021 -- 08:53:09 - <Config> - eth0: enabling zero copy mode by using data release call
21/3/2021 -- 08:53:09 - <Info> - Going to use 4 thread(s)
21/3/2021 -- 08:53:12 - <Config> - using 1 flow manager threads
21/3/2021 -- 08:53:12 - <Config> - using 1 flow recycler threads
21/3/2021 -- 08:53:12 - <Info> - Running in live mode, activating unix socket
21/3/2021 -- 08:53:12 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
21/3/2021 -- 08:53:12 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
21/3/2021 -- 08:53:12 - <Info> - All AFP capture threads are running.
Actions #9

Updated by Jason Ish about 3 years ago

  • Status changed from New to Rejected

Not a Suricata issue.

Actions

Also available in: Atom PDF