Actions
Bug #4347
closed--with-sysroot and/or --with-pcap-xxxx flags fail to find pcap.h
Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Building inside the OpenWrt buildsystem with --with-sysroot= and --with-libpcap-includes/--with-libpcap-libraries, fails to find the pcap.h file.
grommish@DESKTOP-N35LRJ4:~/openwrt/staging_dir/target-mips64_octeonplus_64_musl$ find ./* -name libpcap* ./usr/lib/libpcap.a ./usr/lib/libpcap.so.1 ./usr/lib/libpcap.so.1.9.1 ./usr/lib/libpcap.so
grommish@DESKTOP-N35LRJ4:~/openwrt/staging_dir/target-mips64_octeonplus_64_musl$ find ./* -name pcap.h ./usr/include/pcap/pcap.h ./usr/include/pcap.h
Invoked with the following:
CARGO_HOME=/home/grommish/openwrt/staging_dir/hostpkg ac_cv_path_CARGO="/home/grommish/openwrt/staging_dir/hostpkg/bin/cargo" ac_cv_path_RUSTC="/home/grommish/openwrt/staging_dir/hostpkg/bin/rustc" ./configure --target=mips64-openwrt-linux --host=mips64-openwrt-linux --build=x86_64-pc-linux-gnu --program-prefix="" --program-suffix="" --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls --prefix="/usr" --sysconfdir="/etc" --localstatedir="/var" --with-sysroot="/home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl" --with-libpcap-includes="/home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl/usr/include/pcap" --with-libpcap-libraries="/home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl/usr/lib" --enable-nfqueue --enable-af-packet --enable-unittests --enable-luajit --enable-geoip --enable-debug --enable-hiredis --enable-profiling --enable-profiling-locks --host=mips64-openwrt-linux-musl --build=x86_64-unknown-linux-gnu ; fi; ) configure: loading site script /home/grommish/openwrt/include/site/mips64 checking whether make supports nested variables... yes checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for mips64-openwrt-linux-musl-strip... mips64-openwrt-linux-musl-strip checking for a thread-safe mkdir -p... /usr/bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether UID '1000' is supported by ustar format... yes checking whether GID '1000' is supported by ustar format... yes checking how to create a ustar tar archive... gnutar checking build system type... x86_64-unknown-linux-gnu checking host system type... mips64-openwrt-linux-musl checking how to print strings... printf checking for style of include used by make... GNU checking for mips64-openwrt-linux-musl-gcc... mips64-openwrt-linux-musl-gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... yes checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether mips64-openwrt-linux-musl-gcc accepts -g... yes checking for mips64-openwrt-linux-musl-gcc option to accept ISO C89... none needed checking whether mips64-openwrt-linux-musl-gcc understands -c and -o together... yes checking dependency style of mips64-openwrt-linux-musl-gcc... gcc3 checking for a sed that does not truncate output... /home/grommish/openwrt/staging_dir/host/bin/sed checking for grep that handles long lines and -e... /home/grommish/openwrt/staging_dir/host/bin/grep checking for egrep... /home/grommish/openwrt/staging_dir/host/bin/grep -E checking for fgrep... /home/grommish/openwrt/staging_dir/host/bin/grep -F checking for ld used by mips64-openwrt-linux-musl-gcc... mips64-openwrt-linux-musl-ld checking if the linker (mips64-openwrt-linux-musl-ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... mips64-openwrt-linux-musl-gcc-nm checking the name lister (mips64-openwrt-linux-musl-gcc-nm) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking whether the shell understands some XSI constructs... yes checking whether the shell understands "+="... yes checking how to convert x86_64-unknown-linux-gnu file names to mips64-openwrt-linux-musl format... func_convert_file_noop checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop checking for mips64-openwrt-linux-musl-ld option to reload object files... -r checking for mips64-openwrt-linux-musl-objdump... mips64-openwrt-linux-musl-objdump checking how to recognize dependent libraries... pass_all checking for mips64-openwrt-linux-musl-dlltool... no checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for mips64-openwrt-linux-musl-ar... mips64-openwrt-linux-musl-gcc-ar checking for archiver @FILE support... @ checking for mips64-openwrt-linux-musl-strip... (cached) mips64-openwrt-linux-musl-strip checking for mips64-openwrt-linux-musl-ranlib... mips64-openwrt-linux-musl-gcc-ranlib checking command to parse mips64-openwrt-linux-musl-gcc-nm output from mips64-openwrt-linux-musl-gcc object... ok checking for sysroot... /home/grommish/openwrt/staging_dir/target-mips64_octeonplus_64_musl checking for mips64-openwrt-linux-musl-mt... no checking for mt... mt configure: WARNING: using cross tools not prefixed with host triplet checking if mt is a manifest tool... no checking how to run the C preprocessor... mips64-openwrt-linux-musl-gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir... .libs checking if mips64-openwrt-linux-musl-gcc supports -fno-rtti -fno-exceptions... no checking for mips64-openwrt-linux-musl-gcc option to produce PIC... -fPIC -DPIC checking if mips64-openwrt-linux-musl-gcc PIC flag -fPIC -DPIC works... yes checking if mips64-openwrt-linux-musl-gcc static flag -static works... yes checking if mips64-openwrt-linux-musl-gcc supports -c -o file.o... yes checking if mips64-openwrt-linux-musl-gcc supports -c -o file.o... (cached) yes checking whether the mips64-openwrt-linux-musl-gcc linker (mips64-openwrt-linux-musl-ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... yes checking pkg-config is at least version 0.9.0... yes checking whether GCC or Clang is our compiler... gcc checking for clang... no checking gcc version... 10.2.0 checking for gawk... (cached) gawk checking for mips64-openwrt-linux-musl-gcc... (cached) mips64-openwrt-linux-musl-gcc checking whether we are using the GNU C compiler... (cached) yes checking whether mips64-openwrt-linux-musl-gcc accepts -g... (cached) yes checking for mips64-openwrt-linux-musl-gcc option to accept ISO C89... (cached) none needed checking whether mips64-openwrt-linux-musl-gcc understands -c and -o together... (cached) yes checking dependency style of mips64-openwrt-linux-musl-gcc... (cached) gcc3 checking how to run the C preprocessor... mips64-openwrt-linux-musl-gcc -E checking for mips64-openwrt-linux-musl-ranlib... (cached) mips64-openwrt-linux-musl-gcc-ranlib checking whether ln -s works... yes checking whether make sets $(MAKE)... (cached) yes checking for grep that handles long lines and -e... (cached) /home/grommish/openwrt/staging_dir/host/bin/grep checking for cygpath... no checking for pkg-config... /home/grommish/openwrt/staging_dir/host/bin/pkg-config checking for python3... /home/grommish/openwrt/staging_dir/hostpkg/bin/python3 checking for python-distutils... yes checking for python-yaml... no checking for wget... /home/grommish/openwrt/staging_dir/host/bin/wget checking stddef.h usability... yes checking stddef.h presence... yes checking for stddef.h... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking assert.h usability... yes checking assert.h presence... yes checking for assert.h... yes checking ctype.h usability... yes checking ctype.h presence... yes checking for ctype.h... yes checking errno.h usability... yes checking errno.h presence... yes checking for errno.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking for inttypes.h... (cached) yes checking getopt.h usability... yes checking getopt.h presence... yes checking for getopt.h... yes checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking netdb.h usability... yes checking netdb.h presence... yes checking for netdb.h... yes checking netinet/in.h usability... yes checking netinet/in.h presence... yes checking for netinet/in.h... yes checking poll.h usability... yes checking poll.h presence... yes checking for poll.h... yes checking sched.h usability... yes checking sched.h presence... yes checking for sched.h... yes checking signal.h usability... yes checking signal.h presence... yes checking for signal.h... yes checking stdarg.h usability... yes checking stdarg.h presence... yes checking for stdarg.h... yes checking for stdint.h... (cached) yes checking stdio.h usability... yes checking stdio.h presence... yes checking for stdio.h... yes checking for stdlib.h... (cached) yes checking stdbool.h usability... yes checking stdbool.h presence... yes checking for stdbool.h... yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking sys/prctl.h usability... yes checking sys/prctl.h presence... yes checking for sys/prctl.h... yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking for sys/stat.h... (cached) yes checking sys/syscall.h usability... yes checking sys/syscall.h presence... yes checking for sys/syscall.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking time.h usability... yes checking time.h presence... yes checking for time.h... yes checking for unistd.h... (cached) yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking for sys/ioctl.h... (cached) yes checking linux/if_ether.h usability... yes checking linux/if_ether.h presence... yes checking for linux/if_ether.h... yes checking linux/if_packet.h usability... yes checking linux/if_packet.h presence... yes checking for linux/if_packet.h... yes checking linux/filter.h usability... yes checking linux/filter.h presence... yes checking for linux/filter.h... yes checking linux/ethtool.h usability... yes checking linux/ethtool.h presence... yes checking for linux/ethtool.h... yes checking linux/sockios.h usability... yes checking linux/sockios.h presence... yes checking for linux/sockios.h... yes checking glob.h usability... yes checking glob.h presence... yes checking for glob.h... yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking grp.h usability... yes checking grp.h presence... yes checking for grp.h... yes checking pwd.h usability... yes checking pwd.h presence... yes checking for pwd.h... yes checking dirent.h usability... yes checking dirent.h presence... yes checking for dirent.h... yes checking fnmatch.h usability... yes checking fnmatch.h presence... yes checking for fnmatch.h... yes checking sys/resource.h usability... yes checking sys/resource.h presence... yes checking for sys/resource.h... yes checking for sys/types.h... (cached) yes checking sys/un.h usability... yes checking sys/un.h presence... yes checking for sys/un.h... yes checking sys/random.h usability... yes checking sys/random.h presence... yes checking for sys/random.h... yes checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking libgen.h usability... yes checking libgen.h presence... yes checking for libgen.h... yes checking mach/mach.h usability... no checking mach/mach.h presence... no checking for mach/mach.h... no checking stdatomic.h usability... yes checking stdatomic.h presence... yes checking for stdatomic.h... yes checking for sys/socket.h... (cached) yes checking for net/if.h... yes checking for sys/mman.h... yes checking for linux/if_arp.h... yes checking for windows.h... no checking for winsock2.h... no checking for ws2tcpip.h... no checking for w32api/wtypes.h... no checking for w32api/winbase.h... no checking for wincrypt.h... no checking for inline... inline checking for C/C++ restrict keyword... __restrict checking for pid_t... yes checking for mode_t... yes checking for size_t... yes checking for ssize_t... yes checking for int8_t... yes checking for int16_t... yes checking for int32_t... yes checking for int64_t... yes checking for uint8_t... yes checking for uint16_t... yes checking for uint32_t... yes checking for uint64_t... yes checking for u_int... yes checking for u_short... yes checking for u_long... yes checking for u_char... yes checking whether struct tm is in sys/time.h or time.h... time.h checking for struct tm.tm_zone... yes checking for ptrdiff_t... yes checking for stdbool.h that conforms to C99... (cached) yes checking for _Bool... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible malloc... (cached) yes checking for stdlib.h... (cached) yes checking for GNU libc compatible realloc... (cached) yes checking vfork.h usability... no checking vfork.h presence... no checking for vfork.h... no checking for fork... yes checking for vfork... yes checking for working fork... cross configure: WARNING: result yes guessed because of cross compilation checking for working vfork... (cached) yes checking whether time.h and sys/time.h may both be included... yes checking for sys/time.h... (cached) yes checking for unistd.h... (cached) yes checking for stdlib.h... (cached) yes checking for sys/param.h... (cached) yes checking for alarm... yes checking for working mktime... no checking for getpagesize... yes checking for working mmap... no checking for working strtod... no checking for pow... yes checking for memmem... yes checking for memset... yes checking for memchr... yes checking for memrchr... yes checking for memmove... yes checking for strcasecmp... yes checking for strchr... yes checking for strrchr... yes checking for strdup... yes checking for strndup... yes checking for strncasecmp... yes checking for strtol... yes checking for strtoul... yes checking for strstr... yes checking for strpbrk... yes checking for strtoull... yes checking for strtoumax... yes checking for strerror... (cached) yes checking for gethostname... yes checking for inet_ntoa... yes checking for uname... yes checking for gettimeofday... (cached) yes checking for clock_gettime... yes checking for utime... yes checking for strptime... yes checking for tzset... yes checking for localtime_r... yes checking for socket... yes checking for setenv... yes checking for select... yes checking for putenv... yes checking for dup2... yes checking for endgrent... yes checking for endpwent... yes checking for atexit... yes checking for munmap... yes checking for fwrite_unlocked... yes checking whether getrandom is declared... yes checking for strlcpy... yes checking for strlcat... yes checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking host os... installation for mips64-openwrt-linux-musl OS... ok checking for c11 support... yes checking for thread local storage gnu __thread support... yes checking for dlfcn.h... (cached) yes checking for plugin support... yes checking checking if mips64-openwrt-linux-musl-gcc supports -march=native... no checking for spatch... no checking zlib.h usability... yes checking zlib.h presence... yes checking for zlib.h... yes checking for inflate in -lz... yes checking pcre.h usability... yes checking pcre.h presence... yes checking for pcre.h... yes checking for pcre_get_substring in -lpcre... yes checking for LIBPCREVERSION... no checking for pcre_dfa_exec in -lpcre... yes checking for PCRE JIT support... yes checking for PCRE JIT support usability... yes checking for PCRE JIT exec availability... no checking for libhs... no checking hs.h usability... no checking hs.h presence... no checking for hs.h... no checking yaml.h usability... yes checking yaml.h presence... yes checking for yaml.h... yes checking for yaml_parser_initialize in -lyaml... yes checking for pthread_create in -lpthread... yes checking for pthread_spin_unlock... yes checking jansson.h usability... yes checking jansson.h presence... yes checking for jansson.h... yes checking for json_dump_callback in -ljansson... yes checking for libnetfilter_queue... yes checking for nfnl_fd in -lnfnetlink... yes checking for libnetfilter_queue/libnetfilter_queue.h... yes checking for nfq_open in -lnetfilter_queue... yes checking for nfq_set_queue_maxlen in -lnetfilter_queue... yes checking for nfq_set_verdict2 in -lnetfilter_queue... yes checking for nfq_set_queue_flags in -lnetfilter_queue... yes checking for nfq_set_verdict_batch in -lnetfilter_queue... yes checking for signed nfq_get_payload payload argument... no checking whether OS_WIN32 is declared... no checking for libnet.h version 1.1.x... no checking for pcap.h... no configure: error: pcap.h not found ...
Files
Updated by Donald Hoskins almost 4 years ago
Built 6.0.1 from git-source, HEADER e860b9eee96cb112a45151237d4b23fd0a9efb22
Updated by Jeff Lucovsky over 3 years ago
I think the answer is in your config.log
Look at lines 4933 - 5046. There you'll see that u_int, u_char, u_short are unknown.
Updated by Donald Hoskins over 3 years ago
Jeff Lucovsky wrote in #note-4:
I think the answer is in your config.log
Look at lines 4933 - 5046. There you'll see that u_int, u_char, u_short are unknown.
I think it's safe to say this can be closed. While the error is misleading, it doesn't have to do with Suricata :) (which is great).
For whatever reason, OpenWrt's buildroot/usr/include/pcap.h is just an empty file with #<include/pcap.h>, which is great unless you don't have libpcap-dev installed. This is an OpenWrt-based issue.
Updated by Donald Hoskins over 3 years ago
In looking at the log more @Jeff Williams Lucovsky, I see that earlier in the configuration script, it finds:
checking for u_int... yes checking for u_short... yes checking for u_long... yes
configure:16715: mipsel-openwrt-linux-musl-gcc -c -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves >In file included from /home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/include/pcap/pcap.h:133,
from /home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/include/pcap.h:43,
from conftest.c:159:
config.log:configure:16715: mipsel-openwrt-linux-musl-gcc -c -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -fmacro-prefix-map=/home/grommish/openwrt/build_dir/target-mipsel_24kc_musl/suricata-6.0.2=suricata-6.0.2 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libiconv-stub/include -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libintl-stub/include -std=c11 -I/home/grommish/openwrt/staging_dir/toolchain-mipsel_24kc_gcc-10.2.0_musl/usr/include -I/home/grommish/openwrt/staging_dir/toolchain-mipsel_24kc_gcc-10.2.0_musl/include/fortify -I/home/grommish/openwrt/staging_dir/toolchain-mipsel_24kc_gcc-10.2.0_musl/include -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libiconv-stub/include -I/home/grommish/openwrt/staging_dir/target-mipsel_24kc_musl/usr/lib/libintl-stub/include conftest.c >&5
conftest.c is what is having issues. Is this internal autoconfig? Should there be an include that the build system isn't putting in? OpenWrt is using the libpcap 1.10.0 in the buildroot. This wouldn't be an issue, would it (it was released Dec 2020).
Updated by Donald Hoskins over 3 years ago
Figured it out!
Required
TARGET_CFLAGS += -D_GNU_SOURCE TARGET_CXXFLAGS += -latomic TARGET_LDFLAGS += -latomic
Up and running on a Edgerouter 10X (mipsel 24kc) :)
Updated by Donald Hoskins over 3 years ago
21/3/2021 -- 08:53:08 - <Notice> - This is Suricata version 6.0.2 RELEASE running in SYSTEM mode 21/3/2021 -- 08:53:08 - <Info> - CPUs/cores online: 4 21/3/2021 -- 08:53:08 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32516 and 'request-body-inspect-window' set to 4267 after randomization. 21/3/2021 -- 08:53:08 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 41679 and 'response-body-inspect-window' set to 16808 after randomization. 21/3/2021 -- 08:53:08 - <Config> - SMB stream depth: 0 21/3/2021 -- 08:53:08 - <Config> - Protocol detection and parser disabled for modbus protocol. 21/3/2021 -- 08:53:08 - <Config> - Protocol detection and parser disabled for enip protocol. 21/3/2021 -- 08:53:08 - <Config> - Protocol detection and parser disabled for DNP3. 21/3/2021 -- 08:53:08 - <Info> - Found an MTU of 1500 for 'eth0' 21/3/2021 -- 08:53:08 - <Info> - Found an MTU of 1500 for 'eth0' 21/3/2021 -- 08:53:08 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 21/3/2021 -- 08:53:08 - <Config> - preallocated 1000 hosts of size 84 21/3/2021 -- 08:53:08 - <Config> - host memory usage: 346144 bytes, maximum: 33554432 21/3/2021 -- 08:53:08 - <Config> - Core dump size set to unlimited. 21/3/2021 -- 08:53:08 - <Config> - allocated 2097152 bytes of memory for the defrag hash... 65536 buckets of size 32 21/3/2021 -- 08:53:09 - <Config> - preallocated 65535 defrag trackers of size 116 21/3/2021 -- 08:53:09 - <Config> - defrag memory usage: 9699212 bytes, maximum: 33554432 21/3/2021 -- 08:53:09 - <Config> - flow size 228, memcap allows for 588674 flows. Per hash row in perfect conditions 8 21/3/2021 -- 08:53:09 - <Config> - stream "prealloc-sessions": 2048 (per thread) 21/3/2021 -- 08:53:09 - <Config> - stream "memcap": 67108864 21/3/2021 -- 08:53:09 - <Config> - stream "midstream" session pickups: disabled 21/3/2021 -- 08:53:09 - <Config> - stream "async-oneside": disabled 21/3/2021 -- 08:53:09 - <Config> - stream "checksum-validation": enabled 21/3/2021 -- 08:53:09 - <Config> - stream."inline": disabled 21/3/2021 -- 08:53:09 - <Config> - stream "bypass": disabled 21/3/2021 -- 08:53:09 - <Config> - stream "max-synack-queued": 5 21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "memcap": 268435456 21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "depth": 1048576 21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "toserver-chunk-size": 2562 21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "toclient-chunk-size": 2606 21/3/2021 -- 08:53:09 - <Config> - stream.reassembly.raw: enabled 21/3/2021 -- 08:53:09 - <Config> - stream.reassembly "segment-prealloc": 2048 21/3/2021 -- 08:53:09 - <Info> - fast output device (regular) initialized: fast.log 21/3/2021 -- 08:53:09 - <Info> - eve-log output device (regular) initialized: eve.json 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'alert' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'anomaly' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'http' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'dns' 21/3/2021 -- 08:53:09 - <Config> - eve-log dns version not set, defaulting to version 2 21/3/2021 -- 08:53:09 - <Config> - eve-log dns version not set, defaulting to version 2 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'tls' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'files' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'smtp' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'ftp' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'rdp' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'nfs' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'smb' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'tftp' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'ikev2' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'dcerpc' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'krb5' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'snmp' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'rfb' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'sip' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'dhcp' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'ssh' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'mqtt' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'stats' 21/3/2021 -- 08:53:09 - <Config> - enabling 'eve-log' module 'flow' 21/3/2021 -- 08:53:09 - <Info> - stats output device (regular) initialized: stats.log 21/3/2021 -- 08:53:09 - <Config> - Delayed detect disabled 21/3/2021 -- 08:53:09 - <Info> - Running in live mode, activating unix socket 21/3/2021 -- 08:53:09 - <Config> - pattern matchers: MPM: ac, SPM: bm 21/3/2021 -- 08:53:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 21/3/2021 -- 08:53:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060 21/3/2021 -- 08:53:09 - <Config> - prefilter engines: MPM 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_uri 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_uri 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_request_line 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_client_body 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_response_line 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header_names 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_header_names 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_accept 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_accept_enc 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_accept_lang 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_referer 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_connection 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_len 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_len 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_type 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_content_type 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http.server 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http.location 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_protocol 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_protocol 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_start 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_start 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_header 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_header 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_method 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_cookie 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_cookie 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file.magic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_user_agent 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_host 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_raw_host 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_stat_msg 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http_stat_code 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header_name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header_name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for http2_header 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dns_query 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dnp3_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dnp3_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.sni 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_issuer 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_subject 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_serial 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tls.certs 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3.hash 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3.string 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3s.hash 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ja3s.string 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for dce_stub_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for smb_named_pipe 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for smb_share 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.proto 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.proto 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh_software 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh_software 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh.server 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh.string 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for file_data 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for krb5_cname 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for krb5_sname 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.method 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.uri 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.protocol 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.protocol 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.method 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.stat_msg 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.request_line 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for sip.response_line 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for rfb.name 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for snmp.community 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for snmp.community 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.username 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.password 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.publish.topic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.publish.message 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for icmpv4.hdr 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tcp.hdr 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for udp.hdr 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for icmpv6.hdr 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ipv4.hdr 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for ipv6.hdr 21/3/2021 -- 08:53:09 - <Config> - IP reputation disabled 21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/suricata.rules 21/3/2021 -- 08:53:09 - <Config> - No rules loaded from suricata.rules. 21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded! 21/3/2021 -- 08:53:09 - <Info> - Threshold config parsed: 0 rule(s) found 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tcp-packet 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for tcp-stream 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for udp-packet 21/3/2021 -- 08:53:09 - <Perf> - using shared mpm ctx' for other-ip 21/3/2021 -- 08:53:09 - <Info> - 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only 21/3/2021 -- 08:53:09 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete 21/3/2021 -- 08:53:09 - <Perf> - TCP toserver: 0 port groups, 0 unique SGH's, 0 copies 21/3/2021 -- 08:53:09 - <Perf> - TCP toclient: 0 port groups, 0 unique SGH's, 0 copies 21/3/2021 -- 08:53:09 - <Perf> - UDP toserver: 0 port groups, 0 unique SGH's, 0 copies 21/3/2021 -- 08:53:09 - <Perf> - UDP toclient: 0 port groups, 0 unique SGH's, 0 copies 21/3/2021 -- 08:53:09 - <Perf> - OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies 21/3/2021 -- 08:53:09 - <Perf> - OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies 21/3/2021 -- 08:53:09 - <Perf> - Unique rule groups: 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toserver TCP packet": 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toclient TCP packet": 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toserver TCP stream": 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toclient TCP stream": 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toserver UDP packet": 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "toclient UDP packet": 0 21/3/2021 -- 08:53:09 - <Perf> - Builtin MPM "other IP packet": 0 21/3/2021 -- 08:53:09 - <Config> - Using flow cluster mode for AF_PACKET (iface eth0) 21/3/2021 -- 08:53:09 - <Config> - Using defrag kernel functionality for AF_PACKET (iface eth0) 21/3/2021 -- 08:53:09 - <Perf> - 4 cores, so using 4 threads 21/3/2021 -- 08:53:09 - <Perf> - Using 4 AF_PACKET threads for interface eth0 21/3/2021 -- 08:53:09 - <Perf> - eth0: disabling tso offloading 21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'eth0': Not supported (122) 21/3/2021 -- 08:53:09 - <Perf> - eth0: disabling sg offloading 21/3/2021 -- 08:53:09 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'eth0': Not supported (122) 21/3/2021 -- 08:53:09 - <Config> - eth0: enabling zero copy mode by using data release call 21/3/2021 -- 08:53:09 - <Info> - Going to use 4 thread(s) 21/3/2021 -- 08:53:12 - <Config> - using 1 flow manager threads 21/3/2021 -- 08:53:12 - <Config> - using 1 flow recycler threads 21/3/2021 -- 08:53:12 - <Info> - Running in live mode, activating unix socket 21/3/2021 -- 08:53:12 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket' 21/3/2021 -- 08:53:12 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started. 21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 21/3/2021 -- 08:53:12 - <Perf> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 21/3/2021 -- 08:53:12 - <Info> - All AFP capture threads are running.
Actions