Bug #372: Cygwin build needs escapes for interface argument - Suricata - Open Information Security Foundation

Bug #372

Updated by Victor Julien almost 12 years ago

In the Mingw build (a version or two ago) no escapes were needed to specify the network interface, but the cygwin builds require them when using the NIC UUID (not the IP). Actually even when using IP it "fails" at first, but somehow goes on: 
 USING THE IP ( -i 1.2.3.4 ) 

 <pre> 
 <snip> 
 [4716] 10/11/2011 -- 16:13:42 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log 
 [4716] 10/11/2011 -- 16:13:42 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log 
 [4716] 10/11/2011 -- 16:13:42 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value 
 [4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} 
 [4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0 
 </pre> </snip> 

 USING THE NIC UUID (-i \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} ) 

 <pre> 
 <snip> 
 [5084] 10/11/2011 -- 16:17:05 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log 
 [5084] 10/11/2011 -- 16:17:05 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log 
 [5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A, using default value 
 [4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A 
 [4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0 
 [5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:226) <Info> (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:346) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:358) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:368) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:374) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:380) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disabled 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:397) <Info> (StreamTcpInitConfig) -- stream "checksum_validation": enabled 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:407) <Info> (StreamTcpInitConfig) -- stream."inline": disabled 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:416) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:426) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:449) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560 
 [5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:451) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560 
 [4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:376) <Error> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error Error opening adapter: The system cannot find the device specified. (20) 
 [5084] 10/11/2011 -- 16:17:05 - (tm-threads.c:1793) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "ReceivePcap" closed on initialization. 
 [5084] 10/11/2011 -- 16:17:05 - (suricata.c:1551) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting... 

 </pre> 
 </snip> 
 You can see that the backslashes are missing as well as the curly braces, but escaping them again and it works, I guess this fails at first too... ( -i \\Device\\NPF_\{BF708D28-C021-405D-B63A-9B0DF8BB586A\} ) 


 <pre> 

 <snip> 
 [3832] 10/11/2011 -- 16:19:20 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log 
 [3832] 10/11/2011 -- 16:19:20 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log 
 [3832] 10/11/2011 -- 16:19:20 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value 
 [5996] 10/11/2011 -- 16:19:20 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} 

 </pre> 
 </snip>

Back

Project

General

Profile

Suricata

Bug #372