Error: unknown type name 'JA4'

Developers
1

Getting the following error when compiling commit 316cc528f784c86339d05907a4d6084cbe4d44e6 for OpenWrt x86_64 :

In file included from app-layer-parser.c:47:
app-layer-ssl.h:272:5: error: unknown type name 'JA4'
  272 |     JA4 *ja4;
      |     ^~~

JA3 & JA4 already enabled in the configurations :

  JA3 support:                             yes
  JA4 support:                             yes

Does anyone have any clues?.

2

JA4 is enabled by default and the type that is being complained about as missing should always be exported from Rust.
Interesting, that never occurred to me (and I can’t reproduce it on Debian bookworm trying to build that commit).

Can you share your configure parameters and maybe a full build log please?
Does OpenWrt apply any custom patches to Suricata?

1 Like
3

@satta

Really appreciated for your reply,

Attached the full build log suricata.zip (25.5 KB)

The OpenWrt suricata Makefile :

# SPDX-License-Identifier: GPL-2.0-only

include $(TOPDIR)/rules.mk

PKG_NAME:=suricata
PKG_VERSION:=8.0.0
PKG_RELEASE:=1

PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/OISF/suricata.git
PKG_MIRROR_HASH:=db9effc13cce73651643574618e857f08617655d3b7350ee35ada8fb04b8d0fe
PKG_SOURCE_DATE:=2024-04-25
PKG_SOURCE_VERSION:=316cc528f784c86339d05907a4d6084cbe4d44e6

PKG_CONFIG_DEPENDS:=CONFIG_KERNEL_XDP_SOCKETS

#PKG_FIXUP:=autoreconf
#PKG_REMOVE_FILES:=autogen.sh
PKG_FIXUP:=patch-libtool

PKG_BUILD_DEPENDS:=rust/host python3/host

include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/bpf.mk
include $(INCLUDE_DIR)/nls.mk
include ../../lang/rust/rust-values.mk

export PATH="$(TOOLCHAIN_DIR)/bin:/usr/sbin:/usr/bin:/sbin:/bin:$$$$PATH"
export LD_LIBRARY_PATH="$(STAGING_DIR_HOST)/llvm-bpf/lib:$(STAGING_DIR)/usr/lib/libintl-full/lib:$$$$LD_LIBRARY_PATH"

define Package/suricata/config
  source "$(SOURCE)/Config.in"
endef

CONFIGURE_VARS += \
  CLANG="$(STAGING_DIR_HOST)/llvm-bpf/bin/clang" \
  LLC="$(STAGING_DIR_HOST)/llvm-bpf/bin/llc" \
  PATH="$(STAGING_DIR_HOST)/llvm-bpf/bin:$$$$PATH" \
  HAVE_PF_RING_FLOW_OFFLOAD=1 \
  pfring_recv_chunk=yes \

TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include -I$(STAGING_DIR_HOST)/include -I$(STAGING_DIR)/usr/lib/libintl-full/include -I$(STAGING_DIR)/usr/include/hs -w
TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/usr/lib/libintl-full/lib -lintl -L$(STAGING_DIR_HOST)/lib -lelf

CONFIGURE_ARGS += \
  --target=$(RUSTC_TARGET_ARCH) \
  --host=$(RUSTC_TARGET_ARCH) \
  --build=$(RUSTC_HOST_ARCH) \
  --enable-shared \
  --disable-gccmarch-native \
  --disable-gccprofile \
  --with-gnu-ld \
  --with-sysroot=$(STAGING_DIR)
#	--enable-non-bundled-htp \
#	--with-libhtp-includes=$(STAGING_DIR_HOSTPKG)/include \
#	--with-libhtp-libraries=$(STAGING_DIR_HOSTPKG)/lib
#	--with-sysroot=$(TOOLCHAIN_DIR)

ifeq ($(CONFIG_SURICATA_ENABLE_PYTHON),y)
CONFIGURE_ARGS += --enable-python
endif
ifeq ($(CONFIG_SURICATA_ENABLE_PFRING),y)
CONFIGURE_ARGS += --enable-pfring
endif
ifeq ($(CONFIG_SURICATA_ENABLE_LUAJIT),y)
CONFIGURE_ARGS += --enable-luajit
endif
ifeq ($(CONFIG_SURICATA_ENABLE_GCCPROTECT),y)
CONFIGURE_ARGS += --enable-gccprotect
endif
ifeq ($(CONFIG_SURICATA_ENABLE_GCCPROFILE),n)
CONFIGURE_ARGS += --enable-gccprofile
endif

# For now, x86_64 targets can't use PIE
ifneq ($(CONFIG_TARGET_x86),y)
  ifeq ($(CONFIG_PKG_ASLR_PIE_ALL),y)
    CONFIGURE_ARGS += --enable-pie
  else
    ifeq ($(CONFIG_PKG_ASLR_PIE_REGULAR),y)
      CONFIGURE_ARGS += --enable-pie
    endif
  endif
endif

ifeq ($(CONFIG_SURICATA_ENABLE_NFQUEUE),y)
CONFIGURE_ARGS += --enable-nfqueue
endif

ifeq ($(CONFIG_SURICATA_ENABLE_GEOIP),y)
CONFIGURE_ARGS += --enable-geoip
endif

ifeq ($(CONFIG_SURICATA_ENABLE_LIBMAGIC),y)
CONFIGURE_ARGS += --enable-libmagic
endif

ifeq ($(CONFIG_SURICATA_ENABLE_DEBUG),y)
TARGET_CXXFLAGS += -ggdb3
CONFIGURE_ARGS += --enable-debug
endif

ifeq ($(CONFIG_SURICATA_ENABLE_HIREDIS),y)
CONFIGURE_ARGS += --enable-hiredis
endif

ifeq ($(CONFIG_SURICATA_ENABLE_EBPF),y)
CONFIGURE_ARGS += --enable-ebpf --enable-ebpf-build
endif

ifeq ($(CONFIG_SURICATA_ENABLE_NFLOG),y)
CONFIGURE_ARGS += --enable-nflog
endif

define Build/Configure
	( \
		$(CONFIGURE_VARS) cargo install --force --root $(STAGING_DIR)/host cbindgen ; \
		cd $(PKG_BUILD_DIR) && $(CONFIGURE_VARS) ./scripts/bundle.sh ; \
		cd $(PKG_BUILD_DIR) && $(CONFIGURE_VARS) ./autogen.sh && $(CONFIGURE_VARS) ./configure $(CONFIGURE_ARGS) ; \
	)
	$(call Build/Configure/Default)
endef

TARGET_CFLAGS += \
	$(FPIC) \
	-D_GNU_SOURCE

MAKE_FLAGS += \
	CC="$(TARGET_CC)" \
	CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) \
		-I$(PKG_BUILD_DIR)/include \
		-I$(PKG_BUILD_DIR)/usr \
		-I$(PKG_BUILD_DIR)/src \
		-I$(PKG_BUILD_DIR)/rust/dist -w" \
	LDFLAGS="$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS)"

define Build/Install
	$(call Build/Install/Default,install)
	$(call Build/Install/Default,install-conf)
endef

define Package/suricata
    SUBMENU:=Firewall
    SECTION:=net
    CATEGORY:=Network
    DEPENDS:=@!SMALL_FLASH @!LOW_MEMORY_FOOTPRINT +libexpat +jansson +libelf +libbpf +libbsd +libpcre2 +libyaml +libpcap +libcap-ng $(ICONV_DEPENDS) $(INTL_DEPENDS) \
        +nspr +libnss +liblz4 +libatomic +libnet-1.2.x +libxdp +libnfnetlink +libunwind +libhiredis +(TARGET_x86||TARGET_x86_64):hyperscan-runtime +SURICATA_ENABLE_PFRING:libpfring +zlib \
	+SURICATA_ENABLE_NFLOG:libnetfilter-log \
	+SURICATA_ENABLE_NFQUEUE:libnetfilter-queue +SURICATA_ENABLE_NFQUEUE:iptables-mod-nfqueue \
	+SURICATA_ENABLE_HIREDIS:libhiredis +SURICATA_ENABLE_HIREDIS:libevent2  +SURICATA_ENABLE_HIREDIS:libevent2-pthreads \
	+SURICATA_ENABLE_LIBMAGIC:libmagic \
	+SURICATA_ENABLE_GEOIP:libmaxminddb \
	+SURICATA_ENABLE_PYTHON:python3 +SURICATA_ENABLE_PYTHON:python3-yaml \
	@HAS_LUAJIT_ARCH +luajit
  TITLE:=OISF Suricata IDS
  URL:=https://www.openinfosecfoundation.org/
  MENU:=1
endef

define Package/suricata/description
	Suricata is an open source-based intrusion detection system (IDS), intrusion
	prevention system (IPS), and Network Monitoring System (NMS)
endef

define Package/suricata/conffiles
/etc/config/suricata
/etc/suricata/
endef

define Package/suricata/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(SED) '1c\#!/usr/bin/python3\' -i $(PKG_INSTALL_DIR)/usr/bin/{suricatactl,suricatasc,suricata-update}
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricata $(1)/usr/bin/suricata
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricatactl $(1)/usr/bin/suricatactl
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricatasc $(1)/usr/bin/suricatasc
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricata-update $(1)/usr/bin/suricata-update
	
	$(INSTALL_DIR) $(1)/usr/lib
	$(CP) -r $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/

	$(INSTALL_DIR) $(1)/usr/include
	$(CP) -r $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/

	$(INSTALL_DIR) $(1)/etc/suricata
	$(CP) $(PKG_BUILD_DIR)/suricata.yaml \
	$(PKG_BUILD_DIR)/etc/classification.config \
	$(PKG_BUILD_DIR)/threshold.config \
	$(PKG_BUILD_DIR)/etc/reference.config \
	$(1)/etc/suricata/

	$(INSTALL_DIR) $(1)/usr/share/suricata/rules
	$(CP) $(PKG_INSTALL_DIR)/usr/share/suricata/rules/* $(1)/usr/share/suricata/rules/

	$(INSTALL_DIR) $(1)/etc/init.d
	$(INSTALL_DIR) $(1)/etc/config

	$(INSTALL_BIN) ./files/etc/init.d/suricata $(1)/etc/init.d/suricata
	$(INSTALL_CONF) ./files/etc/config/suricata $(1)/etc/config/suricata
endef

$(eval $(call BuildPackage,suricata))

Possible full configure line generated from Makefile above :

./configure --disable-option-checking '--prefix=/usr'  '--target=x86_64-openwrt-linux' '--host=x86_64-openwrt-linux' '--build=x86_64-pc-linux-gnu' '--disable-dependency-tracking' '--program-prefix=' '--program-suffix=' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib' '--sysconfdir=/etc' '--datadir=/usr/share' '--localstatedir=/var' '--mandir=/usr/man' '--infodir=/usr/info' '--target=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--build=x86_64-unknown-linux-gnu' '--enable-shared' '--disable-gccmarch-native' '--disable-gccprofile' '--with-gnu-ld' '--with-sysroot=/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom' '--enable-pfring' '--enable-luajit' '--enable-gccprotect' '--enable-nfqueue' '--enable-geoip' '--enable-libmagic' '--enable-debug' '--enable-hiredis' '--enable-ebpf' '--enable-ebpf-build' '--enable-nflog' 'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-unknown-linux-gnu' 'CC=ccache x86_64-openwrt-linux-gnu-gcc' 'CFLAGS=-march=tigerlake -mtune=tigerlake -O3 -funsafe-math-optimizations -ffp-contract=fast -ftree-vectorize -fno-caller-saves -fno-plt -march=tigerlake -mtune=tigerlake -O3 -funsafe-math-optimizations -ffp-contract=fast -ftree-vectorize -fhonour-copts -fmacro-prefix-map=/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-8.0.0=suricata-8.0.0 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libiconv-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/include -I/home/username/works/openwrt/staging_dir/host/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/include/hs -w -DPIC -fpic -D_GNU_SOURCE ' 'LDFLAGS=-L/home/username/works/openwrt/staging_dir/toolchain-x86_64_gcc-13.2.0_glibc/usr/lib -L/home/username/works/openwrt/staging_dir/toolchain-x86_64_gcc-13.2.0_glibc/lib -fuse-ld=bfd -znow -zrelro -L/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libiconv-full/lib -Wl,-rpath-link=/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libiconv-full/lib -L/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/lib -Wl,-rpath-link=/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/lib -L/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib -L/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/lib -lintl -L/home/username/works/openwrt/staging_dir/host/lib -lelf ' 'CPPFLAGS=-I/home/username/works/openwrt/staging_dir/toolchain-x86_64_gcc-13.2.0_glibc/usr/include -I/home/username/works/openwrt/staging_dir/toolchain-x86_64_gcc-13.2.0_glibc/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libiconv-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/include ' 'PKG_CONFIG=/home/username/works/openwrt/staging_dir/host/bin/pkg-config' 'PKG_CONFIG_PATH=/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/pkgconfig:/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/pkgconfig:/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/share/pkgconfig' 'CXX=ccache x86_64-openwrt-linux-gnu-g++' 'CXXFLAGS=-march=tigerlake -mtune=tigerlake -O3 -funsafe-math-optimizations -ffp-contract=fast -ftree-vectorize -fno-caller-saves -fno-plt -march=tigerlake -mtune=tigerlake -O3 -funsafe-math-optimizations -ffp-contract=fast -ftree-vectorize -fhonour-copts -fmacro-prefix-map=/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-8.0.0=suricata-8.0.0 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libiconv-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/include -I/home/username/works/openwrt/staging_dir/host/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/lib/libintl-full/include -I/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/include/hs -w -DPIC -fpic -D_GNU_SOURCE -ggdb3 ' --cache-file=/dev/null --srcdir=.

I am also sure I just missed an include path somewhere.

Patches for suricata on OpenWrt, these are WIP based on @Grommish works.
patches.zip (35.9 KB)

The same suricata for OpenWrt Makefile is working fine for compilation with version 7.0.6.

4

Found out the solution : before I was including -I$(PKG_BUILD_DIR)/rust/dist which containing not fully complete rust_bindings.h?.

The solution is including -I$(PKG_BUILD_DIR)/rust/gen which containing full complete rust_bindings.h.

Thanks @satta for pointing out that compilation working in other platform.

5

Yes, indeed. Good to see the problem is solved. (And thanks for packaging Suricata on OpenWrt!)

6

I haven’t officially submitted the suricata package, only currently sharing it on OpenWrt forums.