Suricata6.0.0-beta1 on OpenWrt Illegal Instruction error

Help
42

Are you able to step through it in gdb to see where it fails exactly?

1 Like
43

It’s a SIGBUS error, so I’m guessing rust is still screwy…

Ignore for now :slight_smile: I’m sure I’ll be back…

44

Another thought to maybe help debugging is to compile the unittests in and run that. So add --enable-unittests to the command line and run your test like ./src/suricata -u -l /tmp --fatal-unittests. If you then get a failure in a test you can run just that test specific ./src/suricata -u -l tmp --fatal-unittests -U<TestName>. (TestName here is actually a regex).

You can run this w/o root and directly from the src dir too.

45

I will attempt to do this :slight_smile: The --enable-unittests is under the ./configure?

46

Yes, that is correct.

1 Like
47

Success! Running on a mips64 Octeon3 OpenWrt device :slight_smile:

root@OpenWrt:/# suricata -vvv -c /etc/suricata/suricata.yaml -i eth0
[2282] 11/11/2020 -- 00:30:00 - (suricata.c:1065) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev running in SYSTEM mode
[2282] 11/11/2020 -- 00:30:00 - (util-cpu.c:178) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 2
[2282] 11/11/2020 -- 00:30:00 - (app-layer-htp.c:2414) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33934 and 'request-bod.
[2282] 11/11/2020 -- 00:30:00 - (app-layer-htp.c:2432) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 40181 and 'response-b.
[2282] 11/11/2020 -- 00:30:00 - (app-layer-smb.c:316) <Config> (RegisterSMBParsers) -- SMB stream depth: 0
[2282] 11/11/2020 -- 00:30:00 - (app-layer-modbus.c:1514) <Config> (RegisterModbusParsers) -- Protocol detection and parser disabled for modbus protocol.
[2282] 11/11/2020 -- 00:30:00 - (app-layer-enip.c:463) <Config> (RegisterENIPUDPParsers) -- Protocol detection and parser disabled for enip protocol.
[2282] 11/11/2020 -- 00:30:00 - (app-layer-dnp3.c:1606) <Config> (RegisterDNP3Parsers) -- Protocol detection and parser disabled for DNP3.
[2282] 11/11/2020 -- 00:30:00 - (util-ioctl.c:111) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'eth0'
[2282] 11/11/2020 -- 00:30:00 - (util-ioctl.c:111) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'eth0'
[2282] 11/11/2020 -- 00:30:00 - (host.c:256) <Config> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
[2282] 11/11/2020 -- 00:30:00 - (host.c:281) <Config> (HostInitConfig) -- preallocated 1000 hosts of size 136
[2282] 11/11/2020 -- 00:30:00 - (host.c:283) <Config> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432
[2282] 11/11/2020 -- 00:30:00 - (util-coredump-config.c:149) <Config> (CoredumpLoadConfig) -- Core dump size set to unlimited.
[2282] 11/11/2020 -- 00:30:00 - (defrag-hash.c:251) <Config> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
[2282] 11/11/2020 -- 00:30:00 - (defrag-hash.c:278) <Config> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 160
[2282] 11/11/2020 -- 00:30:00 - (defrag-hash.c:285) <Config> (DefragInitConfig) -- defrag memory usage: 14155616 bytes, maximum: 33554432
[2282] 11/11/2020 -- 00:30:00 - (flow.c:636) <Config> (FlowInitConfig) -- flow size 320, memcap allows for 419430 flows. Per hash row in perfect conditions 6
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:398) <Config> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread)
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:418) <Config> (StreamTcpInitConfig) -- stream "memcap": 67108864
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:424) <Config> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:430) <Config> (StreamTcpInitConfig) -- stream "async-oneside": disabled
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:445) <Config> (StreamTcpInitConfig) -- stream "checksum-validation": enabled
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:473) <Config> (StreamTcpInitConfig) -- stream."inline": disabled
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:486) <Config> (StreamTcpInitConfig) -- stream "bypass": disabled
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:510) <Config> (StreamTcpInitConfig) -- stream "max-synack-queued": 5
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:531) <Config> (StreamTcpInitConfig) -- stream.reassembly "memcap": 268435456
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:550) <Config> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:624) <Config> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2489
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:626) <Config> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2465
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp.c:639) <Config> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled
[2282] 11/11/2020 -- 00:30:00 - (stream-tcp-reassemble.c:377) <Config> (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 2048
[2282] 11/11/2020 -- 00:30:00 - (util-logopenfile.c:570) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
[2282] 11/11/2020 -- 00:30:00 - (util-logopenfile.c:570) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'anomaly'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'http'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dns'
[2282] 11/11/2020 -- 00:30:00 - (output-json-dns.c:563) <Config> (JsonDnsParseVersion) -- eve-log dns version not set, defaulting to version 2
[2282] 11/11/2020 -- 00:30:00 - (output-json-dns.c:563) <Config> (JsonDnsParseVersion) -- eve-log dns version not set, defaulting to version 2
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'tls'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'files'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'smtp'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ftp'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'rdp'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'nfs'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'smb'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'tftp'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ikev2'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dcerpc'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'krb5'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'snmp'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'rfb'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'sip'
[2282] 11/11/2020 -- 00:30:00 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dhcp'
[2282] 11/11/2020 -- 00:30:01 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ssh'
[2282] 11/11/2020 -- 00:30:01 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'mqtt'
[2282] 11/11/2020 -- 00:30:01 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'stats'
[2282] 11/11/2020 -- 00:30:01 - (runmodes.c:641) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'flow'
[2282] 11/11/2020 -- 00:30:01 - (util-logopenfile.c:570) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log
[2282] 11/11/2020 -- 00:30:01 - (suricata.c:2189) <Config> (SetupDelayedDetect) -- Delayed detect disabled
[2282] 11/11/2020 -- 00:30:01 - (util-conf.c:161) <Info> (ConfUnixSocketIsEnable) -- Running in live mode, activating unix socket
[2282] 11/11/2020 -- 00:30:01 - (detect-engine.c:1994) <Config> (DetectEngineCtxInitReal) -- pattern matchers: MPM: ac, SPM: bm
[2282] 11/11/2020 -- 00:30:01 - (detect-engine.c:2403) <Config> (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 800
[2282] 11/11/2020 -- 00:30:01 - (detect-engine.c:2427) <Config> (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060
[2282] 11/11/2020 -- 00:30:01 - (detect-engine.c:2455) <Config> (DetectEngineCtxLoadConf) -- prefilter engines: MPM
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_request_line
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_client_body
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_response_line
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.server
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.location
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:01 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_msg
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header_name
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header_name
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dns_query
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.sni
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_issuer
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_subject
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_serial
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_fingerprint
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.certs
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.hash
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.string
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.hash
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.string
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_named_pipe
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_share
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.server
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.string
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.server.string
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_cname
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_sname
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.uri
[2282] 11/11/2020 -- 00:30:02 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.stat_msg
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.request_line
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.response_line
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for rfb.name
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.clientid
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.username
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.password
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.willtopic
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.willmessage
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.publish.topic
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.publish.message
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.subscribe.topic
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.unsubscribe.topic
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for tcp.hdr
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for udp.hdr
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for icmpv6.hdr
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv4.hdr
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv6.hdr
[2282] 11/11/2020 -- 00:30:03 - (reputation.c:603) <Config> (SRepInit) -- IP reputation disabled
[2282] 11/11/2020 -- 00:30:03 - (util-classification-config.c:363) <Info> (SCClassConfParseFile) -- Added "43" classification types from the classification file
[2282] 11/11/2020 -- 00:30:03 - (util-reference-config.c:339) <Info> (SCRConfParseFile) -- Added "19" reference types from the reference.config file
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-loader.c:232) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/surics
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-loader.c:322) <Config> (SigLoadSignatures) -- No rules loaded from suricata.rules.
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-loader.c:347) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded!
[2282] 11/11/2020 -- 00:30:03 - (util-threshold-config.c:1091) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1412) <Info> (SigAddressPrepareStage1) -- 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspey
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1418) <Config> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- TCP toserver: 0 port groups, 0 unique SGH's, 0 copies
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- TCP toclient: 0 port groups, 0 unique SGH's, 0 copies
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- UDP toserver: 0 port groups, 0 unique SGH's, 0 copies
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- UDP toclient: 0 port groups, 0 unique SGH's, 0 copies
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1004) <Perf> (RulesGroupByProto) -- OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1041) <Perf> (RulesGroupByProto) -- OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-build.c:1786) <Perf> (SigAddressPrepareStage4) -- Unique rule groups: 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 0
[2282] 11/11/2020 -- 00:30:03 - (detect-engine-mpm.c:1158) <Perf> (MpmStoreReportStats) -- Builtin MPM "other IP packet": 0
[2282] 11/11/2020 -- 00:30:03 - (runmode-af-packet.c:320) <Config> (ParseAFPConfig) -- Using flow cluster mode for AF_PACKET (iface eth0)
[2282] 11/11/2020 -- 00:30:03 - (runmode-af-packet.c:324) <Config> (ParseAFPConfig) -- Using defrag kernel functionality for AF_PACKET (iface eth0)
[2282] 11/11/2020 -- 00:30:03 - (runmode-af-packet.c:639) <Perf> (ParseAFPConfig) -- 2 cores, so using 2 threads
[2282] 11/11/2020 -- 00:30:03 - (runmode-af-packet.c:651) <Perf> (ParseAFPConfig) -- Using 2 AF_PACKET threads for interface eth0
[2282] 11/11/2020 -- 00:30:03 - (util-ioctl.c:442) <Perf> (DisableIfaceOffloadingLinux) -- eth0: disabling gro offloading
[2282] 11/11/2020 -- 00:30:03 - (util-ioctl.c:456) <Perf> (DisableIfaceOffloadingLinux) -- eth0: disabling gso offloading
[2282] 11/11/2020 -- 00:30:03 - (util-ioctl.c:463) <Perf> (DisableIfaceOffloadingLinux) -- eth0: disabling sg offloading
[2282] 11/11/2020 -- 00:30:03 - (util-ioctl.c:322) <Warning> (SetEthtoolValue) -- [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'eth0': Not support)
[2282] 11/11/2020 -- 00:30:03 - (runmode-af-packet.c:708) <Config> (ParseAFPConfig) -- eth0: enabling zero copy mode by using data release call
[2282] 11/11/2020 -- 00:30:03 - (util-runmodes.c:264) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 2 thread(s)
[2289] 11/11/2020 -- 00:30:03 - (util-magic.c:78) <Error> (MagicInitContext) -- [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: could not find any valid magic files!
[2290] 11/11/2020 -- 00:30:03 - (util-magic.c:78) <Error> (MagicInitContext) -- [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: could not find any valid magic files!
[2282] 11/11/2020 -- 00:30:03 - (flow-manager.c:1063) <Config> (FlowManagerThreadSpawn) -- using 1 flow manager threads
[2282] 11/11/2020 -- 00:30:03 - (flow-manager.c:1266) <Config> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
[2282] 11/11/2020 -- 00:30:03 - (util-conf.c:161) <Info> (ConfUnixSocketIsEnable) -- Running in live mode, activating unix socket
[2282] 11/11/2020 -- 00:30:03 - (unix-manager.c:132) <Info> (UnixNew) -- Using unix socket file '/var/run/suricata/suricata-command.socket'
[2282] 11/11/2020 -- 00:30:03 - (unix-manager.c:149) <Info> (Un[  135.758385] device eth0 entered promiscuous mode
ixNew) -- Created socket directory /var/run/suricata/
[2282] 11/11/2020 -- 00:30:03 - (tm-threads.c:1964) <Notice> (TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 4 management threads initialized, engine started.
[2289] 11/11/2020 -- 00:30:04 - (source-af-packet.c:1742) <Perf> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=1 frame_size=1600 frame_nr=20
[2290] 11/11/2020 -- 00:30:04 - (source-af-packet.c:1742) <Perf> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=1 frame_size=1600 frame_nr=20
[2290] 11/11/2020 -- 00:30:04 - (source-af-packet.c:507) <Info> (AFPPeersListReachedInc) -- All AFP capture threads are running.
48

Great! How did you end up fixing it?

Can you share the whole cross compile process so others can learn from it?

Thanks!

49

Rust was the issue, at least, the overwhelming issue.

Rustup, which is what anyone you ask for rust help will tell you to use, is precompiled for -mhard-float and statically linked. My platform requires -msoft-float and dynamic linking.

This means I had to compile rust/cargo from source. Rust has acknowledged issues with cross-compiling that I worked around by compiling rust/cargo into distro tarballs and then installing them inside the OpenWrt buildroot. I had to create a custom rust triple to make it work (mips64_unknown_linux_muslabi64sf for soft-float). I had to patch the source to add the custom target. I fully blame the added convoluted mixture of doing this with OpenWrt causing a LOT of the issues :wink:

Now I’m working through some Suricata stuff with the ./configure flags, and ensuring things are in-place inside OpenWrt.

I cannot get suricata-update to build… At all… I’ve got a suricata-update directory with the various .pyc files, but nothing ever gets built out for it and the Configuration output shows “not bundled”…

CONFIGURE_ARGS = \
  	--prefix="/usr" \
  	--sysconfdir="/etc" \
  	--localstatedir="/var" \
  	--enable-nfqueue \
	--enable-ipfw \
     --enable-unittests \
     --enable-ebpf-build \
     --enable-debug \
     --enable-profiling \
     --enable-profiling-locks \
     --enable-ipfw \
     --enable-nfqueue \
     --enable-af-packet \
	--enable-luajit \
	--enable-geoip \
	--enable-unittests \
	--enable-hiredis \
	--host=$(RUSTC_TARGET_ARCH) \
	--build=$(RUSTC_HOST_ARCH) \
	--with-suricata-update=yes \
	--with-sysroot=$(STAGING_DIR)

Any suggestions?

50

Does the config.log contain more info?

@ish do you have ideas on how python is supposed to work in this case?

51

It’s failing to see my libyaml for some reason. I’m generating a build log now, but the short of it is that it says I need to install

    Warning: suricata-update will not be installed as the
        Python yaml module is not installed..

    Install the yaml module for Python 3 to enable
    suricata-update.

Can you tell me what exactly it is looking for?

52

It needs the Python yaml module for your version of Python. On Fedora/CentOS this is the python3-yaml package, looks like the package name is the same on Ubuntu. So look for something along those lines in your package manager. Failing a provided package, you may have to pip install PyYAML.

53

libyaml is there, though, so I’m not sure why it isn’t finding it. It finds all the other libs and includes… Any ideas?

./usr/lib/libyaml-cpp.so.0.6
./usr/lib/libyaml.so
./usr/lib/libyaml-cpp.so
./usr/lib/libyaml-0.so.2.0.9
./usr/lib/libyaml-0.so.2
./usr/lib/libyaml-cpp.so.0.6.3
./usr/lib/libyaml.a
./usr/include/yaml.h
./usr/include/yaml-cpp
./usr/include/yaml-cpp/yaml.h
54

Do you also have the python-yaml? The test our configure runs is $HAVE_PYTHON -c "import yaml" where $HAVE_PYTHON would be something like python3 or python or whatever the binary was. Keep in mind that for example Ubuntu has python3-yaml and python-yaml (py2). Make sure that the python versions match for the installed python yaml.