<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:10pt"><div style="" class=""><span style="" class="">Output of </span>'suricata --build-info' is copied below.</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;" class="">This is Suricata version 2.0.2 RELEASE<br style="" class="">Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT<br style="" class="">SIMD support: none<br style="" class="">Atomic intrisics: 1 2 4 8 byte(s)<br style="" class="">64-bits, Big-endian architecture<br style="" class="">GCC version 4.6.3, C version 199901<br style="" class="">L1 cache line size (CLS)=64<br style="" class="">compiled with LibHTP
 v0.5.12, linked against LibHTP v0.5.12<br style="" class="">Suricata Configuration:<br style="" class="">  AF_PACKET support:                       yes<br style="" class="">  PF_RING support:                         no<br style="" class="">  NFQueue support:                         no<br style="" class="">  NFLOG support:                           no<br style="" class="">  IPFW
 support:                            no<br style="" class="">  DAG enabled:                             no<br style="" class="">  Napatech enabled:                        no<br style="" class="">  Unix socket enabled:                     no<br style="" class="">  Detection enabled:                       yes<br style="" class=""><br style=""
 class="">  libnss support:                          no<br style="" class="">  libnspr support:                         no<br style="" class="">  libjansson support:                      no<br style="" class="">  Prelude support:                         no<br style="" class="">  PCRE
 jit:                                yes<br style="" class="">  LUA support:                             no<br style="" class="">  libluajit:                               no<br style="" class="">  libgeoip:                                no<br style="" class="">  Non-bundled
 htp:                         no<br style="" class="">  Old barnyard2 support:                   no<br style="" class="">  CUDA enabled:                            no<br style="" class=""><br style="" class="">  Suricatasc install:                      yes<br style="" class=""><br style="" class="">  Unit tests enabled:                      no<br style="" class="">  Debug output
 enabled:                    no<br style="" class="">  Debug validation enabled:                no<br style="" class="">  Profiling enabled:                       no<br style="" class="">  Profiling locks enabled:                 no<br style="" class="">  Coccinelle / spatch:                     no<br style="" class=""><br style="" class="">Generic build parameters:<br style="" class=""> Installation prefix (--prefix):         
 /projects/magnum/mladhe/suricata/install/suricata-2.0.2<br style="" class="">  Configuration directory (--sysconfdir): /projects/magnum/mladhe/suricata/install/suricata-2.0.2/etc/suricata/<br style="" class="">  Log directory (--localstatedir) :       /projects/magnum/mladhe/suricata/install/suricata-2.0.2/var/log/suricata/<br style="" class=""><br style="" class="">  Host:                                    mips64-nlm-linux-gnu<br style="" class="">  GCC binary:                              mips64-nlm-linux-gcc -EB<br style="" class="">  GCC Protect
 enabled:                     no<br style="" class="">  GCC march native enabled:                no<br style="" class="">  GCC Profile enabled:                     no<br style="" class=""><br style="" class=""></div><div style="" class=""><br style="" class=""></div>  <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 10pt;"> <div class="" style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="" class="" dir="ltr"> <hr style="" class="" size="1">  <font style="" class="" face="Arial" size="2"> <b style="" class=""><span class=""
 style="font-weight:bold;">From:</span></b> Victor Julien <victor@inliniac.net><br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">To:</span></b> oisf-devel@lists.openinfosecfoundation.org <br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">Sent:</span></b> Thursday, 17 July 2014 2:48 PM<br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">Subject:</span></b> Re: [Oisf-devel] Query about Suricata behaviour difference on x86 and XLP<br style="" class=""> </font> </div> <div style="" class=""><br style="" class="">On 07/17/2014 11:00 AM, Mahendra Ladhe wrote:<div style="" class="" id="yqtfd39523"><br style="" class="" clear="none">>   I compiled Suricata 2.0.2 on an x86 machine running 64-bit Ubuntu<br style="" class="" clear="none">> 12.04.4 LTS<br style="" class="" clear="none">> (The processor is Intel(R) Core(TM)2 Duo CPU   
  E7400  @ 2.80GHz)<br style="" class="" clear="none">> Then I ran it on a 230 MB pcap file with following command line<br style="" class="" clear="none">> <br style="" class="" clear="none">> $ sudo /usr/bin/suricata -c /etc/suricata//suricata.yaml -r<br style="" class="" clear="none">> ./purplehaze.pcap<br style="" class="" clear="none">> <br style="" class="" clear="none">> After a few seconds, it neatly exits after printing some log on the screen.<br style="" class="" clear="none">> <br style="" class="" clear="none">> Next I cross compiled Suricata same version and ran it on XLP processor<br style="" class="" clear="none">> (multi-core multi-threaded MIPS processor: 4 CPU threads per core * 16<br style="" class="" clear="none">> cores = 64 CPU threads)<br style="" class="" clear="none">> using the same command line<br style="" class="" clear="none">> <br style="" class="" clear="none">> $ suricata -r
 purplehaze.pcap -c /etc/suricata/suricata.yaml<br style="" class="" clear="none">> <br style="" class="" clear="none">> It prints the following lines and gets stuck after that.<br style="" class="" clear="none">> <br style="" class="" clear="none">> 2/6/1970 -- 10:42:14 - <Notice> - This is Suricata version 2.0.2 RELEASE<br style="" class="" clear="none">> 2/6/1970 -- 10:42:42 - <Warning> - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)]<br style="" class="" clear="none">> - Eve-log support not compiled in. Reconfigure/recompile with libjansson.<br style="" class="" clear="none">> 2/6/1970 -- 10:42:43 - <Notice> - all 97 packet processing threads, 3<br style="" class="" clear="none">> management threads initialized, engine started.<br style="" class="" clear="none">> <br style="" class="" clear="none">> It simply doesn't quit.<br style="" class="" clear="none">> Am I missing something here ?<br style="" class=""
 clear="none">> Why are the behaviours different on x86 and XLP with everything else<br style="" class="" clear="none">> remaining the same ?</div><br style="" class="" clear="none"><br style="" class="" clear="none">Can you attach to the process with gdb and do:<br style="" class="" clear="none"><br style="" class="" clear="none">set logging on<br style="" class="" clear="none">thread apply all bt<br style="" class="" clear="none"><br style="" class="" clear="none">Then send us the output file (gdb.txt)?<br style="" class="" clear="none"><br style="" class="" clear="none">Also, can you attach the output of 'suricata --build-info'?<br style="" class=""></div> </div> </div>  </div></body></html>