[Oisf-devel] Query about Suricata behaviour difference on x86 and XLP
Mahendra Ladhe
lml108 at yahoo.com
Fri Jul 18 11:03:48 UTC 2014
Output of 'suricata --build-info' is copied below.
This is Suricata version 2.0.2 RELEASE
Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT
SIMD support: none
Atomic intrisics: 1 2 4 8 byte(s)
64-bits, Big-endian architecture
GCC version 4.6.3, C version 199901
L1 cache line size (CLS)=64
compiled with LibHTP v0.5.12, linked against LibHTP v0.5.12
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: no
Detection enabled: yes
libnss support: no
libnspr support: no
libjansson support: no
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
libgeoip: no
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Suricatasc install: yes
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Coccinelle / spatch: no
Generic build parameters:
Installation prefix (--prefix): /projects/magnum/mladhe/suricata/install/suricata-2.0.2
Configuration directory (--sysconfdir): /projects/magnum/mladhe/suricata/install/suricata-2.0.2/etc/suricata/
Log directory (--localstatedir) : /projects/magnum/mladhe/suricata/install/suricata-2.0.2/var/log/suricata/
Host: mips64-nlm-linux-gnu
GCC binary: mips64-nlm-linux-gcc -EB
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: no
________________________________
From: Victor Julien <victor at inliniac.net>
To: oisf-devel at lists.openinfosecfoundation.org
Sent: Thursday, 17 July 2014 2:48 PM
Subject: Re: [Oisf-devel] Query about Suricata behaviour difference on x86 and XLP
On 07/17/2014 11:00 AM, Mahendra Ladhe wrote:
> I compiled Suricata 2.0.2 on an x86 machine running 64-bit Ubuntu
> 12.04.4 LTS
> (The processor is Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz)
> Then I ran it on a 230 MB pcap file with following command line
>
> $ sudo /usr/bin/suricata -c /etc/suricata//suricata.yaml -r
> ./purplehaze.pcap
>
> After a few seconds, it neatly exits after printing some log on the screen.
>
> Next I cross compiled Suricata same version and ran it on XLP processor
> (multi-core multi-threaded MIPS processor: 4 CPU threads per core * 16
> cores = 64 CPU threads)
> using the same command line
>
> $ suricata -r purplehaze.pcap -c /etc/suricata/suricata.yaml
>
> It prints the following lines and gets stuck after that.
>
> 2/6/1970 -- 10:42:14 - <Notice> - This is Suricata version 2.0.2 RELEASE
> 2/6/1970 -- 10:42:42 - <Warning> - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)]
> - Eve-log support not compiled in. Reconfigure/recompile with libjansson.
> 2/6/1970 -- 10:42:43 - <Notice> - all 97 packet processing threads, 3
> management threads initialized, engine started.
>
> It simply doesn't quit.
> Am I missing something here ?
> Why are the behaviours different on x86 and XLP with everything else
> remaining the same ?
Can you attach to the process with gdb and do:
set logging on
thread apply all bt
Then send us the output file (gdb.txt)?
Also, can you attach the output of 'suricata --build-info'?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140718/54e4a63c/attachment-0002.html>
More information about the Oisf-devel
mailing list