Project

General

Profile

Actions

Bug #372

closed

Cygwin build needs escapes for interface argument

Added by Rich Rumble about 13 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the Mingw build (a version or two ago) no escapes were needed to specify the network interface, but the cygwin builds require them when using the NIC UUID (not the IP). Actually even when using IP it "fails" at first, but somehow goes on:
USING THE IP ( -i 1.2.3.4 )

[4716] 10/11/2011 -- 16:13:42 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
[4716] 10/11/2011 -- 16:13:42 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
[4716] 10/11/2011 -- 16:13:42 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value
[4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}
[4672] 10/11/2011 -- 16:13:42 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0

USING THE NIC UUID (-i \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A} )

[5084] 10/11/2011 -- 16:17:05 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
[5084] 10/11/2011 -- 16:17:05 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
[5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A, using default value
[4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface DeviceNPF_BF708D28-C021-405D-B63A-9B0DF8BB586A
[4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0
[5084] 10/11/2011 -- 16:17:05 - (runmode-pcap.c:226) <Info> (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:346) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:358) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:368) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:374) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:380) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:397) <Info> (StreamTcpInitConfig) -- stream "checksum_validation": enabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:407) <Info> (StreamTcpInitConfig) -- stream."inline": disabled
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:416) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:426) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:449) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560
[5084] 10/11/2011 -- 16:17:05 - (stream-tcp.c:451) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560
[4180] 10/11/2011 -- 16:17:05 - (source-pcap.c:376) <Error> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error Error opening adapter: The system cannot find the device specified. (20)
[5084] 10/11/2011 -- 16:17:05 - (tm-threads.c:1793) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "ReceivePcap" closed on initialization.
[5084] 10/11/2011 -- 16:17:05 - (suricata.c:1551) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...


You can see that the backslashes are missing as well as the curly braces, but escaping them again and it works, I guess this fails at first too... ( -i \\Device\\NPF_\{BF708D28-C021-405D-B63A-9B0DF8BB586A\} )
[3832] 10/11/2011 -- 16:19:20 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
[3832] 10/11/2011 -- 16:19:20 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
[3832] 10/11/2011 -- 16:19:20 - (runmode-pcap.c:123) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}, using default value
[5996] 10/11/2011 -- 16:19:20 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{BF708D28-C021-405D-B63A-9B0DF8BB586A}

Actions

Also available in: Atom PDF