Project

General

Profile

Actions
Copy link

Bug #579

closed

PCRE_JIT fails on windows - Suricata 1.3.2 - falls back to regular PCRE handling

Added by Peter Manev about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.3.3
Affected Versions:
Effort:
Difficulty:
Label:

Description

3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/menu=\s*(ftps?|https?|php)\:\//Ui". Falling back to
regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\emerging-web_specif
ic_apps.rules:20662)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/topic\_title\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|k
ey[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|chang
e))/Ui". Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\
rules\emerging-web_specific_apps.rules:20665)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/attributeToSelect\x3d.+(s(cript|tyle\x3D)|on(mouse[a
-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|
change))/Ui". Falling back to regular PCRE handling (C:\Program Files\Suricata 1
.3.2\rules\emerging-web_specific_apps.rules:20671)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/img\_url\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a
-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/
Ui". Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rule
s\emerging-web_specific_apps.rules:20683)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/skin\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z]|
load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui".
 Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\em
erging-web_specific_apps.rules:20686)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/page\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z]|
load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui".
 Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\em
erging-web_specific_apps.rules:20689)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/action\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z
]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui
". Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\
emerging-web_specific_apps.rules:20692)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/articleID\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[
a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))
/Ui". Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rul
es\emerging-web_specific_apps.rules:20704)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/uid\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z]|l
oad|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui".
Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\eme
rging-web_specific_apps.rules:20707)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/IP=\s*(ftps?|https?|php)\:\//Ui". Falling back to re
gular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\emerging-web_specific
_apps.rules:20710)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/IP=\s*(ftps?|https?|php)\:\//Ui". Falling back to re
gular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\emerging-web_specific
_apps.rules:20713)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/wgDekiPluginPath=\s*(ftps?|https?|php)\:\//Ui". Fall
ing back to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\emergin
g-web_specific_apps.rules:20716)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/PASS\s.*?\x0d\x0aNICK\s.*?\x0d\x0aUSER\s.*?\s\d\s\d\
s\:\S/im". Falling back to regular PCRE handling (C:\Program Files\Suricata 1.3.
2\rules\emerging-worm.rules:42)
3/10/2012 -- 21:32:44 - <Warning> - [ERRCODE: SC_ERR_PCRE_STUDY(6)] - PCRE JIT c
ompiler does not support: "/Host\x3a ([0-9]{1,3}\.){3}[0-9]{1,3}/H". Falling bac
k to regular PCRE handling (C:\Program Files\Suricata 1.3.2\rules\emerging-worm.
rules:174)
3/10/2012 -- 21:32:45 - <Info> - 49 rule files processed. 12408 rules succesfull
y loaded, 0 rules failed
3/10/2012 -- 21:32:54 - <Info> - 12416 signatures processed. 728 are IP-only rul
es, 3825 are inspecting packet payload, 9340 inspect application layer, 74 are d
ecoder event only
3/10/2012 -- 21:32:54 - <Info> - building signature grouping structure, stage 1:
 adding signatures to signature source addresses... complete
3/10/2012 -- 21:32:54 - <Info> - building signature grouping structure, stage 2:
 building source address list... complete
3/10/2012 -- 21:32:56 - <Info> - building signature grouping structure, stage 3:
 building destination address lists... complete
Actions
Copy link
 #1

Updated by Victor Julien about 12 years ago

  • Description updated (diff)

Is this different from 1.3.1?

Actions
Copy link
 #2

Updated by Peter Manev about 12 years ago

it is only 1.3.2 that has that problem on Windows

Actions
Copy link
 #3

Updated by Victor Julien about 12 years ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 1.3.3
Actions
Copy link
 #4

Updated by Peter Manev about 12 years ago

1.4beta2 - has the same problem on windows.

thank you

Actions
Copy link
 #5

Updated by Victor Julien about 12 years ago

Looking at the diff between 1.3.1 and 1.3.2 nothing changed that should affect this, are you sure this isn't caused by a change on the system?

Actions
Copy link
 #6

Updated by Victor Julien about 12 years ago

To be sure, can you recheck 1.3.1?

Actions
Copy link
 #7

Updated by Peter Manev about 12 years ago

I am testing on the same systems (windows-wise) - but will have a look at it - to see if something comes up.

Actions
Copy link
 #8

Updated by Giuseppe Longo about 12 years ago

1.4beta2 has the same problem on debian, i'll check 1.3.2 version.

Actions
Copy link
 #9

Updated by Victor Julien about 12 years ago

What libpcre version are you using?

Actions
Copy link
 #10

Updated by Giuseppe Longo about 12 years ago

I'm using the 8.31 version.
However, i forgot to tell that i'm compiling it on ARM platform. On x86 platform, i've installed libpcre via apt-get and suricata just works fine.

Actions
Copy link
 #11

Updated by Victor Julien about 12 years ago

Thanks for the update. To me it sounds more like a ARM bug/missing implementation, maybe you can report it to the libpcre project.

Wrt to this ticket, I think I will just remove the warning. The warning does not indicate a loss of functionality, just that it falls back to a lower performance mode.

Actions
Copy link
 #12

Updated by Victor Julien about 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Removed the warning.

Actions
Copy link

Also available in: Atom PDF