一、环境
windows10 + wsl2
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
二、编译
2.1 下载源码
wget https://www.openinfosecfoundation.org/download/suricata-7.0.5.tar.gz
2.2 安装依赖
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
sudo apt-get install autoconf automake build-essential ccache clang curl git \
gosu jq libbpf-dev libcap-ng0 libcap-ng-dev libelf-dev \
libevent-dev libgeoip-dev libhiredis-dev libjansson-dev \
liblua5.1-dev libmagic-dev libnet1-dev libpcap-dev \
libpcre2-dev libtool libyaml-0-2 libyaml-dev m4 make \
pkg-config python3 python3-dev python3-yaml sudo zlib1g \
zlib1g-dev
cargo install --force cbindgen
2.3 编译安装
tar xf suricata-7.0.5.tar.gz
cd suricata-7.0.5
./configure --prefix=/opt/suricata7 --enable-debug
make -j8
sudo make install-full
三、使用vscode搭建调试环境
3.1 vscode插件
3.2 创建debug配置
{
"configurations": [
{
"name": "suricata7",
"type": "cppdbg",
"request": "launch",
"program": "/opt/suricata7/bin/suricata",
"args": ["-r", "~/suricata-7.0.5/http.pcap", "--runmode", "single"],
"stopAtEntry": false,
"cwd": "${fileDirname}",
"environment": [{"name": "SC_LOG_LEVEL", "value": "Debug"}],
"externalConsole": false,
"MIMode": "gdb",
"setupCommands": [
{
"description": "Enable pretty-printing for gdb",
"text": "-enable-pretty-printing",
"ignoreFailures": true
},
{
"description": "Set Disassembly Flavor to Intel",
"text": "-gdb-set disassembly-flavor intel",
"ignoreFailures": true
}
]
}
]
}
note:
安装目录/opt/suricata7的权限是root,导致后续读取配置时没有权限,因此执行了如下命令
sudo chown -R tree /opt/suricata7
debug成功
