Update:
The suricata6 package is on hold for the time being. I'm having issues with suricata playing nice. I plan on continuing on, but I have to divert attention to getting rust-lang up on an arch other than mips64, and that takes just an enormous amount of time and computer resources.
Any update on this? Interested in this project 
Yes, it was a combination of the rust-lang tuple, suricata6 having issues with it's ATOMIC macros (which they are working on), and a few other things.
My goal at this point is to get rust-lang working across the various arches, but I can tell you it works on mips64 (the only device I have to test with), although it compiles on other archs untested. (x86_64, armv7, aarch64, mips, mipsel are currently supported by the rust-lang toolchain)
A small update because you spurred me on:
iperf3 test. The device is set for eth0 WAN into my LAN, so the test is going through the firewall and suricata6 to what it considers "external".
Device is a dual-core MIPS64 (1Ghz / 2000 BogoMIPS) with 1Gb RAM running
25/3/2022 -- 07:11:41 - <Info> - 2 rule files processed. 25035 rules successfully loaded, 0 rules failed
25/3/2022 -- 07:11:45 - <Info> - 25038 signatures processed. 1243 are IP-only rules, 4095 are inspecting packet payload, 19496 inspect application layer, 108 are decoder event only
With suricata6 disabled:
root@OpenWrt:/# iperf3 -c 192.168.200.197 -p 5201 -P2
Connecting to host 192.168.200.197, port 5201
[ 5] local 192.168.200.241 port 44646 connected to 192.168.200.197 port 5201
[ 7] local 192.168.200.241 port 44648 connected to 192.168.200.197 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 65.2 MBytes 547 Mbits/sec 53 211 KBytes
[ 7] 0.00-1.00 sec 43.0 MBytes 360 Mbits/sec 153 210 KBytes
[SUM] 0.00-1.00 sec 108 MBytes 907 Mbits/sec 206
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 1.00-2.00 sec 54.0 MBytes 453 Mbits/sec 0 211 KBytes
[ 7] 1.00-2.00 sec 53.4 MBytes 447 Mbits/sec 0 210 KBytes
[SUM] 1.00-2.00 sec 107 MBytes 900 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 2.00-3.00 sec 56.4 MBytes 474 Mbits/sec 0 211 KBytes
[ 7] 2.00-3.00 sec 55.9 MBytes 469 Mbits/sec 0 210 KBytes
[SUM] 2.00-3.00 sec 112 MBytes 943 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 3.00-4.00 sec 36.7 MBytes 308 Mbits/sec 234 208 KBytes
[ 7] 3.00-4.00 sec 69.0 MBytes 579 Mbits/sec 351 257 KBytes
[SUM] 3.00-4.00 sec 106 MBytes 886 Mbits/sec 585
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 4.00-5.00 sec 55.8 MBytes 468 Mbits/sec 0 221 KBytes
[ 7] 4.00-5.00 sec 56.2 MBytes 471 Mbits/sec 0 257 KBytes
[SUM] 4.00-5.00 sec 112 MBytes 939 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 5.00-6.00 sec 55.5 MBytes 465 Mbits/sec 0 221 KBytes
[ 7] 5.00-6.00 sec 56.5 MBytes 474 Mbits/sec 0 257 KBytes
[SUM] 5.00-6.00 sec 112 MBytes 939 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 6.00-7.00 sec 56.2 MBytes 472 Mbits/sec 0 221 KBytes
[ 7] 6.00-7.00 sec 56.1 MBytes 470 Mbits/sec 0 257 KBytes
[SUM] 6.00-7.00 sec 112 MBytes 942 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 7.00-8.00 sec 53.9 MBytes 452 Mbits/sec 0 221 KBytes
[ 7] 7.00-8.00 sec 53.9 MBytes 452 Mbits/sec 0 257 KBytes
[SUM] 7.00-8.00 sec 108 MBytes 903 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 8.00-9.00 sec 42.8 MBytes 359 Mbits/sec 126 204 KBytes
[ 7] 8.00-9.00 sec 64.8 MBytes 544 Mbits/sec 228 211 KBytes
[SUM] 8.00-9.00 sec 108 MBytes 903 Mbits/sec 354
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 9.00-10.00 sec 55.9 MBytes 469 Mbits/sec 0 211 KBytes
[ 7] 9.00-10.00 sec 55.6 MBytes 467 Mbits/sec 0 211 KBytes
[SUM] 9.00-10.00 sec 112 MBytes 935 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 532 MBytes 447 Mbits/sec 413 sender
[ 5] 0.00-10.00 sec 531 MBytes 446 Mbits/sec receiver
[ 7] 0.00-10.00 sec 564 MBytes 473 Mbits/sec 732 sender
[ 7] 0.00-10.00 sec 563 MBytes 472 Mbits/sec receiver
[SUM] 0.00-10.00 sec 1.07 GBytes 920 Mbits/sec 1145 sender
[SUM] 0.00-10.00 sec 1.07 GBytes 918 Mbits/sec receiver
iperf Done.
root@OpenWrt:/#
With suricata6 enabled:
@OpenWrt:/# ps -auxw
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1860 1404 ? Ss 04:04 0:05 /sbin/procd
root 2 0.0 0.0 0 0 ? S 04:04 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I< 04:04 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< 04:04 0:00 [rcu_par_gp]
root 8 0.0 0.0 0 0 ? I< 04:04 0:00 [mm_percpu_wq]
root 9 0.0 0.0 0 0 ? S 04:04 0:03 [ksoftirqd/0]
root 10 0.0 0.0 0 0 ? I 04:04 0:01 [rcu_sched]
root 11 0.0 0.0 0 0 ? S 04:04 0:00 [migration/0]
root 12 0.0 0.0 0 0 ? S 04:04 0:00 [cpuhp/0]
root 13 0.0 0.0 0 0 ? S 04:04 0:00 [cpuhp/1]
root 14 0.0 0.0 0 0 ? S 04:04 0:00 [migration/1]
root 15 0.0 0.0 0 0 ? S 04:04 0:00 [ksoftirqd/1]
root 17 0.0 0.0 0 0 ? I< 04:04 0:00 [kworker/1:0H-kblockd]
root 18 0.0 0.0 0 0 ? I< 04:04 0:00 [netns]
root 19 0.0 0.0 0 0 ? I 04:04 0:00 [kworker/u4:1-flush-7:0]
root 170 0.0 0.0 0 0 ? I 04:04 0:00 [kworker/0:2-events]
root 175 0.0 0.0 0 0 ? S 04:04 0:00 [oom_reaper]
root 176 0.0 0.0 0 0 ? I< 04:04 0:00 [writeback]
root 178 0.0 0.0 0 0 ? S 04:04 0:00 [kcompactd0]
root 183 0.0 0.0 0 0 ? I< 04:04 0:00 [pencrypt_serial]
root 185 0.0 0.0 0 0 ? I< 04:04 0:00 [pdecrypt_serial]
root 190 0.0 0.0 0 0 ? I< 04:04 0:00 [kblockd]
root 192 0.0 0.0 0 0 ? I< 04:04 0:00 [blkcg_punt_bio]
root 208 0.0 0.0 0 0 ? I< 04:04 0:00 [edac-poller]
root 219 0.0 0.0 0 0 ? S 04:04 0:00 [watchdogd]
root 242 0.0 0.0 0 0 ? S 04:04 0:00 [kswapd0]
root 348 0.0 0.0 0 0 ? I< 04:04 0:00 [kthrotld]
root 449 0.0 0.0 0 0 ? I 04:04 0:00 [kworker/1:2-events]
root 484 0.0 0.0 0 0 ? I< 04:04 0:00 [ipv6_addrconf]
root 486 0.0 0.0 0 0 ? I< 04:04 0:00 [dsa_ordered]
root 491 0.0 0.0 0 0 ? I< 04:04 0:00 [mmc_complete]
root 494 0.0 0.0 0 0 ? I< 04:04 0:00 [kworker/0:1H-mmc_complete]
root 510 0.0 0.0 0 0 ? I< 04:04 0:00 [kworker/0:2H]
root 581 0.0 0.0 0 0 ? S< 04:04 0:00 [loop0]
root 584 0.0 0.0 0 0 ? S 04:04 0:00 [f2fs_flush-7:0]
root 585 0.0 0.0 0 0 ? S 04:04 0:00 [f2fs_discard-7:]
root 586 0.0 0.0 0 0 ? S 04:04 0:00 [f2fs_gc-7:0]
ubus 635 0.0 0.1 1452 1108 ? S 04:04 0:00 /sbin/ubusd
root 636 0.0 0.1 1628 1328 ttyS0 Ss 04:04 0:00 /bin/ash --login
root 670 0.0 0.0 1192 904 ? S 04:04 0:07 /sbin/urngd
logd 928 0.0 0.0 1432 960 ? S 04:04 0:00 /sbin/logd -S 64
root 980 0.0 0.1 2420 1744 ? S 04:04 0:00 /sbin/rpcd -s /var/run/ubus/ubus.sock -t 30
root 1066 0.0 0.0 0 0 ? I< 04:04 0:00 [kworker/1:2H]
root 1210 0.0 0.1 1272 1008 ? S 04:05 0:00 /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300 -T 3
root 1321 0.0 0.1 2036 1532 ? S 04:05 0:01 /sbin/netifd
root 1377 0.0 0.1 1776 1208 ? S 04:05 0:00 /usr/sbin/odhcpd
root 1530 0.0 0.2 4316 2684 ? S 04:05 0:00 /usr/sbin/uhttpd -f -h /www -r OpenWrt -x /cgi-bin -u /ubus -t 60 -
root 1824 0.0 0.0 0 0 ? I 04:05 0:02 [kworker/0:3-events_power_efficient]
root 2100 0.0 0.1 2828 1340 ? S 04:05 0:00 /sbin/ujail -t 5 -n ntpd -U ntp -G ntp -C /etc/capabilities/ntpd.js
ntp 2117 0.0 0.1 1608 1208 ? S 04:05 0:00 /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 0.openwrt.pool.nt
root 2208 0.0 0.0 1220 928 ? S 04:05 0:00 odhcp6c -s /lib/netifd/dhcpv6.script -P0 -t120 eth0
root 2213 0.0 0.0 1608 692 ? S 04:05 0:00 udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd/dhcp.script -f -t
root 2279 0.0 0.1 2828 1328 ? S 04:05 0:00 /sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/ubus -r /etc/TZ -r /etc/d
dnsmasq 2280 0.0 0.1 1656 1272 ? S 04:05 0:00 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run
root 13331 0.0 0.0 0 0 ? I 06:55 0:00 [kworker/u4:0-edac-poller]
root 13673 0.0 0.0 0 0 ? I 06:59 0:00 [kworker/1:0]
root 14380 97.5 55.2 560464 534020 ? Sl 07:11 2:24 /usr/bin/suricata -c /etc/suricata/suricata.yaml -s /var/lib/surica
root 14680 0.0 0.1 1896 1128 ttyS0 R+ 07:13 0:00 ps -auxw
root@OpenWrt:/# free
total used free shared buff/cache available
Mem: 965988 551012 265960 41184 149016 316448
Swap: 652040 0 652040
root@OpenWrt:/# iperf3 -c 192.168.200.197 -p 5201 -P2
Connecting to host 192.168.200.197, port 5201
[ 5] local 192.168.200.241 port 44652 connected to 192.168.200.197 port 5201
[ 7] local 192.168.200.241 port 44654 connected to 192.168.200.197 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 63.2 MBytes 529 Mbits/sec 45 235 KBytes
[ 7] 0.00-1.00 sec 39.4 MBytes 329 Mbits/sec 141 187 KBytes
[SUM] 0.00-1.00 sec 103 MBytes 858 Mbits/sec 186
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 1.00-2.01 sec 51.8 MBytes 433 Mbits/sec 0 235 KBytes
[ 7] 1.00-2.01 sec 50.8 MBytes 424 Mbits/sec 0 212 KBytes
[SUM] 1.00-2.01 sec 102 MBytes 857 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 2.01-3.00 sec 53.8 MBytes 454 Mbits/sec 0 235 KBytes
[ 7] 2.01-3.00 sec 54.2 MBytes 457 Mbits/sec 0 212 KBytes
[SUM] 2.01-3.00 sec 108 MBytes 911 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 3.00-4.00 sec 55.2 MBytes 464 Mbits/sec 0 235 KBytes
[ 7] 3.00-4.00 sec 55.7 MBytes 467 Mbits/sec 0 212 KBytes
[SUM] 3.00-4.00 sec 111 MBytes 932 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 4.00-5.02 sec 51.8 MBytes 428 Mbits/sec 0 235 KBytes
[ 7] 4.00-5.02 sec 49.9 MBytes 411 Mbits/sec 0 212 KBytes
[SUM] 4.00-5.02 sec 102 MBytes 839 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 5.02-6.02 sec 47.9 MBytes 399 Mbits/sec 0 235 KBytes
[ 7] 5.02-6.02 sec 48.5 MBytes 405 Mbits/sec 0 212 KBytes
[SUM] 5.02-6.02 sec 96.4 MBytes 804 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 6.02-7.00 sec 53.0 MBytes 455 Mbits/sec 0 235 KBytes
[ 7] 6.02-7.00 sec 52.5 MBytes 451 Mbits/sec 0 212 KBytes
[SUM] 6.02-7.00 sec 106 MBytes 905 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 7.00-8.02 sec 56.2 MBytes 463 Mbits/sec 0 235 KBytes
[ 7] 7.00-8.02 sec 56.2 MBytes 463 Mbits/sec 0 212 KBytes
[SUM] 7.00-8.02 sec 112 MBytes 927 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 8.02-9.01 sec 50.0 MBytes 423 Mbits/sec 204 215 KBytes
[ 7] 8.02-9.01 sec 50.4 MBytes 426 Mbits/sec 206 224 KBytes
[SUM] 8.02-9.01 sec 100 MBytes 849 Mbits/sec 410
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 9.01-10.03 sec 51.2 MBytes 421 Mbits/sec 0 215 KBytes
[ 7] 9.01-10.03 sec 51.2 MBytes 421 Mbits/sec 0 224 KBytes
[SUM] 9.01-10.03 sec 102 MBytes 843 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.03 sec 534 MBytes 447 Mbits/sec 249 sender
[ 5] 0.00-10.03 sec 534 MBytes 447 Mbits/sec receiver
[ 7] 0.00-10.03 sec 509 MBytes 425 Mbits/sec 347 sender
[ 7] 0.00-10.03 sec 509 MBytes 425 Mbits/sec receiver
[SUM] 0.00-10.03 sec 1.02 GBytes 872 Mbits/sec 596 sender
[SUM] 0.00-10.03 sec 1.02 GBytes 872 Mbits/sec receiver
iperf Done.
root@OpenWrt:/#
I'm still working on everything, but Suricata has some issues they need to work through that have previously been unreported. There are now known issues with how their SC_ATOMIC_GET macro is working inside they host source, which makes it unable (at least under Mips64) to set memcap values for the hash tables. The workaround, so far, is to comment out all of the memcap calls in the suricata.yaml, which sets it to a pre-determined default (16Mb/4096 hash-table).
There is another issue they are looking at where suricata is unable to read/understand it's own runtime.
Date: 3/26/2022 -- 16:55:54 (uptime: -24855d, -3h -14m -8s) <- Is what suricata is reporting in the stats.log file. It's also been reported, but I don't know what (if any) effect this might have (cosmetic? more? Dunno).
The single biggest issue I'm having right now is that anytime I change rust-lang, it's a minimum of a 2 1/2 hour recompile of just the rust-lang toolchain before I can get to anything else. I'm working to see if the dist archives I make can be re-used to significantly reduce this on subsequent recompiles (or avoiding compiling altogether if the toolchain can just be pulled from the Openwrt repo), but this has to be the absolute last step since I can't take any chances of things I change with the toolchain being missed or not incorporated because it uses the previously compiled bins.
@Beniamin - If you have a device you believe can/will suricata, let me know. My device is a dual-core MIPS64 @1Ghz with 1Gb RAM (which suricata, with the standard free-ET ruleset, takes about 55% of). suricata-update does work, so changing the ruleset shouldn't be terribly difficult. I will be updating the various PRs as I make progress on them, but having someone with something other than a MIPS64 SoC to help test various things would help speed things along. If anyone is interested, let me know (or post a device and arch so I can actively work on that next).
Hello grommish im new user of openwrt. Could i know how to use files u release?https://github.com/Itus-Shield/packages/tree/working i compile openwrt with ubuntu. Thank u for your reply!
Are you building from source? If not, check out https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem to setup your build environment.
The way I do it (and I'm sure someone will suggest a different/better way) is that after you have setup and cloned, run the required ./scripts/feeds update -a && ./scripts/feeds install -a.
Then, I go into feeds/packages and:
git remote add <remote-name> https://github.com/Itus-Shield/packages.git
git checkout <remote-name>/working
After that, verify you have the feeds/packages/lang/rust directory.
Then, I just ./scripts/feeds update -i -f && ./scripts/feeds install -a
The first will update the index and the second will install the packages it finds.
Now, I am actively working in those repos, so there is probably a better way to do this for people who aren't. Hopefully, anyone with a better way for that demographic will post.
As a note, I would suggest building rust-lang before attempting to build the other packages because it takes so long. What arch are you going to attempt to build for?
make -j$(nproc) V=sc package/feeds/packages/rust/host/compile will build the toolchain and let you watch it, because.. yes, it will be a while. (This should only need to be done once per arch you are targetting)
Then, you can make menuconfig, go into Network, Firewall, and select suricata-update and suricata6, along with whatever options you may want to add.
It's an involve setup at the point, simply because it isn't integrated yet. If you run into any problems/questions, let me know.
Thank you very much for reply!! I will try that with your advice. And i think my arch is 'x86_64'?(sorry, i think i misunderstand this word, cause english is not my mother tongue. And i learn openwrt with my laptop)
Are you trying to build Suricata for a specific router device? Or are you wanting to run OpenWrt on a PC?
I run it on PC.
Ok. I would honestly wait until I can do further testing on x86_64, as getting it built for OpenWrt is involved at this point without a guarantee that it will work
Nevermind, this can help me familiar with the whole process. Thank you again for all your work! Wish everything goes well!
I am just not sure suricata would actually compile, or run if it does, for x86_64. My only test device is a mips64 device, so that is what I've been doing all my testing on. I just want you to be aware that it might not work, even after going through all the hassle!
If you want to continue with that understanding, I would appreciate it and will help work through whatever issues I can!
doing some testing seems it doesnt understand how to build ebpf on 23.05
checking for dlfcn.h... (cached) yes
checking for plugin support... yes
configure: error: unable to find any of needed to build ebpf files
make[3]: *** [Makefile:174: /home/dingo/openwrt/build_dir/target-aarch64_cortex-a53_musl/suricata-6.0.4/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
make[3]: Leaving directory '/home/dingo/openwrt/package/network/suricata6'
time: package/network/suricata6/compile#4.53#1.17#5.33
ERROR: package/network/suricata6 failed to build.
make[2]: *** [package/Makefile:120: package/network/suricata6/compile] Error 1
make[2]: Leaving directory '/home/dingo/openwrt'
make[1]: *** [package/Makefile:114: /home/dingo/openwrt/staging_dir/target-aarch64_cortex-a53_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/dingo/openwrt'
make: *** [/home/dingo/openwrt/include/toplevel.mk:232: world] Error 2
Trying to port suricata 7 based on @Grommish works.
Compilation continuing up until ./rust dir :
)
OpenWrt-libtool: link: (cd .libs/libhtp.lax/liblzma-c.a && x86_64-openwrt-linux-gnu-gcc-ar x "/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/htp/lzma/.libs/liblzma-c.a")
OpenWrt-libtool: link: x86_64-openwrt-linux-gnu-gcc-ar cr .libs/libhtp.a .libs/libhtp.lax/libhtp-c.a/bstr.o .libs/libhtp.lax/libhtp-c.a/bstr_builder.o .libs/libhtp.lax/libhtp-c.a/htp_base64.o .libs/libhtp.lax/libhtp-c.a/htp_config.o .libs/libhtp.lax/libhtp-c.a/htp_connection.o .libs/libhtp.lax/libhtp-c.a/htp_connection_parser.o .libs/libhtp.lax/libhtp-c.a/htp_content_handlers.o .libs/libhtp.lax/libhtp-c.a/htp_cookies.o .libs/libhtp.lax/libhtp-c.a/htp_decompressors.o .libs/libhtp.lax/libhtp-c.a/htp_hooks.o .libs/libhtp.lax/libhtp-c.a/htp_list.o .libs/libhtp.lax/libhtp-c.a/htp_multipart.o .libs/libhtp.lax/libhtp-c.a/htp_parsers.o .libs/libhtp.lax/libhtp-c.a/htp_php.o .libs/libhtp.lax/libhtp-c.a/htp_request.o .libs/libhtp.lax/libhtp-c.a/htp_request_apache_2_2.o .libs/libhtp.lax/libhtp-c.a/htp_request_generic.o .libs/libhtp.lax/libhtp-c.a/htp_request_parsers.o .libs/libhtp.lax/libhtp-c.a/htp_response.o .libs/libhtp.lax/libhtp-c.a/htp_response_generic.o .libs/libhtp.lax/libhtp-c.a/htp_table.o .libs/libhtp.lax/libhtp-c.a/htp_transaction.o .libs/libhtp.lax/libhtp-c.a/htp_transcoder.o .libs/libhtp.lax/libhtp-c.a/htp_urlencoded.o .libs/libhtp.lax/libhtp-c.a/htp_utf8_decoder.o .libs/libhtp.lax/libhtp-c.a/htp_util.o .libs/libhtp.lax/libhtp-c.a/strlcat.o .libs/libhtp.lax/libhtp-c.a/strlcpy.o .libs/libhtp.lax/liblzma-c.a/LzFind.o .libs/libhtp.lax/liblzma-c.a/LzmaDec.o
OpenWrt-libtool: link: x86_64-openwrt-linux-gnu-gcc-ranlib .libs/libhtp.a
OpenWrt-libtool: link: rm -fr .libs/libhtp.lax
OpenWrt-libtool: link: ( cd ".libs" && rm -f "libhtp.la" && ln -s "../libhtp.la" "libhtp.la" )
make[7]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/htp'
make[6]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/htp'
Making all in test
make[6]: Entering directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/test'
make[6]: Nothing to be done for 'all'.
make[6]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/test'
Making all in docs
make[6]: Entering directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/docs'
make[6]: Nothing to be done for 'all'.
make[6]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp/docs'
make[6]: Entering directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp'
make[6]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp'
make[5]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp'
make[4]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/libhtp'
Making all in rust
make[4]: Entering directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/rust'
\
CARGO_HOME="/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo" \
CARGO_TARGET_DIR="/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/rust/target" \
/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo/bin/cargo build \
--features "lua debug "
warning: Both `/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo/config` and `/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo/config.toml` exist. Using `/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo/config`
error: could not execute process `rustc -vV` (never executed)
Caused by:
No such file or directory (os error 2)
make[4]: *** [Makefile:545: all-local] Error 101
make[4]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/rust'
make[3]: *** [Makefile:491: all-recursive] Error 1
make[3]: Leaving directory '/home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2'
make[2]: *** [Makefile:188: /home/username/works/openwrt/build_dir/target-x86_64_glibc_custom/suricata-7.0.2/.built] Error 2
make[2]: Leaving directory '/home/username/works/openwrt/feeds/packages/net/suricata'
time: package/feeds/packages/suricata/compile#58.37#39.06#100.12
ERROR: package/feeds/packages/suricata failed to build.
make[1]: *** [package/Makefile:120: package/feeds/packages/suricata/compile] Error 1
make[1]: Leaving directory '/home/username/works/openwrt'
make: *** [/home/username/works/openwrt/include/toplevel.mk:232: package/suricata/compile] Error 2
First you need to use remaining files from this branch
https://github.com/Itus-Shield/packages/tree/working/net/suricata6
And my Suricata 7 Makefile replacement
# SPDX-License-Identifier: GPL-2.0-only
include $(TOPDIR)/rules.mk
PKG_NAME:=suricata
PKG_VERSION:=7.0.2
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=https://github.com/OISF/suricata.git
PKG_SOURCE_DATE:=2023-08-30
PKG_SOURCE_VERSION:=af4bb917dc9842229445683b5ce2f955faa464c2
PKG_FIXUP:=autoreconf
#PKG_REMOVE_FILES:=autogen.sh
PKG_FIXUP:=patch-libtool
PKG_BUILD_DEPENDS:=rust/host python3/host
include $(INCLUDE_DIR)/package.mk
include ../../lang/rust/rust-values.mk
PKG_CONFIG_DEPENDS:= \
CONFIG_SURICATA_ENABLE_LUAJIT \
CONFIG_SURICATA_ENABLE_PYTON \
CONFIG_SURICATA_ENABLE_GCCPROTECT \
CONFIG_SURICATA_ENABLE_GCCPROFILE \
CONFIG_SURICATA_ENABLE_PROFILING \
CONFIG_SURICATA_ENABLE_NFQUEUE \
CONFIG_SURICATA_ENABLE_NFLOG \
CONFIG_SURICATA_ENABLE_GEOIP \
CONFIG_SURICATA_ENABLE_LIBMAGIC \
CONFIG_SURICATA_ENABLE_DEBUG \
CONFIG_SURICATA_ENABLE_HIREDIS \
CONFIG_SURICATA_ENABLE_EBPF \
define Package/suricata/config
source "$(SOURCE)/Config.in"
endef
CONFIGURE_VARS += \
CARGO_HOME="$(STAGING_DIR)/host/cargo" \
CLANG="$(STAGING_DIR_HOST)/llvm-bpf/bin/clang" \
LLC="$(STAGING_DIR_HOST)/llvm-bpf/bin/llc" \
ac_cv_path_CARGO="$(STAGING_DIR)/host/cargo/bin/cargo" \
ac_cv_path_RUSTC="$(STAGING_DIR)/host/cargo/bin/rustc" \
ac_cv_path_CBINDGEN="$(STAGING_DIR)/host/cargo/bin/cbindgen"\
CONFIGURE_ARGS += \
--target=$(RUSTC_TARGET_ARCH) \
--host=$(RUSTC_TARGET_ARCH) \
--build=$(RUSTC_HOST_ARCH) \
--enable-shared \
--disable-gccmarch-native \
--with-gnu-ld \
--with-sysroot=$(STAGING_DIR_HOST)
# --enable-non-bundled-htp \
# --with-libhtp-includes=$(STAGING_DIR_HOSTPKG)/include \
# --with-libhtp-libraries=$(STAGING_DIR_HOSTPKG)/lib
# --with-sysroot=$(TOOLCHAIN_DIR)
ifeq ($(CONFIG_SURICATA_ENABLE_PYTHON),y)
CONFIGURE_ARGS += --enable-python
endif
ifeq ($(CONFIG_SURICATA_ENABLE_LUAJIT),y)
CONFIGURE_ARGS += --enable-luajit
endif
ifeq ($(CONFIG_SURICATA_ENABLE_GCCPROTECT),y)
CONFIGURE_ARGS += --enable-gccprotect
endif
ifeq ($(CONFIG_SURICATA_ENABLE_GCCPROFILE),y)
CONFIGURE_ARGS += --enable-gccprofile
endif
# For now, x86_64 targets can't use PIE
ifneq ($(CONFIG_TARGET_x86),y)
ifeq ($(CONFIG_PKG_ASLR_PIE_ALL),y)
CONFIGURE_ARGS += --enable-pie
else
ifeq ($(CONFIG_PKG_ASLR_PIE_REGULAR),y)
CONFIGURE_ARGS += --enable-pie
endif
endif
endif
ifeq ($(CONFIG_SURICATA_ENABLE_NFQUEUE),y)
CONFIGURE_ARGS += --enable-nfqueue
endif
ifeq ($(CONFIG_SURICATA_ENABLE_GEOIP),y)
CONFIGURE_ARGS += --enable-geoip
endif
ifeq ($(CONFIG_SURICATA_ENABLE_LIBMAGIC),n)
CONFIGURE_ARGS += --disable-libmagic
endif
ifeq ($(CONFIG_SURICATA_ENABLE_DEBUG),y)
TARGET_CXXFLAGS += -ggdb3
CONFIGURE_ARGS += --enable-debug
endif
ifeq ($(CONFIG_SURICATA_ENABLE_HIREDIS),y)
CONFIGURE_ARGS += --enable-hiredis
endif
ifeq ($(CONFIG_SURICATA_ENABLE_EBPF),y)
CONFIGURE_ARGS += --enable-ebpf-build
endif
ifeq ($(CONFIG_SURICATA_ENABLE_NFLOG),y)
CONFIGURE_ARGS += --enable-nflog
endif
define Build/Prepare
$(call Build/Prepare/Default)
( \
export PATH="$(CARGO_HOME)/bin:$(STAGING_DIR_HOST)/llvm-bpf/bin:$(PATH)" ; \
export CARGO_HOME:=$(STAGING_DIR)/host/cargo ; \
cd $(PKG_BUILD_DIR) ; \
git clone https://github.com/OISF/libhtp.git ; \
$(CONFIGURE_VARS) cargo install --root=$(CARGO_HOME) cbindgen ; \
cd $(PKG_BUILD_DIR) && $(CONFIGURE_VARS) ./autogen.sh ; \
)
endef
define Package/suricata
SUBMENU:=Firewall
SECTION:=net
CATEGORY:=Network
DEPENDS:=@!SMALL_FLASH @!LOW_MEMORY_FOOTPRINT +libexpat +jansson +libelf +libbpf +libbsd +libpcre +libyaml +libpcap +libcap-ng \
+nspr +libnss +liblz4 +libatomic +libnet-1.2.x \
+CONFIG_SURICATA_ENABLE_NFLOG:libnetfilter-log \
+CONFIG_SURICATA_ENABLE_NFQUEUE:libnetfilter-queue +CONFIG_SURICATA_ENABLE_NFQUEUE:iptables-mod-nfqueue \
+CONFIG_SURICATA_ENABLE_HIREDIS:libhiredis +CONFIG_SURICATA_ENABLE_HIREDIS:libevent2 \
+CONFIG_SURICATA_ENABLE_LIBMAGIC:file \
+CONFIG_SURICATA_ENABLE_GEOIP:libmaxminddb \
+CONFIG_SURICATA_ENABLE_PYTHON:python3 +CONFIG_SURICATA_ENABLE_PYTHON:python3-yaml \
@HAS_LUAJIT_ARCH +luajit
TITLE:=OISF Suricata IDS
URL:=https://www.openinfosecfoundation.org/
MENU:=1
endef
define Package/suricata/description
Suricata is an open source-based intrusion detection system (IDS), intrusion
prevention system (IPS), and Network Monitoring System (NMS)
endef
define Package/suricata/conffiles
/etc/config/suricata
/etc/suricata/
endef
define Package/suricata/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricata $(1)/usr/bin/suricata
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricatactl $(1)/usr/bin/suricatactl
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricatasc $(1)/usr/bin/suricatasc
$(INSTALL_DIR) $(1)/usr/lib
$(CP) -r $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/include
$(CP) -r $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/etc/suricata
$(CP) $(PKG_BUILD_DIR)/suricata.yaml \
$(PKG_BUILD_DIR)/etc/classification.config \
$(PKG_BUILD_DIR)/threshold.config \
$(PKG_BUILD_DIR)/etc/reference.config \
$(1)/etc/suricata/
$(INSTALL_DIR) $(1)/usr/share/suricata/rules
$(CP) $(PKG_INSTALL_DIR)/usr/share/suricata/rules/* $(1)/usr/share/suricata/rules/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_BIN) ./files/etc/init.d/suricata $(1)/etc/init.d/suricata
$(INSTALL_CONF) ./files/etc/config/suricata $(1)/etc/config/suricata
endef
$(eval $(call BuildPackage,suricata))
In conclusion somehow when entering ./suricata-7.0.2/rust, the compilation process could not found rustc binaries while from my config.log it already detected and exist :
configure:29779: checking for rustc
configure:29815: result: /home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo/bin/rustc
configure:29838: checking for cargo
configure:29874: result: /home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/host/cargo/bin/cargo
configure:29907: checking for Rust version 1.63.0 or newer
configure:29925: result: yes
Finally managed to get a compiled Suricata 7 OpenWrt package , still testing it out on live x86-64 router system. Hopefully it will be usable or functional.
@efahl
Yup, it seems run fine enough, but it's quite sad we need either logstash, elasticsearch for UI or WEBUI.
[20870 - Suricata-Main] 2023-10-01 17:11:16 Info: detect: 2 rule files processed. 35168 rules successfully loaded, 35168 rules failed
[20870 - Suricata-Main] 2023-10-01 17:11:16 Info: threshold-config: Threshold config parsed: 0 rule(s) found
[20870 - Suricata-Main] 2023-10-01 17:11:16 Info: detect: 35171 signatures processed. 1248 are IP-only rules, 5282 are inspecting packet payload, 28429 inspect application layer, 108 are decoder event only
[20870 - Suricata-Main] 2023-10-01 17:11:18 Info: runmodes: pppoe-wan: creating 8 threads
[20870 - Suricata-Main] 2023-10-01 17:11:18 Info: runmodes: eth0: creating 8 threads
[20870 - Suricata-Main] 2023-10-01 17:11:18 Info: unix-manager: unix socket '/var/run/suricata/suricata-command.socket'
[20870 - Suricata-Main] 2023-10-01 17:11:20 Notice: threads: Threads created -> W: 16 FM: 1 FR: 1 Engine started.
Suricata 7.0.1 memory usage for really minimal internet usage in my home seems around +1.35 GB. I am not sure either for now we should we really limit it for x86-64 with minimum 2 GB of memory ?.
Still tiding up the Suricata 7 Makefile, really missed @Grommish !.
[EDIT]
The log after running for around 6-10 hours :
Hey @echelon I've been following this for a while now and it's great to see somebody get this up and running!
I don't mean to rush you at all but is there any update on getting that Suricata 7 makefile out?
Really looking forward to trying to set this up myself.
Metali mx64 have 2GB od ram and it's cheap . Performance may be not great because od this openwrt broadcom nonsense but perhaps may be nice device for suricata other to x86 and some arm targets with kota of ram.
It became finished experimentally, lot's of optimizations and fixes needed for the Makefile 
Suricata 7.0.2-DEV Revision #3 Package (Suricata git/snapshot)
Changelog :
Requires (temporarily) :
A small guidelines (For those who forgot or haven't know) :
The Suricata 7.0.2-DEV Revision #3 Packages file :
https://uploadnow.io/files/yW1pR5L