Some rust packages are indeed arch dependent, usually x86-64. There is a crypto crate that I can't remember the name of that is like this, for example. Hyperscan is another.
Also, for those who are trying to run Suricata, please be aware that it is resource intensive compared to most residential router hardware. Using the public threat list, I was using 600Mb of RAM on device when I had it running and it will require the SoC cycles to inspect the packets, which will reduce your throughput on the device. I was using AFPacket round-robin to spread the load, if I recall correctly (it's been a while). There is a reason security network appliances usually mention both line speed throughput and inspection throughput. Keep this in mind when playing with Suricata (or Snort, for that matter).
By default, rust/host and things like Suricata should have a !@LOW_MEM Dependency which will keep it from showing on menuconfig. If it isn't a supported rust/host Arch, it won't show either.
I've been toying with an OpenWrt implementation of rustup in my spare time, but I've not gotten overly far in it due to time constraints.
Hei man, I really have appreciated your work. I'm trying to get my own version of suricata (based on 8.0.0) compiled for x86-musl openwrt, do you still have the package's files for suricatav7? the link does not work anymore. thanks
Somethings to bear in mind:
You will need to revert it back to using rust-lang rather than my rustup package. While my rustup package works, it isn't finished and only works for mips64 primarily at the moment.
My package isn't finished. While I compile everything, including the rust code, I've stalled on gathering the installation files.
It might not be overly helpful, but it's something. Though, if 8 is out, I may just look at that.
Haven't tried much with musl or other architectures, only targeting x86_64 glibc. I have tried compiling for musl before but if I've remembered it right, it needs some patches on various OpenWrt packages.
Thanks for the fast reply, i was using the sdk for 23.05.5 that was using musl but after some attempts i decided to build the image with glibc.
Doing some research i saw that @Grommish was the "founder" XD.
You have all my respect for such a thing.
@echelon@Grommish Hello, I really hope you can help me.
I'm trying to cross compile Openwrt with Suricata from x86_64 (Ubuntu specifically) to aarch64(for a raspberry pi 3). Right now I'm using the same settings explained by Echelon (so "Compile with full language support", "xdp sockets enabled", etc.), the compilation goes until the rust part of Suricata where I get:
"error: linking with cc failed: exit status: 1"
While compiling sawp.
I tried searching on Google and I found that I should add, in the cargo home of the Openwrt environment, config.toml with:
Compiling suricata v8.0.0-dev (/home/gianiadi/suricata/openwrt/build_dir/target-aarch64_cortex-a53_glibc/suricata-8.0.0/rust)
error: linking with `aarch64-openwrt-linux-gnu-gcc` failed: exit status: 1
= note: /home/gianiadi/suricata/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.3.0_glibc/lib/gcc/aarch64-openwrt-linux-gnu/12.3.0/../../../../aarch64-openwrt-linux-gnu/bin/ld: /home/gianiadi/suricata/openwrt/build_dir/target-aarch64_cortex-a53_glibc/suricata-8.0.0/rust/target/aarch64-unknown-linux-gnu/release/deps/libsuricata_lua_sys-f181d4cf3290b5d9.rlib(lapi.o): Relocations in generic ELF (EM: 62)
/home/gianiadi/suricata/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.3.0_glibc/lib/gcc/aarch64-openwrt-linux-gnu/12.3.0/../../../../aarch64-openwrt-linux-gnu/bin/ld: /home/gianiadi/suricata/openwrt/build_dir/target-aarch64_cortex-a53_glibc/suricata-8.0.0/rust/target/aarch64-unknown-linux-gnu/release/deps/libsuricata_lua_sys-f181d4cf3290b5d9.rlib(lapi.o): Relocations in generic ELF (EM: 62)
/home/gianiadi/suricata/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.3.0_glibc/lib/gcc/aarch64-openwrt-linux-gnu/12.3.0/../../../../aarch64-openwrt-linux-gnu/bin/ld: /home/gianiadi/suricata/openwrt/build_dir/target-aarch64_cortex-a53_glibc/suricata-8.0.0/rust/target/aarch64-unknown-linux-gnu/release/deps/libsuricata_lua_sys-f181d4cf3290b5d9.rlib(lapi.o): Relocations in generic ELF (EM: 62)
/home/gianiadi/suricata/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.3.0_glibc/lib/gcc/aarch64-openwrt-linux-gnu/12.3.0/../../../../aarch64-openwrt-linux-gnu/bin/ld: /home/gianiadi/suricata/openwrt/build_dir/target-aarch64_cortex-a53_glibc/suricata-8.0.0/rust/target/aarch64-unknown-linux-gnu/release/deps/libsuricata_lua_sys-f181d4cf3290b5d9.rlib: error adding symbols: file in wrong format
collect2: error: ld returned 1 exit status
The problem seems to be that some libraries are compiled in a wrong way.
Online I found nothing so I hope that you can give some hint to find the root of the problem. Thank you very much.
Rust-lang isn't going to know what to do with aarch64-openwrt-linux-musl, as Rust-lang doesn't know anything about the OpenWrt toolchain defines, except for mips64-openwrt-linux-musl, which I upstreamed.
I'm trying to balance several open-ended projects along with work and holidays. I'm still working on using rustup and locally defined toolchains; I'm working on Suricata6 (which compiles fully, including the rust side of things, but I need to dig through the artifacts to see what and where things need to be packaged, etc), and the like.
Those EM: 62 errors are your system trying to use the host x86_64 compiler to cross-compile to aarch64 and failing.
Thanks for the reply, I managed to make it work too.
It's really strange that the Suricata-lua-sys library is configured to use host's gcc.
I've also tested it on a raspberry pi 3 and it seems to work just fine.
What about submit the suricata package to the Openwrt 's official repo?
I'm about to publish a GitHub repo with a complete guide about "how to build an Openwrt image with Suricata" where suricata could be the original 8.0.0 or a custom version (you can enable/disable protocols during the configure fase) so I'm documenting all the steps necessary.
Not yet, right now I'm testing on glibc and see if it works and adding some features for my custom Suricata.
I've tried some time ago and I got problems on functions like "fopen64" or "fstats64" but It was like 2 months ago.
After that I will try again.
I will let you know if it actually works.