Suricata 6 for OpenWrt

Some rust packages are indeed arch dependent, usually x86-64. There is a crypto crate that I can't remember the name of that is like this, for example. Hyperscan is another.

Also, for those who are trying to run Suricata, please be aware that it is resource intensive compared to most residential router hardware. Using the public threat list, I was using 600Mb of RAM on device when I had it running and it will require the SoC cycles to inspect the packets, which will reduce your throughput on the device. I was using AFPacket round-robin to spread the load, if I recall correctly (it's been a while). There is a reason security network appliances usually mention both line speed throughput and inspection throughput. Keep this in mind when playing with Suricata (or Snort, for that matter).

By default, rust/host and things like Suricata should have a !@LOW_MEM Dependency which will keep it from showing on menuconfig. If it isn't a supported rust/host Arch, it won't show either.

I've been toying with an OpenWrt implementation of rustup in my spare time, but I've not gotten overly far in it due to time constraints.

1 Like

like "warning: dropping unsupported crate type cdylib for target aarch64-unknown-linux-musl
"

Hello @echelon ,

this link is not working anymore.

Could you please share it a new one? I would like to try compiling suricata 6.x.

Thanks in advance!

Here is it :

https://www.mediafire.com/file/fbesq125tsjcedr/suricata.zip/file

Thank you!

After few hours of work, I'm now stuck here:

Making all in rust
make[4]: Entering directory '/home/build/openwrt/build_dir/target-x86_64_musl/suricata-8.0.0/rust'
cd /home/build/openwrt/build_dir/target-x86_64_musl/suricata-8.0.0/rust && \
	 CARGO_HOME="/home/build/.cargo" \
	CARGO_TARGET_DIR="/home/build/openwrt/build_dir/target-x86_64_musl/suricata-8.0.0/rust/target" \
	/home/build/openwrt/staging_dir/target-x86_64_musl/host/bin/cargo build --release  \
		--features " ja3 ja4  " --target x86_64-unknown-linux-musl
   Compiling proc-macro2 v1.0.69
   Compiling unicode-ident v1.0.12
   Compiling autocfg v1.1.0
   Compiling typenum v1.17.0
   Compiling version_check v0.9.4
   Compiling memchr v2.4.1
   Compiling thiserror v1.0.50
   Compiling syn v1.0.109
   Compiling minimal-lexical v0.2.1
   Compiling libc v0.2.150
   Compiling serde v1.0.192
   Compiling subtle v2.4.1
error[E0463]: can't find crate for `core`
  |
  = note: the `x86_64-unknown-linux-musl` target may not be installed
  = help: consider downloading the target with `rustup target add x86_64-unknown-linux-musl`

error[E0463]: can't find crate for `compiler_builtins`

I'm building using 23.05.3 branch. Do I need to change to main?

For x86_64 I recommended glibc instead of musl, yes I am using main branch.

I haven't encountered such an error like yours, normally I am also compiling OpenWrt toolchain by my own from beginning.

1 Like

FYI..

Suricata 7.0.6..

grommish@DESKTOP-AW:~/openwrt/build_dir/target-mips64_octeonplus_64_musl/suricata-7.0.6/src$ file .libs/suricata
.libs/suricata: ELF 64-bit MSB executable, MIPS, MIPS64 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-mips64-sf.so.1, with debug_info, not stripped

This is using my rustup package rather than rust-lang that is already integrated into OpenWrt.

And no, I've not tested it on Hardware yet, as I've got to figure out what needs to be packaged and where.