vscode搭建suricata调试环境

一、环境

windows10 + wsl2

$ lsb_release  -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:        20.04
Codename:       focal

二、编译

2.1 下载源码

wget https://www.openinfosecfoundation.org/download/suricata-7.0.5.tar.gz

2.2 安装依赖

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

sudo apt-get install autoconf automake build-essential ccache clang curl git \
                    gosu jq libbpf-dev libcap-ng0 libcap-ng-dev libelf-dev \
                    libevent-dev libgeoip-dev libhiredis-dev libjansson-dev \
                    liblua5.1-dev libmagic-dev libnet1-dev libpcap-dev \
                    libpcre2-dev libtool libyaml-0-2 libyaml-dev m4 make \
                    pkg-config python3 python3-dev python3-yaml sudo zlib1g \
                    zlib1g-dev
cargo install --force cbindgen

2.3 编译安装

tar xf suricata-7.0.5.tar.gz
cd suricata-7.0.5
./configure --prefix=/opt/suricata7 --enable-debug
make -j8
sudo make install-full

三、使用vscode搭建调试环境

3.1 vscode插件

3.2 创建debug配置

{
    "configurations": [
    {
        "name": "suricata7",
        "type": "cppdbg",
        "request": "launch",
        "program": "/opt/suricata7/bin/suricata",
        "args": ["-r", "~/suricata-7.0.5/http.pcap", "--runmode", "single"],
        "stopAtEntry": false,
        "cwd": "${fileDirname}",
        "environment": [{"name": "SC_LOG_LEVEL", "value": "Debug"}],
        "externalConsole": false,
        "MIMode": "gdb",
        "setupCommands": [
            {
                "description": "Enable pretty-printing for gdb",
                "text": "-enable-pretty-printing",
                "ignoreFailures": true
            },
            {
                "description": "Set Disassembly Flavor to Intel",
                "text": "-gdb-set disassembly-flavor intel",
                "ignoreFailures": true
            }
        ]
    }
    ]
}

note:
安装目录/opt/suricata7的权限是root，导致后续读取配置时没有权限，因此执行了如下命令

sudo chown -R tree /opt/suricata7

debug成功