我在機器A上編譯suricata成功,且在機器A上能正常運行suricata;如果把在機器A上編譯的suricata拷貝到機器B上運行,就會報錯:Illegal instruction。這讓我百思不得其解,隨後上網苦找了一番資料,介紹“Illegal instruction”錯誤的文章也不少,其中有一點說到了我這種情況,那就是CPU架構選擇的選項“-march”。
於是我查看了下我編譯suricata時的選項,其中並沒有指定-march選項,隨後我又關注了make時的日誌,下面是部分日誌:
gcc -DHAVE_CONFIG_H -I. -I.. -I../libhtp -I/usr/include -I/usr/include/nspr -I/usr/include/nss/ -I/usr/local/include/luajit-2.0/ -DLOCAL_STATE_DIR=\"/var\" -O2 -DRELEASE -Wextra -Werror-implicit-function-declaration -D_GNU_SOURCE -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DNFQ -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT alert-unified2-alert.o -MD -MP -MF .deps/alert-unified2-alert.Tpo -c -o alert-unified2-alert.o alert-unified2-alert.c
mv -f .deps/alert-unified2-alert.Tpo .deps/alert-unified2-alert.Po
gcc -DHAVE_CONFIG_H -I. -I.. -I../libhtp -I/usr/include -I/usr/include/nspr -I/usr/include/nss/ -I/usr/local/include/luajit-2.0/ -DLOCAL_STATE_DIR=\"/var\" -O2 -DRELEASE -Wextra -Werror-implicit-function-declaration -D_GNU_SOURCE -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DNFQ -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT app-layer.o -MD -MP -MF .deps/app-layer.Tpo -c -o app-layer.o app-layer.c
mv -f .deps/app-layer.Tpo .deps/app-layer.Po
gcc -DHAVE_CONFIG_H -I. -I.. -I../libhtp -I/usr/include -I/usr/include/nspr -I/usr/include/nss/ -I/usr/local/include/luajit-2.0/ -DLOCAL_STATE_DIR=\"/var\" -O2 -DRELEASE -Wextra -Werror-implicit-function-declaration -D_GNU_SOURCE -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DNFQ -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT app-layer-dcerpc.o -MD -MP -MF .deps/app-layer-dcerpc.Tpo -c -o app-layer-dcerpc.o app-layer-dcerpc.c
mv -f .deps/app-layer-dcerpc.Tpo .deps/app-layer-dcerpc.Po其中就指定-march=native,而該選項的意思是: ‘native’This selects the CPU to generate code for at compilation time by determining the processor type of the compiling machine. Using -march=native enables all instruction subsets supported by the local machine (hence the result might not run on different machines). Using-mtune=native produces code optimized for the local machine under the constraints of the selected instruction set.
有關-march=cpu-type的更多信息請移步:http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
那麼如何解決這個問題呢?我們可以查看下suricata的configure的選項:
root@joe:/install/suricata# ./configure -h
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
Program names:
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--disable-largefile omit support for large files
--enable-gccprotect Detect and use gcc hardening options
--enable-gccprofile Enable gcc profile info i.e -pg flag is set
--enable-gccmarch-native
Enable gcc march=native gcc 4.2 and later only
--enable-unittests Enable compilation of the unit tests
--enable-old-barnyard2 Use workaround for old barnyard2 in unified2 output
--enable-debug Enable debug output
--enable-debug-validation
Enable (debug) validation code output
--enable-profiling Enable performance profiling
--enable-profiling-locks
Enable performance profiling for locks
--enable-ipfw Enable FreeBSD IPFW support for inline IDP
--enable-unix-socket Enable unix socket [default=test]
--enable-nfqueue Enable NFQUEUE support for inline IDP
--enable-prelude Enable Prelude support for alerts
--enable-pfring Enable Native PF_RING support
--enable-af-packet Enable AF_PACKET support [default=yes]
--enable-non-bundled-htp
Enable the use of an already installed version of
htp
--enable-cuda Enable experimental CUDA pattern matching
--enable-dag Enable DAG capture
--enable-napatech Enabled Napatech Devices
--enable-luajit Enable Luajit support
--enable-geoip Enable GeoIP support
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot=DIR Search for dependent libraries within DIR
(or the compiler's sysroot if not specified).
--with-libpcre-includes=DIR libpcre include directory
--with-libpcre-libraries=DIR libpcre library directory
--with-libyaml-includes=DIR libyaml include directory
--with-libyaml-libraries=DIR libyaml library directory
--with-libpthread-includes=DIR libpthread include directory
--with-libpthread-libraries=DIR libpthread library directory
--with-libjansson-includes=DIR libjansson include directory
--with-libjansson-libraries=DIR libjansson library directory
--with-libnfnetlink-includes=DIR libnfnetlink include directory
--with-libnfnetlink-libraries=DIR libnfnetlink library directory
--with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory
--with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory
--with-netfilterforwin-includes=DIR netfilterforwin include directory
--with-libnetfilter_conntrack-includes=DIR libnetfilter_conntrack include directory
--with-libnetfilter_conntrack-libraries=DIR libnetfilter_conntrack library directory
--with-libprelude-prefix=PFX
Prefix where libprelude is installed (optional)
--with-libnet-includes=DIR libnet include directory
--with-libnet-libraries=DIR libnet library directory
--with-libpfring-includes=DIR libpfring include directory
--with-libpfring-libraries=DIR libpfring library directory
--with-libpcap-includes=DIR libpcap include directory
--with-libpcap-libraries=DIR libpcap library directory
--with-libhtp-includes=DIR libhtp include directory
--with-libhtp-libraries=DIR libhtp library directory
--with-cuda-includes=DIR cuda include directory
--with-cuda-libraries=DIR cuda library directory
--with-cuda-nvcc=DIR cuda nvcc compiler directory
--with-libcap_ng-includes=DIR libcap_ng include directory
--with-libcap_ng-libraries=DIR libcap_ng library directory
--with-dag-includes=DIR dagapi include directory
--with-dag-libraries=DIR dagapi library directory
--with-libnspr-includes=DIR libnspr include directory
--with-libnspr-libraries=DIR libnspr library directory
--with-libnss-includes=DIR libnss include directory
--with-libnss-libraries=DIR libnss library directory
--with-libmagic-includes=DIR libmagic include directory
--with-libmagic-libraries=DIR libmagic library directory
--with-napatech-includes=DIR napatech include directory
--with-napatech-libraries=DIR napatech library directory
--with-libluajit-includes=DIR libluajit include directory
--with-libluajit-libraries=DIR libluajit library directory
--with-libgeoip-includes=DIR libgeoip include directory
--with-libgeoip-libraries=DIR libgeoip library directory
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
PKG_CONFIG path to pkg-config utility
PKG_CONFIG_PATH
directories to add to pkg-config's search path
PKG_CONFIG_LIBDIR
path overriding pkg-config's built-in search path
LIBHTPMINVERSION_CFLAGS
C compiler flags for LIBHTPMINVERSION, overriding pkg-config
LIBHTPMINVERSION_LIBS
linker flags for LIBHTPMINVERSION, overriding pkg-config
LIBHTPMAXVERSION_CFLAGS
C compiler flags for LIBHTPMAXVERSION, overriding pkg-config
LIBHTPMAXVERSION_LIBS
linker flags for LIBHTPMAXVERSION, overriding pkg-config
LUAJIT_CFLAGS
C compiler flags for LUAJIT, overriding pkg-config
LUAJIT_LIBS linker flags for LUAJIT, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to the package provider.其中有一個選項:--enable-gccmarch-native,會默認指定-march=native。
所以我們要在configure的時候使用--disable-gccmarch-native選項就可以不指定-march=native。
參考:https://code.google.com/p/security-onion/issues/detail?id=26
博主所有文章已轉自私人博客 Joe 的個人博客,謝謝關注!