运行suricata报错：Illegal instruction 解决方法

我在机器A上编译suricata成功，且在机器A上能正常运行suricata；如果把在机器A上编译的suricata拷贝到机器B上运行，就会报错：Illegal instruction。这让我百思不得其解，随后上网苦找了一番资料，介绍“Illegal instruction”错误的文章也不少，其中有一点说到了我这种情况，那就是CPU架构选择的选项“-march”。

于是我查看了下我编译suricata时的选项，其中并没有指定-march选项，随后我又关注了make时的日志，下面是部分日志：

gcc -DHAVE_CONFIG_H -I. -I..  -I../libhtp  -I/usr/include -I/usr/include/nspr -I/usr/include/nss/ -I/usr/local/include/luajit-2.0/ -DLOCAL_STATE_DIR=\"/var\" -O2 -DRELEASE -Wextra -Werror-implicit-function-declaration -D_GNU_SOURCE -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DNFQ -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H  -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT alert-unified2-alert.o -MD -MP -MF .deps/alert-unified2-alert.Tpo -c -o alert-unified2-alert.o alert-unified2-alert.c
mv -f .deps/alert-unified2-alert.Tpo .deps/alert-unified2-alert.Po
gcc -DHAVE_CONFIG_H -I. -I..  -I../libhtp  -I/usr/include -I/usr/include/nspr -I/usr/include/nss/ -I/usr/local/include/luajit-2.0/ -DLOCAL_STATE_DIR=\"/var\" -O2 -DRELEASE -Wextra -Werror-implicit-function-declaration -D_GNU_SOURCE -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DNFQ -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H  -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT app-layer.o -MD -MP -MF .deps/app-layer.Tpo -c -o app-layer.o app-layer.c
mv -f .deps/app-layer.Tpo .deps/app-layer.Po
gcc -DHAVE_CONFIG_H -I. -I..  -I../libhtp  -I/usr/include -I/usr/include/nspr -I/usr/include/nss/ -I/usr/local/include/luajit-2.0/ -DLOCAL_STATE_DIR=\"/var\" -O2 -DRELEASE -Wextra -Werror-implicit-function-declaration -D_GNU_SOURCE -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DNFQ -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H  -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT app-layer-dcerpc.o -MD -MP -MF .deps/app-layer-dcerpc.Tpo -c -o app-layer-dcerpc.o app-layer-dcerpc.c
mv -f .deps/app-layer-dcerpc.Tpo .deps/app-layer-dcerpc.Po

其中就指定-march=native，而该选项的意思是：

‘native’

This selects the CPU to generate code for at compilation time by determining the processor type of the compiling machine. Using  -march=native enables all instruction subsets supported by the local machine (hence the result might not run on different machines). Using -mtune=native produces code optimized for the local machine under the constraints of the selected instruction set.

有关-march=cpu-type的更多信息请移步：http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html

这里就说到，-march=native选项使本地机器支持所有的指令集（因此可能导致在不同的机器上不能运行），这也就是为什么在机器A上编译的suricata在机器A上运行没问题，在机器B上运行就会报错了。

那么如何解决这个问题呢？我们可以查看下suricata的configure的选项：

root@joe:/install/suricata# ./configure -h
`configure' configures this package to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
  -q, --quiet, --silent   do not print `checking ...' messages
      --cache-file=FILE   cache test results in FILE [disabled]
  -C, --config-cache      alias for `--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR [configure dir or `..']

Installation directories:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [/usr/local]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [PREFIX]

By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc.  You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.

For better control, use the options below.

Fine tuning of the installation directories:
  --bindir=DIR            user executables [EPREFIX/bin]
  --sbindir=DIR           system admin executables [EPREFIX/sbin]
  --libexecdir=DIR        program executables [EPREFIX/libexec]
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
  --infodir=DIR           info documentation [DATAROOTDIR/info]
  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
  --mandir=DIR            man documentation [DATAROOTDIR/man]
  --docdir=DIR            documentation root [DATAROOTDIR/doc/PACKAGE]
  --htmldir=DIR           html documentation [DOCDIR]
  --dvidir=DIR            dvi documentation [DOCDIR]
  --pdfdir=DIR            pdf documentation [DOCDIR]
  --psdir=DIR             ps documentation [DOCDIR]

Program names:
  --program-prefix=PREFIX            prepend PREFIX to installed program names
  --program-suffix=SUFFIX            append SUFFIX to installed program names
  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names

System types:
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --disable-dependency-tracking  speeds up one-time build
  --enable-dependency-tracking   do not reject slow dependency extractors
  --enable-shared[=PKGS]  build shared libraries [default=yes]
  --enable-static[=PKGS]  build static libraries [default=yes]
  --enable-fast-install[=PKGS]
                          optimize for fast installation [default=yes]
  --disable-libtool-lock  avoid locking (might break parallel builds)
  --disable-largefile     omit support for large files
  --enable-gccprotect     Detect and use gcc hardening options
  --enable-gccprofile     Enable gcc profile info i.e -pg flag is set
  --enable-gccmarch-native
                          Enable gcc march=native gcc 4.2 and later only
  --enable-unittests      Enable compilation of the unit tests
  --enable-old-barnyard2  Use workaround for old barnyard2 in unified2 output
  --enable-debug          Enable debug output
  --enable-debug-validation
                          Enable (debug) validation code output
  --enable-profiling      Enable performance profiling
  --enable-profiling-locks
                          Enable performance profiling for locks
  --enable-ipfw           Enable FreeBSD IPFW support for inline IDP
  --enable-unix-socket    Enable unix socket [default=test]
  --enable-nfqueue        Enable NFQUEUE support for inline IDP
  --enable-prelude        Enable Prelude support for alerts
  --enable-pfring         Enable Native PF_RING support
  --enable-af-packet      Enable AF_PACKET support [default=yes]
  --enable-non-bundled-htp
                          Enable the use of an already installed version of
                          htp
  --enable-cuda           Enable experimental CUDA pattern matching
  --enable-dag  Enable DAG capture
  --enable-napatech   Enabled Napatech Devices
  --enable-luajit  Enable Luajit support
  --enable-geoip  Enable GeoIP support

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
                          both]
  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
  --with-sysroot=DIR Search for dependent libraries within DIR
                        (or the compiler's sysroot if not specified).
  --with-libpcre-includes=DIR  libpcre include directory
  --with-libpcre-libraries=DIR    libpcre library directory
  --with-libyaml-includes=DIR  libyaml include directory
  --with-libyaml-libraries=DIR    libyaml library directory
  --with-libpthread-includes=DIR  libpthread include directory
  --with-libpthread-libraries=DIR    libpthread library directory
  --with-libjansson-includes=DIR  libjansson include directory
  --with-libjansson-libraries=DIR    libjansson library directory
  --with-libnfnetlink-includes=DIR  libnfnetlink include directory
  --with-libnfnetlink-libraries=DIR    libnfnetlink library directory
  --with-libnetfilter_queue-includes=DIR  libnetfilter_queue include directory
  --with-libnetfilter_queue-libraries=DIR    libnetfilter_queue library directory
  --with-netfilterforwin-includes=DIR  netfilterforwin include directory
  --with-libnetfilter_conntrack-includes=DIR  libnetfilter_conntrack include directory
  --with-libnetfilter_conntrack-libraries=DIR    libnetfilter_conntrack library directory
  --with-libprelude-prefix=PFX
                          Prefix where libprelude is installed (optional)
  --with-libnet-includes=DIR     libnet include directory
  --with-libnet-libraries=DIR    libnet library directory
  --with-libpfring-includes=DIR  libpfring include directory
  --with-libpfring-libraries=DIR    libpfring library directory
  --with-libpcap-includes=DIR  libpcap include directory
  --with-libpcap-libraries=DIR    libpcap library directory
  --with-libhtp-includes=DIR  libhtp include directory
  --with-libhtp-libraries=DIR    libhtp library directory
  --with-cuda-includes=DIR  cuda include directory
  --with-cuda-libraries=DIR    cuda library directory
  --with-cuda-nvcc=DIR  cuda nvcc compiler directory
  --with-libcap_ng-includes=DIR  libcap_ng include directory
  --with-libcap_ng-libraries=DIR    libcap_ng library directory
  --with-dag-includes=DIR  dagapi include directory
  --with-dag-libraries=DIR  dagapi library directory
  --with-libnspr-includes=DIR  libnspr include directory
  --with-libnspr-libraries=DIR    libnspr library directory
  --with-libnss-includes=DIR  libnss include directory
  --with-libnss-libraries=DIR    libnss library directory
  --with-libmagic-includes=DIR  libmagic include directory
  --with-libmagic-libraries=DIR    libmagic library directory
  --with-napatech-includes=DIR   napatech include directory
  --with-napatech-libraries=DIR  napatech library directory
  --with-libluajit-includes=DIR  libluajit include directory
  --with-libluajit-libraries=DIR    libluajit library directory
  --with-libgeoip-includes=DIR  libgeoip include directory
  --with-libgeoip-libraries=DIR    libgeoip library directory

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  LIBS        libraries to pass to the linker, e.g. -l<library>
  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
              you have headers in a nonstandard directory <include dir>
  CPP         C preprocessor
  PKG_CONFIG  path to pkg-config utility
  PKG_CONFIG_PATH
              directories to add to pkg-config's search path
  PKG_CONFIG_LIBDIR
              path overriding pkg-config's built-in search path
  LIBHTPMINVERSION_CFLAGS
              C compiler flags for LIBHTPMINVERSION, overriding pkg-config
  LIBHTPMINVERSION_LIBS
              linker flags for LIBHTPMINVERSION, overriding pkg-config
  LIBHTPMAXVERSION_CFLAGS
              C compiler flags for LIBHTPMAXVERSION, overriding pkg-config
  LIBHTPMAXVERSION_LIBS
              linker flags for LIBHTPMAXVERSION, overriding pkg-config
  LUAJIT_CFLAGS
              C compiler flags for LUAJIT, overriding pkg-config
  LUAJIT_LIBS linker flags for LUAJIT, overriding pkg-config

Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.

Report bugs to the package provider.

其中有一个选项：--enable-gccmarch-native，会默认指定-march=native。

所以我们要在configure的时候使用--disable-gccmarch-native选项就可以不指定-march=native。

参考：https://code.google.com/p/security-onion/issues/detail?id=26