原理：

Suricata 源码说到底也是一个makefile项目，Code 是绝对可以编译的，本质上还是模拟 make 命令，然后使用GDB调试c程序。

有一个视频: https://www.bilibili.com/video/BV1Aw4m1U7Mo/?vd_source=b6d10e8288ab2f9afe2227a94446a6c3

c_cpp_properties.json:

实际上这部分是关于 代码悬停提示，智能提示这一方面的，

关于includepath和browse ->path的介绍有一个视频:https://www.bilibili.com/video/BV1Hm411r7nq/?vd_source=b6d10e8288ab2f9afe2227a94446a6c3

{"configurations": [{"name": "daxian-2023-12-24","includePath": ["${workspaceFolder}/**","/usr/include/**","/usr/local/include/**","/usr/include/netinet/**"],"defines": [],"compilerPath": "/usr/bin/g++","cStandard": "c17","cppStandard": "c++17","intelliSenseMode": "gcc-x64","browse": {"path": ["${workspaceFolder}","/usr/include/netinet"],"limitSymbolsToIncludedHeaders": true,"databaseFilename": ""},"configurationProvider": "ms-vscode.makefile-tools"}],"version": 4
}

settings.json

这其实和编译无关，涉及到一些 vsocode 的配置

{"window.zoomLevel": 0.5,"files.exclude": {"**/.exe": true  //排除尾缀为.exe的文件不在编辑器左边的目录菜单中显示},// "C_Cpp.intelliSenseEngine": "Tag Parser",/*或者是default模式（默认也是这个）*/"C_Cpp.exclusionPolicy": "checkFilesAndFolders","C_Cpp.default.intelliSenseMode": "gcc-x64","C_Cpp.default.compilerPath": "/usr/bin/g++","C_Cpp.default.cppStandard": "c++17","debug.onTaskErrors": "abort","files.associations": {"iostream": "cpp","suricata-common.h": "c","cstdlib": "c","array": "c","istream": "c","ostream": "c","tuple": "c","type_traits": "c","utility": "c","fstream": "c","streambuf": "c","queue.h": "c","deque": "c","string": "c","unordered_map": "c","vector": "c","string_view": "c","initializer_list": "c","functional": "c","threads.h": "c","threadvars.h": "c","util-lua.h": "c","util-lua-http.h": "c","detect-threshold.h": "c","*.tcc": "c","numeric": "c","sstream": "c","detect-engine-register.h": "c","detect-engine-build.h": "c"},"C_Cpp.errorSquiggles": "enabled","workbench.editor.wrapTabs": false,/*选项卡是否换行*/"editor.wordWrap": "off",/*编辑区域是自动换行*/// "editor.renderWhitespace": "all"/*让空格显示为点  selection*/}

tasks.json

执行编译任务， ctrl+b执行编译任务，会选择第一个make

{"version": "2.0.0","tasks": [{"label": "build_suricata","type": "shell","command": "make",  //suricata编译"problemMatcher": ["$gcc"],"group": {"kind": "build","isDefault": true},"presentation": {"echo": true,"reveal": "always","focus": false,"panel": "dedicated","showReuseMessage": false,"clear": true}},//下面是C++的不予理会{"type": "shell",  //或者是process 区别找文档"label": "C/C++: g++ build active file", //任务标签"command": "/usr/bin/g++","args": ["-g","-Wall","-std=c++17","${fileDirname}/*.cpp","-o","${fileDirname}/${fileBasenameNoExtension}"],"detail": "compiler: /usr/bin/g++","group": {"kind": "build","isDefault": true},"presentation": {"echo": true,"reveal": "always", //是否将集成终端面板置于前面"focus": true, //是否获得焦点"panel": "dedicated","showReuseMessage": false, //控制是否显示“终端将被任务重用，按任意键关闭它”消息"clear": true // 运行前清除终端},"problemMatcher": ["$gcc"]},],"options": {"shell": {"executable": "/bin/bash","args": ["-c"]},"env": {"PATH": "/usr/bin:${env:PATH}"}}
}//官方文档：https://code.visualstudio.com/docs/editor/tasks

launch.json

make 以后不用make install的

make编译之后会在src/.libs/下生成临时的可执行程序， gdb可以调试这个程序，args是执行调试时候加入的参数，--runmode  single是只有一个处理线程的模式，（参照suricata的运行模式，要注意不是任何情况下都有single模式的），这里读入的流量是从pcap文件中拿到的（这个文件是通过wireshark抓包工具得到的），关于这些参数在这里

{"version": "0.2.0","configurations": [{"type": "cppdbg","request": "launch","name": "DeBug_suricata","program": "${workspaceFolder}/src/.libs/suricata",// "program": "/usr/local/bin/suricata",  //make install 后可执行程序的安装位置"args": ["--runmode","single","-r", "/home/daxian/ping.pcap","-vvvv","-c","/home/daxian/Desktop/zs/suricata-6.0.8/suricata.yaml","-l","/home/daxian/Desktop/zs/suricata-log-dir","-S","/home/daxian/Desktop/zs/rules/test.rules","-k","none"// "-i",// "ens33",// "--list-keywords=csv",// "--list-app-layer-protos"],"stopAtEntry": false,"cwd": "${workspaceFolder}","environment": [],"externalConsole": false,"MIMode": "gdb","miDebuggerPath": "/usr/bin/gdb","preLaunchTask": "build_suricata"},//下面是c++的 不予理会{"name": "g++ - Build and debug active file","type": "cppdbg","request": "launch","program": "${fileDirname}/${fileBasenameNoExtension}","args": [],"stopAtEntry": false,"cwd": "${workspaceFolder}","environment": [],"externalConsole": false,"MIMode": "gdb","miDebuggerPath": "/usr/bin/gdb","setupCommands": [{"description": "Enable pretty-printing for gdb","text": "-enable-pretty-printing","ignoreFailures": true}],"preLaunchTask": "C/C++: g++ build active file"},]
}