[OISF/outreachy] Claim new issue

Sumera Priyadarsini sylphrenadin at gmail.com
Sat Oct 17 16:50:37 UTC 2020
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 14, 2020 at 8:14 PM Shivani Bhardwaj <
sbhardwaj at openinfosecfoundation.org> wrote:

> On Wed, Oct 14, 2020 at 7:45 PM Shivani Bhardwaj
> <sbhardwaj at openinfosecfoundation.org> wrote:
> >
> > On Wed, Oct 14, 2020 at 4:59 PM Sumera Priyadarsini
> > <sylphrenadin at gmail.com> wrote:
> > >
> > >
> > >
> > > On Wed, Oct 14, 2020 at 12:27 PM Shivani Bhardwaj <
> sbhardwaj at openinfosecfoundation.org> wrote:
> > >>
> > >> On Wed, Oct 14, 2020 at 12:23 PM Sumera Priyadarsini via Outreachy
> > >> <outreachy at lists.openinfosecfoundation.org> wrote:
> > >> >
> > >> > Hi all,
> > >> >
> > >> > Can I claim issue #2795(
> https://redmine.openinfosecfoundation.org/issues/2795) ?
> > >> >
> > >> Yes, please. Please make sure to assign it to yourself on redmine.
> > >>
> > >> > Regards,
> > >> > Sumera
> > >> >
> > >> >
> > >> > _______________________________________________
> > >> > Outreachy mailing list
> > >> > Outreachy at lists.openinfosecfoundation.org
> > >> > https://lists.openinfosecfoundation.org/listinfo/outreachy
> > >>
> > >>
> > > Hi,
> > >
> > > I tried reproducing the bug but I am getting a few errors with setting
> somethings up.
> > >
> > > How do I install suricata-asan and generate pcap files ? If it is
> okay, could you direct me to some
> > > resources that would help me to get more context for this issue?
> > >
> > You'll have to install libasan as per your distro and enable it for
> > Suricata by doing
> >
> > ./configure CFLAGS="-fsanitize=address"
> >
> You'd also need to export the following two variables:
>
> export ac_cv_func_malloc_0_nonnull=yes
> export ac_cv_func_realloc_0_nonnull=yes
>
> else you would probably see errors while doing make.
>
> > This would make a simple setup with ASAN enabled.
> >
> > It seems like this issue is about processing an empty pcap so you just
> > need an empty file to try it out.
> > touch any.pcap
> > suricata -c <path of conf> -r any.pcap
> >
> > But, for future reference, if you want to test with *any* valid pcap,
> > you can use one from suricata-verify tests. If you want to generate a
> > pcap on your own (which does not seem to happen very often), you can
> > do it using Wireshark. You'll have to generate the traffic on your own
> > for this. For most of the cases though, you'd look for real world
> > network traffic pcaps from any online sources.
> >
> > Let me know if you have any other questions about this issue.
>

Hi,

Thanks for the pointers. I tried them out but I am still not able to
exactly reproduce the issue. I get the following output:

 ~/Elantris/suricata  master ?3  sudo
LSAN_OPTIONS=suppressions=qa/lsan.suppress
ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c
/etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/

[8628] 17/10/2020 -- 22:01:15 - (suricata.c:1065) <Notice> (LogVersion) --
This is Suricata version 6.0.1-dev (95729e923 2020-10-09) running in USER
mode
[8629] 17/10/2020 -- 22:01:15 - (source-pcap-file-helper.c:202) <Error>
(InitPcapFile) -- [ERRCODE: SC_ERR_FOPEN(44)] - truncated dump file; tried
to read 4 file header bytes, only got 0
[8629] 17/10/2020 -- 22:01:15 - (source-pcap-file.c:269) <Warning>
(ReceivePcapFileThreadInit) -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed
to init pcap file empty.pcap, skipping
[8628] 17/10/2020 -- 22:01:15 - (tm-threads.c:1964) <Notice>
(TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 4
management threads initialized, engine started.
[8629] 17/10/2020 -- 22:01:15 - (source-pcap-file.c:158) <Error>
(ReceivePcapFileLoop) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - pcap file
reader thread failed to initialize
[8628] 17/10/2020 -- 22:01:15 - (suricata.c:2636) <Notice>
(SuricataMainLoop) -- Signal Received.  Stopping engine.

However, in the issue,
<https://redmine.openinfosecfoundation.org/issues/2795> there is more
information about the error which I don't see on my console. I can't find
it in the logs either. What am I missing?

Another error I keep coming across is

 ~/Elantris/suricata/qa  master ?4  sudo
LSAN_OPTIONS=suppressions=qa/lsan.suppress
ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c
/etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/ -v
AddressSanitizer: failed to read suppressions file
'/usr/local/bin/qa/lsan.suppress'

I am unable to figure out why the path issue arises as this worked fine the
first time. I would be glad if you could give me some pointers regarding
how to proceed.
I am sorry for taking so long to get back to you, I was having some trouble
installing llvm but now that is done.

regards,
sumera

>
> > > Also, can I mark the previous issue I was working on as resolved in
> redmine, or should I wait till the PR is merged?
> > >
> > No. Please let it be. Someone from the team shall close it once your
> > PR is merged into master.
> >
> >
> > > Regards,
> > > Sumera
> > >>
> > >>
> > >> --
> > >> Shivani
> > >> Junior Developer, OISF
> >
> >
> >
> > --
> > Shivani
> > Junior Developer, OISF
>
>
>
> --
> Shivani
> Junior Developer, OISF
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20201017/41b742b5/attachment.html>
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list