[OISF/outreachy] Claim new issue

Shivani Bhardwaj sbhardwaj at openinfosecfoundation.org
Sun Oct 18 04:37:14 UTC 2020
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, Oct 17, 2020 at 10:20 PM Sumera Priyadarsini
<sylphrenadin at gmail.com> wrote:
>
>
>
> On Wed, Oct 14, 2020 at 8:14 PM Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>
>> On Wed, Oct 14, 2020 at 7:45 PM Shivani Bhardwaj
>> <sbhardwaj at openinfosecfoundation.org> wrote:
>> >
>> > On Wed, Oct 14, 2020 at 4:59 PM Sumera Priyadarsini
>> > <sylphrenadin at gmail.com> wrote:
>> > >
>> > >
>> > >
>> > > On Wed, Oct 14, 2020 at 12:27 PM Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>> > >>
>> > >> On Wed, Oct 14, 2020 at 12:23 PM Sumera Priyadarsini via Outreachy
>> > >> <outreachy at lists.openinfosecfoundation.org> wrote:
>> > >> >
>> > >> > Hi all,
>> > >> >
>> > >> > Can I claim issue #2795(https://redmine.openinfosecfoundation.org/issues/2795) ?
>> > >> >
>> > >> Yes, please. Please make sure to assign it to yourself on redmine.
>> > >>
>> > >> > Regards,
>> > >> > Sumera
>> > >> >
>> > >> >
>> > >> > _______________________________________________
>> > >> > Outreachy mailing list
>> > >> > Outreachy at lists.openinfosecfoundation.org
>> > >> > https://lists.openinfosecfoundation.org/listinfo/outreachy
>> > >>
>> > >>
>> > > Hi,
>> > >
>> > > I tried reproducing the bug but I am getting a few errors with setting somethings up.
>> > >
>> > > How do I install suricata-asan and generate pcap files ? If it is okay, could you direct me to some
>> > > resources that would help me to get more context for this issue?
>> > >
>> > You'll have to install libasan as per your distro and enable it for
>> > Suricata by doing
>> >
>> > ./configure CFLAGS="-fsanitize=address"
>> >
>> You'd also need to export the following two variables:
>>
>> export ac_cv_func_malloc_0_nonnull=yes
>> export ac_cv_func_realloc_0_nonnull=yes
>>
>> else you would probably see errors while doing make.
>>
>> > This would make a simple setup with ASAN enabled.
>> >
>> > It seems like this issue is about processing an empty pcap so you just
>> > need an empty file to try it out.
>> > touch any.pcap
>> > suricata -c <path of conf> -r any.pcap
>> >
>> > But, for future reference, if you want to test with *any* valid pcap,
>> > you can use one from suricata-verify tests. If you want to generate a
>> > pcap on your own (which does not seem to happen very often), you can
>> > do it using Wireshark. You'll have to generate the traffic on your own
>> > for this. For most of the cases though, you'd look for real world
>> > network traffic pcaps from any online sources.
>> >
>> > Let me know if you have any other questions about this issue.
>
>
> Hi,
>
> Thanks for the pointers. I tried them out but I am still not able to exactly reproduce the issue. I get the following output:
>
>  ~/Elantris/suricata  master ?3  sudo LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c /etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/
>
> [8628] 17/10/2020 -- 22:01:15 - (suricata.c:1065) <Notice> (LogVersion) -- This is Suricata version 6.0.1-dev (95729e923 2020-10-09) running in USER mode
> [8629] 17/10/2020 -- 22:01:15 - (source-pcap-file-helper.c:202) <Error> (InitPcapFile) -- [ERRCODE: SC_ERR_FOPEN(44)] - truncated dump file; tried to read 4 file header bytes, only got 0
> [8629] 17/10/2020 -- 22:01:15 - (source-pcap-file.c:269) <Warning> (ReceivePcapFileThreadInit) -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed to init pcap file empty.pcap, skipping
> [8628] 17/10/2020 -- 22:01:15 - (tm-threads.c:1964) <Notice> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 4 management threads initialized, engine started.
> [8629] 17/10/2020 -- 22:01:15 - (source-pcap-file.c:158) <Error> (ReceivePcapFileLoop) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - pcap file reader thread failed to initialize
> [8628] 17/10/2020 -- 22:01:15 - (suricata.c:2636) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.
>
> However, in the issue, there is more information about the error which I don't see on my console. I can't find it in the logs either. What am I missing?
>
I don't think you are finding the issue at the right place. I haven't
checked myself if the issue does exist now but let's try and find out.
The logs on the issue say that

[20799] 28/1/2019 -- 22:19:10 - (suricata.c:1085) <Notice>
(LogVersion) -- This is Suricata version 4.1.0-dev (rev 8709a20d)

You should probably switch to our 4.1.x branch and then try to reproduce it.

We currently have three branches supported for our users (4.1.x,
5.0.x, 6.0.x). You can check out 4.1.x here:
https://github.com/OISF/suricata/tree/master-4.1.x

> Another error I keep coming across is
>
>  ~/Elantris/suricata/qa  master ?4  sudo LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c /etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/ -v
> AddressSanitizer: failed to read suppressions file '/usr/local/bin/qa/lsan.suppress'
>
> I am unable to figure out why the path issue arises as this worked fine the first time. I would be glad if you could give me some pointers regarding how to proceed.
I see after looking up that some common mistakes can be:
- names
- paths
- variable exports

So, I am not really sure if it would work but could you please try
exporting the variables that I mentioned before? Maybe you closed the
shell and the export was over. You could add it to your .bashrc to
make it persistent. Please let me know if this does help.
If this does not help, please ask on our forum (forum.suricata.io) as
I am unable to reproduce the issue and have not come across this so
it's unlikely that I would be of any help.

> I am sorry for taking so long to get back to you, I was having some trouble installing llvm but now that is done.
>
No problem. You are supposed to take all the time you need to
understand and work.

> regards,
> sumera
>
>> >
>> > > Also, can I mark the previous issue I was working on as resolved in redmine, or should I wait till the PR is merged?
>> > >
>> > No. Please let it be. Someone from the team shall close it once your
>> > PR is merged into master.
>> >
>> >
>> > > Regards,
>> > > Sumera
>> > >>
>> > >>
>> > >> --
>> > >> Shivani
>> > >> Junior Developer, OISF
>> >
>> >
>> >
>> > --
>> > Shivani
>> > Junior Developer, OISF
>>
>>
>>
>> --
>> Shivani
>> Junior Developer, OISF



-- 
Shivani
Junior Developer, OISF
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list