[OISF/outreachy] Claim new issue

Sumera Priyadarsini sylphrenadin at gmail.com
Sun Oct 18 21:26:28 UTC 2020
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Oct 18, 2020 at 10:07 AM Shivani Bhardwaj <
sbhardwaj at openinfosecfoundation.org> wrote:

> On Sat, Oct 17, 2020 at 10:20 PM Sumera Priyadarsini
> <sylphrenadin at gmail.com> wrote:
> >
> >
> >
> > On Wed, Oct 14, 2020 at 8:14 PM Shivani Bhardwaj <
> sbhardwaj at openinfosecfoundation.org> wrote:
> >>
> >> On Wed, Oct 14, 2020 at 7:45 PM Shivani Bhardwaj
> >> <sbhardwaj at openinfosecfoundation.org> wrote:
> >> >
> >> > On Wed, Oct 14, 2020 at 4:59 PM Sumera Priyadarsini
> >> > <sylphrenadin at gmail.com> wrote:
> >> > >
> >> > >
> >> > >
> >> > > On Wed, Oct 14, 2020 at 12:27 PM Shivani Bhardwaj <
> sbhardwaj at openinfosecfoundation.org> wrote:
> >> > >>
> >> > >> On Wed, Oct 14, 2020 at 12:23 PM Sumera Priyadarsini via Outreachy
> >> > >> <outreachy at lists.openinfosecfoundation.org> wrote:
> >> > >> >
> >> > >> > Hi all,
> >> > >> >
> >> > >> > Can I claim issue #2795(
> https://redmine.openinfosecfoundation.org/issues/2795) ?
> >> > >> >
> >> > >> Yes, please. Please make sure to assign it to yourself on redmine.
> >> > >>
> >> > >> > Regards,
> >> > >> > Sumera
> >> > >> >
> >> > >> >
> >> > >> > _______________________________________________
> >> > >> > Outreachy mailing list
> >> > >> > Outreachy at lists.openinfosecfoundation.org
> >> > >> > https://lists.openinfosecfoundation.org/listinfo/outreachy
> >> > >>
> >> > >>
> >> > > Hi,
> >> > >
> >> > > I tried reproducing the bug but I am getting a few errors with
> setting somethings up.
> >> > >
> >> > > How do I install suricata-asan and generate pcap files ? If it is
> okay, could you direct me to some
> >> > > resources that would help me to get more context for this issue?
> >> > >
> >> > You'll have to install libasan as per your distro and enable it for
> >> > Suricata by doing
> >> >
> >> > ./configure CFLAGS="-fsanitize=address"
> >> >
> >> You'd also need to export the following two variables:
> >>
> >> export ac_cv_func_malloc_0_nonnull=yes
> >> export ac_cv_func_realloc_0_nonnull=yes
> >>
> >> else you would probably see errors while doing make.
> >>
> >> > This would make a simple setup with ASAN enabled.
> >> >
> >> > It seems like this issue is about processing an empty pcap so you just
> >> > need an empty file to try it out.
> >> > touch any.pcap
> >> > suricata -c <path of conf> -r any.pcap
> >> >
> >> > But, for future reference, if you want to test with *any* valid pcap,
> >> > you can use one from suricata-verify tests. If you want to generate a
> >> > pcap on your own (which does not seem to happen very often), you can
> >> > do it using Wireshark. You'll have to generate the traffic on your own
> >> > for this. For most of the cases though, you'd look for real world
> >> > network traffic pcaps from any online sources.
> >> >
> >> > Let me know if you have any other questions about this issue.
> >
> >
> > Hi,
> >
> > Thanks for the pointers. I tried them out but I am still not able to
> exactly reproduce the issue. I get the following output:
> >
> >  ~/Elantris/suricata  master ?3  sudo
> LSAN_OPTIONS=suppressions=qa/lsan.suppress
> ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c
> /etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/
> >
> > [8628] 17/10/2020 -- 22:01:15 - (suricata.c:1065) <Notice> (LogVersion)
> -- This is Suricata version 6.0.1-dev (95729e923 2020-10-09) running in
> USER mode
> > [8629] 17/10/2020 -- 22:01:15 - (source-pcap-file-helper.c:202) <Error>
> (InitPcapFile) -- [ERRCODE: SC_ERR_FOPEN(44)] - truncated dump file; tried
> to read 4 file header bytes, only got 0
> > [8629] 17/10/2020 -- 22:01:15 - (source-pcap-file.c:269) <Warning>
> (ReceivePcapFileThreadInit) -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed
> to init pcap file empty.pcap, skipping
> > [8628] 17/10/2020 -- 22:01:15 - (tm-threads.c:1964) <Notice>
> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 4
> management threads initialized, engine started.
> > [8629] 17/10/2020 -- 22:01:15 - (source-pcap-file.c:158) <Error>
> (ReceivePcapFileLoop) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - pcap file
> reader thread failed to initialize
> > [8628] 17/10/2020 -- 22:01:15 - (suricata.c:2636) <Notice>
> (SuricataMainLoop) -- Signal Received.  Stopping engine.
> >
> > However, in the issue, there is more information about the error which I
> don't see on my console. I can't find it in the logs either. What am I
> missing?
> >
> I don't think you are finding the issue at the right place. I haven't
> checked myself if the issue does exist now but let's try and find out.
> The logs on the issue say that
>
> [20799] 28/1/2019 -- 22:19:10 - (suricata.c:1085) <Notice>
> (LogVersion) -- This is Suricata version 4.1.0-dev (rev 8709a20d)
>
> You should probably switch to our 4.1.x branch and then try to reproduce
> it.
>
> We currently have three branches supported for our users (4.1.x,
> 5.0.x, 6.0.x). You can check out 4.1.x here:
> https://github.com/OISF/suricata/tree/master-4.1.x
>

Hi,

I checked out to the revision mentioned in the error, but my build fails at
`make` with the following error:

source-af-packet.c: In function ‘AFPRead’:
source-af-packet.c:646:28: error: ‘SIOCGSTAMP’ undeclared (first use in
this function); did you mean ‘SIOCGRARP’?
  646 |     if (ioctl(ptv->socket, SIOCGSTAMP, &p->ts) == -1) {
      |                            ^~~~~~~~~~
      |                            SIOCGRARP
source-af-packet.c:646:28: note: each undeclared identifier is reported
only once for each function it appears in
source-af-packet.c: In function ‘AFPReadAndDiscard’:
source-af-packet.c:1308:28: error: ‘SIOCGSTAMP’ undeclared (first use in
this function); did you mean ‘SIOCGRARP’?
 1308 |     if (ioctl(ptv->socket, SIOCGSTAMP, &ts) == -1) {
      |                            ^~~~~~~~~~
      |                            SIOCGRARP
  CC       source-erf-file.o
make[2]: *** [Makefile:2122: source-af-packet.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/home/sumera/Elantris/suricata/src'
make[1]: *** [Makefile:499: all-recursive] Error 1
make[1]: Leaving directory '/home/sumera/Elantris/suricata'
make: *** [Makefile:425: all] Error 2

>From what I found out, SIOCGSTAMP <https://linux.die.net/man/7/socket>
belongs to <sys/socket.h> and is used to return received timestamp of the
last packet passed to user.  I tried including the header in the
source-af-packet.c but still get the same error. Surprisingly, this does
not pop up in Suricata-6.0.x for me- both versions have SIOCGSTAMP used in
the same places. Should I put this up on the forum instead?


> > Another error I keep coming across is
> >
> >  ~/Elantris/suricata/qa  master ?4  sudo
> LSAN_OPTIONS=suppressions=qa/lsan.suppress
> ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c
> /etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/ -v
> > AddressSanitizer: failed to read suppressions file
> '/usr/local/bin/qa/lsan.suppress'
> >
> > I am unable to figure out why the path issue arises as this worked fine
> the first time. I would be glad if you could give me some pointers
> regarding how to proceed.
> I see after looking up that some common mistakes can be:
> - names
> - paths
> - variable exports
>
> So, I am not really sure if it would work but could you please try
> exporting the variables that I mentioned before? Maybe you closed the
> shell and the export was over. You could add it to your .bashrc to
> make it persistent. Please let me know if this does help.
>

Actually, the first time I had changed the shell after exporting and it
caused make to fail. Thereafter, I added it to .zshrc and it has stayed.
So, I don't think this is the reason.

I have a feeling this issue might take longer to resolve. If it is okay,
can I work on a different issue in the meanwhile, while I am waiting for
feedback ?

thanks,
sumera

If this does not help, please ask on our forum (forum.suricata.io) as
> I am unable to reproduce the issue and have not come across this so
> it's unlikely that I would be of any help.

> I am sorry for taking so long to get back to you, I was having some
> trouble installing llvm but now that is done.
> >
> No problem. You are supposed to take all the time you need to
> understand and work.
>
> > regards,
> > sumera
> >
> >> >
> >> > > Also, can I mark the previous issue I was working on as resolved in
> redmine, or should I wait till the PR is merged?
> >> > >
> >> > No. Please let it be. Someone from the team shall close it once your
> >> > PR is merged into master.
> >> >
> >> >
> >> > > Regards,
> >> > > Sumera
> >> > >>
> >> > >>
> >> > >> --
> >> > >> Shivani
> >> > >> Junior Developer, OISF
> >> >
> >> >
> >> >
> >> > --
> >> > Shivani
> >> > Junior Developer, OISF
> >>
> >>
> >>
> >> --
> >> Shivani
> >> Junior Developer, OISF
>
>
>
> --
> Shivani
> Junior Developer, OISF
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20201019/b1eb80ae/attachment.html>
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list