[OISF/outreachy] Claim new issue

Sumera Priyadarsini sylphrenadin at gmail.com
Tue Oct 20 12:57:20 UTC 2020
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Oct 19, 2020 at 8:54 PM Sumera Priyadarsini <sylphrenadin at gmail.com>
wrote:

>
>
> On Mon, 19 Oct, 2020, 5:52 PM Shivani Bhardwaj, <
> sbhardwaj at openinfosecfoundation.org> wrote:
>
>> >
>> > I checked out to the revision mentioned in the error, but my build
>> fails at `make` with the following error:
>> >
>> > source-af-packet.c: In function ‘AFPRead’:
>> > source-af-packet.c:646:28: error: ‘SIOCGSTAMP’ undeclared (first use in
>> this function); did you mean ‘SIOCGRARP’?
>> >   646 |     if (ioctl(ptv->socket, SIOCGSTAMP, &p->ts) == -1) {
>> >       |                            ^~~~~~~~~~
>> >       |                            SIOCGRARP
>> > source-af-packet.c:646:28: note: each undeclared identifier is reported
>> only once for each function it appears in
>> > source-af-packet.c: In function ‘AFPReadAndDiscard’:
>> > source-af-packet.c:1308:28: error: ‘SIOCGSTAMP’ undeclared (first use
>> in this function); did you mean ‘SIOCGRARP’?
>> >  1308 |     if (ioctl(ptv->socket, SIOCGSTAMP, &ts) == -1) {
>> >       |                            ^~~~~~~~~~
>> >       |                            SIOCGRARP
>> >   CC       source-erf-file.o
>> > make[2]: *** [Makefile:2122: source-af-packet.o] Error 1
>> > make[2]: *** Waiting for unfinished jobs....
>> > make[2]: Leaving directory '/home/sumera/Elantris/suricata/src'
>> > make[1]: *** [Makefile:499: all-recursive] Error 1
>> > make[1]: Leaving directory '/home/sumera/Elantris/suricata'
>> > make: *** [Makefile:425: all] Error 2
>> >
>> > From what I found out, SIOCGSTAMP  belongs to <sys/socket.h> and is
>> used to return received timestamp of the last packet passed to user.  I
>> tried including the header in the source-af-packet.c but still get the same
>> error. Surprisingly, this does not pop up in Suricata-6.0.x for me- both
>> versions have SIOCGSTAMP used in the same places. Should I put this up on
>> the forum instead?
>> >
>> This was a reported issue long ago but was fixed in the code according
>> to https://redmine.openinfosecfoundation.org/issues/3094 by
>>
>> https://github.com/OISF/suricata/pull/4119/commits/8717c3d52fee9f5ec4b4c806d932f1d8d87ccbe4
>> .
>> Could you please confirm you are with the latest master-4.1.x that has
>> this commit? If this does not help, yes please create a post on forum.
>>
>
> Thanks, that solved the issue. Since the bug says 4.1.0- I was using that
> as well. However this commit appears by 4.1.5 so I changed that and make
> builds successfully.
>
> Regards,
> Sumera
>
>
>> >>
>> >> > Another error I keep coming across is
>> >> >
>> >> >  ~/Elantris/suricata/qa  master ?4  sudo
>> LSAN_OPTIONS=suppressions=qa/lsan.suppress
>> ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c
>> /etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/ -v
>> >> > AddressSanitizer: failed to read suppressions file
>> '/usr/local/bin/qa/lsan.suppress'
>> >> >
>> >> > I am unable to figure out why the path issue arises as this worked
>> fine the first time. I would be glad if you could give me some pointers
>> regarding how to proceed.
>> >> I see after looking up that some common mistakes can be:
>> >> - names
>> >> - paths
>> >> - variable exports
>> >>
>> >> So, I am not really sure if it would work but could you please try
>> >> exporting the variables that I mentioned before? Maybe you closed the
>> >> shell and the export was over. You could add it to your .bashrc to
>> >> make it persistent. Please let me know if this does help.
>> >
>> >
>> > Actually, the first time I had changed the shell after exporting and it
>> caused make to fail. Thereafter, I added it to .zshrc and it has stayed.
>> > So, I don't think this is the reason.
>> >
>> OK. Thanks.
>>
>> > I have a feeling this issue might take longer to resolve. If it is
>> okay, can I work on a different issue in the meanwhile, while I am waiting
>> for feedback ?
>> >
>> Yes, please. Sending an email regarding this shortly.
>>
>> > thanks,
>> > sumera
>>
>>
Hi,

It seems I still have some way to go before I can start working on this
issue.

Previously, for the SIOCGSTAMP error, the make command was not working.
When I resolved that (either by checking out to the commit that resolves it
in 4.1.5
or just manually making the same change in the relevant files in the
revision mentioned in the bug), I faced a different error in make
install-full:

make[2]: Leaving directory '/home/sumera/Elantris/suricata/libhtp'
Making install in rust
make[2]: Entering directory '/home/sumera/Elantris/suricata/rust'
cd ../rust && /home/sumera/miniconda3/bin/python ./gen-c-headers.py
cd ../rust && \
CARGO_HOME=/home/sumera/.cargo \
CARGO_TARGET_DIR=/home/sumera/Elantris/suricata/rust/target \
/home/sumera/.cargo/bin/cargo build --release  \
--features " "
error: no override and no default toolchain set
make[2]: *** [Makefile:539: all-local] Error 1
make[2]: Leaving directory '/home/sumera/Elantris/suricata/rust'
make[1]: *** [Makefile:501: install-recursive] Error 1
make[1]: Leaving directory '/home/sumera/Elantris/suricata'
make: *** [Makefile:921: install-full] Error 2

I initially thought maybe the fault is with my system so I tried `rustup
override set stable` but that did not work. Further this error showed up
for the versions 4.1.x where x={< 5,6,7}.
My build succeeds for 4.1.8 but since it is much ahead of the commit which
had the bug, the output I get looks different as well(It is not an asan
leak, the pcap file seems to be read from successfully)

[193895] 20/10/2020 -- 18:03:55 - (suricata.c:1089) <Notice> (LogVersion)
-- This is Suricata version 4.1.0-dev (rev 32990c9ad)
[193895] 20/10/2020 -- 18:03:55 - (counters.c:260) <Warning>
(StatsInitCtxPreOutput) -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in
5.0 the default for decoder event stats will go from
'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket
#2225. To suppress this message, set stats.decoder-events-prefix in the
yaml.
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.anomaly
[193895] 20/10/2020 -- 18:03:55 - (output-json-dns.c:1283) <Warning>
(JsonDnsParseVersion) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - eve-log
dns version not found, forcing it to version 2
[193895] 20/10/2020 -- 18:03:55 - (output-json-dns.c:1283) <Warning>
(JsonDnsParseVersion) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - eve-log
dns version not found, forcing it to version 2
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.ftp
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.rdp
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.dcerpc
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.snmp
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.rfb
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.sip
[193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning>
(RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No
output module named eve-log.mqtt
[193895] 20/10/2020 -- 18:03:55 - (output-json-stats.c:465) <Warning>
(OutputStatsLogInitSub) -- [ERRCODE: SC_WARN_EVE_MISSING_EVENTS(318)] -
eve.stats will not display all decoder events correctly. See #2225. Set a
prefix in stats.decoder-events-prefix. In 5.0 the prefix will default to
'decoder.event'.
[193895] 20/10/2020 -- 18:03:55 - (tm-threads.c:2198) <Notice>
(TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 4
management threads initialized, engine started.
[193895] 20/10/2020 -- 18:03:55 - (suricata.c:2867) <Notice>
(SuricataMainLoop) -- Signal Received.  Stopping engine.
[193896] 20/10/2020 -- 18:03:55 - (source-pcap-file.c:372) <Notice>
(ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 10
packets, 920 bytes

I am not really sure how to proceed here.

While building some of these versions, I came across a couple of warnings:

   │ warning: unnecessary parentheses around type
  │    --> src/smb/smb.rs:414:12
  │     |
  │ 414 |         -> (&mut SMBTransaction)
  │     |            ^^^^^^^^^^^^^^^^^^^^^ help: remove these parentheses

If it is okay, I would like to fix these warnings once I figure out the
build successfully.


Meanwhile, can I claim issue #4037?
<https://redmine.openinfosecfoundation.org/issues/4037>
Regards,
Sumera


>> >
>>
>> --
>> Shivani
>> Junior Developer, OISF
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20201020/0f3f6b92/attachment.html>
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list