[OISF/outreachy] Claim new issue

Shivani Bhardwaj sbhardwaj at openinfosecfoundation.org
Tue Oct 20 13:19:26 UTC 2020
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Oct 20, 2020 at 6:27 PM Sumera Priyadarsini
<sylphrenadin at gmail.com> wrote:
>
>
>
> On Mon, Oct 19, 2020 at 8:54 PM Sumera Priyadarsini <sylphrenadin at gmail.com> wrote:
>>
>>
>>
>> On Mon, 19 Oct, 2020, 5:52 PM Shivani Bhardwaj, <sbhardwaj at openinfosecfoundation.org> wrote:
>>>
>>> >
>>> > I checked out to the revision mentioned in the error, but my build fails at `make` with the following error:
>>> >
>>> > source-af-packet.c: In function ‘AFPRead’:
>>> > source-af-packet.c:646:28: error: ‘SIOCGSTAMP’ undeclared (first use in this function); did you mean ‘SIOCGRARP’?
>>> >   646 |     if (ioctl(ptv->socket, SIOCGSTAMP, &p->ts) == -1) {
>>> >       |                            ^~~~~~~~~~
>>> >       |                            SIOCGRARP
>>> > source-af-packet.c:646:28: note: each undeclared identifier is reported only once for each function it appears in
>>> > source-af-packet.c: In function ‘AFPReadAndDiscard’:
>>> > source-af-packet.c:1308:28: error: ‘SIOCGSTAMP’ undeclared (first use in this function); did you mean ‘SIOCGRARP’?
>>> >  1308 |     if (ioctl(ptv->socket, SIOCGSTAMP, &ts) == -1) {
>>> >       |                            ^~~~~~~~~~
>>> >       |                            SIOCGRARP
>>> >   CC       source-erf-file.o
>>> > make[2]: *** [Makefile:2122: source-af-packet.o] Error 1
>>> > make[2]: *** Waiting for unfinished jobs....
>>> > make[2]: Leaving directory '/home/sumera/Elantris/suricata/src'
>>> > make[1]: *** [Makefile:499: all-recursive] Error 1
>>> > make[1]: Leaving directory '/home/sumera/Elantris/suricata'
>>> > make: *** [Makefile:425: all] Error 2
>>> >
>>> > From what I found out, SIOCGSTAMP  belongs to <sys/socket.h> and is used to return received timestamp of the last packet passed to user.  I tried including the header in the source-af-packet.c but still get the same error. Surprisingly, this does not pop up in Suricata-6.0.x for me- both versions have SIOCGSTAMP used in the same places. Should I put this up on the forum instead?
>>> >
>>> This was a reported issue long ago but was fixed in the code according
>>> to https://redmine.openinfosecfoundation.org/issues/3094 by
>>> https://github.com/OISF/suricata/pull/4119/commits/8717c3d52fee9f5ec4b4c806d932f1d8d87ccbe4.
>>> Could you please confirm you are with the latest master-4.1.x that has
>>> this commit? If this does not help, yes please create a post on forum.
>>
>>
>> Thanks, that solved the issue. Since the bug says 4.1.0- I was using that as well. However this commit appears by 4.1.5 so I changed that and make builds successfully.
>>
>> Regards,
>> Sumera
>>
>>>
>>> >>
>>> >> > Another error I keep coming across is
>>> >> >
>>> >> >  ~/Elantris/suricata/qa  master ?4  sudo LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c /etc/suricata/suricata.yaml -S /dev/null  -k none -r empty.pcap -l log/ -v
>>> >> > AddressSanitizer: failed to read suppressions file '/usr/local/bin/qa/lsan.suppress'
>>> >> >
>>> >> > I am unable to figure out why the path issue arises as this worked fine the first time. I would be glad if you could give me some pointers regarding how to proceed.
>>> >> I see after looking up that some common mistakes can be:
>>> >> - names
>>> >> - paths
>>> >> - variable exports
>>> >>
>>> >> So, I am not really sure if it would work but could you please try
>>> >> exporting the variables that I mentioned before? Maybe you closed the
>>> >> shell and the export was over. You could add it to your .bashrc to
>>> >> make it persistent. Please let me know if this does help.
>>> >
>>> >
>>> > Actually, the first time I had changed the shell after exporting and it caused make to fail. Thereafter, I added it to .zshrc and it has stayed.
>>> > So, I don't think this is the reason.
>>> >
>>> OK. Thanks.
>>>
>>> > I have a feeling this issue might take longer to resolve. If it is okay, can I work on a different issue in the meanwhile, while I am waiting for feedback ?
>>> >
>>> Yes, please. Sending an email regarding this shortly.
>>>
>>> > thanks,
>>> > sumera
>>>
>
> Hi,
>
> It seems I still have some way to go before I can start working on this issue.
>
> Previously, for the SIOCGSTAMP error, the make command was not working. When I resolved that (either by checking out to the commit that resolves it in 4.1.5
> or just manually making the same change in the relevant files in the revision mentioned in the bug), I faced a different error in make install-full:
>
> make[2]: Leaving directory '/home/sumera/Elantris/suricata/libhtp'
> Making install in rust
> make[2]: Entering directory '/home/sumera/Elantris/suricata/rust'
> cd ../rust && /home/sumera/miniconda3/bin/python ./gen-c-headers.py
> cd ../rust && \
> CARGO_HOME=/home/sumera/.cargo \
> CARGO_TARGET_DIR=/home/sumera/Elantris/suricata/rust/target \
> /home/sumera/.cargo/bin/cargo build --release  \
> --features " "
> error: no override and no default toolchain set
> make[2]: *** [Makefile:539: all-local] Error 1
> make[2]: Leaving directory '/home/sumera/Elantris/suricata/rust'
> make[1]: *** [Makefile:501: install-recursive] Error 1
> make[1]: Leaving directory '/home/sumera/Elantris/suricata'
> make: *** [Makefile:921: install-full] Error 2
>
> I initially thought maybe the fault is with my system so I tried `rustup override set stable` but that did not work. Further this error showed up for the versions 4.1.x where x={< 5,6,7}.
> My build succeeds for 4.1.8 but since it is much ahead of the commit which had the bug, the output I get looks different as well(It is not an asan leak, the pcap file seems to be read from successfully)
>
I see. I'll ask our QA lead to confirm if it is still a valid issue
and get back. Thanks.

> [193895] 20/10/2020 -- 18:03:55 - (suricata.c:1089) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev 32990c9ad)
> [193895] 20/10/2020 -- 18:03:55 - (counters.c:260) <Warning> (StatsInitCtxPreOutput) -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.anomaly
> [193895] 20/10/2020 -- 18:03:55 - (output-json-dns.c:1283) <Warning> (JsonDnsParseVersion) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - eve-log dns version not found, forcing it to version 2
> [193895] 20/10/2020 -- 18:03:55 - (output-json-dns.c:1283) <Warning> (JsonDnsParseVersion) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - eve-log dns version not found, forcing it to version 2
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.ftp
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.rdp
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.dcerpc
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.snmp
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.rfb
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.sip
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.mqtt
> [193895] 20/10/2020 -- 18:03:55 - (output-json-stats.c:465) <Warning> (OutputStatsLogInitSub) -- [ERRCODE: SC_WARN_EVE_MISSING_EVENTS(318)] - eve.stats will not display all decoder events correctly. See #2225. Set a prefix in stats.decoder-events-prefix. In 5.0 the prefix will default to 'decoder.event'.
> [193895] 20/10/2020 -- 18:03:55 - (tm-threads.c:2198) <Notice> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 4 management threads initialized, engine started.
> [193895] 20/10/2020 -- 18:03:55 - (suricata.c:2867) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.
> [193896] 20/10/2020 -- 18:03:55 - (source-pcap-file.c:372) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 10 packets, 920 bytes
>
> I am not really sure how to proceed here.
>
> While building some of these versions, I came across a couple of warnings:
>
>    │ warning: unnecessary parentheses around type
>   │    --> src/smb/smb.rs:414:12
>   │     |
>   │ 414 |         -> (&mut SMBTransaction)
>   │     |            ^^^^^^^^^^^^^^^^^^^^^ help: remove these parentheses
>
> If it is okay, I would like to fix these warnings once I figure out the build successfully.
>
>
> Meanwhile, can I claim issue #4037?
Yes, please.

>
> Regards,
> Sumera
>
>>>
>>> >
>>>
>>> --
>>> Shivani
>>> Junior Developer, OISF



-- 
Shivani
Junior Developer, OISF
Previous message (by thread): [OISF/outreachy] Claim new issue
Next message (by thread): [OISF/outreachy] Claim new issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list