[OISF/outreachy] Claim new issue
Shivani Bhardwaj
sbhardwaj at openinfosecfoundation.org
Tue Oct 20 13:33:51 UTC 2020
On Tue, Oct 20, 2020 at 6:27 PM Sumera Priyadarsini
<sylphrenadin at gmail.com> wrote:
>
>
>
> On Mon, Oct 19, 2020 at 8:54 PM Sumera Priyadarsini <sylphrenadin at gmail.com> wrote:
>>
>>
>>
>> On Mon, 19 Oct, 2020, 5:52 PM Shivani Bhardwaj, <sbhardwaj at openinfosecfoundation.org> wrote:
>>>
>>> >
>>> > I checked out to the revision mentioned in the error, but my build fails at `make` with the following error:
>>> >
>>> > source-af-packet.c: In function ‘AFPRead’:
>>> > source-af-packet.c:646:28: error: ‘SIOCGSTAMP’ undeclared (first use in this function); did you mean ‘SIOCGRARP’?
>>> > 646 | if (ioctl(ptv->socket, SIOCGSTAMP, &p->ts) == -1) {
>>> > | ^~~~~~~~~~
>>> > | SIOCGRARP
>>> > source-af-packet.c:646:28: note: each undeclared identifier is reported only once for each function it appears in
>>> > source-af-packet.c: In function ‘AFPReadAndDiscard’:
>>> > source-af-packet.c:1308:28: error: ‘SIOCGSTAMP’ undeclared (first use in this function); did you mean ‘SIOCGRARP’?
>>> > 1308 | if (ioctl(ptv->socket, SIOCGSTAMP, &ts) == -1) {
>>> > | ^~~~~~~~~~
>>> > | SIOCGRARP
>>> > CC source-erf-file.o
>>> > make[2]: *** [Makefile:2122: source-af-packet.o] Error 1
>>> > make[2]: *** Waiting for unfinished jobs....
>>> > make[2]: Leaving directory '/home/sumera/Elantris/suricata/src'
>>> > make[1]: *** [Makefile:499: all-recursive] Error 1
>>> > make[1]: Leaving directory '/home/sumera/Elantris/suricata'
>>> > make: *** [Makefile:425: all] Error 2
>>> >
>>> > From what I found out, SIOCGSTAMP belongs to <sys/socket.h> and is used to return received timestamp of the last packet passed to user. I tried including the header in the source-af-packet.c but still get the same error. Surprisingly, this does not pop up in Suricata-6.0.x for me- both versions have SIOCGSTAMP used in the same places. Should I put this up on the forum instead?
>>> >
>>> This was a reported issue long ago but was fixed in the code according
>>> to https://redmine.openinfosecfoundation.org/issues/3094 by
>>> https://github.com/OISF/suricata/pull/4119/commits/8717c3d52fee9f5ec4b4c806d932f1d8d87ccbe4.
>>> Could you please confirm you are with the latest master-4.1.x that has
>>> this commit? If this does not help, yes please create a post on forum.
>>
>>
>> Thanks, that solved the issue. Since the bug says 4.1.0- I was using that as well. However this commit appears by 4.1.5 so I changed that and make builds successfully.
>>
>> Regards,
>> Sumera
>>
>>>
>>> >>
>>> >> > Another error I keep coming across is
>>> >> >
>>> >> > ~/Elantris/suricata/qa master ?4 sudo LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-10 suricata -c /etc/suricata/suricata.yaml -S /dev/null -k none -r empty.pcap -l log/ -v
>>> >> > AddressSanitizer: failed to read suppressions file '/usr/local/bin/qa/lsan.suppress'
>>> >> >
>>> >> > I am unable to figure out why the path issue arises as this worked fine the first time. I would be glad if you could give me some pointers regarding how to proceed.
>>> >> I see after looking up that some common mistakes can be:
>>> >> - names
>>> >> - paths
>>> >> - variable exports
>>> >>
>>> >> So, I am not really sure if it would work but could you please try
>>> >> exporting the variables that I mentioned before? Maybe you closed the
>>> >> shell and the export was over. You could add it to your .bashrc to
>>> >> make it persistent. Please let me know if this does help.
>>> >
>>> >
>>> > Actually, the first time I had changed the shell after exporting and it caused make to fail. Thereafter, I added it to .zshrc and it has stayed.
>>> > So, I don't think this is the reason.
>>> >
>>> OK. Thanks.
>>>
>>> > I have a feeling this issue might take longer to resolve. If it is okay, can I work on a different issue in the meanwhile, while I am waiting for feedback ?
>>> >
>>> Yes, please. Sending an email regarding this shortly.
>>>
>>> > thanks,
>>> > sumera
>>>
>
> Hi,
>
> It seems I still have some way to go before I can start working on this issue.
>
> Previously, for the SIOCGSTAMP error, the make command was not working. When I resolved that (either by checking out to the commit that resolves it in 4.1.5
> or just manually making the same change in the relevant files in the revision mentioned in the bug), I faced a different error in make install-full:
>
> make[2]: Leaving directory '/home/sumera/Elantris/suricata/libhtp'
> Making install in rust
> make[2]: Entering directory '/home/sumera/Elantris/suricata/rust'
> cd ../rust && /home/sumera/miniconda3/bin/python ./gen-c-headers.py
> cd ../rust && \
> CARGO_HOME=/home/sumera/.cargo \
> CARGO_TARGET_DIR=/home/sumera/Elantris/suricata/rust/target \
> /home/sumera/.cargo/bin/cargo build --release \
> --features " "
> error: no override and no default toolchain set
> make[2]: *** [Makefile:539: all-local] Error 1
> make[2]: Leaving directory '/home/sumera/Elantris/suricata/rust'
> make[1]: *** [Makefile:501: install-recursive] Error 1
> make[1]: Leaving directory '/home/sumera/Elantris/suricata'
> make: *** [Makefile:921: install-full] Error 2
>
> I initially thought maybe the fault is with my system so I tried `rustup override set stable` but that did not work. Further this error showed up for the versions 4.1.x where x={< 5,6,7}.
Missed this. Just to be sure, are you working with the latest
master-4.1.x? We actually have a branch with that exact name.
(https://github.com/OISF/suricata/tree/master-4.1.x)
Our latest release for this branch was 4.1.9. If you see the affected
version in an issue as 4.1.5, you do not have to work with 4.1.5. That
has already been released. Nothing can be done about it. If the issue
is corresponding to a branch named 4.1.<something>, that means you
work with the latest 4.1.x branch. Similarly, if the issue was with
5.0.<something>, you work with the latest 5.0.x. If the issue is with
the latest stable release (6.0.0), then all of that work goes into
current "master".
> My build succeeds for 4.1.8 but since it is much ahead of the commit which had the bug, the output I get looks different as well(It is not an asan leak, the pcap file seems to be read from successfully)
>
> [193895] 20/10/2020 -- 18:03:55 - (suricata.c:1089) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev 32990c9ad)
> [193895] 20/10/2020 -- 18:03:55 - (counters.c:260) <Warning> (StatsInitCtxPreOutput) -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.anomaly
> [193895] 20/10/2020 -- 18:03:55 - (output-json-dns.c:1283) <Warning> (JsonDnsParseVersion) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - eve-log dns version not found, forcing it to version 2
> [193895] 20/10/2020 -- 18:03:55 - (output-json-dns.c:1283) <Warning> (JsonDnsParseVersion) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - eve-log dns version not found, forcing it to version 2
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.ftp
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.rdp
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.dcerpc
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.snmp
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.rfb
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.sip
> [193895] 20/10/2020 -- 18:03:55 - (runmodes.c:683) <Warning> (RunModeInitializeEveOutput) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.mqtt
> [193895] 20/10/2020 -- 18:03:55 - (output-json-stats.c:465) <Warning> (OutputStatsLogInitSub) -- [ERRCODE: SC_WARN_EVE_MISSING_EVENTS(318)] - eve.stats will not display all decoder events correctly. See #2225. Set a prefix in stats.decoder-events-prefix. In 5.0 the prefix will default to 'decoder.event'.
> [193895] 20/10/2020 -- 18:03:55 - (tm-threads.c:2198) <Notice> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 4 management threads initialized, engine started.
> [193895] 20/10/2020 -- 18:03:55 - (suricata.c:2867) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.
> [193896] 20/10/2020 -- 18:03:55 - (source-pcap-file.c:372) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 10 packets, 920 bytes
>
> I am not really sure how to proceed here.
>
> While building some of these versions, I came across a couple of warnings:
>
> │ warning: unnecessary parentheses around type
> │ --> src/smb/smb.rs:414:12
> │ |
> │ 414 | -> (&mut SMBTransaction)
> │ | ^^^^^^^^^^^^^^^^^^^^^ help: remove these parentheses
>
> If it is okay, I would like to fix these warnings once I figure out the build successfully.
>
>
> Meanwhile, can I claim issue #4037?
>
> Regards,
> Sumera
>
>>>
>>> >
>>>
>>> --
>>> Shivani
>>> Junior Developer, OISF
--
Shivani
Junior Developer, OISF
More information about the Outreachy
mailing list