[Bro-Dev] Bro working well on Mac OS High Sierra, just a couple test failures
Slagell, Adam J
slagell at illinois.edu
Wed Oct 4 11:57:00 PDT 2017
I had no problems after the upgrade to High Sierra on my “production” box, and I had no troubles compiling Bro 2.5.1 on my laptop.
I did, however, get a two errors in the test suite.
core.truncation ... failed
% 'btest-diff output' failed unexpectedly (exit code 1)
% cat .diag
== File ===============================
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2017-10-04-18-48-40
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1334160095.895421 - - - - - truncated_IP bro
#close 2017-10-04-18-48-40
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2017-10-04-18-48-41
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1334156241.519125 - - - - - truncated_IP bro
#close 2017-10-04-18-48-41
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2017-10-04-18-48-41
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1334094648.590126 - - - - - truncated_IP bro
#close 2017-10-04-18-48-41
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2017-10-04-18-48-43
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1338328954.078361 - - - - - internally_truncated_header - F bro
#close 2017-10-04-18-48-43
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2017-10-04-18-48-43
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1404148886.981015 - - - - - bad_IP_checksumbro
1404148887.011158 CHhAvVGS1DHFjwGM9 192.168.4.149 51293 72.21.91.29 443 bad_TCP_checksum - F bro
#close 2017-10-04-18-48-43
== Diff ===============================
--- /tmp/test-diff.62112.output.baseline.tmp 2017-10-04 18:48:43.000000000 +0000
+++ /tmp/test-diff.62112.output.tmp 2017-10-04 18:48:43.000000000 +0000
@@ -46,5 +46,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
-0.000000 - - - - - truncated_link_header bro
+XXXXXXXXXX.XXXXXX - - - - - bad_IP_checksumbro
+XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 51293 72.21.91.29 443 bad_TCP_checksum - F bro
#close XXXX-XX-XX-XX-XX-XX
=======================================
% cat .stderr
1404148887.011158 warning in /Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-checksum-offloading.bro, line 54: Your trace file likely has invalid IP and TCP checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.
1404148887.011158 warning in /Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-filtered-trace.bro, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired.
istate.bro-ipv6-socket ... failed
% 'btest-bg-wait 20' failed unexpectedly (exit code 1)
% cat .stderr
The following processes did not terminate:
bro -b ../recv.bro
bro -b ../send.bro
-----------
<<< [72978] bro -b ../recv.bro
received termination signal
>>>
<<< [72998] bro -b ../send.bro
received termination signal
>>>
------
Adam J. Slagell
Director, Cybersecurity & Networking Division
Chief Information Security Officer
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
www.slagell.info
"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
More information about the bro-dev
mailing list