[Bro-Dev] Bro working well on Mac OS High Sierra, just a couple test failures

Daniel Thayer dnthayer at illinois.edu
Wed Oct 4 12:14:38 PDT 2017 

The first test failure was fixed after the release of 2.5.1.  The second
failure looks like another race condition (try again a few times and it
will likely pass).


On 10/4/17 1:57 PM, Slagell, Adam J wrote:
> I had no problems after the upgrade to High Sierra on my “production” box, and I had no troubles compiling Bro 2.5.1 on my laptop.
> 
> I did, however, get a two errors in the test suite.
> 
> core.truncation ... failed
>    % 'btest-diff output' failed unexpectedly (exit code 1)
>    % cat .diag
>    == File ===============================
>    #separator \x09
>    #set_separator	,
>    #empty_field	(empty)
>    #unset_field	-
>    #path	weird
>    #open	2017-10-04-18-48-40
>    #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
>    #types	time	string	addr	port	addr	port	string	string	bool	string
>    1334160095.895421	-	-	-	-	-	truncated_IP	bro
>    #close	2017-10-04-18-48-40
>    #separator \x09
>    #set_separator	,
>    #empty_field	(empty)
>    #unset_field	-
>    #path	weird
>    #open	2017-10-04-18-48-41
>    #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
>    #types	time	string	addr	port	addr	port	string	string	bool	string
>    1334156241.519125	-	-	-	-	-	truncated_IP	bro
>    #close	2017-10-04-18-48-41
>    #separator \x09
>    #set_separator	,
>    #empty_field	(empty)
>    #unset_field	-
>    #path	weird
>    #open	2017-10-04-18-48-41
>    #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
>    #types	time	string	addr	port	addr	port	string	string	bool	string
>    1334094648.590126	-	-	-	-	-	truncated_IP	bro
>    #close	2017-10-04-18-48-41
>    #separator \x09
>    #set_separator	,
>    #empty_field	(empty)
>    #unset_field	-
>    #path	weird
>    #open	2017-10-04-18-48-43
>    #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
>    #types	time	string	addr	port	addr	port	string	string	bool	string
>    1338328954.078361	-	-	-	-	-	internally_truncated_header	-	F	bro
>    #close	2017-10-04-18-48-43
>    #separator \x09
>    #set_separator	,
>    #empty_field	(empty)
>    #unset_field	-
>    #path	weird
>    #open	2017-10-04-18-48-43
>    #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
>    #types	time	string	addr	port	addr	port	string	string	bool	string
>    1404148886.981015	-	-	-	-	-	bad_IP_checksumbro
>    1404148887.011158	CHhAvVGS1DHFjwGM9	192.168.4.149	51293	72.21.91.29	443	bad_TCP_checksum	-	F	bro
>    #close	2017-10-04-18-48-43
>    == Diff ===============================
>    --- /tmp/test-diff.62112.output.baseline.tmp	2017-10-04 18:48:43.000000000 +0000
>    +++ /tmp/test-diff.62112.output.tmp	2017-10-04 18:48:43.000000000 +0000
>    @@ -46,5 +46,6 @@
>     #open XXXX-XX-XX-XX-XX-XX
>     #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
>     #types	time	string	addr	port	addr	port	string	string	bool	string
>    -0.000000	-	-	-	-	-	truncated_link_header	bro
>    +XXXXXXXXXX.XXXXXX	-	-	-	-	-	bad_IP_checksumbro
>    +XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.4.149	51293	72.21.91.29	443	bad_TCP_checksum	-	F	bro
>     #close XXXX-XX-XX-XX-XX-XX
>    =======================================
> 
>    % cat .stderr
>    1404148887.011158 warning in /Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-checksum-offloading.bro, line 54: Your trace file likely has invalid IP and TCP checksums, most likely from NIC checksum offloading.  By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable.  Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.
>    1404148887.011158 warning in /Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-filtered-trace.bro, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered.  By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired.
> 
> istate.bro-ipv6-socket ... failed
>    % 'btest-bg-wait 20' failed unexpectedly (exit code 1)
>    % cat .stderr
>    The following processes did not terminate:
>    
>    bro -b ../recv.bro
>    bro -b ../send.bro
>    
>    -----------
>    <<< [72978] bro -b ../recv.bro
>    received termination signal
>    >>>
>    <<< [72998] bro -b ../send.bro
>    received termination signal
>    >>>
> 
> ------
> 
> Adam J. Slagell
> Director, Cybersecurity & Networking Division
> Chief Information Security Officer
> National Center for Supercomputing Applications
> University of Illinois at Urbana-Champaign
> www.slagell.info
> 
> "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>

More information about the bro-dev mailing list