Project

General

Profile

Actions
Copy link

Bug #18

closed

unclear error message when user fails to specify a conf file

Added by Will Metcalf over 14 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Gurvinder Singh
Target version:
0.8.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

When a user fails to specify a conf file via -c the error received is

"ERROR: loading signatures failed."

I believe this has to do with the fact that the static sigs inside of SigLoadSignatures use the HTTP_PORTS var which isn't set without the config file

Regards,

Will

Files

0001-fixed-bug-18.patch (1.75 KB) 0001-fixed-bug-18.patch Gurvinder Singh, 12/27/2009 07:56 AM
Actions
Copy link
 #1

Updated by Gurvinder Singh over 14 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Gurvinder Singh

When we run the engine as

./src/suricata -i wlan0

it causes segv the report is attached.

Starting program: /home/guri/oisf/src/suricata i wlan0
[Thread debugging using libthread_db enabled]
sc_log_global_log_level: 7
sc_lc>log_format: %t - (%f:%l) <%d> (%n) --
SCLogSetOPFilter: filter: <no filter>
27/11/2009 -- 18:50:15 - (suricata.c:563) <Info> (main) -- preallocating packets... packet size 87460
27/11/2009 -- 18:50:15 - (suricata.c:577) <Info> (main) -- preallocating packets... done: total memory 4373000
27/11/2009 -- 18:50:15 - (flow.c:373) <Info> (FlowInitConfig) -- initializing flow engine...
27/11/2009 -- 18:50:15 - (flow.c:413) <Info> (FlowInitConfig) -- allocated 1835008 bytes of memory for the flow hash... 65536 buckets of size 28
27/11/2009 -- 18:50:15 - (flow.c:427) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 140
27/11/2009 -- 18:50:15 - (flow.c:429) <Info> (FlowInitConfig) -- flow memory usage: 1835008 bytes, maximum: 33554432
27/11/2009 -- 18:50:15 - (suricata.c:594) <Error> (main) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(23)] - Loading signatures failed.

[New Thread 0xb7e546c0 (LWP 28976)]
[New Thread 0xb7c92b90 (LWP 28977)]
27/11/2009 -- 18:50:15 - (source-pcap.c:175) <Info> (ReceivePcapThreadInit) -- using interface wlan0
[New Thread 0xb7491b90 (LWP 28978)]
[New Thread 0xb6c90b90 (LWP 28979)]
[New Thread 0xb61fab90 (LWP 28980)]
[New Thread 0xb59f9b90 (LWP 28981)]
[New Thread 0xb51f8b90 (LWP 28982)]
[New Thread 0xb49f7b90 (LWP 28983)]
[New Thread 0xb41f6b90 (LWP 28984)]
[New Thread 0xb39f5b90 (LWP 28985)]
[New Thread 0xb31f4b90 (LWP 28986)]
[New Thread 0xb29f3b90 (LWP 28987)]
[New Thread 0xb21f2b90 (LWP 28988)]
[New Thread 0xb19f1b90 (LWP 28989)]
[New Thread 0xb11f0b90 (LWP 28990)]
[New Thread 0xb09efb90 (LWP 28991)]
[New Thread 0xb01eeb90 (LWP 28992)]
27/11/2009 -- 18:50:15 - (tm-threads.c:1141) <Info> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 3 management threads initialized, engine started.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb49f7b90 (LWP 28983)]
0x080da59e in HashListTableLookup (ht=0x0, data=0x8b8df18, datalen=0)
at util-hashlist.c:223
223 uint32_t hash = ht->Hash(ht, data, datalen);
(gdb) bt
#0 0x080da59e in HashListTableLookup (ht=0x0, data=0x8b8df18, datalen=0)
at util-hashlist.c:223
#1 0x08094aac in IPOnlyMatchPacket (de_ctx=0x8a6a650, io_ctx=0x8a6c6dc,
io_tctx=0x8b8dec0, p=0x84df3a0) at detect-engine-iponly.c:318
#2 0x0806d4a6 in SigMatchSignatures (th_v=0x8b8dc88, de_ctx=0x8a6a650,
det_ctx=0x8b8de08, p=0x84df3a0) at detect.c:569
#3 0x0806e12c in Detect (tv=0x8b8dc88, p=0x8b8dec0, data=0x8b8df18,
pq=0x8b8dd18) at detect.c:823
#4 0x080f0e7c in TmThreadsSlot1 (td=0x8b8dc88) at tm-threads.c:325
#5 0xb80104ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6 0xb7f3a49e in clone () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt full
#0 0x080da59e in HashListTableLookup (ht=0x0, data=0x8b8df18, datalen=0)
at util-hashlist.c:223
hash = <value optimized out>
hashbucket = <value optimized out>
#1 0x08094aac in IPOnlyMatchPacket (de_ctx=0x8a6a650, io_ctx=0x8a6c6dc,
io_tctx=0x8b8dec0, p=0x84df3a0) at detect-engine-iponly.c:318
src = <value optimized out>
dst = <value optimized out>
u = <value optimized out>
idx = <value optimized out>
#2 0x0806d4a6 in SigMatchSignatures (th_v=0x8b8dc88, de_ctx=0x8a6a650,
det_ctx=0x8b8de08, p=0x84df3a0) at detect.c:569
match = <value optimized out>
fmatch = <value optimized out>
s = <value optimized out>
sm = <value optimized out>
idx = <value optimized out>
sig = <value optimized out>
FUNCTION = "SigMatchSignatures"
#3 0x0806e12c in Detect (tv=0x8b8dc88, p=0x8b8dec0, data=0x8b8df18,
pq=0x8b8dd18) at detect.c:823
de_ctx = <value optimized out>
#4 0x080f0e7c in TmThreadsSlot1 (td=0x8b8dc88) at tm-threads.c:325
---Type <return> to continue, or q <return> to quit---
s = (Tm1Slot *) 0x8b8dd00
p = (Packet *) 0x84df3a0
r = <value optimized out>
FUNCTION = "TmThreadsSlot1"
#5 0xb80104ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6 0xb7f3a49e in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Actions
Copy link
 #2

Updated by Gurvinder Singh over 14 years ago

Here is the patch which fixed the given the issue.

Actions
Copy link
 #3

Updated by Victor Julien over 14 years ago

I don't think it's much better now, see:

  1. ./src/suricata i eth0 -s /home/victor/rules/web-client.rules
    sc_log_global_log_level: 7
    sc_lc    >log_format: %t - (%f:%l) <%d> (%n) --
    SCLogSetOPFilter: filter: <no filter>
    27/11/2009 -- 17:07:27 - (suricata.c:425) <Error> (main) -- [ERRCODE: SC_ERR_OPENING_FILE(20)] - Configuration file has not been provided
    27/11/2009 -- 17:07:27 - (suricata.c:565) <Info> (main) -- preallocating packets... packet size 87480
    27/11/2009 -- 17:07:27 - (suricata.c:579) <Info> (main) -- preallocating packets... done: total memory 4374000
    27/11/2009 -- 17:07:27 - (flow.c:373) <Info> (FlowInitConfig) -- initializing flow engine...
    27/11/2009 -- 17:07:27 - (flow.c:413) <Info> (FlowInitConfig) -- allocated 1835008 bytes of memory for the flow hash... 65536 buckets of size 28
    27/11/2009 -- 17:07:27 - (flow.c:427) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 140
    27/11/2009 -- 17:07:27 - (flow.c:429) <Info> (FlowInitConfig) -- flow memory usage: 1835008 bytes, maximum: 33554432
    27/11/2009 -- 17:07:27 - (suricata.c:599) <Error> (main) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(23)] - Loading signatures failed.
    27/11/2009 -- 17:07:27 - (source-pcap.c:175) <Info> (ReceivePcapThreadInit) -- using interface eth0
    27/11/2009 -- 17:07:27 - (tm-threads.c:1141) <Info> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 3 management threads initialized, engine started.
Actions
Copy link
 #4

Updated by Gurvinder Singh over 14 years ago

Check the first error in your output

27/11/2009 -- 17:07:27 - (suricata.c:425) <Error> (main) -- [ERRCODE: SC_ERR_OPENING_FILE(20)] - Configuration file has not been provided

the error

27/11/2009 -- 17:07:27 - (suricata.c:599) <Error> (main) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(23)] - Loading signatures failed.

occurs when SigLoadSignatures() failed to load sigs, otherwise if no sig file has been given then error occur as

27/11/2009 -- 21:57:10 - (suricata.c:597) <Error> (main) -- [ERRCODE: SC_ERR_OPENING_FILE(20)] - Signature file has not been provided

Actions
Copy link
 #5

Updated by Will Metcalf over 14 years ago

Hmmm I think we should exit immediately following the error line that has to do with the missing configuration file, otherwise I believe it is unclear what the real issue is.

Actions
Copy link
 #6

Updated by Gurvinder Singh over 14 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Patch applied

Actions
Copy link
 #7

Updated by Nabil Alaoui over 4 years ago

Any updates on this? I see it's been closed but I'm still wondering.

Nabil
(edited by Victor Julien to remove self advertisement link)
CS Student - Chalmers University of Technology

Actions
Copy link
 #8

Updated by Victor Julien over 4 years ago

Please don't post (off topic) self advertisement links as part of your messages.

Actions
Copy link

Also available in: Atom PDF