Project

General

Profile

Bug #2955

lua issues on arm (fedora:29)

Added by Victor Julien about 2 months ago. Updated about 2 months ago.

Status:
Assigned
Priority:
High
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The suricata-verify 'lua-output-dns' test fails because the produced logfile contains some strange values:

05/24/2016-23:27:01.960780 [**] Query TX 2b2ea9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:53679 -> 10.16.1.1:53
05/24/2016-23:27:02.832606 [**] Query TX 2b10a9628 [**] block.dropbox.com [**] A [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:04.653864 [**] Query TX 2b06a9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:57634 -> 10.16.1.1:53
10/14/2016-15:40:21.889830 [**] Query TX 2b42aa6a8 [**] d98cf633-97be-406f-9e39-bd8fc0cbdea4.com [**] A [**] 10.16.1.11:40697 -> 10.16.1.1:53
05/24/2016-23:27:02.333141 [**] Query TX 2b2ea9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:53679 -> 10.16.1.1:53
05/24/2016-23:27:02.333141 [**] Response TX 2b2ea9628 [**] client-cf.dropbox.com [**] A [**] TTL 77968877786497092 [**] 52.85.112.21 [**] 10.16.1.11:53679 -> 10.16.1.1:53
05/24/2016-23:27:03.085375 [**] Query TX 2b10a9628 [**] codemonkey.net [**] A [**] 10.16.1.11:33458 -> 10.16.1.1:53
05/24/2016-23:27:04.654238 [**] Query TX 2b06a9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:57634 -> 10.16.1.1:53
05/24/2016-23:27:04.654238 [**] Response TX 2b06a9628 [**] client-cf.dropbox.com [**] A [**] TTL 77968877786497092 [**] 52.85.112.21 [**] 10.16.1.11:57634 -> 10.16.1.1:53
10/14/2016-15:40:21.971664 [**] Query TX 2b42aa6a8 [**] d98cf633-97be-406f-9e39-bd8fc0cbdea4.com [**] A [**] 10.16.1.11:40697 -> 10.16.1.1:53
10/14/2016-15:40:21.971664 [**] Response TX 2b42aa6a8 [**] NXDOMAIN [**] 10.16.1.11:40697 -> 10.16.1.1:53
10/14/2016-15:40:21.971664 [**] Response TX 2b42aa6a8 [**] com [**] SOA [**] TTL 77968877786497092 [**] 10.16.1.11:40697 -> 10.16.1.1:53
05/24/2016-23:27:03.213624 [**] Query TX 2b10a9628 [**] block.dropbox.com [**] A [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:03.213624 [**] Response TX 2b10a9628 [**] block.g1.dropbox.com [**] A [**] TTL 77968877786497092 [**] 45.58.70.33 [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:03.213624 [**] Response TX 2b10a9628 [**] block.dropbox.com [**] CNAME [**] TTL 77968877786497092 [**] block.g1.dropbox.com [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:03.493333 [**] Query TX 2b10a9d48 [**] codemonkey.net [**] A [**] 10.16.1.11:33458 -> 10.16.1.1:53
05/24/2016-23:27:03.493333 [**] Response TX 2b10a9d48 [**] codemonkey.net [**] A [**] TTL 77968877786497092 [**] 104.131.202.103 [**] 10.16.1.11:33458 -> 10.16.1.1:53

The id's are wrong and the ttl values look rather suspect.

Setup:

Docker on ARM (32 bit) with fedora:29 image.

Test 'dns-lua-rules' also fails. The EVE log DNS records look normal, so I wonder if the lua-rust layer is mangling types.

History

#1

Updated by Victor Julien about 2 months ago

  • Status changed from New to Assigned
  • Assignee set to Jason Ish
  • Priority changed from Normal to High
  • Target version set to 5.0rc1

Jason can you have a look? I can see that Rust has the values correctly, but somehow they get mangled when the Lua script accesses them. Not really sure how to analyse.

Also available in: Atom PDF