Project

General

Profile

Actions

Bug #3325

closed

lua issues on arm (fedora:29) (4.1.x)

Added by Victor Julien over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The suricata-verify 'lua-output-dns' test fails because the produced logfile contains some strange values:

05/24/2016-23:27:01.960780 [**] Query TX 2b2ea9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:53679 -> 10.16.1.1:53
05/24/2016-23:27:02.832606 [**] Query TX 2b10a9628 [**] block.dropbox.com [**] A [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:04.653864 [**] Query TX 2b06a9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:57634 -> 10.16.1.1:53
10/14/2016-15:40:21.889830 [**] Query TX 2b42aa6a8 [**] d98cf633-97be-406f-9e39-bd8fc0cbdea4.com [**] A [**] 10.16.1.11:40697 -> 10.16.1.1:53
05/24/2016-23:27:02.333141 [**] Query TX 2b2ea9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:53679 -> 10.16.1.1:53
05/24/2016-23:27:02.333141 [**] Response TX 2b2ea9628 [**] client-cf.dropbox.com [**] A [**] TTL 77968877786497092 [**] 52.85.112.21 [**] 10.16.1.11:53679 -> 10.16.1.1:53
05/24/2016-23:27:03.085375 [**] Query TX 2b10a9628 [**] codemonkey.net [**] A [**] 10.16.1.11:33458 -> 10.16.1.1:53
05/24/2016-23:27:04.654238 [**] Query TX 2b06a9628 [**] client-cf.dropbox.com [**] A [**] 10.16.1.11:57634 -> 10.16.1.1:53
05/24/2016-23:27:04.654238 [**] Response TX 2b06a9628 [**] client-cf.dropbox.com [**] A [**] TTL 77968877786497092 [**] 52.85.112.21 [**] 10.16.1.11:57634 -> 10.16.1.1:53
10/14/2016-15:40:21.971664 [**] Query TX 2b42aa6a8 [**] d98cf633-97be-406f-9e39-bd8fc0cbdea4.com [**] A [**] 10.16.1.11:40697 -> 10.16.1.1:53
10/14/2016-15:40:21.971664 [**] Response TX 2b42aa6a8 [**] NXDOMAIN [**] 10.16.1.11:40697 -> 10.16.1.1:53
10/14/2016-15:40:21.971664 [**] Response TX 2b42aa6a8 [**] com [**] SOA [**] TTL 77968877786497092 [**] 10.16.1.11:40697 -> 10.16.1.1:53
05/24/2016-23:27:03.213624 [**] Query TX 2b10a9628 [**] block.dropbox.com [**] A [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:03.213624 [**] Response TX 2b10a9628 [**] block.g1.dropbox.com [**] A [**] TTL 77968877786497092 [**] 45.58.70.33 [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:03.213624 [**] Response TX 2b10a9628 [**] block.dropbox.com [**] CNAME [**] TTL 77968877786497092 [**] block.g1.dropbox.com [**] 10.16.1.11:49697 -> 10.16.1.1:53
05/24/2016-23:27:03.493333 [**] Query TX 2b10a9d48 [**] codemonkey.net [**] A [**] 10.16.1.11:33458 -> 10.16.1.1:53
05/24/2016-23:27:03.493333 [**] Response TX 2b10a9d48 [**] codemonkey.net [**] A [**] TTL 77968877786497092 [**] 104.131.202.103 [**] 10.16.1.11:33458 -> 10.16.1.1:53

The id's are wrong and the ttl values look rather suspect.

Setup:

Docker on ARM (32 bit) with fedora:29 image.

Test 'dns-lua-rules' also fails. The EVE log DNS records look normal, so I wonder if the lua-rust layer is mangling types.


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #2955: lua issues on arm (fedora:29)ClosedJason IshActions
Actions

Also available in: Atom PDF