Project

General

Profile

Actions

Bug #4760

closed

openbsd 7.0: SV failures with "bad dump file format"

Added by Victor Julien 11 months ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

[3962] 18/10/2021 -- 12:43:12 - (source-pcap-file.c:270) <Warning> (ReceivePcapFileThreadInit) -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed to init pcap file /home/victor/dev/suricata-verify/tests/bug-2646-01/input.pcap, skipping

Quite a few failures

-bash-5.1$ python3.8 ../suricata-verify/run.py -q                                                                                                                                                                                                                                                                             
===> bug-2646-01: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'dest_ip': '151.101.36.133', 'dest_port': 443, 'event_type': 'tls', 'pcap_cnt': 12, 'proto': 'TCP', 'src_ip': '192.168.0.253', 'src_port': 49584, 'tls.fingerprint': 'cc:aa:48:48:66:46:0e:91:53:2c:9c:7c:23:2a:b1:74:4d:29:
9d:33', 'tls.issuerdn': 'C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA', 'tls.notafter': '2020-05-13T12:00:00', 'tls.notbefore': '2017-03-23T00:00:00', 'tls.serial': '08:3A:84:59:2F:77:F2:E7:95:1B:F8:87:CE:DE:C9:66', 'tls.sni': 'raw.githubusercontent.com', 'tls.subject': 'C=US, 
ST=California, L=San Francisco, O=GitHub, Inc., CN=www.github.com', 'tls.version': 'TLS 1.2'}}
===> bug-2646-01: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'tls', 'dest_ip': '151.101.36.133', 'dest_port': 443, 'event_type': 'flow', 'flow.age': 57, 'flow.alerted': False, 'flow.bytes_toclient': 6151, 'flow.bytes_toserver': 1584, 'flow.pkts_toclient': 19, 'flow.pk
ts_toserver': 10, 'flow.reason': 'shutdown', 'flow.state': 'closed', 'proto': 'TCP', 'src_ip': '192.168.0.253', 'src_port': 49584, 'tcp.ack': True, 'tcp.fin': True, 'tcp.psh': True, 'tcp.state': 'last_ack', 'tcp.syn': True, 'tcp.tcp_flags': '1b', 'tcp.tcp_flags_tc': '1b', 'tcp.tcp_flags_ts': '1b'}}
===> bug-2646-02: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'dest_ip': '151.101.36.133', 'dest_port': 443, 'event_type': 'tls', 'pcap_cnt': 9, 'proto': 'TCP', 'src_ip': '192.168.0.253', 'src_port': 50282, 'tls.fingerprint': 'cc:aa:48:48:66:46:0e:91:53:2c:9c:7c:23:2a:b1:74:4d:29:9
d:33', 'tls.issuerdn': 'C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA', 'tls.notafter': '2020-05-13T12:00:00', 'tls.notbefore': '2017-03-23T00:00:00', 'tls.serial': '08:3A:84:59:2F:77:F2:E7:95:1B:F8:87:CE:DE:C9:66', 'tls.sni': 'raw.githubusercontent.com', 'tls.subject': 'C=US, S
T=California, L=San Francisco, O=GitHub, Inc., CN=www.github.com', 'tls.version': 'TLS 1.2'}}
===> bug-2646-02: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'tls', 'dest_ip': '151.101.36.133', 'dest_port': 443, 'event_type': 'flow', 'flow.age': 0, 'flow.alerted': False, 'flow.bytes_toclient': 15602, 'flow.bytes_toserver': 1778, 'flow.pkts_toclient': 14, 'flow.pk
ts_toserver': 13, 'flow.reason': 'shutdown', 'flow.state': 'closed', 'proto': 'TCP', 'src_ip': '192.168.0.253', 'src_port': 50282, 'tcp.ack': True, 'tcp.fin': True, 'tcp.psh': True, 'tcp.rst': True, 'tcp.state': 'closed', 'tcp.syn': True, 'tcp.tcp_flags': '1f', 'tcp.tcp_flags_tc': '1b', 'tcp.tcp_flags_ts': '1e'}}
===> dns-udp-eve-log-srv: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'dns', 'dns.type': 'query', 'dns.rrname': '_sip._udp.sip.voice.google.com', 'dns.rrtype': 'SRV'}}
===> dns-udp-eve-log-srv: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'dns', 'dns.type': 'answer', 'dns.rrname': '_sip._udp.sip.voice.google.com', 'dns.rrtype': 'SRV', 'dns.rcode': 'NOERROR', 'dns.answers[0].srv.priority': 20, 'dns.answers[0].srv.weight': 1, 'dns.answ
ers[0].srv.port': 5060, 'dns.answers[0].srv.name': 'sip-anycast-2.voice.google.com', 'dns.answers[1].srv.priority': 10, 'dns.answers[1].srv.weight': 1, 'dns.answers[1].srv.port': 5060, 'dns.answers[1].srv.name': 'sip-anycast-1.voice.google.com'}}
===> dns-udp-null: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'dns', 'dns.type': 'query', 'dns.rrtype': 'NULL'}}
===> dns-udp-null: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'dns', 'dns.type': 'answer', 'dns.rcode': 'NOERROR', 'dns.rrtype': 'NULL', 'dns.answers[0].rdata': 'VACKD\x03\\xc5\\xe9\x01'}}
===> http-urldecode-body: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'alert', 'alert.signature_id': 1}}
===> http2-bugfixes: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'requires': {'features': ['HTTP2_DECOMPRESSION']}, 'count': 1, 'match': {'event_type': 'fileinfo', 'fileinfo.size': 639}}
===> http2-bugfixes: Sub test #3: FAIL : expected 1 matches; got 0 for filter {'requires': {'features': ['HTTP2_DECOMPRESSION']}, 'count': 1, 'match': {'event_type': 'fileinfo', 'fileinfo.size': 880}}
===> http2-bugfixes: Sub test #4: FAIL : expected 4 matches; got 0 for filter {'count': 4, 'match': {'event_type': 'alert', 'alert.signature_id': 10}}
===> output-eve-ftp-data: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'ftp_data'}}
===> output-eve-ftp-data: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'alert', 'alert.signature_id': 1}}
===> output-eve-ftp-data: Sub test #3: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'alert', 'alert.signature_id': 2}}
===> output-eve-ftp-data: Sub test #4: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'alert', 'alert.signature_id': 3}}
===> output-eve-ftp-data: Sub test #5: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'ftp_data', 'ftp_data.filename': 'temp.txt', 'ftp_data.command': 'RETR'}}
===> tcp-fastopen-09: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'flow'}}
===> tcp-protodetect-bailout: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'event_type': 'flow'}}


Subtasks 1 (0 open1 closed)

Task #4761: ci: fix SV pcapng checkClosedVictor JulienActions
Actions #1

Updated by Victor Julien 11 months ago

It seems to relate closely, but not perfectly, with pcapng captures.

./dns-udp-null/dns-tunnel-iodine.pcap: pcapng capture file - version 1.0
./bug-2646-01/input.pcap: pcapng capture file - version 1.0
./unknown-private-bug-990-01/input.pcap: pcapng capture file - version 1.0
./dns-udp-eve-log-srv/input.pcap: pcapng capture file - version 1.0
./output-eve-ftp-data/input.pcap: pcapng capture file - version 1.0
./detect-dotprefix-03/input.pcap: pcapng capture file - version 1.0
./bug-2646-02/input.pcap: pcapng capture file - version 1.0
./http2-bugfixes/input.pcap: pcapng capture file - version 1.0
./tcp-protodetect-bailout/input.pcap: pcapng capture file - version 1.0

Actions #3

Updated by Victor Julien 11 months ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to QA
Actions #4

Updated by Victor Julien 11 months ago

  • Status changed from Assigned to Closed

https://github.com/OISF/suricata-verify/pull/564

PASSED:  956
FAILED:  0
SKIPPED: 37
Actions

Also available in: Atom PDF