[Bro-Dev] Bro working well on Mac OS High Sierra, just a couple test failures

Slagell, Adam J Wed, 04 Oct 2017 12:07:34 -0700

I had no problems after the upgrade to High Sierra on my “production” box, and 
I had no troubles compiling Bro 2.5.1 on my laptop.


I did, however, get a two errors in the test suite.

core.truncation ... failed
  % 'btest-diff output' failed unexpectedly (exit code 1)
  % cat .diag
  == File ===============================
  #separator \x09
  #set_separator        ,
  #empty_field  (empty)
  #unset_field  -
  #path weird
  #open 2017-10-04-18-48-40
  #fields       ts      uid     id.orig_h       id.orig_p       id.resp_h       
id.resp_p       name    addl    notice  peer
  #types        time    string  addr    port    addr    port    string  string  
bool    string
  1334160095.895421     -       -       -       -       -       truncated_IP    
bro
  #close        2017-10-04-18-48-40
  #separator \x09
  #set_separator        ,
  #empty_field  (empty)
  #unset_field  -
  #path weird
  #open 2017-10-04-18-48-41
  #fields       ts      uid     id.orig_h       id.orig_p       id.resp_h       
id.resp_p       name    addl    notice  peer
  #types        time    string  addr    port    addr    port    string  string  
bool    string
  1334156241.519125     -       -       -       -       -       truncated_IP    
bro
  #close        2017-10-04-18-48-41
  #separator \x09
  #set_separator        ,
  #empty_field  (empty)
  #unset_field  -
  #path weird
  #open 2017-10-04-18-48-41
  #fields       ts      uid     id.orig_h       id.orig_p       id.resp_h       
id.resp_p       name    addl    notice  peer
  #types        time    string  addr    port    addr    port    string  string  
bool    string
  1334094648.590126     -       -       -       -       -       truncated_IP    
bro
  #close        2017-10-04-18-48-41
  #separator \x09
  #set_separator        ,
  #empty_field  (empty)
  #unset_field  -
  #path weird
  #open 2017-10-04-18-48-43
  #fields       ts      uid     id.orig_h       id.orig_p       id.resp_h       
id.resp_p       name    addl    notice  peer
  #types        time    string  addr    port    addr    port    string  string  
bool    string
  1338328954.078361     -       -       -       -       -       
internally_truncated_header     -       F       bro
  #close        2017-10-04-18-48-43
  #separator \x09
  #set_separator        ,
  #empty_field  (empty)
  #unset_field  -
  #path weird
  #open 2017-10-04-18-48-43
  #fields       ts      uid     id.orig_h       id.orig_p       id.resp_h       
id.resp_p       name    addl    notice  peer
  #types        time    string  addr    port    addr    port    string  string  
bool    string
  1404148886.981015     -       -       -       -       -       
bad_IP_checksumbro
  1404148887.011158     CHhAvVGS1DHFjwGM9       192.168.4.149   51293   
72.21.91.29     443     bad_TCP_checksum        -       F       bro
  #close        2017-10-04-18-48-43
  == Diff ===============================
  --- /tmp/test-diff.62112.output.baseline.tmp  2017-10-04 18:48:43.000000000 
+0000
  +++ /tmp/test-diff.62112.output.tmp   2017-10-04 18:48:43.000000000 +0000
  @@ -46,5 +46,6 @@
   #open XXXX-XX-XX-XX-XX-XX
   #fields      ts      uid     id.orig_h       id.orig_p       id.resp_h       
id.resp_p       name    addl    notice  peer
   #types       time    string  addr    port    addr    port    string  string  
bool    string
  -0.000000     -       -       -       -       -       truncated_link_header   
bro
  +XXXXXXXXXX.XXXXXX    -       -       -       -       -       
bad_IP_checksumbro
  +XXXXXXXXXX.XXXXXX    CHhAvVGS1DHFjwGM9       192.168.4.149   51293   
72.21.91.29     443     bad_TCP_checksum        -       F       bro
   #close XXXX-XX-XX-XX-XX-XX
  =======================================

  % cat .stderr
  1404148887.011158 warning in 
/Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-checksum-offloading.bro,
 line 54: Your trace file likely has invalid IP and TCP checksums, most likely 
from NIC checksum offloading.  By default, packets with invalid checksums are 
discarded by Bro unless using the -C command-line option or toggling the 
'ignore_checksums' variable.  Alternatively, disable checksum offloading by the 
network adapter to ensure Bro analyzes the actual checksums that are 
transmitted.
  1404148887.011158 warning in 
/Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-filtered-trace.bro, 
line 48: The analyzed trace file was determined to contain only TCP control 
packets, which may indicate it's been pre-filtered.  By default, Bro reports 
the missing segments for this type of trace, but the 'detect_filtered_trace' 
option may be toggled if that's not desired.

istate.bro-ipv6-socket ... failed
  % 'btest-bg-wait 20' failed unexpectedly (exit code 1)
  % cat .stderr
  The following processes did not terminate:
  
  bro -b ../recv.bro
  bro -b ../send.bro
  
  -----------
  <<< [72978] bro -b ../recv.bro
  received termination signal
  >>>
  <<< [72998] bro -b ../send.bro
  received termination signal
  >>>

------

Adam J. Slagell
Director, Cybersecurity & Networking Division
Chief Information Security Officer
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
www.slagell.info

"Under the Illinois Freedom of Information Act (FOIA), any written 
communication to or from University employees regarding University business is 
a public record and may be subject to public disclosure." 









_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] Bro working well on Mac OS High Sierra, just a couple test failures

Reply via email to