The first test failure was fixed after the release of 2.5.1. The second failure looks like another race condition (try again a few times and it will likely pass).
On 10/4/17 1:57 PM, Slagell, Adam J wrote: > I had no problems after the upgrade to High Sierra on my “production” box, > and I had no troubles compiling Bro 2.5.1 on my laptop. > > I did, however, get a two errors in the test suite. > > core.truncation ... failed > % 'btest-diff output' failed unexpectedly (exit code 1) > % cat .diag > == File =============================== > #separator \x09 > #set_separator , > #empty_field (empty) > #unset_field - > #path weird > #open 2017-10-04-18-48-40 > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string > bool string > 1334160095.895421 - - - - - truncated_IP > bro > #close 2017-10-04-18-48-40 > #separator \x09 > #set_separator , > #empty_field (empty) > #unset_field - > #path weird > #open 2017-10-04-18-48-41 > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string > bool string > 1334156241.519125 - - - - - truncated_IP > bro > #close 2017-10-04-18-48-41 > #separator \x09 > #set_separator , > #empty_field (empty) > #unset_field - > #path weird > #open 2017-10-04-18-48-41 > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string > bool string > 1334094648.590126 - - - - - truncated_IP > bro > #close 2017-10-04-18-48-41 > #separator \x09 > #set_separator , > #empty_field (empty) > #unset_field - > #path weird > #open 2017-10-04-18-48-43 > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string > bool string > 1338328954.078361 - - - - - > internally_truncated_header - F bro > #close 2017-10-04-18-48-43 > #separator \x09 > #set_separator , > #empty_field (empty) > #unset_field - > #path weird > #open 2017-10-04-18-48-43 > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string > bool string > 1404148886.981015 - - - - - > bad_IP_checksumbro > 1404148887.011158 CHhAvVGS1DHFjwGM9 192.168.4.149 51293 > 72.21.91.29 443 bad_TCP_checksum - F bro > #close 2017-10-04-18-48-43 > == Diff =============================== > --- /tmp/test-diff.62112.output.baseline.tmp 2017-10-04 > 18:48:43.000000000 +0000 > +++ /tmp/test-diff.62112.output.tmp 2017-10-04 18:48:43.000000000 > +0000 > @@ -46,5 +46,6 @@ > #open XXXX-XX-XX-XX-XX-XX > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string > bool string > -0.000000 - - - - - truncated_link_header > bro > +XXXXXXXXXX.XXXXXX - - - - - > bad_IP_checksumbro > +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 51293 > 72.21.91.29 443 bad_TCP_checksum - F bro > #close XXXX-XX-XX-XX-XX-XX > ======================================= > > % cat .stderr > 1404148887.011158 warning in > /Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-checksum-offloading.bro, > line 54: Your trace file likely has invalid IP and TCP checksums, most > likely from NIC checksum offloading. By default, packets with invalid > checksums are discarded by Bro unless using the -C command-line option or > toggling the 'ignore_checksums' variable. Alternatively, disable checksum > offloading by the network adapter to ensure Bro analyzes the actual checksums > that are transmitted. > 1404148887.011158 warning in > /Users/slagell/Downloads/bro-2.5.1/scripts/base/misc/find-filtered-trace.bro, > line 48: The analyzed trace file was determined to contain only TCP control > packets, which may indicate it's been pre-filtered. By default, Bro reports > the missing segments for this type of trace, but the 'detect_filtered_trace' > option may be toggled if that's not desired. > > istate.bro-ipv6-socket ... failed > % 'btest-bg-wait 20' failed unexpectedly (exit code 1) > % cat .stderr > The following processes did not terminate: > > bro -b ../recv.bro > bro -b ../send.bro > > ----------- > <<< [72978] bro -b ../recv.bro > received termination signal > >>> > <<< [72998] bro -b ../send.bro > received termination signal > >>> > > ------ > > Adam J. Slagell > Director, Cybersecurity & Networking Division > Chief Information Security Officer > National Center for Supercomputing Applications > University of Illinois at Urbana-Champaign > www.slagell.info > > "Under the Illinois Freedom of Information Act (FOIA), any written > communication to or from University employees regarding University business > is a public record and may be subject to public disclosure." > > > > > > > > > > _______________________________________________ > bro-dev mailing list > bro-dev@bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev