[jira] [Commented] (METRON-1910) bro plugin segfaults on src/KafkaWriter.cc:72

ASF GitHub Bot (JIRA) Wed, 28 Nov 2018 08:03:28 -0800


    [ 
https://issues.apache.org/jira/browse/METRON-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16702065#comment-16702065
 ]


ASF GitHub Bot commented on METRON-1910:
----------------------------------------

GitHub user JonZeolla opened a pull request:

    https://github.com/apache/metron-bro-plugin-kafka/pull/20

    METRON-1910: bro plugin segfaults on src/KafkaWriter.cc:72

    ## Contributor Comments
    Bro was segfaulting on the KafkaWriter.cc destructor because it was 
attempting to destroy things that didn't exist.
    
    ### Testing
    Spin up apache/metron full-dev with `vagrant 
--ansible-skip-tags="sensor-stubs,solr" up` and then run bro against some pcap, 
such as:
    ```
    vagrant ssh
    sudo su -
    export PATH=$PATH:/usr/local/bro/bin:/usr/hdp/current/kafka-broker/bin
    service pcap-replay restart
    broctl stop || broctl stop # Handle bro crashes on shutdown
    service snort-producer stop
    Service snortd stop
    Service yaf stop
    yum -y install wireshark
    sed -i 's/redef Kafka::logs_to_send = .*/redef Kafka::logs_to_send = 
set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, 
Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, 
SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, Known::DEVICES_LOG, RFB::LOG, 
Stats::LOG, CaptureLoss::LOG, SIP::LOG);/' 
/usr/local/bro/share/bro/site/local.bro
    echo "redef Kafka::logs_to_exclude = set(Conn::LOG, DHCP::LOG);" >> 
/usr/local/bro/share/bro/site/local.bro
    echo "redef Known::cert_tracking = ALL_HOSTS;" >> 
/usr/local/bro/share/bro/site/local.bro
    echo "redef Software::asset_tracking = ALL_HOSTS;" >> 
/usr/local/bro/share/bro/site/local.bro
    sed -i '86 a @load policy/protocols/dhcp/known-devices-and-hostnames.bro' 
/usr/local/bro/share/bro/site/local.bro
    screen
    kafka-console-consumer.sh --zookeeper localhost:2181 --topic bro
    # New screen window
    for folder in nitroba example-traffic ssh ftp radius rfb; do mkdir -p 
~/brotmp/${folder}; done
    wget https://www.bro.org/static/traces/exercise-traffic.pcap -O 
~/brotmp/example-traffic/exercise-traffic.pcap
    wget 
http://downloads.digitalcorpora.org/corpora/network-packet-dumps/2008-nitroba/nitroba.pcap
 -O ~/brotmp/nitroba/nitroba.pcap
    wget https://www.bro.org/static/traces/ssh.pcap -O ~/brotmp/ssh/ssh.pcap
    wget 
https://github.com/markofu/pcaps/blob/master/PracticalPacketAnalysis/ppa-capture-files/ftp.pcap?raw=true
 -O ~/brotmp/ftp/ftp.pcap
    wget 
https://github.com/EmpowerSecurityAcademy/wireshark/blob/master/radius_localhost.pcapng?raw=true
 -O ~/brotmp/radius/radius_localhost.pcapng
    wget 
https://github.com/kholia/my-pcaps/blob/master/VNC/07-vnc-openwall-3.7.pcap?raw=true
 -O ~/brotmp/rfb/rfb.pcap
    cd ~/brotmp/example-traffic
    bro -r exercise-traffic.pcap /usr/local/bro/share/bro/site/local.bro -C
    cd ~/brotmp/nitroba
    bro -r nitroba.pcap /usr/local/bro/share/bro/site/local.bro -C
    cd ~/brotmp/ssh
    bro -r ssh.pcap /usr/local/bro/share/bro/site/local.bro -C
    cd ~/brotmp/ftp
    bro -r ftp.pcap /usr/local/bro/share/bro/site/local.bro -C
    cd ~/brotmp/radius
    editcap -F libpcap radius_localhost.pcapng radius_localhost.pcap
    bro -r radius_localhost.pcap /usr/local/bro/share/bro/site/local.bro -C
    cd ~/brotmp/rfb
    bro -r rfb.pcap /usr/local/bro/share/bro/site/local.bro -C
    ```
    
    Notice that after each pcap is done processing it doesn't segfault.
    
    ## Pull Request Checklist
    
    Thank you for submitting a contribution to Apache Metron's Bro kafka writer 
plugin.
    
    In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:
    
    ### For all changes:
    - [X] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
    - [X] Does your PR title start with METRON-XXXX where XXXX is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
    - [X] Has your PR been rebased against the latest commit within the target 
branch (typically master)?
    
    ### For code changes:
    - [X] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
    - [X] Have you included steps or a guide to how the change may be verified 
and tested manually?
    - [X] Have you ensured that the full suite of tests and checks have been 
executed via:
      ```
      bro-pkg test $GITHUB_USERNAME/metron-bro-plugin-kafka --version $BRANCH
      ```
    - [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
    - [ ] Have you verified the basic functionality of the build by building 
and running locally with Apache Metron's [Vagrant full-dev 
environment](https://github.com/apache/metron/tree/master/metron-deployment/development/centos6)
 or the equivalent?

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/JonZeolla/metron-bro-plugin-kafka METRON-1910

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/metron-bro-plugin-kafka/pull/20.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #20
    
----
commit a6663ff8f100686199c4e49c138fc2befc3bffe9
Author: Jon Zeolla <zeolla@...>
Date:   2018-11-28T15:10:48Z

    METRON-1910: bro plugin segfaults on src/KafkaWriter.cc:72

----


> bro plugin segfaults on src/KafkaWriter.cc:72
> ---------------------------------------------
>
>                 Key: METRON-1910
>                 URL: https://issues.apache.org/jira/browse/METRON-1910
>             Project: Metron
>          Issue Type: Task
>            Reporter: Jon Zeolla
>            Assignee: Jon Zeolla
>            Priority: Major
>
> I was testing metron-bro-plugin-kafka 0.3.0 rc1 and noticed that when I ran 
> pcaps against a bro instance it would segfault at the end of each run. Below 
> is what gdb tells me. Looks like this was somewhat recently changed @ 
> [https://github.com/apache/metron-bro-plugin-kafka/commit/1dfc5239fae31a64026188109d1e346ce93d5c02#diff-361be0491d615952129ed5c8f39c9683L57]
> {code}
>  [root@node1 cores]# gdb /usr/local/bro/bin/bro 
> core.bro.30769.node1.1543416558
>  GNU gdb (GDB) Red Hat Enterprise Linux (7.2-92.el6)
>  Copyright (C) 2010 Free Software Foundation, Inc.
>  License GPLv3+: GNU GPL version 3 or later 
> <[http://gnu.org/licenses/gpl.html]>
>  This is free software: you are free to change and redistribute it.
>  There is NO WARRANTY, to the extent permitted by law. Type "show copying"
>  and "show warranty" for details.
>  This GDB was configured as "x86_64-redhat-linux-gnu".
>  For bug reporting instructions, please see:
>  <[http://www.gnu.org/software/gdb/bugs/]>...
>  Reading symbols from /usr/local/bro/bin/bro...done.
>  [New Thread 30769]
>  Reading symbols from /usr/lib64/libpcap.so.1...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/libpcap.so.1
>  Reading symbols from /usr/lib64/libssl.so.10...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/libssl.so.10
>  Reading symbols from /usr/lib64/libcrypto.so.10...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/libcrypto.so.10
>  Reading symbols from /lib64/libresolv.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libresolv.so.2
>  Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
>  Loaded symbols for /lib64/libz.so.1
>  Reading symbols from /lib64/libpthread.so.0...(no debugging symbols 
> found)...done.
>  [Thread debugging using libthread_db enabled]
>  Loaded symbols for /lib64/libpthread.so.0
>  Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
>  Loaded symbols for /lib64/libdl.so.2
>  Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/libstdc++.so.6
>  Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
>  Loaded symbols for /lib64/libm.so.6
>  Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libgcc_s.so.1
>  Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
>  Loaded symbols for /lib64/libc.so.6
>  Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/ld-linux-x86-64.so.2
>  Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libgssapi_krb5.so.2
>  Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libkrb5.so.3
>  Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libcom_err.so.2
>  Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libk5crypto.so.3
>  Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libkrb5support.so.0
>  Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libkeyutils.so.1
>  Reading symbols from /lib64/libselinux.so.1...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libselinux.so.1
>  Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libnss_files.so.2
>  Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libnss_dns.so.2
>  Reading symbols from 
> /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka//lib/APACHE-KAFKA.linux-x86_64.so...done.
>  Loaded symbols for 
> /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka//lib/APACHE-KAFKA.linux-x86_64.so
>  Reading symbols from /usr/local/lib/librdkafka++.so.1...done.
>  Loaded symbols for /usr/local/lib/librdkafka++.so.1
>  Reading symbols from /usr/local/lib/librdkafka.so.1...done.
>  Loaded symbols for /usr/local/lib/librdkafka.so.1
>  Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/libsasl2.so.2
>  Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
>  Loaded symbols for /lib64/librt.so.1
>  Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libcrypt.so.1
>  Reading symbols from /lib64/libfreebl3.so...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libfreebl3.so
>  Reading symbols from /usr/lib64/sasl2/libgssapiv2.so...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/sasl2/libgssapiv2.so
>  Reading symbols from /usr/lib64/sasl2/libplain.so...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/sasl2/libplain.so
>  Reading symbols from /usr/lib64/sasl2/libanonymous.so...(no debugging 
> symbols found)...done.
>  Loaded symbols for /usr/lib64/sasl2/libanonymous.so
>  Reading symbols from /usr/lib64/sasl2/libsasldb.so...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/sasl2/libsasldb.so
>  Reading symbols from /lib64/libdb-4.7.so...(no debugging symbols 
> found)...done.
>  Loaded symbols for /lib64/libdb-4.7.so
>  Reading symbols from /usr/lib64/sasl2/liblogin.so...(no debugging symbols 
> found)...done.
>  Loaded symbols for /usr/lib64/sasl2/liblogin.so
>  Core was generated by `bro -r nitroba.pcap 
> /usr/local/bro/share/bro/site/local.bro -C'.
>  Program terminated with signal 11, Segmentation fault.
>  #0 0x00007f1bca06f8b6 in logging::writer::KafkaWriter::~KafkaWriter 
> (this=0x5ef6a40, __in_chrg=<value optimized out>) at 
> /root/.bro-pkg/clones/package/metron-bro-plugin-kafka/src/KafkaWriter.cc:72
>  72 delete topic;
>  Missing separate debuginfos, use: debuginfo-install 
> cyrus-sasl-gssapi-2.1.23-15.el6_6.2.x86_64 
> cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64 
> cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-22.el6.x86_64 
> glibc-2.12-1.212.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
> krb5-libs-1.10.3-65.el6.x86_64 libcom_err-1.41.12-24.el6.x86_64 
> libgcc-4.4.7-23.el6.x86_64 libpcap-1.4.0-4.20130826git2dbcaa1.el6.x86_64 
> libselinux-2.0.94-7.el6.x86_64 libstdc++-4.4.7-23.el6.x86_64 
> nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 openssl-1.0.1e-57.el6.x86_64 
> zlib-1.2.3-29.el6.x86_64
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1910) bro plugin segfaults on src/KafkaWriter.cc:72

Reply via email to