Hi Seth,
I’m a colleague of Vito and I’m trying to customize Bro with SMB2 protocol analyzer .
I have got the latest version from GitHub and merged it with SMB2 version taken from Vladg topic; i’ve tried to run broctl after the merge, but later Bro crashes due to a SIGBUS event.
I’ve substituted src/analyzer/protocol/smb, src/analyzer/protocol/netbios, init-bare.bro and init-default.bro from SMB2 version to master version.
Below a snippet taken from “./broctl diag”:
Using host libthread_db library “/lib/x86_64-linux-gnu/libthread_db.so.1”.
Core was generated by `/usr/local/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p standalon’.
Program terminated with signal SIGBUS, Bus error.
#0 0x0000000000816193 in Serializer::Write (this=0x7fffc052fd00, v=35329, tag=0xb7a68f “stype”) at /home/danko/bro/src/Serializer.h:57
57 DECLARE_IO(uint16)
.
.
.
Thread 1 (Thread 0x7f3337201780 (LWP 22674)):
#0 0x0000000000816193 in Serializer::Write (this=0x7fffc052fd00, v=35329, tag=0xb7a68f “stype”) at /home/danko/bro/src/Serializer.h:57
#1 0x0000000000815fdc in SerialObj::DoSerialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/SerialObj.cc:268
#2 0x00000000007df8f6 in BroObj::DoSerialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/Obj.cc:226
#3 0x0000000000843002 in BroType::DoSerialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/Type.cc:283
#4 0x000000000081585b in SerialObj::Serialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/SerialObj.cc:121
#5 0x0000000000842cce in BroType::Serialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/Type.cc:212
#6 0x00000000008438ec in TypeList::DoSerialize (this=0x2b402e0, info=0x7fffc052fd60) at /home/danko/bro/src/Type.cc:392
#7 0x000000000081585b in SerialObj::Serialize (this=0x2b402e0, info=0x7fffc052fd60) at /home/danko/bro/src/SerialObj.cc:121
.
.
.
#81382 0x0000000000837f2a in ForStmt::DoExec (this=0x4c90610, f=0x6e5d9c0, v=0x740a610, flow=@0x7fffc0530080: FLOW_NEXT) at /home/danko/bro/src/Stmt.cc:1358
#81383 0x0000000000833db1 in ExprStmt::Exec (this=0x4c90610, f=0x6e5d9c0, flow=@0x7fffc0530080: FLOW_NEXT) at /home/danko/bro/src/Stmt.cc:373
#81384 0x0000000000839969 in StmtList::Exec (this=0x4c8f850, f=0x6e5d9c0, flow=@0x7fffc0530080: FLOW_NEXT) at /home/danko/bro/src/Stmt.cc:1764
#81385 0x0000000000839969 in StmtList::Exec (this=0x4c93a60, f=0x6e5d9c0, flow=@0x7fffc0530080: FLOW_NEXT) at /home/danko/bro/src/Stmt.cc:1764
#81386 0x00000000007a4828 in BroFunc::Call (this=0x4974a80, args=0x5acc3c0, parent=0x0) at /home/danko/bro/src/Func.cc:403
#81387 0x000000000077d5a4 in EventHandler::Call (this=0x49ae420, vl=0x5acc3c0, no_remote=false) at /home/danko/bro/src/EventHandler.cc:130
#81388 0x0000000000731ff1 in Event::Dispatch (this=0x70daec0, no_remote=false) at /home/danko/bro/src/Event.h:50
#81389 0x000000000077ccdd in EventMgr::Dispatch (this=0xf65e60 ) at /home/danko/bro/src/Event.cc:111
#81390 0x000000000077cde8 in EventMgr::Drain (this=0xf65e60 ) at /home/danko/bro/src/Event.cc:128
#81391 0x00000000007dbfa7 in net_run () at /home/danko/bro/src/Net.cc:374
#81392 0x000000000073105c in main (argc=19, argv=0x7fffc05309b8) at /home/danko/bro/src/main.cc:1212
==== No reporter.log
==== stderr.log
listening on eth0, capture length 8192 bytes
send-mail: SENDMAIL-NOTFOUND not found
/usr/local/bro/share/broctl/scripts/run-bro: line 100: 22674 Bus error (core dumped) nohup “$mybro” “$@”
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i eth0 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
==== .env_vars
PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
CLUSTER_NODE=
==== .status
RUNNING [net_run]
==== No prof.log
==== No packet_filter.log
==== No loaded_scripts.log
I’ve pasted also the gdb log :
[Thread debugging using libthread_db enabled]
Using host libthread_db library “/lib/x86_64-linux-gnu/libthread_db.so.1”.
Core was generated by `/usr/local/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p standalon’.
Program terminated with signal SIGBUS, Bus error.
#0 0x0000000000816193 in Serializer::Write (this=0x7fffc052fd00, v=35329, tag=0xb7a68f “stype”) at /home/danko/bro/src/Serializer.h:57
57 DECLARE_IO(uint16)
(gdb) p *this
$1 = {_vptr.Serializer = 0xb83010 <vtable for CloneSerializer+16>, static MAGIC = 1112691540, static DATA_FORMAT_VERSION = 25, io = 0x0, format = 0x73af900, current_cache = 0x0, error_descr = 0x0}
(gdb) up
#1 0x0000000000815fdc in SerialObj::DoSerialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/SerialObj.cc:268
268 bool ret = SERIALIZE(stype);
(gdb) p *this
$2 = {_vptr.SerialObj = 0xb82f70 <vtable for BroType+16>, static NEVER = 0, static ALWAYS = 1, static factories = 0x2a8f1c0, static names = 0x2a8f200, static time_counter = 3480072, serial_type = 51713}
(gdb) up
#2 0x00000000007df8f6 in BroObj::DoSerialize (this=0x2b2bf00, info=0x7fffc052fd60) at /home/danko/bro/src/Obj.cc:226
226 DO_SERIALIZE(SER_BRO_OBJ, SerialObj);
(gdb)
Although Bro crashes, the module seems to work fine: in fact in a few minutes after I ran it, I can see the smb log files.
Do you have any idea about this error?
Kind regards,
Danilo