Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I try to install it in Zeek 6.2 and I get an error #25

Open
iyuvalk opened this issue May 8, 2024 · 6 comments
Open

I try to install it in Zeek 6.2 and I get an error #25

iyuvalk opened this issue May 8, 2024 · 6 comments

Comments

@iyuvalk
Copy link

iyuvalk commented May 8, 2024

Hi. We have a lot of protobuf (GRPC) traffic that we want to monitor. Currently we're using Zeek 6.2 from here: https://hub.docker.com/layers/zeek/zeek/6.2/images/sha256-b4b9322d4028bb8256317d71081205a43bf96dbe7d294b17fe1a334175647396?context=explore

and when we try to install bro-http2 which is needed as a requirement for zeek-plugin-protobuf-sqli (from here: https://github.com/hmadrigal/zeek-plugin-protobuf-sqli) we get the following error. What should we do?

root@f347460cd16a:/# cat /usr/local/zeek/var/lib/zkg/logs/bro-http2-build.log
=== STDERR ===
Usage: zeek-config [OPTIONS]

Basic options:

  --build_type          Zeek build type as per cmake, lower case (e.g. 'relwithdebinfo')
  --prefix              Toplevel Zeek distribution installation directory
  --version             Zeek version number
  --zeek_dist           Toplevel directory of source tree the distribution built from
  --zeekpath            ZEEKPATH environment variable paths for this distribution

Specific directories in the Zeek distribution:

  --btest_tools_dir     Zeek-related BTest tooling
  --cmake_dir           Zeek's cmake modules
  --config_dir          Configuration files for cluster topology, zkg, etc
  --include_dir         C/C++ header folders for Zeek and related components, colon-separated
  --lib_dir             Toplevel folder for shared libraries, Python packages, etc
  --plugin_dir          Native-code Zeek plugins
  --python_dir          Python packages (Broker, ZeekControl, zkg, etc)
  --script_dir          Toplevel folder for Zeek scripts
  --site_dir            Site-specific Zeek scripts

Toplevel installation directories for third-party components:

  --binpac_root         BinPAC compiler
  --broker_root         Broker communication framework

Feature tests:

  --have-spicy-analyzers  Prints 'yes' if built-in Spicy analyzers are available; exit code reflects result

CMake Warning at /usr/local/zeek/share/zeek/cmake/ZeekPlugin.cmake:139 (message):
  Package requires CMake 3.5 which is less than Zeek's requirement (3.15.0).
  This will likely cause build failures and should be fixed.
Call Stack (most recent call first):
  CMakeLists.txt:7 (include)


CMake Warning:
  Manually-specified variables were not used by the project:

    BRO_CONFIG_CMAKE_DIR
    BRO_CONFIG_INCLUDE_DIR
    BRO_CONFIG_LIB_DIR
    CAF_ROOT_DIR


make: [Makefile:12: build-it] Error 1 (ignored)
/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/src/HTTP2.cc: In member function ‘virtual void analyzer::mitrecnd::HTTP2_Analyzer::DeliverStream(int, const u_char*, bool)’:
/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/src/HTTP2.cc:146:13: error: ‘ProtocolConfirmation’ was not declared in this scope; did you mean ‘LN_protocolInformation’?
  146 |             ProtocolConfirmation(); // Notify system that this is HTTP2.
      |             ^~~~~~~~~~~~~~~~~~~~
      |             LN_protocolInformation
/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/src/HTTP2.cc:158:17: error: ‘ProtocolViolation’ was not declared in this scope
  158 |                 ProtocolViolation("Unable to parse http 2 frame from data stream, fatal error");
      |                 ^~~~~~~~~~~~~~~~~
make[3]: *** [CMakeFiles/mitrecnd_HTTP2.dir/build.make:268: CMakeFiles/mitrecnd_HTTP2.dir/src/HTTP2.cc.o] Error 1
make[2]: *** [CMakeFiles/Makefile2:88: CMakeFiles/mitrecnd_HTTP2.dir/all] Error 2
make[1]: *** [Makefile:156: all] Error 2
make: *** [Makefile:13: build-it] Error 2
=== STDOUT ===
Build Directory        : build
Zeek Source Directory   : 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Success
-- Found Threads: TRUE  
-- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libcrypto.so (found version "3.0.11")  
-- Found BinPAC: /usr/local/zeek/bin/binpac  
-- Found BifCl at /usr/local/zeek/bin/bifcl
-- Setting plugin CMAKE_BUILD_TYPE to Release
-- Found LibNGHTTP2: /usr/lib/x86_64-linux-gnu/libnghttp2.so (found version "1.52.0") 
-- Found LibBROTLI: /usr/lib/x86_64-linux-gnu/libbrotlidec.so  
-- ---------------------
-- LibBROTLI ROOT DIR  : /usr
-- LibBROTLI INC DIR   : /usr/include/brotli
-- LibBROTLI LIB DIR   : /usr/lib/x86_64-linux-gnu/libbrotlidec.so
-- ---------------------
-- LibNGHTTP2 ROOT DIR : /usr
-- LibNGHTTP2 INC DIR  : /usr/include/nghttp2
-- LibNGHTTP2 LIB DIR  : /usr/lib/x86_64-linux-gnu/libnghttp2.so
-- Install prefix for plugin mitrecnd_HTTP2: /usr/local/zeek/lib/zeek/plugins
-- Tarball path for plugin mitrecnd_HTTP2: /usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build/mitrecnd_HTTP2.tgz
-- Configuring done
-- Generating done
-- Build files have been written to: /usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build
( cd build && make )
make[1]: Entering directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[2]: Entering directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[3]: Entering directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[3]: Leaving directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[3]: Entering directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[3]: Leaving directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
[  0%] Built target mitrecnd_HTTP2_symlink
make[3]: Entering directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
[  6%] [BIFCL] Processing /usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/src/http2.bif
[ 12%] [BIFCL] Processing /usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/src/events.bif
make[3]: Leaving directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[3]: Entering directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
[ 18%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/events.bif.cc.o
[ 25%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/events.bif.init.cc.o
[ 31%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/events.bif.register.cc.o
[ 37%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/http2.bif.cc.o
[ 43%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/http2.bif.init.cc.o
[ 50%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/http2.bif.register.cc.o
[ 56%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/src/Plugin.cc.o
[ 62%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/src/HTTP2_Frame.cc.o
[ 68%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/src/HTTP2_FrameReassembler.cc.o
[ 75%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/src/HTTP2_HeaderStorage.cc.o
[ 81%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/src/HTTP2_Stream.cc.o
[ 87%] Building CXX object CMakeFiles/mitrecnd_HTTP2.dir/src/HTTP2.cc.o
make[3]: Leaving directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[2]: Leaving directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
make[1]: Leaving directory '/usr/local/zeek/var/lib/zkg/testing/zeek-plugin-protobuf-sqli.git/clones/bro-http2/build'
@iyuvalk iyuvalk changed the title I try to install it in Zeek 6.0 and I get an error I try to install it in Zeek 6.2 and I get an error May 8, 2024
@stachdude
Copy link

Same on LTS zeek version 6.0.4

@awelzel
Copy link
Contributor

awelzel commented Jun 10, 2024

For Zeek 6.1 and 6.2, the PR from @eric-ooi #24 needs to be merged.

For Zeek 6.0, one can manually specify using the latest version by entering zkg install bro-http2 --version master. There's no up-to-date tag in this repository. The last tag 0.6.0 is from Oct 6, 2021 and that's what zkg picks by default.

@malwarefrank / @Mraoul - could you merge #24 and make a new release/tag thereafter so that this plugin once again works for recent Zeek versions? Thanks!

@eric-ooi
Copy link
Contributor

Thanks for the shout out @awelzel. 🙂 As a workaround, I've been using "zkg install https://github.com/eric-ooi/bro-http2.git --version master" to pull from my fork.

@malwarefrank
Copy link
Contributor

malwarefrank commented Jun 11, 2024

@awelzel @eric-ooi Done. Let us know if that's working and we can close this

@eric-ooi
Copy link
Contributor

Just installed without issue for me -- thanks @malwarefrank!

@stachdude
Copy link

Same here, works fine now. Thanks !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants