You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Bob Rudis (JIRA)" <ji...@apache.org> on 2017/07/27 19:20:00 UTC
[jira] [Updated] (DRILL-5693) SYSTEM ERROR: IllegalStateException:
Packet too long
[ https://issues.apache.org/jira/browse/DRILL-5693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bob Rudis updated DRILL-5693:
-----------------------------
Description:
I was testing out the new ++amazingly helpful PCAP functionality and hit an exception.
the query was basic, on the order of:
{{select * from dfs.captures.`capture.pcap`}}
And, it generated an error:
{{Error: SYSTEM ERROR: IllegalStateException: Packet too long (%d bytes) [1506]}}
{{Fragment 0:0}}
{{[Error Id: bc4f1505-5689-4cb8-ad3b-8af934ebf318 on ##.##.##.##:31010] (state=,code=0)}}
tcpdump reads the file fine but there are likely some "interesting" packets in there since it's from one of our network honeypot sensors.
I can't post the file here but can share it privately with someone if it's required for testing.
A similar issue occurs when it comes across IPv6 packets:
You can test that with http://panda.gtisc.gatech.edu/malrec/pcap/07939e77-7c7d-4ddf-9a99-85b4edf349ba.pcap
It returns:
{{Error: SYSTEM ERROR: IllegalStateException: Unknown V6 extension or protocol: [58]}}
I'm not suggesting that Drill should be able to turn "abnormal" packets into data or necessarioy support v6 out of the box but it would be helpful if it either didn't terminate the query. At the very least, it would be helpful if the error included the filename so it can be moved/excluded from the directory of files.
I'll try to poke around the 1.11.0 PCAP code to see if I might be able to work on this but it'll likely be a while before I can get to it.
was:
I was testing out the new ++amazingly helpful PCAP functionality and hit an exception.
the query was basic, on the order of:
{{select * from dfs.captures.`capture.pcap`}}
And, it generated an error:
{{Error: SYSTEM ERROR: IllegalStateException: Packet too long (%d bytes) [1506]}}
{{Fragment 0:0}}
{{[Error Id: bc4f1505-5689-4cb8-ad3b-8af934ebf318 on ##.##.##.##:31010] (state=,code=0)}}
tcpdump reads the file fine but there are likely some "interesting" packets in there since it's from one of our network honeypot sensors.
I can't post the file here but can share it privately with someone if it's required for testing.
I'm not suggesting that Drill should be able to turn "abnormal" packets into data but it would be helpful if it either didn't terminate the query. At the very least, it would be helpful if the error included the filename so it can be moved/excluded from the directory of files.
I'll try to poke around the 1.11.0 PCAP code to see if I might be able to work on this but it'll likely be a while before I can get to it.
> SYSTEM ERROR: IllegalStateException: Packet too long
> ----------------------------------------------------
>
> Key: DRILL-5693
> URL: https://issues.apache.org/jira/browse/DRILL-5693
> Project: Apache Drill
> Issue Type: Bug
> Components: Storage - Other
> Affects Versions: 1.11.0
> Environment: macOS 10.12 / 2017 13" MacBook Pro 16GB RAM
> Reporter: Bob Rudis
> Priority: Minor
>
> I was testing out the new ++amazingly helpful PCAP functionality and hit an exception.
> the query was basic, on the order of:
> {{select * from dfs.captures.`capture.pcap`}}
> And, it generated an error:
> {{Error: SYSTEM ERROR: IllegalStateException: Packet too long (%d bytes) [1506]}}
> {{Fragment 0:0}}
> {{[Error Id: bc4f1505-5689-4cb8-ad3b-8af934ebf318 on ##.##.##.##:31010] (state=,code=0)}}
> tcpdump reads the file fine but there are likely some "interesting" packets in there since it's from one of our network honeypot sensors.
> I can't post the file here but can share it privately with someone if it's required for testing.
> A similar issue occurs when it comes across IPv6 packets:
> You can test that with http://panda.gtisc.gatech.edu/malrec/pcap/07939e77-7c7d-4ddf-9a99-85b4edf349ba.pcap
> It returns:
> {{Error: SYSTEM ERROR: IllegalStateException: Unknown V6 extension or protocol: [58]}}
> I'm not suggesting that Drill should be able to turn "abnormal" packets into data or necessarioy support v6 out of the box but it would be helpful if it either didn't terminate the query. At the very least, it would be helpful if the error included the filename so it can be moved/excluded from the directory of files.
> I'll try to poke around the 1.11.0 PCAP code to see if I might be able to work on this but it'll likely be a while before I can get to it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)