Discussion:
[Sguil-devel] C# Client - Seeking wisdom!
Dave Crawford
2011-06-02 14:58:27 UTC
Permalink
Greetings,

Are there any C# developers on the lists that wouldn't mind sharing some wisdom with me? I'm trying to get the first public Beta release out the door this weekend but have spent the last week trying to nail down the cause of a random exception. The exception only occurs when connecting to a server that has a large number of uncategorized events, but it isn't consistent. I can connect to the server multiple times without an issue, but randomly will run into the exception below (the indexStart values vary depending on the timing of the exception).


System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ArgumentOutOfRangeException: Value of '155' is not valid for 'indexStart'. 'indexStart' must be less than or equal to 154.
Parameter name: indexStart
at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
at PT_Sguil.SyncList`1.OnListChanged(ListChangedEventArgs args)
at System.ComponentModel.BindingList`1.FireListChanged(ListChangedType type, Int32 index)
at System.ComponentModel.BindingList`1.InsertItem(Int32 index, T item)
at System.Collections.ObjectModel.Collection`1.Add(T item)
at PT_Sguil.SguildCommands.InsertEvent(String s)


I'm inserting events into a custom BindingList object (supports sorting and searching) that is the Datasource for a DataGridView control.

Any ideas, or direction is greatly appreciated!

-Dave
Victor Julien
2011-06-03 14:02:32 UTC
Permalink
Post by Dave Crawford
Greetings,
Are there any C# developers on the lists that wouldn't mind sharing some wisdom with me? I'm trying to get the first public Beta release out the door this weekend but have spent the last week trying to nail down the cause of a random exception. The exception only occurs when connecting to a server that has a large number of uncategorized events, but it isn't consistent. I can connect to the server multiple times without an issue, but randomly will run into the exception below (the indexStart values vary depending on the timing of the exception).
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ArgumentOutOfRangeException: Value of '155' is not valid for 'indexStart'. 'indexStart' must be less than or equal to 154.
Parameter name: indexStart
at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
at PT_Sguil.SyncList`1.OnListChanged(ListChangedEventArgs args)
at System.ComponentModel.BindingList`1.FireListChanged(ListChangedType type, Int32 index)
at System.ComponentModel.BindingList`1.InsertItem(Int32 index, T item)
at System.Collections.ObjectModel.Collection`1.Add(T item)
at PT_Sguil.SguildCommands.InsertEvent(String s)
I'm inserting events into a custom BindingList object (supports sorting and searching) that is the Datasource for a DataGridView control.
Any ideas, or direction is greatly appreciated!
Is the code available somewhere?

Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
Dave Crawford
2011-06-05 00:23:16 UTC
Permalink
Post by Victor Julien
Post by Dave Crawford
Greetings,
Are there any C# developers on the lists that wouldn't mind sharing some wisdom with me? I'm trying to get the first public Beta release out the door this weekend but have spent the last week trying to nail down the cause of a random exception. The exception only occurs when connecting to a server that has a large number of uncategorized events, but it isn't consistent. I can connect to the server multiple times without an issue, but randomly will run into the exception below (the indexStart values vary depending on the timing of the exception).
I'm inserting events into a custom BindingList object (supports sorting and searching) that is the Datasource for a DataGridView control.
Any ideas, or direction is greatly appreciated!
Is the code available somewhere?
Cheers,
Victor
I've created a project on Google Code where you can check out the current source code. I've also uploaded a compiled executable for those who would like to do some testing, any bug reports are greatly appreciated.

Project Page: http://code.google.com/p/pt-sguil/


Thanks,
-Dave
Victor Julien
2011-06-07 17:58:51 UTC
Permalink
Post by Dave Crawford
Post by Victor Julien
Post by Dave Crawford
Greetings,
Are there any C# developers on the lists that wouldn't mind sharing some wisdom with me? I'm trying to get the first public Beta release out the door this weekend but have spent the last week trying to nail down the cause of a random exception. The exception only occurs when connecting to a server that has a large number of uncategorized events, but it isn't consistent. I can connect to the server multiple times without an issue, but randomly will run into the exception below (the indexStart values vary depending on the timing of the exception).
I'm inserting events into a custom BindingList object (supports sorting and searching) that is the Datasource for a DataGridView control.
Any ideas, or direction is greatly appreciated!
Is the code available somewhere?
Cheers,
Victor
I've created a project on Google Code where you can check out the current source code. I've also uploaded a compiled executable for those who would like to do some testing, any bug reports are greatly appreciated.
Project Page: http://code.google.com/p/pt-sguil/
Awesome Dave, nice work. Glad you picked the GPL :)

I've been trying to make the alpha work on Linux using Mono. I did:

apt-get install mono-gmcs
apt-get install libmono-winforms2.0-cil

Then compile:

y$ gmcs -noconfig -out:PT-Sguil.exe -r:System -r:System.Core
-r:System.Data -r:System.Data.DataSetExtensions -r:System.Drawing
-r:System.Web -r:System.Windows.Forms -r:System.Xml -r:System.Xml.Linq
/nologo /warn:4 /debug:+ /debug:full /optimize-
/win32icon:PT-Sguil_Icon.ico /codepage:utf8 /t:winexe frmAboutBox.cs
frmAboutBox.Designer.cs frmAuthPrompt.cs frmAuthPrompt.Designer.cs
frmConfig.cs frmConfig.Designer.cs frmEventComment.cs
frmEventComment.Designer.cs frmFetchWireSharkPCAP.cs
frmFetchWireSharkPCAP.Designer.cs frmMain.cs frmMain.Designer.cs
frmReportOptions.cs frmReportOptions.Designer.cs frmSensorSelect.cs
frmSensorSelect.Designer.cs frmToolEncoder.cs frmToolEncoder.Designer.cs
frmXscriptWin.cs frmXscriptWin.Designer.cs IPAddressExtensions.cs
Program.cs Properties/AssemblyInfo.cs Properties/Resources.cs
Properties/Settings.cs PT_EventPriorityConfig.cs PT_SguilConfig.cs
PT_SguilExtData.cs PT_SguilReports.cs PT_SguilTools.cs
RichTextBoxSynchronizedScroll.cs SguildCommands.cs SguildConnection.cs
SguilEvent.cs SguilSensorStatus.cs SguilSnortStatus.cs SyncList.cs
TCPFlags.cs -res:frmAboutBox.resources,PT_Sguil.frmAboutBox.resources
-res:frmAuthPrompt.resources,PT_Sguil.frmAuthPrompt.resources
-res:frmConfig.resources,PT_Sguil.frmConfig.resources
-res:frmEventComment.resources,PT_Sguil.frmEventComment.resources
-res:frmFetchWireSharkPCAP.resources,PT_Sguil.frmFetchWireSharkPCAP.resources
-res:frmMain.resources,PT_Sguil.frmMain.resources
-res:frmReportOptions.resources,PT_Sguil.frmReportOptions.resources
-res:frmSensorSelect.resources,PT_Sguil.frmSensorSelect.resources
-res:frmToolEncoder.resources,PT_Sguil.frmToolEncoder.resources
-res:frmXscriptWin.resources,PT_Sguil.frmXscriptWin.resources
-res:Properties/Resources.resources,PT_Sguil.Properties.Resources.resources

Output:

frmMain.cs(70,30): warning CS0219: The variable `worker' is assigned but
its value is never used
frmMain.cs(477,29): warning CS0219: The variable `dataBoundItem' is
assigned but its value is never used
frmMain.cs(1197,30): warning CS0219: The variable `worker' is assigned
but its value is never used
PT_SguilReports.cs(12,26): warning CS0219: The variable `list' is
assigned but its value is never used
SguildCommands.cs(444,25): warning CS1717: Assignment made to same
variable; did you mean to assign something else?
SguildCommands.cs(456,20): warning CS0219: The variable `str2' is
assigned but its value is never used
SguildCommands.cs(455,20): warning CS0219: The variable `str' is
assigned but its value is never used
Compilation succeeded - 7 warning(s)

A few warnings, but I have an exe.

But then when I try to connect, I get stuck:

$ ./PT-Sguil.exe
System.IO.IOException: The authentication or decryption has failed. --->
System.ArgumentException: certificate --->
System.Security.Cryptography.CryptographicException: Unable to decode
public key. ---> System.ArgumentNullException: Argument cannot be null.
Parameter name: RawData
at System.Security.Cryptography.AsnEncodedData.set_RawData
(System.Byte[] value) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.AsnEncodedData..ctor
(System.Security.Cryptography.Oid oid, System.Byte[] rawData) [0x00000]
in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.PublicKey..ctor
(Mono.Security.X509.X509Certificate certificate) [0x00000] in <filename
unknown>:0
at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey
() [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey
() [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.Process
(Int32 n) [0x00000] in <filename unknown>:0
at
System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain
(X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.Build
(System.Security.Cryptography.X509Certificates.X509Certificate2
certificate) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at System.Security.Cryptography.X509Certificates.X509Chain.Build
(System.Security.Cryptography.X509Certificates.X509Certificate2
certificate) [0x00000] in <filename unknown>:0
at
System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey7.<>m__A
(System.Security.Cryptography.X509Certificates.X509Certificate cert,
System.Int32[] certErrors) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
(System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
(System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Int32[] certificateErrors) [0x00000] in <filename
unknown>:0
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
(Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in
<filename unknown>:0
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
() [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsSsl3
() [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
[0x00000] in <filename unknown>:0
at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
at
Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
unknown>:0
at
Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0

The exception occurs at SguildConnection.cs in:
_sslStreamReader.AuthenticateAsClient(PT_SguilConfig.CurrentHost, null,
SslProtocols.Ssl3, false);

I updated the exception handler to look like:
catch (Exception ex)
{
isConnected = false;
errorMsg = string.Format("Could not connect to {0}:{1};",
PT_SguilConfig.CurrentHost, PT_SguilConfig.CurrentPort);
Console.WriteLine("{0}", ex.ToString());
}

Any idea how to get beyond this? I did a fair amount of googleing but
didn't get anywhere.

Cheers,
victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
Victor Julien
2011-06-08 07:38:56 UTC
Permalink
Following up on my own post, I finally got beyond this issue. I just
recreated the cert on the sguil server and now the problem is gone. No
idea what was wrong with the cert.

My next issue is not being able to select the sensors to monitor, still
looking into that.

Cheers,
Victor
Post by Victor Julien
Post by Dave Crawford
Post by Victor Julien
Post by Dave Crawford
Greetings,
Are there any C# developers on the lists that wouldn't mind sharing some wisdom with me? I'm trying to get the first public Beta release out the door this weekend but have spent the last week trying to nail down the cause of a random exception. The exception only occurs when connecting to a server that has a large number of uncategorized events, but it isn't consistent. I can connect to the server multiple times without an issue, but randomly will run into the exception below (the indexStart values vary depending on the timing of the exception).
I'm inserting events into a custom BindingList object (supports sorting and searching) that is the Datasource for a DataGridView control.
Any ideas, or direction is greatly appreciated!
Is the code available somewhere?
Cheers,
Victor
I've created a project on Google Code where you can check out the current source code. I've also uploaded a compiled executable for those who would like to do some testing, any bug reports are greatly appreciated.
Project Page: http://code.google.com/p/pt-sguil/
Awesome Dave, nice work. Glad you picked the GPL :)
apt-get install mono-gmcs
apt-get install libmono-winforms2.0-cil
y$ gmcs -noconfig -out:PT-Sguil.exe -r:System -r:System.Core
-r:System.Data -r:System.Data.DataSetExtensions -r:System.Drawing
-r:System.Web -r:System.Windows.Forms -r:System.Xml -r:System.Xml.Linq
/nologo /warn:4 /debug:+ /debug:full /optimize-
/win32icon:PT-Sguil_Icon.ico /codepage:utf8 /t:winexe frmAboutBox.cs
frmAboutBox.Designer.cs frmAuthPrompt.cs frmAuthPrompt.Designer.cs
frmConfig.cs frmConfig.Designer.cs frmEventComment.cs
frmEventComment.Designer.cs frmFetchWireSharkPCAP.cs
frmFetchWireSharkPCAP.Designer.cs frmMain.cs frmMain.Designer.cs
frmReportOptions.cs frmReportOptions.Designer.cs frmSensorSelect.cs
frmSensorSelect.Designer.cs frmToolEncoder.cs frmToolEncoder.Designer.cs
frmXscriptWin.cs frmXscriptWin.Designer.cs IPAddressExtensions.cs
Program.cs Properties/AssemblyInfo.cs Properties/Resources.cs
Properties/Settings.cs PT_EventPriorityConfig.cs PT_SguilConfig.cs
PT_SguilExtData.cs PT_SguilReports.cs PT_SguilTools.cs
RichTextBoxSynchronizedScroll.cs SguildCommands.cs SguildConnection.cs
SguilEvent.cs SguilSensorStatus.cs SguilSnortStatus.cs SyncList.cs
TCPFlags.cs -res:frmAboutBox.resources,PT_Sguil.frmAboutBox.resources
-res:frmAuthPrompt.resources,PT_Sguil.frmAuthPrompt.resources
-res:frmConfig.resources,PT_Sguil.frmConfig.resources
-res:frmEventComment.resources,PT_Sguil.frmEventComment.resources
-res:frmFetchWireSharkPCAP.resources,PT_Sguil.frmFetchWireSharkPCAP.resources
-res:frmMain.resources,PT_Sguil.frmMain.resources
-res:frmReportOptions.resources,PT_Sguil.frmReportOptions.resources
-res:frmSensorSelect.resources,PT_Sguil.frmSensorSelect.resources
-res:frmToolEncoder.resources,PT_Sguil.frmToolEncoder.resources
-res:frmXscriptWin.resources,PT_Sguil.frmXscriptWin.resources
-res:Properties/Resources.resources,PT_Sguil.Properties.Resources.resources
frmMain.cs(70,30): warning CS0219: The variable `worker' is assigned but
its value is never used
frmMain.cs(477,29): warning CS0219: The variable `dataBoundItem' is
assigned but its value is never used
frmMain.cs(1197,30): warning CS0219: The variable `worker' is assigned
but its value is never used
PT_SguilReports.cs(12,26): warning CS0219: The variable `list' is
assigned but its value is never used
SguildCommands.cs(444,25): warning CS1717: Assignment made to same
variable; did you mean to assign something else?
SguildCommands.cs(456,20): warning CS0219: The variable `str2' is
assigned but its value is never used
SguildCommands.cs(455,20): warning CS0219: The variable `str' is
assigned but its value is never used
Compilation succeeded - 7 warning(s)
A few warnings, but I have an exe.
$ ./PT-Sguil.exe
System.IO.IOException: The authentication or decryption has failed. --->
System.ArgumentException: certificate --->
System.Security.Cryptography.CryptographicException: Unable to decode
public key. ---> System.ArgumentNullException: Argument cannot be null.
Parameter name: RawData
at System.Security.Cryptography.AsnEncodedData.set_RawData
(System.Byte[] value) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.AsnEncodedData..ctor
(System.Security.Cryptography.Oid oid, System.Byte[] rawData) [0x00000]
in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.PublicKey..ctor
(Mono.Security.X509.X509Certificate certificate) [0x00000] in <filename
unknown>:0
at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey
() [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey
() [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.Process
(Int32 n) [0x00000] in <filename unknown>:0
at
System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain
(X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.Build
(System.Security.Cryptography.X509Certificates.X509Certificate2
certificate) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at System.Security.Cryptography.X509Certificates.X509Chain.Build
(System.Security.Cryptography.X509Certificates.X509Certificate2
certificate) [0x00000] in <filename unknown>:0
at
System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey7.<>m__A
(System.Security.Cryptography.X509Certificates.X509Certificate cert,
System.Int32[] certErrors) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
(System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
(System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Int32[] certificateErrors) [0x00000] in <filename
unknown>:0
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
(Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in
<filename unknown>:0
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
() [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsSsl3
() [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
[0x00000] in <filename unknown>:0
at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
at
Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
unknown>:0
at
Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
_sslStreamReader.AuthenticateAsClient(PT_SguilConfig.CurrentHost, null,
SslProtocols.Ssl3, false);
catch (Exception ex)
{
isConnected = false;
errorMsg = string.Format("Could not connect to {0}:{1};",
PT_SguilConfig.CurrentHost, PT_SguilConfig.CurrentPort);
Console.WriteLine("{0}", ex.ToString());
}
Any idea how to get beyond this? I did a fair amount of googleing but
didn't get anywhere.
Cheers,
victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
Dave Crawford
2011-06-08 12:02:14 UTC
Permalink
Thanks for the update Victor, I've never tried to get the client to run under Mono, I'll set some time aside today to do some testing.

Also, I don't want to hijack Bamm's mailing list so I created a Google Groups to go along with the Project site.

http://groups.google.com/group/PT-Sguil_devel

-Dave
Post by Victor Julien
Following up on my own post, I finally got beyond this issue. I just
recreated the cert on the sguil server and now the problem is gone. No
idea what was wrong with the cert.
My next issue is not being able to select the sensors to monitor, still
looking into that.
Cheers,
Victor
Loading...