<html> <head> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">On 04/15/2013 04:39 PM, Richard W.M. Jones wrote: </div> <blockquote cite="mid:20130415143927.GA23528@rhmail.home.annexia.org" type="cite"> <pre wrap="">Whenever I run 'oscap oval eval' (both from git and from the version in Fedora) I get this opaque error message: OpenSCAP Error: Unable to receive a message from probe After enabling debugging, the true story seems to be some sort of S-expression type incompatibility in the internal protocol. The real error appears to be: (15460:7f8751dd8800) [I:seap-packet.c:476:SEAP_packet_sexp2err] Invalid type of :orig_id value (15460:7f8751dd8800) [I:seap-packet.c:867:SEAP_packet_recv] Invalid SEAP packet received: can't translate to err struct. You'd never know that from the printed error message, nor be able to diagnose this in the field because enabling debug messages has to happen at compile time, and they get sent to random 'oscap_debug.log.<PID>' files in whatever happens to be the current directory. It has to be said, this behaviour is not great for usability, and I predict it will cause endless problems in production. I think debugging should always be included in the library, even in production builds, and it should be possible to switch it on at any time by flipping a switch (eg. config file, environment variable, command line flag), and that debug messages should go somewhere useful, eg. stderr. This is a rather large change, so I wonder if you'd be happy to receive patches to this end?</pre> </blockquote> Sure. <blockquote cite="mid:20130415143927.GA23528@rhmail.home.annexia.org" type="cite"> <pre wrap=""> I'd also be interested in why the original bug happens in the first place.</pre> </blockquote> There is for sure a bug in the error packet translation code. The probe sent a valid error packet as a reply to the object it received. I'll look at this. However, it looks like there's also a bug in the content, which is rather old (F-14) and I don't know how much it was tested. The textfilecontent54 probe doesn't like something about the regexp it received with the object. CCing the author of the probe, he should be able to explain the problem in more detail. Here's the message from the probe's debug log: (19887:7f8064919700) [I:probes/probe-api.c:921:probe_msg_creatf] pcre_compile() 'alias[:space:]net\-pf\-31[:space:]off' POSIX named classes are supported only within a class. The input object was: ------ ("seap.msg" ":id" 74 (("textfilecontent54_object" ":id" "oval:org.open-scap.f14:obj:2020151" ":oval_version" 84213760 ) (("path" ":operation" 5 ":var_check" 1 ) "/etc/modprobe.d" ) (("filename" ":operation" 11 ":var_check" 1 ) ".*\.conf" ) (("pattern" ":operation" 11 ":var_check" 1 ) "alias[:space:]net\-pf\-31[:space:]off" ) (("instance" ":operation" 5 ":var_check" 1 ) 1 ) ) ) ----------- Dan K. <blockquote cite="mid:20130415143927.GA23528@rhmail.home.annexia.org" type="cite"> <pre wrap=""> Rich. </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Open-scap-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Open-scap-list@redhat.com">Open-scap-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/open-scap-list">https://www.redhat.com/mailman/listinfo/open-scap-list</a></pre> </blockquote> </body> </html>