ghidra icon indicating copy to clipboard operation
ghidra copied to clipboard

Published 20 hours ago verified publisher icon NationalSecurityAgency

First `bsim_ctl start` unsuccessful during BSim Postgres setup

Open fkelava opened this issue 1 year ago • 5 comments

Describe the bug On a machine already running Ghidra Server 11 successfully, I'm having trouble setting up a BSim server. The following trace is given at ${ROOT}/support/bsim_ctl start ${DATA_DIR} auth=password:

[ghidra@ghidra support]$ ./bsim_ctl start /home/ghidra/bsim auth=password
openjdk version "17.0.9" 2023-10-17
OpenJDK Runtime Environment (build 17.0.9+8)
OpenJDK 64-Bit Server VM (build 17.0.9+8, mixed mode)
Log config file does not exist: jar:file:/home/ghidra/bin/Ghidra/Features/BSim/lib/BSim.jar!/bsim.log4j.xml
INFO  Using log config file: jar:file:/home/ghidra/bin/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)
INFO  Using log file: /home/ghidra/.ghidra/.ghidra_11.0_PUBLIC/application.log (LoggingInitialization)
INFO  Initializing SSL Context (SSLContextInitializer)
javax.net.ssl|DEBUG|10|main|2024-01-13 02:35:18.866 CET|SSLCipher.java:466|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|10|main|2024-01-13 02:35:18.878 CET|SSLCipher.java:466|jdk.tls.keyLimits:  entry =  ChaCha20-Poly1305 KeyUpdate 2^37. CHACHA20-POLY1305:KEYUPDATE = 137438953472
INFO  Initializing Random Number Generator... (SecureRandomFactory)
INFO  Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)
INFO  Loading user preferences: /home/ghidra/.ghidra/.ghidra_11.0_PUBLIC/preferences (Preferences)
INFO  Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)
Remote client authentication via password
Initializing data directory
Set admin(ghidra) password:
Please re-enter password:
Generating servers SSL certificate
Server started
javax.net.ssl|ERROR|10|main|2024-01-13 02:35:25.573 CET|TransportContext.java:370|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1719)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1518)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
        at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41)
        at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:620)
        at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:191)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:258)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
        at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:263)
        at org.postgresql.Driver.makeConnection(Driver.java:443)
        at org.postgresql.Driver.connect(Driver.java:297)
        at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:681)
        at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:190)
        at ghidra.features.bsim.query.BSimControlLaunchable.createLocalConnection(BSimControlLaunchable.java:421)
        at ghidra.features.bsim.query.BSimControlLaunchable.enableLSHExtension(BSimControlLaunchable.java:448)
        at ghidra.features.bsim.query.BSimControlLaunchable.startCommand(BSimControlLaunchable.java:811)
        at ghidra.features.bsim.query.BSimControlLaunchable.run(BSimControlLaunchable.java:1337)
        at ghidra.features.bsim.query.BSimControlLaunchable.run(BSimControlLaunchable.java:1408)
        at ghidra.features.bsim.query.BSimControlLaunchable.launch(BSimControlLaunchable.java:1434)
        at ghidra.GhidraLauncher.launch(GhidraLauncher.java:78)
        at ghidra.Ghidra.main(Ghidra.java:54)
  Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:489)
        at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
        ... 21 more}

)
javax.net.ssl|WARNING|10|main|2024-01-13 02:35:25.575 CET|TransportContext.java:417|Fatal: failed to send fatal alert HANDSHAKE_FAILURE (
"throwable" : {
  java.net.SocketException: Broken pipe
        at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:425)
        at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:445)
        at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:831)
        at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1035)
        at java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:414)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:467)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
        at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41)
        at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:620)
        at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:191)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:258)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
        at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:263)
        at org.postgresql.Driver.makeConnection(Driver.java:443)
        at org.postgresql.Driver.connect(Driver.java:297)
        at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:681)
        at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:190)
        at ghidra.features.bsim.query.BSimControlLaunchable.createLocalConnection(BSimControlLaunchable.java:421)
        at ghidra.features.bsim.query.BSimControlLaunchable.enableLSHExtension(BSimControlLaunchable.java:448)
        at ghidra.features.bsim.query.BSimControlLaunchable.startCommand(BSimControlLaunchable.java:811)
        at ghidra.features.bsim.query.BSimControlLaunchable.run(BSimControlLaunchable.java:1337)
        at ghidra.features.bsim.query.BSimControlLaunchable.run(BSimControlLaunchable.java:1408)
        at ghidra.features.bsim.query.BSimControlLaunchable.launch(BSimControlLaunchable.java:1434)
        at ghidra.GhidraLauncher.launch(GhidraLauncher.java:78)
        at ghidra.Ghidra.main(Ghidra.java:54)}

)
javax.net.ssl|DEBUG|10|main|2024-01-13 02:35:25.575 CET|SSLSocketImpl.java:1759|close the underlying socket
javax.net.ssl|DEBUG|10|main|2024-01-13 02:35:25.575 CET|SSLSocketImpl.java:1785|close the SSL connection (passive)
SSL error: Remote host terminated the handshake
Server shutdown complete
[ghidra@ghidra support]$

To Reproduce Steps to reproduce the behavior: I follow the in-built Help's Ghidra Functionality > BSim > BSim Database Configuration > Overview: 1 > cd ${ROOT}/Ghidra/Features/BSim 2 > ./make-postgres.sh 3 > The build completes successfully. 4 > mkdir ${DATA_DIR} 5 > Once the build has completed successfully, the bsim_ctl command-line script is ready to use for starting a server {...} 6 > ${ROOT}/support/bsim_ctl start ${DATA_DIR} auth=password

Is bsim createdatabase supposed to precede the first bsim_ctl start? Is there some other obvious step I missed in the instructions?

Expected behavior The database starts and I can continue following the guide to set up a database and begin ingest.

Environment (please complete the following information):

  • OS: Arch Linux
  • Java Version: Arch jdk17-openjdk 17.0.9.u8-2
  • Ghidra Version: 11.0
  • Ghidra Origin: Official GitHub distro, ghidra_11.0_PUBLIC_20231222

Additional context Ghidra Server runs fine on the same machine. Is there a limitation on the BSim server sharing a machine with a Ghidra Server instance?

fkelava avatar Jan 13 '24 01:01 fkelava

You're doing everything correctly. bsim_ctl starts the postgres server; once it's running you can use bsim createdatabase to create a bsim database on the server.

You can run a BSim server and a Ghidra server on the same machine. The only restriction is that they must be listening on different ports. By default they will be.

I wasn't able to reproduce this on a different distro - when I get a chance I'll set up Arch Linux and try again.

There should be a log file (called logfile) in the directory DATA_DIR - possibly it will contain more information.

ghidracadabra avatar Jan 17 '24 20:01 ghidracadabra

logfile contents here:

[ghidra@ghidra support]$ cat /home/ghidra/bsim/logfile
2024-01-17 22:18:53.320 CET [41098] LOG:  starting PostgreSQL 15.3 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 13.2.1 20230801, 64-bit
2024-01-17 22:18:53.321 CET [41098] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2024-01-17 22:18:53.321 CET [41098] LOG:  listening on IPv6 address "::", port 5432
2024-01-17 22:18:53.322 CET [41098] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
2024-01-17 22:18:53.326 CET [41101] LOG:  database system was shut down at 2024-01-17 22:18:51 CET
2024-01-17 22:18:53.330 CET [41098] LOG:  database system is ready to accept connections
2024-01-17 22:18:53.394 CET [41105] LOG:  could not accept SSL connection: Socket operation on non-socket
2024-01-17 22:18:53.463 CET [41098] LOG:  received fast shutdown request
2024-01-17 22:18:53.464 CET [41098] LOG:  aborting any active transactions
2024-01-17 22:18:53.466 CET [41098] LOG:  background worker "logical replication launcher" (PID 41104) exited with exit code 1
2024-01-17 22:18:53.466 CET [41099] LOG:  shutting down
2024-01-17 22:18:53.467 CET [41099] LOG:  checkpoint starting: shutdown immediate
2024-01-17 22:18:53.478 CET [41099] LOG:  checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.007 s, sync=0.001 s, total=0.012 s; sync files=2, longest=0.001 s, average=0.001 s; distance=0 kB, estimate=0 kB
2024-01-17 22:18:53.486 CET [41098] LOG:  database system is shut down

fkelava avatar Jan 17 '24 21:01 fkelava

I have to admit the error doesn't ring any bells. A cursory look through /tmp after an attempted bsim_ctl start shows no .s.PGSQL.* socket.

Could be distro-specific...? I can't think of anything I've done to mess with this specifically.

fkelava avatar Jan 17 '24 21:01 fkelava

So this does seem to be something involving distro-specific defaults. I have succesfully fired this up on Ubuntu Server 22.04 LTS.

This is by no means an urgent fix, but something about the build or default configuration doesn't quite work on Arch.

fkelava avatar Jan 25 '24 21:01 fkelava

Good to hear that you got it working on Ubuntu. I'm seeing the same behavior - working on Ubuntu but not on Arch. I haven't figured out the cause yet.

ghidracadabra avatar Jan 26 '24 20:01 ghidracadabra