Closed arckoor closed 4 months ago
Thanks for the pcap. I will look into this.
I reworked how we are handling padding, can you retest with this branch?
I just did, it was able to run through a roughly 2 day capture done with softflowd without a single panic. I also compared the branch to main performance wise, I didn't see any significant change (though I did just eyeball it :p). Good job and thank you very much!
I have a v9 packet generated by softflowd, command line was
sudo ./softflowd -v 9 -i any -n 127.0.0.1:2055 -D -T full -P udp -m 200 -t general=300s
: bad_packet.pcapng.gz (Use wireshark to examine) Parsing that completely breaks the parser. During debugging I found a couple of problems:Ipv6DstAddr
instead ofIpv4DstAddr
total_length
(which is 0 at this point), thus returning 1. There aren't any bytes left, so parsing will fail. I locally fixed this by changing the line toif length % 2 == 0 || total_length == 0
, but I don't really know it this is a good solution.rest
, which starts precisely at the next flowset. Then the outer loop continues, this time parsing the array as a flowset instead of a template, flowset id and length are consumed correctly and the whole thing works. However, if there are Data flowsets after the Templates, the packet is significantly longer (here ~800) bytes, longer than 256. That means the nom parser will not error out on the first go-around, producing a template with wildly incorrect values, leading to a panic as the parser will try to access something like index 54000 in a 500 element slice.For debugging, I added
[nom(DeriveDebug)]
to certain structs, and inserted the dumpedimpl
-Blocks directly, so I could step through them in an easier way.I hope this helps, feel free to reach out if my descriptions don't make sense :p