scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-11-03 03:37:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Limit the size of base64 serialized raw packet data (8192 bytes per packet).

Browse Source 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2022-11-24 12:09:24 +01:00
parent ced5f5d4b4
commit d21a38cf02
4 changed files with 36 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config.h
View File

@@ -36,6 +36,7 @@
#define nDPId_UDP_IDLE_TIME TIME_S_TO_US(180u) /* 180 sec */ #define nDPId_UDP_IDLE_TIME TIME_S_TO_US(180u) /* 180 sec */
#define nDPId_TCP_POST_END_FLOW_TIME TIME_S_TO_US(120u) /* 120 sec */ #define nDPId_TCP_POST_END_FLOW_TIME TIME_S_TO_US(120u) /* 120 sec */
#define nDPId_THREAD_DISTRIBUTION_SEED 0x03dd018b #define nDPId_THREAD_DISTRIBUTION_SEED 0x03dd018b
#define nDPId_PACKETS_PLEN_MAX (1024u * 8u) /* 8kB */
#define nDPId_PACKETS_PER_FLOW_TO_SEND 15u #define nDPId_PACKETS_PER_FLOW_TO_SEND 15u
#define nDPId_PACKETS_PER_FLOW_TO_PROCESS NDPI_DEFAULT_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT #define nDPId_PACKETS_PER_FLOW_TO_PROCESS NDPI_DEFAULT_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT
#define nDPId_PACKETS_PER_FLOW_TO_ANALYZE 32u #define nDPId_PACKETS_PER_FLOW_TO_ANALYZE 32u

43
nDPId.c
View File

@@ -62,6 +62,10 @@
#error "Invalid value for nDPId_FLOW_SCAN_INTERVAL" #error "Invalid value for nDPId_FLOW_SCAN_INTERVAL"
#endif #endif
#if (nDPId_PACKETS_PLEN_MAX * 3) /* base64 encoded! */ > NETWORK_BUFFER_MAX_SIZE
#error "Invalid value for nDPId_PACKETS_PLEN_MAX"
#endif
/* MIPS* does not support Compare and Swap. Use traditional locking as fallback. */ /* MIPS* does not support Compare and Swap. Use traditional locking as fallback. */
#if !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8) #if !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
#define MT_VALUE(name, type) \ #define MT_VALUE(name, type) \
@@ -2402,7 +2406,7 @@ static void base64encode(uint8_t const * const data_buf,
* if we have one byte available, then its encoding is spread * if we have one byte available, then its encoding is spread
* out over two characters * out over two characters
*/ */
if (resultIndex + 1 >= *resultSize - padCount - 1) if (resultIndex + 2 >= *resultSize - padCount - 1)
{ {
break; break;
} }
@@ -2415,7 +2419,7 @@ static void base64encode(uint8_t const * const data_buf,
*/ */
if ((x + 1) < dataLength) if ((x + 1) < dataLength)
{ {
if (resultIndex >= *resultSize - padCount - 1) if (resultIndex + 1 >= *resultSize - padCount - 1)
{ {
break; break;
} }
@@ -2428,7 +2432,7 @@ static void base64encode(uint8_t const * const data_buf,
*/ */
if ((x + 2) < dataLength) if ((x + 2) < dataLength)
{ {
if (resultIndex >= *resultSize - padCount - 1) if (resultIndex + 1 >= *resultSize - padCount - 1)
{ {
break; break;
} }
@@ -2599,28 +2603,16 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_len", pkt_l4_len); ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "pkt_l4_len", pkt_l4_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_usec", workflow->last_thread_time); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_usec", workflow->last_thread_time);
size_t const serializer_buffer_len = ndpi_serializer_get_buffer_len(&workflow->ndpi_serializer); char base64_data[nDPId_PACKETS_PLEN_MAX];
size_t const required_len = NETWORK_BUFFER_MAX_SIZE - nDPIsrvd_STRLEN_SZ("pkt") - sizeof(':') - sizeof('"') * 4; size_t base64_data_len = sizeof(base64_data);
if (serializer_buffer_len < required_len) base64encode(packet, header->caplen, base64_data, &base64_data_len);
{
char base64_data[required_len - serializer_buffer_len];
size_t base64_data_len = sizeof(base64_data);
base64encode(packet, header->caplen, base64_data, &base64_data_len);
if (base64_data_len > 0) if (base64_data_len > 0)
{ {
if (ndpi_serialize_string_binary(&workflow->ndpi_serializer, "pkt", base64_data, base64_data_len) != 0) if (ndpi_serialize_string_binary(&workflow->ndpi_serializer, "pkt", base64_data, base64_data_len) != 0)
{
logger(1,
"[%8llu, %zu] JSON serializing base64 packet buffer failed",
reader_thread->workflow->packets_captured,
reader_thread->array_index);
}
}
else
{ {
logger(1, logger(1,
"[%8llu, %zu] Base64 encoding failed.", "[%8llu, %zu] JSON serializing base64 packet buffer failed",
reader_thread->workflow->packets_captured, reader_thread->workflow->packets_captured,
reader_thread->array_index); reader_thread->array_index);
} }
@@ -2628,12 +2620,9 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
else else
{ {
logger(1, logger(1,
"[%8llu, %zu] Could not append base64 encoded raw packet data to the serializer (%zu bytes occupied), " "[%8llu, %zu] Base64 encoding failed.",
"because the network buffer (%zu bytes) is too small. Consider increasing NETWORK_BUFFER_MAX_SIZEK.",
reader_thread->workflow->packets_captured, reader_thread->workflow->packets_captured,
reader_thread->array_index, reader_thread->array_index);
serializer_buffer_len,
required_len);
} }
serialize_and_send(reader_thread); serialize_and_send(reader_thread);
} }

5
nDPIsrvd.c
View File

@@ -1185,8 +1185,9 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
{ {
logger_nDPIsrvd(current, logger_nDPIsrvd(current,
"BUG: Collector connection", "BUG: Collector connection",
"invalid JSON string: %.*s", "invalid JSON string: %.*s...",
(int)current->event_collector_un.json_bytes, (int)current->event_collector_un.json_bytes > 512 ? 512
: (int)current->event_collector_un.json_bytes,
json_read_buffer->buf.ptr.text); json_read_buffer->buf.ptr.text);
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;

32
test/results/1kxun.pcap.out
View File

File diff suppressed because one or more lines are too long