Pull request #4586: packet_io: check the DAQ_Msg_h parameter on api calls and return...

author Davis McPherson -X (davmcphe - XORIANT CORPORATION at Cisco) <davmcphe@cisco.com>

Tue, 28 Jan 2025 21:42:36 +0000 (21:42 +0000)

committer Steven Baigal (sbaigal) <sbaigal@cisco.com>

Tue, 28 Jan 2025 21:42:36 +0000 (21:42 +0000)
author Davis McPherson -X (davmcphe - XORIANT CORPORATION at Cisco) <davmcphe@cisco.com>
Tue, 28 Jan 2025 21:42:36 +0000 (21:42 +0000)
committer Steven Baigal (sbaigal) <sbaigal@cisco.com>
Tue, 28 Jan 2025 21:42:36 +0000 (21:42 +0000)
diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc

index e4aa26ab9eab40856705ed28076cf716b2b6020b..f68f7d62a992457fc84a314e6e633bc9e6340abb 100644 (file)
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -397,8 +397,10 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro
          node->head = node->tail = nullptr;
          node->count = 0;
          last = nullptr;
-        /* Only add TCP and UDP expected flows for now via the DAQ module. */
-        if ((ip_proto == IpProtocol::TCP || ip_proto == IpProtocol::UDP) && ctrlPkt->daq_instance)
+        // Only add TCP and UDP expected flows for now via the DAQ module. Additionally only
+        // add the expected flow when the daq_msg field is non-null.  A null daq_msg field
+        // indicates the flow is closing and it is too late to add an expected flow.
+        if ((ip_proto == IpProtocol::TCP || ip_proto == IpProtocol::UDP) && ctrlPkt->daq_msg)
          {
              if (PacketTracer::is_active())
              {
diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc

index c52a67c48041040d4b9c6d98a55944f0e0175af9..1fd359c1a14fa63694f7a39f60f1313af02ad6a5 100644 (file)
--- a/src/packet_io/sfdaq_instance.cc
+++ b/src/packet_io/sfdaq_instance.cc
@@ -201,6 +201,9 @@ DAQ_RecvStatus SFDAQInstance::receive_messages(unsigned max_recv)
  
  int SFDAQInstance::finalize_message(DAQ_Msg_h msg, DAQ_Verdict verdict)
  {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
      int rval = daq_instance_msg_finalize(instance, msg, verdict);
      if (rval == DAQ_SUCCESS)
          pool_available++;
@@ -273,6 +276,9 @@ bool SFDAQInstance::stop()
  
  int SFDAQInstance::inject(DAQ_Msg_h msg, int rev, const uint8_t* buf, uint32_t len)
  {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
      int rval = daq_instance_inject_relative(instance, msg, buf, len, rev);
  #ifdef DEBUG_MSGS
      if (rval != DAQ_SUCCESS)
@@ -305,6 +311,9 @@ int SFDAQInstance::ioctl(DAQ_IoctlCmd cmd, void *arg, size_t arglen)
  
  int SFDAQInstance::modify_flow_opaque(DAQ_Msg_h msg, uint32_t opaque)
  {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
      DIOCTL_SetFlowOpaque d_sfo;
      d_sfo.msg = msg;
      d_sfo.value = opaque;
@@ -314,6 +323,9 @@ int SFDAQInstance::modify_flow_opaque(DAQ_Msg_h msg, uint32_t opaque)
  
  int SFDAQInstance::set_packet_verdict_reason(DAQ_Msg_h msg, uint8_t verdict_reason)
  {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
      DIOCTL_SetPacketVerdictReason d_spvr;
  
      d_spvr.msg = msg;
@@ -324,6 +336,9 @@ int SFDAQInstance::set_packet_verdict_reason(DAQ_Msg_h msg, uint8_t verdict_reas
  
  int SFDAQInstance::set_packet_trace_data(DAQ_Msg_h msg, uint8_t* buff, uint32_t buff_len)
  {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
      DIOCTL_SetPacketTraceData d_sptd;
  
      d_sptd.msg = msg;
diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc

index 6e4595f3bb70ad9fa1afa859448079720a9a0d70..46c568d4f8bbd2da62bfeeea92f06b9376f8a84a 100644 (file)
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -29,8 +29,10 @@
  
  #include "detection/detection_engine.h"
  #include "log/log.h"
+#include "main/analyzer.h"
  #include "packet_io/active.h"
  #include "packet_io/packet_tracer.h"
+#include "packet_io/sfdaq.h"
  #include "profiler/profiler.h"
  #include "protocols/packet_manager.h"
  #include "stream/stream_splitter.h"
@@ -478,11 +480,12 @@ void TcpReassemblerBase::final_flush(Packet* p, uint32_t dir)
  static Packet* get_packet(Flow* flow, uint32_t flags, bool c2s)
  {
      Packet* p = DetectionEngine::set_next_packet(nullptr, flow);
-
      DAQ_PktHdr_t* ph = p->context->pkth;
      memset(ph, 0, sizeof(*ph));
      packet_gettimeofday(&ph->ts);
  
+    if ( !p->daq_instance )
+        p->daq_instance = SFDAQ::get_local_instance();
      p->pktlen = 0;
      p->data = nullptr;
      p->dsize = 0;
author	Davis McPherson -X (davmcphe - XORIANT CORPORATION at Cisco) <davmcphe@cisco.com>
	Tue, 28 Jan 2025 21:42:36 +0000 (21:42 +0000)
committer	Steven Baigal (sbaigal) <sbaigal@cisco.com>
	Tue, 28 Jan 2025 21:42:36 +0000 (21:42 +0000)
src/flow/expect_cache.cc		patch \| blob \| blame \| history
src/packet_io/sfdaq_instance.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_reassembler.cc		patch \| blob \| blame \| history