Bug 1107: decoders: bail out on pseudo packets

Flow-timeout code injects pseudo packets into the decoders, leading
to various issues. For a full explanation, see:
  https://redmine.openinfosecfoundation.org/issues/1107

This patch works around the issues with a hack. It adds a check to
each of the decoder entry points to bail out as soon as a pseudo
packet from the flow timeout is encountered.

Ticket #1107.

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 2f3ba822a772c7b8646906483f1c1f478dfcc23f..02a67a7aebeb5647a1087862638f8416e8ee188d 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -1683,6 +1683,11 @@ TmEcode DecodeAFP(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
     SCEnter();
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c
index b806414214b59b40b368c1d35c96007b17287052..c6625ace8b9eda1365f87c21223729a863267aec 100644 (file)
--- a/src/source-erf-dag.c
+++ b/src/source-erf-dag.c
@@ -591,6 +591,11 @@ TmEcode DecodeErfDag(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
     SCEnter();
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-erf-file.c b/src/source-erf-file.c
index d3924508a36edcd75a1f2e2cc7bfbce51437a4f0..23a719f1b1a3d3414bee6b6eb227f48bc928abf1 100644 (file)
--- a/src/source-erf-file.c
+++ b/src/source-erf-file.c
@@ -276,6 +276,11 @@ DecodeErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueu
     SCEnter();
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* Update counters. */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index ec31a3f523e25b2084197e3c85d38f8e8f535011..70ec3bc559761f7002123d2ed9144d2ec607351e 100644 (file)
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -440,6 +440,11 @@ TmEcode DecodeIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
 
     SCEnter();
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));

diff --git a/src/source-mpipe.c b/src/source-mpipe.c
index b42bf0be2f70f48bf8e366ba874b284285847efc..3c696cf133a9d3272bfb187a7d17edfbdb178ab0 100644 (file)
--- a/src/source-mpipe.c
+++ b/src/source-mpipe.c
@@ -1023,6 +1023,11 @@ TmEcode DecodeMpipe(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
     SCEnter();
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-napatech.c b/src/source-napatech.c
index 9f3cd6a493c058028654d176234f065d6df55ebe..032510b517c8368f28854db4076adccc16dc5705 100644 (file)
--- a/src/source-napatech.c
+++ b/src/source-napatech.c
@@ -355,6 +355,11 @@ TmEcode NapatechDecode(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
 
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-nfq.c b/src/source-nfq.c
index 548f0ed5d02d61359c629626ca7006cafe81443c..78a6de490b58e6b46693fd1d731d3d181db41304 100644 (file)
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -1200,6 +1200,11 @@ TmEcode DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
     IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));

diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c
index f23127f97c2f422fa160f9b0652e744589341a3f..838dc2c93c728fee14ed12e45edd09ccb5ab5fc5 100644 (file)
--- a/src/source-pcap-file.c
+++ b/src/source-pcap-file.c
@@ -385,6 +385,11 @@ TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P
     SCEnter();
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-pcap.c b/src/source-pcap.c
index a4267711fcda5a3af8736e75410c6414629d6a53..06f72d18fcadcb93d0493a7c495efe3b2d1f8c0d 100644 (file)
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@@ -707,6 +707,11 @@ TmEcode DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
     SCEnter();
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

diff --git a/src/source-pfring.c b/src/source-pfring.c
index d14fe2f1e18f3de241fdfd6f5d00e63afbc445dc..96f1fc72458e40cac6089628403e276d582fb4b8 100644 (file)
--- a/src/source-pfring.c
+++ b/src/source-pfring.c
@@ -570,6 +570,11 @@ TmEcode DecodePfring(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac
 {
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
+    /* XXX HACK: flow timeout can call us for injected pseudo packets
+     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
+    if (p->flags & PKT_PSEUDO_STREAM_END)
+        return TM_ECODE_OK;
+
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
 //    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);