From: Tom Peters (thopeter) Date: Fri, 4 Jun 2021 21:57:28 +0000 (+0000) Subject: Merge pull request #2922 in SNORT/snort3 from ~MDAGON/snort3:hpack to master X-Git-Tag: 3.1.6.0~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b483c59b616410c50087df86e5a742d9d9ff27df;p=thirdparty%2Fsnort3.git Merge pull request #2922 in SNORT/snort3 from ~MDAGON/snort3:hpack to master Squashed commit of the following: commit e59cf270b46659a38b44dc92091deb10e7c3e593 Author: Maya Dagon Date: Wed Jun 2 10:40:50 2021 -0400 http2_inspect: track dynamic table memory allocation --- diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc index 34f341d48..f0feb020a 100644 --- a/src/payload_injector/test/payload_injector_test.cc +++ b/src/payload_injector/test/payload_injector_test.cc @@ -132,6 +132,8 @@ InjectionReturnStatus PayloadInjector::get_http2_payload(InjectionControl, unsigned Http2FlowData::inspector_id = 0; Http2Stream::~Http2Stream() = default; +HpackDynamicTable::HpackDynamicTable(Http2FlowData* flow_data) : + session_data(flow_data) {} HpackDynamicTable::~HpackDynamicTable() = default; Http2DataCutter::Http2DataCutter(Http2FlowData* _session_data, HttpCommon::SourceId src_id) : session_data(_session_data), source_id(src_id) { } diff --git a/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.cc b/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.cc index ec441ff3c..dc291995f 100644 --- a/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.cc +++ b/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.cc @@ -22,20 +22,38 @@ #endif #include "http2_hpack_dynamic_table.h" -#include "http2_module.h" #include +#include "http2_flow_data.h" #include "http2_hpack_table.h" +#include "http2_module.h" using namespace Http2Enums; +HpackDynamicTable::HpackDynamicTable(Http2FlowData* flow_data) : + session_data(flow_data) +{ + session_data->update_allocations( ARRAY_CAPACITY * sizeof(HpackTableEntry*) + + TABLE_MEMORY_TRACKING_INCREMENT); + table_memory_allocated = TABLE_MEMORY_TRACKING_INCREMENT; +} + + HpackDynamicTable::~HpackDynamicTable() { - for (std::vector::iterator it = circular_buf.begin(); - it != circular_buf.end(); ++it) + for (uint32_t i = 0, indx = start; i < num_entries; i++) { - delete *it; + delete circular_buf[indx]; + indx = (indx + 1) % ARRAY_CAPACITY; + } + session_data->update_deallocations( ARRAY_CAPACITY * sizeof(HpackTableEntry*) + + TABLE_MEMORY_TRACKING_INCREMENT ); + + while (table_memory_allocated > TABLE_MEMORY_TRACKING_INCREMENT) + { + session_data->update_deallocations(TABLE_MEMORY_TRACKING_INCREMENT); + table_memory_allocated -= TABLE_MEMORY_TRACKING_INCREMENT; } } @@ -71,6 +89,12 @@ bool HpackDynamicTable::add_entry(const Field& name, const Field& value) Http2Module::increment_peg_counts(PEG_MAX_TABLE_ENTRIES); rfc_table_size += new_entry_size; + while (rfc_table_size > table_memory_allocated) + { + session_data->update_allocations(TABLE_MEMORY_TRACKING_INCREMENT); + table_memory_allocated += TABLE_MEMORY_TRACKING_INCREMENT; + } + return true; } diff --git a/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.h b/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.h index 675850011..43e13178c 100644 --- a/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.h +++ b/src/service_inspectors/http2_inspect/http2_hpack_dynamic_table.h @@ -28,12 +28,13 @@ #include struct HpackTableEntry; +class Http2FlowData; class HpackDynamicTable { public: // FIXIT-P This array can be optimized to start smaller and grow on demand - HpackDynamicTable() : circular_buf(ARRAY_CAPACITY, nullptr) {} + HpackDynamicTable(Http2FlowData* flow_data); ~HpackDynamicTable(); const HpackTableEntry* get_entry(uint32_t index) const; bool add_entry(const Field& name, const Field& value); @@ -45,12 +46,15 @@ private: const static uint32_t DEFAULT_MAX_SIZE = 4096; const static uint32_t ARRAY_CAPACITY = 512; + const static uint32_t TABLE_MEMORY_TRACKING_INCREMENT = 500; uint32_t max_size = DEFAULT_MAX_SIZE; uint32_t start = 0; uint32_t num_entries = 0; uint32_t rfc_table_size = 0; - std::vector circular_buf; + HpackTableEntry* circular_buf[ARRAY_CAPACITY] = {0}; + Http2FlowData* const session_data; + uint32_t table_memory_allocated; void prune_to_size(uint32_t new_max_size); }; diff --git a/src/service_inspectors/http2_inspect/http2_hpack_table.h b/src/service_inspectors/http2_inspect/http2_hpack_table.h index 97bfe0f69..c09ddbfbd 100644 --- a/src/service_inspectors/http2_inspect/http2_hpack_table.h +++ b/src/service_inspectors/http2_inspect/http2_hpack_table.h @@ -41,7 +41,8 @@ class HpackIndexTable { public: HpackIndexTable(Http2FlowData* flow_data, HttpCommon::SourceId src_id) : - session_data(flow_data), source_id(src_id) { } + dynamic_table(flow_data), session_data(flow_data), source_id(src_id) + { } const HpackTableEntry* lookup(uint64_t index) const; bool add_index(const Field& name, const Field& value); bool hpack_table_size_update(const uint32_t size);