Various fixes v1 #836
Closed
Various fixes v1 #836
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On fragments and invalid packets we can have p->proto set, while the matching protocol header pointer is null.
ICMPv6 on IPv4 is invalid, so if we encounter this we set an event and flag the packet as invalid. Ticket #1105.
FlowReference stores the flow in the destination pointer and increases the flow reference counter (use_cnt). This should only be called once per destination pointer. The reference counter is decremented when FlowDereference is called. Multiple FlowReference calls would lead to multiple use_cnt bumps, while there would be only one FlowRereference. This lead to a use_cnt that would never become 0, meaning the flow would stay in the hash for the entire lifetime of the process. The fix here is to check if the destination pointer is already set to the flow. If so, we don't increase the reference counter. As this is really a bug, this condition will lead to a BUG_ON if the DEBUG_VALIDATION checking is enabled.
Flow-timeout code injects pseudo packets into the decoders, leading to various issues. For a full explanation, see: https://redmine.openinfosecfoundation.org/issues/1107 This patch works around the issues with a hack. It adds a check to each of the decoder entry points to bail out as soon as a pseudo packet from the flow timeout is encountered. Ticket #1107.
|
Merged after rebase. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://redmine.openinfosecfoundation.org/issues/1105
https://redmine.openinfosecfoundation.org/issues/1107
Prscript: