-
Notifications
You must be signed in to change notification settings - Fork 637
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check size of tcpFragmentList before delete fragment #1346
base: dev
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## dev #1346 +/- ##
==========================================
+ Coverage 82.34% 82.37% +0.03%
==========================================
Files 163 163
Lines 20937 20939 +2
Branches 7906 7910 +4
==========================================
+ Hits 17241 17249 +8
+ Misses 3025 3017 -8
- Partials 671 673 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
I add a new function to specially test that case, appologize for the ugly code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order for the test to run you need to add PTF_RUN_TEST
here:
PcapPlusPlus/Tests/Pcap++Test/main.cpp
Line 302 in e48be80
PTF_RUN_TEST(TestXdpDeviceInvalidConfig, "xdp"); |
// tcpReassemblyTestManuallyCloseConnOnMesgReady() | ||
// ~~~~~~~~~~~~~~~~~~~ | ||
|
||
static bool tcpReassemblyTestManuallyCloseConnOnMesgReady(const std::vector<pcpp::RawPacket>& packetStream, TcpReassemblyMultipleConnStatsWithReassembly& results, bool monitorOpenCloseConns, bool closeConnsManually) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can make this method simpler - I don't think that monitorOpenCloseConns
and closeConnsManually
are needed...
flowKeysList.clear(); | ||
} | ||
|
||
pcpp::TcpReassembly *tcpReassmbly = nullptr; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe instead of duplicating the entire struct we can just inherit from TcpReassemblyMultipleConnStats
and add pcpp::TcpReassembly *tcpReassmbly
?
Or another option is to add pcpp::TcpReassembly *tcpReassmbly
to TcpReassemblyMultipleConnStats
I am using TcpReassembly and it crashes with double free / invalid pointer in checkOutOfOrderFragments, but only on ARM, interestingly. Looking at this, it seems this PR should fix crashes I see. I have a pcap with recorded traffic, but unfortunelly I cannot share it. But I could help you with testing. |
That would be great, would you like to help test the PR with your pcap file on the ARM machine? |
Yes, the bug happens when you call closeConnection from OnMessageReadyCallback. Use build with address sanitizers (or valgrind?). I tried you branch and I did not see crash |
@davidbolvansky could you please furnish a concise reproducible code sample illustrating the issue you're encountering? |
As I said the bug happens when you call tcpReassembly.closeConnection(connData.flowKey) from OnMessageReadyCallback - OnMessageEndCallback is called for first time. Then OnMessageEndCallback is called again, due normal fin. This second invocation triggers double free. |
Tests/Pcap++Test/TestDefinition.h
Outdated
@@ -64,6 +64,7 @@ PTF_TEST_CASE(TestTcpReassemblySanity); | |||
PTF_TEST_CASE(TestTcpReassemblyRetran); | |||
PTF_TEST_CASE(TestTcpReassemblyMissingData); | |||
PTF_TEST_CASE(TestTcpReassemblyOutOfOrder); | |||
PTF_TEST_CASE(TestTcpReassemblyOutOfOrderManuallyCloseConnOnMesgReady); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we make the test name shorter?
Maybe: TestTcpReassemblyOOOCloseConn
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is TestTcpReassemblyOutOfOrderWithManualClose
fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably change that, but we currently have a hard-coded limit of 35 characters for test names, here is an example:
std::cout << std::left << std::setw(35) << #TestName << ": PASSED" << std::endl; \ |
Tests that have a longer name will result in a weird UI print, something like:
...
...
TestTcpReassemblyMalformedPkts : PASSED
TestTcpReassemblyMultipleConns : PASSED
TestTcpReassemblyIPv6 : PASSED
TestTcpReassemblyIPv6MultConns : PASSED
TestTcpReassemblyIPv6_OOO : PASSED
TestTcpReassemblyCleanup : PASSED
TestTcpReassemblyMaxOOOFrags : PASSED
TestTcpReassemblyMaxSeq : PASSED
TestTcpReassemblyDisableOOOCleanup : PASSED
TestTcpReassemblyOutOfOrderWithManualClose: PASSED
...
@MCredbear can you please address the remaining comments so we can get the PR merged? |
…tTcpReassemblyOutOfOrderWithManualClose
@MCredbear please also address the previous comment: And fix the pre-commit issue: https://github.com/seladb/PcapPlusPlus/actions/runs/8772352536/job/24071180251?pr=1346 |
@MCredbear the new test fails in CI 😕 |
Emm, I don't know what causes the new CI test error |
@MCredbear In output side there are three different HTTP payloads with |
@@ -64,6 +64,7 @@ PTF_TEST_CASE(TestTcpReassemblySanity); | |||
PTF_TEST_CASE(TestTcpReassemblyRetran); | |||
PTF_TEST_CASE(TestTcpReassemblyMissingData); | |||
PTF_TEST_CASE(TestTcpReassemblyOutOfOrder); | |||
PTF_TEST_CASE(TestTcpReassemblyOOOWithManualClose); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is "OOO"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OOO == Out Of Order
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like the abbreviation, not straightforward, I would recommend TestTcpReassemblyOutOfOrderWithManualClose
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem is that we currently have a limit of 35 chars per test (you can see it everywhere in PcppTestFramework.h
so longer test names will look misaligned when running them. Perhaps we can remove this limitation and automatically detect the longest test name, but I'm not sure it'd be straightforward to do 🤔
We can also extend the 35 limit to a larger number...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@seladb maybe we should increase the number? TestTcpReassemblyOutOfOrderWithManualClose
length is 42, so I guess changing it to 50 is enough.
tcpReassembly->reassemblePacket(packet); | ||
} | ||
|
||
//for(TcpReassemblyMultipleConnStats::Stats::iterator iter = results.stats.begin(); iter != results.stats.end(); iter++) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
forget to remove?
@MCredbear would you like to finish the PR? |
Fragment might be delete after calling m_OnMessageReadyCallback (eg. call TcpReassembly::closeConnection in m_OnMessageReadyCallback), so we need to check if it's already deleted .