Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 11:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Simplify FragReassembler memory management.

Browse source
This commit is contained in:
Jon Siwek 2014-01-16 16:40:23 -06:00
parent 7717a3eb67
commit 4901032660
2 changed files with 18 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/Sessions.cc
View file

@ -471,6 +471,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
} }
} }
FragReassemblerTracker frt(this, f);
len -= ip_hdr_len; // remove IP header len -= ip_hdr_len; // remove IP header
caplen -= ip_hdr_len; caplen -= ip_hdr_len;
@ -485,7 +487,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
vl->append(ip_hdr->BuildPktHdrVal()); vl->append(ip_hdr->BuildPktHdrVal());
mgr.QueueEvent(esp_packet, vl); mgr.QueueEvent(esp_packet, vl);
} }
Remove(f);
// Can't do more since upper-layer payloads are going to be encrypted. // Can't do more since upper-layer payloads are going to be encrypted.
return; return;
} }
@ -500,7 +502,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( ! ignore_checksums && mobility_header_checksum(ip_hdr) != 0xffff ) if ( ! ignore_checksums && mobility_header_checksum(ip_hdr) != 0xffff )
{ {
Weird("bad_MH_checksum", hdr, pkt, encapsulation); Weird("bad_MH_checksum", hdr, pkt, encapsulation);
Remove(f);
return; return;
} }
@ -514,7 +515,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( ip_hdr->NextProto() != IPPROTO_NONE ) if ( ip_hdr->NextProto() != IPPROTO_NONE )
Weird("mobility_piggyback", hdr, pkt, encapsulation); Weird("mobility_piggyback", hdr, pkt, encapsulation);
Remove(f);
return; return;
} }
#endif #endif
@ -522,10 +522,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
int proto = ip_hdr->NextProto(); int proto = ip_hdr->NextProto();
if ( CheckHeaderTrunc(proto, len, caplen, hdr, pkt, encapsulation) ) if ( CheckHeaderTrunc(proto, len, caplen, hdr, pkt, encapsulation) )
{
Remove(f);
return; return;
}
const u_char* data = ip_hdr->Payload(); const u_char* data = ip_hdr->Payload();
@ -592,7 +589,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( ! BifConst::Tunnel::enable_gre ) if ( ! BifConst::Tunnel::enable_gre )
{ {
Weird("GRE_tunnel", ip_hdr, encapsulation); Weird("GRE_tunnel", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -604,7 +600,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
{ {
Weird(fmt("unknown_gre_version_%d", gre_version), ip_hdr, Weird(fmt("unknown_gre_version_%d", gre_version), ip_hdr,
encapsulation); encapsulation);
Remove(f);
return; return;
} }
@ -615,7 +610,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
// Not IPv4/IPv6 payload. // Not IPv4/IPv6 payload.
Weird(fmt("unknown_gre_protocol_%"PRIu16, proto_typ), ip_hdr, Weird(fmt("unknown_gre_protocol_%"PRIu16, proto_typ), ip_hdr,
encapsulation); encapsulation);
Remove(f);
return; return;
} }
@ -627,7 +621,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
{ {
// Enhanced GRE payload must be PPP. // Enhanced GRE payload must be PPP.
Weird("egre_protocol_type", ip_hdr, encapsulation); Weird("egre_protocol_type", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
} }
@ -638,7 +631,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
// specified by RFC 1701. It could be parsed here, but easiest // specified by RFC 1701. It could be parsed here, but easiest
// to just skip for now. // to just skip for now.
Weird("gre_routing", ip_hdr, encapsulation); Weird("gre_routing", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -646,7 +638,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
{ {
// Expect last 4 bits of flags are reserved, undefined. // Expect last 4 bits of flags are reserved, undefined.
Weird("unknown_gre_flags", ip_hdr, encapsulation); Weird("unknown_gre_flags", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -656,7 +647,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( len < gre_len + ppp_len || caplen < gre_len + ppp_len ) if ( len < gre_len + ppp_len || caplen < gre_len + ppp_len )
{ {
Weird("truncated_GRE", ip_hdr, encapsulation); Weird("truncated_GRE", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -667,7 +657,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 ) if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
{ {
Weird("non_ip_packet_in_egre", ip_hdr, encapsulation); Weird("non_ip_packet_in_egre", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -688,7 +677,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( ! BifConst::Tunnel::enable_ip ) if ( ! BifConst::Tunnel::enable_ip )
{ {
Weird("IP_tunnel", ip_hdr, encapsulation); Weird("IP_tunnel", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -696,7 +684,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
encapsulation->Depth() >= BifConst::Tunnel::max_depth ) encapsulation->Depth() >= BifConst::Tunnel::max_depth )
{ {
Weird("exceeded_tunnel_max_depth", ip_hdr, encapsulation); Weird("exceeded_tunnel_max_depth", ip_hdr, encapsulation);
Remove(f);
return; return;
} }
@ -713,7 +700,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( result != 0 ) if ( result != 0 )
{ {
delete inner; delete inner;
Remove(f);
return; return;
} }
@ -740,7 +726,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
DoNextInnerPacket(t, hdr, inner, encapsulation, DoNextInnerPacket(t, hdr, inner, encapsulation,
ip_tunnels[tunnel_idx].first); ip_tunnels[tunnel_idx].first);
Remove(f);
return; return;
} }
@ -753,13 +738,11 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
encapsulation->LastType() == BifEnum::Tunnel::TEREDO ) ) encapsulation->LastType() == BifEnum::Tunnel::TEREDO ) )
Weird("ipv6_no_next", hdr, pkt); Weird("ipv6_no_next", hdr, pkt);
Remove(f);
return; return;
} }
default: default:
Weird(fmt("unknown_protocol_%d", proto), hdr, pkt, encapsulation); Weird(fmt("unknown_protocol_%d", proto), hdr, pkt, encapsulation);
Remove(f);
return; return;
} }
@ -785,7 +768,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( consistent < 0 ) if ( consistent < 0 )
{ {
delete h; delete h;
Remove(f);
return; return;
} }
@ -809,7 +791,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( ! conn ) if ( ! conn )
{ {
delete h; delete h;
Remove(f);
return; return;
} }
@ -841,7 +822,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
{ {
// Above we already recorded the fragment in its entirety. // Above we already recorded the fragment in its entirety.
f->DeleteTimer(); f->DeleteTimer();
Remove(f);
} }
else if ( record_packet ) else if ( record_packet )

15
src/Sessions.h
View file

@ -286,6 +286,21 @@ protected:
NetSessions::IPPair tunnel_idx; NetSessions::IPPair tunnel_idx;
}; };
class FragReassemblerTracker {
public:
FragReassemblerTracker(NetSessions* s, FragReassembler* f)
: net_sessions(s), frag_reassembler(f)
{ }
~FragReassemblerTracker()
{ net_sessions->Remove(frag_reassembler); }
private:
NetSessions* net_sessions;
FragReassembler* frag_reassembler;
};
// Manager for the currently active sessions. // Manager for the currently active sessions.
extern NetSessions* sessions; extern NetSessions* sessions;