Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix packet filter memory leaks

Browse source
This commit is contained in:
Jon Siwek 2019-12-30 10:52:50 -08:00
parent 7db84dfcb6
commit a961f0b4c4
5 changed files with 52 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

41
src/PacketFilter.cc
View file

@ -1,11 +1,25 @@
#include "PacketFilter.h" #include "PacketFilter.h"
void PacketFilter::DeleteFilter(void* data)
{
auto f = static_cast<Filter*>(data);
delete f;
}
PacketFilter::PacketFilter(bool arg_default)
{
default_match = arg_default;
src_filter.SetDeleteFunction(PacketFilter::DeleteFilter);
dst_filter.SetDeleteFunction(PacketFilter::DeleteFilter);
}
void PacketFilter::AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability) void PacketFilter::AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability)
{ {
Filter* f = new Filter; Filter* f = new Filter;
f->tcp_flags = tcp_flags; f->tcp_flags = tcp_flags;
f->probability = uint32_t(probability * RAND_MAX); f->probability = uint32_t(probability * RAND_MAX);
src_filter.Insert(src, 128, f); auto prev = static_cast<Filter*>(src_filter.Insert(src, 128, f));
delete prev;
} }
void PacketFilter::AddSrc(Val* src, uint32_t tcp_flags, double probability) void PacketFilter::AddSrc(Val* src, uint32_t tcp_flags, double probability)
@ -13,7 +27,8 @@ void PacketFilter::AddSrc(Val* src, uint32_t tcp_flags, double probability)
Filter* f = new Filter; Filter* f = new Filter;
f->tcp_flags = tcp_flags; f->tcp_flags = tcp_flags;
f->probability = uint32_t(probability * RAND_MAX); f->probability = uint32_t(probability * RAND_MAX);
src_filter.Insert(src, f); auto prev = static_cast<Filter*>(src_filter.Insert(src, f));
delete prev;
} }
void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probability) void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probability)
@ -21,7 +36,8 @@ void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probabil
Filter* f = new Filter; Filter* f = new Filter;
f->tcp_flags = tcp_flags; f->tcp_flags = tcp_flags;
f->probability = uint32_t(probability * RAND_MAX); f->probability = uint32_t(probability * RAND_MAX);
dst_filter.Insert(dst, 128, f); auto prev = static_cast<Filter*>(dst_filter.Insert(dst, 128, f));
delete prev;
} }
void PacketFilter::AddDst(Val* dst, uint32_t tcp_flags, double probability) void PacketFilter::AddDst(Val* dst, uint32_t tcp_flags, double probability)
@ -29,27 +45,36 @@ void PacketFilter::AddDst(Val* dst, uint32_t tcp_flags, double probability)
Filter* f = new Filter; Filter* f = new Filter;
f->tcp_flags = tcp_flags; f->tcp_flags = tcp_flags;
f->probability = uint32_t(probability * RAND_MAX); f->probability = uint32_t(probability * RAND_MAX);
dst_filter.Insert(dst, f); auto prev = static_cast<Filter*>(dst_filter.Insert(dst, f));
delete prev;
} }
bool PacketFilter::RemoveSrc(const IPAddr& src) bool PacketFilter::RemoveSrc(const IPAddr& src)
{ {
return src_filter.Remove(src, 128) != 0; auto f = static_cast<Filter*>(src_filter.Remove(src, 128));
delete f;
return f != nullptr;
} }
bool PacketFilter::RemoveSrc(Val* src) bool PacketFilter::RemoveSrc(Val* src)
{ {
return src_filter.Remove(src) != NULL; auto f = static_cast<Filter*>(src_filter.Remove(src));
delete f;
return f != nullptr;
} }
bool PacketFilter::RemoveDst(const IPAddr& dst) bool PacketFilter::RemoveDst(const IPAddr& dst)
{ {
return dst_filter.Remove(dst, 128) != NULL; auto f = static_cast<Filter*>(dst_filter.Remove(dst, 128));
delete f;
return f != nullptr;
} }
bool PacketFilter::RemoveDst(Val* dst) bool PacketFilter::RemoveDst(Val* dst)
{ {
return dst_filter.Remove(dst) != NULL; auto f = static_cast<Filter*>(dst_filter.Remove(dst));
delete f;
return f != nullptr;
} }
bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen) bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen)

4
src/PacketFilter.h
View file

@ -7,7 +7,7 @@
class PacketFilter { class PacketFilter {
public: public:
explicit PacketFilter(bool arg_default) { default_match = arg_default; } explicit PacketFilter(bool arg_default);
~PacketFilter() {} ~PacketFilter() {}
// Drops all packets from a particular source (which may be given // Drops all packets from a particular source (which may be given
@ -34,6 +34,8 @@ private:
uint32_t probability; uint32_t probability;
}; };
static void DeleteFilter(void* data);
bool MatchFilter(const Filter& f, const IP_Hdr& ip, int len, int caplen); bool MatchFilter(const Filter& f, const IP_Hdr& ip, int len, int caplen);
bool default_match; bool default_match;

10
src/PrefixTable.h
View file

@ -18,8 +18,8 @@ private:
}; };
public: public:
PrefixTable() { tree = New_Patricia(128); } PrefixTable() { tree = New_Patricia(128); delete_function = nullptr; }
~PrefixTable() { Destroy_Patricia(tree, 0); } ~PrefixTable() { Destroy_Patricia(tree, delete_function); }
// Addr in network byte order. If data is zero, acts like a set. // Addr in network byte order. If data is zero, acts like a set.
// Returns ptr to old data if already existing. // Returns ptr to old data if already existing.
@ -43,7 +43,10 @@ public:
void* Remove(const IPAddr& addr, int width); void* Remove(const IPAddr& addr, int width);
void* Remove(const Val* value); void* Remove(const Val* value);
void Clear() { Clear_Patricia(tree, 0); } void Clear() { Clear_Patricia(tree, delete_function); }
// Sets a function to call for each node when table is cleared/destroyed.
void SetDeleteFunction(data_fn_t del_fn) { delete_function = del_fn; }
iterator InitIterator(); iterator InitIterator();
void* GetNext(iterator* i); void* GetNext(iterator* i);
@ -53,4 +56,5 @@ private:
static IPPrefix PrefixToIPPrefix(prefix_t* p); static IPPrefix PrefixToIPPrefix(prefix_t* p);
patricia_tree_t* tree; patricia_tree_t* tree;
data_fn_t delete_function;
}; };

6
src/patricia.c
View file

@ -432,7 +432,7 @@ New_Patricia (int maxbits)
*/ */
void void
Clear_Patricia (patricia_tree_t *patricia, void_fn_t func) Clear_Patricia (patricia_tree_t *patricia, data_fn_t func)
{ {
assert (patricia); assert (patricia);
if (patricia->head) { if (patricia->head) {
@ -476,7 +476,7 @@ Clear_Patricia (patricia_tree_t *patricia, void_fn_t func)
void void
Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func) Destroy_Patricia (patricia_tree_t *patricia, data_fn_t func)
{ {
Clear_Patricia (patricia, func); Clear_Patricia (patricia, func);
Delete (patricia); Delete (patricia);
@ -489,7 +489,7 @@ Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func)
*/ */
void void
patricia_process (patricia_tree_t *patricia, void_fn_t func) patricia_process (patricia_tree_t *patricia, prefix_data_fn_t func)
{ {
patricia_node_t *node; patricia_node_t *node;
assert (func); assert (func);

11
src/patricia.h
View file

@ -51,8 +51,6 @@
#include <sys/types.h> #include <sys/types.h>
/* typedef unsigned int u_int; */
typedef void (*void_fn_t)();
/* { from defs.h */ /* { from defs.h */
#define prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin) #define prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin)
#define MAXLINE 1024 #define MAXLINE 1024
@ -84,6 +82,9 @@ typedef struct _prefix_t {
} add; } add;
} prefix_t; } prefix_t;
typedef void (*data_fn_t)(void*);
typedef void (*prefix_data_fn_t)(prefix_t*, void*);
/* } */ /* } */
typedef struct _patricia_node_t { typedef struct _patricia_node_t {
@ -110,9 +111,9 @@ patricia_node_t * patricia_search_best2 (patricia_tree_t *patricia, prefix_t *pr
patricia_node_t *patricia_lookup (patricia_tree_t *patricia, prefix_t *prefix); patricia_node_t *patricia_lookup (patricia_tree_t *patricia, prefix_t *prefix);
void patricia_remove (patricia_tree_t *patricia, patricia_node_t *node); void patricia_remove (patricia_tree_t *patricia, patricia_node_t *node);
patricia_tree_t *New_Patricia (int maxbits); patricia_tree_t *New_Patricia (int maxbits);
void Clear_Patricia (patricia_tree_t *patricia, void_fn_t func); void Clear_Patricia (patricia_tree_t *patricia, data_fn_t func);
void Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func); void Destroy_Patricia (patricia_tree_t *patricia, data_fn_t func);
void patricia_process (patricia_tree_t *patricia, void_fn_t func); void patricia_process (patricia_tree_t *patricia, prefix_data_fn_t func);
void Deref_Prefix (prefix_t * prefix); void Deref_Prefix (prefix_t * prefix);