Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bugfix: check etype size before decoding #252

Merged
merged 3 commits into from
Dec 13, 2023
Merged

bugfix: check etype size before decoding #252

merged 3 commits into from
Dec 13, 2023

Conversation

lspgn
Copy link
Member

@lspgn lspgn commented Dec 6, 2023

Closes #251

The etherType variable was not checked for length and could cause panic.

@lspgn lspgn mentioned this pull request Dec 6, 2023
Closed
@lspgn lspgn added bug Something isn't working decoders Decoding flows labels Dec 6, 2023
simPod
simPod approved these changes Dec 6, 2023
View reviewed changes
Copy link
Contributor

@simPod simPod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works 🚀

simPod
simPod suggested changes Dec 6, 2023
View reviewed changes
Copy link
Contributor

@simPod simPod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I run it for few minutes on production traffic but now got the same err

Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.IsIPv4(...)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/producer_sf.go:211
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.ParseEthernetHeader(0xc00ca2f860, {0xc00d74c574, 0x3c, 0x22b4}, 0x0)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/producer_sf.go:269 +0x1dbc
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.ParseSampledHeaderConfig(0x4?, 0x6?, 0x424d05?)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/producer_sf.go:388 +0x2d
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.SearchSFlowSampleConfig(0xc00ca2f860, {0xace180?, 0xc00215ecd0?}, 0xc00254d908?)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/producer_sf.go:418 +0x75c
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.SearchSFlowSamplesConfig({0xc000fdba00?, 0x6, 0xc00254d950?}, 0x4524e9?)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/producer_sf.go:477 +0xf4
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.ProcessMessageSFlowConfig(0x9f7360?, 0xc00254d860?)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/producer_sf.go:496 +0x273
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/producer/proto.(*ProtoProducer).Produce(0xc0002904c0, {0xa4f2e0?, 0xc00215ec80?}, 0xc002d9ae00)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/producer/proto/proto.go:73 +0x14e
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/metrics.(*PromProducerWrapper).Produce(0xa4f360?, {0xa4f2e0?, 0xc00215ec80?}, 0xc002d9ae00)
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/metrics/producer.go:20 +0x52
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/utils.(*SFlowPipe).DecodeFlow(0xc0001f9fc0, {0x9f6160?, 0xc002d9ad90})
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/utils/pipe.go:127 +0x306
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: main.main.PromDecoderWrapper.func5({0x9f6160?, 0xc002d9ad90?})
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/metrics/decoder.go:53 +0x63c
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: github.com/netsampler/goflow2/v2/utils.(*UDPReceiver).decoders.func1()
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/utils/udp.go:215 +0x249
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]: created by github.com/netsampler/goflow2/v2/utils.(*UDPReceiver).decoders in goroutine 1
Dec 06 16:15:43 flop-goflow-1 goflow2[2492936]:         /buildir/goflow2/utils/udp.go:200 +0x32

@lspgn
Copy link
Member Author

lspgn commented Dec 6, 2023

Do you have encapsulation like MPLS?

@simPod
Copy link
Contributor

simPod commented Dec 6, 2023

I think https://github.com/netsampler/goflow2/pull/252/files#diff-844aca8e5e9ed831ac96036a4286078314ccd61371b89907b7981b1e62575430R257 etherType can be overwritten here. It's the only thing that comes to my mind that might be happening.

@simPod
Copy link
Contributor

simPod commented Dec 6, 2023

Do you have encapsulation like MPLS?

My guy says there's no mpls, but there's e.g. vxlan or GRE.

@simPod
Copy link
Contributor

simPod commented Dec 6, 2023

I think we are hitting this condition

goflow2/producer/proto/producer_sf.go

Line 246 in 1a6d8c9

if Is8021Q(etherType) { // VLAN 802.1Q

https://support.hpe.com/hpesc/public/docDisplay?docId=c03323978&docLocale=en_US

@lspgn
Copy link
Member Author

lspgn commented Dec 7, 2023

Added a few more checks.

@simPod
Copy link
Contributor

simPod commented Dec 7, 2023

it helped, but got another one

Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: panic: runtime error: slice bounds out of range [:2] with capacity 0
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: goroutine 147 [running]:
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/producer/proto.ParseEthernetHeader(0xc002e883c0, {0xc0090ba754, 0x40, 0x20d4}, 0x0)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/producer/proto/producer_sf.go:393 +0xe3b
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/producer/proto.ParseSampledHeaderConfig(0x4?, 0x6?, 0x5816170?)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/producer/proto/producer_sf.go:403 +0x2d
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/producer/proto.SearchSFlowSampleConfig(0xc002e883c0, {0xace180?, 0xc014e93e00?}, 0xc013bb1908?)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/producer/proto/producer_sf.go:433 +0x75c
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/producer/proto.SearchSFlowSamplesConfig({0xc008765000?, 0x6, 0xc013bb1950?}, 0x4524e9?)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/producer/proto/producer_sf.go:492 +0xf4
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/producer/proto.ProcessMessageSFlowConfig(0x9f7360?, 0xc013bb1860?)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/producer/proto/producer_sf.go:511 +0x273
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/producer/proto.(*ProtoProducer).Produce(0xc000220c60, {0xa4f2e0?, 0xc014e93c70?}, 0xc014b0fce0)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/producer/proto/proto.go:73 +0x14e
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/metrics.(*PromProducerWrapper).Produce(0xa4f360?, {0xa4f2e0?, 0xc014e93c70?}, 0xc014b0fce0)
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/metrics/producer.go:20 +0x52
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/utils.(*SFlowPipe).DecodeFlow(0xc0001322c0, {0x9f6160?, 0xc014b0fc70})
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/utils/pipe.go:127 +0x306
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: main.main.PromDecoderWrapper.func5({0x9f6160?, 0xc014b0fc70?})
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/metrics/decoder.go:53 +0x63c
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: github.com/netsampler/goflow2/v2/utils.(*UDPReceiver).decoders.func1()
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/utils/udp.go:215 +0x249
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]: created by github.com/netsampler/goflow2/v2/utils.(*UDPReceiver).decoders in goroutine 1
Dec 07 12:28:40 flop-goflow-1 goflow2[2639135]:         /buildir/goflow2/utils/udp.go:200 +0x32

https://github.com/netsampler/goflow2/pull/252/files#diff-844aca8e5e9ed831ac96036a4286078314ccd61371b89907b7981b1e62575430R393

@lspgn
Copy link
Member Author

lspgn commented Dec 7, 2023
edited
Loading

What in tarnation is this packet of death 😁
Are pcap possible or a panic catch dumping the packet (check if you could run #254)
I'll try to refactor better and handle min sizes

@lspgn
Copy link
Member Author

lspgn commented Dec 9, 2023

Added extra protection. This was a bug for MPLS packets.

@simPod
Copy link
Contributor

simPod commented Dec 11, 2023

Looking good, got no more crash for a few hours it's running now.

@lspgn lspgn merged commit 3f017c4 into main Dec 13, 2023
1 check passed
@lspgn lspgn deleted the bug/decoder branch December 13, 2023 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simPod simPod simPod requested changes

Assignees
No one assigned
Labels
bug Something isn't working decoders Decoding flows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Crash on accessing missing index in proto.IsIPv4
2 participants
@lspgn @simPod