Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nfacctd crashes on vlen fields #666

Open
ixodis opened this issue Feb 14, 2023 · 1 comment
Open

Nfacctd crashes on vlen fields #666

ixodis opened this issue Feb 14, 2023 · 1 comment

Comments

@ixodis
Copy link

ixodis commented Feb 14, 2023

Hi, Paolo!

I found some problems with variable length fields on nfacctd – it crashes after a while with segfault and/or “connection lost to plugin” error.

Here is the template:

image001

And flow record example:

image002

I tried print and Kafka plugins but behavior stays the same. Once I managed to get these records with strange values of flowid and bytes counters in debug log (memory/buffer overflow issues?):

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "1104823881", "description": "{"0":21276,"1":256,"2":1,"3":0,"4":1,"5":1,"6":{"0":"com","1":"A","2":"IN},"7":[]}", "packets": 0, "bytes": 0, "writer_id": "out/6557"}

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "1104868987", "description": "{"0":13557,"1":256,"2":1,"3":0,"4":1,"5":0,"6":{"0":"com","1":"A","2":"IN},"7":[]}", "packets": 0, "bytes": 0, "writer_id": "out/6557"}

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "1104857462", "description": "{"0":51258,"1":256,"2":1,"3":0,"4":1,"5":0,"6":{"0":"com","1":"A","2":"IN},"7":[]}", "packets": 0, "bytes": 0, "writer_id": "out/6557"}

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "1104851443", "description": "", "packets": 0, "bytes": 0, "writer_id": "out/6557"}

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "4315810", "description": "", "packets": 0, "bytes": 0, "writer_id": "out/6557"}

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "3180163807514927664", "description": "", "packets": 268435457, "bytes": 34902897112121344, "writer_id": "out/6557"}

DEBUG ( out/kafka ): {"event_type": "purge", "flowid": "3180161608486759458", "description": "", "packets": 39295, "bytes": -2719892699955068928, "writer_id": "out/6557"}

I will send you a PCAP file via email

Nfacctd version:

/opt/pmacct-1.7.8/bin/nfacctd -V

NetFlow Accounting Daemon, nfacctd 1.7.9-git [RELEASE]

Arguments:

'--sysconfdir=/opt/pmacct-1.7.8/conf' '--prefix=/opt' '--sbindir=/opt/pmacct-1.7.8/bin' '--enable-plabel' '--enable-kafka' '--enable-jansson' '--disable-bgp-bins' '--disable-bmp-bins' '--enable-l2' '--enable-traffic-bins' '--enable-st-bins'

Libs:
cdada 0.3.5
libpcap version 1.5.3
rdkafka 0.11.5
jansson 2.10

Plugins:
memory
print
nfprobe
sfprobe
tee
kafka

System:
Linux 3.10.0-1160.80.1.el7.x86_64 #1 SMP Sat Oct 8 18:13:21 UTC 2022 x86_64

Compiler:
gcc 4.8.5

Nfacctd config:

plugins: kafka[out]
kafka_topic: nfacctd_test
kafka_broker_host: *
kafka_refresh_time: 2
nfacctd_interface: eth0
nfacctd_port: 3255
aggregate_primitives: /opt/pmacct/primitives
aggregate[out]: flowID,app,description

Primitives:

name=app field_type=96 len=vlen semantics=str
name=description field_type=94 len=vlen semantics=str
name=flowID field_type=148 len=4 semantics=u_int
@ixodis
Copy link
Author

ixodis commented Apr 27, 2023
edited

Hi, Paolo!

With help of https://github.com/google/sanitizers/wiki/AddressSanitizer we found memory leaking.

Here are the changes in Makefile to use ASan:

libasan makefile

libasan makefile 2

Ans so we found these errors:

Heap Buffer Overflow

Heap Buffer Overflow 2

Could you please help with solving this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ixodis