Project

General

Profile

Actions

Feature #3333

open

Research: Unwind panic's from Rust modules

Added by Jason Ish over 4 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Look into unwinding panics from Rust modules. For example, it may make sense to attempt to unwind from a panic in a specific protocol parser.

Look into the performance impact of doing so, and see about making it opt-in, as well as applying to plugins.

Actions #1

Updated by Jason Ish over 4 years ago

  • Subject changed from Unwind panic's from Rust modules to Research: Unwind panic's from Rust modules
Actions #2

Updated by Jason Ish about 1 year ago

  • Assignee changed from OISF Dev to Jason Ish

Here is a draft PR that shows how panics might be caught in the DNS parser: https://github.com/OISF/suricata/pull/8757

My test consisted of a DNS pcap with 927000 DNS records in it. Git master branch consistently ran in 5.84s while this PR consistently ran in 6.17s suggesting a slowdown of about 5.34%.

The slow down was worse when errors were introduced, however, that slowdown may have been due to the following output that can't be turned off, rather than the actual handling of the panic:

thread '<unnamed>' panicked at 'index out of bounds: the len is 0 but the index is 99', src/dns/dns.rs:789:8

Normally Suricata would abort after such a message, however with this PR we can catch it and return a reasonable error.

I suppose further tests should be done by adding to more protocols and running through replay QA.

Actions #3

Updated by Victor Julien about 1 year ago

  • Target version set to TBD
Actions

Also available in: Atom PDF