Feature #3333
openResearch: Unwind panic's from Rust modules
Description
Look into unwinding panics from Rust modules. For example, it may make sense to attempt to unwind from a panic in a specific protocol parser.
Look into the performance impact of doing so, and see about making it opt-in, as well as applying to plugins.
Updated by Jason Ish over 4 years ago
- Subject changed from Unwind panic's from Rust modules to Research: Unwind panic's from Rust modules
Updated by Jason Ish about 1 year ago
- Assignee changed from OISF Dev to Jason Ish
Here is a draft PR that shows how panics might be caught in the DNS parser: https://github.com/OISF/suricata/pull/8757
My test consisted of a DNS pcap with 927000 DNS records in it. Git master branch consistently ran in 5.84s while this PR consistently ran in 6.17s suggesting a slowdown of about 5.34%.
The slow down was worse when errors were introduced, however, that slowdown may have been due to the following output that can't be turned off, rather than the actual handling of the panic:
thread '<unnamed>' panicked at 'index out of bounds: the len is 0 but the index is 99', src/dns/dns.rs:789:8
Normally Suricata would abort after such a message, however with this PR we can catch it and return a reasonable error.
I suppose further tests should be done by adding to more protocols and running through replay QA.