Feature #3333
open
Research: Unwind panic's from Rust modules
Added by Jason Ish about 5 years ago.
Updated over 1 year ago.
Description
Look into unwinding panics from Rust modules. For example, it may make sense to attempt to unwind from a panic in a specific protocol parser.
Look into the performance impact of doing so, and see about making it opt-in, as well as applying to plugins.
- Subject changed from Unwind panic's from Rust modules to Research: Unwind panic's from Rust modules
- Assignee changed from OISF Dev to Jason Ish
Here is a draft PR that shows how panics might be caught in the DNS parser: https://github.com/OISF/suricata/pull/8757
My test consisted of a DNS pcap with 927000 DNS records in it. Git master branch consistently ran in 5.84s while this PR consistently ran in 6.17s suggesting a slowdown of about 5.34%.
The slow down was worse when errors were introduced, however, that slowdown may have been due to the following output that can't be turned off, rather than the actual handling of the panic:
thread '<unnamed>' panicked at 'index out of bounds: the len is 0 but the index is 99', src/dns/dns.rs:789:8
Normally Suricata would abort after such a message, however with this PR we can catch it and return a reasonable error.
I suppose further tests should be done by adding to more protocols and running through replay QA.
- Target version set to TBD
Also available in: Atom
PDF