Skip to content

[WIP] libntoh: switch from broken htable to uthash #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
megahall wants to merge 47 commits into
base: master
Choose a base branch
from
Open

[WIP] libntoh: switch from broken htable to uthash #17

megahall wants to merge 47 commits into from

Conversation

@megahall
Copy link

@megahall megahall commented Mar 22, 2016

Problem Statement

When using libntoh on almost any nontrivial PCAP it fails to work pretty much at all, with tons of NTOH_IP_ADDRESSES_MISMATCH and/or NTOH_TCP_PORTS_MISMATCH errors or other similar errors.

Root Cause

From extensive debugging over many hours, it appears that the simplistic htable implementation included in libntoh is causing the problem:

Detailed Steps

  1. The unsigned int key generation code and modulo-to-hash-chain code causes many collisions.
  2. The hash chain lookup code did not properly compare the contents of tuple key fields inside of each ntoh_tcp_stream_t, ntoh_ipv4_flow_t, and ntoh_ipv4_flow_t object, to be sure if the records were true duplicates of each other. Instead it just keeps returning semi-random, usually incorrect flow and stream records at the beginning of the hash chains.
  3. Because the hash table was buggy, add_fragment and add_segment operations fail with the MISMATCH errors from operating on the wrong socket objects.

History

Some previous attempts to fix the issues with htable are present in the commit history, but they were inconsistently written, not fully implemented, commented out, and/or not actually used in the code performing the find operations for flows and streams and thus ineffective.

Solution

This code appears to fix most of the issues by completely replacing the htable implementation with a known good C hash table named uthash. It passes some basic and medium complex testing but more testing from the community will be required to be 100% sure everything works.

Testing

It should cause little to no change for real applications because it just fixed internal implementation bugs. However some minor unimportant features are temporarily broken, like some of the code which limits the hash table size, as it needs some modifications before it will work with uthash.

uthash information

Detailed information on uthash:

https://github.com/troydhanson/uthash
https://troydhanson.github.io/uthash/
https://troydhanson.github.io/uthash/userguide.html

megahall added 30 commits March 22, 2016 02:07
@megahall
CMakeLists.txt: always build static library as libntoh_static.a
b848d5b
@megahall
common.{c,h}: remove non-working htable implementation
e9ec639
@megahall
ipv4defrag.h: switch from htable to uthash
eec12c2
@megahall
ipv6defrag.h: switch from htable to uthash
8ad64eb
@megahall
libntoh.{c,h}: fix prototype of ntoh_get_reason
275aec2
@megahall
tcpreassembly.h: switch from htable to uthash, fix broken indents
bebfa42
@megahall
ipv4defrag.c: stub out ntoh_ipv4_get_size
e8111a0
@megahall
ipv4defrag.c: switch ntoh_ipv4_find_flow to uthash
c4bb3d7
@megahall
ipv4defrag.c: switch ntoh_ipv4_new_flow to uthash
eefdeb9
@megahall
ipv4defrag.c: switch __ipv4_free_flow to uthash
240e5f2
@megahall
ipv4defrag.c: fix indent in ntoh_ipv4_add_fragment
38b95cf
@megahall
ipv4defrag.c: switch ntoh_ipv4_count_flows to uthash
7e3d494
@megahall
ipv4defrag.c: switch ip_check_timeouts to uthash
7f3e20f
@megahall
ipv4defrag.c: switch ntoh_ipv4_new_session to uthash
d413a0c
@megahall
ipv4defrag.c: switch __ipv4_free_session to uthash
5e4b4af
@megahall
ipv4defrag.c: fix indent in ntoh_ipv4_free_session
3f18156
@megahall
ipv4defrag.c: stub out ntoh_ipv4_resize_session
f31d81b
@megahall
ipv4defrag.c: eliminate unused ip_get_hashkey
7eb7d03
@megahall
ipv6defrag.c: eliminate unused ip_get_hashkey
b0f1dd1
@megahall
ipv6defrag.c: stub out ntoh_ipv6_get_size
8cd07a4
@megahall
ipv4defrag.c: eliminate unused ipv4_equal_tuple
65650e4
@megahall
ipv6defrag.c: eliminate unused ipv6_equal_tuple
44cec6a
@megahall
ipv6defrag.c: switch ntoh_ipv6_find_flow to uthash
8eca34b
@megahall
ipv6defrag.c: switch ntoh_ipv6_new_flow to uthash
289d622
@megahall
ipv6defrag.c: switch __ipv6_free_flow to uthash
b74dc3c
@megahall
ipv6defrag.c: fix indent in ntoh_ipv6_add_fragment
70cb52c
@megahall
ipv6defrag.c: switch ntoh_ipv6_count_flows to uthash
050ff84
@megahall
ipv6defrag.c: switch ip_check_timeouts to uthash
2704388
@megahall
ipv6defrag.c: switch ntoh_ipv6_new_session to uthash
a832805
@megahall
ipv6defrag.c: switch __ipv6_free_session to uthash
c01ec1a
megahall added 16 commits March 22, 2016 04:55
@megahall
ipv6defrag.c: stub out ntoh_ipv6_resize_session
270e320
@megahall
sfhash.c: fix collision with a macro in uthash
6b42660
@megahall
tcpreassembly.c: switch delete_stream to uthash
0d72a1d
@megahall
tcpreassembly.c: switch __tcp_free_session to uthash
9c46736
@megahall
tcpreassembly.c: switch tcp_check_timeouts to uthash
432ae9e
@megahall
tcpreassembly.c: eliminate unused tcp_equal_tuple
85629d4
@megahall
tcpreassembly.c: stub out ntoh_tcp_get_size
2b943cd
@megahall
tcpreassembly.c: switch ntoh_tcp_new_session to uthash
9adb22a
@megahall
tcpreassembly.c: switch ntoh_tcp_find_stream to uthash
d76ef8f
@megahall
tcpreassembly.c: switch ntoh_tcp_new_stream to uthash
1937496
@megahall
tcpreassembly.c: switch ntoh_tcp_new_stream to uthash
74f83fd
@megahall
tcpreassembly.c: switch handle_closing_connection to uthash
51185ac
@megahall
tcpreassembly.c: stub out ntoh_tcp_resize_session
a76628c
@megahall
tcpreassembly.c: PORTS_MISMATCH should release stream->lock
9df17c4
@megahall
examples: get_proto_description is outside header file; no inline
1e7a752
@megahall
examples: flow->key eliminated by uthash; do not try to print it
f98da38
@megahall
Copy link
Author

megahall commented Mar 22, 2016

Note: Travis-CI fails presently due to new uthash dependency. It could be fixed using uthash-dev DEB package or uthash RPM package or the relevant package for the Travis-CI environment.

@leonn
Copy link

leonn commented Mar 21, 2018
edited
Loading

all count_flows functions are not returning the count from uthash @megahall.
and there are some unused variables left from the previous implementation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@megahall @leonn