diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-10-31 18:12:03 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-11-02 18:36:54 +0100 |
| commit | ce5f448d3b690649a687e93dcdcfd59efe61ed28 (patch) | |
| tree | 50e5f1f9e1c759edfb0672386bb059676d3b2e60 | |
| parent | 2b48eb051473e240735f61f41dce1c6614ca39fd (diff) | |
Switched OpenWrt GitHub Actions SDK to main branch
* fixed some SonarCloud complaints
* added more systemd CI tests
* fixed debian package scripts to obey remove/purge
* changed `chmod_chown()` error handling
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | .github/workflows/build-openwrt.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/build.yml | 8 | ||||
| -rw-r--r-- | CMakeLists.txt | 40 | ||||
| -rw-r--r-- | examples/c-captured/c-captured.c | 10 | ||||
| -rwxr-xr-x | examples/py-semantic-validation/py-semantic-validation.py | 4 | ||||
| -rw-r--r-- | nDPId.c | 80 | ||||
| -rw-r--r-- | nDPIsrvd.c | 8 | ||||
| -rwxr-xr-x | packages/debian/postrm | 13 | ||||
| -rwxr-xr-x | packages/debian/preinst | 17 | ||||
| -rwxr-xr-x | packages/debian/prerm | 4 | ||||
| -rw-r--r-- | utils.c | 8 |
11 files changed, 107 insertions, 87 deletions
diff --git a/.github/workflows/build-openwrt.yml b/.github/workflows/build-openwrt.yml index 9d329d584..a9c4b6f45 100644 --- a/.github/workflows/build-openwrt.yml +++ b/.github/workflows/build-openwrt.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 1 - name: Build - uses: openwrt/gh-action-sdk@v7 + uses: openwrt/gh-action-sdk@main env: ARCH: ${{ matrix.arch }}-snapshot FEED_DIR: ${{ github.workspace }}/packages/openwrt diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3586efd9d..2ead2c26a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -285,8 +285,12 @@ jobs: sudo systemctl enable ndpid@lo sudo systemctl start ndpid@lo SYSTEMCTL_RET=3; while (( $SYSTEMCTL_RET == 3 )); do systemctl is-active ndpid@lo.service; SYSTEMCTL_RET=$?; sleep 1; done - sudo systemctl status ndpisrvd.service ndpid@lo.service || true - sudo systemctl show ndpisrvd.service ndpid@lo.service -p SubState,ActiveState || true + sudo systemctl status ndpisrvd.service ndpid@lo.service + sudo systemctl show ndpisrvd.service ndpid@lo.service -p SubState,ActiveState + sudo dpkg -i ./build/nDPId-*.deb + sudo systemctl status ndpisrvd.service ndpid@lo.service + sudo systemctl show ndpisrvd.service ndpid@lo.service -p SubState,ActiveState + sudo systemctl stop ndpisrvd.service journalctl --no-tail --no-pager -u ndpisrvd.service -u ndpid@lo.service - name: Build PF_RING and nDPId (invoke CC directly - dynamic nDPI lib) if: endsWith(matrix.compiler, 'gcc-7') == false && startsWith(matrix.ndpi_build, '-DBUILD_NDPI=ON') && startsWith(matrix.coverage, '-DENABLE_COVERAGE=OFF') && startsWith(matrix.sanitizer, '-DENABLE_SANITIZER=ON') && startsWith(matrix.ndpid_gcrypt, '-DNDPI_WITH_GCRYPT=OFF') && startsWith(matrix.ndpid_zlib, '-DENABLE_ZLIB=ON') diff --git a/CMakeLists.txt b/CMakeLists.txt index 787e30037..79f538de9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -267,25 +267,27 @@ if(BUILD_EXAMPLES) pkg_check_modules(CURL REQUIRED libcurl) endif() endif() -if(NDPI_WITH_GCRYPT) - message(STATUS "nDPI: Enable GCRYPT") - set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-local-libgcrypt") -endif() -if(NDPI_WITH_PCRE) - message(STATUS "nDPI: Enable PCRE") - set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-pcre2") -endif() -if(NDPI_WITH_MAXMINDDB) - message(STATUS "nDPI: Enable MAXMINDDB") - set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-maxminddb") -endif() -if(ENABLE_COVERAGE) - message(STATUS "nDPI: Enable Coverage") - set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-code-coverage") -endif() -if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "") - message(STATUS "nDPI: Enable Debug Build") - set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-debug-build --enable-debug-messages") +if(BUILD_NDPI) + if(NDPI_WITH_GCRYPT) + message(STATUS "nDPI: Enable GCRYPT") + set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-local-libgcrypt") + endif() + if(NDPI_WITH_PCRE) + message(STATUS "nDPI: Enable PCRE") + set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-pcre2") + endif() + if(NDPI_WITH_MAXMINDDB) + message(STATUS "nDPI: Enable MAXMINDDB") + set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --with-maxminddb") + endif() + if(ENABLE_COVERAGE) + message(STATUS "nDPI: Enable Coverage") + set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-code-coverage") + endif() + if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "") + message(STATUS "nDPI: Enable Debug Build") + set(NDPI_ADDITIONAL_ARGS "${NDPI_ADDITIONAL_ARGS} --enable-debug-build --enable-debug-messages") + endif() endif() execute_process( diff --git a/examples/c-captured/c-captured.c b/examples/c-captured/c-captured.c index 98df7c4b8..0729d3f19 100644 --- a/examples/c-captured/c-captured.c +++ b/examples/c-captured/c-captured.c @@ -1355,10 +1355,14 @@ int main(int argc, char ** argv) return 1; } - if (capture_mode != 0 && chmod_chown(datadir, S_IRWXU | S_IRGRP | S_IXGRP, user, group) != 0) + if (capture_mode != 0) { - logger(1, "Could not chmod/chown `%s': %s", datadir, strerror(errno)); - return 1; + int ret = chmod_chown(datadir, S_IRWXU | S_IRGRP | S_IXGRP, user, group); + if (ret != 0) + { + logger(1, "Could not chmod/chown `%s': %s", datadir, strerror(ret)); + return 1; + } } errno = 0; diff --git a/examples/py-semantic-validation/py-semantic-validation.py b/examples/py-semantic-validation/py-semantic-validation.py index 9207c3b69..2345ab15c 100755 --- a/examples/py-semantic-validation/py-semantic-validation.py +++ b/examples/py-semantic-validation/py-semantic-validation.py @@ -86,8 +86,8 @@ def verifyFlows(nsock, instance): l4_proto = 'n/a' invalid_flows_str += '{} proto[{},{}] ts[{} + {} < {}] diff[{}], '.format(flow_id, l4_proto, flow.flow_idle_time, flow.flow_last_seen, flow.flow_idle_time, - instance.most_recent_flow_time, - instance.most_recent_flow_time - + instance.getMostRecentFlowTime(flow.thread_id), + instance.getMostRecentFlowTime(flow.thread_id) - (flow.flow_last_seen + flow.flow_idle_time)) raise SemanticValidationException(None, 'Flow Manager verification failed for: {}'.format(invalid_flows_str[:-2])) @@ -717,7 +717,10 @@ static uint64_t timer_sub(uint64_t a, uint64_t b) } #ifdef ENABLE_ZLIB -static int zlib_deflate(const void * const src, int srcLen, void * dst, int dstLen) +#define ZLIB_ERROR_COMPRESSED_SIZE (-7) +#define ZLIB_ERROR_SIZE (-8) +#define ZLIB_ERROR_ALLOCATION (-9) +static uLong zlib_deflate(void * const src, int srcLen, void * const dst, int dstLen) { z_stream strm = {0}; strm.total_in = strm.avail_in = srcLen; @@ -730,7 +733,7 @@ static int zlib_deflate(const void * const src, int srcLen, void * dst, int dstL strm.opaque = Z_NULL; int err = -1; - int ret = -1; + uLong ret = 0; err = deflateInit2(&strm, Z_BEST_COMPRESSION, Z_BINARY, 15, 9, Z_HUFFMAN_ONLY); if (err != Z_OK) @@ -763,7 +766,7 @@ static int zlib_deflate(const void * const src, int srcLen, void * dst, int dstL return ret; } -static int zlib_inflate(const void * src, int srcLen, void * dst, int dstLen) +static uLong zlib_inflate(void * const src, int srcLen, void * const dst, int dstLen) { z_stream strm = {0}; strm.total_in = strm.avail_in = srcLen; @@ -776,7 +779,7 @@ static int zlib_inflate(const void * src, int srcLen, void * dst, int dstLen) strm.opaque = Z_NULL; int err = -1; - int ret = -1; + uLong ret = 0; err = inflateInit2(&strm, (15 + 32)); // 15 window bits, and the +32 tells zlib to to detect if using gzip or zlib if (err == Z_OK) @@ -807,61 +810,61 @@ static int zlib_inflate(const void * src, int srcLen, void * dst, int dstLen) static int detection_data_deflate(struct nDPId_flow * const flow) { uint8_t tmpOut[sizeof(*flow->info.detection_data)]; - int ret; + uLong size; if (flow->info.detection_data_compressed_size > 0) { - return -7; + return ZLIB_ERROR_COMPRESSED_SIZE; } - ret = zlib_deflate(flow->info.detection_data, sizeof(*flow->info.detection_data), tmpOut, sizeof(tmpOut)); - if (ret <= 0) + size = zlib_deflate(flow->info.detection_data, sizeof(*flow->info.detection_data), tmpOut, sizeof(tmpOut)); + if (size == 0 || size > sizeof(*flow->info.detection_data)) { - return ret; + return ZLIB_ERROR_SIZE; } - struct nDPId_detection_data * const new_det_data = ndpi_malloc(ret); + struct nDPId_detection_data * const new_det_data = ndpi_malloc(size); if (new_det_data == NULL) { - return -8; + return ZLIB_ERROR_ALLOCATION; } ndpi_free(flow->info.detection_data); flow->info.detection_data = new_det_data; - memcpy(flow->info.detection_data, tmpOut, ret); - flow->info.detection_data_compressed_size = ret; + memcpy(flow->info.detection_data, tmpOut, size); + flow->info.detection_data_compressed_size = (uint16_t)size; - return ret; + return (int)size; } static int detection_data_inflate(struct nDPId_flow * const flow) { uint8_t tmpOut[sizeof(*flow->info.detection_data)]; - int ret; + uLong size; if (flow->info.detection_data_compressed_size == 0) { - return -7; + return ZLIB_ERROR_COMPRESSED_SIZE; } - ret = zlib_inflate(flow->info.detection_data, flow->info.detection_data_compressed_size, tmpOut, sizeof(tmpOut)); - if (ret <= 0) + size = zlib_inflate(flow->info.detection_data, flow->info.detection_data_compressed_size, tmpOut, sizeof(tmpOut)); + if (size == 0 || size > sizeof(*flow->info.detection_data)) { - return ret; + return ZLIB_ERROR_SIZE; } - struct nDPId_detection_data * const new_det_data = ndpi_malloc(ret); + struct nDPId_detection_data * const new_det_data = ndpi_malloc(size); if (new_det_data == NULL) { - return -8; + return ZLIB_ERROR_ALLOCATION; } ndpi_free(flow->info.detection_data); flow->info.detection_data = new_det_data; - memcpy(flow->info.detection_data, tmpOut, ret); + memcpy(flow->info.detection_data, tmpOut, size); flow->info.detection_data_compressed_size = 0; - return ret; + return (int)size; } static void ndpi_comp_scan_walker(void const * const A, ndpi_VISIT which, int depth, void * const user_data) @@ -900,8 +903,7 @@ static void ndpi_comp_scan_walker(void const * const A, ndpi_VISIT which, int de } int ret = detection_data_deflate(flow); - - if (ret <= 0) + if (ret < 0) { logger(1, "zLib compression failed for flow %llu with error code: %d", @@ -2058,7 +2060,7 @@ static void process_idle_flow(struct nDPId_reader_thread * const reader_thread, { workflow->current_compression_diff -= flow->info.detection_data_compressed_size; int ret = detection_data_inflate(flow); - if (ret <= 0) + if (ret < 0) { workflow->current_compression_diff += flow->info.detection_data_compressed_size; logger(1, "zLib decompression failed with error code: %d", ret); @@ -3053,7 +3055,7 @@ static void jsonize_flow_event(struct nDPId_reader_thread * const reader_thread, { workflow->current_compression_diff -= flow->info.detection_data_compressed_size; int ret = detection_data_inflate(flow); - if (ret <= 0) + if (ret < 0) { workflow->current_compression_diff += flow->info.detection_data_compressed_size; logger(1, "zLib decompression failed with error code: %d", ret); @@ -3489,7 +3491,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre { /* DLT header values can be stored as big or little endian. */ - uint32_t dlt_hdr = *((uint32_t *)&packet[eth_offset]); + uint32_t dlt_hdr = *((uint32_t const *)&packet[eth_offset]); if (dlt_hdr == 0x02000000 || dlt_hdr == 0x02) { @@ -3508,7 +3510,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre UNKNOWN_DATALINK_LAYER, "%s%u", "layer_type", - ntohl(*((uint32_t *)&packet[eth_offset]))); + ntohl(*((uint32_t const *)&packet[eth_offset]))); jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD); } return 1; @@ -3534,7 +3536,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre return 1; } - struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const)&packet[eth_offset]; + struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const *)&packet[eth_offset]; *ip_offset = sizeof(struct ndpi_chdlc); *layer3_type = ntohs(chdlc->proto_code); break; @@ -3559,14 +3561,14 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre if (packet[0] == 0x0f || packet[0] == 0x8f) { - struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const)&packet[eth_offset]; + struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const *)&packet[eth_offset]; *ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */ *layer3_type = ntohs(chdlc->proto_code); } else { *ip_offset = 2; - *layer3_type = ntohs(*((u_int16_t *)&packet[eth_offset])); + *layer3_type = ntohs(*(u_int16_t const *)&packet[eth_offset]); } break; case DLT_LINUX_SLL: @@ -3603,7 +3605,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre } struct ndpi_radiotap_header const * const radiotap = - (struct ndpi_radiotap_header const * const)&packet[eth_offset]; + (struct ndpi_radiotap_header const *)&packet[eth_offset]; uint16_t radio_len = radiotap->len; /* Check Bad FCS presence */ @@ -3635,7 +3637,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre /* Calculate 802.11 header length (variable) */ struct ndpi_wifi_header const * const wifi = - (struct ndpi_wifi_header const * const)(packet + eth_offset + radio_len); + (struct ndpi_wifi_header const *)(packet + eth_offset + radio_len); uint16_t fc = wifi->fc; int wifi_len = 0; @@ -3660,7 +3662,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre } struct ndpi_llc_header_snap const * const llc = - (struct ndpi_llc_header_snap const * const)(packet + eth_offset + wifi_len + radio_len); + (struct ndpi_llc_header_snap const *)(packet + eth_offset + wifi_len + radio_len); if (llc->dsap == SNAP) { *layer3_type = ntohs(llc->snap.proto_ID); @@ -3728,7 +3730,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre } return 1; } - ethernet = (struct ndpi_ethhdr *)&packet[eth_offset + 20]; + ethernet = (struct ndpi_ethhdr const *)&packet[eth_offset + 20]; *ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; *layer3_type = ntohs(ethernet->h_proto); } @@ -3752,8 +3754,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre } return 1; } - *vlan_id = ntohs(*(uint16_t *)&packet[*ip_offset]) & 0xFFF; - *layer3_type = ntohs(*(uint16_t *)&packet[*ip_offset + 2]); + *vlan_id = ntohs(*(uint16_t const *)&packet[*ip_offset]) & 0xFFF; + *layer3_type = ntohs(*(uint16_t const *)&packet[*ip_offset + 2]); *ip_offset += 4; } @@ -4456,7 +4458,7 @@ static void ndpi_process_packet(uint8_t * const args, { workflow->current_compression_diff -= flow_to_process->info.detection_data_compressed_size; int ret = detection_data_inflate(flow_to_process); - if (ret <= 0) + if (ret < 0) { workflow->current_compression_diff += flow_to_process->info.detection_data_compressed_size; logger(1, diff --git a/nDPIsrvd.c b/nDPIsrvd.c index 1e675ba5b..9e5614d27 100644 --- a/nDPIsrvd.c +++ b/nDPIsrvd.c @@ -1824,7 +1824,7 @@ int main(int argc, char ** argv) IS_CMDARG_SET(nDPIsrvd_options.collector_group) != 0 ? GET_CMDARG_STR(nDPIsrvd_options.collector_group) : GET_CMDARG_STR(nDPIsrvd_options.group), - strerror(errno)); + strerror(ret)); } else { @@ -1832,7 +1832,7 @@ int main(int argc, char ** argv) "Could not chmod/chown `%s' to user `%s': %s", GET_CMDARG_STR(nDPIsrvd_options.collector_un_sockpath), GET_CMDARG_STR(nDPIsrvd_options.user), - strerror(errno)); + strerror(ret)); } if (ret != -EPERM) { @@ -1857,7 +1857,7 @@ int main(int argc, char ** argv) IS_CMDARG_SET(nDPIsrvd_options.distributor_group) != 0 ? GET_CMDARG_STR(nDPIsrvd_options.distributor_group) : GET_CMDARG_STR(nDPIsrvd_options.group), - strerror(errno)); + strerror(ret)); } else { @@ -1865,7 +1865,7 @@ int main(int argc, char ** argv) "Could not chmod/chown `%s' to user `%s': %s", GET_CMDARG_STR(nDPIsrvd_options.distributor_un_sockpath), GET_CMDARG_STR(nDPIsrvd_options.user), - strerror(errno)); + strerror(ret)); } if (ret != -EPERM) { diff --git a/packages/debian/postrm b/packages/debian/postrm index 0699f2a47..4d2d8c5c0 100755 --- a/packages/debian/postrm +++ b/packages/debian/postrm @@ -1,6 +1,11 @@ #!/bin/sh -rm -rf /run/nDPId /run/nDPIsrvd -deluser ndpid || true -deluser ndpisrvd || true -delgroup ndpisrvd-distributor || true +if [ "$1" = "remove" -o "$1" = "purge" ]; then + rm -rf /run/nDPId /run/nDPIsrvd + + if [ "$1" = "purge" ]; then + deluser ndpid || true + deluser ndpisrvd || true + delgroup ndpisrvd-distributor || true + fi +fi diff --git a/packages/debian/preinst b/packages/debian/preinst index e60ef3af3..711924022 100755 --- a/packages/debian/preinst +++ b/packages/debian/preinst @@ -5,12 +5,13 @@ adduser --system --no-create-home --shell=/bin/false --group ndpisrvd adduser --system --no-create-home --shell=/bin/false --group ndpid cat <<EOF -********************************************************************************** -* The that may want to access DPI data needs access to /run/nDPIsrvd/distributor * -* * -* To make it accessible to a user, type: * -* sudo usermod --append --groups ndpisrvd-distributor [USER] * -* * -* Please not that you might need to re-login to make changes take effect. * -********************************************************************************** +**************************************************************************** +* The user whom may want to access DPI data needs access to: * +* /run/nDPIsrvd/distributor * +* * +* To make it accessible to [USER], type: * +* sudo usermod --append --groups ndpisrvd-distributor [USER] * +* * +* Please note that you might need to re-login to make changes take effect. * +**************************************************************************** EOF diff --git a/packages/debian/prerm b/packages/debian/prerm index 6942225bd..ed637e29c 100755 --- a/packages/debian/prerm +++ b/packages/debian/prerm @@ -1,3 +1,5 @@ #!/bin/sh -systemctl stop ndpisrvd.service +if [ "$1" = "remove" -o "$1" = "purge" ]; then + systemctl stop ndpisrvd.service +fi @@ -400,7 +400,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c { if (chmod(path, mode) != 0) { - return -errno; + return errno; } } @@ -415,7 +415,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c retval = getpwnam_r(user, &pwd, buf, sizeof(buf), &result); if (result == NULL) { - return (retval != 0 ? -retval : -ENOENT); + return (retval != 0 ? retval : ENOENT); } path_uid = pwd.pw_uid; path_gid = pwd.pw_gid; @@ -432,7 +432,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c retval = getgrnam_r(group, &grp, buf, sizeof(buf), &result); if (result == NULL) { - return (retval != 0 ? -retval : -ENOENT); + return (retval != 0 ? retval : ENOENT); } path_gid = grp.gr_gid; } @@ -441,7 +441,7 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c { if (chown(path, path_uid, path_gid) != 0) { - return -errno; + return errno; } } |