lucaspalomodevelop/opnsense-core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/opnsense-core.git synced 2026-03-13 00:07:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Insight, catch struct.unpack errors instead od rashing out when flow record doesn't match standards. closes https://github.com/opnsense/core/issues/3715

Browse Source
This commit is contained in:
Ad Schellevis 2019-09-23 18:07:41 +02:00
parent 245486bc87
commit 01d8fb296e
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/opnsense/scripts/netflow/lib/flowparser.py
View File

@ -27,6 +27,7 @@
flowd log parser
"""
import struct
import syslog
from socket import inet_ntop, AF_INET, AF_INET6, ntohl
@ -113,11 +114,15 @@ class FlowParser:
raw_record[fieldname] = raw_data[raw_data_idx:raw_data_idx + fsize]
else:
fsize = self.calculate_size(self.field_definition[fieldname])
content = struct.unpack(
self.field_definition[fieldname],
raw_data[raw_data_idx:raw_data_idx + fsize]
)
raw_record[fieldname] = content[0] if len(content) == 1 else content
try:
content = struct.unpack(
self.field_definition[fieldname],
raw_data[raw_data_idx:raw_data_idx + fsize]
)
raw_record[fieldname] = content[0] if len(content) == 1 else content
except struct.error as e:
# the flowd record doesn't appear to be as expected, log for now.
syslog.syslog(syslog.LOG_NOTICE, "flowparser failed to unpack %s (%s)" % (fieldname, e))
raw_data_idx += fsize
return raw_record