From 0014a37998d3f516be5db3aabeff4166544af5f7 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 17 Dec 2012 15:10:55 +0100
Subject: bugfix[kind of]: omudpspoof discarded messages >1472 bytes (MTU size)

it now truncates these message, but ensures they are sent. Note that
7.2.5+ will switch to fragmented UDP messages instead (up to 64K)
---
 ChangeLog                       | 3 +++
 plugins/omudpspoof/omudpspoof.c | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 938e8793..418a4974 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,9 @@ Version 5.10.2  [V5-STABLE], 201?-??-??
   Thanks to Marius Tomaschewski for the bug report and the patch idea.
 - bugfix: invalid DST handling under Solaris
   Thanks to Scott Severtson for the patch.
+- bugfix[kind of]: omudpspoof discarded messages >1472 bytes (MTU size)
+  it now truncates these message, but ensures they are sent. Note that
+  7.2.5+ will switch to fragmented UDP messages instead (up to 64K)
 ---------------------------------------------------------------------------
 Version 5.10.1  [V5-STABLE], 2012-10-17
 - bugfix: imuxsock and imklog truncated head of received message
diff --git a/plugins/omudpspoof/omudpspoof.c b/plugins/omudpspoof/omudpspoof.c
index c83cc540..43cfe287 100644
--- a/plugins/omudpspoof/omudpspoof.c
+++ b/plugins/omudpspoof/omudpspoof.c
@@ -201,6 +201,12 @@ UDPSend(instanceData *pData, uchar *pszSourcename, char *msg, size_t len)
 		CHKiRet(doTryResume(pData));
 	}
 
+	if(len > 1472) {
+		DBGPRINTF("omudpspoof: msg with length %d truncated to 1472 bytes: '%.768s'\n",
+			  len, msg);
+		len = 1472;
+	}
+
 	ip = ipo = udp = 0;
 	if(pData->sourcePort++ >= pData->sourcePortEnd){
 		pData->sourcePort = pData->sourcePortStart;
@@ -249,7 +255,7 @@ UDPSend(instanceData *pData, uchar *pszSourcename, char *msg, size_t len)
 		/* Write it to the wire. */
 		lsent = libnet_write(libnet_handle);
 		if (lsent == -1) {
-			DBGPRINTF("Write error: %s\n", libnet_geterror(libnet_handle));
+			DBGPRINTF("omudpspoof: write error: %s\n", libnet_geterror(libnet_handle));
 		} else {
 			bSendSuccess = RSTRUE;
 			break;
-- 
cgit v1.2.3


From db01eab26b163362652afa7931762de1aafb4c32 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 18 Dec 2012 12:33:36 +0100
Subject: cosmetic: silence compiler warning

---
 grammar/rainerscript.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 6b21bc9a..c5f2148e 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1250,6 +1250,10 @@ evalStrArrayCmp(es_str_t *estr_l, struct cnfarray* ar, int cmpop)
 		} else if(expr->r->nodetype != 'A') { \
 			cnfexprEval(expr->r, &r, usrptr); \
 			estr_r = var2String(&r, &bMustFree); \
+		} else { \
+			/* Note: this is not really necessary, but if we do not */ \
+			/* do it, we get a very irritating compiler warning... */ \
+			estr_r = NULL; \
 		}
 
 #define FREE_TWO_STRINGS \
-- 
cgit v1.2.3


From cac0a1efdc9ce79b4503431d07075b932a6dcdb2 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 20 Dec 2012 14:05:03 +0100
Subject: bugfix: on termination, actions were incorrectly called

The problem was that incomplete fiter evaluation was done *during the
shutdown phase*. This affected only the LAST batches being processed. No
problem existed during the regular run. Could usually only happen on
very busy systems, which were still busy during shutdown.
---
 ChangeLog         |  5 +++++
 runtime/ruleset.c | 25 ++++++++++++++++++-------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a4f53ce2..9bf2102f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@ Version 7.2.5  [v7-stable] 2013-01-??
   due to missing libmath. Thanks to Michael Biebl for the fix
 - bugfix: invalid DST handling under Solaris
   Thanks to Scott Severtson for the patch.
+- bugfix: on termination, actions were incorrectly called
+  The problem was that incomplete fiter evaluation was done *during the
+  shutdown phase*. This affected only the LAST batches being processed. No
+  problem existed during the regular run. Could usually only happen on
+  very busy systems, which were still busy during shutdown.
 ----------------------------------------------------------------------------
 Version 7.2.4  [v7-stable] 2012-12-07
 - enhance: permit RFC3339 timestamp in local log socket messages
diff --git a/runtime/ruleset.c b/runtime/ruleset.c
index 3459f545..b74f8ec8 100644
--- a/runtime/ruleset.c
+++ b/runtime/ruleset.c
@@ -299,7 +299,9 @@ execIf(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 	sbool bRet;
 	DEFiRet;
 	newAct = newActive(pBatch);
-	for(i = 0 ; i < batchNumMsgs(pBatch) && !*(pBatch->pbShutdownImmediate) ; ++i) {
+	for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
+		if(*(pBatch->pbShutdownImmediate))
+			FINALIZE;
 		if(pBatch->pElem[i].state == BATCH_STATE_DISC)
 			continue; /* will be ignored in any case */
 		if(active == NULL || active[i]) {
@@ -315,13 +317,16 @@ execIf(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 		scriptExec(stmt->d.s_if.t_then, pBatch, newAct);
 	}
 	if(stmt->d.s_if.t_else != NULL) {
-		for(i = 0 ; i < batchNumMsgs(pBatch) && !*(pBatch->pbShutdownImmediate)
-		    ; ++i)
+		for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
+			if(*(pBatch->pbShutdownImmediate))
+				FINALIZE;
 			if(pBatch->pElem[i].state != BATCH_STATE_DISC)
 				newAct[i] = !newAct[i];
+			}
 		scriptExec(stmt->d.s_if.t_else, pBatch, newAct);
 	}
 	freeActive(newAct);
+finalize_it:
 	RETiRet;
 }
 
@@ -334,7 +339,9 @@ execPRIFILT(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 	int bRet;
 	int i;
 	newAct = newActive(pBatch);
-	for(i = 0 ; i < batchNumMsgs(pBatch) && !*(pBatch->pbShutdownImmediate) ; ++i) {
+	for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
+		if(*(pBatch->pbShutdownImmediate))
+			return;
 		if(pBatch->pElem[i].state == BATCH_STATE_DISC)
 			continue; /* will be ignored in any case */
 		pMsg = (msg_t*)(pBatch->pElem[i].pUsrp);
@@ -355,10 +362,12 @@ execPRIFILT(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 		scriptExec(stmt->d.s_prifilt.t_then, pBatch, newAct);
 	}
 	if(stmt->d.s_prifilt.t_else != NULL) {
-		for(i = 0 ; i < batchNumMsgs(pBatch) && !*(pBatch->pbShutdownImmediate)
-		    ; ++i)
+		for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
+			if(*(pBatch->pbShutdownImmediate))
+				return;
 			if(pBatch->pElem[i].state != BATCH_STATE_DISC)
 				newAct[i] = !newAct[i];
+			}
 		scriptExec(stmt->d.s_prifilt.t_else, pBatch, newAct);
 	}
 	freeActive(newAct);
@@ -461,7 +470,9 @@ execPROPFILT(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 	sbool bRet;
 	int i;
 	thenAct = newActive(pBatch);
-	for(i = 0 ; i < batchNumMsgs(pBatch) && !*(pBatch->pbShutdownImmediate) ; ++i) {
+	for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
+		if(*(pBatch->pbShutdownImmediate))
+			return;
 		if(pBatch->pElem[i].state == BATCH_STATE_DISC)
 			continue; /* will be ignored in any case */
 		if(active == NULL || active[i]) {
-- 
cgit v1.2.3