From 7f160ac1511e7ee16317107d3ea7e635d359f7cb Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Tue, 3 Dec 2024 11:10:30 +0100 Subject: [PATCH] cleanup: refuse `EF_LARGE_PAYLOAD` events Signed-off-by: Andrea Terzolo --- .../test_suites/engines/savefile/converter.cpp | 13 +++++++++++++ .../libscap/engine/savefile/converter/converter.cpp | 13 +++++++++++++ 2 files changed, 26 insertions(+) diff --git a/test/libscap/test_suites/engines/savefile/converter.cpp b/test/libscap/test_suites/engines/savefile/converter.cpp index e38c4ee6d1..8a0d822988 100644 --- a/test/libscap/test_suites/engines/savefile/converter.cpp +++ b/test/libscap/test_suites/engines/savefile/converter.cpp @@ -13,6 +13,19 @@ limitations under the License. */ #include "convert_event_test.h" +TEST_F(convert_event_test, conversion_not_needed) { + uint64_t ts = 12; + int64_t tid = 25; + const char data[] = "hello world"; + + auto evt = create_safe_scap_event(ts, + tid, + PPME_CONTAINER_JSON_2_E, + 1, + scap_const_sized_buffer{&data, strlen(data) + 1}); + assert_single_conversion_failure(evt); +} + //////////////////////////// // READ //////////////////////////// diff --git a/userspace/libscap/engine/savefile/converter/converter.cpp b/userspace/libscap/engine/savefile/converter/converter.cpp index e0fdacc5ca..a0c8195df4 100644 --- a/userspace/libscap/engine/savefile/converter/converter.cpp +++ b/userspace/libscap/engine/savefile/converter/converter.cpp @@ -253,6 +253,10 @@ static uint16_t copy_old_params(scap_evt *new_evt, scap_evt *evt_to_convert) { return new_evt_offset + size_to_copy; } +static bool is_large_payload(scap_evt *evt_to_convert) { + return g_event_info[evt_to_convert->type].flags & EF_LARGE_PAYLOAD; +} + extern "C" bool is_conversion_needed(scap_evt *evt_to_convert) { assert(evt_to_convert->type < PPM_EVENT_MAX); const struct ppm_event_info *event_info = &(g_event_info[evt_to_convert->type]); @@ -297,6 +301,15 @@ static conversion_result convert_event(scap_evt *new_evt, scap_evt *evt_to_convert, const conversion_info &ci, char *error) { + // todo!: add the support for large payload events if we need to handle at least one of them. + if(is_large_payload(evt_to_convert)) { + snprintf(error, + SCAP_LASTERR_SIZE, + "The event '%d' has a large payload. We don't support it yet.", + evt_to_convert->type); + return CONVERSION_ERROR; + } + ///////////////////////////// // Dispatch the action /////////////////////////////