ravahn / machina Goto Github PK

I have observed this behavior on my machine.

machina will infinite loop, consuming excessive cpu resources and ballooning memory over time as the NetworkBufferFactory is no longer being dequeue'd from.

When debugged I can observe the following packet data causing the issue:

45 00 00 00 00 00 40 00 80 06 00 00 0a 01 32 40 0a 00 32 68 10 a2 01 bd a3 75 84 3a 54 70 42 31 50 10 60 dc 78 af 00 00 ca d7

(I have trimmed the remainder of the payload for brevity)

If you prepend a fake ethernet header and decode it on https://hpd.gasmi.net/ you can see the issue.

01 00 0C CC CC CD 00 50 3E B4 E4 66 08 00 45 00 00 00 00 00 40 00 80 06 00 00 0A 01 32 40 0A 00 32 68 10 A2 01 BD A3 75 84 3A 54 70 42 31 50 10 60 DC 78 AF 00 00 CA D7

This is valid netbios traffic that happens to have an IPv4 header containing 0 length and 0 ID, so the following happens:

packetLength remains 0

offset is unchanged

the loop repeats on the same packet

I propose the check for ip4Header.Id != 0 in the segment offload workaround be removed or an additional failsafe check similar to the following be added:

if (packetLength == 0) break;

Will pick up the ip from an interface which is down then cause a null pointer ex at:

Hi, I'm notice that the Server_MessageHeader.Unknown1 is ignore when convert form deucalion packet, which always be 0x0000.

According to packet strucure, this field is segment type, which should be set to SEGMENTTYPE_IPC(3) or other values.

Some packet parser will check this field to avoid parse error, this behavior will cause those parser stop working.

The .snk file for signing is missing in the repo because it was added as part of the git ignore so if you try to clone a new instance and build it will fail. You can just remove the signing for the projects but just FYI. Not sure if you wanted to include them or not so didn't do a pr.

Hello,
I have few issues/question with the TCP stream reassembly function:
Do OnDataSent and OnDataReceived methods of TCPNetworkMonitor return the reassembled data only? Or do they return data of all captured packets + reassembled data?
Because from my test, I did receive the reassembled data, however I still get all the fragments as well. As I’ve seen in the IPDecoder class (and if I understand correctly), it should only return the payload once it see the last fragment, then pass it to TCPDecoder for reassembly. Then return the final result in OnDataSent/OnDataReceived.

I would be very appreciate if you can help me clear things out. I’m looking forward to your reply.
Thank you for your work also. This is a great library.

If I set the UseSocketFilter property of an FFXIVNetworkMonitor to true, the callback for MessageSent never triggers. I'm using raw sockets, not winpcap.

I've ensured that the app is allowed through the firewall and there are no errors in the trace log. At a deeper level, it looks like ProcessSentMessage is never called because no packets are ever returned for the sent side of the connection. Is this a limitation of UseSocketFilter or is there further configuration I need to do?

I can replicate this using ACT and Teamcraft, but this happens for any process. I included two test programs that can be used to replicate this behaviour.

When using Machina in RawSocket mode, if the process being listened to opens a TCP listener and listens for incoming connections, Machina will stop reporting any data at all.

using Machina;
using System;
using System.Linq;

namespace TestMachinaPacketListener {
    class Program {
        static void Main(string[] args) {
            TCPNetworkMonitor monitor = new TCPNetworkMonitor();
            monitor.ProcessID = uint.Parse(args[0]);
            // change this to WinPCap and it will work as expected
            monitor.MonitorType = TCPNetworkMonitor.NetworkMonitorType.RawSocket;
            monitor.DataReceived = (string connection, byte[] data) => DataReceived(connection, data);
            monitor.Start();
            Console.ReadLine();
            monitor.Stop();
        }

        private static void DataReceived(string conn, byte[] data) {
            Console.WriteLine(conn);
            Console.WriteLine(string.Join("", data.Select(b => b.ToString("x2"))));
            Console.WriteLine();
        }
    }
}

using System;
using System.Diagnostics;
using System.Net;
using System.Net.Http;
using System.Net.Sockets;
using System.Threading.Tasks;

namespace PeriodicDownloader {
    class Program {
        static void Main(string[] args) {
            Console.WriteLine(Process.GetCurrentProcess().Id);

            using var client = new HttpClient();
            Task.Run(async () => {
                while (true) {
                    string data = await client.GetStringAsync("https://duckduckgo.com/");
                    Console.WriteLine(data.Substring(0, 20));
                    await Task.Delay(1_000);
                }
            });

            Console.ReadLine();

            var listener = new TcpListener(IPAddress.Parse("0.0.0.0"), 12345);
            listener.Start();

            Task.Run(async () => {
                await listener.AcceptTcpClientAsync();
            });

            Console.ReadLine();
        }
    }
}

Run the periodic downloader and it will output its PID. Run the other program with the PID as the first argument. You will see it reports the download every second. Press enter to start the listener in the downloader and the other program will become silent.