cppcheck & fix puny dns entries missing from all list sometimes (arki…

…me#2820)

CHANGELOG

@@ -32,6 +32,8 @@ NOTICE: Cross-cluster Shortcuts require you to not restart all your viewers at o
 NOTICE: Create a parliament config file before upgrading (see https://arkime.com/settings#parliament and https://arkime.com/faq#how_do_i_upgrade_to_arkime_5)
 
 5.2.1 2024/06/xx
+## Capture
+  - #2820 fix puny dns entries missing from all list sometimes
 ## Viewer
   - #2817 new maxSessionsQueried setting, default 2MM
   - #2819 hide noFacet fields from being columns

capture/arkime.h

@@ -936,8 +936,8 @@ struct arkimedrophashgroup_t {
 
 void arkime_drophash_init(ArkimeDropHashGroup_t *group, const char *file, int keyLen);
 int arkime_drophash_add (ArkimeDropHashGroup_t *group, int port, const void *key, uint32_t current, uint32_t goodFor);
-int arkime_drophash_should_drop (ArkimeDropHashGroup_t *group, int port, void *key, uint32_t current);
-void arkime_drophash_delete (ArkimeDropHashGroup_t *group, int port, void *key);
+int arkime_drophash_should_drop (ArkimeDropHashGroup_t *group, int port, const void *key, uint32_t current);
+void arkime_drophash_delete (ArkimeDropHashGroup_t *group, int port, const void *key);
 void arkime_drophash_save(ArkimeDropHashGroup_t *group);
 
 /******************************************************************************/

capture/db.c

@@ -462,9 +462,9 @@ gchar *arkime_db_community_id_icmp(ArkimeSession_t *session)
     port2 = session->icmpInfo[1];
 
     if (ARKIME_SESSION_v6(session)) {
-        static uint8_t port2Mapping[19] = {129, 128, 131, 130, 255, 134, 133, 136, 135, 255,
-                                           255, 140, 139, 255, 255, 255, 145, 145, 255
-                                          };
+        static const uint8_t port2Mapping[19] = {129, 128, 131, 130, 255, 134, 133, 136, 135, 255,
+                                                 255, 140, 139, 255, 255, 255, 145, 145, 255
+                                                };
 
         if (port1 >= 128 && port1 <= 145 && port2Mapping[port1 - 128] != 255) {
             port2 = port2Mapping[port1 - 128];
@@ -491,9 +491,9 @@ gchar *arkime_db_community_id_icmp(ArkimeSession_t *session)
             g_checksum_update(checksum, (guchar *)&port1, 2);
         }
     } else {
-        static uint8_t port2Mapping[19] = {8, 255, 255, 255, 255, 255, 255, 255, 0, 10,
-                                           9, 255, 255, 14, 13, 16, 15, 18, 17
-                                          };
+        static const uint8_t port2Mapping[19] = {8, 255, 255, 255, 255, 255, 255, 255, 0, 10,
+                                                 9, 255, 255, 14, 13, 16, 15, 18, 17
+                                                };
 
         if (port1 < 19 && port2Mapping[port1] != 255) {
             port2 = port2Mapping[port1];
@@ -1984,8 +1984,8 @@ LOCAL void arkime_db_mkpath(char *path)
  */
 char *arkime_db_create_file_full(time_t firstPacket, const char *name, uint64_t size, int locked, uint32_t *id, ...)
 {
-    static GRegex     *numRegex;
-    static GRegex     *numHexRegex;
+    static const GRegex *numRegex;
+    static const GRegex *numHexRegex;
     char               key[200];
     int                key_len;
     uint32_t           num;

capture/drophash.c

@@ -116,7 +116,7 @@ int arkime_drophash_add (ArkimeDropHashGroup_t *group, int port, const void *key
 }
 
 /******************************************************************************/
-int arkime_drophash_should_drop (ArkimeDropHashGroup_t *group, int port, void *key, uint32_t current)
+int arkime_drophash_should_drop (ArkimeDropHashGroup_t *group, int port, const void *key, uint32_t current)
 {
     const ArkimeDropHash_t *hash = group->drops[port];
 
@@ -156,7 +156,7 @@ void arkime_drophash_free(void *ptr)
     ARKIME_TYPE_FREE(ArkimeDropHashItem_t, ptr);
 }
 /******************************************************************************/
-void arkime_drophash_delete (ArkimeDropHashGroup_t *group, int port, void *key)
+void arkime_drophash_delete (ArkimeDropHashGroup_t *group, int port, const void *key)
 {
     ArkimeDropHash_t *hash = group->drops[port];
 

capture/main.c

@@ -354,41 +354,47 @@ void arkime_check_file_permissions(const char *filename)
 
     if (strlen (filename) >= PATH_MAX) {
         // filename bigger than path buffer, skip check
-    } else if ((config.dropUser == NULL) && (config.dropGroup == NULL)) {
+        return;
+    }
+
+    if ((config.dropUser == NULL) && (config.dropGroup == NULL)) {
         // drop.User,Group not defined -- skip check
-    } else if (strncmp (filename, "/", 1) != 0) {
+        return;
+    }
+    if (strncmp (filename, "/", 1) != 0) {
         LOG("WARNING using a relative path may make pcap inaccessible to viewer");
-    } else {
-        path[0] = 0;
-
-        // process copy of filename given strtok_r changes arg
-        g_strlcpy (tmpFilename, filename, sizeof(tmpFilename));
-
-        token = strtok_r (tmpFilename, "/", &save_ptr);
-
-        while (token != NULL) {
-            g_strlcat (path, "/", sizeof(path));
-            g_strlcat (path, token, sizeof(path));
-
-            if (stat(path, &stats) != -1) {
-                gr = getgrgid (stats.st_gid);
-                pw = getpwuid (stats.st_uid);
-
-                if (stats.st_mode & S_IROTH) {
-                    // world readable
-                } else if ((stats.st_mode & S_IRGRP) && config.dropGroup && (strcmp (config.dropGroup, gr->gr_name) == 0)) {
-                    // group readable and dropGroup matches file group
-                    // TODO compare group id values as opposed to group name
-                } else if ((stats.st_mode & S_IRUSR) && config.dropUser && (strcmp (config.dropUser, pw->pw_name) == 0)) {
-                    // user readable and dropUser matches file user
-                    // TODO compare user id values as opposed to user name
-                } else
-                    LOG("WARNING -- permission issues with %s might make pcap inaccessible to viewer", path);
+        return;
+    }
+
+    path[0] = 0;
+
+    // process copy of filename given strtok_r changes arg
+    g_strlcpy (tmpFilename, filename, sizeof(tmpFilename));
+
+    token = strtok_r (tmpFilename, "/", &save_ptr);
+
+    while (token != NULL) {
+        g_strlcat (path, "/", sizeof(path));
+        g_strlcat (path, token, sizeof(path));
+
+        if (stat(path, &stats) != -1) {
+            gr = getgrgid (stats.st_gid);
+            pw = getpwuid (stats.st_uid);
+
+            if (stats.st_mode & S_IROTH) {
+                // world readable
+            } else if ((stats.st_mode & S_IRGRP) && config.dropGroup && (strcmp (config.dropGroup, gr->gr_name) == 0)) {
+                // group readable and dropGroup matches file group
+                // TODO compare group id values as opposed to group name
+            } else if ((stats.st_mode & S_IRUSR) && config.dropUser && (strcmp (config.dropUser, pw->pw_name) == 0)) {
+                // user readable and dropUser matches file user
+                // TODO compare user id values as opposed to user name
             } else
-                LOG("WARNING -- Can't stat %s.  Pcap might not be accessible to viewer", path);
+                LOG("WARNING -- permission issues with %s might make pcap inaccessible to viewer", path);
+        } else
+            LOG("WARNING -- Can't stat %s.  Pcap might not be accessible to viewer", path);
 
-            token = strtok_r (NULL, "/", &save_ptr);
-        }
+        token = strtok_r (NULL, "/", &save_ptr);
     }
 }
 /******************************************************************************/

capture/packet.c

@@ -710,7 +710,7 @@ SUPPRESS_ALIGNMENT
 LOCAL ArkimePacketRC arkime_packet_ip4(ArkimePacketBatch_t *batch, ArkimePacket_t *const packet, const uint8_t *data, int len)
 {
     struct ip           *ip4 = (struct ip *)data;
-    struct tcphdr       *tcphdr = 0;
+    const struct tcphdr *tcphdr = 0;
     const struct udphdr *udphdr = 0;
     uint8_t              sessionId[ARKIME_SESSIONID_LEN];
 
@@ -861,10 +861,10 @@ LOCAL ArkimePacketRC arkime_packet_ip4(ArkimePacketBatch_t *batch, ArkimePacket_
 SUPPRESS_ALIGNMENT
 LOCAL ArkimePacketRC arkime_packet_ip6(ArkimePacketBatch_t *batch, ArkimePacket_t *const packet, const uint8_t *data, int len)
 {
-    struct ip6_hdr      *ip6 = (struct ip6_hdr *)data;
-    struct tcphdr       *tcphdr = 0;
-    struct udphdr       *udphdr = 0;
-    uint8_t              sessionId[ARKIME_SESSIONID_LEN];
+    const struct ip6_hdr *ip6 = (struct ip6_hdr *)data;
+    const struct tcphdr  *tcphdr = 0;
+    const struct udphdr  *udphdr = 0;
+    uint8_t               sessionId[ARKIME_SESSIONID_LEN];
 
 #ifdef DEBUG_PACKET
     LOG("enter %p %p %d", packet, data, len);

capture/parsers/certs.c

@@ -25,7 +25,6 @@ typedef struct {
     ArkimeStringHead_t  commonName; // 2.5.4.3
     ArkimeStringHead_t  orgName;    // 2.5.4.10
     ArkimeStringHead_t  orgUnit;    // 2.5.4.11
-    char                orgUtf8;
 } ArkimeCertInfo_t;
 
 typedef struct arkime_certsinfo {

capture/parsers/dns.c

@@ -358,7 +358,7 @@ LOCAL DNSSVCBRData_t *dns_parser_rr_svcb(const uint8_t *data, int length)
             BSB absb;
             BSB_INIT(absb, ptr, len);
             while (BSB_REMAINING(absb) > 3 && !BSB_IS_ERROR(absb)) {
-                uint8_t *aptr = NULL;
+                const uint8_t *aptr = NULL;
                 BSB_IMPORT_ptr(absb, aptr, 4);
 
                 if (aptr) {
@@ -459,11 +459,11 @@ LOCAL int dns_add_host(ArkimeSession_t *session, DNS_t *dns, ArkimeStringHashStd
     if (arkime_memstr((const char *)string, len, "xn--", 4)) {
         HASH_FIND_HASH(s_, *(dns->punyHosts), arkime_string_hash_len(host, hostlen), string, hstring);
         if (!hstring) {
-            ArkimeString_t *string = ARKIME_TYPE_ALLOC0(ArkimeString_t);
-            string->str = (char *)g_ascii_strdown((gchar *)string, len);
-            string->len = len;
-            HASH_ADD(s_, *(dns->punyHosts), string->str, string);
-            ARKIME_RULES_RUN_FIELD_SET(session, dnsPunyField, string->str);
+            hstring = ARKIME_TYPE_ALLOC0(ArkimeString_t);
+            hstring->str = (char *)g_ascii_strdown((gchar *)string, len);
+            hstring->len = len;
+            HASH_ADD(s_, *(dns->punyHosts), hstring->str, hstring);
+            ARKIME_RULES_RUN_FIELD_SET(session, dnsPunyField, hstring->str);
         }
     }
     return 0;
@@ -1523,7 +1523,7 @@ uint32_t dns_hash(const void *keyv)
     DNS_t *key      = (DNS_t *)keyv;
 
     uint32_t hostname_hash = FNV_OFFSET;
-    uint8_t *s = (uint8_t *) key->query.hostname;
+    const uint8_t *s = (uint8_t *) key->query.hostname;
 
     while (*s) {
         hostname_hash ^= (uint32_t) * s++; // NOTE: make this toupper(*s) or tolower(*s) if you want case-insensitive hashes

capture/parsers/krb5.c

@@ -37,15 +37,15 @@ LOCAL void krb5_parse_principal_name(ArkimeSession_t *session, int field, const
     num = arkime_parsers_asn_get_sequence(seq, 2, seq[1].value, seq[1].len, TRUE);
 
     int len0, len1;
-    const char *value0, *value1;
+    const char *value0;
     if (num == 1) {
         value0 = arkime_parsers_asn_sequence_to_string(&seq[0], &len0);
         if (value0 && len0 > 0)
             arkime_field_string_add(field, session, value0, len0, TRUE);
     } else if (num == 2) {
         char str[255];
         value0 = arkime_parsers_asn_sequence_to_string(&seq[0], &len0);
-        value1 = arkime_parsers_asn_sequence_to_string(&seq[1], &len1);
+        const char *value1 = arkime_parsers_asn_sequence_to_string(&seq[1], &len1);
         snprintf(str, 255, "%.*s/%.*s", len0, value0, len1, value1);
         arkime_field_string_add(field, session, str, len0 + 1 + len1, TRUE);
     }

capture/plugins/wise.c

@@ -200,7 +200,7 @@ LOCAL void wise_load_fields()
     for (int i = 0; i < cnt; i++) {
         int len = 0;
         BSB_IMPORT_u16(bsb, len); // len includes NULL terminated
-        char *str = (char *)BSB_WORK_PTR(bsb);
+        const char *str = (char *)BSB_WORK_PTR(bsb);
         fieldsMap[0][i] = arkime_field_define_text(str, NULL);
         if (fieldsMap[0][i] == -1) {
             fieldsTS = 0;
@@ -313,7 +313,7 @@ LOCAL void wise_cb(int UNUSED(code), uint8_t *data, int data_len, gpointer uw)
         for (i = 0; i < cnt; i++) {
             int len = 0;
             BSB_IMPORT_u16(bsb, len); // len includes NULL terminated
-            char *str = (char *)BSB_WORK_PTR(bsb);
+            const char *str = (char *)BSB_WORK_PTR(bsb);
             fieldsMap[hashPos][i] = arkime_field_define_text(str, NULL);
             if (fieldsMap[hashPos][i] == -1) {
                 fieldsTS = 0;

capture/plugins/writer-s3.c

@@ -117,7 +117,7 @@ LOCAL uint32_t s3CompressionBlockSize;
 #define COMPRESSED_WITHIN_BLOCK_BITS  20
 
 
-void writer_s3_request(char *method, char *path, char *qs, uint8_t *data, int len, gboolean specifyStorageClass, ArkimeHttpResponse_cb cb, gpointer uw);
+void writer_s3_request(const char *method, const char *path, const char *qs, const uint8_t *data, int len, gboolean specifyStorageClass, ArkimeHttpResponse_cb cb, gpointer uw);
 /******************************************************************************/
 uint32_t writer_s3_queue_length()
 {
@@ -226,7 +226,7 @@ void writer_s3_part_cb (int code, uint8_t *data, int len, gpointer uw)
 
 }
 /******************************************************************************/
-uint8_t *arkime_get_instance_metadata(void *serverV, char *key, int key_len, size_t *mlen)
+uint8_t *arkime_get_instance_metadata(void *serverV, const char *key, int key_len, size_t *mlen)
 {
     char *requestHeaders[2];
     char  tokenHeader[200];
@@ -356,7 +356,7 @@ void writer_s3_header_cb (char *url, const char *field, const char *value, int v
         LOG("Part-Etag: %s %d", file->outputFileName, pn);
 }
 /******************************************************************************/
-void writer_s3_request(char *method, char *path, char *qs, uint8_t *data, int len, gboolean specifyStorageClass, ArkimeHttpResponse_cb cb, gpointer uw)
+void writer_s3_request(const char *method, const char *path, const char *qs, const uint8_t *data, int len, gboolean specifyStorageClass, ArkimeHttpResponse_cb cb, gpointer uw)
 {
     char           canonicalRequest[20000];
     char           datetime[17];

capture/rules.c

@@ -503,7 +503,7 @@ LOCAL void arkime_rules_parser_load_add_field_not(const char *filename, ArkimeRu
             g_hash_table_add(rule->hashNOT[pos], g_strdup(node->value));
         } else {
             for (int j = 0; j < (int)node->values->len; j++) {
-                YamlNode_t *fnode = g_ptr_array_index(node->values, j);
+                const YamlNode_t *fnode = g_ptr_array_index(node->values, j);
                 g_hash_table_add(rule->hashNOT[pos], g_strdup(fnode->key));
             }
         }
@@ -521,7 +521,7 @@ LOCAL void arkime_rules_parser_load_add_field_not(const char *filename, ArkimeRu
             g_hash_table_add(rule->hashNOT[pos], (void *)(long)n);
         } else {
             for (int j = 0; j < (int)node->values->len; j++) {
-                YamlNode_t *fnode = g_ptr_array_index(node->values, j);
+                const YamlNode_t *fnode = g_ptr_array_index(node->values, j);
                 n = atoi(fnode->key);
                 g_hash_table_add(rule->hashNOT[pos], (void *)(long)n);
             }
@@ -709,7 +709,7 @@ LOCAL void arkime_rules_parser_load_rule(char *filename, YamlNode_t *parent)
             } else {
                 int j;
                 for (j = 0; j < (int)node->values->len; j++) {
-                    YamlNode_t *fnode = g_ptr_array_index(node->values, j);
+                    const YamlNode_t *fnode = g_ptr_array_index(node->values, j);
                     if (mtype != 0)
                         arkime_rules_load_add_field_match(rule, pos, mtype, fnode->key);
                     else
@@ -1118,7 +1118,7 @@ LOCAL void arkime_rules_check_rule_fields(ArkimeSession_t *const session, Arkime
                 break;
 
             case ARKIME_FIELD_TYPE_STR_ARRAY: {
-                GPtrArray *sarray = (GPtrArray *)value;
+                const GPtrArray *sarray = (GPtrArray *)value;
                 for (i = 0; i < (int)sarray->len; i++) {
                     if (g_hash_table_contains(rule->hashNOT[p], g_ptr_array_index(sarray, i))) {
                         good = 0;
@@ -1145,7 +1145,7 @@ LOCAL void arkime_rules_check_rule_fields(ArkimeSession_t *const session, Arkime
                 break;
 
             case ARKIME_FIELD_TYPE_INT_ARRAY: {
-                GArray *iarray = (GArray *)value;
+                const GArray *iarray = (GArray *)value;
                 for (i = 0; i < (int)iarray->len; i++) {
                     if (g_hash_table_contains(rule->hashNOT[p], (void *)(long)g_array_index(iarray, uint32_t, i))) {
                         good = 0;
@@ -1203,7 +1203,7 @@ LOCAL void arkime_rules_check_rule_fields(ArkimeSession_t *const session, Arkime
             good = !g_hash_table_contains(rule->hashNOT[p], (void *)(long)session->fields[p]->i);
             break;
         case ARKIME_FIELD_TYPE_INT_ARRAY: {
-            GArray *iarray = session->fields[p]->iarray;
+            const GArray *iarray = session->fields[p]->iarray;
             for (i = 0; i < (int)iarray->len; i++) {
                 if (g_hash_table_contains(rule->hashNOT[p], (void *)(long)g_array_index(iarray, uint32_t, i))) {
                     good = 0;
@@ -1214,8 +1214,7 @@ LOCAL void arkime_rules_check_rule_fields(ArkimeSession_t *const session, Arkime
         }
 
         case ARKIME_FIELD_TYPE_INT_HASH: {
-            const ArkimeIntHashStd_t *ihash = session->fields[p]->ihash;
-            ArkimeInt_t              *hint;
+            ihash = session->fields[p]->ihash;
             HASH_FORALL2(i_, *ihash, hint) {
                 if (g_hash_table_contains(rule->hashNOT[p], (void *)(long)hint->i_hash)) {
                     good = 0;
@@ -1332,7 +1331,7 @@ LOCAL void arkime_rules_check_rule_fields(ArkimeSession_t *const session, Arkime
                 good = arkime_rules_check_str_match(rule, p, value, logStr);
                 break;
             case ARKIME_FIELD_TYPE_STR_ARRAY: {
-                GPtrArray *sarray = (GPtrArray *)value;
+                const GPtrArray *sarray = (GPtrArray *)value;
                 good = 0;
                 for (i = 0; i < (int)sarray->len; i++) {
                     if (arkime_rules_check_str_match(rule, p, g_ptr_array_index(sarray, i), logStr)) {
@@ -1355,7 +1354,7 @@ LOCAL void arkime_rules_check_rule_fields(ArkimeSession_t *const session, Arkime
                 break;
             }
             case ARKIME_FIELD_TYPE_INT_ARRAY: {
-                GArray *iarray = (GArray *)value;
+                const GArray *iarray = (GArray *)value;
                 good = 0;
                 for (i = 0; i < (int)iarray->len; i++) {
                     if (arkime_rules_check_int_match(rule, p, g_array_index(iarray, uint32_t, i), logStr)) {

capture/session.c

@@ -868,8 +868,8 @@ LOCAL void arkime_session_load_collapse()
 
         uint64_t key = atoi(keys[i]) + 1;
         for (int j = 0; values[j]; j++) {
-            uint64_t value = atoi(values[j]);
-            g_hash_table_insert(collapseTable, GINT_TO_POINTER(value), GINT_TO_POINTER(key));
+            uint64_t ivalue = atoi(values[j]);
+            g_hash_table_insert(collapseTable, GINT_TO_POINTER(ivalue), GINT_TO_POINTER(key));
         }
         g_strfreev(values);
         g_free(value);