the way of optimizing and troubleshooting our lua waf
play

The Way of Optimizing and Troubleshooting Our Lua Waf - PowerPoint PPT Presentation

Feb 03, 2024 •780 likes •1.06k views

pdf |<< < > >>| 1 / 25 The Way of Optimizing and Troubleshooting Our Lua Waf agentzh@gmail.com Yichun Zhang (agentzh) 2013.04.19 Dane now loves to open a conversation with me via a Flame Graph. One day, Dane

  1. pdf |<< < > >>| 1 / 25 The Way of Optimizing and Troubleshooting Our Lua Waf ☺ agentzh@gmail.com ☺ Yichun Zhang (agentzh) 2013.04.19

  2. ♡ Dane now loves to open a conversation with me via a Flame Graph.

  4. ♡ One day, Dane walks to me with a weird C­level Flame Graph for our online WAF...

  6. ♡ About 80% of the C­level backtraces are bad in the graph.

  7. ♡ Fortunately we have a good Lua­land Flame Graph for the same process.

  9. ♡ We are using the PCRE Just­In­Time compiler. JITted code does not have debug information required by a proper C­level backtrace.

  10. ♡ We now know PCRE is busy! We now know our regexes are slow!

  11. ♡ ngx­pcre­stats is a simple tool based on systemtap.

  12. $ ./ngx­pcre­stats ­p 24528 ­­exec­time­dist Tracing 24528 (/path/to/nginx/sbin/nginx)... Hit Ctrl­C to end. ^C Logarithmic histogram for pcre_exec running time distribution (us): value |­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ count 0 | 0 1 | 0 2 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 981 4 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 1479 8 | 16 16 | 18 32 | 1

  13. $ ./ngx­pcre­stats ­p 24528 ­­total­time­top ­­luajit20 Tracing 24528 (/path/to/nginx/sbin/nginx)... Hit Ctrl­C to end. ^C Top N regexes with longest total running time: 1. pattern /WEB_ATTACK/: 15103us (total data size: 82184) 2. pattern / __cf__\d+/: 11143us (total data size: 25916) 3. pattern /[^\x01­\xff]/: 10233us (total data size: 102825) 4. pattern /\b(?:coalesce\b|root\@)/: 7017us (total data size: 78230) 5. pattern /(Content­Length|Transfer­ Encoding)/: 6766us (total data size: 17871) ...

  14. $ ./ngx­pcre­stats ­p 24528 ­­worst­time­top ­­luajit20 Tracing 24528 (/path/to/nginx/sbin/nginx)... Hit Ctrl­C to end. ^C Top N regexes with worst running time: 1. pattern /\.cookie\b.*?\;\W*?domain\W*?\=/: 98us (data size: 36) 2. pattern /(Content­Length|Transfer­Encoding)/: 89us (data size: 14) 3. pattern / __cf__\d+/: 63us (data size: 8) 4. pattern /[^\x01­\xff]/: 53us (data size: 13) 5. pattern /\b(background|dynsrc|href|lowsrc|src)\b\W*? =/: 53us (data size: 5147) 6. pattern /(?i:<embed[ /+\t].*?SRC.*?=)/: 47us (data size: 304) 7. pattern /(fromcharcode|alert|eval)\s*\(/: 45us (data size: 24) 8. pattern /\bselect\b.*?\bto_number\b/: 40us (data size: 5147)

  15. John Graham­Cumming: This is very helpful . John Graham­Cumming: And today I used it to kill off four of them.

  16. ♡ Another day, Dane comes to me with another Flame Graph and tells me that some Nginx worker processes are hot spinning !

  18. ♡ The Lua code seems to be spining around some string.find() calls.

  19. ♡ Let's find out the Lua ­land backtrace!

  20. ♡ After GDB crashes our processes for 6 times, I quickly write another tool named ngx­lua­bt based on systemtap...

  21. $ ./ngx­lua­bt ­p 7599 ­­luajit20 WARNING: Tracing 7599 (/path/to/nginx/sbin/nginx) for LuaJIT 2.0... C:lj_cf_string_find @/usr/local/nginx­waf/lua/waf­core.lua:201 @/usr/local/nginx­waf/lua/waf­core.lua:676 @/usr/local/nginx­waf/lua/waf­core.lua:1467 @/usr/local/nginx­waf/lua/waf­core.lua:1074 @/usr/local/nginx­waf/lua/rules/oldwaf/compiled.lua:371 @/usr/local/nginx­waf/lua/waf.lua:57 C:lj_ffh_pcall @/usr/local/nginx­waf/lua/waf.lua:50 access_by_lua:1

  22. ♡ The problematic infinite loop in John Graham­Cumming's Lua code...

  23. while start do local stop = string.find(v, "}", start, true) if stop then ... end end

  24. John Graham­ Cumming: Well, that's the perfect bug report. Even contains the fix!

  25. ☺ Any questions ? ☺

  26. The Way of Optimizing and Troubleshooting Our Lua Waf ☺ agentzh@gmail.com ☺ Yichun Zhang (agentzh) 2013.04.19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Troubleshooting &amp; Q&amp;A 1 1 SeisComP3 Troubleshooting scrttv Real Time Trace Viewer

Troubleshooting &amp; Q&amp;A 1 1 SeisComP3 Troubleshooting scrttv Real Time Trace Viewer

Troubleshooting &amp; Q&amp;A 1 1 SeisComP3 Troubleshooting scrttv Real Time Trace Viewer scqcv Quality Control GUI slinktool to check the status of the seedlink server slinktool -Q : SOME log files are in hidden .seiscomp3

192 views • 7 slides
TROUBLESHOOTING Performing basic Acronis Backup and Acronis Backup Cloud troubleshooting Acronis

TROUBLESHOOTING Performing basic Acronis Backup and Acronis Backup Cloud troubleshooting Acronis

ACRONIS BACKUP TROUBLESHOOTING Performing basic Acronis Backup and Acronis Backup Cloud troubleshooting Acronis Training and Certification Authorized Use Only 1 Module Outline 1. Acronis Backup Troubleshooting Steps 2. Acronis Support

1.13k views • 53 slides
Automatically Generating Predicates and Solutions for Configuration Troubleshooting * Ya-Yunn Su

Automatically Generating Predicates and Solutions for Configuration Troubleshooting * Ya-Yunn Su

Automatically Generating Predicates and Solutions for Configuration Troubleshooting * Ya-Yunn Su Jason Flinn NEC Laboratories University of America Michigan Troubleshooting misconfigurations is hard! Users may have to Edit

354 views • 31 slides
MySQL Performance Optimization and Troubleshooting with PMM Peter Zaitsev, CEO, Percona Percona

MySQL Performance Optimization and Troubleshooting with PMM Peter Zaitsev, CEO, Percona Percona

MySQL Performance Optimization and Troubleshooting with PMM Peter Zaitsev, CEO, Percona Percona Live, Santa Clara 25 April 2018 Few words about Percona Monitoring and Management (PMM) 100% Free, Open Source database troubleshooting and

1.11k views • 74 slides
Troubleshooting PostgreSQL with pgCenter Alexey Lesovsky alexey.lesovsky@dataegret.com

Troubleshooting PostgreSQL with pgCenter Alexey Lesovsky alexey.lesovsky@dataegret.com

Troubleshooting PostgreSQL with pgCenter Alexey Lesovsky alexey.lesovsky@dataegret.com Introduction 01 What is pgCenter. Goals and quick overview. Troubleshooting cases 02 Health checks and load spikes. Hidden problems.

736 views • 57 slides
Provenance for System Troubleshooting Marc Chiarini Harvard SEAS TaPP '11 A Day in the Life...

Provenance for System Troubleshooting Marc Chiarini Harvard SEAS TaPP '11 A Day in the Life...

Provenance for System Troubleshooting Marc Chiarini Harvard SEAS TaPP '11 A Day in the Life... Wake up 3am via page from a heartless machine: hot backup has failed. Start troubleshooting (in pajamas, thankfully!) Log files

197 views • 9 slides
World 201 1 Help! Problem Solving and Troubleshooting Daniel Rodwell Australian National

World 201 1 Help! Problem Solving and Troubleshooting Daniel Rodwell Australian National

World 201 1 Help! Problem Solving and Troubleshooting Daniel Rodwell Australian National University XW11 Intro Outline Todays Session Two Parts Problem Solving Concepts and Theory Methods Group Solve Troubleshooting

1.31k views • 108 slides
TROUBLESHOOTING AND APPEALS Health Access Basic Benefits Training February 27, 2020 Nancy

TROUBLESHOOTING AND APPEALS Health Access Basic Benefits Training February 27, 2020 Nancy

TROUBLESHOOTING AND APPEALS Health Access Basic Benefits Training February 27, 2020 Nancy Lorenz Greater Boston Legal Services nlorenz@gbls.org 2 Troubleshooting Eligibility How do you know there is a problem? : Provider says

458 views • 15 slides
Optimizing re me dia tio n a ppro a c he s Optimizing re me dia tio n a ppro a c he s a t mine

Optimizing re me dia tio n a ppro a c he s Optimizing re me dia tio n a ppro a c he s a t mine

Optimizing re me dia tio n a ppro a c he s Optimizing re me dia tio n a ppro a c he s a t mine site s: ho w unde rsta nding b io g e o c he mic a l pro c e sse s a nd b io g e o c he mic a l pro c e sse s a nd mo de ling c a n g uide

394 views • 26 slides
Web-Based SIS Troubleshooting Simplifying State Reporting Cycles Agenda Resources

Web-Based SIS Troubleshooting Simplifying State Reporting Cycles Agenda Resources

Web-Based SIS Troubleshooting Simplifying State Reporting Cycles Agenda Resources Preventative Actions Troubleshooting Errors Report Verification RESOUR RESOURCES CES Resources www.apscn.org &gt; SIS

1.06k views • 76 slides
Lawn Basics &amp; Turf Troubleshooting Presentation Q &amp; A Lawn Basics &amp; Turf

Lawn Basics &amp; Turf Troubleshooting Presentation Q &amp; A Lawn Basics &amp; Turf

Lawn Basics &amp; Turf Troubleshooting Presentation Q &amp; A Lawn Basics &amp; Turf Troubleshooting Q &amp; A June 16, 2020 1. I would like to know how the groundskeeping industry standards compare to your recommendations for lawn care

208 views • 7 slides
Configuring and Troubleshooting MPLS VPN Vinit Jain, CCIE Security, Data Center, SP, and R&amp;S

Configuring and Troubleshooting MPLS VPN Vinit Jain, CCIE Security, Data Center, SP, and R&amp;S

Cisco Support Community Expert Series Webcast Configuring and Troubleshooting MPLS VPN Vinit Jain, CCIE Security, Data Center, SP, and R&amp;S September 15, 2015 Ask the Expert Events Now through September 18 Implementing and Troubleshooting

1.13k views • 56 slides
OUR OBJECTIVE : OPTIMIZING YOUR TRANSACTION 1 OPTIMIZING YOUR TRANSACTION, is bringing added

OUR OBJECTIVE : OPTIMIZING YOUR TRANSACTION 1 OPTIMIZING YOUR TRANSACTION, is bringing added

OUR OBJECTIVE : OPTIMIZING YOUR TRANSACTION 1 OPTIMIZING YOUR TRANSACTION, is bringing added value to you appropriate for each stage of your project. 2 p.4 Presentation of Trianon Corporate Finance Our team p.12 References p.15 p.24

288 views • 24 slides
902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f

902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f

902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f Flawless Submission COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF ENVIRONMENTAL PROTECTION BUREAU OF WASTE MANAGEMENT ACT 101, SECTION 902 MUNICIPAL

635 views • 34 slides
Decision theoretic troubleshooting Ji r Vomlel Academy of Sciences of the Czech Republic

Decision theoretic troubleshooting Ji r Vomlel Academy of Sciences of the Czech Republic

Decision theoretic troubleshooting Ji r Vomlel Academy of Sciences of the Czech Republic 11th July, 2007 J. Vomlel ( UTIA AV CR) Troubleshooting 11th July, 2007 1 / 26 Light Print Problem Your trouble : The page that

912 views • 68 slides
Troubleshooting AWS App Workshop Splunk Add-on for AWS 4.3+ Kamilo Amir | Splunk Cloud Architect

Troubleshooting AWS App Workshop Splunk Add-on for AWS 4.3+ Kamilo Amir | Splunk Cloud Architect

Troubleshooting AWS App Workshop Splunk Add-on for AWS 4.3+ Kamilo Amir | Splunk Cloud Architect ______________________________________________________________________________ Table of Contents 4 TROUBLESHOOTING SPLUNK APP / ADD-ON FOR AWS 4 P

296 views • 8 slides
Week 6: An Introduction to Time Series Dependent data, autocorrelation, AR and periodic

Week 6: An Introduction to Time Series Dependent data, autocorrelation, AR and periodic

BUS41100 Applied Regression Analysis Week 6: An Introduction to Time Series Dependent data, autocorrelation, AR and periodic regression models Max H. Farrell The University of Chicago Booth School of Business Time series data and dependence

1.49k views • 60 slides
LOD2 Stack and the NLP2RDF project http://slideshare.net/kurzum http://nlp2rdf.org

LOD2 Stack and the NLP2RDF project http://slideshare.net/kurzum http://nlp2rdf.org

Creating Knowledge out of Interlinked Data Rome 2013/03/13 Page 1 http://lod2.eu LOD2 Stack and the NLP2RDF project http://slideshare.net/kurzum http://nlp2rdf.org http://lod2.eu Sebastian Hellmann AKSW, Universitt Leipzig

761 views • 32 slides
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab

The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab

The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Googles protection Threats Risks Survival Network Data protection (encryption) App/device

888 views • 45 slides
Outline XML Query Languages CS 235: XPATH XQUERY Introduction to Databases

Outline XML Query Languages CS 235: XPATH XQUERY Introduction to Databases

Outline XML Query Languages CS 235: XPATH XQUERY Introduction to Databases Svetlozar Nestorov Lecture Notes #26 XPATH and XQUERY Example DTD XPATH is a language for describing paths &lt;!DOCTYPE Bars [ &lt;!ELEMENT BARS

528 views • 5 slides
Tensor-Matrix Products with a Compressed Sparse Tensor Shaden Smith George Karypis University

Tensor-Matrix Products with a Compressed Sparse Tensor Shaden Smith George Karypis University

Tensor-Matrix Products with a Compressed Sparse Tensor Shaden Smith George Karypis University of Minnesota Department of Computer Science &amp; Engineering shaden@cs.umn.edu Tensor-Matrix Products with a Compressed Sparse Tensor 1 / 47

1.09k views • 47 slides
CALL OF DUTY: DEV OPS STEPHEN BURTON, TECH EV ANGELIST , APPDYNAMICS my company Im Steve

CALL OF DUTY: DEV OPS STEPHEN BURTON, TECH EV ANGELIST , APPDYNAMICS my company Im Steve

CALL OF DUTY: DEV OPS STEPHEN BURTON, TECH EV ANGELIST , APPDYNAMICS my company Im Steve Burton my passion tech ev angelist @burtonsa ys THE GAME toda y GAME SELECT DEVELOPER DEVELOPER A OPERATIONS DEVOPS NOOPS Dev MISSION

811 views • 53 slides
A Support Engineer Walkthrough on pt-stalk Marcos Albe Marcelo Altmann Principal Support

A Support Engineer Walkthrough on pt-stalk Marcos Albe Marcelo Altmann Principal Support

A Support Engineer Walkthrough on pt-stalk Marcos Albe Marcelo Altmann Principal Support Engineer - Percona Senior Support Engineer - Percona Thank You Sponsors! 2 April 23-25, 2018 SAVE THE DATE! Santa Clara Convention Center CALL FOR

870 views • 30 slides
Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Intro Hardware Security Platform Security Hacking Q&amp;A Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at Hamburg &amp; Dublin City University 2010-12-16 1 / 54 Intro Hardware Security

974 views • 79 slides

More recommend