git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <vjulien@oisf.net>
	Thu, 8 Jun 2023 16:37:44 +0000 (18:37 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Mon, 12 Jun 2023 12:16:59 +0000 (14:16 +0200)
commit	c90f67ac55bd2bae6efabb2dcde7677336fa1773
tree	bbb808713e9013ca190280e1a271ba80025a344e	tree \| snapshot
parent	22d7323eee6e3f3f9901e9ce1fd4aa47560093e8	commit \| diff

app-layer: improve/fix updates logic

In 23323a961fac ("app-layer: reduce app cleanup and output-tx calls"), flag
was set per packet updating the app-layer state. However this was missing a
common pattern: in IDS mode most updates are done in the opposite direction
of the traffic due to updates getting triggered by ACK's. This meant that
file store processing might not happen for a long time, or at all. Also,
app layer cleanup might not be called, which includes file pruning.

This patch sets per flow set of flags to indicate app layer is (potentially)
updated. It sets this per direction, based on how the parsers were invoked.
If an ACK triggers an app update, the flow is tagged for the opposite
direction and the next packet in that direction triggers output and cleanup.

Fixes: 23323a961fac ("app-layer: reduce app cleanup and output-tx calls")
Bug: #6120.

src/app-layer.c		diff \| blob \| blame \| history
src/app-layer.h		diff \| blob \| blame \| history
src/decode.h		diff \| blob \| blame \| history
src/flow-worker.c		diff \| blob \| blame \| history
src/flow.h		diff \| blob \| blame \| history
src/output-tx.c		diff \| blob \| blame \| history
src/packet.c		diff \| blob \| blame \| history
src/stream-tcp-reassemble.c		diff \| blob \| blame \| history
src/stream-tcp-reassemble.h		diff \| blob \| blame \| history