git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <vjulien@oisf.net>
	Tue, 10 Jun 2025 09:33:03 +0000 (11:33 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 26 Jun 2025 21:19:59 +0000 (23:19 +0200)
commit	3528625f0420c3dee3ceeaad2df0793c29aff2f1
tree	bcad131288193404448c73e40ad0521577f200fb	tree
parent	d8d44648ebe4ac9dc2473842d251f296fb200bd9	commit \| diff

threading: fix shutdown of IPS autofp modes

For IPS modes with a verdict thread in autofp there was an issue with
the verdict thread not shutting down, leading to a long shutdown time
until an error condition was reached.

The problem was that when the packet threads, of which the verdict
thread is one, were told to enter their flow timeout loop the verdict
thread got stuck as it immediately progressed to THV_RUNNING_DONE
instead of the expected THV_FLOW_LOOP.

This patch updates the shutdown logic to only apply the flow timeout
logic to the relevant threads, and skip the verdict thread(s).

Add TM_FLAG_VERDICT_TM to indicate a thread has a verdict module to more
explicitly shut it down.

Fixes: 12f8f03532e5 ("threads: fix autofp shutdown race condition")
Bug: #7681.
(cherry picked from commit bdac028fc7ea97f0e50fbd0a24d995bced81c490)

src/source-ipfw.c		diff \| blob \| blame \| history
src/source-nfq.c		diff \| blob \| blame \| history
src/source-windivert.c		diff \| blob \| blame \| history
src/suricata.c		diff \| blob \| blame \| history
src/tm-modules.h		diff \| blob \| blame \| history
src/tm-threads.c		diff \| blob \| blame \| history
src/tm-threads.h		diff \| blob \| blame \| history