git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <vjulien@oisf.net>
	Wed, 30 Apr 2025 08:20:10 +0000 (10:20 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 26 Jun 2025 21:19:59 +0000 (23:19 +0200)
commit	136b43713a049af664ae311f2a06a47e59139809
tree	383b789f1ab534c43d0f92ed6966077b74a207cc	tree
parent	fe1f846e50dd588319bc620bc3d65360cfae48ab	commit \| diff

threads: fix autofp shutdown race condition

Sometimes a single flow pcap would log 2 flows. It turns out FlowWorkToDoCleanup
ran before all the packet threads had processed their "wire" packets. It then
removed a flow that a wire packet would still have needed, leading to the worker
thread creating a new flow for it.

This could happen due to the logic in TmThreadDisableReceiveThreads which calls
TmThreadDrainPacketThreads to made sure it only returns when all autofp-workers
have processed all the packets the autofp-capture thread fed to them.

However, the way it checked this is by checking the size of the autofp-worker's
input queue. If 0, it assumes it is done.

What this missed, is that a worker thread could have just taken the last packet
from the input queue, but it is not yet done processing it. If then the
FlowWorkToDoCleanup is ran as well, it would race the worker thread to the flow
handling logic. When it won, the flow was evicted and the packet thread
created a new flow.

This patch improves the shutdown logic to force the worker threads to
enter a "flow loop" (THV_FLOW_LOOP) state before moving on to the
FlowWorkToDoCleanup step. This makes sure that any in progress packets
in the worker threads have been processed.

Bug: #7681.
(cherry picked from commit 12f8f03532e57fe8168c40d6a14b34b8954bd3e5)

src/suricata.c		diff \| blob \| blame \| history
src/threadvars.h		diff \| blob \| blame \| history
src/tm-threads.c		diff \| blob \| blame \| history
src/tm-threads.h		diff \| blob \| blame \| history