git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Wed, 18 Feb 2015 07:50:01 +0000 (08:50 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 18 Feb 2015 08:18:43 +0000 (09:18 +0100)
commit	7426a9c64504ac2731c36fae23f54a1a3639b9cc
tree	bdbf681a419bfee63e945cc3a3c1f20327309cb1	tree
parent	d78be75b9fff92484379d8c031948a3f0cbab986	commit \| diff

flow: make TCP reuse handling in flow engine optional

In case of autofp (or more general, when flow and stream engine
run in different threads) the flow engine should not trigger a flow
reuse as this can lead to race conditions between the flow and the
stream engine.

In such cases, the flow engine can be far ahead of the stream engine
as packets are in a queue between the threads.

Observed:

Flow engine tags packet 10 as start of new flow. Flow is tagged as
'reused'.

Stream engine evaluates packet 5 which belongs to the old flow. It
rejects the flow as it's tagged 'reused'. Attaches packet 5 to the
new flow which is wrong.

Solution:

This patch connects the flow engines handling of reuse cases to
the runmode. It hooks into the RunmodeSetFlowStreamAsync() call to
notify the flow engine that it shouldn't handle the reuse.

src/flow-hash.c		diff \| blob \| blame \| history
src/flow-hash.h		diff \| blob \| blame \| history
src/util-runmodes.c		diff \| blob \| blame \| history