Merge pull request #1430 in SNORT/snort3 from ~BBANTWAL/snort3:offload_non_pdu to...

Squashed commit of the following:

commit 096d510332e2e0b10e46a1668c61e274ce389f35
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Fri Nov 9 13:01:12 2018 -0500

    add check to see if flow is present

commit eaaf991705740d9b3e5a6babd5c1c5bd0c68015e
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Mon Nov 5 13:33:43 2018 -0500

    remove check to see if offload

commit eac33b77422c841034644f9ea2874c01a94b4840
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Mon Nov 5 11:31:51 2018 -0500

    clear context data for raw packets

commit 5fa3d614fcaf1849e7caa0fd0be7d7765c1ee1a7
Author: russ <rucombs@cisco.com>
Date:   Sun Oct 21 10:53:21 2018 -0400

    detection: enable offloading non-pdu packets

diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc
index 088027324eaa48d7ac86f0768e7eb6e0afd878ee..6c2bf9f65f4fce99f73cbef0ce4c7eaadccd7faa 100644 (file)
--- a/src/detection/context_switcher.cc
+++ b/src/detection/context_switcher.cc
@@ -88,7 +88,10 @@ void ContextSwitcher::stop()
     assert(busy.size() == 1);
     trace_logf(detection, TRACE_DETECTION_ENGINE, "(wire) %" PRIu64 " cs::stop %u (i=%zu, b=%zu)\n",
         get_packet_number(), busy.back()->get_slot(), idle.size(), busy.size());
-    idle.emplace_back(busy.back());
+
+    IpsContext* c = busy.back();
+    c->clear_context_data();
+    idle.emplace_back(c);
     busy.pop_back();
 }
 

diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index c5373dd9e2a3decfe7162e69440334b30fbbbe68..35a025f614902bfc6513db59d5a30fb620e4b5bb 100644 (file)
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -80,7 +80,7 @@ DetectionEngine::~DetectionEngine()
     if ( context == Snort::get_switcher()->get_context() )
     {
         // finish_packet is called here so that we clear wire packets at the right time
-        finish_packet(context->packet);
+        finish_packet(context->packet, true);
     }
 }
 
@@ -161,7 +161,7 @@ void DetectionEngine::finish_inspect(Packet* p, bool inspected)
     clear_events(p);
 }
 
-void DetectionEngine::finish_packet(Packet* p)
+void DetectionEngine::finish_packet(Packet* p, bool flow_deletion)
 {
     log_events(p);
     clear_events(p);
@@ -171,7 +171,10 @@ void DetectionEngine::finish_packet(Packet* p)
     const IpsContext* c = Snort::get_switcher()->get_next();
     c->packet->release_helpers();
 
-    Snort::get_switcher()->complete();
+    ContextSwitcher* sw = Snort::get_switcher();
+
+    if ( flow_deletion or sw->busy_count() > 1 )
+        sw->complete();
 }
 
 uint8_t* DetectionEngine::get_buffer(unsigned& max)
@@ -349,8 +352,7 @@ bool DetectionEngine::offload(Packet* p)
 {
     ContextSwitcher* sw = Snort::get_switcher();
 
-    if ( p->type() != PktType::PDU or
-         p->dsize < SnortConfig::get_conf()->offload_limit or
+    if ( p->dsize < SnortConfig::get_conf()->offload_limit or
          !sw->can_hold() or
          !offloader->available() )
     {
@@ -398,15 +400,14 @@ bool DetectionEngine::detect(Packet* p, bool offload_ok)
     switch ( p->type() )
     {
     case PktType::PDU:
-        if ( offload_ok )
-            return offload(p);
-        // fall thru
-
     case PktType::IP:
     case PktType::TCP:
     case PktType::UDP:
     case PktType::ICMP:
     case PktType::FILE:
+        if ( offload_ok and p->flow )
+            return offload(p);
+
         fp_local(p);
         break;
 

diff --git a/src/detection/detection_engine.h b/src/detection/detection_engine.h
index 4f5af57cf3c2b8f646d934fae352d3d1ffecb623..87240592f558cb2058166ced6b4294bd0f3cfd14 100644 (file)
--- a/src/detection/detection_engine.h
+++ b/src/detection/detection_engine.h
@@ -109,7 +109,7 @@ private:
     static void clear_events(Packet*);
     static void finish_inspect_with_latency(Packet*);
     static void finish_inspect(Packet*, bool inspected);
-    static void finish_packet(Packet*);
+    static void finish_packet(Packet*, bool flow_deletion = false);
 
 private:
     IpsContext* context;