Merge pull request #2299 in SNORT/snort3 from ~SATHIRKA/snort3:odp_reload_lua_state...

Squashed commit of the following:

commit 76b2a723f149befdceb0897d84a353d4db3491b4
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Fri Jun 26 12:21:04 2020 -0400

    appid: Create lua states and lua detectors in control thread

diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc
index 9ffb9c454cf5dcd761ca78cd156e765e49dc1c1d..e3fa976ed077feecf546e2c6b66f6cf11c60fc15 100644 (file)
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -88,6 +88,8 @@ void AppIdConfig::show() const
     ConfigLogger::log_flag("log_all_sessions", log_all_sessions);
     ConfigLogger::log_flag("log_stats", log_stats);
     ConfigLogger::log_value("memcap", memcap);
+
+    ConfigLogger::log_flag("load_odp_detectors_in_ctrl", load_odp_detectors_in_ctrl);
 }
 
 void AppIdContext::pterm()
@@ -110,7 +112,7 @@ bool AppIdContext::init_appid(SnortConfig* sc)
     {
         odp_ctxt->get_client_disco_mgr().initialize();
         odp_ctxt->get_service_disco_mgr().initialize();
-        LuaDetectorManager::initialize(*this, 1);
+        LuaDetectorManager::initialize(*this, 1, config.load_odp_detectors_in_ctrl);
         odp_ctxt->initialize();
 
         // do not reload third party on reload_config()

diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h
index e9d56104c1515ca381446833a1d7a9413dc0aad7..0527d354be3d71318820db592c40ca7bef180d1c 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -71,6 +71,7 @@ public:
     size_t memcap = 0;
     bool list_odp_detectors = false;
     bool log_all_sessions = false;
+    bool load_odp_detectors_in_ctrl = false;
     SnortProtocolId snortId_for_unsynchronized;
     SnortProtocolId snortId_for_ftp_data;
     SnortProtocolId snortId_for_http2;

diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc
index a3b68c3c4cf9f10ea112dc81b3151cb3b4ff079a..aadd37a6e5cbda3518c83ea6ed8ce54057b0f624 100644 (file)
--- a/src/network_inspectors/appid/appid_inspector.cc
+++ b/src/network_inspectors/appid/appid_inspector.cc
@@ -140,7 +140,12 @@ void AppIdInspector::tinit()
     appid_mute = PacketTracer::get_mute();
 
     AppIdStatistics::initialize_manager(*config);
-    LuaDetectorManager::initialize(*ctxt);
+
+    if (ctxt->config.load_odp_detectors_in_ctrl)
+        LuaDetectorManager::init_thread_manager(*ctxt);
+    else
+        LuaDetectorManager::initialize(*ctxt);
+
     AppIdServiceState::initialize(config->memcap);
     assert(!tp_appid_thread_ctxt);
     tp_appid_thread_ctxt = ctxt->get_tp_appid_ctxt();
@@ -199,7 +204,7 @@ static void appid_inspector_pterm()
 {
 //FIXIT-M: RELOAD - if app_info_table is associated with an object
     appid_forecast_pterm();
-    LuaDetectorManager::terminate();
+    LuaDetectorManager::terminate(true);
     AppIdContext::pterm();
 //end of 'FIXIT-M: RELOAD' comment above
     openssl_cleanup();

diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index e6d3a1d9f4401f1799faca4f04b7ae92d61c4f7e..f670fed10a9cfb78684f6decbb8fd19e02cc5249 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -87,6 +87,8 @@ static const Parameter s_params[] =
       "print third party configuration on startup" },
     { "log_all_sessions", Parameter::PT_BOOL, nullptr, "false",
       "enable logging of all appid sessions" },
+    { "load_odp_detectors_in_ctrl", Parameter::PT_BOOL, nullptr, "false",
+      "load odp detectors in control thread" },
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
 
@@ -330,6 +332,8 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*)
         config->list_odp_detectors = v.get_bool();
     else if ( v.is("log_all_sessions") )
         config->log_all_sessions = v.get_bool();
+    else if ( v.is("load_odp_detectors_in_ctrl") )
+        config->load_odp_detectors_in_ctrl = v.get_bool();
 
     return true;
 }

diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc
index b85003d79f73a088661ee53ff995ac68fbe65157..af8a7d057f0595140354586954711f3673c128fc 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_module.cc
+++ b/src/network_inspectors/appid/lua_detector_module.cc
@@ -49,6 +49,7 @@ using namespace std;
 
 THREAD_LOCAL LuaDetectorManager* lua_detector_mgr = nullptr;
 static THREAD_LOCAL SF_LIST allocated_detector_flow_list;
+static std::vector<LuaDetectorManager*> lua_detector_mgr_list;
 
 bool get_lua_field(lua_State* L, int table, const char* field, std::string& out)
 {
@@ -162,7 +163,7 @@ LuaDetectorManager::LuaDetectorManager(AppIdContext& ctxt, int is_control) :
 
 LuaDetectorManager::~LuaDetectorManager()
 {
-    auto L = lua_detector_mgr? lua_detector_mgr->L : nullptr;
+    auto L = this->L;
     if (L)
     {
         if (init(L))
@@ -197,7 +198,7 @@ LuaDetectorManager::~LuaDetectorManager()
     cb_detectors.clear(); // do not free Lua objects in cb_detectors
 }
 
-void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control)
+void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control, bool reload)
 {
     // FIXIT-M: RELOAD - When reload is supported, remove this line which prevents re-initialize
     if (lua_detector_mgr)
@@ -214,15 +215,49 @@ void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control)
 
     if (ctxt.config.list_odp_detectors)
         lua_detector_mgr->list_lua_detectors();
+
+    if (reload)
+    {
+        LogMessage("AppId Lua-Detectors : loading lua detectors in control thread\n");
+        unsigned max_threads = ThreadConfig::get_instance_max();
+        for (unsigned i = 0 ; i < max_threads; i++)
+        {
+            lua_detector_mgr_list.emplace_back(new LuaDetectorManager(ctxt, 0));
+
+            if (!lua_detector_mgr_list[i]->L)
+                FatalError("Error - appid: can not create new luaState, instance=%u\n", i);
+
+            lua_detector_mgr_list[i]->initialize_lua_detectors();
+        }
+    }
+}
+
+void LuaDetectorManager::init_thread_manager(const AppIdContext& ctxt)
+{
+    lua_detector_mgr = lua_detector_mgr_list[get_instance_id()];
+    lua_detector_mgr->activate_lua_detectors();
+    if (ctxt.config.list_odp_detectors)
+        lua_detector_mgr->list_lua_detectors();
 }
 
-void LuaDetectorManager::terminate()
+void LuaDetectorManager::terminate(bool is_control)
 {
+    unsigned size = lua_detector_mgr_list.size();
+    if (size and !is_control)
+        return;
+
     if (!lua_detector_mgr)
         return;
 
     delete lua_detector_mgr;
     lua_detector_mgr = nullptr;
+
+    if (size)
+    {
+        for (unsigned i = 0; i < size; i++)
+            delete lua_detector_mgr_list[i];
+        lua_detector_mgr_list.clear();
+    }
 }
 
 void LuaDetectorManager::add_detector_flow(DetectorFlow* df)

diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h
index 19302755a3a81a4695bce883454519febaa61e39..a4ca08b4cb70e3254ffed66b5615416e7a53bc3e 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_module.h
+++ b/src/network_inspectors/appid/lua_detector_module.h
@@ -31,6 +31,7 @@
 #include <lua/lua.h>
 
 #include "main/thread.h"
+#include "main/thread_config.h"
 #include "protocols/protocol_ids.h"
 
 #include "application_ids.h"
@@ -49,8 +50,9 @@ class LuaDetectorManager
 public:
     LuaDetectorManager(AppIdContext&, int);
     ~LuaDetectorManager();
-    static void initialize(AppIdContext&, int is_control=0);
-    static void terminate();
+    static void initialize(AppIdContext&, int is_control=0, bool reload=false);
+    static void init_thread_manager(const AppIdContext&);
+    static void terminate(bool is_control=false);
     static void add_detector_flow(DetectorFlow*);
     static void free_detector_flows();
     // FIXIT-M: RELOAD - When reload is supported, move this variable to a separate location