Pull request #3438: appid: do not delete third-party connection when third-party...

Merge in SNORT/snort3 from ~SATHIRKA/snort3:reload_tp_conn_delete to master

Squashed commit of the following:

commit 25910d3f6cce13f41c8115013306b588bbd50afe
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Thu May 19 18:21:37 2022 -0400

    appid: do not delete third-party connection when third-party reload is in progress and the context swap is not complete

diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc
index 1aa54d6aaf9a73b8e7994e4071e8b5035a076bed..9a982fb7554b5a9a5c3984d23cd2f573c9f93130 100644 (file)
--- a/src/network_inspectors/appid/appid_discovery.cc
+++ b/src/network_inspectors/appid/appid_discovery.cc
@@ -493,8 +493,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd,
             asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
             asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED);
 
-            if (asd.tpsession and tp_appid_ctxt and
-                (asd.tpsession->get_ctxt_version() == tp_appid_ctxt->get_version()))
+            if (asd.tpsession and asd.need_to_delete_tp_conn(tp_appid_ctxt))
                 asd.tpsession->reset();
             else if (asd.tpsession)
                 asd.tpsession->set_state(TP_STATE_TERMINATED);

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 7e4cf57a6cfc79945e14cc646959436b0489f50c..b6fc19d583894d2d7d7f473f44a4284ccf73b896 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -165,9 +165,7 @@ AppIdSession::~AppIdSession()
 
     if (tpsession)
     {
-        if (pkt_thread_tp_appid_ctxt and
-            ((tpsession->get_ctxt_version() == pkt_thread_tp_appid_ctxt->get_version()) and
-            !ThirdPartyAppIdContext::get_tp_reload_in_progress()))
+        if (need_to_delete_tp_conn(pkt_thread_tp_appid_ctxt))
             tpsession->delete_with_ctxt();
         else
             delete tpsession;
@@ -309,8 +307,7 @@ void AppIdSession::reinit_session_data(AppidChangeBits& change_bits,
     free_flow_data_by_mask(APPID_SESSION_DATA_CLIENT_MODSTATE_BIT);
 
     //3rd party cleaning
-    if (tpsession and curr_tp_appid_ctxt and
-        (tpsession->get_ctxt_version() == curr_tp_appid_ctxt->get_version()))
+    if (tpsession and need_to_delete_tp_conn(curr_tp_appid_ctxt))
         tpsession->reset();
     else if (tpsession)
         tpsession->set_state(TP_STATE_TERMINATED);
@@ -963,8 +960,7 @@ void AppIdSession::reset_session_data(AppidChangeBits& change_bits)
     tp_payload_app_id = APP_ID_UNKNOWN;
     tp_app_id = APP_ID_UNKNOWN;
 
-    if (tpsession and pkt_thread_tp_appid_ctxt and
-        (tpsession->get_ctxt_version() == pkt_thread_tp_appid_ctxt->get_version()))
+    if (tpsession and need_to_delete_tp_conn(pkt_thread_tp_appid_ctxt))
         tpsession->reset();
     else if (tpsession)
         tpsession->set_state(TP_STATE_TERMINATED);
@@ -1072,6 +1068,15 @@ bool AppIdSession::is_tp_appid_available() const
     return true;
 }
 
+bool AppIdSession::need_to_delete_tp_conn(ThirdPartyAppIdContext* curr_tp_appid_ctxt) const
+{
+    // do not delete a third-party connection when reload third-party is in progress, and
+    // third-party context swap isn't complete; since all open connections will be deleted
+    // as part of the third-party reload pruning process.
+    return (curr_tp_appid_ctxt and ((tpsession->get_ctxt_version() == curr_tp_appid_ctxt->get_version()) and
+        !ThirdPartyAppIdContext::get_tp_reload_in_progress()));
+}
+
 void AppIdSession::set_tp_app_id(const Packet& p, AppidSessionDirection dir, AppId app_id,
     AppidChangeBits& change_bits)
 {

diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h
index 792deb0d8dac35182299ab2cbac4582d85dee1b9..3c456a6614973a8cb7e6b243007d00f61d0b276a 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -374,6 +374,8 @@ public:
     void publish_appid_event(AppidChangeBits&, const snort::Packet&, bool is_http2 = false,
         uint32_t http2_stream_index = 0);
 
+    bool need_to_delete_tp_conn(ThirdPartyAppIdContext*) const;
+
     inline void set_tp_app_id(AppId app_id)
     {
         if (tp_app_id != app_id)

diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc
index 39fdcc59e5817ae6e67a309c603acbe97760b5ad..418ef9c3447682b09ec71453e2e052f5e13e9af3 100644 (file)
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -219,6 +219,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits&) {}
 void AppIdSession::update_encrypted_app_id(AppId) {}
 bool AppIdSession::is_tp_processing_done() const {return false;}
 AppId AppIdSession::pick_ss_payload_app_id(AppId) const { return get_payload_id(); }
+bool AppIdSession::need_to_delete_tp_conn(ThirdPartyAppIdContext*) const { return true; }
 AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol,
     AppidSessionDirection, AppIdInspector&, OdpContext&)
 {