Merge pull request #3065 in SNORT/snort3 from ~MDAGON/snort3:pruning2 to master

Squashed commit of the following:

commit 27e9bef80fed555db0a0736076704064a875c4e8
Author: Maya Dagon <mdagon@cisco.com>
Date:   Tue Sep 14 15:50:23 2021 -0400

    flow: don't do memcap pruning if pruning is in progress

diff --git a/src/flow/flow_cache.cc b/src/flow/flow_cache.cc
index 89798415a033875329ef5b3d089e2b46143d07f4..3d62ad426e64590d3b465a5cac835452336d85fd 100644 (file)
--- a/src/flow/flow_cache.cc
+++ b/src/flow/flow_cache.cc
@@ -53,6 +53,8 @@ static const unsigned ALL_FLOWS = 3;
 // FlowCache stuff
 //-------------------------------------------------------------------------
 
+THREAD_LOCAL bool FlowCache::pruning_in_progress = false;
+
 FlowCache::FlowCache(const FlowCacheConfig& cfg) : config(cfg)
 {
     hash_table = new ZHash(config.max_flows, sizeof(FlowKey));
@@ -174,12 +176,16 @@ void FlowCache::remove(Flow* flow)
 
 bool FlowCache::release(Flow* flow, PruneReason reason, bool do_cleanup)
 {
+    assert(!pruning_in_progress);
+    pruning_in_progress = true;
+
     if ( !flow->was_blocked() )
     {
         flow->flush(do_cleanup);
         if ( flow->ssn_state.session_flags & SSNFLAG_KEEP_FLOW )
         {
             flow->ssn_state.session_flags &= ~SSNFLAG_KEEP_FLOW;
+            pruning_in_progress = false;
             return false;
         }
     }
@@ -187,6 +193,7 @@ bool FlowCache::release(Flow* flow, PruneReason reason, bool do_cleanup)
     flow->reset(do_cleanup);
     prune_stats.update(reason);
     remove(flow);
+    pruning_in_progress = false;
     return true;
 }
 
@@ -482,12 +489,14 @@ unsigned FlowCache::purge()
     FlagContext<decltype(flags)>(flags, SESSION_CACHE_FLAG_PURGING);
 
     unsigned retired = 0;
-
+    assert(!pruning_in_progress);
+    pruning_in_progress = true;
     while ( auto flow = static_cast<Flow*>(hash_table->lru_first()) )
     {
         retire(flow);
         ++retired;
     }
+    pruning_in_progress = false;
 
     while ( Flow* flow = (Flow*)hash_table->pop() )
     {

diff --git a/src/flow/flow_cache.h b/src/flow/flow_cache.h
index ccf5d9fea8abcac1dd7e814fd1f932df2167fd74..9b5fb5e262d726711a467624243904ae6778f8d7 100644 (file)
--- a/src/flow/flow_cache.h
+++ b/src/flow/flow_cache.h
@@ -29,6 +29,7 @@
 #include <type_traits>
 
 #include "framework/counts.h"
+#include "main/thread.h"
 
 #include "flow_config.h"
 #include "prune_stats.h"
@@ -96,6 +97,9 @@ public:
     unsigned get_flows_allocated() const
     { return flows_allocated; }
 
+    static bool is_pruning_in_progress()
+    { return pruning_in_progress; }
+
 private:
     void delete_uni();
     void push(snort::Flow*);
@@ -107,6 +111,7 @@ private:
         (unsigned mode, unsigned num_to_delete, unsigned &deleted);
 
 private:
+    static THREAD_LOCAL bool pruning_in_progress;
     static const unsigned cleanup_flows = 1;
     FlowCacheConfig config;
     uint32_t flags;

diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc
index f7bb208d79b1916c63cdfb6ec618eee766a60330..44467fa8155f5b6c855bd48deca280e92dd360bb 100644 (file)
--- a/src/flow/test/flow_control_test.cc
+++ b/src/flow/test/flow_control_test.cc
@@ -53,6 +53,7 @@ THREAD_LOCAL bool Active::s_suspend = false;
 THREAD_LOCAL Active::ActiveSuspendReason Active::s_suspend_reason = Active::ASP_NONE;
 
 THREAD_LOCAL PacketTracer* snort::s_pkt_trace = nullptr;
+THREAD_LOCAL bool FlowCache::pruning_in_progress = false;
 
 void Active::drop_packet(snort::Packet const*, bool) { }
 PacketTracer::~PacketTracer() = default;

diff --git a/src/stream/stream.cc b/src/stream/stream.cc
index 028c6e2763e277907ea32ea60091f245db93c622..db0f0633b7c2f61ab1da4462a8895423afa1f7b8 100644 (file)
--- a/src/stream/stream.cc
+++ b/src/stream/stream.cc
@@ -27,6 +27,7 @@
 #include <mutex>
 
 #include "detection/detection_engine.h"
+#include "flow/flow_cache.h"
 #include "flow/flow_control.h"
 #include "flow/flow_key.h"
 #include "flow/ha.h"
@@ -374,7 +375,7 @@ void Stream::handle_timeouts(bool idle)
 
 void Stream::prune_flows()
 {
-    if ( flow_con )
+    if ( flow_con && !FlowCache::is_pruning_in_progress())
         flow_con->prune_one(PruneReason::MEMCAP, false);
 }