detect: use engine version instead of id

Use engine version based on global detect engine master. This is
incremented between reloads.

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 594e301319331a9f1412274e70c64ef8c51e7df0..bbfec11e530b61f638edd62a779083d200309b80 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -84,15 +84,13 @@
 
 #define DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000
 
-static uint32_t detect_engine_ctx_id = 1;
-
 static DetectEngineThreadCtx *DetectEngineThreadCtxInitForReload(
         ThreadVars *tv, DetectEngineCtx *new_de_ctx, int mt);
 
 static int DetectEngineCtxLoadConf(DetectEngineCtx *);
 
 static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER,
-    0, NULL, NULL, TENANT_SELECTOR_UNKNOWN, NULL, NULL, 0};
+    0, 99, NULL, NULL, TENANT_SELECTOR_UNKNOWN, NULL, NULL, 0};
 
 static uint32_t TenantIdHash(HashTable *h, void *data, uint16_t data_len);
 static char TenantIdCompare(void *d1, uint16_t d1_len, void *d2, uint16_t d2_len);
@@ -906,7 +904,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
 
     if (minimal) {
         de_ctx->minimal = 1;
-        de_ctx->id = detect_engine_ctx_id++;
+        de_ctx->version = DetectEngineGetVersion();
+        SCLogDebug("minimal with version %u", de_ctx->version);
         return de_ctx;
     }
 
@@ -958,7 +957,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
         goto error;
     }
 
-    de_ctx->id = detect_engine_ctx_id++;
+    de_ctx->version = DetectEngineGetVersion();
+    SCLogDebug("dectx with version %u", de_ctx->version);
     return de_ctx;
 error:
     if (de_ctx != NULL) {
@@ -2054,6 +2054,25 @@ int DetectEngineEnabled(void)
     return 1;
 }
 
+uint32_t DetectEngineGetVersion(void)
+{
+    uint32_t version;
+    DetectEngineMasterCtx *master = &g_master_de_ctx;
+    SCMutexLock(&master->lock);
+    version = master->version;
+    SCMutexUnlock(&master->lock);
+    return version;
+}
+
+void DetectEngineBumpVersion(void)
+{
+    DetectEngineMasterCtx *master = &g_master_de_ctx;
+    SCMutexLock(&master->lock);
+    master->version++;
+    SCLogDebug("master version now %u", master->version);
+    SCMutexUnlock(&master->lock);
+}
+
 DetectEngineCtx *DetectEngineGetCurrent(void)
 {
     DetectEngineMasterCtx *master = &g_master_de_ctx;
@@ -2827,6 +2846,8 @@ int DetectEngineReload(SCInstance *suri)
     /* walk free list, freeing the old_de_ctx */
     DetectEnginePruneFreeList();
 
+    DetectEngineBumpVersion();
+
     SCLogDebug("old_de_ctx should have been freed");
 
     SCLogNotice("rule reload complete");

diff --git a/src/detect-engine.h b/src/detect-engine.h
index 9c1c1614a5c33261e129ba5023e234f44740dd19..590d4db6bfe820a2ed59787273f0bf018007f8e2 100644 (file)
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@@ -66,6 +66,8 @@ void DetectEngineResetMaxSigId(DetectEngineCtx *);
 void DetectEngineRegisterTests(void);
 const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type);
 
+uint32_t DetectEngineGetVersion(void);
+void DetectEngineBumpVersion(void);
 int DetectEngineAddToMaster(DetectEngineCtx *de_ctx);
 DetectEngineCtx *DetectEngineGetCurrent(void);
 DetectEngineCtx *DetectEngineGetByTenantId(int tenant_id);

diff --git a/src/detect.c b/src/detect.c
index 22db7be12ff859a018239c6c64b8adee7cee9d1d..177daeeae3e79c560f50f4d4aa806daeb69894cb 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1093,17 +1093,17 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
             }
 
             /* live ruleswap check for flow updates */
-            if (pflow->de_ctx_id == 0) {
+            if (pflow->de_ctx_version == 0) {
                 /* first time this flow is inspected, set id */
-                pflow->de_ctx_id = de_ctx->id;
-            } else if (pflow->de_ctx_id != de_ctx->id) {
+                pflow->de_ctx_version = de_ctx->version;
+            } else if (pflow->de_ctx_version != de_ctx->version) {
                 /* first time we inspect flow with this de_ctx, reset */
                 pflow->flags &= ~FLOW_SGH_TOSERVER;
                 pflow->flags &= ~FLOW_SGH_TOCLIENT;
                 pflow->sgh_toserver = NULL;
                 pflow->sgh_toclient = NULL;
 
-                pflow->de_ctx_id = de_ctx->id;
+                pflow->de_ctx_version = de_ctx->version;
                 GenericVarFree(pflow->flowvar);
                 pflow->flowvar = NULL;
 

diff --git a/src/detect.h b/src/detect.h
index 50a735e47c52b5c94e252ca80506ccd3fdc2dd15..88c31ddd3cdcb9d82b36227a6cd41cc9059dff8c 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -669,8 +669,8 @@ typedef struct DetectEngineCtx_ {
     /* the max local id used amongst all sigs */
     int32_t byte_extract_max_local_id;
 
-    /* id used by every detect engine ctx instance */
-    uint32_t id;
+    /** version of the detect engine */
+    uint32_t version;
 
     /** sgh for signatures that match against invalid packets. In those cases
      *  we can't lookup by proto, address, port as we don't have these */
@@ -1117,6 +1117,9 @@ typedef struct DetectEngineMasterCtx_ {
     /** enable multi tenant mode */
     int multi_tenant_enabled;
 
+    /** version, incremented after each 'apply to threads' */
+    uint32_t version;
+
     /** list of active detection engines. This list is used to generate the
      *  threads det_ctx's */
     DetectEngineCtx *list;

diff --git a/src/flow-util.h b/src/flow-util.h
index c0b8c06967fefaf853575c3202e70abe889be966..dfbba64cb1b978735a903128812653a4d60dde99 100644 (file)
--- a/src/flow-util.h
+++ b/src/flow-util.h
@@ -55,7 +55,7 @@
         (f)->alproto = 0; \
         (f)->alproto_ts = 0; \
         (f)->alproto_tc = 0; \
-        (f)->de_ctx_id = 0; \
+        (f)->de_ctx_version = 0; \
         (f)->thread_id = 0; \
         (f)->detect_alversion[0] = 0; \
         (f)->detect_alversion[1] = 0; \
@@ -97,7 +97,7 @@
         (f)->alproto = 0; \
         (f)->alproto_ts = 0; \
         (f)->alproto_tc = 0; \
-        (f)->de_ctx_id = 0; \
+        (f)->de_ctx_version = 0; \
         (f)->thread_id = 0; \
         (f)->detect_alversion[0] = 0; \
         (f)->detect_alversion[1] = 0; \

diff --git a/src/flow.h b/src/flow.h
index 35ba26f589b85da221fbd47baef4eaf6765515ad..b12554135d927ec54828dea6b440998b4957e675 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -384,10 +384,10 @@ typedef struct Flow_
     AppProto alproto_ts;
     AppProto alproto_tc;
 
-    /** detection engine ctx id used to inspect this flow. Set at initial
+    /** detection engine ctx version used to inspect this flow. Set at initial
      *  inspection. If it doesn't match the currently in use de_ctx, the
      *  stored sgh ptrs are reset. */
-    uint32_t de_ctx_id;
+    uint32_t de_ctx_version;
 
     /** Thread ID for the stream/detect portion of this flow */
     FlowThreadId thread_id;

diff --git a/src/suricata.c b/src/suricata.c
index 06ff877662fdfa3352f40dfd16dce404af7adf7b..fbe0305531c2283b19d726bc1caf17f2e627d026 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2519,6 +2519,7 @@ static void PostConfLoadedDetectSetup(SCInstance *suri)
         }
 
         DetectEngineAddToMaster(de_ctx);
+        DetectEngineBumpVersion();
     } else {
         /* tell the app layer to consider only the log id */
         RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveLogOnly);