The post match list was called with an unlocked flow until now.
However, recent de_state handling updates changed this. The stateful
detection code can now call the post match functions while keeping
the flow locked. The normal detection code still calls it with an
unlocked flow.
This patch adds a hint to the DetectEngineThreadCtx called
'flow_locked' that is set to true if the caller has already locked
the flow.
RULE_PROFILING_END(det_ctx, s, (alert == 1), p);
if (alert) {
+ det_ctx->flow_locked = 1;
SigMatchSignaturesRunPostMatch(tv, de_ctx, det_ctx, p, s);
+ det_ctx->flow_locked = 0;
if (!(s->flags & SIG_FLAG_NOALERT)) {
PacketAlertAppend(det_ctx, s, p, inspect_tx_id,
item->nm = sm;
if (alert) {
+ det_ctx->flow_locked = 1;
SigMatchSignaturesRunPostMatch(tv, de_ctx, det_ctx, p, s);
+ det_ctx->flow_locked = 0;
if (!(s->flags & SIG_FLAG_NOALERT)) {
PacketAlertAppend(det_ctx, s, p, 0,
else
flags |= STREAM_TOSERVER;
- FLOWLOCK_WRLOCK(p->flow);
+ if (det_ctx->flow_locked == 0)
+ FLOWLOCK_WRLOCK(p->flow);
FileContainer *ffc = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
p->flow->alstate, flags);
}
}
- FLOWLOCK_UNLOCK(p->flow);
+ if (det_ctx->flow_locked == 0)
+ FLOWLOCK_UNLOCK(p->flow);
+
SCReturnInt(0);
}
{
DetectFlowvarList *fs, *prev;
const DetectFlowvarData *fd;
+ const int flow_locked = det_ctx->flow_locked;
if (det_ctx->flowvarlist == NULL || p->flow == NULL)
return 1;
SCLogDebug("adding to the flow %u:", fs->idx);
//PrintRawDataFp(stdout, fs->buffer, fs->len);
- FlowVarAddStr(p->flow, fs->idx, fs->buffer, fs->len);
+ if (flow_locked)
+ FlowVarAddStrNoLock(p->flow, fs->idx, fs->buffer, fs->len);
+ else
+ FlowVarAddStr(p->flow, fs->idx, fs->buffer, fs->len);
/* memory at fs->buffer is now the responsibility of
* the flowvar code. */
* - enforce storage for type ALWAYS (luajit)
* Only called from DetectFlowvarProcessList() when flowvarlist is not NULL .
*/
-void DetectFlowvarProcessListInternal(DetectFlowvarList *fs, Flow *f)
+void DetectFlowvarProcessListInternal(DetectFlowvarList *fs, Flow *f, const int flow_locked)
{
DetectFlowvarList *next;
SCLogDebug("adding to the flow %u:", fs->idx);
//PrintRawDataFp(stdout, fs->buffer, fs->len);
- FlowVarAddStr(f, fs->idx, fs->buffer, fs->len);
+ if (flow_locked)
+ FlowVarAddStrNoLock(f, fs->idx, fs->buffer, fs->len);
+ else
+ FlowVarAddStr(f, fs->idx, fs->buffer, fs->len);
/* memory at fs->buffer is now the responsibility of
* the flowvar code. */
} else
int DetectFlowvarStoreMatch(DetectEngineThreadCtx *, uint16_t, uint8_t *, uint16_t, int);
/* For use only by DetectFlowvarProcessList() */
-void DetectFlowvarProcessListInternal(DetectFlowvarList *fs, Flow *f);
+void DetectFlowvarProcessListInternal(DetectFlowvarList *fs, Flow *f, const int flow_locked);
static inline void DetectFlowvarProcessList(DetectEngineThreadCtx *det_ctx, Flow *f)
{
DetectFlowvarList *fs = det_ctx->flowvarlist;
+ const int flow_locked = det_ctx->flow_locked;
SCLogDebug("det_ctx->flowvarlist %p", fs);
if (fs != NULL) {
det_ctx->flowvarlist = NULL;
- DetectFlowvarProcessListInternal(fs, f);
+ DetectFlowvarProcessListInternal(fs, f, flow_locked);
}
}
/**
* Detection engine thread data.
*/
-typedef struct DetectionEngineThreadCtx_ {
+typedef struct DetectEngineThreadCtx_ {
/* the thread to which this detection engine thread belongs */
ThreadVars *tv;
/* counter for the filestore array below -- up here for cache reasons. */
uint16_t filestore_cnt;
+ /* bool to hint the POSTMATCH list members about the lock status of the
+ * flow. If locked this is TRUE, unlocked or no-flow: FALSE */
+ uint8_t flow_locked;
+
HttpReassembledBody *hsbd;
uint64_t hsbd_start_tx_id;
uint16_t hsbd_buffers_size;
projects / thirdparty / suricata.git / commitdiff
