Merge pull request #2975 in SNORT/snort3 from ~SBAIGAL/snort3:control_expire to master

Squashed commit of the following:

commit 69747b5e417ef9603f71dc6bfab54c6885c8ee0d
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date:   Fri Jul 9 19:02:34 2021 -0400

    control: add idle expire removal to control channels

diff --git a/src/control/control.cc b/src/control/control.cc
index e706247c7ef470bbd79a9054f29c93314ef0a2ce..10190c57c3a396b615d6d13e4164dac93a3e0d48 100644 (file)
--- a/src/control/control.cc
+++ b/src/control/control.cc
@@ -51,6 +51,7 @@ ControlConn* ControlConn::query_from_lua(const lua_State* L)
 
 ControlConn::ControlConn(int fd, bool local) : fd(fd), local(local)
 {
+    touch();
     shell = new Shell;
     configure();
     show_prompt();
@@ -114,7 +115,7 @@ int ControlConn::read_commands()
     }
     if (n == 0 && commands_found == 0)
         return -1;
-
+    touch();
     return commands_found;
 }
 
@@ -147,6 +148,16 @@ void ControlConn::remove()
     removed = true;
 }
 
+void ControlConn::touch()
+{
+    touched = time(nullptr);
+}
+
+time_t ControlConn::get_touched() const
+{
+    return touched;
+}
+
 void ControlConn::unblock()
 {
     if (blocked)
@@ -187,6 +198,7 @@ bool ControlConn::respond(const char* format, va_list& ap)
         else
             bytes_written += n;
     }
+    touch();
     return true;
 }
 

diff --git a/src/control/control.h b/src/control/control.h
index d96ce40809c66a33684c5b19ba88a96cb4a5205e..63db6b6368b934c52cdf1cf42882ee38067f7a33 100644 (file)
--- a/src/control/control.h
+++ b/src/control/control.h
@@ -51,6 +51,7 @@ public:
     bool is_closed() const { return (fd == -1); }
     bool is_removed() const { return removed; }
     bool has_pending_command() const { return !pending_commands.empty(); }
+    time_t get_touched() const;
 
     void configure() const;
     int read_commands();
@@ -64,6 +65,7 @@ public:
 private:
     bool respond(const char* format, va_list& ap);
     bool show_prompt();
+    void touch();
 
 private:
     std::queue<std::string> pending_commands;
@@ -73,6 +75,7 @@ private:
     bool local = false;
     bool blocked = false;
     bool removed = false;
+    time_t touched;
 };
 
 #define LogRespond(cn, ...)       if (cn) cn->respond(__VA_ARGS__); else LogMessage(__VA_ARGS__)

diff --git a/src/control/control_mgmt.cc b/src/control/control_mgmt.cc
index 76d1d6ee03d0318e9d9e5465a0c9a07e8279e7ef..9ed179ad922489a9baa983fdb0412c5aec5765be 100644 (file)
--- a/src/control/control_mgmt.cc
+++ b/src/control/control_mgmt.cc
@@ -45,6 +45,7 @@
 using namespace snort;
 
 static constexpr unsigned MAX_CONTROL_FDS = 16;
+static constexpr unsigned MAX_CONTROL_IDLE_TIME = 60;
 
 static int listener = -1;
 static socklen_t sock_addr_size = 0;
@@ -71,6 +72,8 @@ struct FdEvents{
 static int epoll_fd = -1;
 static unsigned nfds;
 
+static void delete_expired_controls();
+
 static bool init_controls()
 {
     epoll_fd = epoll_create1(0);
@@ -85,6 +88,9 @@ static bool init_controls()
 
 static bool register_control_fd(const int fd)
 {
+    if (nfds + 2 >= MAX_CONTROL_FDS)
+        delete_expired_controls();
+
     if (nfds == MAX_CONTROL_FDS)
     {
         WarningMessage("Failed to add file descriptor, exceed max (%d)\n", nfds);
@@ -368,6 +374,23 @@ static void clear_controls()
     controls.clear();
 }
 
+static void delete_expired_controls()
+{
+    int fds[MAX_CONTROL_FDS], n=0;
+    time_t curr_time = time(nullptr);
+    for (const auto& p : controls)
+    {
+        ControlConn* ctrlcon = p.second;
+        if (!ctrlcon->is_local() and (curr_time - ctrlcon->get_touched()) >= MAX_CONTROL_IDLE_TIME)
+            fds[n++] = p.first;
+    }
+    for(int i=0; i<n; i++)
+    {
+        LogMessage("Control: closing fd=%d that was idle for more than %d seconds.\n", fds[i], MAX_CONTROL_IDLE_TIME);
+        delete_control(fds[i]);
+    }
+}
+
 //-------------------------------------------------------------------------
 // Public API
 //-------------------------------------------------------------------------