multi-detect: set tenant id on pseudo packets

Store the tenant id in the flow and use the stored id when setting
up pesudo packets.

For tunnel and defrag packets, get tenant from parent. This will only
pass tenant_id's set at capture time.

For defrag packets, the tenant selector based on vlan id will still
work as the vlan id(s) are stored in the defrag tracker before being
passed on.

diff --git a/src/decode.c b/src/decode.c
index aa6068bbc09c3815022ce682666da3a9ba6ef220..0dd9fa86fa04600d1b39bc200471cc65e72feafc 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -274,6 +274,7 @@ Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *pare
     p->ts.tv_sec = parent->ts.tv_sec;
     p->ts.tv_usec = parent->ts.tv_usec;
     p->datalink = DLT_RAW;
+    p->tenant_id = parent->tenant_id;
 
     /* set the root ptr to the lowest layer */
     if (parent->root != NULL)
@@ -345,6 +346,7 @@ Packet *PacketDefragPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
     p->ts.tv_sec = parent->ts.tv_sec;
     p->ts.tv_usec = parent->ts.tv_usec;
     p->datalink = DLT_RAW;
+    p->tenant_id = parent->tenant_id;
     /* tell new packet it's part of a tunnel */
     SET_TUNNEL_PKT(p);
     p->vlan_id[0] = parent->vlan_id[0];

diff --git a/src/detect.c b/src/detect.c
index 7d608a0a241689b531e224aa167534d46a0adc4c..e420f5e392cd2edde2d0b409af7dff2da63c28e2 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1279,6 +1279,12 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
 
         FLOWLOCK_WRLOCK(pflow);
         {
+            /* store tenant_id in the flow so that we can use it
+             * for creating pseudo packets */
+            if (p->tenant_id > 0 && pflow->tenant_id == 0) {
+                pflow->tenant_id = p->tenant_id;
+            }
+
             /* live ruleswap check for flow updates */
             if (pflow->de_ctx_id == 0) {
                 /* first time this flow is inspected, set id */
@@ -1991,7 +1997,9 @@ TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
             return TM_ECODE_OK;
         }
 
-        uint32_t tenant_id = det_ctx->TenantGetId(det_ctx, p);
+        uint32_t tenant_id = p->tenant_id;
+        if (tenant_id == 0)
+            tenant_id = det_ctx->TenantGetId(det_ctx, p);
         if (tenant_id > 0 && tenant_id < det_ctx->mt_det_ctxs_cnt) {
             p->tenant_id = tenant_id;
             det_ctx = GetTenantById(det_ctx->mt_det_ctxs_hash, tenant_id);

diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index 534875c68b289f79731d1d3f558d7f2d7cacb8d4..8df85cddcd99b2dca7364260d8b2b116f4e21909 100644 (file)
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -80,6 +80,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
                                                            TcpSession *ssn,
                                                            int dummy)
 {
+    p->tenant_id = f->tenant_id;
     p->datalink = DLT_RAW;
     p->proto = IPPROTO_TCP;
     FlowReference(&p->flow, f);

diff --git a/src/flow-util.h b/src/flow-util.h
index 38257b1289bb1dd3c197e40b2addb56d53de65a0..ca6a49cccb291baf00af7bb348031748b7a09166 100644 (file)
--- a/src/flow-util.h
+++ b/src/flow-util.h
@@ -42,6 +42,7 @@
         (f)->proto = 0; \
         SC_ATOMIC_INIT((f)->flow_state); \
         SC_ATOMIC_INIT((f)->use_cnt); \
+        (f)->tenant_id = 0; \
         (f)->probing_parser_toserver_alproto_masks = 0; \
         (f)->probing_parser_toclient_alproto_masks = 0; \
         (f)->flags = 0; \
@@ -86,6 +87,7 @@
         (f)->proto = 0; \
         SC_ATOMIC_RESET((f)->flow_state); \
         SC_ATOMIC_RESET((f)->use_cnt); \
+        (f)->tenant_id = 0; \
         (f)->probing_parser_toserver_alproto_masks = 0; \
         (f)->probing_parser_toclient_alproto_masks = 0; \
         (f)->flags = 0; \

diff --git a/src/flow.h b/src/flow.h
index caa34c6fc811373573c0155af7f7e7a01c4fc67e..eab737760943bc58550271fb489432350c7cee76 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -329,6 +329,10 @@ typedef struct Flow_
     /** flow queue id, used with autofp */
     SC_ATOMIC_DECLARE(int16_t, autofp_tmqh_flow_qid);
 
+    /** flow tenant id, used to setup flow timeout and stream pseudo
+     *  packets with the correct tenant id set */
+    uint32_t tenant_id;
+
     uint32_t probing_parser_toserver_alproto_masks;
     uint32_t probing_parser_toclient_alproto_masks;
 

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 88fe40d4bed552c5eea72f273023b44197bc8df3..6cde8651384be17547c72561b016bdd4d7d01495 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5829,6 +5829,8 @@ void StreamTcpPseudoPacketCreateStreamEndPacket(ThreadVars *tv, StreamTcpThread
     /* Setup the IP and TCP headers */
     StreamTcpPseudoPacketSetupHeader(np,p);
 
+    np->tenant_id = p->flow->tenant_id;
+
     np->flowflags = p->flowflags;
 
     np->flags |= PKT_STREAM_EST;