return HashTableLookup(h, &id, 0);
}
-/** \brief Detection engine thread wrapper.
- * \param tv thread vars
- * \param p packet to inspect
- * \param data thread specific data
- * \param pq packet queue
- * \retval TM_ECODE_FAILED error
- * \retval TM_ECODE_OK ok
- */
-TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+static void DetectFlow(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Packet *p)
{
- DEBUG_VALIDATE_PACKET(p);
-
/* No need to perform any detection on this packet, if the the given flag is set.*/
if ((p->flags & PKT_NOPACKET_INSPECTION) ||
(PACKET_TEST_ACTION(p, ACTION_DROP)))
/* hack: if we are in pass the entire flow mode, we need to still
* update the inspect_id forward. So test for the condition here,
* and call the update code if necessary. */
- if (p->flow) {
- uint8_t flags = 0;
- FLOWLOCK_RDLOCK(p->flow);
- int pass = ((p->flow->flags & FLOW_NOPACKET_INSPECTION));
- flags = FlowGetDisruptionFlags(p->flow, flags);
- AppProto alproto = FlowGetAppProtocol(p->flow);
- FLOWLOCK_UNLOCK(p->flow);
- if (pass && AppLayerParserProtocolSupportsTxs(p->proto, alproto)) {
- if (p->flowflags & FLOW_PKT_TOSERVER) {
- flags |= STREAM_TOSERVER;
- } else {
- flags |= STREAM_TOCLIENT;
- }
- DeStateUpdateInspectTransactionId(p->flow, flags);
+ int pass = ((p->flow->flags & FLOW_NOPACKET_INSPECTION));
+ uint8_t flags = FlowGetDisruptionFlags(p->flow, 0);
+ AppProto alproto = FlowGetAppProtocol(p->flow);
+ if (pass && AppLayerParserProtocolSupportsTxs(p->proto, alproto)) {
+ if (p->flowflags & FLOW_PKT_TOSERVER) {
+ flags |= STREAM_TOSERVER;
+ } else {
+ flags |= STREAM_TOCLIENT;
}
+ DeStateUpdateInspectTransactionId(p->flow, flags);
}
- return 0;
+ return;
}
+ /* see if the packet matches one or more of the sigs */
+ (void)SigMatchSignatures(tv,de_ctx,det_ctx,p);
+}
+
+
+static void DetectNoFlow(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Packet *p)
+{
+ /* No need to perform any detection on this packet, if the the given flag is set.*/
+ if ((p->flags & PKT_NOPACKET_INSPECTION) ||
+ (PACKET_TEST_ACTION(p, ACTION_DROP)))
+ {
+ return;
+ }
+
+ /* see if the packet matches one or more of the sigs */
+ (void)SigMatchSignatures(tv,de_ctx,det_ctx,p);
+ return;
+}
+
+/** \brief Detection engine thread wrapper.
+ * \param tv thread vars
+ * \param p packet to inspect
+ * \param data thread specific data
+ * \param pq packet queue
+ * \retval TM_ECODE_FAILED error
+ * \retval TM_ECODE_OK ok
+ */
+TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+{
+ DEBUG_VALIDATE_PACKET(p);
+
DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
if (det_ctx == NULL) {
goto error;
}
- if (SC_ATOMIC_GET(det_ctx->so_far_used_by_detect) == 0) {
+ if (unlikely(SC_ATOMIC_GET(det_ctx->so_far_used_by_detect) == 0)) {
(void)SC_ATOMIC_SET(det_ctx->so_far_used_by_detect, 1);
SCLogDebug("Detect Engine using new det_ctx - %p",
det_ctx);
if (de_ctx == NULL)
return TM_ECODE_OK;
- if (SC_ATOMIC_GET(det_ctx->so_far_used_by_detect) == 0) {
+ if (unlikely(SC_ATOMIC_GET(det_ctx->so_far_used_by_detect) == 0)) {
(void)SC_ATOMIC_SET(det_ctx->so_far_used_by_detect, 1);
SCLogDebug("MT de_ctx %p det_ctx %p (tenant %u)", de_ctx, det_ctx, tenant_id);
}
de_ctx = det_ctx->de_ctx;
}
- /* see if the packet matches one or more of the sigs */
- int r = SigMatchSignatures(tv,de_ctx,det_ctx,p);
- if (r >= 0) {
- return TM_ECODE_OK;
+ if (p->flow) {
+ DetectFlow(tv, de_ctx, det_ctx, p);
+ } else {
+ DetectNoFlow(tv, de_ctx, det_ctx, p);
}
+ return TM_ECODE_OK;
error:
return TM_ECODE_FAILED;
projects / thirdparty / suricata.git / commitdiff
