move wire and tcp rebuilt packets from thread local to IpsContext

diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc
index d5598d8e726059da6ee8d711f929bff8682e31f8..a15162dab892d11d5981daf61907c687f7bbeae5 100644 (file)
--- a/src/detection/context_switcher.cc
+++ b/src/detection/context_switcher.cc
@@ -131,16 +131,20 @@ void ContextSwitcher::resume(unsigned slot)
     hold[slot] = nullptr;
 }
 
-void ContextSwitcher::set_context_data(unsigned id, IpsContextData* cd) const
+IpsContext* ContextSwitcher::get_context() const
 {
     assert(!busy.empty());
-    busy.back()->set_context_data(id, cd);
+    return busy.back();
 }
 
 IpsContextData* ContextSwitcher::get_context_data(unsigned id) const
 {
-    assert(!busy.empty());
-    return busy.back()->get_context_data(id);
+    return get_context()->get_context_data(id);
+}
+
+void ContextSwitcher::set_context_data(unsigned id, IpsContextData* cd) const
+{
+    get_context()->set_context_data(id, cd);
 }
 
 unsigned ContextSwitcher::idle_count() const

diff --git a/src/detection/context_switcher.h b/src/detection/context_switcher.h
index a775216e92c55f3f07525bbd6fc3c77ff8ce2811..6d2eb24783be5bda3ff42f777b190bc247bc5337 100644 (file)
--- a/src/detection/context_switcher.h
+++ b/src/detection/context_switcher.h
@@ -65,8 +65,9 @@ public:
     unsigned suspend();
     void resume(unsigned suspended);
 
-    void set_context_data(unsigned id, IpsContextData*) const;
+    IpsContext* get_context() const;
     IpsContextData* get_context_data(unsigned id) const;
+    void set_context_data(unsigned id, IpsContextData*) const;
 
     unsigned idle_count() const;
     unsigned busy_count() const;

diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc
index 000d4957b41d5ab0150320bc2b22d4729e95cbfe..afd0ffdd39cdeb0e0149fe09615d533c0324f9fd 100644 (file)
--- a/src/detection/ips_context.cc
+++ b/src/detection/ips_context.cc
@@ -49,13 +49,19 @@ unsigned IpsContextData::get_max_id()
 //--------------------------------------------------------------------------
 
 IpsContext::IpsContext(unsigned size) : data(size, nullptr)
-{ }
+{
+    packet = new Packet(false);
+    pkth = new DAQ_PktHdr_t;
+}
 
 IpsContext::~IpsContext()
 {
     for ( auto* p : data )
         if ( p )
             delete p;
+
+    delete pkth;
+    delete packet;
 }
 
 void IpsContext::set_context_data(unsigned id, IpsContextData* cd)

diff --git a/src/detection/ips_context.h b/src/detection/ips_context.h
index 04ccb5e41f94b5a9340b7e88ddfa9bab44e0e049..83619d477e91c7cc480ec881cc0b70a956eaff68 100644 (file)
--- a/src/detection/ips_context.h
+++ b/src/detection/ips_context.h
@@ -31,6 +31,9 @@
 
 #include <vector>
 
+// required to get a decent decl of pkth
+#include "protocols/packet.h"
+
 class IpsContextData
 {
 public:
@@ -58,6 +61,10 @@ public:
     unsigned get_slot()
     { return slot; }
 
+public:
+    Packet* packet;
+    DAQ_PktHdr_t* pkth;
+
 private:
     std::vector<IpsContextData*> data;
     unsigned slot;

diff --git a/src/main/snort.cc b/src/main/snort.cc
index d3e77eac4fdf94db509b60ba60efa8a905d44121..528f356732f1139f07e06a6238fd2951ece6e16f 100644 (file)
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -662,7 +662,6 @@ void Snort::thread_init_unprivileged()
     for ( unsigned i = 0; i < max_contexts; ++i )
         s_switcher->push(new IpsContext(max_data));
 
-    s_packet = new Packet(false);
     CodecManager::thread_init(snort_conf);
 
     // this depends on instantiated daq capabilities
@@ -708,11 +707,7 @@ void Snort::thread_term()
     HighAvailabilityManager::thread_term();
     SideChannelManager::thread_term();
 
-    if ( s_packet )
-    {
-        delete s_packet;
-        s_packet = nullptr;
-    }
+    s_packet = nullptr;
 
     SFDAQInstance *daq_instance = SFDAQ::get_local_instance();
     if ( daq_instance->was_started() )
@@ -736,6 +731,19 @@ void Snort::thread_term()
     delete s_switcher;
 }
 
+Packet* Snort::set_detect_packet()
+{
+    const IpsContext* c = s_switcher->interrupt();
+    Packet* p = c->packet;
+    p->pkth = c->pkth;
+    return p;
+}
+
+void Snort::clear_detect_packet()
+{
+    s_switcher->complete();
+}
+
 void Snort::detect_rebuilt_packet(Packet* p)
 {
     // Need to include this b/c call is outside the detect tree
@@ -862,6 +870,7 @@ DAQ_Verdict Snort::packet_callback(
         return DAQ_VERDICT_PASS;
 
     s_switcher->start();
+    s_packet = s_switcher->get_context()->packet;
 
     {
         Profile eventq_profile(eventqPerfStats);

diff --git a/src/main/snort.h b/src/main/snort.h
index 59080c9bcc61fc0fc1dcd991d74dd24196e9c423..a78cdb34393f3a1a6309092ccf84ffc0d51faf02 100644 (file)
--- a/src/main/snort.h
+++ b/src/main/snort.h
@@ -53,6 +53,8 @@ public:
     static void thread_rotate();
 
     static void capture_packet();
+    static Packet* set_detect_packet();
+    static void clear_detect_packet();
     static void detect_rebuilt_packet(Packet*);
 
     static DAQ_Verdict process_packet(

diff --git a/src/stream/libtcp/tcp_stream_session.cc b/src/stream/libtcp/tcp_stream_session.cc
index 1f4079ff1619d9040b61d68530b9237b0625149a..683dd9d7bdc1117918afed8a8a609f2df2f432d1 100644 (file)
--- a/src/stream/libtcp/tcp_stream_session.cc
+++ b/src/stream/libtcp/tcp_stream_session.cc
@@ -469,18 +469,11 @@ void TcpStreamSession::start_proxy()
 
 void TcpStreamSession::sinit()
 {
-    s5_pkt = new Packet();
     //AtomSplitter::init();  // FIXIT-L PAF implement
 }
 
 void TcpStreamSession::sterm()
-{
-    if (s5_pkt)
-    {
-        delete s5_pkt;
-        s5_pkt = nullptr;
-    }
-}
+{ }
 
 void TcpStreamSession::print()
 {

diff --git a/src/stream/tcp/tcp_defs.h b/src/stream/tcp/tcp_defs.h
index 20fe0e288fac5b957a5129689ec801d7823666f2..18e282c5bda9536c9f757d92fa5dbf4cab5e78c4 100644 (file)
--- a/src/stream/tcp/tcp_defs.h
+++ b/src/stream/tcp/tcp_defs.h
@@ -146,7 +146,5 @@ enum FlushPolicy
     STREAM_FLPOLICY_ON_DATA, /* protocol aware ips */
 };
 
-extern THREAD_LOCAL Packet* s5_pkt;
-
 #endif
 

diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index 080223492b5906b3322214552923a5f12d92667f..d913f12297fb29db876184964706dd43d38a51ed 100644 (file)
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -33,7 +33,7 @@
 #include "tcp_module.h"
 #include "tcp_normalizer.h"
 
-THREAD_LOCAL Packet* s5_pkt = nullptr;
+static THREAD_LOCAL Packet* s5_pkt = nullptr;
 
 ReassemblyPolicy stream_reassembly_policy_map[] =
 {
@@ -477,7 +477,8 @@ int TcpReassembler::flush_data_segments(Packet* p, uint32_t total)
             flags |= PKT_PDU_TAIL;
 
         const StreamBuffer* sb = tracker->splitter->reassemble(
-            p->flow, total, bytes_flushed, tsn->payload(), bytes_to_copy, flags, bytes_copied);
+            session->flow, total, bytes_flushed, tsn->payload(),
+            bytes_to_copy, flags, bytes_copied);
 
         flags = 0;
 
@@ -593,11 +594,20 @@ void TcpReassembler::prep_s5_pkt(Flow* flow, Packet* p, uint32_t pkt_flags)
 int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
 {
     Profile profile(s5TcpFlushPerfStats);
+    s5_pkt = Snort::set_detect_packet();
 
     DAQ_PktHdr_t pkth;
-    EncodeFlags enc_flags = 0;
-
     session->GetPacketHeaderFoo(&pkth, pkt_flags);
+
+    if ( !p )
+    {
+        // FIXIT-H we need to have user_policy_id in this case
+        // FIXIT-H this leads to format_tcp() copying from s5_pkt to s5_pkt
+        // (neither of these issues is created by passing null through to here)
+        p = s5_pkt;
+    }
+
+    EncodeFlags enc_flags = 0;
     PacketManager::format_tcp(enc_flags, p, s5_pkt, PSEUDO_PKT_TCP, &pkth, pkth.opaque);
     prep_s5_pkt(session->flow, p, pkt_flags);
 
@@ -612,14 +622,16 @@ int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
         uint32_t footprint = stop_seq - seglist_base_seq;
 
         if ( footprint == 0 )
+        {
+            Snort::clear_detect_packet();
             return bytes_processed;
+        }
 
         if ( footprint > s5_pkt->max_dsize )
             /* this is as much as we can pack into a stream buffer */
             footprint = s5_pkt->max_dsize;
 
-        ((DAQ_PktHdr_t*)s5_pkt->pkth)->ts.tv_sec = seglist.next->tv.tv_sec;
-        ((DAQ_PktHdr_t*)s5_pkt->pkth)->ts.tv_usec = seglist.next->tv.tv_usec;
+        ((DAQ_PktHdr_t*)s5_pkt->pkth)->ts = seglist.next->tv;
 
         /* setup the pseudopacket payload */
         s5_pkt->dsize = 0;
@@ -681,6 +693,7 @@ int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
             break;
     }
 
+    Snort::clear_detect_packet();
     return bytes_processed;
 }
 
@@ -811,17 +824,8 @@ int TcpReassembler::flush_stream(Packet* p, uint32_t dir)
 void TcpReassembler::final_flush(Packet* p, PegCount& peg, uint32_t dir)
 {
     if ( !p )
-    {
-        p = s5_pkt;
-
-        DAQ_PktHdr_t* const tmp_pcap_hdr = const_cast<DAQ_PktHdr_t*>(p->pkth);
         peg++;
 
-        /* Do each field individually because of size differences on 64bit OS */
-        tmp_pcap_hdr->ts.tv_sec = seglist.head->tv.tv_sec;
-        tmp_pcap_hdr->ts.tv_usec = seglist.head->tv.tv_usec;
-    }
-
     tracker->set_tf_flags(TF_FORCE_FLUSH);
 
     if ( flush_stream(p, dir) )

diff --git a/src/stream/tcp/tcp_tracker.h b/src/stream/tcp/tcp_tracker.h
index 6d571e27ccef5ff0e20022c260113666f277b961..3a1d8bc27511e26ce1a4c79623df932a2fadb29d 100644 (file)
--- a/src/stream/tcp/tcp_tracker.h
+++ b/src/stream/tcp/tcp_tracker.h
@@ -47,14 +47,10 @@
 //    to set these fields
 //-------------------------------------------------------------------------
 
-class TcpNormalizer;
-class TcpReassembler;
-class TcpSession;
-
 class TcpTracker : public TcpStreamTracker
 {
 public:
-    TcpTracker(bool, TcpSession*);
+    TcpTracker(bool, class TcpSession*);
     virtual ~TcpTracker();
 
     void init_tcp_state() override;