]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #1326 in SNORT/snort3 from offload_cleanup to master
authorMichael Altizer (mialtize) <mialtize@cisco.com>
Tue, 14 Aug 2018 17:08:27 +0000 (13:08 -0400)
committerMichael Altizer (mialtize) <mialtize@cisco.com>
Tue, 14 Aug 2018 17:08:27 +0000 (13:08 -0400)
Squashed commit of the following:

commit 249e1f755ebfc94df1f094c187f60687c19fc5b4
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Mon Aug 6 13:18:05 2018 -0400

    DetectionEngine: don't finish_packet immediately after offloading

src/detection/detection_engine.cc
src/stream/tcp/tcp_reassembler.cc

index 3f0af3dbbe352755f49820eb2f5f7387985cd323..6e615735b3ed683fe38402f9faa9d8362d9b553d 100644 (file)
@@ -76,11 +76,11 @@ DetectionEngine::DetectionEngine()
 
 DetectionEngine::~DetectionEngine()
 {
-    finish_packet(context->packet);
     ContextSwitcher* sw = Snort::get_switcher();
 
     if ( context == sw->get_context() )
     {
+        finish_packet(context->packet);
         sw->complete();
     }
 }
@@ -406,7 +406,7 @@ void DetectionEngine::inspect(Packet* p)
             if ( !all_disabled(p) )
             {
                 if ( detect(p, true) )
-                    return;
+                    return; // don't finish out offloaded packets
             }
         }
         DetectionEngine::set_check_tags();
@@ -423,9 +423,6 @@ void DetectionEngine::inspect(Packet* p)
     log_events(p);
     Active::apply_delayed_action(p);
 
-    if ( offloaded(p) )
-        return;
-
     // clear closed sessions here after inspection since non-stream
     // inspectors may depend on flow information
     // this also handles block pending state
index ce1836deda35bafb5bbdcd549d399ba872adf7f3..93682f20c97bb422703fa470725b2b98513bbea3 100644 (file)
@@ -430,7 +430,7 @@ int TcpReassembler::flush_data_segments(
         {
             pdu->data = sb.data;
             pdu->dsize = sb.length;
-            assert(sb.length <= pdu->max_dsize);
+            assert(sb.length <= Packet::max_dsize);
 
             bytes_to_copy = bytes_copied;
         }
@@ -554,16 +554,14 @@ int TcpReassembler::_flush_to_seq(
     TcpReassemblerState& trs, uint32_t bytes, Packet* p, uint32_t pkt_flags)
 {
     DeepProfile profile(s5TcpFlushPerfStats);
-
     DetectionEngine::onload(trs.sos.session->flow);
-    Packet* pdu = DetectionEngine::set_next_packet(p);
 
     if ( !p )
     {
         // FIXIT-H we need to have user_policy_id in this case
         // FIXIT-H this leads to format_tcp() copying from pdu to pdu
         // (neither of these issues is created by passing null through to here)
-        p = pdu;
+        p = DetectionEngine::set_next_packet();
     }
 
     uint32_t bytes_processed = 0;
@@ -577,9 +575,9 @@ int TcpReassembler::_flush_to_seq(
         if ( footprint == 0 )
             return bytes_processed;
 
-        if ( footprint > pdu->max_dsize )
+        if ( footprint > Packet::max_dsize )
             /* this is as much as we can pack into a stream buffer */
-            footprint = pdu->max_dsize;
+            footprint = Packet::max_dsize;
 
         if ( trs.tracker->splitter->is_paf() and
             ( trs.tracker->get_tf_flags() & TF_MISSING_PREV_PKT ) )