]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #1421 in SNORT/snort3 from offload_no_onloads to master
authorMichael Altizer (mialtize) <mialtize@cisco.com>
Mon, 5 Nov 2018 21:42:11 +0000 (16:42 -0500)
committerMichael Altizer (mialtize) <mialtize@cisco.com>
Mon, 5 Nov 2018 21:42:11 +0000 (16:42 -0500)
Squashed commit of the following:

commit 08c92b8e71cef3840a11930cb3728ac20d3ac1c3
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Tue Sep 11 14:04:10 2018 -0400

    stream, detection, flow: don't force onloads between pdus unless absolutey necessary

src/detection/detection_engine.cc
src/flow/flow_control.cc
src/stream/tcp/tcp_reassembler.cc
src/stream/tcp/tcp_session.cc
src/stream/user/user_session.cc

index 6fc1fdf2f40949f6ad1f4a9ba06cb32908a70182..c5373dd9e2a3decfe7162e69440334b30fbbbe68 100644 (file)
@@ -358,9 +358,8 @@ bool DetectionEngine::offload(Packet* p)
         return false;
     }
     assert(p == p->context->packet);
-    onload(p->flow);  // FIXIT-L just assert !offloaded?
-
     assert(p->context == sw->get_context());
+
     unsigned id = sw->suspend();
 
     trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " de::offload %u (r=%d)\n",
index c8eada88fa19fc13d8528d777d3b7259c156efb7..868f2a36db9213f6320406c812bb3d9e27bb81e5 100644 (file)
@@ -430,9 +430,6 @@ unsigned FlowControl::process(Flow* flow, Packet* p)
     if ( p->proto_bits & PROTO_BIT__MPLS )
         flow->set_mpls_layer_per_dir(p);
 
-    if ( p->type() == PktType::PDU )  // FIXIT-H cooked or PDU?
-        DetectionEngine::onload(flow);
-
     switch ( flow->flow_state )
     {
     case Flow::FlowState::SETUP:
index a6312fe397ae5ef829ce405fbb68be17f18d457e..2149fe006cd968a81a10156ceaa278786ceacae4 100644 (file)
@@ -526,7 +526,6 @@ void TcpReassembler::prep_pdu(
 Packet* TcpReassembler::initialize_pdu(
     TcpReassemblerState& trs, Packet* p, uint32_t pkt_flags, struct timeval tv)
 {
-    DetectionEngine::onload(trs.sos.session->flow);
     Packet* pdu = DetectionEngine::set_next_packet(p);
 
     EncodeFlags enc_flags = 0;
@@ -544,7 +543,6 @@ int TcpReassembler::_flush_to_seq(
     TcpReassemblerState& trs, uint32_t bytes, Packet* p, uint32_t pkt_flags)
 {
     DeepProfile profile(s5TcpFlushPerfStats);
-    DetectionEngine::onload(trs.sos.session->flow);
 
     if ( !p )
     {
@@ -882,7 +880,6 @@ uint32_t TcpReassembler::get_forward_packet_dir(TcpReassemblerState&, const Pack
 int32_t TcpReassembler::flush_pdu_ips(TcpReassemblerState& trs, uint32_t* flags)
 {
     DeepProfile profile(s5TcpPAFPerfStats);
-    DetectionEngine::onload(trs.sos.session->flow);
 
     uint32_t total = 0, avail;
     TcpSegmentNode* tsn;
@@ -956,7 +953,6 @@ void TcpReassembler::fallback(TcpReassemblerState& trs)
 int32_t TcpReassembler::flush_pdu_ackd(TcpReassemblerState& trs, uint32_t* flags)
 {
     DeepProfile profile(s5TcpPAFPerfStats);
-    DetectionEngine::onload(trs.sos.session->flow);
 
     uint32_t total = 0;
     TcpSegmentNode* tsn =
index 8fcde36a61bb4802d8e7a320dfa7cd79d4369c4e..7f8f72440e376a28242e8d7ea7039f8334e59cde 100644 (file)
@@ -149,8 +149,6 @@ void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool re
     tcp_init = false;
     tcpStats.released++;
 
-    DetectionEngine::onload(flow);
-
     if ( flush_segments )
     {
         client.reassembler.flush_queued_segments(flow, true, p);
@@ -600,10 +598,8 @@ void TcpSession::update_session_on_rst(TcpSegmentDescriptor& tsd, bool flush)
 {
     if ( flush )
     {
-        DetectionEngine::onload(flow);
         flush_listener(tsd.get_pkt(), true);
         flush_talker(tsd.get_pkt(), true);
-        DetectionEngine::onload(flow);  // FIXIT-H don't allow offload above
         set_splitter(true, nullptr);
         set_splitter(false, nullptr);
     }
index 58334805b06f4f1f40972fdc0c69e57978cd643e..5fb87784518cdbf9a87ab766abb6603b8eef0c98 100644 (file)
@@ -168,7 +168,6 @@ int UserTracker::scan(Packet* p, uint32_t& flags)
     if ( seg_list.empty() )
         return -1;
 
-    DetectionEngine::onload(p->flow);
     std::list<UserSegment*>::iterator it;
 
     for ( it = seg_list.begin(); it != seg_list.end(); ++it)
@@ -252,8 +251,6 @@ void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags)
 
 void UserTracker::process(Packet* p)
 {
-    DetectionEngine::onload(p->flow);
-
     uint32_t flags = 0;
     int flush_amt = scan(p, flags);