From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Date: Tue, 21 Mar 2023 16:26:01 +0000 (+0000)
Subject: Pull request #3781: detection: fix queue_limit pegcounter evaluation
X-Git-Tag: 3.1.58.0~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18ffc3698f7410f1833b3829324c3d996bb4e31a;p=thirdparty%2Fsnort3.git

Pull request #3781: detection: fix queue_limit pegcounter evaluation

Merge in SNORT/snort3 from ~YCHALOV/snort3:snort3_detection_queue_limit to master

Squashed commit of the following:

commit 172915ec46eb9d912f1d6b0a9d9b17cffa3e53e1
Author: Yurii Chalov <ychalov@cisco.com>
Date:   Fri Mar 10 10:20:31 2023 +0100

    detection: fix queue_limit pegcounter evaluation
---

diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc
index bee9ef49c..4886bac49 100644
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -616,6 +616,7 @@ static inline int fpFinalSelectEvent(OtnxMatchData* omd, Packet* p)
         return 0;
 
     unsigned tcnt = 0;
+    int res = 0;
     EventQueueConfig* eq = p->context->conf->event_queue_config;
     int (*compar)(const void *, const void *);
     compar = ( eq->order == SNORT_EVENTQ_PRIORITY )
@@ -646,11 +647,18 @@ static inline int fpFinalSelectEvent(OtnxMatchData* omd, Packet* p)
                 sizeof(void*), compar);
 
             /* Process each event in the action (alert,drop,log,...) groups */
-            for (unsigned j = 0; j < omd->matchInfo[i].iMatchCount; j++)
+            for ( unsigned j = 0; j < omd->matchInfo[i].iMatchCount; j++ )
             {
                 const OptTreeNode* otn = omd->matchInfo[i].MatchArray[j];
                 assert(otn);
 
+                if ( tcnt >= eq->max_events )
+                {
+                    pc.queue_limit += omd->matchInfo[i].iMatchCount - j;
+                    res = 1;
+                    break;
+                }
+
                 RuleTreeNode* rtn = getRtnFromOtn(otn);
 
                 if ( !rtn )
@@ -693,12 +701,6 @@ static inline int fpFinalSelectEvent(OtnxMatchData* omd, Packet* p)
                         fpAddSessionAlert(p, otn);
                 }
 
-                if ( tcnt >= eq->max_events )
-                {
-                    pc.queue_limit++;
-                    return 1;
-                }
-
                 /* only log/count one pass */
                 if ( p->packet_flags & PKT_PASS_RULE )
                     return 1;
@@ -706,7 +708,7 @@ static inline int fpFinalSelectEvent(OtnxMatchData* omd, Packet* p)
         }
     }
 
-    return 0;
+    return res;
 }
 
 class MpseStash