From: Michael Altizer (mialtize) Date: Mon, 19 Nov 2018 14:57:03 +0000 (-0500) Subject: Merge pull request #1430 in SNORT/snort3 from ~BBANTWAL/snort3:offload_non_pdu to... X-Git-Tag: 3.0.0-250~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2392e3393bbb9f716571268146e06d38b6452e72;p=thirdparty%2Fsnort3.git Merge pull request #1430 in SNORT/snort3 from ~BBANTWAL/snort3:offload_non_pdu to master Squashed commit of the following: commit 096d510332e2e0b10e46a1668c61e274ce389f35 Author: Bhagya Tholpady Date: Fri Nov 9 13:01:12 2018 -0500 add check to see if flow is present commit eaaf991705740d9b3e5a6babd5c1c5bd0c68015e Author: Bhagya Tholpady Date: Mon Nov 5 13:33:43 2018 -0500 remove check to see if offload commit eac33b77422c841034644f9ea2874c01a94b4840 Author: Bhagya Tholpady Date: Mon Nov 5 11:31:51 2018 -0500 clear context data for raw packets commit 5fa3d614fcaf1849e7caa0fd0be7d7765c1ee1a7 Author: russ Date: Sun Oct 21 10:53:21 2018 -0400 detection: enable offloading non-pdu packets --- diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc index 088027324..6c2bf9f65 100644 --- a/src/detection/context_switcher.cc +++ b/src/detection/context_switcher.cc @@ -88,7 +88,10 @@ void ContextSwitcher::stop() assert(busy.size() == 1); trace_logf(detection, TRACE_DETECTION_ENGINE, "(wire) %" PRIu64 " cs::stop %u (i=%zu, b=%zu)\n", get_packet_number(), busy.back()->get_slot(), idle.size(), busy.size()); - idle.emplace_back(busy.back()); + + IpsContext* c = busy.back(); + c->clear_context_data(); + idle.emplace_back(c); busy.pop_back(); } diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index c5373dd9e..35a025f61 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -80,7 +80,7 @@ DetectionEngine::~DetectionEngine() if ( context == Snort::get_switcher()->get_context() ) { // finish_packet is called here so that we clear wire packets at the right time - finish_packet(context->packet); + finish_packet(context->packet, true); } } @@ -161,7 +161,7 @@ void DetectionEngine::finish_inspect(Packet* p, bool inspected) clear_events(p); } -void DetectionEngine::finish_packet(Packet* p) +void DetectionEngine::finish_packet(Packet* p, bool flow_deletion) { log_events(p); clear_events(p); @@ -171,7 +171,10 @@ void DetectionEngine::finish_packet(Packet* p) const IpsContext* c = Snort::get_switcher()->get_next(); c->packet->release_helpers(); - Snort::get_switcher()->complete(); + ContextSwitcher* sw = Snort::get_switcher(); + + if ( flow_deletion or sw->busy_count() > 1 ) + sw->complete(); } uint8_t* DetectionEngine::get_buffer(unsigned& max) @@ -349,8 +352,7 @@ bool DetectionEngine::offload(Packet* p) { ContextSwitcher* sw = Snort::get_switcher(); - if ( p->type() != PktType::PDU or - p->dsize < SnortConfig::get_conf()->offload_limit or + if ( p->dsize < SnortConfig::get_conf()->offload_limit or !sw->can_hold() or !offloader->available() ) { @@ -398,15 +400,14 @@ bool DetectionEngine::detect(Packet* p, bool offload_ok) switch ( p->type() ) { case PktType::PDU: - if ( offload_ok ) - return offload(p); - // fall thru - case PktType::IP: case PktType::TCP: case PktType::UDP: case PktType::ICMP: case PktType::FILE: + if ( offload_ok and p->flow ) + return offload(p); + fp_local(p); break; diff --git a/src/detection/detection_engine.h b/src/detection/detection_engine.h index 4f5af57cf..87240592f 100644 --- a/src/detection/detection_engine.h +++ b/src/detection/detection_engine.h @@ -109,7 +109,7 @@ private: static void clear_events(Packet*); static void finish_inspect_with_latency(Packet*); static void finish_inspect(Packet*, bool inspected); - static void finish_packet(Packet*); + static void finish_packet(Packet*, bool flow_deletion = false); private: IpsContext* context;