From: Victor Julien <vjulien@oisf.net>
Date: Fri, 22 Mar 2024 10:11:40 +0000 (+0100)
Subject: alert/syslog: only hold lock for syslog call
X-Git-Tag: suricata-8.0.0-beta1~1501
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=285fda5de8808f632314902f5c6cc9b0882f74da;p=thirdparty%2Fsuricata.git

alert/syslog: only hold lock for syslog call
---

diff --git a/src/alert-syslog.c b/src/alert-syslog.c
index fd1742adb0..61accfd8e7 100644
--- a/src/alert-syslog.c
+++ b/src/alert-syslog.c
@@ -212,9 +212,6 @@ static TmEcode AlertSyslogIPv4(ThreadVars *tv, const Packet *p, void *data)
         protoptr = proto;
     }
 
-    /* Not sure if this mutex is needed around calls to syslog. */
-    SCMutexLock(&ast->file_ctx->fp_mutex);
-
     for (i = 0; i < p->alerts.cnt; i++) {
         const PacketAlert *pa = &p->alerts.alerts[i];
         if (unlikely(pa->s == NULL)) {
@@ -232,13 +229,15 @@ static TmEcode AlertSyslogIPv4(ThreadVars *tv, const Packet *p, void *data)
             action = "[wDrop] ";
         }
 
+        /* Not sure if this mutex is needed around calls to syslog. */
+        SCMutexLock(&ast->file_ctx->fp_mutex);
         syslog(alert_syslog_level, "%s[%" PRIu32 ":%" PRIu32 ":%"
                 PRIu32 "] %s [Classification: %s] [Priority: %"PRIu32"]"
                 " {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "", action, pa->s->gid,
                 pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio,
                 protoptr,  srcip, p->sp, dstip, p->dp);
+        SCMutexUnlock(&ast->file_ctx->fp_mutex);
     }
-    SCMutexUnlock(&ast->file_ctx->fp_mutex);
 
     return TM_ECODE_OK;
 }
@@ -270,8 +269,6 @@ static TmEcode AlertSyslogIPv6(ThreadVars *tv, const Packet *p, void *data)
         protoptr = proto;
     }
 
-    SCMutexLock(&ast->file_ctx->fp_mutex);
-
     for (i = 0; i < p->alerts.cnt; i++) {
         const PacketAlert *pa = &p->alerts.alerts[i];
         if (unlikely(pa->s == NULL)) {
@@ -289,15 +286,15 @@ static TmEcode AlertSyslogIPv6(ThreadVars *tv, const Packet *p, void *data)
             action = "[wDrop] ";
         }
 
+        SCMutexLock(&ast->file_ctx->fp_mutex);
         syslog(alert_syslog_level, "%s[%" PRIu32 ":%" PRIu32 ":%"
                 "" PRIu32 "] %s [Classification: %s] [Priority: %"
                 "" PRIu32 "] {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "",
                 action, pa->s->gid, pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg,
                 pa->s->prio, protoptr, srcip, p->sp,
                 dstip, p->dp);
-
+        SCMutexUnlock(&ast->file_ctx->fp_mutex);
     }
-    SCMutexUnlock(&ast->file_ctx->fp_mutex);
 
     return TM_ECODE_OK;
 }
@@ -320,8 +317,6 @@ static TmEcode AlertSyslogDecoderEvent(ThreadVars *tv, const Packet *p, void *da
     if (p->alerts.cnt == 0)
         return TM_ECODE_OK;
 
-    SCMutexLock(&ast->file_ctx->fp_mutex);
-
     char temp_buf_hdr[512];
     char temp_buf_pkt[65] = "";
     char temp_buf_tail[64];
@@ -357,9 +352,10 @@ static TmEcode AlertSyslogDecoderEvent(ThreadVars *tv, const Packet *p, void *da
         }
         strlcat(alert, temp_buf_tail, sizeof(alert));
 
+        SCMutexLock(&ast->file_ctx->fp_mutex);
         syslog(alert_syslog_level, "%s", alert);
+        SCMutexUnlock(&ast->file_ctx->fp_mutex);
     }
-    SCMutexUnlock(&ast->file_ctx->fp_mutex);
 
     return TM_ECODE_OK;
 }