From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 30 Jun 2020 18:14:00 +0000 (+0000) Subject: Merge pull request #2299 in SNORT/snort3 from ~SATHIRKA/snort3:odp_reload_lua_state... X-Git-Tag: 3.0.2-1~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a4c7c3d8a67cf32ddc91e6e5c8f870f87558b1c;p=thirdparty%2Fsnort3.git Merge pull request #2299 in SNORT/snort3 from ~SATHIRKA/snort3:odp_reload_lua_state to master Squashed commit of the following: commit 76b2a723f149befdceb0897d84a353d4db3491b4 Author: Sreeja Athirkandathil Narayanan Date: Fri Jun 26 12:21:04 2020 -0400 appid: Create lua states and lua detectors in control thread --- diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 9ffb9c454..e3fa976ed 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -88,6 +88,8 @@ void AppIdConfig::show() const ConfigLogger::log_flag("log_all_sessions", log_all_sessions); ConfigLogger::log_flag("log_stats", log_stats); ConfigLogger::log_value("memcap", memcap); + + ConfigLogger::log_flag("load_odp_detectors_in_ctrl", load_odp_detectors_in_ctrl); } void AppIdContext::pterm() @@ -110,7 +112,7 @@ bool AppIdContext::init_appid(SnortConfig* sc) { odp_ctxt->get_client_disco_mgr().initialize(); odp_ctxt->get_service_disco_mgr().initialize(); - LuaDetectorManager::initialize(*this, 1); + LuaDetectorManager::initialize(*this, 1, config.load_odp_detectors_in_ctrl); odp_ctxt->initialize(); // do not reload third party on reload_config() diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index e9d56104c..0527d354b 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -71,6 +71,7 @@ public: size_t memcap = 0; bool list_odp_detectors = false; bool log_all_sessions = false; + bool load_odp_detectors_in_ctrl = false; SnortProtocolId snortId_for_unsynchronized; SnortProtocolId snortId_for_ftp_data; SnortProtocolId snortId_for_http2; diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index a3b68c3c4..aadd37a6e 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -140,7 +140,12 @@ void AppIdInspector::tinit() appid_mute = PacketTracer::get_mute(); AppIdStatistics::initialize_manager(*config); - LuaDetectorManager::initialize(*ctxt); + + if (ctxt->config.load_odp_detectors_in_ctrl) + LuaDetectorManager::init_thread_manager(*ctxt); + else + LuaDetectorManager::initialize(*ctxt); + AppIdServiceState::initialize(config->memcap); assert(!tp_appid_thread_ctxt); tp_appid_thread_ctxt = ctxt->get_tp_appid_ctxt(); @@ -199,7 +204,7 @@ static void appid_inspector_pterm() { //FIXIT-M: RELOAD - if app_info_table is associated with an object appid_forecast_pterm(); - LuaDetectorManager::terminate(); + LuaDetectorManager::terminate(true); AppIdContext::pterm(); //end of 'FIXIT-M: RELOAD' comment above openssl_cleanup(); diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index e6d3a1d9f..f670fed10 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -87,6 +87,8 @@ static const Parameter s_params[] = "print third party configuration on startup" }, { "log_all_sessions", Parameter::PT_BOOL, nullptr, "false", "enable logging of all appid sessions" }, + { "load_odp_detectors_in_ctrl", Parameter::PT_BOOL, nullptr, "false", + "load odp detectors in control thread" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -330,6 +332,8 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*) config->list_odp_detectors = v.get_bool(); else if ( v.is("log_all_sessions") ) config->log_all_sessions = v.get_bool(); + else if ( v.is("load_odp_detectors_in_ctrl") ) + config->load_odp_detectors_in_ctrl = v.get_bool(); return true; } diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index b85003d79..af8a7d057 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -49,6 +49,7 @@ using namespace std; THREAD_LOCAL LuaDetectorManager* lua_detector_mgr = nullptr; static THREAD_LOCAL SF_LIST allocated_detector_flow_list; +static std::vector lua_detector_mgr_list; bool get_lua_field(lua_State* L, int table, const char* field, std::string& out) { @@ -162,7 +163,7 @@ LuaDetectorManager::LuaDetectorManager(AppIdContext& ctxt, int is_control) : LuaDetectorManager::~LuaDetectorManager() { - auto L = lua_detector_mgr? lua_detector_mgr->L : nullptr; + auto L = this->L; if (L) { if (init(L)) @@ -197,7 +198,7 @@ LuaDetectorManager::~LuaDetectorManager() cb_detectors.clear(); // do not free Lua objects in cb_detectors } -void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control) +void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control, bool reload) { // FIXIT-M: RELOAD - When reload is supported, remove this line which prevents re-initialize if (lua_detector_mgr) @@ -214,15 +215,49 @@ void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control) if (ctxt.config.list_odp_detectors) lua_detector_mgr->list_lua_detectors(); + + if (reload) + { + LogMessage("AppId Lua-Detectors : loading lua detectors in control thread\n"); + unsigned max_threads = ThreadConfig::get_instance_max(); + for (unsigned i = 0 ; i < max_threads; i++) + { + lua_detector_mgr_list.emplace_back(new LuaDetectorManager(ctxt, 0)); + + if (!lua_detector_mgr_list[i]->L) + FatalError("Error - appid: can not create new luaState, instance=%u\n", i); + + lua_detector_mgr_list[i]->initialize_lua_detectors(); + } + } +} + +void LuaDetectorManager::init_thread_manager(const AppIdContext& ctxt) +{ + lua_detector_mgr = lua_detector_mgr_list[get_instance_id()]; + lua_detector_mgr->activate_lua_detectors(); + if (ctxt.config.list_odp_detectors) + lua_detector_mgr->list_lua_detectors(); } -void LuaDetectorManager::terminate() +void LuaDetectorManager::terminate(bool is_control) { + unsigned size = lua_detector_mgr_list.size(); + if (size and !is_control) + return; + if (!lua_detector_mgr) return; delete lua_detector_mgr; lua_detector_mgr = nullptr; + + if (size) + { + for (unsigned i = 0; i < size; i++) + delete lua_detector_mgr_list[i]; + lua_detector_mgr_list.clear(); + } } void LuaDetectorManager::add_detector_flow(DetectorFlow* df) diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h index 19302755a..a4ca08b4c 100644 --- a/src/network_inspectors/appid/lua_detector_module.h +++ b/src/network_inspectors/appid/lua_detector_module.h @@ -31,6 +31,7 @@ #include #include "main/thread.h" +#include "main/thread_config.h" #include "protocols/protocol_ids.h" #include "application_ids.h" @@ -49,8 +50,9 @@ class LuaDetectorManager public: LuaDetectorManager(AppIdContext&, int); ~LuaDetectorManager(); - static void initialize(AppIdContext&, int is_control=0); - static void terminate(); + static void initialize(AppIdContext&, int is_control=0, bool reload=false); + static void init_thread_manager(const AppIdContext&); + static void terminate(bool is_control=false); static void add_detector_flow(DetectorFlow*); static void free_detector_flows(); // FIXIT-M: RELOAD - When reload is supported, move this variable to a separate location