From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Fri, 14 Dec 2018 19:42:45 +0000 (-0500)
Subject: Merge pull request #1463 in SNORT/snort3 from ~CWAXMAN/snort3:offload_actions to... 
X-Git-Tag: 3.0.0-251~85
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f6e908cc149708ac470de40e83793aaa8de4934;p=thirdparty%2Fsnort3.git

Merge pull request #1463 in SNORT/snort3 from ~CWAXMAN/snort3:offload_actions to master

Squashed commit of the following:

commit 7647547294400c2572f0eef9d6f9f98e8fff5ef3
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Wed Dec 12 09:11:36 2018 -0500

    ActionManager: actions are tracked per packet for accurate packet suspension
---

diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc
index 6c4b8bee3..385a8a006 100644
--- a/src/detection/context_switcher.cc
+++ b/src/detection/context_switcher.cc
@@ -85,8 +85,10 @@ void ContextSwitcher::start()
     busy.emplace_back(idle.back());
     idle.pop_back();
 
-    busy.back()->packet->active = busy.back()->packet->active_inst;
-    busy.back()->packet->active->reset();
+    IpsContext* c = busy.back();
+    c->packet->active = c->packet->active_inst;
+    c->packet->active->reset();
+    c->packet->action = &c->packet->action_inst; 
 }
 
 void ContextSwitcher::stop()
@@ -100,6 +102,7 @@ void ContextSwitcher::stop()
     c->clear_context_data();
     idle.emplace_back(c);
     busy.back()->packet->active = nullptr;
+    busy.back()->packet->action = nullptr;
     busy.pop_back();
 }
 
diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index 152136304..6bc1e34ca 100644
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -112,6 +112,7 @@ Packet* DetectionEngine::get_encode_packet()
 Packet* DetectionEngine::set_next_packet(Packet* parent)
 {
     static THREAD_LOCAL Active shutdown_active;
+    static THREAD_LOCAL IpsAction* shutdown_action = nullptr;
 
     IpsContext* c = Snort::get_switcher()->get_next();
     if ( parent )
@@ -130,15 +131,22 @@ Packet* DetectionEngine::set_next_packet(Packet* parent)
 
     // normal rebuild
     if ( parent )
+    {
         p->active = parent->active;
+        p->action = parent->action;
+    }
     
     // processing but parent is already gone (flow cache flush etc..)
     else if ( Snort::get_switcher()->get_context() )
+    {
         p->active = get_current_packet()->active;
+        p->action = get_current_packet()->action;
+    }
     
     // shutdown, so use a dummy so null checking is not needed everywhere
     else
     {
+        p->action = &shutdown_action;
         p->active = &shutdown_active;
         shutdown_active.reset();
     }
diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc
index b1b867bf2..fb34ff450 100644
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -118,7 +118,7 @@ static inline void fpLogOther(
 
     // rule actions are queued here (eg reject)
     if ( rtn->listhead->action )
-        ActionManager::queue(rtn->listhead->action);
+        ActionManager::queue(rtn->listhead->action, p);
 }
 
 /*
diff --git a/src/main/snort.cc b/src/main/snort.cc
index 048164202..c02133d22 100644
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -1019,7 +1019,7 @@ DAQ_Verdict Snort::packet_callback(
     DetectionEngine::reset();
 
     sfthreshold_reset();
-    ActionManager::reset_queue();
+    ActionManager::reset_queue(s_packet);
 
     DAQ_Verdict verdict = process_packet(s_packet, pkthdr, pkt);
     ActionManager::execute(s_packet);
diff --git a/src/managers/action_manager.cc b/src/managers/action_manager.cc
index 82ca0c683..7ea826d19 100644
--- a/src/managers/action_manager.cc
+++ b/src/managers/action_manager.cc
@@ -58,12 +58,11 @@ struct IpsActionsConfig
     IpsAction* reject = nullptr;
 };
 
-typedef vector<ActionClass> ACList;
+using ACList = vector<ActionClass>;
 
 static ACList s_actors;
 
 static THREAD_LOCAL ACList* s_tl_actors = nullptr;
-static THREAD_LOCAL IpsAction* s_tl_action = nullptr;
 
 //-------------------------------------------------------------------------
 // Main thread operations
@@ -227,28 +226,28 @@ void ActionManager::thread_term(SnortConfig*)
 
 void ActionManager::execute(Packet* p)
 {
-    if ( s_tl_action )
+    if ( *p->action )
     {
-        s_tl_action->exec(p);
-        s_tl_action = nullptr;
+        (*p->action)->exec(p);
+        *p->action = nullptr;
     }
 }
 
-void ActionManager::queue(IpsAction* a)
+void ActionManager::queue(IpsAction* a, Packet* p)
 {
-    if ( !s_tl_action || a->get_action() > s_tl_action->get_action() )
-        s_tl_action = a;
+    if ( !(*p->action) || a->get_action() > (*p->action)->get_action() )
+        *p->action = a;
 }
 
-void ActionManager::queue_reject(SnortConfig* sc)
+void ActionManager::queue_reject(SnortConfig* sc, Packet* p)
 {
     if ( sc->ips_actions_config->reject )
-        queue(sc->ips_actions_config->reject);
+        queue(sc->ips_actions_config->reject, p);
 }
 
-void ActionManager::reset_queue()
+void ActionManager::reset_queue(Packet* p)
 {
-    s_tl_action = nullptr;
+    *p->action = nullptr;
     Replace_ResetQueue();
 }
 
diff --git a/src/managers/action_manager.h b/src/managers/action_manager.h
index 774fe5003..7d8203177 100644
--- a/src/managers/action_manager.h
+++ b/src/managers/action_manager.h
@@ -72,9 +72,9 @@ public:
     static void thread_reinit(snort::SnortConfig*);
     static void thread_term(snort::SnortConfig*);
 
-    static void reset_queue();
-    static void queue_reject(snort::SnortConfig*);
-    static void queue(snort::IpsAction*);
+    static void reset_queue(snort::Packet*);
+    static void queue_reject(snort::SnortConfig*, snort::Packet*);
+    static void queue(snort::IpsAction*, snort::Packet*);
     static void execute(snort::Packet*);
 
 #ifdef PIGLET
diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index cadbcde16..cad69f8af 100644
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -470,7 +470,7 @@ void Active::reset_session(Packet* p, bool force)
 
     if ( enabled )
     {
-        ActionManager::queue_reject(SnortConfig::get_conf());
+        ActionManager::queue_reject(SnortConfig::get_conf(), p);
 
         if ( p->flow )
         {
diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 5ef29dc3b..db38f028f 100644
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -33,6 +33,7 @@ namespace snort
 class Active;
 class Endianness;
 class Flow;
+class IpsAction;
 class IpsContext;
 class Obfuscator;
 
@@ -132,6 +133,8 @@ struct SO_PUBLIC Packet
     IpsContext* context;   // set by control
     Active* active;
     Active* active_inst;
+    IpsAction** action;
+    IpsAction* action_inst;
     const DAQ_PktHdr_t* pkth;    // packet meta data
     const uint8_t* pkt;          // raw packet data