From: Tom Peters (thopeter) Date: Tue, 21 Sep 2021 21:21:16 +0000 (+0000) Subject: Merge pull request #3065 in SNORT/snort3 from ~MDAGON/snort3:pruning2 to master X-Git-Tag: 3.1.13.0~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a99e998436fc02e6db10d775cdde849ac7c1854;p=thirdparty%2Fsnort3.git Merge pull request #3065 in SNORT/snort3 from ~MDAGON/snort3:pruning2 to master Squashed commit of the following: commit 27e9bef80fed555db0a0736076704064a875c4e8 Author: Maya Dagon Date: Tue Sep 14 15:50:23 2021 -0400 flow: don't do memcap pruning if pruning is in progress --- diff --git a/src/flow/flow_cache.cc b/src/flow/flow_cache.cc index 89798415a..3d62ad426 100644 --- a/src/flow/flow_cache.cc +++ b/src/flow/flow_cache.cc @@ -53,6 +53,8 @@ static const unsigned ALL_FLOWS = 3; // FlowCache stuff //------------------------------------------------------------------------- +THREAD_LOCAL bool FlowCache::pruning_in_progress = false; + FlowCache::FlowCache(const FlowCacheConfig& cfg) : config(cfg) { hash_table = new ZHash(config.max_flows, sizeof(FlowKey)); @@ -174,12 +176,16 @@ void FlowCache::remove(Flow* flow) bool FlowCache::release(Flow* flow, PruneReason reason, bool do_cleanup) { + assert(!pruning_in_progress); + pruning_in_progress = true; + if ( !flow->was_blocked() ) { flow->flush(do_cleanup); if ( flow->ssn_state.session_flags & SSNFLAG_KEEP_FLOW ) { flow->ssn_state.session_flags &= ~SSNFLAG_KEEP_FLOW; + pruning_in_progress = false; return false; } } @@ -187,6 +193,7 @@ bool FlowCache::release(Flow* flow, PruneReason reason, bool do_cleanup) flow->reset(do_cleanup); prune_stats.update(reason); remove(flow); + pruning_in_progress = false; return true; } @@ -482,12 +489,14 @@ unsigned FlowCache::purge() FlagContext(flags, SESSION_CACHE_FLAG_PURGING); unsigned retired = 0; - + assert(!pruning_in_progress); + pruning_in_progress = true; while ( auto flow = static_cast(hash_table->lru_first()) ) { retire(flow); ++retired; } + pruning_in_progress = false; while ( Flow* flow = (Flow*)hash_table->pop() ) { diff --git a/src/flow/flow_cache.h b/src/flow/flow_cache.h index ccf5d9fea..9b5fb5e26 100644 --- a/src/flow/flow_cache.h +++ b/src/flow/flow_cache.h @@ -29,6 +29,7 @@ #include #include "framework/counts.h" +#include "main/thread.h" #include "flow_config.h" #include "prune_stats.h" @@ -96,6 +97,9 @@ public: unsigned get_flows_allocated() const { return flows_allocated; } + static bool is_pruning_in_progress() + { return pruning_in_progress; } + private: void delete_uni(); void push(snort::Flow*); @@ -107,6 +111,7 @@ private: (unsigned mode, unsigned num_to_delete, unsigned &deleted); private: + static THREAD_LOCAL bool pruning_in_progress; static const unsigned cleanup_flows = 1; FlowCacheConfig config; uint32_t flags; diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index f7bb208d7..44467fa81 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -53,6 +53,7 @@ THREAD_LOCAL bool Active::s_suspend = false; THREAD_LOCAL Active::ActiveSuspendReason Active::s_suspend_reason = Active::ASP_NONE; THREAD_LOCAL PacketTracer* snort::s_pkt_trace = nullptr; +THREAD_LOCAL bool FlowCache::pruning_in_progress = false; void Active::drop_packet(snort::Packet const*, bool) { } PacketTracer::~PacketTracer() = default; diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 028c6e276..db0f0633b 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -27,6 +27,7 @@ #include #include "detection/detection_engine.h" +#include "flow/flow_cache.h" #include "flow/flow_control.h" #include "flow/flow_key.h" #include "flow/ha.h" @@ -374,7 +375,7 @@ void Stream::handle_timeouts(bool idle) void Stream::prune_flows() { - if ( flow_con ) + if ( flow_con && !FlowCache::is_pruning_in_progress()) flow_con->prune_one(PruneReason::MEMCAP, false); }