From: Victor Julien Date: Wed, 26 Oct 2016 11:44:53 +0000 (+0200) Subject: detect: use engine version instead of id X-Git-Tag: suricata-4.0.0-beta1~332 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43cc06eabeca8d1bdf8456e98e61d004bf226367;p=thirdparty%2Fsuricata.git detect: use engine version instead of id Use engine version based on global detect engine master. This is incremented between reloads. --- diff --git a/src/detect-engine.c b/src/detect-engine.c index 594e301319..bbfec11e53 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -84,15 +84,13 @@ #define DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000 -static uint32_t detect_engine_ctx_id = 1; - static DetectEngineThreadCtx *DetectEngineThreadCtxInitForReload( ThreadVars *tv, DetectEngineCtx *new_de_ctx, int mt); static int DetectEngineCtxLoadConf(DetectEngineCtx *); static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER, - 0, NULL, NULL, TENANT_SELECTOR_UNKNOWN, NULL, NULL, 0}; + 0, 99, NULL, NULL, TENANT_SELECTOR_UNKNOWN, NULL, NULL, 0}; static uint32_t TenantIdHash(HashTable *h, void *data, uint16_t data_len); static char TenantIdCompare(void *d1, uint16_t d1_len, void *d2, uint16_t d2_len); @@ -906,7 +904,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix) if (minimal) { de_ctx->minimal = 1; - de_ctx->id = detect_engine_ctx_id++; + de_ctx->version = DetectEngineGetVersion(); + SCLogDebug("minimal with version %u", de_ctx->version); return de_ctx; } @@ -958,7 +957,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix) goto error; } - de_ctx->id = detect_engine_ctx_id++; + de_ctx->version = DetectEngineGetVersion(); + SCLogDebug("dectx with version %u", de_ctx->version); return de_ctx; error: if (de_ctx != NULL) { @@ -2054,6 +2054,25 @@ int DetectEngineEnabled(void) return 1; } +uint32_t DetectEngineGetVersion(void) +{ + uint32_t version; + DetectEngineMasterCtx *master = &g_master_de_ctx; + SCMutexLock(&master->lock); + version = master->version; + SCMutexUnlock(&master->lock); + return version; +} + +void DetectEngineBumpVersion(void) +{ + DetectEngineMasterCtx *master = &g_master_de_ctx; + SCMutexLock(&master->lock); + master->version++; + SCLogDebug("master version now %u", master->version); + SCMutexUnlock(&master->lock); +} + DetectEngineCtx *DetectEngineGetCurrent(void) { DetectEngineMasterCtx *master = &g_master_de_ctx; @@ -2827,6 +2846,8 @@ int DetectEngineReload(SCInstance *suri) /* walk free list, freeing the old_de_ctx */ DetectEnginePruneFreeList(); + DetectEngineBumpVersion(); + SCLogDebug("old_de_ctx should have been freed"); SCLogNotice("rule reload complete"); diff --git a/src/detect-engine.h b/src/detect-engine.h index 9c1c1614a5..590d4db6bf 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -66,6 +66,8 @@ void DetectEngineResetMaxSigId(DetectEngineCtx *); void DetectEngineRegisterTests(void); const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type); +uint32_t DetectEngineGetVersion(void); +void DetectEngineBumpVersion(void); int DetectEngineAddToMaster(DetectEngineCtx *de_ctx); DetectEngineCtx *DetectEngineGetCurrent(void); DetectEngineCtx *DetectEngineGetByTenantId(int tenant_id); diff --git a/src/detect.c b/src/detect.c index 22db7be12f..177daeeae3 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1093,17 +1093,17 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } /* live ruleswap check for flow updates */ - if (pflow->de_ctx_id == 0) { + if (pflow->de_ctx_version == 0) { /* first time this flow is inspected, set id */ - pflow->de_ctx_id = de_ctx->id; - } else if (pflow->de_ctx_id != de_ctx->id) { + pflow->de_ctx_version = de_ctx->version; + } else if (pflow->de_ctx_version != de_ctx->version) { /* first time we inspect flow with this de_ctx, reset */ pflow->flags &= ~FLOW_SGH_TOSERVER; pflow->flags &= ~FLOW_SGH_TOCLIENT; pflow->sgh_toserver = NULL; pflow->sgh_toclient = NULL; - pflow->de_ctx_id = de_ctx->id; + pflow->de_ctx_version = de_ctx->version; GenericVarFree(pflow->flowvar); pflow->flowvar = NULL; diff --git a/src/detect.h b/src/detect.h index 50a735e47c..88c31ddd3c 100644 --- a/src/detect.h +++ b/src/detect.h @@ -669,8 +669,8 @@ typedef struct DetectEngineCtx_ { /* the max local id used amongst all sigs */ int32_t byte_extract_max_local_id; - /* id used by every detect engine ctx instance */ - uint32_t id; + /** version of the detect engine */ + uint32_t version; /** sgh for signatures that match against invalid packets. In those cases * we can't lookup by proto, address, port as we don't have these */ @@ -1117,6 +1117,9 @@ typedef struct DetectEngineMasterCtx_ { /** enable multi tenant mode */ int multi_tenant_enabled; + /** version, incremented after each 'apply to threads' */ + uint32_t version; + /** list of active detection engines. This list is used to generate the * threads det_ctx's */ DetectEngineCtx *list; diff --git a/src/flow-util.h b/src/flow-util.h index c0b8c06967..dfbba64cb1 100644 --- a/src/flow-util.h +++ b/src/flow-util.h @@ -55,7 +55,7 @@ (f)->alproto = 0; \ (f)->alproto_ts = 0; \ (f)->alproto_tc = 0; \ - (f)->de_ctx_id = 0; \ + (f)->de_ctx_version = 0; \ (f)->thread_id = 0; \ (f)->detect_alversion[0] = 0; \ (f)->detect_alversion[1] = 0; \ @@ -97,7 +97,7 @@ (f)->alproto = 0; \ (f)->alproto_ts = 0; \ (f)->alproto_tc = 0; \ - (f)->de_ctx_id = 0; \ + (f)->de_ctx_version = 0; \ (f)->thread_id = 0; \ (f)->detect_alversion[0] = 0; \ (f)->detect_alversion[1] = 0; \ diff --git a/src/flow.h b/src/flow.h index 35ba26f589..b12554135d 100644 --- a/src/flow.h +++ b/src/flow.h @@ -384,10 +384,10 @@ typedef struct Flow_ AppProto alproto_ts; AppProto alproto_tc; - /** detection engine ctx id used to inspect this flow. Set at initial + /** detection engine ctx version used to inspect this flow. Set at initial * inspection. If it doesn't match the currently in use de_ctx, the * stored sgh ptrs are reset. */ - uint32_t de_ctx_id; + uint32_t de_ctx_version; /** Thread ID for the stream/detect portion of this flow */ FlowThreadId thread_id; diff --git a/src/suricata.c b/src/suricata.c index 06ff877662..fbe0305531 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2519,6 +2519,7 @@ static void PostConfLoadedDetectSetup(SCInstance *suri) } DetectEngineAddToMaster(de_ctx); + DetectEngineBumpVersion(); } else { /* tell the app layer to consider only the log id */ RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveLogOnly);