From: Michael Altizer (mialtize) Date: Wed, 26 Sep 2018 19:25:37 +0000 (-0400) Subject: Merge pull request #1362 in SNORT/snort3 from offload_flow_life to master X-Git-Tag: 3.0.0-249~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=588b39d2517a9d7e1738c30a48c563028e3758bc;p=thirdparty%2Fsnort3.git Merge pull request #1362 in SNORT/snort3 from offload_flow_life to master Squashed commit of the following: commit 8b842c7d7c2560a325195925a4a365b9b68ada17 Author: Carter Waxman Date: Mon Sep 17 16:56:15 2018 -0400 Stream: only delete flows after all onloads commit 3a5364780ca47ae5112d22ab8f6d84662e771748 Author: Carter Waxman Date: Thu Sep 13 14:59:23 2018 -0400 Flow: track multiple offloads --- diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index 3ef5b3a37..44d764040 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -147,6 +147,7 @@ void DetectionEngine::finish_inspect(Packet* p, bool inspected) log_events(p); Active::apply_delayed_action(p); + p->context->post_detection(); // clear closed sessions here after inspection since non-stream // inspectors may depend on flow information @@ -169,7 +170,6 @@ void DetectionEngine::finish_packet(Packet* p) const IpsContext* c = Snort::get_switcher()->get_next(); c->packet->release_helpers(); - p->context->post_detection(); Snort::get_switcher()->complete(); } diff --git a/src/flow/flow.cc b/src/flow/flow.cc index ab524bc7f..cd8bc9120 100644 --- a/src/flow/flow.cc +++ b/src/flow/flow.cc @@ -64,7 +64,6 @@ void Flow::init(PktType type) { pkt_type = type; bitop = nullptr; - flow_flags = 0; if ( HighAvailabilityManager::active() ) { @@ -73,6 +72,7 @@ void Flow::init(PktType type) } mpls_client.length = 0; mpls_server.length = 0; + offloads_pending = 0; } void Flow::term() diff --git a/src/flow/flow.h b/src/flow/flow.h index 1fa011547..f811359c8 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -91,9 +91,6 @@ #define STREAM_STATE_NO_PICKUP 0x2000 #define STREAM_STATE_BLOCK_PENDING 0x4000 -#define FLOW_IS_OFFLOADED 0x01 -#define FLOW_WAS_OFFLOADED 0x02 // FIXIT-L debug only - class BitOp; class FlowHAState; class Session; @@ -289,13 +286,21 @@ public: { return disable_inspect; } bool is_offloaded() const - { return flow_flags & FLOW_IS_OFFLOADED; } + { return offloads_pending; } void set_offloaded() - { flow_flags |= (FLOW_IS_OFFLOADED|FLOW_WAS_OFFLOADED); } + { + assert(offloads_pending < 0xFF); + + offloads_pending++; + } void clear_offloaded() - { flow_flags &= ~FLOW_IS_OFFLOADED; } + { + assert(offloads_pending); + + offloads_pending--; + } public: // FIXIT-M privatize if possible // fields are organized by initialization and size to minimize @@ -311,7 +316,6 @@ public: // FIXIT-M privatize if possible PktType pkt_type; // ^^ // these fields are always set; not zeroed - uint64_t flow_flags; // FIXIT-H required to ensure atomic? Flow* prev, * next; Inspector* ssn_client; Inspector* ssn_server; @@ -348,9 +352,11 @@ public: // FIXIT-M privatize if possible uint8_t outer_client_ttl, outer_server_ttl; uint8_t response_count; - bool disable_inspect; private: + uint8_t offloads_pending; + bool disable_inspect; + void clean(); }; diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 1e061ace1..63c9862c3 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -163,7 +163,12 @@ void Stream::check_flow_closed(Packet* p) if (flow->session_state & STREAM_STATE_CLOSED) { assert(flow_con); - flow_con->delete_flow(flow, PruneReason::NONE); + + // this will get called on each onload + // eventually all onloads will occur and delete will be called + if ( not flow->is_offloaded() ) + flow_con->delete_flow(flow, PruneReason::NONE); + p->flow = nullptr; } else if (flow->session_state & STREAM_STATE_BLOCK_PENDING)