From: Victor Julien <victor@inliniac.net>
Date: Sat, 8 Feb 2014 16:09:10 +0000 (+0100)
Subject: Flow: fix flow reference cnt issues
X-Git-Tag: suricata-2.0rc1~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85760a7044d121b7d48cf2d28784c419758529c0;p=thirdparty%2Fsuricata.git

Flow: fix flow reference cnt issues

FlowReference stores the flow in the destination pointer and increases
the flow reference counter (use_cnt). This should only be called once
per destination pointer. The reference counter is decremented when
FlowDereference is called. Multiple FlowReference calls would lead to
multiple use_cnt bumps, while there would be only one FlowRereference.
This lead to a use_cnt that would never become 0, meaning the flow
would stay in the hash for the entire lifetime of the process.

The fix here is to check if the destination pointer is already set to
the flow. If so, we don't increase the reference counter.

As this is really a bug, this condition will lead to a BUG_ON if the
DEBUG_VALIDATION checking is enabled.
---

diff --git a/src/flow.h b/src/flow.h
index 5a44307b0f..6ede7c6b2a 100644
--- a/src/flow.h
+++ b/src/flow.h
@@ -521,8 +521,17 @@ static inline void FlowDecrUsecnt(Flow *f)
     (void) SC_ATOMIC_SUB(f->use_cnt, 1);
 }
 
+/** \brief Reference the flow, bumping the flows use_cnt
+ *  \note This should only be called once for a destination
+ *        pointer */
 static inline void FlowReference(Flow **d, Flow *f) {
     if (likely(f != NULL)) {
+#ifdef DEBUG_VALIDATION
+        BUG_ON(*d == f);
+#else
+        if (*d == f)
+            return;
+#endif
         FlowIncrUsecnt(f);
         *d = f;
     }