From: Russ Combs Date: Sun, 23 Oct 2016 18:48:20 +0000 (-0400) Subject: eliminate packet manager thread local for dst mac X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9685e3e61cfe9ce05a1a1dcffaf5ce61c2e07c7;p=thirdparty%2Fsnort3.git eliminate packet manager thread local for dst mac move packet manager thread local for encode packet to detection context using codec max for packet buffers --- diff --git a/src/codecs/root/cd_eth.cc b/src/codecs/root/cd_eth.cc index e54760f65..e8d6dbfab 100644 --- a/src/codecs/root/cd_eth.cc +++ b/src/codecs/root/cd_eth.cc @@ -164,25 +164,24 @@ bool EthCodec::encode(const uint8_t* const raw_in, const uint16_t /*raw_len*/, return false; eth::EtherHdr* ho = reinterpret_cast(buf.data()); - ho->ether_type = enc.ethertype_set() ? htons(to_utype(enc.next_ethertype)) : hi->ether_type; - - uint8_t* dst_mac = PacketManager::encode_get_dst_mac(); + ho->ether_type = enc.ethertype_set() ? + htons(to_utype(enc.next_ethertype)) : hi->ether_type; if ( enc.forward() ) { memcpy(ho->ether_src, hi->ether_src, sizeof(ho->ether_src)); - /*If user configured remote MAC address, use it*/ - if (nullptr != dst_mac) - memcpy(ho->ether_dst, dst_mac, sizeof(ho->ether_dst)); + + if ( snort_conf->eth_dst ) + memcpy(ho->ether_dst, snort_conf->eth_dst, sizeof(ho->ether_dst)); else memcpy(ho->ether_dst, hi->ether_dst, sizeof(ho->ether_dst)); } else { memcpy(ho->ether_src, hi->ether_dst, sizeof(ho->ether_src)); - /*If user configured remote MAC address, use it*/ - if (nullptr != dst_mac) - memcpy(ho->ether_dst, dst_mac, sizeof(ho->ether_dst)); + + if ( snort_conf->eth_dst ) + memcpy(ho->ether_dst, snort_conf->eth_dst, sizeof(ho->ether_dst)); else memcpy(ho->ether_dst, hi->ether_src, sizeof(ho->ether_dst)); } diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index 2c39a32e4..db1c64237 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -63,6 +63,12 @@ Packet* DetectionEngine::get_current_packet() Packet* DetectionEngine::get_packet() { return get_current_packet(); } +void DetectionEngine::set_encode_packet(Packet* p) +{ Snort::get_switcher()->get_context()->encode_packet = p; } + +Packet* DetectionEngine::get_encode_packet() +{ return Snort::get_switcher()->get_context()->encode_packet; } + MpseStash* DetectionEngine::get_stash() { return Snort::get_switcher()->get_context()->stash; } diff --git a/src/detection/detection_engine.h b/src/detection/detection_engine.h index b8330cbda..12fd50cf8 100644 --- a/src/detection/detection_engine.h +++ b/src/detection/detection_engine.h @@ -47,6 +47,9 @@ public: static Packet* set_packet(); static void clear_packet(); + static void set_encode_packet(Packet*); + static Packet* get_encode_packet(); + static class MpseStash* get_stash(); static uint8_t* get_buffer(unsigned& max); diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc index 277d69b3d..90b169cc8 100644 --- a/src/detection/ips_context.cc +++ b/src/detection/ips_context.cc @@ -57,8 +57,10 @@ IpsContext::IpsContext(unsigned size) : data(size ? size : IpsContextData::get_max_id() + 1, nullptr) { packet = new Packet(false); + encode_packet = nullptr; + pkth = new DAQ_PktHdr_t; - buf = new uint8_t[buf_size]; // FIXIT-H use codec max or let pkt do it? + buf = new uint8_t[buf_size]; const EventQueueConfig* qc = snort_conf->event_queue_config; equeue = sfeventq_new(qc->max_events, qc->log_events, sizeof(EventNode)); diff --git a/src/detection/ips_context.h b/src/detection/ips_context.h index cdd5be86b..8ba9ecf80 100644 --- a/src/detection/ips_context.h +++ b/src/detection/ips_context.h @@ -31,6 +31,7 @@ #include #include "main/snort_types.h" +#include "framework/codec.h" // required to get a decent decl of pkth #include "protocols/packet.h" @@ -64,6 +65,7 @@ public: public: Packet* packet; + Packet* encode_packet; DAQ_PktHdr_t* pkth; uint8_t* buf; @@ -73,7 +75,7 @@ public: struct SF_EVENTQ* equeue; - static const unsigned buf_size = 65536; + static const unsigned buf_size = Codec::PKT_MAX; private: std::vector data; diff --git a/src/main/snort.cc b/src/main/snort.cc index 50c78adaa..e22281c5d 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -866,7 +866,6 @@ DAQ_Verdict Snort::packet_callback( HighAvailabilityManager::process_update(s_packet->flow, pkthdr); Active::reset(); - PacketManager::encode_reset(); Stream::timeout_flows(pkthdr->ts.tv_sec); HighAvailabilityManager::process_receive(); diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc index 41fa8f30b..2d18031d9 100644 --- a/src/packet_io/active.cc +++ b/src/packet_io/active.cc @@ -173,9 +173,6 @@ bool Active::init(SnortConfig* sc) s_attempts = 0; #endif } - - if (NULL != sc->eth_dst) - PacketManager::encode_set_dst_mac(sc->eth_dst); } return true; } diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index 07c94f64b..c370e8b6e 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -65,12 +65,8 @@ const std::array PacketManager::stat_na }; // Encoder Foo -static THREAD_LOCAL Packet* encode_pkt = nullptr; static THREAD_LOCAL PegCount total_rebuilt_pkts = 0; -static THREAD_LOCAL std::array s_pkt { - { 0 } -}; -static THREAD_LOCAL uint8_t* dst_mac = nullptr; +static THREAD_LOCAL std::array s_pkt { { 0 } }; //------------------------------------------------------------------------- // Private helper functions @@ -351,8 +347,8 @@ bool PacketManager::encode(const Packet* p, IpProtocol next_prot, Buffer& buf) { - if ( encode_pkt ) - p = encode_pkt; + if ( Packet* pe = DetectionEngine::get_encode_packet() ) + p = pe; uint8_t ttl = GetTTL(p, (flags & ENC_FLAG_FWD)); if ( ttl ) @@ -812,18 +808,9 @@ void PacketManager::encode_update(Packet* p) // codec support and statistics //------------------------------------------------------------------------- -void PacketManager::encode_set_dst_mac(uint8_t* mac) -{ dst_mac = mac; } - -uint8_t* PacketManager::encode_get_dst_mac() -{ return dst_mac; } - uint64_t PacketManager::get_rebuilt_packet_count() { return total_rebuilt_pkts; } -void PacketManager::encode_set_pkt(Packet* p) -{ encode_pkt = p; } - uint16_t PacketManager::encode_get_max_payload(const Packet* p) { if ( !p->num_layers ) diff --git a/src/protocols/packet_manager.h b/src/protocols/packet_manager.h index b1fca5b98..191dda738 100644 --- a/src/protocols/packet_manager.h +++ b/src/protocols/packet_manager.h @@ -57,14 +57,6 @@ public: // decode this packet and set all relevent packet fields. static void decode(Packet*, const struct _daq_pkthdr*, const uint8_t*, bool cooked = false); - // when encoding, rather than copy the destination MAC address from the - // inbound packet, manually set the MAC address. - static void encode_set_dst_mac(uint8_t*); - - // get the MAC address which has been set using encode_set_dst_mac(). - // Useful for root decoders setting the MAC address - static uint8_t* encode_get_dst_mac(); - // update the packet's checksums and length variables. Call this function // after Snort has changed any data in this packet static void encode_update(Packet*); @@ -104,16 +96,9 @@ public: // get the number of packets which have been rebuilt by this thread static PegCount get_rebuilt_packet_count(); - // set the packet to be encoded. - static void encode_set_pkt(Packet* p); - // get the max payload for the current packet static uint16_t encode_get_max_payload(const Packet*); - // reset the current 'clone' packet - static void encode_reset() - { encode_set_pkt(NULL); } - // print codec information. MUST be called after thread_term. static void dump_stats(); diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index f1f71dbb8..5824eb253 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -738,13 +738,13 @@ static void FragRebuild(FragTracker* ft, Packet* p) #endif DetectionEngine de; - PacketManager::encode_set_pkt(p); + de.set_encode_packet(p); Snort::process_packet(dpkt, dpkt->pkth, dpkt->pkt, true); + de.set_encode_packet(nullptr); - trace_log(stream_ip, - "Done with rebuilt packet, marking rebuilt...\n"); + trace_log(stream_ip, "Done with rebuilt packet, marking rebuilt...\n"); - ft->frag_flags = ft->frag_flags | FRAG_REBUILT; + ft->frag_flags |= FRAG_REBUILT; } /**