From: Russ Combs <rucombs@cisco.com>
Date: Wed, 19 Oct 2016 23:26:40 +0000 (-0400)
Subject: move wire and tcp rebuilt packets from thread local to IpsContext
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cea2d63ed3b3519fab1c290338ea7ae346f4eaf8;p=thirdparty%2Fsnort3.git

move wire and tcp rebuilt packets from thread local to IpsContext
---

diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc
index d5598d8e7..a15162dab 100644
--- a/src/detection/context_switcher.cc
+++ b/src/detection/context_switcher.cc
@@ -131,16 +131,20 @@ void ContextSwitcher::resume(unsigned slot)
     hold[slot] = nullptr;
 }
 
-void ContextSwitcher::set_context_data(unsigned id, IpsContextData* cd) const
+IpsContext* ContextSwitcher::get_context() const
 {
     assert(!busy.empty());
-    busy.back()->set_context_data(id, cd);
+    return busy.back();
 }
 
 IpsContextData* ContextSwitcher::get_context_data(unsigned id) const
 {
-    assert(!busy.empty());
-    return busy.back()->get_context_data(id);
+    return get_context()->get_context_data(id);
+}
+
+void ContextSwitcher::set_context_data(unsigned id, IpsContextData* cd) const
+{
+    get_context()->set_context_data(id, cd);
 }
 
 unsigned ContextSwitcher::idle_count() const
diff --git a/src/detection/context_switcher.h b/src/detection/context_switcher.h
index a775216e9..6d2eb2478 100644
--- a/src/detection/context_switcher.h
+++ b/src/detection/context_switcher.h
@@ -65,8 +65,9 @@ public:
     unsigned suspend();
     void resume(unsigned suspended);
 
-    void set_context_data(unsigned id, IpsContextData*) const;
+    IpsContext* get_context() const;
     IpsContextData* get_context_data(unsigned id) const;
+    void set_context_data(unsigned id, IpsContextData*) const;
 
     unsigned idle_count() const;
     unsigned busy_count() const;
diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc
index 000d4957b..afd0ffdd3 100644
--- a/src/detection/ips_context.cc
+++ b/src/detection/ips_context.cc
@@ -49,13 +49,19 @@ unsigned IpsContextData::get_max_id()
 //--------------------------------------------------------------------------
 
 IpsContext::IpsContext(unsigned size) : data(size, nullptr)
-{ }
+{
+    packet = new Packet(false);
+    pkth = new DAQ_PktHdr_t;
+}
 
 IpsContext::~IpsContext()
 {
     for ( auto* p : data )
         if ( p )
             delete p;
+
+    delete pkth;
+    delete packet;
 }
 
 void IpsContext::set_context_data(unsigned id, IpsContextData* cd)
diff --git a/src/detection/ips_context.h b/src/detection/ips_context.h
index 04ccb5e41..83619d477 100644
--- a/src/detection/ips_context.h
+++ b/src/detection/ips_context.h
@@ -31,6 +31,9 @@
 
 #include <vector>
 
+// required to get a decent decl of pkth
+#include "protocols/packet.h"
+
 class IpsContextData
 {
 public:
@@ -58,6 +61,10 @@ public:
     unsigned get_slot()
     { return slot; }
 
+public:
+    Packet* packet;
+    DAQ_PktHdr_t* pkth;
+
 private:
     std::vector<IpsContextData*> data;
     unsigned slot;
diff --git a/src/main/snort.cc b/src/main/snort.cc
index d3e77eac4..528f35673 100644
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -662,7 +662,6 @@ void Snort::thread_init_unprivileged()
     for ( unsigned i = 0; i < max_contexts; ++i )
         s_switcher->push(new IpsContext(max_data));
 
-    s_packet = new Packet(false);
     CodecManager::thread_init(snort_conf);
 
     // this depends on instantiated daq capabilities
@@ -708,11 +707,7 @@ void Snort::thread_term()
     HighAvailabilityManager::thread_term();
     SideChannelManager::thread_term();
 
-    if ( s_packet )
-    {
-        delete s_packet;
-        s_packet = nullptr;
-    }
+    s_packet = nullptr;
 
     SFDAQInstance *daq_instance = SFDAQ::get_local_instance();
     if ( daq_instance->was_started() )
@@ -736,6 +731,19 @@ void Snort::thread_term()
     delete s_switcher;
 }
 
+Packet* Snort::set_detect_packet()
+{
+    const IpsContext* c = s_switcher->interrupt();
+    Packet* p = c->packet;
+    p->pkth = c->pkth;
+    return p;
+}
+
+void Snort::clear_detect_packet()
+{
+    s_switcher->complete();
+}
+
 void Snort::detect_rebuilt_packet(Packet* p)
 {
     // Need to include this b/c call is outside the detect tree
@@ -862,6 +870,7 @@ DAQ_Verdict Snort::packet_callback(
         return DAQ_VERDICT_PASS;
 
     s_switcher->start();
+    s_packet = s_switcher->get_context()->packet;
 
     {
         Profile eventq_profile(eventqPerfStats);
diff --git a/src/main/snort.h b/src/main/snort.h
index 59080c9bc..a78cdb343 100644
--- a/src/main/snort.h
+++ b/src/main/snort.h
@@ -53,6 +53,8 @@ public:
     static void thread_rotate();
 
     static void capture_packet();
+    static Packet* set_detect_packet();
+    static void clear_detect_packet();
     static void detect_rebuilt_packet(Packet*);
 
     static DAQ_Verdict process_packet(
diff --git a/src/stream/libtcp/tcp_stream_session.cc b/src/stream/libtcp/tcp_stream_session.cc
index 1f4079ff1..683dd9d7b 100644
--- a/src/stream/libtcp/tcp_stream_session.cc
+++ b/src/stream/libtcp/tcp_stream_session.cc
@@ -469,18 +469,11 @@ void TcpStreamSession::start_proxy()
 
 void TcpStreamSession::sinit()
 {
-    s5_pkt = new Packet();
     //AtomSplitter::init();  // FIXIT-L PAF implement
 }
 
 void TcpStreamSession::sterm()
-{
-    if (s5_pkt)
-    {
-        delete s5_pkt;
-        s5_pkt = nullptr;
-    }
-}
+{ }
 
 void TcpStreamSession::print()
 {
diff --git a/src/stream/tcp/tcp_defs.h b/src/stream/tcp/tcp_defs.h
index 20fe0e288..18e282c5b 100644
--- a/src/stream/tcp/tcp_defs.h
+++ b/src/stream/tcp/tcp_defs.h
@@ -146,7 +146,5 @@ enum FlushPolicy
     STREAM_FLPOLICY_ON_DATA, /* protocol aware ips */
 };
 
-extern THREAD_LOCAL Packet* s5_pkt;
-
 #endif
 
diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index 080223492..d913f1229 100644
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -33,7 +33,7 @@
 #include "tcp_module.h"
 #include "tcp_normalizer.h"
 
-THREAD_LOCAL Packet* s5_pkt = nullptr;
+static THREAD_LOCAL Packet* s5_pkt = nullptr;
 
 ReassemblyPolicy stream_reassembly_policy_map[] =
 {
@@ -477,7 +477,8 @@ int TcpReassembler::flush_data_segments(Packet* p, uint32_t total)
             flags |= PKT_PDU_TAIL;
 
         const StreamBuffer* sb = tracker->splitter->reassemble(
-            p->flow, total, bytes_flushed, tsn->payload(), bytes_to_copy, flags, bytes_copied);
+            session->flow, total, bytes_flushed, tsn->payload(),
+            bytes_to_copy, flags, bytes_copied);
 
         flags = 0;
 
@@ -593,11 +594,20 @@ void TcpReassembler::prep_s5_pkt(Flow* flow, Packet* p, uint32_t pkt_flags)
 int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
 {
     Profile profile(s5TcpFlushPerfStats);
+    s5_pkt = Snort::set_detect_packet();
 
     DAQ_PktHdr_t pkth;
-    EncodeFlags enc_flags = 0;
-
     session->GetPacketHeaderFoo(&pkth, pkt_flags);
+
+    if ( !p )
+    {
+        // FIXIT-H we need to have user_policy_id in this case
+        // FIXIT-H this leads to format_tcp() copying from s5_pkt to s5_pkt
+        // (neither of these issues is created by passing null through to here)
+        p = s5_pkt;
+    }
+
+    EncodeFlags enc_flags = 0;
     PacketManager::format_tcp(enc_flags, p, s5_pkt, PSEUDO_PKT_TCP, &pkth, pkth.opaque);
     prep_s5_pkt(session->flow, p, pkt_flags);
 
@@ -612,14 +622,16 @@ int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
         uint32_t footprint = stop_seq - seglist_base_seq;
 
         if ( footprint == 0 )
+        {
+            Snort::clear_detect_packet();
             return bytes_processed;
+        }
 
         if ( footprint > s5_pkt->max_dsize )
             /* this is as much as we can pack into a stream buffer */
             footprint = s5_pkt->max_dsize;
 
-        ((DAQ_PktHdr_t*)s5_pkt->pkth)->ts.tv_sec = seglist.next->tv.tv_sec;
-        ((DAQ_PktHdr_t*)s5_pkt->pkth)->ts.tv_usec = seglist.next->tv.tv_usec;
+        ((DAQ_PktHdr_t*)s5_pkt->pkth)->ts = seglist.next->tv;
 
         /* setup the pseudopacket payload */
         s5_pkt->dsize = 0;
@@ -681,6 +693,7 @@ int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
             break;
     }
 
+    Snort::clear_detect_packet();
     return bytes_processed;
 }
 
@@ -811,17 +824,8 @@ int TcpReassembler::flush_stream(Packet* p, uint32_t dir)
 void TcpReassembler::final_flush(Packet* p, PegCount& peg, uint32_t dir)
 {
     if ( !p )
-    {
-        p = s5_pkt;
-
-        DAQ_PktHdr_t* const tmp_pcap_hdr = const_cast<DAQ_PktHdr_t*>(p->pkth);
         peg++;
 
-        /* Do each field individually because of size differences on 64bit OS */
-        tmp_pcap_hdr->ts.tv_sec = seglist.head->tv.tv_sec;
-        tmp_pcap_hdr->ts.tv_usec = seglist.head->tv.tv_usec;
-    }
-
     tracker->set_tf_flags(TF_FORCE_FLUSH);
 
     if ( flush_stream(p, dir) )
diff --git a/src/stream/tcp/tcp_tracker.h b/src/stream/tcp/tcp_tracker.h
index 6d571e27c..3a1d8bc27 100644
--- a/src/stream/tcp/tcp_tracker.h
+++ b/src/stream/tcp/tcp_tracker.h
@@ -47,14 +47,10 @@
 //    to set these fields
 //-------------------------------------------------------------------------
 
-class TcpNormalizer;
-class TcpReassembler;
-class TcpSession;
-
 class TcpTracker : public TcpStreamTracker
 {
 public:
-    TcpTracker(bool, TcpSession*);
+    TcpTracker(bool, class TcpSession*);
     virtual ~TcpTracker();
 
     void init_tcp_state() override;