From: Victor Julien <victor@inliniac.net>
Date: Tue, 22 Jan 2019 20:00:57 +0000 (+0100)
Subject: af-packet: fix sync start for tpacket v3
X-Git-Tag: suricata-4.1.3~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cebbe06f70ffdbda86dea7435aa406b5d1b26bac;p=thirdparty%2Fsuricata.git

af-packet: fix sync start for tpacket v3

The tpacket-v3 implementation of the synchonize start logic would
not correctly consider the timestamp parameter, leading to threads
starting before synchronization between threads was complete.

Bug #2788
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 8a337e1224..baaba4f8ae 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -1329,12 +1329,20 @@ static int AFPReadAndDiscardFromRing(AFPThreadVars *ptv, struct timeval *synctv,
 
 #ifdef HAVE_TPACKET_V3
     if (ptv->flags & AFP_TPACKET_V3) {
+        int ret = 0;
         struct tpacket_block_desc *pbd;
         pbd = (struct tpacket_block_desc *) ptv->ring_v3[ptv->frame_offset].iov_base;
         *discarded_pkts += pbd->hdr.bh1.num_pkts;
+        struct tpacket3_hdr *ppd =
+            (struct tpacket3_hdr *)((uint8_t *)pbd + pbd->hdr.bh1.offset_to_first_pkt);
+        if (((time_t)ppd->tp_sec > synctv->tv_sec) ||
+                ((time_t)ppd->tp_sec == synctv->tv_sec &&
+                 (suseconds_t) (ppd->tp_nsec / 1000) > (suseconds_t)synctv->tv_usec)) {
+            ret = 1;
+        }
         AFPFlushBlock(pbd);
         ptv->frame_offset = (ptv->frame_offset + 1) % ptv->req3.tp_block_nr;
-        return 1;
+        return ret;
 
     } else
 #endif