From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Mon, 5 Nov 2018 21:42:11 +0000 (-0500)
Subject: Merge pull request #1421 in SNORT/snort3 from offload_no_onloads to master
X-Git-Tag: 3.0.0-249~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d77861057d56be034dfdf6a9cdbe1fa0c3c801ba;p=thirdparty%2Fsnort3.git

Merge pull request #1421 in SNORT/snort3 from offload_no_onloads to master

Squashed commit of the following:

commit 08c92b8e71cef3840a11930cb3728ac20d3ac1c3
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Tue Sep 11 14:04:10 2018 -0400

    stream, detection, flow: don't force onloads between pdus unless absolutey necessary
---

diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index 6fc1fdf2f..c5373dd9e 100644
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -358,9 +358,8 @@ bool DetectionEngine::offload(Packet* p)
         return false;
     }
     assert(p == p->context->packet);
-    onload(p->flow);  // FIXIT-L just assert !offloaded?
-
     assert(p->context == sw->get_context());
+
     unsigned id = sw->suspend();
 
     trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " de::offload %u (r=%d)\n",
diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index c8eada88f..868f2a36d 100644
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -430,9 +430,6 @@ unsigned FlowControl::process(Flow* flow, Packet* p)
     if ( p->proto_bits & PROTO_BIT__MPLS )
         flow->set_mpls_layer_per_dir(p);
 
-    if ( p->type() == PktType::PDU )  // FIXIT-H cooked or PDU?
-        DetectionEngine::onload(flow);
-
     switch ( flow->flow_state )
     {
     case Flow::FlowState::SETUP:
diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index a6312fe39..2149fe006 100644
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -526,7 +526,6 @@ void TcpReassembler::prep_pdu(
 Packet* TcpReassembler::initialize_pdu(
     TcpReassemblerState& trs, Packet* p, uint32_t pkt_flags, struct timeval tv)
 {
-    DetectionEngine::onload(trs.sos.session->flow);
     Packet* pdu = DetectionEngine::set_next_packet(p);
 
     EncodeFlags enc_flags = 0;
@@ -544,7 +543,6 @@ int TcpReassembler::_flush_to_seq(
     TcpReassemblerState& trs, uint32_t bytes, Packet* p, uint32_t pkt_flags)
 {
     DeepProfile profile(s5TcpFlushPerfStats);
-    DetectionEngine::onload(trs.sos.session->flow);
 
     if ( !p )
     {
@@ -882,7 +880,6 @@ uint32_t TcpReassembler::get_forward_packet_dir(TcpReassemblerState&, const Pack
 int32_t TcpReassembler::flush_pdu_ips(TcpReassemblerState& trs, uint32_t* flags)
 {
     DeepProfile profile(s5TcpPAFPerfStats);
-    DetectionEngine::onload(trs.sos.session->flow);
 
     uint32_t total = 0, avail;
     TcpSegmentNode* tsn;
@@ -956,7 +953,6 @@ void TcpReassembler::fallback(TcpReassemblerState& trs)
 int32_t TcpReassembler::flush_pdu_ackd(TcpReassemblerState& trs, uint32_t* flags)
 {
     DeepProfile profile(s5TcpPAFPerfStats);
-    DetectionEngine::onload(trs.sos.session->flow);
 
     uint32_t total = 0;
     TcpSegmentNode* tsn =
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 8fcde36a6..7f8f72440 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -149,8 +149,6 @@ void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool re
     tcp_init = false;
     tcpStats.released++;
 
-    DetectionEngine::onload(flow);
-
     if ( flush_segments )
     {
         client.reassembler.flush_queued_segments(flow, true, p);
@@ -600,10 +598,8 @@ void TcpSession::update_session_on_rst(TcpSegmentDescriptor& tsd, bool flush)
 {
     if ( flush )
     {
-        DetectionEngine::onload(flow);
         flush_listener(tsd.get_pkt(), true);
         flush_talker(tsd.get_pkt(), true);
-        DetectionEngine::onload(flow);  // FIXIT-H don't allow offload above
         set_splitter(true, nullptr);
         set_splitter(false, nullptr);
     }
diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc
index 58334805b..5fb877845 100644
--- a/src/stream/user/user_session.cc
+++ b/src/stream/user/user_session.cc
@@ -168,7 +168,6 @@ int UserTracker::scan(Packet* p, uint32_t& flags)
     if ( seg_list.empty() )
         return -1;
 
-    DetectionEngine::onload(p->flow);
     std::list<UserSegment*>::iterator it;
 
     for ( it = seg_list.begin(); it != seg_list.end(); ++it)
@@ -252,8 +251,6 @@ void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags)
 
 void UserTracker::process(Packet* p)
 {
-    DetectionEngine::onload(p->flow);
-
     uint32_t flags = 0;
     int flush_amt = scan(p, flags);