From: Victor Julien <victor@inliniac.net>
Date: Tue, 26 Oct 2021 09:09:51 +0000 (+0200)
Subject: flow: immediately evict tcp reused flows
X-Git-Tag: suricata-7.0.0-beta1~1280
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F6539%2Fhead;p=thirdparty%2Fsuricata.git

flow: immediately evict tcp reused flows

Since we already know we're going to no longer use it, might as well
evict it right away.
---

diff --git a/src/flow-hash.c b/src/flow-hash.c
index 9e8ea3d309..f43e9a8440 100644
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@@ -809,11 +809,17 @@ Flow *FlowGetFlowFromHash(ThreadVars *tv, FlowLookupStruct *fls,
             FromHashLockCMP(f);//FLOWLOCK_WRLOCK(f);
             /* found a matching flow that is not timed out */
             if (unlikely(TcpSessionPacketSsnReuse(p, f, f->protoctx) == 1)) {
-                f = TcpReuseReplace(tv, fls, fb, f, hash, p);
-                if (f == NULL) {
+                Flow *new_f = TcpReuseReplace(tv, fls, fb, f, hash, p);
+                if (f->use_cnt == 0) {
+                    if (prev_f == NULL) /* if we have no prev it means new_f is now our prev */
+                        prev_f = new_f;
+                    MoveToWorkQueue(tv, fls, fb, f, prev_f); /* evict old flow */
+                }
+                if (new_f == NULL) {
                     FBLOCK_UNLOCK(fb);
                     return NULL;
                 }
+                f = new_f;
             }
             FlowReference(dest, f);
             FBLOCK_UNLOCK(fb);