git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <vjulien@oisf.net>
	Tue, 10 Jun 2025 09:33:03 +0000 (11:33 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 10 Jun 2025 20:13:54 +0000 (22:13 +0200)
commit	bdac028fc7ea97f0e50fbd0a24d995bced81c490
tree	9e45c4203be0626e8aab37026d522c7bea3c6cb8	tree
parent	6dbc42182501f199f5b6a887af607e4997756f03	commit \| diff

threading: fix shutdown of IPS autofp modes

For IPS modes with a verdict thread in autofp there was an issue with
the verdict thread not shutting down, leading to a long shutdown time
until an error condition was reached.

The problem was that when the packet threads, of which the verdict
thread is one, were told to enter their flow timeout loop the verdict
thread got stuck as it immediately progressed to THV_RUNNING_DONE
instead of the expected THV_FLOW_LOOP.

This patch updates the shutdown logic to only apply the flow timeout
logic to the relevant threads, and skip the verdict thread(s).

Add TM_FLAG_VERDICT_TM to indicate a thread has a verdict module to more
explicitly shut it down.

Fixes: 12f8f03532e5 ("threads: fix autofp shutdown race condition")
Bug: #7681.

src/source-ipfw.c		diff \| blob \| blame \| history
src/source-nfq.c		diff \| blob \| blame \| history
src/source-windivert.c		diff \| blob \| blame \| history
src/suricata.c		diff \| blob \| blame \| history
src/tm-modules.h		diff \| blob \| blame \| history
src/tm-threads.c		diff \| blob \| blame \| history
src/tm-threads.h		diff \| blob \| blame \| history