detect: locking update

Make DeStateDetectStartDetection get it's own alstate pointer instead
of using the one that was passed to it. We now get and use it only
inside a flow lock.

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index a86c6b5319e1047d9e417801bf7d260f906f4b37..0b1ed1204e3cb5bf8a302eceaa02ad8124711f1a 100644 (file)
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -240,13 +240,14 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
 int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                                 DetectEngineThreadCtx *det_ctx,
                                 Signature *s, Packet *p, Flow *f, uint8_t flags,
-                                void *alstate, AppProto alproto, uint16_t alversion)
+                                AppProto alproto, uint16_t alversion)
 {
     DetectEngineAppInspectionEngine *engine = NULL;
     SigMatch *sm = NULL;
     uint16_t file_no_match = 0;
     uint32_t inspect_flags = 0;
 
+    void *alstate = NULL;
     HtpState *htp_state = NULL;
     SMBState *smb_state = NULL;
 
@@ -263,12 +264,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
 
     int alert_cnt = 0;
 
-    if (alstate == NULL)
-        goto end;
-
     if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
         FLOWLOCK_WRLOCK(f);
-
+        alstate = FlowGetAppState(f);
+        if (alstate == NULL) {
+            FLOWLOCK_UNLOCK(f);
+            goto end;
+        }
         if (alproto == ALPROTO_HTTP) {
             htp_state = (HtpState *)alstate;
             if (htp_state->conn == NULL) {
@@ -345,6 +347,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
                 alproto == ALPROTO_SMB2))
     {
+        FLOWLOCK_WRLOCK(f);
+        alstate = FlowGetAppState(f);
+        if (alstate == NULL) {
+            FLOWLOCK_UNLOCK(f);
+            goto end;
+        }
+
         KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_DMATCH);
         if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
             smb_state = (SMBState *)alstate;
@@ -374,6 +383,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
 
             }
         }
+        FLOWLOCK_UNLOCK(f);
     }
 
     KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
@@ -382,6 +392,11 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
         /* RDLOCK would be nicer, but at least tlsstore needs
          * write lock currently. */
         FLOWLOCK_WRLOCK(f);
+        alstate = FlowGetAppState(f);
+        if (alstate == NULL) {
+            FLOWLOCK_UNLOCK(f);
+            goto end;
+        }
 
         for (match = 0; sm != NULL; sm = sm->next) {
             match = 0;

diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h
index 1e47dd462dfba22be5bd1239d23a31ce1db4c0e1..46a81e63de3ef91b6cefb6c0b6a5bf0a7cf21b40 100644 (file)
--- a/src/detect-engine-state.h
+++ b/src/detect-engine-state.h
@@ -162,7 +162,6 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
  * \param s Pointer to the signature.
  * \param f Pointer to the flow.
  * \param flags Flags.
- * \param alstate App state.
  * \param alproto App protocol.
  * \param alversion Current app layer version.
  *
@@ -171,8 +170,7 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
 int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                                 DetectEngineThreadCtx *det_ctx,
                                 Signature *s, Packet *p, Flow *f, uint8_t flags,
-                                void *alstate, AppProto alproto,
-                                uint16_t alversion);
+                                AppProto alproto, uint16_t alversion);
 
 /**
  * \brief Continue DeState detection of the signatures stored in the state.

diff --git a/src/detect.c b/src/detect.c
index f569207c5a412b93ad094ada1ae09ba9ec8869b9..5baf359a25fe8516b027cf447016b99a3c36b270 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1511,7 +1511,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
              * can store the tx_id with the alert */
             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
             state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s,
-                                                 p, pflow, flags, alstate, alproto, alversion);
+                                                 p, pflow, flags, alproto, alversion);
             PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
             if (state_alert == 0)
                 goto next;