aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: use engine version instead of id

Browse Source 
Use engine version based on global detect engine master. This is
incremented between reloads.
pull/2559/head
Victor Julien 9 years ago
parent 920709fe6f
commit 43cc06eabe
7 changed files with 42 additions and 15 deletions
Show Stats Download Patch File Download Diff File

31
src/detect-engine.c
Unescape Escape View File

@ -84,15 +84,13 @@
#define DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000
static uint32_t detect_engine_ctx_id = 1;
static DetectEngineThreadCtx *DetectEngineThreadCtxInitForReload(
ThreadVars *tv, DetectEngineCtx *new_de_ctx, int mt);
static int DetectEngineCtxLoadConf(DetectEngineCtx *);
static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER,
0, NULL, NULL, TENANT_SELECTOR_UNKNOWN, NULL, NULL, 0};
0, 99, NULL, NULL, TENANT_SELECTOR_UNKNOWN, NULL, NULL, 0};
static uint32_t TenantIdHash(HashTable *h, void *data, uint16_t data_len);
static char TenantIdCompare(void *d1, uint16_t d1_len, void *d2, uint16_t d2_len);
@ -906,7 +904,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
if (minimal) {
de_ctx->minimal = 1;
de_ctx->id = detect_engine_ctx_id++;
de_ctx->version = DetectEngineGetVersion();
SCLogDebug("minimal with version %u", de_ctx->version);
return de_ctx;
}
@ -958,7 +957,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
goto error;
}
de_ctx->id = detect_engine_ctx_id++;
de_ctx->version = DetectEngineGetVersion();
SCLogDebug("dectx with version %u", de_ctx->version);
return de_ctx;
error:
if (de_ctx != NULL) {
@ -2054,6 +2054,25 @@ int DetectEngineEnabled(void)
return 1;
}
uint32_t DetectEngineGetVersion(void)
{
uint32_t version;
DetectEngineMasterCtx *master = &g_master_de_ctx;
SCMutexLock(&master->lock);
version = master->version;
SCMutexUnlock(&master->lock);
return version;
}
void DetectEngineBumpVersion(void)
{
DetectEngineMasterCtx *master = &g_master_de_ctx;
SCMutexLock(&master->lock);
master->version++;
SCLogDebug("master version now %u", master->version);
SCMutexUnlock(&master->lock);
}
DetectEngineCtx *DetectEngineGetCurrent(void)
{
DetectEngineMasterCtx *master = &g_master_de_ctx;
@ -2827,6 +2846,8 @@ int DetectEngineReload(SCInstance *suri)
/* walk free list, freeing the old_de_ctx */
DetectEnginePruneFreeList();
DetectEngineBumpVersion();
SCLogDebug("old_de_ctx should have been freed");
SCLogNotice("rule reload complete");

2
src/detect-engine.h
Unescape Escape View File

@ -66,6 +66,8 @@ void DetectEngineResetMaxSigId(DetectEngineCtx *);
void DetectEngineRegisterTests(void);
const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type);
uint32_t DetectEngineGetVersion(void);
void DetectEngineBumpVersion(void);
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx);
DetectEngineCtx *DetectEngineGetCurrent(void);
DetectEngineCtx *DetectEngineGetByTenantId(int tenant_id);

8
src/detect.c
Unescape Escape View File

@ -1093,17 +1093,17 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
/* live ruleswap check for flow updates */
if (pflow->de_ctx_id == 0) {
if (pflow->de_ctx_version == 0) {
/* first time this flow is inspected, set id */
pflow->de_ctx_id = de_ctx->id;
} else if (pflow->de_ctx_id != de_ctx->id) {
pflow->de_ctx_version = de_ctx->version;
} else if (pflow->de_ctx_version != de_ctx->version) {
/* first time we inspect flow with this de_ctx, reset */
pflow->flags &= ~FLOW_SGH_TOSERVER;
pflow->flags &= ~FLOW_SGH_TOCLIENT;
pflow->sgh_toserver = NULL;
pflow->sgh_toclient = NULL;
pflow->de_ctx_id = de_ctx->id;
pflow->de_ctx_version = de_ctx->version;
GenericVarFree(pflow->flowvar);
pflow->flowvar = NULL;

7
src/detect.h
Unescape Escape View File

@ -669,8 +669,8 @@ typedef struct DetectEngineCtx_ {
/* the max local id used amongst all sigs */
int32_t byte_extract_max_local_id;
/* id used by every detect engine ctx instance */
uint32_t id;
/** version of the detect engine */
uint32_t version;
/** sgh for signatures that match against invalid packets. In those cases
* we can't lookup by proto, address, port as we don't have these */
@ -1117,6 +1117,9 @@ typedef struct DetectEngineMasterCtx_ {
/** enable multi tenant mode */
int multi_tenant_enabled;
/** version, incremented after each 'apply to threads' */
uint32_t version;
/** list of active detection engines. This list is used to generate the
* threads det_ctx's */
DetectEngineCtx *list;

4
src/flow-util.h
Unescape Escape View File

@ -55,7 +55,7 @@
(f)->alproto = 0; \
(f)->alproto_ts = 0; \
(f)->alproto_tc = 0; \
(f)->de_ctx_id = 0; \
(f)->de_ctx_version = 0; \
(f)->thread_id = 0; \
(f)->detect_alversion[0] = 0; \
(f)->detect_alversion[1] = 0; \
@ -97,7 +97,7 @@
(f)->alproto = 0; \
(f)->alproto_ts = 0; \
(f)->alproto_tc = 0; \
(f)->de_ctx_id = 0; \
(f)->de_ctx_version = 0; \
(f)->thread_id = 0; \
(f)->detect_alversion[0] = 0; \
(f)->detect_alversion[1] = 0; \

4
src/flow.h
Unescape Escape View File

@ -384,10 +384,10 @@ typedef struct Flow_
AppProto alproto_ts;
AppProto alproto_tc;
/** detection engine ctx id used to inspect this flow. Set at initial
/** detection engine ctx version used to inspect this flow. Set at initial
* inspection. If it doesn't match the currently in use de_ctx, the
* stored sgh ptrs are reset. */
uint32_t de_ctx_id;
uint32_t de_ctx_version;
/** Thread ID for the stream/detect portion of this flow */
FlowThreadId thread_id;

1
src/suricata.c
Unescape Escape View File

@ -2519,6 +2519,7 @@ static void PostConfLoadedDetectSetup(SCInstance *suri)
}
DetectEngineAddToMaster(de_ctx);
DetectEngineBumpVersion();
} else {
/* tell the app layer to consider only the log id */
RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveLogOnly);

Write Preview
Loading…
Cancel
Save