aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

decode/tunnel: improve tunnel handling

Browse Source 
Give each packet explicit tunnel type `ttype`: none, root, child.

Assigning happens when a (tunnel) packet is set up and is thread
safe.
pull/10629/head
Victor Julien 3 years ago committed by Victor Julien
parent 9bc42e3b34
commit 6066c4d6e7
16 changed files with 95 additions and 70 deletions
Show Stats Download Patch File Download Diff File

35
src/decode.c
Unescape Escape View File

@ -335,13 +335,15 @@ Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *pare
p->livedev = parent->livedev; p->livedev = parent->livedev;
/* set the root ptr to the lowest layer */ /* set the root ptr to the lowest layer */
if (parent->root != NULL) if (parent->root != NULL) {
p->root = parent->root; p->root = parent->root;
else BUG_ON(parent->ttype != PacketTunnelChild);
} else {
p->root = parent; p->root = parent;
parent->ttype = PacketTunnelRoot;
}
/* tell new packet it's part of a tunnel */ /* tell new packet it's part of a tunnel */
SET_TUNNEL_PKT(p); p->ttype = PacketTunnelChild;
ret = DecodeTunnel(tv, dtv, p, GET_PKT_DATA(p), ret = DecodeTunnel(tv, dtv, p, GET_PKT_DATA(p),
GET_PKT_LEN(p), proto); GET_PKT_LEN(p), proto);
@ -351,18 +353,15 @@ Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *pare
{ {
/* Not a (valid) tunnel packet */ /* Not a (valid) tunnel packet */
SCLogDebug("tunnel packet is invalid"); SCLogDebug("tunnel packet is invalid");
p->root = NULL; p->root = NULL;
UNSET_TUNNEL_PKT(p);
TmqhOutputPacketpool(tv, p); TmqhOutputPacketpool(tv, p);
SCReturnPtr(NULL, "Packet"); SCReturnPtr(NULL, "Packet");
} }
/* Update tunnel settings in parent */
/* tell parent packet it's part of a tunnel */ if (parent->root == NULL) {
SET_TUNNEL_PKT(parent); parent->ttype = PacketTunnelRoot;
}
/* increment tunnel packet refcnt in the root packet */
TUNNEL_INCR_PKT_TPR(p); TUNNEL_INCR_PKT_TPR(p);
/* disable payload (not packet) inspection on the parent, as the payload /* disable payload (not packet) inspection on the parent, as the payload
@ -397,10 +396,15 @@ Packet *PacketDefragPktSetup(Packet *parent, const uint8_t *pkt, uint32_t len, u
} }
/* set the root ptr to the lowest layer */ /* set the root ptr to the lowest layer */
if (parent->root != NULL) if (parent->root != NULL) {
p->root = parent->root; p->root = parent->root;
else BUG_ON(parent->ttype != PacketTunnelChild);
} else {
p->root = parent; p->root = parent;
// we set parent->ttype later
}
/* tell new packet it's part of a tunnel */
p->ttype = PacketTunnelChild;
/* copy packet and set length, proto */ /* copy packet and set length, proto */
if (pkt && len) { if (pkt && len) {
@ -410,8 +414,6 @@ Packet *PacketDefragPktSetup(Packet *parent, const uint8_t *pkt, uint32_t len, u
p->ts = parent->ts; p->ts = parent->ts;
p->datalink = DLT_RAW; p->datalink = DLT_RAW;
p->tenant_id = parent->tenant_id; p->tenant_id = parent->tenant_id;
/* tell new packet it's part of a tunnel */
SET_TUNNEL_PKT(p);
memcpy(&p->vlan_id[0], &parent->vlan_id[0], sizeof(p->vlan_id)); memcpy(&p->vlan_id[0], &parent->vlan_id[0], sizeof(p->vlan_id));
p->vlan_idx = parent->vlan_idx; p->vlan_idx = parent->vlan_idx;
p->livedev = parent->livedev; p->livedev = parent->livedev;
@ -426,7 +428,8 @@ Packet *PacketDefragPktSetup(Packet *parent, const uint8_t *pkt, uint32_t len, u
void PacketDefragPktSetupParent(Packet *parent) void PacketDefragPktSetupParent(Packet *parent)
{ {
/* tell parent packet it's part of a tunnel */ /* tell parent packet it's part of a tunnel */
SET_TUNNEL_PKT(parent); if (parent->ttype == PacketTunnelNone)
parent->ttype = PacketTunnelRoot;
/* increment tunnel packet refcnt in the root packet */ /* increment tunnel packet refcnt in the root packet */
TUNNEL_INCR_PKT_TPR(parent); TUNNEL_INCR_PKT_TPR(parent);

58
src/decode.h
Unescape Escape View File

@ -407,6 +407,12 @@ enum PacketDropReason {
PKT_DROP_REASON_MAX, PKT_DROP_REASON_MAX,
}; };
enum PacketTunnelType {
PacketTunnelNone,
PacketTunnelRoot,
PacketTunnelChild,
};
/* forward declaration since Packet struct definition requires this */ /* forward declaration since Packet struct definition requires this */
struct PacketQueue_; struct PacketQueue_;
@ -472,6 +478,9 @@ typedef struct Packet_
* hash size still */ * hash size still */
uint32_t flow_hash; uint32_t flow_hash;
/* tunnel type: none, root or child */
enum PacketTunnelType ttype;
SCTime_t ts; SCTime_t ts;
union { union {
@ -618,7 +627,7 @@ typedef struct Packet_
/* enum PacketDropReason::PKT_DROP_REASON_* as uint8_t for compactness */ /* enum PacketDropReason::PKT_DROP_REASON_* as uint8_t for compactness */
uint8_t drop_reason; uint8_t drop_reason;
/* has tunnel been verdicted? */ /** has verdict on this tunneled packet been issued? */
bool tunnel_verdicted; bool tunnel_verdicted;
/* tunnel/encapsulation handling */ /* tunnel/encapsulation handling */
@ -649,8 +658,8 @@ typedef struct Packet_
/** lock to protect access to: /** lock to protect access to:
* - tunnel_rtv_cnt * - tunnel_rtv_cnt
* - tunnel_tpr_cnt * - tunnel_tpr_cnt
* - nfq_v.mark * - tunnel_verdicted
* - flags * - nfq_v.mark (if p->ttype != PacketTunnelNone)
*/ */
SCSpinlock tunnel_lock; SCSpinlock tunnel_lock;
} persistent; } persistent;
@ -799,13 +808,14 @@ static inline void TUNNEL_INCR_PKT_TPR(Packet *p)
#define TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt) #define TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)
#define TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt) #define TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)
#define IS_TUNNEL_PKT(p) (((p)->flags & PKT_TUNNEL)) static inline bool PacketTunnelIsVerdicted(const Packet *p)
#define SET_TUNNEL_PKT(p) ((p)->flags |= PKT_TUNNEL) {
#define UNSET_TUNNEL_PKT(p) ((p)->flags &= ~PKT_TUNNEL) return p->tunnel_verdicted;
#define IS_TUNNEL_ROOT_PKT(p) (IS_TUNNEL_PKT(p) && (p)->root == NULL) }
static inline void PacketTunnelSetVerdicted(Packet *p)
#define IS_TUNNEL_PKT_VERDICTED(p) (p)->tunnel_verdicted {
#define SET_TUNNEL_PKT_VERDICTED(p) (p)->tunnel_verdicted = true p->tunnel_verdicted = true;
}
enum DecodeTunnelProto { enum DecodeTunnelProto {
DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ETHERNET,
@ -1017,8 +1027,7 @@ void DecodeUnregisterCounters(void);
depth reached. */ depth reached. */
#define PKT_STREAM_NOPCAPLOG BIT_U32(12) #define PKT_STREAM_NOPCAPLOG BIT_U32(12)
#define PKT_TUNNEL BIT_U32(13) // vacancy 2x
// vacancy
/** Packet checksum is not computed (TX packet for example) */ /** Packet checksum is not computed (TX packet for example) */
#define PKT_IGNORE_CHECKSUM BIT_U32(15) #define PKT_IGNORE_CHECKSUM BIT_U32(15)
@ -1094,6 +1103,26 @@ static inline void DecodeSetNoPacketInspectionFlag(Packet *p)
p->flags |= PKT_NOPACKET_INSPECTION; p->flags |= PKT_NOPACKET_INSPECTION;
} }
static inline bool PacketIsTunnelRoot(const Packet *p)
{
return (p->ttype == PacketTunnelRoot);
}
static inline bool PacketIsTunnelChild(const Packet *p)
{
return (p->ttype == PacketTunnelChild);
}
static inline bool PacketIsTunnel(const Packet *p)
{
return (p->ttype != PacketTunnelNone);
}
static inline bool PacketIsNotTunnel(const Packet *p)
{
return (p->ttype == PacketTunnelNone);
}
/** \brief return true if *this* packet needs to trigger a verdict. /** \brief return true if *this* packet needs to trigger a verdict.
* *
* If we have the root packet, and we have none outstanding, * If we have the root packet, and we have none outstanding,
@ -1113,10 +1142,11 @@ static inline bool VerdictTunnelPacket(Packet *p)
SCLogDebug("tunnel: outstanding %u", outstanding); SCLogDebug("tunnel: outstanding %u", outstanding);
/* if there are packets outstanding, we won't verdict this one */ /* if there are packets outstanding, we won't verdict this one */
if (IS_TUNNEL_ROOT_PKT(p) && !IS_TUNNEL_PKT_VERDICTED(p) && !outstanding) { if (PacketIsTunnelRoot(p) && !PacketTunnelIsVerdicted(p) && !outstanding) {
// verdict // verdict
SCLogDebug("root %p: verdict", p); SCLogDebug("root %p: verdict", p);
} else if (!IS_TUNNEL_ROOT_PKT(p) && outstanding == 1 && p->root && IS_TUNNEL_PKT_VERDICTED(p->root)) { } else if (PacketIsTunnelChild(p) && outstanding == 1 && p->root &&
PacketTunnelIsVerdicted(p->root)) {
// verdict // verdict
SCLogDebug("tunnel %p: verdict", p); SCLogDebug("tunnel %p: verdict", p);
} else { } else {

10
src/defrag.c
Unescape Escape View File

@ -873,10 +873,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
r = Defrag4Reassemble(tv, tracker, p); r = Defrag4Reassemble(tv, tracker, p);
if (r != NULL && tv != NULL && dtv != NULL) { if (r != NULL && tv != NULL && dtv != NULL) {
StatsIncr(tv, dtv->counter_defrag_ipv4_reassembled); StatsIncr(tv, dtv->counter_defrag_ipv4_reassembled);
if (DecodeIPV4(tv, dtv, r, (void *)r->ip4h, if (DecodeIPV4(tv, dtv, r, (void *)r->ip4h, IPV4_GET_IPLEN(r)) != TM_ECODE_OK) {
IPV4_GET_IPLEN(r)) != TM_ECODE_OK) {
UNSET_TUNNEL_PKT(r);
r->root = NULL; r->root = NULL;
TmqhOutputPacketpool(tv, r); TmqhOutputPacketpool(tv, r);
r = NULL; r = NULL;
@ -890,10 +887,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
if (r != NULL && tv != NULL && dtv != NULL) { if (r != NULL && tv != NULL && dtv != NULL) {
StatsIncr(tv, dtv->counter_defrag_ipv6_reassembled); StatsIncr(tv, dtv->counter_defrag_ipv6_reassembled);
if (DecodeIPV6(tv, dtv, r, (uint8_t *)r->ip6h, if (DecodeIPV6(tv, dtv, r, (uint8_t *)r->ip6h,
IPV6_GET_PLEN(r) + IPV6_HEADER_LEN) IPV6_GET_PLEN(r) + IPV6_HEADER_LEN) != TM_ECODE_OK) {
!= TM_ECODE_OK) {
UNSET_TUNNEL_PKT(r);
r->root = NULL; r->root = NULL;
TmqhOutputPacketpool(tv, r); TmqhOutputPacketpool(tv, r);
r = NULL; r = NULL;

2
src/detect-mark.c
Unescape Escape View File

@ -228,7 +228,7 @@ static int DetectMarkPacket(DetectEngineThreadCtx *det_ctx, Packet *p,
#ifdef NFQ #ifdef NFQ
const DetectMarkData *nf_data = (const DetectMarkData *)ctx; const DetectMarkData *nf_data = (const DetectMarkData *)ctx;
if (nf_data->mask) { if (nf_data->mask) {
if (!(IS_TUNNEL_PKT(p))) { if (PacketIsNotTunnel(p)) {
/* coverity[missing_lock] */ /* coverity[missing_lock] */
p->nfq_v.mark = (nf_data->mark & nf_data->mask) p->nfq_v.mark = (nf_data->mark & nf_data->mask)
| (p->nfq_v.mark & ~(nf_data->mask)); | (p->nfq_v.mark & ~(nf_data->mask));

10
src/log-pcap.c
Unescape Escape View File

@ -245,7 +245,7 @@ static bool PcapLogCondition(ThreadVars *tv, void *thread_data, const Packet *p)
return false; return false;
} }
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { if (p->ttype == PacketTunnelChild) {
return false; return false;
} }
return true; return true;
@ -379,7 +379,7 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
PCAPLOG_PROFILE_START; PCAPLOG_PROFILE_START;
int datalink = p->datalink; int datalink = p->datalink;
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { if (p->ttype == PacketTunnelChild) {
Packet *real_p = p->root; Packet *real_p = p->root;
datalink = real_p->datalink; datalink = real_p->datalink;
} }
@ -588,7 +588,7 @@ static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
pl->pkt_cnt++; pl->pkt_cnt++;
pl->h->ts.tv_sec = SCTIME_SECS(p->ts); pl->h->ts.tv_sec = SCTIME_SECS(p->ts);
pl->h->ts.tv_usec = SCTIME_USECS(p->ts); pl->h->ts.tv_usec = SCTIME_USECS(p->ts);
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { if (p->ttype == PacketTunnelChild) {
rp = p->root; rp = p->root;
pl->h->caplen = GET_PKT_LEN(rp); pl->h->caplen = GET_PKT_LEN(rp);
pl->h->len = GET_PKT_LEN(rp); pl->h->len = GET_PKT_LEN(rp);
@ -666,7 +666,7 @@ static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
/* PcapLogDumpSegment has written over the PcapLogData variables so need to update */ /* PcapLogDumpSegment has written over the PcapLogData variables so need to update */
pl->h->ts.tv_sec = SCTIME_SECS(p->ts); pl->h->ts.tv_sec = SCTIME_SECS(p->ts);
pl->h->ts.tv_usec = SCTIME_USECS(p->ts); pl->h->ts.tv_usec = SCTIME_USECS(p->ts);
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { if (p->ttype == PacketTunnelChild) {
rp = p->root; rp = p->root;
pl->h->caplen = GET_PKT_LEN(rp); pl->h->caplen = GET_PKT_LEN(rp);
pl->h->len = GET_PKT_LEN(rp); pl->h->len = GET_PKT_LEN(rp);
@ -679,7 +679,7 @@ static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
} }
} }
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { if (p->ttype == PacketTunnelChild) {
rp = p->root; rp = p->root;
#ifdef HAVE_LIBLZ4 #ifdef HAVE_LIBLZ4
ret = PcapWrite(pl, comp, GET_PKT_DATA(rp), len); ret = PcapWrite(pl, comp, GET_PKT_DATA(rp), len);

2
src/output-json-alert.c
Unescape Escape View File

@ -562,7 +562,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
/* alert */ /* alert */
AlertJsonHeader(json_output_ctx, p, pa, jb, json_output_ctx->flags, &addr, xff_buffer); AlertJsonHeader(json_output_ctx, p, pa, jb, json_output_ctx->flags, &addr, xff_buffer);
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
AlertJsonTunnel(p, jb); AlertJsonTunnel(p, jb);
} }

1
src/packet.c
Unescape Escape View File

@ -103,6 +103,7 @@ void PacketReinit(Packet *p)
p->vlan_id[0] = 0; p->vlan_id[0] = 0;
p->vlan_id[1] = 0; p->vlan_id[1] = 0;
p->vlan_idx = 0; p->vlan_idx = 0;
p->ttype = PacketTunnelNone;
SCTIME_INIT(p->ts); SCTIME_INIT(p->ts);
p->datalink = 0; p->datalink = 0;
p->drop_reason = 0; p->drop_reason = 0;

2
src/respond-reject.c
Unescape Escape View File

@ -69,7 +69,7 @@ static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
return TM_ECODE_OK; return TM_ECODE_OK;
} }

4
src/source-af-packet.c
Unescape Escape View File

@ -2194,7 +2194,7 @@ static int AFPBypassCallback(Packet *p)
/* Bypassing tunneled packets is currently not supported /* Bypassing tunneled packets is currently not supported
* because we can't discard the inner packet only due to * because we can't discard the inner packet only due to
* primitive parsing in eBPF */ * primitive parsing in eBPF */
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
return 0; return 0;
} }
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p)) {
@ -2349,7 +2349,7 @@ static int AFPXDPBypassCallback(Packet *p)
/* Bypassing tunneled packets is currently not supported /* Bypassing tunneled packets is currently not supported
* because we can't discard the inner packet only due to * because we can't discard the inner packet only due to
* primitive parsing in eBPF */ * primitive parsing in eBPF */
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
return 0; return 0;
} }
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p)) {

7
src/source-ipfw.c
Unescape Escape View File

@ -614,9 +614,8 @@ TmEcode VerdictIPFW(ThreadVars *tv, Packet *p, void *data)
} }
/* This came from NFQ. /* This came from NFQ.
* if this is a tunnel packet we check if we are ready to verdict * If this is a tunnel packet we check if we are ready to verdict already. */
* already. */ if (PacketIsTunnel(p)) {
if (IS_TUNNEL_PKT(p)) {
bool verdict = VerdictTunnelPacket(p); bool verdict = VerdictTunnelPacket(p);
/* don't verdict if we are not ready */ /* don't verdict if we are not ready */
@ -628,7 +627,7 @@ TmEcode VerdictIPFW(ThreadVars *tv, Packet *p, void *data)
/* no tunnel, verdict normally */ /* no tunnel, verdict normally */
SCLogDebug("Setting verdict on non-tunnel"); SCLogDebug("Setting verdict on non-tunnel");
retval = IPFWSetVerdict(tv, ptv, p); retval = IPFWSetVerdict(tv, ptv, p);
} /* IS_TUNNEL_PKT end */ }
SCReturnInt(retval); SCReturnInt(retval);
} }

4
src/source-nfq.c
Unescape Escape View File

@ -496,7 +496,7 @@ static void NFQReleasePacket(Packet *p)
*/ */
static int NFQBypassCallback(Packet *p) static int NFQBypassCallback(Packet *p)
{ {
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
/* real tunnels may have multiple flows inside them, so bypass can't /* real tunnels may have multiple flows inside them, so bypass can't
* work for those. Rebuilt packets from IP fragments are fine. */ * work for those. Rebuilt packets from IP fragments are fine. */
if (p->flags & PKT_REBUILT_FRAGMENT) { if (p->flags & PKT_REBUILT_FRAGMENT) {
@ -1186,7 +1186,7 @@ TmEcode VerdictNFQ(ThreadVars *tv, Packet *p, void *data)
{ {
/* if this is a tunnel packet we check if we are ready to verdict /* if this is a tunnel packet we check if we are ready to verdict
* already. */ * already. */
if (IS_TUNNEL_PKT(p)) { if (p->ttype != PacketTunnelNone) {
SCLogDebug("tunnel pkt: %p/%p %s", p, p->root, p->root ? "upper layer" : "root"); SCLogDebug("tunnel pkt: %p/%p %s", p, p->root, p->root ? "upper layer" : "root");
bool verdict = VerdictTunnelPacket(p); bool verdict = VerdictTunnelPacket(p);
/* don't verdict if we are not ready */ /* don't verdict if we are not ready */

2
src/source-pfring.c
Unescape Escape View File

@ -310,7 +310,7 @@ static int PfringBypassCallback(Packet *p)
} }
/* Bypassing tunneled packets is currently not supported */ /* Bypassing tunneled packets is currently not supported */
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
return 0; return 0;
} }

2
src/source-windivert.c
Unescape Escape View File

@ -769,7 +769,7 @@ static TmEcode WinDivertVerdictHelper(ThreadVars *tv, Packet *p)
/* we can't verdict tunnel packets without ensuring all encapsulated /* we can't verdict tunnel packets without ensuring all encapsulated
* packets are verdicted */ * packets are verdicted */
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
bool finalVerdict = VerdictTunnelPacket(p); bool finalVerdict = VerdictTunnelPacket(p);
if (!finalVerdict) { if (!finalVerdict) {
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);

2
src/stream-tcp-list.c
Unescape Escape View File

@ -618,7 +618,7 @@ static void StreamTcpSegmentAddPacketData(
return; return;
} }
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { if (PacketIsTunnelChild(p)) {
Packet *rp = p->root; Packet *rp = p->root;
StreamTcpSegmentAddPacketDataDo(seg, rp, p); StreamTcpSegmentAddPacketDataDo(seg, rp, p);
} else { } else {

20
src/tmqh-packetpool.c
Unescape Escape View File

@ -337,7 +337,7 @@ void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
SCEnter(); SCEnter();
SCLogDebug("Packet %p, p->root %p, alloced %s", p, p->root, BOOL2STR(p->pool == NULL)); SCLogDebug("Packet %p, p->root %p, alloced %s", p, p->root, BOOL2STR(p->pool == NULL));
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
SCLogDebug("Packet %p is a tunnel packet: %s", SCLogDebug("Packet %p is a tunnel packet: %s",
p,p->root ? "upper layer" : "tunnel root"); p,p->root ? "upper layer" : "tunnel root");
@ -345,9 +345,9 @@ void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
SCSpinlock *lock = p->root ? &p->root->persistent.tunnel_lock : &p->persistent.tunnel_lock; SCSpinlock *lock = p->root ? &p->root->persistent.tunnel_lock : &p->persistent.tunnel_lock;
SCSpinLock(lock); SCSpinLock(lock);
if (IS_TUNNEL_ROOT_PKT(p)) { if (PacketIsTunnelRoot(p)) {
SCLogDebug("IS_TUNNEL_ROOT_PKT == TRUE"); SCLogDebug("IS_TUNNEL_ROOT_PKT == TRUE");
CaptureStatsUpdate(t, p); CaptureStatsUpdate(t, p); // TODO move out of lock
const uint16_t outstanding = TUNNEL_PKT_TPR(p) - TUNNEL_PKT_RTV(p); const uint16_t outstanding = TUNNEL_PKT_TPR(p) - TUNNEL_PKT_RTV(p);
SCLogDebug("root pkt: outstanding %u", outstanding); SCLogDebug("root pkt: outstanding %u", outstanding);
@ -366,7 +366,7 @@ void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
* packets, return this to the pool. It's still referenced * packets, return this to the pool. It's still referenced
* by the tunnel packets, and we will return it * by the tunnel packets, and we will return it
* when we handle them */ * when we handle them */
SET_TUNNEL_PKT_VERDICTED(p); PacketTunnelSetVerdicted(p);
PACKET_PROFILING_END(p); PACKET_PROFILING_END(p);
SCSpinUnlock(lock); SCSpinUnlock(lock);
@ -381,9 +381,7 @@ void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
/* all tunnel packets are processed except us. Root already /* all tunnel packets are processed except us. Root already
* processed. So return tunnel pkt and root packet to the * processed. So return tunnel pkt and root packet to the
* pool. */ * pool. */
if (outstanding == 0 && if (outstanding == 0 && p->root && PacketTunnelIsVerdicted(p->root)) {
p->root && IS_TUNNEL_PKT_VERDICTED(p->root))
{
SCLogDebug("root verdicted == true && no outstanding"); SCLogDebug("root verdicted == true && no outstanding");
/* handle freeing the root as well*/ /* handle freeing the root as well*/
@ -398,8 +396,8 @@ void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
* so get rid of the tunnel pkt only */ * so get rid of the tunnel pkt only */
SCLogDebug("NOT IS_TUNNEL_PKT_VERDICTED (%s) || " SCLogDebug("NOT IS_TUNNEL_PKT_VERDICTED (%s) || "
"outstanding > 0 (%u)", "outstanding > 0 (%u)",
(p->root && IS_TUNNEL_PKT_VERDICTED(p->root)) ? "true" : "false", (p->root && PacketTunnelIsVerdicted(p->root)) ? "true" : "false",
outstanding); outstanding);
/* fall through */ /* fall through */
@ -414,8 +412,8 @@ void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
} }
SCLogDebug("[packet %p][%s] %s", p, SCLogDebug("[packet %p][%s] %s", p,
IS_TUNNEL_PKT(p) ? IS_TUNNEL_ROOT_PKT(p) ? "tunnel::root" : "tunnel::leaf" PacketIsTunnel(p) ? PacketIsTunnelRoot(p) ? "tunnel::root" : "tunnel::leaf"
: "no tunnel", : "no tunnel",
(p->action & ACTION_DROP) ? "DROP" : "no drop"); (p->action & ACTION_DROP) ? "DROP" : "no drop");
/* we're done with the tunnel root now as well */ /* we're done with the tunnel root now as well */

4
src/util-profiling.c
Unescape Escape View File

@ -1125,7 +1125,7 @@ void SCProfilingAddPacket(Packet *p)
pd->tot += delta; pd->tot += delta;
pd->cnt ++; pd->cnt ++;
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
pd = &packet_profile_data4[256]; pd = &packet_profile_data4[256];
if (pd->min == 0 || delta < pd->min) { if (pd->min == 0 || delta < pd->min) {
@ -1161,7 +1161,7 @@ void SCProfilingAddPacket(Packet *p)
pd->tot += delta; pd->tot += delta;
pd->cnt ++; pd->cnt ++;
if (IS_TUNNEL_PKT(p)) { if (PacketIsTunnel(p)) {
pd = &packet_profile_data6[256]; pd = &packet_profile_data6[256];
if (pd->min == 0 || delta < pd->min) { if (pd->min == 0 || delta < pd->min) {

Write Preview
Loading…
Cancel
Save