aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: locking update

Browse Source 
Make DeStateDetectStartDetection get it's own alstate pointer instead
of using the one that was passed to it. We now get and use it only
inside a flow lock.
pull/940/head
Victor Julien 11 years ago
parent 5e1bc99e5b
commit cf31e2cc74
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File

25
src/detect-engine-state.c
Unescape Escape View File

@ -240,13 +240,14 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, Flow *f, uint8_t flags,
void *alstate, AppProto alproto, uint16_t alversion)
AppProto alproto, uint16_t alversion)
{
DetectEngineAppInspectionEngine *engine = NULL;
SigMatch *sm = NULL;
uint16_t file_no_match = 0;
uint32_t inspect_flags = 0;
void *alstate = NULL;
HtpState *htp_state = NULL;
SMBState *smb_state = NULL;
@ -263,12 +264,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
int alert_cnt = 0;
if (alstate == NULL)
goto end;
if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
FLOWLOCK_WRLOCK(f);
alstate = FlowGetAppState(f);
if (alstate == NULL) {
FLOWLOCK_UNLOCK(f);
goto end;
}
if (alproto == ALPROTO_HTTP) {
htp_state = (HtpState *)alstate;
if (htp_state->conn == NULL) {
@ -345,6 +347,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
(alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
alproto == ALPROTO_SMB2))
{
FLOWLOCK_WRLOCK(f);
alstate = FlowGetAppState(f);
if (alstate == NULL) {
FLOWLOCK_UNLOCK(f);
goto end;
}
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_DMATCH);
if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
smb_state = (SMBState *)alstate;
@ -374,6 +383,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
}
FLOWLOCK_UNLOCK(f);
}
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
@ -382,6 +392,11 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
/* RDLOCK would be nicer, but at least tlsstore needs
* write lock currently. */
FLOWLOCK_WRLOCK(f);
alstate = FlowGetAppState(f);
if (alstate == NULL) {
FLOWLOCK_UNLOCK(f);
goto end;
}
for (match = 0; sm != NULL; sm = sm->next) {
match = 0;

4
src/detect-engine-state.h
Unescape Escape View File

@ -162,7 +162,6 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
* \param s Pointer to the signature.
* \param f Pointer to the flow.
* \param flags Flags.
* \param alstate App state.
* \param alproto App protocol.
* \param alversion Current app layer version.
*
@ -171,8 +170,7 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, Flow *f, uint8_t flags,
void *alstate, AppProto alproto,
uint16_t alversion);
AppProto alproto, uint16_t alversion);
/**
* \brief Continue DeState detection of the signatures stored in the state.

2
src/detect.c
Unescape Escape View File

@ -1511,7 +1511,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
* can store the tx_id with the alert */
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s,
p, pflow, flags, alstate, alproto, alversion);
p, pflow, flags, alproto, alversion);
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
if (state_alert == 0)
goto next;

Write Preview
Loading…
Cancel
Save