From cf31e2cc74da5280b2be64f79db8e8f78acf18a6 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 15 Apr 2014 11:18:47 +0200 Subject: [PATCH] detect: locking update Make DeStateDetectStartDetection get it's own alstate pointer instead of using the one that was passed to it. We now get and use it only inside a flow lock. --- src/detect-engine-state.c | 25 ++++++++++++++++++++----- src/detect-engine-state.h | 4 +--- src/detect.c | 2 +- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index a86c6b5319..0b1ed1204e 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -240,13 +240,14 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Packet *p, Flow *f, uint8_t flags, - void *alstate, AppProto alproto, uint16_t alversion) + AppProto alproto, uint16_t alversion) { DetectEngineAppInspectionEngine *engine = NULL; SigMatch *sm = NULL; uint16_t file_no_match = 0; uint32_t inspect_flags = 0; + void *alstate = NULL; HtpState *htp_state = NULL; SMBState *smb_state = NULL; @@ -263,12 +264,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, int alert_cnt = 0; - if (alstate == NULL) - goto end; - if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) { FLOWLOCK_WRLOCK(f); - + alstate = FlowGetAppState(f); + if (alstate == NULL) { + FLOWLOCK_UNLOCK(f); + goto end; + } if (alproto == ALPROTO_HTTP) { htp_state = (HtpState *)alstate; if (htp_state->conn == NULL) { @@ -345,6 +347,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2)) { + FLOWLOCK_WRLOCK(f); + alstate = FlowGetAppState(f); + if (alstate == NULL) { + FLOWLOCK_UNLOCK(f); + goto end; + } + KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_DMATCH); if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) { smb_state = (SMBState *)alstate; @@ -374,6 +383,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } } + FLOWLOCK_UNLOCK(f); } KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH); @@ -382,6 +392,11 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, /* RDLOCK would be nicer, but at least tlsstore needs * write lock currently. */ FLOWLOCK_WRLOCK(f); + alstate = FlowGetAppState(f); + if (alstate == NULL) { + FLOWLOCK_UNLOCK(f); + goto end; + } for (match = 0; sm != NULL; sm = sm->next) { match = 0; diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h index 1e47dd462d..46a81e63de 100644 --- a/src/detect-engine-state.h +++ b/src/detect-engine-state.h @@ -162,7 +162,6 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion * \param s Pointer to the signature. * \param f Pointer to the flow. * \param flags Flags. - * \param alstate App state. * \param alproto App protocol. * \param alversion Current app layer version. * @@ -171,8 +170,7 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Packet *p, Flow *f, uint8_t flags, - void *alstate, AppProto alproto, - uint16_t alversion); + AppProto alproto, uint16_t alversion); /** * \brief Continue DeState detection of the signatures stored in the state. diff --git a/src/detect.c b/src/detect.c index f569207c5a..5baf359a25 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1511,7 +1511,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh * can store the tx_id with the alert */ PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s, - p, pflow, flags, alstate, alproto, alversion); + p, pflow, flags, alproto, alversion); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL); if (state_alert == 0) goto next;