aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: locking update

Browse Source 
Make DeStateDetectStartDetection get it's own alstate pointer instead
of using the one that was passed to it. We now get and use it only
inside a flow lock.
pull/940/head
Victor Julien 11 years ago
parent 5e1bc99e5b
commit cf31e2cc74
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File

25
src/detect-engine-state.c
Unescape Escape View File

@ -240,13 +240,14 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, Flow *f, uint8_t flags, Signature *s, Packet *p, Flow *f, uint8_t flags,
void *alstate, AppProto alproto, uint16_t alversion) AppProto alproto, uint16_t alversion)
{ {
DetectEngineAppInspectionEngine *engine = NULL; DetectEngineAppInspectionEngine *engine = NULL;
SigMatch *sm = NULL; SigMatch *sm = NULL;
uint16_t file_no_match = 0; uint16_t file_no_match = 0;
uint32_t inspect_flags = 0; uint32_t inspect_flags = 0;
void *alstate = NULL;
HtpState *htp_state = NULL; HtpState *htp_state = NULL;
SMBState *smb_state = NULL; SMBState *smb_state = NULL;
@ -263,12 +264,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
int alert_cnt = 0; int alert_cnt = 0;
if (alstate == NULL)
goto end;
if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) { if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
FLOWLOCK_WRLOCK(f); FLOWLOCK_WRLOCK(f);
alstate = FlowGetAppState(f);
if (alstate == NULL) {
FLOWLOCK_UNLOCK(f);
goto end;
}
if (alproto == ALPROTO_HTTP) { if (alproto == ALPROTO_HTTP) {
htp_state = (HtpState *)alstate; htp_state = (HtpState *)alstate;
if (htp_state->conn == NULL) { if (htp_state->conn == NULL) {
@ -345,6 +347,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
(alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB || (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
alproto == ALPROTO_SMB2)) alproto == ALPROTO_SMB2))
{ {
FLOWLOCK_WRLOCK(f);
alstate = FlowGetAppState(f);
if (alstate == NULL) {
FLOWLOCK_UNLOCK(f);
goto end;
}
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_DMATCH); KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_DMATCH);
if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) { if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
smb_state = (SMBState *)alstate; smb_state = (SMBState *)alstate;
@ -374,6 +383,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
} }
} }
FLOWLOCK_UNLOCK(f);
} }
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH); KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
@ -382,6 +392,11 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
/* RDLOCK would be nicer, but at least tlsstore needs /* RDLOCK would be nicer, but at least tlsstore needs
* write lock currently. */ * write lock currently. */
FLOWLOCK_WRLOCK(f); FLOWLOCK_WRLOCK(f);
alstate = FlowGetAppState(f);
if (alstate == NULL) {
FLOWLOCK_UNLOCK(f);
goto end;
}
for (match = 0; sm != NULL; sm = sm->next) { for (match = 0; sm != NULL; sm = sm->next) {
match = 0; match = 0;

4
src/detect-engine-state.h
Unescape Escape View File

@ -162,7 +162,6 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
* \param s Pointer to the signature. * \param s Pointer to the signature.
* \param f Pointer to the flow. * \param f Pointer to the flow.
* \param flags Flags. * \param flags Flags.
* \param alstate App state.
* \param alproto App protocol. * \param alproto App protocol.
* \param alversion Current app layer version. * \param alversion Current app layer version.
* *
@ -171,8 +170,7 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, uint16_t alversion
int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, Flow *f, uint8_t flags, Signature *s, Packet *p, Flow *f, uint8_t flags,
void *alstate, AppProto alproto, AppProto alproto, uint16_t alversion);
uint16_t alversion);
/** /**
* \brief Continue DeState detection of the signatures stored in the state. * \brief Continue DeState detection of the signatures stored in the state.

2
src/detect.c
Unescape Escape View File

@ -1511,7 +1511,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
* can store the tx_id with the alert */ * can store the tx_id with the alert */
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s, state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s,
p, pflow, flags, alstate, alproto, alversion); p, pflow, flags, alproto, alversion);
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
if (state_alert == 0) if (state_alert == 0)
goto next; goto next;

Write Preview
Loading…
Cancel
Save