From e8a59250122008277d759c8c12de258a7ca0ed51 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Sat, 20 Dec 2014 21:30:12 +0100
Subject: [PATCH] ippair: implement basic timeout check

The only user is the xbits subsys, so it's timeout controls all.
---
 src/ippair-bit.c     | 15 +++++++++++++++
 src/ippair-bit.h     |  3 ++-
 src/ippair-timeout.c | 15 +++++++++++++--
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/src/ippair-bit.c b/src/ippair-bit.c
index d24bbf7e7c..014b1d9b26 100644
--- a/src/ippair-bit.c
+++ b/src/ippair-bit.c
@@ -62,6 +62,21 @@ int IPPairHasBits(IPPair *ippair)
     return IPPairGetStorageById(ippair, ippair_bit_id) ? 1 : 0;
 }
 
+/** \retval 1 ippair timed out wrt xbits
+  * \retval 0 ippair still has active (non-expired) xbits */
+int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts)
+{
+    GenericVar *gv = IPPairGetStorageById(h, ippair_bit_id);
+    for ( ; gv != NULL; gv = gv->next) {
+        if (gv->type == DETECT_XBITS) {
+            XBit *xb = (XBit *)gv;
+            if (xb->expire > (uint32_t)ts->tv_sec)
+                return 0;
+        }
+    }
+    return 1;
+}
+
 /* get the bit with idx from the ippair */
 static XBit *IPPairBitGet(IPPair *h, uint16_t idx)
 {
diff --git a/src/ippair-bit.h b/src/ippair-bit.h
index e02f6d42ef..44a0ac469c 100644
--- a/src/ippair-bit.h
+++ b/src/ippair-bit.h
@@ -30,7 +30,8 @@
 void IPPairBitInitCtx(void);
 void IPPairBitRegisterTests(void);
 
-int IPPairHasIPPairBits(IPPair *host);
+int IPPairHasBits(IPPair *host);
+int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts);
 
 void IPPairBitSet(IPPair *, uint16_t, uint32_t);
 void IPPairBitUnset(IPPair *, uint16_t);
diff --git a/src/ippair-timeout.c b/src/ippair-timeout.c
index d1a6a24e0d..1225f82511 100644
--- a/src/ippair-timeout.c
+++ b/src/ippair-timeout.c
@@ -23,6 +23,7 @@
 
 #include "suricata-common.h"
 #include "ippair.h"
+#include "ippair-bit.h"
 
 uint32_t IPPairGetSpareCount(void)
 {
@@ -43,14 +44,24 @@ uint32_t IPPairGetActiveCount(void)
  *  \retval 0 not timed out just yet
  *  \retval 1 fully timed out, lets kill it
  */
-static int IPPairIPPairTimedOut(IPPair *h, struct timeval *ts)
+static int IPPairTimedOut(IPPair *h, struct timeval *ts)
 {
+    int vars = 0;
+
     /** never prune a ippair that is used by a packet
      *  we are currently processing in one of the threads */
     if (SC_ATOMIC_GET(h->use_cnt) > 0) {
         return 0;
     }
 
+    if (IPPairHasBits(h) && IPPairBitsTimedoutCheck(h, ts) == 0) {
+        vars = 1;
+    }
+
+    if (vars) {
+        return 0;
+    }
+
     SCLogDebug("ippair %p timed out", h);
     return 1;
 }
@@ -80,7 +91,7 @@ static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, struct timeva
 
         /* check if the ippair is fully timed out and
          * ready to be discarded. */
-        if (IPPairIPPairTimedOut(h, ts) == 1) {
+        if (IPPairTimedOut(h, ts) == 1) {
             /* remove from the hash */
             if (h->hprev != NULL)
                 h->hprev->hnext = h->hnext;