ruleset: try to fix reloader

engine/tcp.go

@@ -40,8 +40,9 @@ type tcpStreamFactory struct {
 	Logger   Logger
 	Node     *snowflake.Node
 
-	RulesetMutex sync.RWMutex
-	Ruleset      ruleset.Ruleset
+	RulesetMutex   sync.RWMutex
+	Ruleset        ruleset.Ruleset
+	RulesetVersion uint64
 }
 
 func (f *tcpStreamFactory) New(ipFlow, tcpFlow gopacket.Flow, tcp *layers.TCP, ac reassembly.AssemblerContext) reassembly.Stream {
@@ -60,8 +61,11 @@ func (f *tcpStreamFactory) New(ipFlow, tcpFlow gopacket.Flow, tcp *layers.TCP, a
 		Props:    make(analyzer.CombinedPropMap),
 	}
 	f.Logger.TCPStreamNew(f.WorkerID, info)
-	rs := f.currentRuleset()
-	ans := analyzersToTCPAnalyzers(rs.Analyzers(info))
+	rs, version := f.currentRuleset()
+	var ans []analyzer.TCPAnalyzer
+	if rs != nil {
+		ans = analyzersToTCPAnalyzers(rs.Analyzers(info))
+	}
 	// Create entries for each analyzer
 	entries := make([]*tcpStreamEntry, 0, len(ans))
 	for _, a := range ans {
@@ -82,11 +86,12 @@ func (f *tcpStreamFactory) New(ipFlow, tcpFlow gopacket.Flow, tcp *layers.TCP, a
 		})
 	}
 	return &tcpStream{
-		info:          info,
-		virgin:        true,
-		logger:        f.Logger,
-		rulesetSource: f.currentRuleset,
-		activeEntries: entries,
+		info:           info,
+		virgin:         true,
+		logger:         f.Logger,
+		rulesetVersion: version,
+		rulesetSource:  f.currentRuleset,
+		activeEntries:  entries,
 	}
 }
 
@@ -94,23 +99,25 @@ func (f *tcpStreamFactory) UpdateRuleset(r ruleset.Ruleset) error {
 	f.RulesetMutex.Lock()
 	defer f.RulesetMutex.Unlock()
 	f.Ruleset = r
+	f.RulesetVersion++
 	return nil
 }
 
-func (f *tcpStreamFactory) currentRuleset() ruleset.Ruleset {
+func (f *tcpStreamFactory) currentRuleset() (ruleset.Ruleset, uint64) {
 	f.RulesetMutex.RLock()
 	defer f.RulesetMutex.RUnlock()
-	return f.Ruleset
+	return f.Ruleset, f.RulesetVersion
 }
 
 type tcpStream struct {
-	info          ruleset.StreamInfo
-	virgin        bool // true if no packets have been processed
-	logger        Logger
-	rulesetSource func() ruleset.Ruleset
-	activeEntries []*tcpStreamEntry
-	doneEntries   []*tcpStreamEntry
-	lastVerdict   tcpVerdict
+	info           ruleset.StreamInfo
+	virgin         bool // true if no packets have been processed
+	logger         Logger
+	rulesetVersion uint64
+	rulesetSource  func() (ruleset.Ruleset, uint64)
+	activeEntries  []*tcpStreamEntry
+	doneEntries    []*tcpStreamEntry
+	lastVerdict    tcpVerdict
 }
 
 type tcpStreamEntry struct {
@@ -121,7 +128,7 @@ type tcpStreamEntry struct {
 }
 
 func (s *tcpStream) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir reassembly.TCPFlowDirection, nextSeq reassembly.Sequence, start *bool, ac reassembly.AssemblerContext) bool {
-	if len(s.activeEntries) > 0 || s.virgin {
+	if len(s.activeEntries) > 0 || s.virgin || s.rulesetChanged() {
 		// Make sure every stream matches against the ruleset at least once,
 		// even if there are no activeEntries, as the ruleset may have built-in
 		// properties that need to be matched.
@@ -152,12 +159,15 @@ func (s *tcpStream) ReassembledSG(sg reassembly.ScatterGather, ac reassembly.Ass
 		}
 	}
 	ctx := ac.(*tcpContext)
-	if updated || s.virgin {
+	rs, version := s.currentRuleset()
+	rulesetChanged := version != s.rulesetVersion
+	s.rulesetVersion = version
+	if updated || s.virgin || rulesetChanged {
 		s.virgin = false
 		s.logger.TCPStreamPropUpdate(s.info, false)
 		// Match properties against ruleset
 		result := ruleset.MatchResult{Action: ruleset.ActionMaybe}
-		if rs := s.currentRuleset(); rs != nil {
+		if rs != nil {
 			result = rs.Match(s.info)
 		}
 		action := result.Action
@@ -178,13 +188,18 @@ func (s *tcpStream) ReassembledSG(sg reassembly.ScatterGather, ac reassembly.Ass
 	}
 }
 
-func (s *tcpStream) currentRuleset() ruleset.Ruleset {
+func (s *tcpStream) currentRuleset() (ruleset.Ruleset, uint64) {
 	if s.rulesetSource == nil {
-		return nil
+		return nil, s.rulesetVersion
 	}
 	return s.rulesetSource()
 }
 
+func (s *tcpStream) rulesetChanged() bool {
+	_, version := s.currentRuleset()
+	return version != s.rulesetVersion
+}
+
 func (s *tcpStream) ReassemblyComplete(ac reassembly.AssemblerContext) bool {
 	s.closeActiveEntries()
 	return true