ruleset: try to fix reloader
This commit is contained in:
@@ -41,8 +41,9 @@ type udpStreamFactory struct {
|
||||
Logger Logger
|
||||
Node *snowflake.Node
|
||||
|
||||
RulesetMutex sync.RWMutex
|
||||
Ruleset ruleset.Ruleset
|
||||
RulesetMutex sync.RWMutex
|
||||
Ruleset ruleset.Ruleset
|
||||
RulesetVersion uint64
|
||||
}
|
||||
|
||||
func (f *udpStreamFactory) New(ipFlow, udpFlow gopacket.Flow, udp *layers.UDP, uc *udpContext) *udpStream {
|
||||
@@ -60,8 +61,11 @@ func (f *udpStreamFactory) New(ipFlow, udpFlow gopacket.Flow, udp *layers.UDP, u
|
||||
Props: make(analyzer.CombinedPropMap),
|
||||
}
|
||||
f.Logger.UDPStreamNew(f.WorkerID, info)
|
||||
rs := f.currentRuleset()
|
||||
ans := analyzersToUDPAnalyzers(rs.Analyzers(info))
|
||||
rs, version := f.currentRuleset()
|
||||
var ans []analyzer.UDPAnalyzer
|
||||
if rs != nil {
|
||||
ans = analyzersToUDPAnalyzers(rs.Analyzers(info))
|
||||
}
|
||||
// Create entries for each analyzer
|
||||
entries := make([]*udpStreamEntry, 0, len(ans))
|
||||
for _, a := range ans {
|
||||
@@ -82,11 +86,12 @@ func (f *udpStreamFactory) New(ipFlow, udpFlow gopacket.Flow, udp *layers.UDP, u
|
||||
})
|
||||
}
|
||||
return &udpStream{
|
||||
info: info,
|
||||
virgin: true,
|
||||
logger: f.Logger,
|
||||
rulesetSource: f.currentRuleset,
|
||||
activeEntries: entries,
|
||||
info: info,
|
||||
virgin: true,
|
||||
logger: f.Logger,
|
||||
rulesetVersion: version,
|
||||
rulesetSource: f.currentRuleset,
|
||||
activeEntries: entries,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -94,13 +99,14 @@ func (f *udpStreamFactory) UpdateRuleset(r ruleset.Ruleset) error {
|
||||
f.RulesetMutex.Lock()
|
||||
defer f.RulesetMutex.Unlock()
|
||||
f.Ruleset = r
|
||||
f.RulesetVersion++
|
||||
return nil
|
||||
}
|
||||
|
||||
func (f *udpStreamFactory) currentRuleset() ruleset.Ruleset {
|
||||
func (f *udpStreamFactory) currentRuleset() (ruleset.Ruleset, uint64) {
|
||||
f.RulesetMutex.RLock()
|
||||
defer f.RulesetMutex.RUnlock()
|
||||
return f.Ruleset
|
||||
return f.Ruleset, f.RulesetVersion
|
||||
}
|
||||
|
||||
type udpStreamManager struct {
|
||||
@@ -187,13 +193,14 @@ func (m *udpStreamManager) findByFlow(ipFlow, udpFlow gopacket.Flow) (key uint32
|
||||
}
|
||||
|
||||
type udpStream struct {
|
||||
info ruleset.StreamInfo
|
||||
virgin bool // true if no packets have been processed
|
||||
logger Logger
|
||||
rulesetSource func() ruleset.Ruleset
|
||||
activeEntries []*udpStreamEntry
|
||||
doneEntries []*udpStreamEntry
|
||||
lastVerdict udpVerdict
|
||||
info ruleset.StreamInfo
|
||||
virgin bool // true if no packets have been processed
|
||||
logger Logger
|
||||
rulesetVersion uint64
|
||||
rulesetSource func() (ruleset.Ruleset, uint64)
|
||||
activeEntries []*udpStreamEntry
|
||||
doneEntries []*udpStreamEntry
|
||||
lastVerdict udpVerdict
|
||||
}
|
||||
|
||||
type udpStreamEntry struct {
|
||||
@@ -204,7 +211,7 @@ type udpStreamEntry struct {
|
||||
}
|
||||
|
||||
func (s *udpStream) Accept(udp *layers.UDP, rev bool, uc *udpContext) bool {
|
||||
if len(s.activeEntries) > 0 || s.virgin {
|
||||
if len(s.activeEntries) > 0 || s.virgin || s.rulesetChanged() {
|
||||
// Make sure every stream matches against the ruleset at least once,
|
||||
// even if there are no activeEntries, as the ruleset may have built-in
|
||||
// properties that need to be matched.
|
||||
@@ -229,12 +236,15 @@ func (s *udpStream) Feed(udp *layers.UDP, rev bool, uc *udpContext) {
|
||||
s.doneEntries = append(s.doneEntries, entry)
|
||||
}
|
||||
}
|
||||
if updated || s.virgin {
|
||||
rs, version := s.currentRuleset()
|
||||
rulesetChanged := version != s.rulesetVersion
|
||||
s.rulesetVersion = version
|
||||
if updated || s.virgin || rulesetChanged {
|
||||
s.virgin = false
|
||||
s.logger.UDPStreamPropUpdate(s.info, false)
|
||||
// Match properties against ruleset
|
||||
result := ruleset.MatchResult{Action: ruleset.ActionMaybe}
|
||||
if rs := s.currentRuleset(); rs != nil {
|
||||
if rs != nil {
|
||||
result = rs.Match(s.info)
|
||||
}
|
||||
action := result.Action
|
||||
@@ -273,13 +283,18 @@ func (s *udpStream) Feed(udp *layers.UDP, rev bool, uc *udpContext) {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *udpStream) currentRuleset() ruleset.Ruleset {
|
||||
func (s *udpStream) currentRuleset() (ruleset.Ruleset, uint64) {
|
||||
if s.rulesetSource == nil {
|
||||
return nil
|
||||
return nil, s.rulesetVersion
|
||||
}
|
||||
return s.rulesetSource()
|
||||
}
|
||||
|
||||
func (s *udpStream) rulesetChanged() bool {
|
||||
_, version := s.currentRuleset()
|
||||
return version != s.rulesetVersion
|
||||
}
|
||||
|
||||
func (s *udpStream) Close() {
|
||||
s.closeActiveEntries()
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user