detect: inspect all packets in multi-layer tunneling

When the decoders encounter multiple layers of tunneling, multiple tunnel packets are created. These are then stored in ThreadVars::decode_pq, where they are processed after the current thread "slot" is done. However, due to a logic error, the tunnel packets after the first, where not called for the correct position in the packet pipeline. This would lead to these packets not going through the FlowWorker module, so skipping everything from flow tracking, detection and logging. This would only happen for single and workers, due to how the pipelines are constructed. This patch addresses the issue by making sure only a "decode" thread slot will service the ThreadVars::decode_pq. Bug: OISF#6402.
victorjulien · Oct 13, 2023 · d79492b · d79492b
1 parent b5b5abe
commit d79492b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/src/tm-threads.c b/src/tm-threads.c
@@ -142,9 +142,11 @@ TmEcode TmThreadsSlotVarRun(ThreadVars *tv, Packet *p, TmSlot *slot)
             TmThreadsSlotProcessPktFail(tv, s, NULL);
             return TM_ECODE_FAILED;
         }
-
-        if (TmThreadsProcessDecodePseudoPackets(tv, &tv->decode_pq, s->slot_next) != TM_ECODE_OK) {
-            return TM_ECODE_FAILED;
+        if (s->tm_flags & TM_FLAG_DECODE_TM) {
+            if (TmThreadsProcessDecodePseudoPackets(tv, &tv->decode_pq, s->slot_next) !=
+                    TM_ECODE_OK) {
+                return TM_ECODE_FAILED;
+            }
         }
     }
 
@@ -661,6 +663,7 @@ void TmSlotSetFuncAppend(ThreadVars *tv, TmModule *tm, const void *data)
     /* we don't have to check for the return value "-1".  We wouldn't have
      * received a TM as arg, if it didn't exist */
     slot->tm_id = TmModuleGetIDForTM(tm);
+    slot->tm_flags |= tm->flags;
 
     tv->tmm_flags |= tm->flags;
     tv->cap_flags |= tm->cap_flags;

diff --git a/src/tm-threads.h b/src/tm-threads.h
@@ -63,14 +63,18 @@ typedef struct TmSlot_ {
 
     SC_ATOMIC_DECLARE(void *, slot_data);
 
+    /** copy of the TmModule::flags */
+    uint8_t tm_flags;
+
+    /* store the thread module id */
+    int tm_id;
+
     TmEcode (*SlotThreadInit)(ThreadVars *, const void *, void **);
     void (*SlotThreadExitPrintStats)(ThreadVars *, void *);
     TmEcode (*SlotThreadDeinit)(ThreadVars *, void *);
 
     /* data storage */
     const void *slot_initdata;
-    /* store the thread module id */
-    int tm_id;
 
 } TmSlot;