[Oisf-devel] 答复: A thread-sync issue in suricata

Tue Nov 11 14:21:25 UTC 2014

Hi,

In workers all the init functions are run first and then the actual
module callbacks in the loop.

Even in non-worker modes, when they are in separate threads, we make
sure that at startup, we pause all threads, till all threads are
through their init phase, and only then unpause all of them, which
initiates the processing per thread.

On Fri, Nov 7, 2014 at 1:29 PM, 李志强1(研七 福州) <lizhiqiang at ruijie.com.cn> wrote:
> Hi,  is there any solution for this problem?
>
>
>
> 发件人: 李志强1(研七 福州)
> 发送时间: 2014年11月5日 11:52
> 收件人: 'oisf-devel at lists.openinfosecfoundation.org'
> 主题: A thread-sync issue in suricata
>
>
>
> When I review the code of suricata-2.0.1, I found there is a thread-sync
> issue for streamTcp module.
>
> The config of streamTcp parsed at function StreamTcpInitConfig in
> Suricata-Main.
>
> Bug streamTcp tread init at function StreamTcpThreadInit in capture-Thread,
> such as AFPacketeth21.
>
> If capture-thread run first after spawning, It will lead to streamTcp don’t
> prealloc any sessions.
>
> This issue don’t affect the function, but I think it will reduce performance
> when process tcp flow.
>
>
>
> Here is the details:
>
>
>
> 1.       my configuration:
>
> My config in suricata.yaml is running with workers mode and use af-packet to
> capture packets.
>
>
>
> 2.       StreamTcpThreadInit is called after thread spawn, it will prealloc
> tcpsessions through PoolInit, here is the gdb stack trace:
>
>
>
> #0  PoolInit (size=0, prealloc_size=0, elt_size=192, Alloc=0x50ea30
> <StreamTcpSessionPoolAlloc>, Init=0x50e680 <StreamTcpSessionPoolInit>,
> InitData=0x0,
>
>     Cleanup=0x50e730 <StreamTcpSessionPoolCleanup>, Free=0) at
> util-pool.c:85
>
> #1  0x0000000000568b7c in PoolThreadGrow (pt=<optimized out>, size=0,
> prealloc_size=0, elt_size=192, Alloc=0x50ea30 <StreamTcpSessionPoolAlloc>,
>
>     Init=0x50e680 <StreamTcpSessionPoolInit>, InitData=0x0, Cleanup=0x50e730
> <StreamTcpSessionPoolCleanup>, Free=0) at util-pool-thread.c:116
>
> #2  0x000000000050e13c in StreamTcpThreadInit (tv=0x266655e0,
> initdata=<optimized out>, data=<optimized out>) at stream-tcp.c:4600
>
> #3  0x0000000000525480 in TmThreadsSlotPktAcqLoop (td=0x266655e0) at
> tm-threads.c:669
>
> #4  0x00007ffff6f2ae9a in start_thread () from
> /lib/x86_64-linux-gnu/libpthread.so.0
>
> #5  0x00007ffff67f93fd in clone () from /lib/x86_64-linux-gnu/libc.so.6
>
> #6  0x0000000000000000 in ?? ()
>
>
>
> You will sess the prealloc_size is 0 even in my suricata.yaml it set to
> 50000.
>
> stream:
>
>    memcap: 1gb
>
>    checksum-validation: yes      # reject wrong csums
>
>    midstream: false
>
>   prealloc-sessions: 50000
>
>
>
> 3.       StreamTcpInitConfig is called in main thread after spawn the
> capture thread:
>
> Breakpoint 2, StreamTcpInitConfig (quiet=0 '\000') at stream-tcp.c:341
>
> 341  {
>
> (gdb) bt
>
> #0  StreamTcpInitConfig (quiet=0 '\000') at stream-tcp.c:341
>
> #1  0x0000000000410d70 in main (argc=<optimized out>, argv=<optimized out>)
> at suricata.c:2249
>
>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/

-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------