next/662/20241207/v1

rust/src/sip/sip.rs

@@ -496,7 +496,6 @@ fn register_pattern_probe(proto: u8) -> i8 {
         "ACK\0",
         "BYE\0",
         "CANCEL\0",
-        "UPDATE\0",
         "REFER\0",
         "PRACK\0",
         "SUBSCRIBE\0",
@@ -526,6 +525,16 @@ fn register_pattern_probe(proto: u8) -> i8 {
             0,
             core::Direction::ToClient as u8,
         );
+        if proto == core::IPPROTO_UDP {
+            r |= AppLayerProtoDetectPMRegisterPatternCS(
+                proto,
+                ALPROTO_SIP,
+                "UPDATE\0".as_ptr() as *const std::os::raw::c_char,
+                "UPDATE".len() as u16,
+                0,
+                core::Direction::ToServer as u8,
+            );
+        }
     }
 
     if r == 0 {

src/flow-manager.c

@@ -500,21 +500,22 @@ static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td, SCTime_t ts, const
  *  \param hash_max upper bound of the row slice
  *  \param counters Flow timeout counters to be passed
  *  \param rows number of rows for this worker unit
- *  \param pos position of the beginning of row slice in the hash table
+ *  \param pos absolute position of the beginning of row slice in the hash table
+ *  \param instance instance id of this FM
  *
  *  \retval number of successfully timed out flows
  */
 static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, SCTime_t ts,
         const uint32_t hash_min, const uint32_t hash_max, FlowTimeoutCounters *counters,
-        const uint32_t rows, uint32_t *pos)
+        const uint32_t rows, uint32_t *pos, const uint32_t instance)
 {
     uint32_t start = 0;
     uint32_t end = 0;
     uint32_t cnt = 0;
     uint32_t rows_left = rows;
 
 again:
-    start = hash_min + (*pos);
+    start = (*pos);
     if (start >= hash_max) {
         start = hash_min;
     }
@@ -525,6 +526,9 @@ static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, SCTime_t t
     *pos = (end == hash_max) ? hash_min : end;
     rows_left = rows_left - (end - start);
 
+    SCLogDebug("instance %u: %u:%u (hash_min %u, hash_max %u *pos %u)", instance, start, end,
+            hash_min, hash_max, *pos);
+
     cnt += FlowTimeoutHash(td, ts, start, end, counters);
     if (rows_left) {
         goto again;
@@ -795,7 +799,7 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
 
     uint32_t emerg_over_cnt = 0;
     uint64_t next_run_ms = 0;
-    uint32_t pos = 0;
+    uint32_t pos = ftd->min;
     uint32_t rows_sec = 0;
     uint32_t rows_per_wu = 0;
     uint64_t sleep_per_wu = 0;
@@ -859,8 +863,8 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
                         rows_per_wu);
 
                 const uint32_t ppos = pos;
-                FlowTimeoutHashInChunks(
-                        &ftd->timeout, ts, ftd->min, ftd->max, &counters, rows_per_wu, &pos);
+                FlowTimeoutHashInChunks(&ftd->timeout, ts, ftd->min, ftd->max, &counters,
+                        rows_per_wu, &pos, ftd->instance);
                 if (ppos > pos) {
                     StatsIncr(th_v, ftd->cnt.flow_mgr_full_pass);
                 }

src/tests/fuzz/fuzz_applayerprotodetectgetproto.c

@@ -9,7 +9,7 @@
 #include "suricata.h"
 #include "app-layer-detect-proto.h"
 #include "flow-util.h"
-#include "app-layer-parser.h"
+#include "app-layer.h"
 #include "util-unittest-helper.h"
 #include "conf-yaml-loader.h"
 
@@ -30,8 +30,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     Flow *f;
     TcpSession ssn;
     bool reverse;
-    AppProto alproto;
-    AppProto alproto2;
 
     if (alpd_tctx == NULL) {
         //global init
@@ -43,9 +41,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         MpmTableSetup();
         SpmTableSetup();
         EngineModeSetIDS();
-        AppLayerProtoDetectSetup();
-        AppLayerParserSetup();
-        AppLayerParserRegisterProtocolParsers();
+        AppLayerSetup();
         alpd_tctx = AppLayerProtoDetectGetCtxThread();
         SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
     }
@@ -68,31 +64,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     if (data[0] & STREAM_TOSERVER) {
         flags = STREAM_TOSERVER;
     }
-    alproto = AppLayerProtoDetectGetProto(
+    AppLayerProtoDetectGetProto(
             alpd_tctx, f, data + HEADER_LEN, size - HEADER_LEN, f->proto, flags, &reverse);
-    if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP) {
-        /* If we find a valid protocol at the start of a stream :
-         * check that with smaller input
-         * we find the same protocol or ALPROTO_UNKNOWN.
-         * Otherwise, we have evasion with TCP splitting
-         */
-        for (size_t i = 0; i < size-HEADER_LEN && i < PROTO_DETECT_MAX_LEN; i++) {
-            // reset detection at each try cf probing_parser_toserver_alproto_masks
-            AppLayerProtoDetectReset(f);
-            alproto2 = AppLayerProtoDetectGetProto(
-                    alpd_tctx, f, data + HEADER_LEN, i, f->proto, flags, &reverse);
-            if (alproto2 != ALPROTO_UNKNOWN && alproto2 != alproto) {
-                printf("Failed with input length %" PRIuMAX " versus %" PRIuMAX
-                       ", found %s instead of %s\n",
-                        (uintmax_t)i, (uintmax_t)size - HEADER_LEN, AppProtoToString(alproto2),
-                        AppProtoToString(alproto));
-                printf("Assertion failure: %s-%s\n", AppProtoToString(alproto2),
-                        AppProtoToString(alproto));
-                fflush(stdout);
-                abort();
-            }
-        }
-    }
     FlowFree(f);
 
     return 0;