Feature/http range/v23 #6312
Feature/http range/v23 #6312
Conversation
Compares two buffers with their two sizes
adds a container, ie a thread safe hash table whose key is the filename keep a tree of unordered ranges, up to a memcap limit adds HTPFileOpenWithRange to handle like HTPFileOpen if there is a range : open 2 files, one for the whole reassembled, and one only for the current range
Simplify locking by using the THashData lock instead of a separate range lock. Avoid size_t in function arguments. Clean up file handling functions. Implement handling of alloc errors. Rename yaml entry to byterange Unify public api naming
Better structure design to ensure that one flow maximum is owning and appending into the file, adding fileOwning field. Adds also a gap field in a range buffer, so that we can feed the gap on closing, when we are protected from concurrency by a lock, (lock which got removed in the append path) Fixes memcap when encountering a duplicate while inserting in red and black tree Adds many comments
catenacyber
force-pushed
the
feature/http-range/v23
branch
2 times, most recently
from
b46d128 to
75ce5e6
Compare
| @@ -438,6 +458,7 @@ File *HttpRangeClose(HttpRangeContainerBlock *c, uint16_t flags) | |||
| HTTP_RANGES_RB_INSERT(&c->container->fragment_tree, c->current); | |||
| if (res) { | |||
| SCLogDebug("duplicate range fragment"); | |||
| (void)SC_ATOMIC_SUB(ContainerUrlRangeList.ht->memuse, c->current->buflen); | |||
There was a problem hiding this comment.
@victorjulien is this correct ?
Everywhere else we SCFree(*->buffer), we diminish the memcap
There was a problem hiding this comment.
I don't understand the question. We update the memcap on this free, right?
There was a problem hiding this comment.
We update the memcap on this free, right?
I added this in this latest PR.
It was not there before
There was a problem hiding this comment.
Gotcha. This is why I don't like updates to existing PRs btw.
|
I added last commit because CI failed quickly while rebasing S-V PR... |
|
Left TODO : implement for HTTP2 |
Codecov Report
@@ Coverage Diff @@
## master #6312 +/- ##
==========================================
- Coverage 76.95% 76.93% -0.03%
==========================================
Files 611 612 +1
Lines 185955 186368 +413
==========================================
+ Hits 143102 143378 +276
- Misses 42853 42990 +137
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 3934 |
| uint16_t flags; | ||
| /** wether a HttpRangeContainerBlock is currently | ||
| owning the FileContainer in order to append to the file */ | ||
| bool fileOwned; |
There was a problem hiding this comment.
removed in next PR
| /** pointer to the main file container, where to directly append data */ | ||
| HttpRangeContainerFile *container; | ||
| /** we own the container's file for now */ | ||
| bool fileOwning; |
There was a problem hiding this comment.
removed in next PR
| @@ -438,6 +458,7 @@ File *HttpRangeClose(HttpRangeContainerBlock *c, uint16_t flags) | |||
| HTTP_RANGES_RB_INSERT(&c->container->fragment_tree, c->current); | |||
| if (res) { | |||
| SCLogDebug("duplicate range fragment"); | |||
| (void)SC_ATOMIC_SUB(ContainerUrlRangeList.ht->memuse, c->current->buflen); | |||
There was a problem hiding this comment.
I don't understand the question. We update the memcap on this free, right?
| * As this belongs to a flow, appending data to it is ensured to be thread-safe | ||
| * Only one block per file has the pointer to the container | ||
| */ | ||
| typedef struct HttpRangeContainerBlock { |
There was a problem hiding this comment.
after our conversation the other day I expected a FileContainer pointer to be here, where the flow handling the in-order chunk would move the FileContainer pointer into this block and return it to the flow on close.
There was a problem hiding this comment.
I had understood a FileContainer pointer or a boolean...
Switching to the FileContainer pointer then ;-)
| DEBUG_VALIDATE_BUG_ON(c->container->files == NULL); | ||
| if (data == NULL) { | ||
| // gap overlaping already known data | ||
| r = FileAppendData(c->container->files, NULL, len - c->toskip); |
There was a problem hiding this comment.
it looks like this is accessed w/o a lock in the HTPFileStoreChunk path. It may work due to c->fileOwning, but I'm not happy with this setup. I don't want to see any access of a shared data structure w/o holding a lock.
Like I wrote in another comment, I thought the idea was to move c->container->files into HttpRangeContainerBlock for the flow handling the in-order chunk. That way we can append to it w/o needing to access the shared data at c->container
There was a problem hiding this comment.
Reworking with the FileContainer pointer from comment above
|
Replaced by #6331 |
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/1576
Describe changes:
suricata-verify-pr: 517
OISF/suricata-verify#517
Continues #6308 :
SC_ATOMIC_SUBfor memcap whenHTTP_RANGES_RB_INSERTfinds a duplicate. Is it right ? (it looked strange to havefreeand not diminishing the memcap)HTPFileStoreChunkfileOwningfield to showHttpRangeAppendDatato append not as a default case, but only iffileOwningis set, and asserting that the default case is the last case remainingfiles->tail->sizeeverywhere but alastsizefield who gets synced when we have the ownership offilesFor testing : https://github.com/jasonish/suricata-http-range-test