From adcaa459c9e538eaa94fea75e260df7cbd185bfa Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Thu, 6 Apr 2023 10:27:38 -0700 Subject: [PATCH 1/2] Add is_processing_suspended BIF --- src/zeek.bif | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/zeek.bif b/src/zeek.bif index 3ff3bfd8ef..5684d7fac5 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -5387,6 +5387,7 @@ function is_remote_event%(%) : bool ## (*pseudo-realtime* mode). ## ## .. zeek:see:: continue_processing +## is_processing_suspended function suspend_processing%(%) : any %{ zeek::run_state::suspend_processing(); @@ -5396,12 +5397,22 @@ function suspend_processing%(%) : any ## Resumes Zeek's packet processing. ## ## .. zeek:see:: suspend_processing +## is_processing_suspended function continue_processing%(%) : any %{ zeek::run_state::continue_processing(); return nullptr; %} +## Returns whether or not processing is currently suspended. +## +## .. zeek:see:: suspend_processing +## continue_processing +function is_processing_suspended%(%): bool + %{ + return zeek::val_mgr->Bool(zeek::run_state::is_processing_suspended()); + %} + # =========================================================================== # # Internal Functions @@ -5738,4 +5749,3 @@ function have_spicy_analyzers%(%) : bool %{ return zeek::val_mgr->Bool(USE_SPICY_ANALYZERS); %} - From 95b6069c6ed4d7bb308950d7b1cf4a837f8e49b1 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Thu, 6 Apr 2023 10:20:23 -0700 Subject: [PATCH 2/2] Fix a long-standing bug in the math around continue_processing --- src/RunState.cc | 5 +-- .../output | 6 ++++ .../suspend_processing/suspension-stack.zeek | 31 +++++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/core.suspend_processing.suspension-stack/output create mode 100644 testing/btest/core/suspend_processing/suspension-stack.zeek diff --git a/src/RunState.cc b/src/RunState.cc index 19cc97c0de..0e9cddad91 100644 --- a/src/RunState.cc +++ b/src/RunState.cc @@ -527,12 +527,13 @@ void continue_processing() detail::current_wallclock = util::current_time(true); } - --_processing_suspended; + if ( _processing_suspended > 0 ) + --_processing_suspended; } bool is_processing_suspended() { - return _processing_suspended; + return _processing_suspended > 0; } } // namespace zeek::run_state diff --git a/testing/btest/Baseline/core.suspend_processing.suspension-stack/output b/testing/btest/Baseline/core.suspend_processing.suspension-stack/output new file mode 100644 index 0000000000..fdfd3de834 --- /dev/null +++ b/testing/btest/Baseline/core.suspend_processing.suspension-stack/output @@ -0,0 +1,6 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +F +F +T +F +F diff --git a/testing/btest/core/suspend_processing/suspension-stack.zeek b/testing/btest/core/suspend_processing/suspension-stack.zeek new file mode 100644 index 0000000000..b2ad068e61 --- /dev/null +++ b/testing/btest/core/suspend_processing/suspension-stack.zeek @@ -0,0 +1,31 @@ +# @TEST-DOC: Test that chains of suspend_processing/continue_processing report the correct suspension status +# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: btest-diff output + +event zeek_init() +{ +# Paired suspend/continue should unsuspend. +suspend_processing(); +continue_processing(); +print is_processing_suspended(); # F + +# Another continue after unsuspending shouldn't cause it to be suspended. +continue_processing(); +print is_processing_suspended(); # F + +# Test suspend "stack" by suspending twice +suspend_processing(); +suspend_processing(); + +# First continue should still be suspended +continue_processing(); +print is_processing_suspended(); # T + +# Second continue should break the suspension +continue_processing(); +print is_processing_suspended(); # F + +# Third continue should still be marked as not suspended. +continue_processing(); +print is_processing_suspended(); # F +}