suricata/src/flow-util.h

/* Copyright (C) 2007-2012 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 */

#ifndef __FLOW_UTIL_H__
#define __FLOW_UTIL_H__

#include "detect-engine-state.h"
#include "tmqh-flow.h"

#define COPY_TIMESTAMP(src,dst) ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)

#ifdef DEBUG
#define RESET_COUNTERS(f) do { \
        (f)->todstpktcnt = 0; \
        (f)->tosrcpktcnt = 0; \
        (f)->bytecnt = 0; \
    } while (0)
#else
#define RESET_COUNTERS(f)
#endif

#define FLOW_INITIALIZE(f) do { \
        (f)->sp = 0; \
        (f)->dp = 0; \
        SC_ATOMIC_INIT((f)->use_cnt); \
        (f)->probing_parser_toserver_al_proto_masks = 0; \
        (f)->probing_parser_toclient_al_proto_masks = 0; \
        (f)->flags = 0; \
        (f)->lastts_sec = 0; \
        FLOWLOCK_INIT((f)); \
        (f)->protoctx = NULL; \
        (f)->alproto = 0; \
        (f)->de_ctx_id = 0; \
        (f)->alparser = NULL; \
        (f)->alstate = NULL; \
        (f)->de_state = NULL; \
        (f)->sgh_toserver = NULL; \
        (f)->sgh_toclient = NULL; \
        (f)->flowvar = NULL; \
        SCMutexInit(&(f)->de_state_m, NULL); \
        (f)->hnext = NULL; \
        (f)->hprev = NULL; \
        (f)->lnext = NULL; \
        (f)->lprev = NULL; \
        SC_ATOMIC_INIT((f)->autofp_tmqh_flow_qid);  \
        (void) SC_ATOMIC_SET((f)->autofp_tmqh_flow_qid, -1);  \
        RESET_COUNTERS((f)); \
    } while (0)

/** \brief macro to recycle a flow before it goes into the spare queue for reuse.
 *
 *  Note that the lnext, lprev, hnext, hprev fields are untouched, those are
 *  managed by the queueing code. Same goes for fb (FlowBucket ptr) field.
 */
#define FLOW_RECYCLE(f) do { \
        (f)->sp = 0; \
        (f)->dp = 0; \
        SC_ATOMIC_RESET((f)->use_cnt); \
        (f)->probing_parser_toserver_al_proto_masks = 0; \
        (f)->probing_parser_toclient_al_proto_masks = 0; \
        (f)->flags = 0; \
        (f)->lastts_sec = 0; \
        (f)->protoctx = NULL; \
        FlowCleanupAppLayer((f)); \
        (f)->alparser = NULL; \
        (f)->alstate = NULL; \
        (f)->alproto = 0; \
        (f)->de_ctx_id = 0; \
        if ((f)->de_state != NULL) { \
            DetectEngineStateReset((f)->de_state, (STREAM_TOSERVER | STREAM_TOCLIENT)); \
        } \
        (f)->sgh_toserver = NULL; \
        (f)->sgh_toclient = NULL; \
        GenericVarFree((f)->flowvar); \
        (f)->flowvar = NULL; \
        if (SC_ATOMIC_GET((f)->autofp_tmqh_flow_qid) != -1) {   \
            (void) SC_ATOMIC_SET((f)->autofp_tmqh_flow_qid, -1);   \
        }                                       \
        RESET_COUNTERS((f)); \
    } while(0)

#define FLOW_DESTROY(f) do { \
        SC_ATOMIC_DESTROY((f)->use_cnt); \
        \
        FLOWLOCK_DESTROY((f)); \
        FlowCleanupAppLayer((f)); \
        if ((f)->de_state != NULL) { \
            DetectEngineStateFree((f)->de_state); \
        } \
        GenericVarFree((f)->flowvar); \
        SCMutexDestroy(&(f)->de_state_m); \
        SC_ATOMIC_DESTROY((f)->autofp_tmqh_flow_qid);   \
    } while(0)

/** \brief check if a memory alloc would fit in the memcap
 *
 *  \param size memory allocation size to check
 *
 *  \retval 1 it fits
 *  \retval 0 no fit
 */
#define FLOW_CHECK_MEMCAP(size) \
    ((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= flow_config.memcap))

Flow *FlowAlloc(void);
Flow *FlowAllocDirect(void);
void FlowFree(Flow *);
uint8_t FlowGetProtoMapping(uint8_t);
void FlowInit(Flow *, Packet *);

#endif /* __FLOW_UTIL_H__ */
flow engine: improve scalability Major redesign of the flow engine. Remove the flow queues that turned out to be major choke points when using many threads. Flow manager now walks the hash table directly. Simplify the way we get a new flow in case of emergency. 13 years ago			`/* Copyright (C) 2007-2012 Open Information Security Foundation`
Import of GPLv2 Header 050410 15 years ago			`*`
			`* You can copy, redistribute or modify this Program under the terms of`
			`* the GNU General Public License version 2 as published by the Free`
			`* Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* version 2 along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA`
			`* 02110-1301, USA.`
			`*/`

			`/**`
			`* \file`
			`*`
			`* \author Victor Julien <victor@inliniac.net>`
			`*/`
Initial add of the files. 17 years ago
			`#ifndef __FLOW_UTIL_H__`
			`#define __FLOW_UTIL_H__`

update ssl parser test. Some minor indentation changes 14 years ago			`#include "detect-engine-state.h"`
support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well 13 years ago			`#include "tmqh-flow.h"`
update ssl parser test. Some minor indentation changes 14 years ago
Initial add of the files. 17 years ago			`#define COPY_TIMESTAMP(src,dst) ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)`

Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`#ifdef DEBUG`
			`#define RESET_COUNTERS(f) do { \`
			`(f)->todstpktcnt = 0; \`
			`(f)->tosrcpktcnt = 0; \`
			`(f)->bytecnt = 0; \`
			`} while (0)`
			`#else`
			`#define RESET_COUNTERS(f)`
			`#endif`

Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`#define FLOW_INITIALIZE(f) do { \`
			`(f)->sp = 0; \`
			`(f)->dp = 0; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`SC_ATOMIC_INIT((f)->use_cnt); \`
Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 13 years ago			`(f)->probing_parser_toserver_al_proto_masks = 0; \`
			`(f)->probing_parser_toclient_al_proto_masks = 0; \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`(f)->flags = 0; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`(f)->lastts_sec = 0; \`
flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default. 13 years ago			`FLOWLOCK_INIT((f)); \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`(f)->protoctx = NULL; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`(f)->alproto = 0; \`
Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 13 years ago			`(f)->de_ctx_id = 0; \`
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes. 13 years ago			`(f)->alparser = NULL; \`
			`(f)->alstate = NULL; \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`(f)->de_state = NULL; \`
			`(f)->sgh_toserver = NULL; \`
			`(f)->sgh_toclient = NULL; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`(f)->flowvar = NULL; \`
			`SCMutexInit(&(f)->de_state_m, NULL); \`
			`(f)->hnext = NULL; \`
			`(f)->hprev = NULL; \`
Undo changes from 88b8f15663076560b2237e6d8b8cae7e23d92bb6. Atomic stack implementation had a-b-a problem. 13 years ago			`(f)->lnext = NULL; \`
			`(f)->lprev = NULL; \`
flow: fix atomic var not being initialized and destroyed. 13 years ago			`SC_ATOMIC_INIT((f)->autofp_tmqh_flow_qid); \`
cleaning: fix warning when building with clang. clang was issuing some warnings related to unused return in function. This patch adds some needed error treatment and ignore the rest of the warnings by adding a cast to void. 13 years ago			`(void) SC_ATOMIC_SET((f)->autofp_tmqh_flow_qid, -1); \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`RESET_COUNTERS((f)); \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`} while (0)`

Fix segv conditions caused by broken flow cleanup code. 15 years ago			`/** \brief macro to recycle a flow before it goes into the spare queue for reuse.`
			`*`
			`* Note that the lnext, lprev, hnext, hprev fields are untouched, those are`
			`* managed by the queueing code. Same goes for fb (FlowBucket ptr) field.`
			`*/`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`#define FLOW_RECYCLE(f) do { \`
			`(f)->sp = 0; \`
			`(f)->dp = 0; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`SC_ATOMIC_RESET((f)->use_cnt); \`
Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 13 years ago			`(f)->probing_parser_toserver_al_proto_masks = 0; \`
			`(f)->probing_parser_toclient_al_proto_masks = 0; \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`(f)->flags = 0; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`(f)->lastts_sec = 0; \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`(f)->protoctx = NULL; \`
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes. 13 years ago			`FlowCleanupAppLayer((f)); \`
			`(f)->alparser = NULL; \`
			`(f)->alstate = NULL; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`(f)->alproto = 0; \`
Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 13 years ago			`(f)->de_ctx_id = 0; \`
Fix for bug 186 and thresholding issue handling ip versions 15 years ago			`if ((f)->de_state != NULL) { \`
Transaction engine redesigned. Improved accuracy, improved performance. Performance improvement noticeable with http heavy traffic and ruleset. A lot of other cosmetic changes carried out as well. Wrappers introduced for a lot of app layer functions. Failing dce unittests disabled. Will be reintroduced in the updated dce engine. Cross transaction matching taken care of. FPs emanating from these matches have now disappeared. Double inspection of transactions taken care of as well. 12 years ago			`DetectEngineStateReset((f)->de_state, (STREAM_TOSERVER \| STREAM_TOCLIENT)); \`
Fix for bug 186 and thresholding issue handling ip versions 15 years ago			`} \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`(f)->sgh_toserver = NULL; \`
			`(f)->sgh_toclient = NULL; \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`GenericVarFree((f)->flowvar); \`
			`(f)->flowvar = NULL; \`
Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET 13 years ago			`if (SC_ATOMIC_GET((f)->autofp_tmqh_flow_qid) != -1) { \`
cleaning: fix warning when building with clang. clang was issuing some warnings related to unused return in function. This patch adds some needed error treatment and ignore the rest of the warnings by adding a cast to void. 13 years ago			`(void) SC_ATOMIC_SET((f)->autofp_tmqh_flow_qid, -1); \`
support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well 13 years ago			`} \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`RESET_COUNTERS((f)); \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`} while(0)`

			`#define FLOW_DESTROY(f) do { \`
			`SC_ATOMIC_DESTROY((f)->use_cnt); \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`\`
flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default. 13 years ago			`FLOWLOCK_DESTROY((f)); \`
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes. 13 years ago			`FlowCleanupAppLayer((f)); \`
Fix for bug 186 and thresholding issue handling ip versions 15 years ago			`if ((f)->de_state != NULL) { \`
			`DetectEngineStateFree((f)->de_state); \`
			`} \`
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 14 years ago			`GenericVarFree((f)->flowvar); \`
			`SCMutexDestroy(&(f)->de_state_m); \`
flow: fix atomic var not being initialized and destroyed. 13 years ago			`SC_ATOMIC_DESTROY((f)->autofp_tmqh_flow_qid); \`
Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago			`} while(0)`
Initial add of the files. 17 years ago
Various small flow and host table fixes. 13 years ago			`/** \brief check if a memory alloc would fit in the memcap`
			`*`
			`* \param size memory allocation size to check`
			`*`
			`* \retval 1 it fits`
			`* \retval 0 no fit`
			`*/`
			`#define FLOW_CHECK_MEMCAP(size) \`
			`((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= flow_config.memcap))`

Initial add of the files. 17 years ago			`Flow *FlowAlloc(void);`
Adding some flow improvements and recovery on emergency mode 15 years ago			`Flow *FlowAllocDirect(void);`
Initial add of the files. 17 years ago			`void FlowFree(Flow *);`
Fix not decreasing the flow use_cnt reference counter in some cases from the app layer detection code. This caused some streams to never fully time out and thus clutter up the flow table and session pool. 15 years ago			`uint8_t FlowGetProtoMapping(uint8_t);`
Initial add of the files. 17 years ago			`void FlowInit(Flow , Packet );`

			`#endif /* __FLOW_UTIL_H__ */`