Improve threshold hash table handling.

16 years ago · 6ab64706b0
parent 8c8b8596c8
commit 6ab64706b0
5 changed files with 28 additions and 18 deletions
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@ -148,14 +148,22 @@ void ThresholdTimeoutRemove(DetectEngineCtx *de_ctx)
    next = HashListTableGetListHead(de_ctx->ths_ctx.threshold_hash_table_src);

    while (next != NULL) {
-
        tsh = HashListTableGetListData(next);

        if (tsh && ((tv.tv_sec - tsh->tv_sec1) > tsh->seconds))   {
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdData));
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdData));
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdData));
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdData));
+            if (tsh->ipv == 4) {
+                if (tsh->type == TRACK_SRC) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdData));
+                } else if (tsh->type == TRACK_DST) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdData));
+                }
+            } else if (tsh->ipv == 6) {
+                if (tsh->type == TRACK_SRC) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdData));
+                } else if (tsh->type == TRACK_DST) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdData));
+                }
+            }
        }

        next = HashListTableGetListNext(next);
@ -191,8 +199,8 @@ void ThresholdHashAdd(DetectEngineCtx *de_ctx, DetectThresholdData *tsh_ptr, Pac
    }

    if(ret == -1)   {
-        SCLogError(SC_ERR_MEM_ALLOC,
-                "Threshold: Failed to Add element into the hash table.");
+        SCLogError(SC_ERR_THRESHOLD_HASH_ADD,
+                "failed to add element into the hash table");
    }

    return;
--- a/src/detect-threshold.h
+++ b/src/detect-threshold.h
@ -24,15 +24,15 @@
 */

 typedef struct DetectThresholdData_ {
-    uint8_t type;   /**< Threshold type : limit , threshold, both */
-    uint8_t track;  /**< Track type: by_src, by_src */
-    uint32_t count; /**< Event count */
+    uint8_t type;       /**< Threshold type : limit , threshold, both */
+    uint8_t track;      /**< Track type: by_src, by_src */
+    uint32_t count;     /**< Event count */
    uint32_t seconds;   /**< Event seconds */
-    uint32_t sid;   /**< Signature id */
-    uint8_t gid;    /**< Signature group id */
-    uint8_t ipv;    /**< Packet ip version */
+    uint32_t sid;       /**< Signature id */
+    uint8_t gid;        /**< Signature group id */
+    uint8_t ipv;        /**< Packet ip version */

-    Address addr;   /**< Var used to store dst or src addr */
+    Address addr;       /**< Var used to store dst or src addr */

    uint32_t tv_sec1;   /**< Var for time control */
    uint32_t current_count; /**< Var for count control */
--- a/src/detect.h
+++ b/src/detect.h
@ -225,12 +225,12 @@ typedef struct DetectEngineLookupDsize_ {

 /** \brief threshold ctx */
 typedef struct ThresholdCtx_    {
-    HashListTable *threshold_hash_table_dst;    /**< Ipv4 dst hash table */
-    HashListTable *threshold_hash_table_src;    /**< Ipv4 src hash table */
+    HashListTable *threshold_hash_table_dst;        /**< Ipv4 dst hash table */
+    HashListTable *threshold_hash_table_src;        /**< Ipv4 src hash table */
    HashListTable *threshold_hash_table_dst_ipv6;   /**< Ipv6 dst hash table */
    HashListTable *threshold_hash_table_src_ipv6;   /**< Ipv6 src hash table */
-    pthread_mutex_t threshold_table_lock;   /**< Mutex for hash table */
-}ThresholdCtx;
+    SCMutex threshold_table_lock;                   /**< Mutex for hash table */
+} ThresholdCtx;

 /** \brief main detection engine ctx */
 typedef struct DetectEngineCtx_ {
--- a/src/util-error.c
+++ b/src/util-error.c
@ -61,6 +61,7 @@ const char * SCErrorToString(SCError err)
        CASE_CODE (SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR);
        CASE_CODE (SC_ERR_FWRITE);
        CASE_CODE (SC_ERR_FOPEN);
+        CASE_CODE (SC_ERR_THRESHOLD_HASH_ADD);
        default:
            return "UNKNOWN_ERROR";
    }
--- a/src/util-error.h
+++ b/src/util-error.h
@ -73,6 +73,7 @@ typedef enum {
    SC_ERR_UNIFIED_ALERT_GENERIC_ERROR,
    SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR,
    SC_ERR_FWRITE,
+    SC_ERR_THRESHOLD_HASH_ADD,
 } SCError;

 const char *SCErrorToString(SCError);