From 6ab64706b0c939fcb9efceb6cc646e99bb963bdf Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 28 Dec 2009 14:19:50 +0100
Subject: [PATCH] Improve threshold hash table handling.

---
 src/detect-engine-threshold.c | 22 +++++++++++++++-------
 src/detect-threshold.h        | 14 +++++++-------
 src/detect.h                  |  8 ++++----
 src/util-error.c              |  1 +
 src/util-error.h              |  1 +
 5 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c
index 07d3ea6c9c..99e2ea27d5 100644
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@@ -148,14 +148,22 @@ void ThresholdTimeoutRemove(DetectEngineCtx *de_ctx)
     next = HashListTableGetListHead(de_ctx->ths_ctx.threshold_hash_table_src);
 
     while (next != NULL) {
-
         tsh = HashListTableGetListData(next);
 
         if (tsh && ((tv.tv_sec - tsh->tv_sec1) > tsh->seconds))   {
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdData));
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdData));
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdData));
-            HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdData));
+            if (tsh->ipv == 4) {
+                if (tsh->type == TRACK_SRC) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdData));
+                } else if (tsh->type == TRACK_DST) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdData));
+                }
+            } else if (tsh->ipv == 6) {
+                if (tsh->type == TRACK_SRC) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdData));
+                } else if (tsh->type == TRACK_DST) {
+                    HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdData));
+                }
+            }
         }
 
         next = HashListTableGetListNext(next);
@@ -191,8 +199,8 @@ void ThresholdHashAdd(DetectEngineCtx *de_ctx, DetectThresholdData *tsh_ptr, Pac
     }
 
     if(ret == -1)   {
-        SCLogError(SC_ERR_MEM_ALLOC,
-                "Threshold: Failed to Add element into the hash table.");
+        SCLogError(SC_ERR_THRESHOLD_HASH_ADD,
+                "failed to add element into the hash table");
     }
 
     return;
diff --git a/src/detect-threshold.h b/src/detect-threshold.h
index 86c8e4dd35..01af5d2123 100644
--- a/src/detect-threshold.h
+++ b/src/detect-threshold.h
@@ -24,15 +24,15 @@
  */
 
 typedef struct DetectThresholdData_ {
-    uint8_t type;   /**< Threshold type : limit , threshold, both */
-    uint8_t track;  /**< Track type: by_src, by_src */
-    uint32_t count; /**< Event count */
+    uint8_t type;       /**< Threshold type : limit , threshold, both */
+    uint8_t track;      /**< Track type: by_src, by_src */
+    uint32_t count;     /**< Event count */
     uint32_t seconds;   /**< Event seconds */
-    uint32_t sid;   /**< Signature id */
-    uint8_t gid;    /**< Signature group id */
-    uint8_t ipv;    /**< Packet ip version */
+    uint32_t sid;       /**< Signature id */
+    uint8_t gid;        /**< Signature group id */
+    uint8_t ipv;        /**< Packet ip version */
 
-    Address addr;   /**< Var used to store dst or src addr */
+    Address addr;       /**< Var used to store dst or src addr */
 
     uint32_t tv_sec1;   /**< Var for time control */
     uint32_t current_count; /**< Var for count control */
diff --git a/src/detect.h b/src/detect.h
index e9fa2bcc40..6964ee55b8 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -225,12 +225,12 @@ typedef struct DetectEngineLookupDsize_ {
 
 /** \brief threshold ctx */
 typedef struct ThresholdCtx_    {
-    HashListTable *threshold_hash_table_dst;    /**< Ipv4 dst hash table */
-    HashListTable *threshold_hash_table_src;    /**< Ipv4 src hash table */
+    HashListTable *threshold_hash_table_dst;        /**< Ipv4 dst hash table */
+    HashListTable *threshold_hash_table_src;        /**< Ipv4 src hash table */
     HashListTable *threshold_hash_table_dst_ipv6;   /**< Ipv6 dst hash table */
     HashListTable *threshold_hash_table_src_ipv6;   /**< Ipv6 src hash table */
-    pthread_mutex_t threshold_table_lock;   /**< Mutex for hash table */
-}ThresholdCtx;
+    SCMutex threshold_table_lock;                   /**< Mutex for hash table */
+} ThresholdCtx;
 
 /** \brief main detection engine ctx */
 typedef struct DetectEngineCtx_ {
diff --git a/src/util-error.c b/src/util-error.c
index c3143d8ccc..08051ffb83 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -61,6 +61,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR);
         CASE_CODE (SC_ERR_FWRITE);
         CASE_CODE (SC_ERR_FOPEN);
+        CASE_CODE (SC_ERR_THRESHOLD_HASH_ADD);
         default:
             return "UNKNOWN_ERROR";
     }
diff --git a/src/util-error.h b/src/util-error.h
index e4b837798e..ecf436313f 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -73,6 +73,7 @@ typedef enum {
     SC_ERR_UNIFIED_ALERT_GENERIC_ERROR,
     SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR,
     SC_ERR_FWRITE,
+    SC_ERR_THRESHOLD_HASH_ADD,
 } SCError;
 
 const char *SCErrorToString(SCError);