aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's.

Browse Source
remotes/origin/master-1.1.x
Victor Julien 15 years ago
parent 61635f302c
commit a5d9c86dd3
4 changed files with 65 additions and 65 deletions
Show Stats Download Patch File Download Diff File

4
src/alert-debuglog.c
Unescape Escape View File

@ -209,9 +209,11 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
SCMutexLock(&p->flow->m);
CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf));
fprintf(aft->file_ctx->fp, "FLOW Start TS: %s\n",timebuf);
#ifdef DEBUG
fprintf(aft->file_ctx->fp, "FLOW PKTS TODST: %"PRIu32"\n",p->flow->todstpktcnt);
fprintf(aft->file_ctx->fp, "FLOW PKTS TOSRC: %"PRIu32"\n",p->flow->tosrcpktcnt);
fprintf(aft->file_ctx->fp, "FLOW Total Bytes: %"PRIu64"\n",p->flow->bytecnt);
#endif
fprintf(aft->file_ctx->fp, "FLOW IPONLY SET: TOSERVER: %s, TOCLIENT: %s\n",
p->flow->flags & FLOW_TOSERVER_IPONLY_SET ? "TRUE" : "FALSE",
p->flow->flags & FLOW_TOCLIENT_IPONLY_SET ? "TRUE" : "FALSE");
@ -303,9 +305,11 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
SCMutexLock(&p->flow->m);
CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf));
fprintf(aft->file_ctx->fp, "FLOW Start TS: %s\n",timebuf);
#ifdef DEBUG
fprintf(aft->file_ctx->fp, "FLOW PKTS TODST: %"PRIu32"\n",p->flow->todstpktcnt);
fprintf(aft->file_ctx->fp, "FLOW PKTS TOSRC: %"PRIu32"\n",p->flow->tosrcpktcnt);
fprintf(aft->file_ctx->fp, "FLOW Total Bytes: %"PRIu64"\n",p->flow->bytecnt);
#endif
fprintf(aft->file_ctx->fp, "FLOW IPONLY SET: TOSERVER: %s, TOCLIENT: %s\n",
p->flow->flags & FLOW_TOSERVER_IPONLY_SET ? "TRUE" : "FALSE",
p->flow->flags & FLOW_TOCLIENT_IPONLY_SET ? "TRUE" : "FALSE");

77
src/flow-util.h
Unescape Escape View File

@ -28,30 +28,37 @@
#define COPY_TIMESTAMP(src,dst) ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)
#ifdef DEBUG
#define RESET_COUNTERS(f) do { \
(f)->todstpktcnt = 0; \
(f)->tosrcpktcnt = 0; \
(f)->bytecnt = 0; \
} while (0)
#else
#define RESET_COUNTERS(f)
#endif
#define FLOW_INITIALIZE(f) do { \
SCMutexInit(&(f)->m, NULL); \
SCMutexInit(&(f)->de_state_m, NULL); \
(f)->lnext = NULL; \
(f)->lprev = NULL; \
(f)->hnext = NULL; \
(f)->hprev = NULL; \
(f)->sp = 0; \
(f)->dp = 0; \
SC_ATOMIC_INIT((f)->use_cnt); \
(f)->flags = 0; \
(f)->todstpktcnt = 0; \
(f)->tosrcpktcnt = 0; \
(f)->bytecnt = 0; \
(f)->lastts.tv_sec = 0; \
(f)->lastts.tv_usec = 0; \
(f)->flowvar = NULL; \
(f)->lastts_sec = 0; \
SCMutexInit(&(f)->m, NULL); \
(f)->protoctx = NULL; \
SC_ATOMIC_INIT((f)->use_cnt); \
(f)->alproto = 0; \
(f)->aldata = NULL; \
(f)->de_state = NULL; \
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
(f)->aldata = NULL; \
(f)->alproto = 0; \
(f)->tag_list = NULL; \
(f)->flowvar = NULL; \
SCMutexInit(&(f)->de_state_m, NULL); \
(f)->hnext = NULL; \
(f)->hprev = NULL; \
(f)->lnext = NULL; \
(f)->lprev = NULL; \
RESET_COUNTERS((f)); \
} while (0)
/** \brief macro to recycle a flow before it goes into the spare queue for reuse.
@ -62,52 +69,36 @@
#define FLOW_RECYCLE(f) do { \
(f)->sp = 0; \
(f)->dp = 0; \
SC_ATOMIC_RESET((f)->use_cnt); \
(f)->flags = 0; \
(f)->todstpktcnt = 0; \
(f)->tosrcpktcnt = 0; \
(f)->bytecnt = 0; \
(f)->lastts.tv_sec = 0; \
(f)->lastts.tv_usec = 0; \
GenericVarFree((f)->flowvar); \
(f)->flowvar = NULL; \
(f)->lastts_sec = 0; \
(f)->protoctx = NULL; \
SC_ATOMIC_RESET((f)->use_cnt); \
FlowL7DataPtrFree(f); \
(f)->alproto = 0; \
if ((f)->de_state != NULL) { \
DetectEngineStateReset((f)->de_state); \
} \
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
AppLayerParserCleanupState(f); \
FlowL7DataPtrFree(f); \
if ((f)->aldata != NULL) { \
SCFree((f)->aldata); \
(f)->aldata = NULL; \
} \
(f)->alproto = 0; \
DetectTagDataListFree((f)->tag_list); \
(f)->tag_list = NULL; \
GenericVarFree((f)->flowvar); \
(f)->flowvar = NULL; \
RESET_COUNTERS((f)); \
} while(0)
#define FLOW_DESTROY(f) do { \
SCMutexDestroy(&(f)->m); \
SCMutexDestroy(&(f)->de_state_m); \
GenericVarFree((f)->flowvar); \
(f)->flowvar = NULL; \
(f)->protoctx = NULL; \
SC_ATOMIC_DESTROY((f)->use_cnt); \
\
SCMutexDestroy(&(f)->m); \
if ((f)->de_state != NULL) { \
DetectEngineStateFree((f)->de_state); \
} \
(f)->de_state = NULL; \
AppLayerParserCleanupState(f); \
/* clear app layer related memory */ \
FlowL7DataPtrFree(f); \
if ((f)->aldata != NULL) { \
SCFree((f)->aldata); \
(f)->aldata = NULL; \
} \
(f)->alproto = 0; \
DetectTagDataListFree((f)->tag_list); \
(f)->tag_list = NULL; \
GenericVarFree((f)->flowvar); \
SCMutexDestroy(&(f)->de_state_m); \
} while(0)
Flow *FlowAlloc(void);

26
src/flow.c
Unescape Escape View File

@ -136,7 +136,7 @@ void FlowUpdateQueue(Flow *f)
if (f->flags & FLOW_NEW_LIST) {
/* in the new list -- we consider a flow no longer
* new if we have seen at least 2 pkts in both ways. */
if (f->todstpktcnt && f->tosrcpktcnt) {
if (f->flags & FLOW_TO_DST_SEEN && f->flags & FLOW_TO_SRC_SEEN) {
FlowRequeue(f, &flow_new_q[f->protomap], &flow_est_q[f->protomap], 1);
f->flags |= FLOW_EST_LIST; /* transition */
@ -151,7 +151,7 @@ void FlowUpdateQueue(Flow *f)
f->flags |= FLOW_CLOSED_LIST; /* transition */
f->flags &=~ FLOW_EST_LIST;
SCLogDebug("flow %p was put into closing queue ts %"PRIuMAX"", f, (uintmax_t)f->lastts.tv_sec);
SCLogDebug("flow %p was put into closing queue ts %"PRIuMAX"", f, (uintmax_t)f->lastts_sec);
FlowRequeue(f, &flow_est_q[f->protomap], &flow_close_q[f->protomap], 1);
} else {
/* Pull and put back -- this way the flows on
@ -287,11 +287,11 @@ static int FlowPrune (FlowQueue *q, struct timeval *ts)
}
}
SCLogDebug("got lock, now check: %" PRIdMAX "+%" PRIu32 "=(%" PRIdMAX ") < %" PRIdMAX "", (intmax_t)f->lastts.tv_sec,
timeout, (intmax_t)f->lastts.tv_sec + timeout, (intmax_t)ts->tv_sec);
SCLogDebug("got lock, now check: %" PRIdMAX "+%" PRIu32 "=(%" PRIdMAX ") < %" PRIdMAX "", (intmax_t)f->lastts_sec,
timeout, (intmax_t)f->lastts_sec + timeout, (intmax_t)ts->tv_sec);
/* do the timeout check */
if ((int32_t)(f->lastts.tv_sec + timeout) >= ts->tv_sec) {
if ((int32_t)(f->lastts_sec + timeout) >= ts->tv_sec) {
SCSpinUnlock(&f->fb->s);
SCMutexUnlock(&f->m);
SCLogDebug("timeout check failed");
@ -723,23 +723,29 @@ void FlowHandlePacket (ThreadVars *tv, Packet *p)
return;
/* update the last seen timestamp of this flow */
COPY_TIMESTAMP(&p->ts, &f->lastts);
f->lastts_sec = p->ts.tv_sec;
/* update flags and counters */
if (FlowGetPacketDirection(f,p) == TOSERVER) {
if (FlowUpdateSeenFlag(p)) {
f->flags |= FLOW_TO_DST_SEEN;
}
#ifdef DEBUG
f->todstpktcnt++;
#endif
p->flowflags |= FLOW_PKT_TOSERVER;
} else {
if (FlowUpdateSeenFlag(p)) {
f->flags |= FLOW_TO_SRC_SEEN;
}
#ifdef DEBUG
f->tosrcpktcnt++;
#endif
p->flowflags |= FLOW_PKT_TOCLIENT;
}
#ifdef DEBUG
f->bytecnt += GET_PKT_LEN(p);
#endif
if (f->flags & FLOW_TO_DST_SEEN && f->flags & FLOW_TO_SRC_SEEN) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
@ -1632,7 +1638,7 @@ static int FlowTest03 (void) {
FLOW_INITIALIZE(&f);
TimeGet(&ts);
f.lastts.tv_sec = ts.tv_sec - 5000;
f.lastts_sec = ts.tv_sec - 5000;
f.protoctx = &ssn;
f.fb = &fb;
@ -1690,7 +1696,7 @@ static int FlowTest04 (void) {
ssn.client = client;
ssn.server = client;
ssn.state = TCP_ESTABLISHED;
f.lastts.tv_sec = ts.tv_sec - 5000;
f.lastts_sec = ts.tv_sec - 5000;
f.protoctx = &ssn;
f.fb = &fb;
f.proto = IPPROTO_TCP;
@ -1734,7 +1740,7 @@ static int FlowTest05 (void) {
TimeGet(&ts);
ssn.state = TCP_SYN_SENT;
f.lastts.tv_sec = ts.tv_sec - 300;
f.lastts_sec = ts.tv_sec - 300;
f.protoctx = &ssn;
f.fb = &fb;
f.proto = IPPROTO_TCP;
@ -1791,7 +1797,7 @@ static int FlowTest06 (void) {
ssn.client = client;
ssn.server = client;
ssn.state = TCP_ESTABLISHED;
f.lastts.tv_sec = ts.tv_sec - 5000;
f.lastts_sec = ts.tv_sec - 5000;
f.protoctx = &ssn;
f.fb = &fb;
f.proto = IPPROTO_TCP;

23
src/flow.h
Unescape Escape View File

@ -165,10 +165,18 @@ typedef struct Flow_
/* end of flow "header" */
/** how many pkts and stream msgs are using the flow *right now*. This
* variable is atomic so not protected by the Flow mutex "m".
*
* On receiving a packet the counter is incremented while the flow
* bucked is locked, which is also the case on timeout pruning.
*/
SC_ATOMIC_DECLARE(unsigned short, use_cnt);
uint32_t flags;
/* ts of flow init and last update */
struct timeval lastts;
int32_t lastts_sec;
SCMutex m;
@ -182,16 +190,6 @@ typedef struct Flow_
uint16_t alproto; /**< application level protocol */
/** how many pkts and stream msgs are using the flow *right now*. This
* variable is atomic so not protected by the Flow mutex "m".
*
* On receiving a packet the counter is incremented while the flow
* bucked is locked, which is also the case on timeout pruning.
*/
SC_ATOMIC_DECLARE(unsigned short, use_cnt);
uint16_t pad1;
void **aldata; /**< application level storage ptrs */
/** detection engine state */
@ -222,10 +220,11 @@ typedef struct Flow_
struct Flow_ *lprev;
struct timeval startts;
#ifdef DEBUG
uint32_t todstpktcnt;
uint32_t tosrcpktcnt;
uint64_t bytecnt;
#endif
} Flow;
enum {

Write Preview
Loading…
Cancel
Save