aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd18e52ed93'
${ noResults }
suricata/src/flow-util.h

180 lines
12 KiB
C
Raw Blame History

/* Copyright (C) 2007-2012 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __FLOW_UTIL_H__
#define __FLOW_UTIL_H__
#include "flow.h"
#include "stream-tcp-private.h"
#define COPY_TIMESTAMP(src, dst) ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)
#define RESET_COUNTERS(f) \
do { \
(f)->todstpktcnt = 0; \
(f)->tosrcpktcnt = 0; \
(f)->todstbytecnt = 0; \
(f)->tosrcbytecnt = 0; \
} while (0)
#define FLOW_INITIALIZE(f) \
do { \
(f)->sp = 0; \
(f)->dp = 0; \
(f)->proto = 0; \
(f)->livedev = NULL; \
(f)->timeout_at = 0; \
(f)->timeout_policy = 0; \
(f)->vlan_idx = 0; \
(f)->next = NULL; \
(f)->flow_state = 0; \
(f)->use_cnt = 0; \
(f)->tenant_id = 0; \
(f)->parent_id = 0; \
(f)->probing_parser_toserver_alproto_masks = 0; \
(f)->probing_parser_toclient_alproto_masks = 0; \
(f)->flags = 0; \
(f)->file_flags = 0; \
(f)->protodetect_dp = 0; \
SCTIME_INIT((f)->lastts); \
FLOWLOCK_INIT((f)); \
(f)->protoctx = NULL; \
(f)->flow_end_flags = 0; \
(f)->alproto = 0; \
(f)->alproto_ts = 0; \
(f)->alproto_tc = 0; \
(f)->alproto_orig = 0; \
(f)->alproto_expect = 0; \
(f)->de_ctx_version = 0; \
(f)->thread_id[0] = 0; \
(f)->thread_id[1] = 0; \
(f)->alparser = NULL; \
(f)->alstate = NULL; \
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
(f)->flowvar = NULL; \
RESET_COUNTERS((f)); \
} while (0)
/** \brief macro to recycle a flow before it goes into the spare queue for reuse.
*
* Note that the lnext, lprev, hnext fields are untouched, those are
* managed by the queueing code. Same goes for fb (FlowBucket ptr) field.
*/
#define FLOW_RECYCLE(f) \
do { \
FlowCleanupAppLayer((f)); \
(f)->sp = 0; \
(f)->dp = 0; \
(f)->proto = 0; \
(f)->livedev = NULL; \
(f)->vlan_idx = 0; \
(f)->ffr = 0; \
(f)->next = NULL; \
(f)->timeout_at = 0; \
(f)->timeout_policy = 0; \
(f)->flow_state = 0; \
(f)->use_cnt = 0; \
(f)->tenant_id = 0; \
(f)->parent_id = 0; \
(f)->probing_parser_toserver_alproto_masks = 0; \
(f)->probing_parser_toclient_alproto_masks = 0; \
(f)->flags = 0; \
(f)->file_flags = 0; \
(f)->protodetect_dp = 0; \
SCTIME_INIT((f)->lastts); \
(f)->protoctx = NULL; \
(f)->flow_end_flags = 0; \
(f)->alparser = NULL; \
(f)->alstate = NULL; \
(f)->alproto = 0; \
(f)->alproto_ts = 0; \
(f)->alproto_tc = 0; \
(f)->alproto_orig = 0; \
(f)->alproto_expect = 0; \
(f)->de_ctx_version = 0; \
(f)->thread_id[0] = 0; \
(f)->thread_id[1] = 0; \
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
GenericVarFree((f)->flowvar); \
(f)->flowvar = NULL; \
if (MacSetFlowStorageEnabled()) { \
MacSet *ms = FlowGetStorageById((f), MacSetGetFlowStorageID()); \
if (ms != NULL) { \
MacSetReset(ms); \
} \
} \
RESET_COUNTERS((f)); \
} while (0)
#define FLOW_DESTROY(f) \
do { \
FlowCleanupAppLayer((f)); \
\
FLOWLOCK_DESTROY((f)); \
GenericVarFree((f)->flowvar); \
} while (0)
/** \brief check if a memory alloc would fit in the memcap
*
* \param size memory allocation size to check
*
* \retval 1 it fits
* \retval 0 no fit
*/
#define FLOW_CHECK_MEMCAP(size) \
((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= \
SC_ATOMIC_GET(flow_config.memcap)))
Flow *FlowAlloc(void);
Flow *FlowAllocDirect(void);
void FlowFree(Flow *);
uint8_t FlowGetProtoMapping(uint8_t);
void FlowInit(Flow *, const Packet *);
uint8_t FlowGetReverseProtoMapping(uint8_t rproto);
/* flow end counter logic */
typedef struct FlowEndCounters_ {
uint16_t flow_state[FLOW_STATE_SIZE];
uint16_t flow_tcp_state[TCP_CLOSED + 1];
uint16_t flow_tcp_liberal;
} FlowEndCounters;
static inline void FlowEndCountersUpdate(ThreadVars *tv, FlowEndCounters *fec, Flow *f)
{
if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
TcpSession *ssn = f->protoctx;
StatsIncr(tv, fec->flow_tcp_state[ssn->state]);
if (ssn->lossy_be_liberal) {
StatsIncr(tv, fec->flow_tcp_liberal);
}
}
StatsIncr(tv, fec->flow_state[f->flow_state]);
}
void FlowEndCountersRegister(ThreadVars *t, FlowEndCounters *fec);
#endif /* __FLOW_UTIL_H__ */
Reference in New Issue View Git Blame Copy Permalink