suricata
defrag-hash.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "conf.h"
20 #include "defrag-hash.h"
21 #include "defrag-queue.h"
22 #include "defrag-config.h"
23 #include "util-random.h"
24 #include "util-byte.h"
25 #include "util-misc.h"
26 #include "util-hash-lookup3.h"
27 
28 /** defrag tracker hash table */
31 SC_ATOMIC_DECLARE(uint64_t,defrag_memuse);
32 SC_ATOMIC_DECLARE(unsigned int,defragtracker_counter);
33 SC_ATOMIC_DECLARE(unsigned int,defragtracker_prune_idx);
34 
35 static DefragTracker *DefragTrackerGetUsedDefragTracker(void);
36 
37 /** queue with spare tracker */
38 static DefragTrackerQueue defragtracker_spare_q;
39 
40 /**
41  * \brief Update memcap value
42  *
43  * \param size new memcap value
44  */
45 int DefragTrackerSetMemcap(uint64_t size)
46 {
47  if ((uint64_t)SC_ATOMIC_GET(defrag_memuse) < size) {
48  SC_ATOMIC_SET(defrag_config.memcap, size);
49  return 1;
50  }
51 
52  return 0;
53 }
54 
55 /**
56  * \brief Return memcap value
57  *
58  * \retval memcap value
59  */
60 uint64_t DefragTrackerGetMemcap(void)
61 {
62  uint64_t memcapcopy = SC_ATOMIC_GET(defrag_config.memcap);
63  return memcapcopy;
64 }
65 
66 /**
67  * \brief Return memuse value
68  *
69  * \retval memuse value
70  */
71 uint64_t DefragTrackerGetMemuse(void)
72 {
73  uint64_t memusecopy = (uint64_t)SC_ATOMIC_GET(defrag_memuse);
74  return memusecopy;
75 }
76 
78 {
79  return DefragTrackerQueueLen(&defragtracker_spare_q);
80 }
81 
83 {
84  DefragTrackerEnqueue(&defragtracker_spare_q, h);
85  (void) SC_ATOMIC_SUB(defragtracker_counter, 1);
86 }
87 
88 static DefragTracker *DefragTrackerAlloc(void)
89 {
90  if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
91  return NULL;
92  }
93 
94  (void) SC_ATOMIC_ADD(defrag_memuse, sizeof(DefragTracker));
95 
96  DefragTracker *dt = SCMalloc(sizeof(DefragTracker));
97  if (unlikely(dt == NULL))
98  goto error;
99 
100  memset(dt, 0x00, sizeof(DefragTracker));
101 
102  SCMutexInit(&dt->lock, NULL);
103  SC_ATOMIC_INIT(dt->use_cnt);
104  return dt;
105 
106 error:
107  return NULL;
108 }
109 
110 static void DefragTrackerFree(DefragTracker *dt)
111 {
112  if (dt != NULL) {
114 
115  SCMutexDestroy(&dt->lock);
116  SCFree(dt);
117  (void) SC_ATOMIC_SUB(defrag_memuse, sizeof(DefragTracker));
118  }
119 }
120 
121 #define DefragTrackerIncrUsecnt(dt) \
122  SC_ATOMIC_ADD((dt)->use_cnt, 1)
123 #define DefragTrackerDecrUsecnt(dt) \
124  SC_ATOMIC_SUB((dt)->use_cnt, 1)
125 
126 static void DefragTrackerInit(DefragTracker *dt, Packet *p)
127 {
128  /* copy address */
129  COPY_ADDRESS(&p->src, &dt->src_addr);
130  COPY_ADDRESS(&p->dst, &dt->dst_addr);
131 
132  if (PKT_IS_IPV4(p)) {
133  dt->id = (int32_t)IPV4_GET_IPID(p);
134  dt->af = AF_INET;
135  } else {
136  dt->id = (int32_t)IPV6_EXTHDR_GET_FH_ID(p);
137  dt->af = AF_INET6;
138  }
139  dt->proto = IP_GET_IPPROTO(p);
140  memcpy(&dt->vlan_id[0], &p->vlan_id[0], sizeof(dt->vlan_id));
141  dt->policy = DefragGetOsPolicy(p);
143  dt->remove = 0;
144  dt->seen_last = 0;
145 
146  (void) DefragTrackerIncrUsecnt(dt);
147 }
148 
150 {
151  (void) DefragTrackerDecrUsecnt(t);
152  SCMutexUnlock(&t->lock);
153 }
154 
156 {
158 }
159 
160 #define DEFRAG_DEFAULT_HASHSIZE 4096
161 #define DEFRAG_DEFAULT_MEMCAP 16777216
162 #define DEFRAG_DEFAULT_PREALLOC 1000
163 
164 /** \brief initialize the configuration
165  * \warning Not thread safe */
166 void DefragInitConfig(bool quiet)
167 {
168  SCLogDebug("initializing defrag engine...");
169 
170  memset(&defrag_config, 0, sizeof(defrag_config));
171  //SC_ATOMIC_INIT(flow_flags);
172  SC_ATOMIC_INIT(defragtracker_counter);
173  SC_ATOMIC_INIT(defrag_memuse);
174  SC_ATOMIC_INIT(defragtracker_prune_idx);
176  DefragTrackerQueueInit(&defragtracker_spare_q);
177 
178  /* set defaults */
179  defrag_config.hash_rand = (uint32_t)RandomGet();
183  defrag_config.memcap_policy = ExceptionPolicyParse("defrag.memcap-policy", false);
184 
185  /* Check if we have memcap and hash_size defined at config */
186  const char *conf_val;
187  uint32_t configval = 0;
188 
189  uint64_t defrag_memcap;
190  /** set config values for memcap, prealloc and hash_size */
191  if ((ConfGet("defrag.memcap", &conf_val)) == 1)
192  {
193  if (ParseSizeStringU64(conf_val, &defrag_memcap) < 0) {
194  SCLogError("Error parsing defrag.memcap "
195  "from conf file - %s. Killing engine",
196  conf_val);
197  exit(EXIT_FAILURE);
198  } else {
199  SC_ATOMIC_SET(defrag_config.memcap, defrag_memcap);
200  }
201  }
202  if ((ConfGet("defrag.hash-size", &conf_val)) == 1)
203  {
204  if (StringParseUint32(&configval, 10, strlen(conf_val),
205  conf_val) > 0) {
206  defrag_config.hash_size = configval;
207  } else {
208  WarnInvalidConfEntry("defrag.hash-size", "%"PRIu32, defrag_config.hash_size);
209  }
210  }
211 
212 
213  if ((ConfGet("defrag.trackers", &conf_val)) == 1)
214  {
215  if (StringParseUint32(&configval, 10, strlen(conf_val),
216  conf_val) > 0) {
217  defrag_config.prealloc = configval;
218  } else {
219  WarnInvalidConfEntry("defrag.trackers", "%"PRIu32, defrag_config.prealloc);
220  }
221  }
222  SCLogDebug("DefragTracker config from suricata.yaml: memcap: %"PRIu64", hash-size: "
223  "%"PRIu32", prealloc: %"PRIu32, SC_ATOMIC_GET(defrag_config.memcap),
225 
226  /* alloc hash memory */
227  uint64_t hash_size = defrag_config.hash_size * sizeof(DefragTrackerHashRow);
228  if (!(DEFRAG_CHECK_MEMCAP(hash_size))) {
229  SCLogError("allocating defrag hash failed: "
230  "max defrag memcap is smaller than projected hash size. "
231  "Memcap: %" PRIu64 ", Hash table size %" PRIu64 ". Calculate "
232  "total hash size by multiplying \"defrag.hash-size\" with %" PRIuMAX ", "
233  "which is the hash bucket size.",
234  SC_ATOMIC_GET(defrag_config.memcap), hash_size,
235  (uintmax_t)sizeof(DefragTrackerHashRow));
236  exit(EXIT_FAILURE);
237  }
239  if (unlikely(defragtracker_hash == NULL)) {
240  FatalError("Fatal error encountered in DefragTrackerInitConfig. Exiting...");
241  }
243 
244  uint32_t i = 0;
245  for (i = 0; i < defrag_config.hash_size; i++) {
247  }
248  (void) SC_ATOMIC_ADD(defrag_memuse, (defrag_config.hash_size * sizeof(DefragTrackerHashRow)));
249 
250  if (!quiet) {
251  SCLogConfig("allocated %"PRIu64" bytes of memory for the defrag hash... "
252  "%" PRIu32 " buckets of size %" PRIuMAX "",
253  SC_ATOMIC_GET(defrag_memuse), defrag_config.hash_size,
254  (uintmax_t)sizeof(DefragTrackerHashRow));
255  }
256 
257  if ((ConfGet("defrag.prealloc", &conf_val)) == 1)
258  {
259  if (ConfValIsTrue(conf_val)) {
260  /* pre allocate defrag trackers */
261  for (i = 0; i < defrag_config.prealloc; i++) {
262  if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
263  SCLogError("preallocating defrag trackers failed: "
264  "max defrag memcap reached. Memcap %" PRIu64 ", "
265  "Memuse %" PRIu64 ".",
267  ((uint64_t)SC_ATOMIC_GET(defrag_memuse) +
268  (uint64_t)sizeof(DefragTracker)));
269  exit(EXIT_FAILURE);
270  }
271 
272  DefragTracker *h = DefragTrackerAlloc();
273  if (h == NULL) {
274  SCLogError("preallocating defrag failed: %s", strerror(errno));
275  exit(EXIT_FAILURE);
276  }
277  DefragTrackerEnqueue(&defragtracker_spare_q,h);
278  }
279  if (!quiet) {
280  SCLogConfig("preallocated %" PRIu32 " defrag trackers of size %" PRIuMAX "",
281  defragtracker_spare_q.len, (uintmax_t)sizeof(DefragTracker));
282  }
283  }
284  }
285 
286  if (!quiet) {
287  SCLogConfig("defrag memory usage: %"PRIu64" bytes, maximum: %"PRIu64,
288  SC_ATOMIC_GET(defrag_memuse), SC_ATOMIC_GET(defrag_config.memcap));
289  }
290 
291  return;
292 }
293 
294 /** \brief print some defrag stats
295  * \warning Not thread safe */
296 static void DefragTrackerPrintStats (void)
297 {
298 }
299 
300 /** \brief shutdown the flow engine
301  * \warning Not thread safe */
303 {
304  DefragTracker *dt;
305  uint32_t u;
306 
307  DefragTrackerPrintStats();
308 
309  /* free spare queue */
310  while((dt = DefragTrackerDequeue(&defragtracker_spare_q))) {
311  BUG_ON(SC_ATOMIC_GET(dt->use_cnt) > 0);
312  DefragTrackerFree(dt);
313  }
314 
315  /* clear and free the hash */
316  if (defragtracker_hash != NULL) {
317  for (u = 0; u < defrag_config.hash_size; u++) {
318  dt = defragtracker_hash[u].head;
319  while (dt) {
320  DefragTracker *n = dt->hnext;
322  DefragTrackerFree(dt);
323  dt = n;
324  }
325 
327  }
329  defragtracker_hash = NULL;
330  }
331  (void) SC_ATOMIC_SUB(defrag_memuse, defrag_config.hash_size * sizeof(DefragTrackerHashRow));
332  DefragTrackerQueueDestroy(&defragtracker_spare_q);
333  return;
334 }
335 
336 /** \brief compare two raw ipv6 addrs
337  *
338  * \note we don't care about the real ipv6 ip's, this is just
339  * to consistently fill the DefragHashKey6 struct, without all
340  * the SCNtohl calls.
341  *
342  * \warning do not use elsewhere unless you know what you're doing.
343  * detect-engine-address-ipv6.c's AddressIPv6GtU32 is likely
344  * what you are looking for.
345  */
346 static inline int DefragHashRawAddressIPv6GtU32(const uint32_t *a, const uint32_t *b)
347 {
348  for (int i = 0; i < 4; i++) {
349  if (a[i] > b[i])
350  return 1;
351  if (a[i] < b[i])
352  break;
353  }
354 
355  return 0;
356 }
357 
358 typedef struct DefragHashKey4_ {
359  union {
360  struct {
361  uint32_t src, dst;
362  uint32_t id;
364  uint16_t pad[1];
365  };
366  uint32_t u32[5];
367  };
369 
370 typedef struct DefragHashKey6_ {
371  union {
372  struct {
373  uint32_t src[4], dst[4];
374  uint32_t id;
376  uint16_t pad[1];
377  };
378  uint32_t u32[11];
379  };
381 
382 /* calculate the hash key for this packet
383  *
384  * we're using:
385  * hash_rand -- set at init time
386  * source address
387  * destination address
388  * id
389  * vlan_id
390  */
391 static inline uint32_t DefragHashGetKey(Packet *p)
392 {
393  uint32_t key;
394 
395  if (p->ip4h != NULL) {
396  DefragHashKey4 dhk = { .pad[0] = 0 };
397  if (p->src.addr_data32[0] > p->dst.addr_data32[0]) {
398  dhk.src = p->src.addr_data32[0];
399  dhk.dst = p->dst.addr_data32[0];
400  } else {
401  dhk.src = p->dst.addr_data32[0];
402  dhk.dst = p->src.addr_data32[0];
403  }
404  dhk.id = (uint32_t)IPV4_GET_IPID(p);
405  memcpy(&dhk.vlan_id[0], &p->vlan_id[0], sizeof(dhk.vlan_id));
406 
407  uint32_t hash =
408  hashword(dhk.u32, sizeof(dhk.u32) / sizeof(uint32_t), defrag_config.hash_rand);
409  key = hash % defrag_config.hash_size;
410  } else if (p->ip6h != NULL) {
411  DefragHashKey6 dhk = { .pad[0] = 0 };
412  if (DefragHashRawAddressIPv6GtU32(p->src.addr_data32, p->dst.addr_data32)) {
413  dhk.src[0] = p->src.addr_data32[0];
414  dhk.src[1] = p->src.addr_data32[1];
415  dhk.src[2] = p->src.addr_data32[2];
416  dhk.src[3] = p->src.addr_data32[3];
417  dhk.dst[0] = p->dst.addr_data32[0];
418  dhk.dst[1] = p->dst.addr_data32[1];
419  dhk.dst[2] = p->dst.addr_data32[2];
420  dhk.dst[3] = p->dst.addr_data32[3];
421  } else {
422  dhk.src[0] = p->dst.addr_data32[0];
423  dhk.src[1] = p->dst.addr_data32[1];
424  dhk.src[2] = p->dst.addr_data32[2];
425  dhk.src[3] = p->dst.addr_data32[3];
426  dhk.dst[0] = p->src.addr_data32[0];
427  dhk.dst[1] = p->src.addr_data32[1];
428  dhk.dst[2] = p->src.addr_data32[2];
429  dhk.dst[3] = p->src.addr_data32[3];
430  }
431  dhk.id = IPV6_EXTHDR_GET_FH_ID(p);
432  memcpy(&dhk.vlan_id[0], &p->vlan_id[0], sizeof(dhk.vlan_id));
433 
434  uint32_t hash =
435  hashword(dhk.u32, sizeof(dhk.u32) / sizeof(uint32_t), defrag_config.hash_rand);
436  key = hash % defrag_config.hash_size;
437  } else
438  key = 0;
439 
440  return key;
441 }
442 
443 /* Since two or more trackers can have the same hash key, we need to compare
444  * the tracker with the current tracker key. */
445 #define CMP_DEFRAGTRACKER(d1, d2, id) \
446  (((CMP_ADDR(&(d1)->src_addr, &(d2)->src) && CMP_ADDR(&(d1)->dst_addr, &(d2)->dst)) || \
447  (CMP_ADDR(&(d1)->src_addr, &(d2)->dst) && CMP_ADDR(&(d1)->dst_addr, &(d2)->src))) && \
448  (d1)->proto == IP_GET_IPPROTO(d2) && (d1)->id == (id) && \
449  (d1)->vlan_id[0] == (d2)->vlan_id[0] && (d1)->vlan_id[1] == (d2)->vlan_id[1] && \
450  (d1)->vlan_id[2] == (d2)->vlan_id[2])
451 
452 static inline int DefragTrackerCompare(DefragTracker *t, Packet *p)
453 {
454  uint32_t id;
455  if (PKT_IS_IPV4(p)) {
456  id = (uint32_t)IPV4_GET_IPID(p);
457  } else {
458  id = IPV6_EXTHDR_GET_FH_ID(p);
459  }
460 
461  return CMP_DEFRAGTRACKER(t, p, id);
462 }
463 
464 /**
465  * \brief Get a new defrag tracker
466  *
467  * Get a new defrag tracker. We're checking memcap first and will try to make room
468  * if the memcap is reached.
469  *
470  * \retval dt *LOCKED* tracker on success, NULL on error.
471  */
472 static DefragTracker *DefragTrackerGetNew(Packet *p)
473 {
474 #ifdef DEBUG
475  if (g_eps_defrag_memcap != UINT64_MAX && g_eps_defrag_memcap == p->pcap_cnt) {
476  SCLogNotice("simulating memcap hit for packet %" PRIu64, p->pcap_cnt);
478  return NULL;
479  }
480 #endif
481 
482  DefragTracker *dt = NULL;
483 
484  /* get a tracker from the spare queue */
485  dt = DefragTrackerDequeue(&defragtracker_spare_q);
486  if (dt == NULL) {
487  /* If we reached the max memcap, we get a used tracker */
488  if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
489  /* declare state of emergency */
490  //if (!(SC_ATOMIC_GET(defragtracker_flags) & DEFRAG_EMERGENCY)) {
491  // SC_ATOMIC_OR(defragtracker_flags, DEFRAG_EMERGENCY);
492 
493  /* under high load, waking up the flow mgr each time leads
494  * to high cpu usage. Flows are not timed out much faster if
495  * we check a 1000 times a second. */
496  // FlowWakeupFlowManagerThread();
497  //}
498 
499  dt = DefragTrackerGetUsedDefragTracker();
500  if (dt == NULL) {
502  return NULL;
503  }
504 
505  /* freed a tracker, but it's unlocked */
506  } else {
507  /* now see if we can alloc a new tracker */
508  dt = DefragTrackerAlloc();
509  if (dt == NULL) {
511  return NULL;
512  }
513 
514  /* tracker is initialized but *unlocked* */
515  }
516  } else {
517  /* tracker has been recycled before it went into the spare queue */
518 
519  /* tracker is initialized (recycled) but *unlocked* */
520  }
521 
522  (void) SC_ATOMIC_ADD(defragtracker_counter, 1);
523  SCMutexLock(&dt->lock);
524  return dt;
525 }
526 
527 /* DefragGetTrackerFromHash
528  *
529  * Hash retrieval function for trackers. Looks up the hash bucket containing the
530  * tracker pointer. Then compares the packet with the found tracker to see if it is
531  * the tracker we need. If it isn't, walk the list until the right tracker is found.
532  *
533  * returns a *LOCKED* tracker or NULL
534  */
536 {
537  DefragTracker *dt = NULL;
538 
539  /* get the key to our bucket */
540  uint32_t key = DefragHashGetKey(p);
541  /* get our hash bucket and lock it */
543  DRLOCK_LOCK(hb);
544 
545  /* see if the bucket already has a tracker */
546  if (hb->head == NULL) {
547  dt = DefragTrackerGetNew(p);
548  if (dt == NULL) {
549  DRLOCK_UNLOCK(hb);
550  return NULL;
551  }
552 
553  /* tracker is locked */
554  hb->head = dt;
555  hb->tail = dt;
556 
557  /* got one, now lock, initialize and return */
558  DefragTrackerInit(dt,p);
559 
560  DRLOCK_UNLOCK(hb);
561  return dt;
562  }
563 
564  /* ok, we have a tracker in the bucket. Let's find out if it is our tracker */
565  dt = hb->head;
566 
567  /* see if this is the tracker we are looking for */
568  if (dt->remove || DefragTrackerCompare(dt, p) == 0) {
569  DefragTracker *pdt = NULL; /* previous tracker */
570 
571  while (dt) {
572  pdt = dt;
573  dt = dt->hnext;
574 
575  if (dt == NULL) {
576  dt = pdt->hnext = DefragTrackerGetNew(p);
577  if (dt == NULL) {
578  DRLOCK_UNLOCK(hb);
579  return NULL;
580  }
581  hb->tail = dt;
582 
583  /* tracker is locked */
584 
585  dt->hprev = pdt;
586 
587  /* initialize and return */
588  DefragTrackerInit(dt,p);
589 
590  DRLOCK_UNLOCK(hb);
591  return dt;
592  }
593 
594  if (DefragTrackerCompare(dt, p) != 0) {
595  /* we found our tracker, lets put it on top of the
596  * hash list -- this rewards active trackers */
597  if (dt->hnext) {
598  dt->hnext->hprev = dt->hprev;
599  }
600  if (dt->hprev) {
601  dt->hprev->hnext = dt->hnext;
602  }
603  if (dt == hb->tail) {
604  hb->tail = dt->hprev;
605  }
606 
607  dt->hnext = hb->head;
608  dt->hprev = NULL;
609  hb->head->hprev = dt;
610  hb->head = dt;
611 
612  /* found our tracker, lock & return */
613  SCMutexLock(&dt->lock);
614  (void) DefragTrackerIncrUsecnt(dt);
615  DRLOCK_UNLOCK(hb);
616  return dt;
617  }
618  }
619  }
620 
621  /* lock & return */
622  SCMutexLock(&dt->lock);
623  (void) DefragTrackerIncrUsecnt(dt);
624  DRLOCK_UNLOCK(hb);
625  return dt;
626 }
627 
628 /** \brief look up a tracker in the hash
629  *
630  * \param a address to look up
631  *
632  * \retval h *LOCKED* tracker or NULL
633  */
635 {
636  DefragTracker *dt = NULL;
637 
638  /* get the key to our bucket */
639  uint32_t key = DefragHashGetKey(p);
640  /* get our hash bucket and lock it */
642  DRLOCK_LOCK(hb);
643 
644  /* see if the bucket already has a tracker */
645  if (hb->head == NULL) {
646  DRLOCK_UNLOCK(hb);
647  return dt;
648  }
649 
650  /* ok, we have a tracker in the bucket. Let's find out if it is our tracker */
651  dt = hb->head;
652 
653  /* see if this is the tracker we are looking for */
654  if (DefragTrackerCompare(dt, p) == 0) {
655  while (dt) {
656  dt = dt->hnext;
657 
658  if (dt == NULL) {
659  DRLOCK_UNLOCK(hb);
660  return dt;
661  }
662 
663  if (DefragTrackerCompare(dt, p) != 0) {
664  /* we found our tracker, lets put it on top of the
665  * hash list -- this rewards active tracker */
666  if (dt->hnext) {
667  dt->hnext->hprev = dt->hprev;
668  }
669  if (dt->hprev) {
670  dt->hprev->hnext = dt->hnext;
671  }
672  if (dt == hb->tail) {
673  hb->tail = dt->hprev;
674  }
675 
676  dt->hnext = hb->head;
677  dt->hprev = NULL;
678  hb->head->hprev = dt;
679  hb->head = dt;
680 
681  /* found our tracker, lock & return */
682  SCMutexLock(&dt->lock);
683  (void) DefragTrackerIncrUsecnt(dt);
684  DRLOCK_UNLOCK(hb);
685  return dt;
686  }
687  }
688  }
689 
690  /* lock & return */
691  SCMutexLock(&dt->lock);
692  (void) DefragTrackerIncrUsecnt(dt);
693  DRLOCK_UNLOCK(hb);
694  return dt;
695 }
696 
697 /** \internal
698  * \brief Get a tracker from the hash directly.
699  *
700  * Called in conditions where the spare queue is empty and memcap is reached.
701  *
702  * Walks the hash until a tracker can be freed. "defragtracker_prune_idx" atomic int makes
703  * sure we don't start at the top each time since that would clear the top of
704  * the hash leading to longer and longer search times under high pressure (observed).
705  *
706  * \retval dt tracker or NULL
707  */
708 static DefragTracker *DefragTrackerGetUsedDefragTracker(void)
709 {
710  uint32_t idx = SC_ATOMIC_GET(defragtracker_prune_idx) % defrag_config.hash_size;
711  uint32_t cnt = defrag_config.hash_size;
712 
713  while (cnt--) {
714  if (++idx >= defrag_config.hash_size)
715  idx = 0;
716 
718 
719  if (DRLOCK_TRYLOCK(hb) != 0)
720  continue;
721 
722  DefragTracker *dt = hb->tail;
723  if (dt == NULL) {
724  DRLOCK_UNLOCK(hb);
725  continue;
726  }
727 
728  if (SCMutexTrylock(&dt->lock) != 0) {
729  DRLOCK_UNLOCK(hb);
730  continue;
731  }
732 
733  /** never prune a tracker that is used by a packets
734  * we are currently processing in one of the threads */
735  if (SC_ATOMIC_GET(dt->use_cnt) > 0) {
736  DRLOCK_UNLOCK(hb);
737  SCMutexUnlock(&dt->lock);
738  continue;
739  }
740 
741  /* remove from the hash */
742  if (dt->hprev != NULL)
743  dt->hprev->hnext = dt->hnext;
744  if (dt->hnext != NULL)
745  dt->hnext->hprev = dt->hprev;
746  if (hb->head == dt)
747  hb->head = dt->hnext;
748  if (hb->tail == dt)
749  hb->tail = dt->hprev;
750 
751  dt->hnext = NULL;
752  dt->hprev = NULL;
753  DRLOCK_UNLOCK(hb);
754 
756 
757  SCMutexUnlock(&dt->lock);
758 
759  (void) SC_ATOMIC_ADD(defragtracker_prune_idx, (defrag_config.hash_size - cnt));
760  return dt;
761  }
762 
763  return NULL;
764 }
765 
766 
PKT_DROP_REASON_DEFRAG_MEMCAP
@ PKT_DROP_REASON_DEFRAG_MEMCAP
Definition: decode.h:394
util-byte.h
DefragTrackerFreeFrags
void DefragTrackerFreeFrags(DefragTracker *tracker)
Free all frags associated with a tracker.
Definition: defrag.c:153
DefragLookupTrackerFromHash
DefragTracker * DefragLookupTrackerFromHash(Packet *p)
look up a tracker in the hash
Definition: defrag-hash.c:634
ExceptionPolicyApply
void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
Definition: util-exception-policy.c:68
DefragHashKey4
struct DefragHashKey4_ DefragHashKey4
IPV6_EXTHDR_GET_FH_ID
#define IPV6_EXTHDR_GET_FH_ID(p)
Definition: decode-ipv6.h:130
DefragHashKey4_::src
uint32_t src
Definition: defrag-hash.c:361
hashword
uint32_t hashword(const uint32_t *k, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:174
DefragTracker_::hnext
struct DefragTracker_ * hnext
Definition: defrag.h:118
defragtracker_hash
DefragTrackerHashRow * defragtracker_hash
Definition: defrag-hash.c:29
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
DefragTrackerIncrUsecnt
#define DefragTrackerIncrUsecnt(dt)
Definition: defrag-hash.c:121
DefragHashKey6_::u32
uint32_t u32[11]
Definition: defrag-hash.c:378
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
DefragTrackerHashRow_
Definition: defrag-hash.h:59
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:598
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:198
DefragTrackerSpareQueueGetSize
uint32_t DefragTrackerSpareQueueGetSize(void)
Definition: defrag-hash.c:77
DefragHashKey4_::vlan_id
uint16_t vlan_id[VLAN_MAX_LAYERS]
Definition: defrag-hash.c:363
DefragTrackerQueueDestroy
void DefragTrackerQueueDestroy(DefragTrackerQueue *q)
Destroy a tracker queue.
Definition: defrag-queue.c:57
DefragHashKey4_::id
uint32_t id
Definition: defrag-hash.c:362
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:333
DefragTrackerHashRow
struct DefragTrackerHashRow_ DefragTrackerHashRow
DefragTrackerClearMemory
void DefragTrackerClearMemory(DefragTracker *dt)
Definition: defrag-hash.c:155
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
DefragTracker_::host_timeout
uint32_t host_timeout
Definition: defrag.h:110
RandomGet
long int RandomGet(void)
Definition: util-random.c:130
DefragTrackerGetMemuse
uint64_t DefragTrackerGetMemuse(void)
Return memuse value.
Definition: defrag-hash.c:71
defrag-config.h
DefragPolicyGetHostTimeout
int DefragPolicyGetHostTimeout(Packet *p)
Definition: defrag-config.c:91
ExceptionPolicyParse
enum ExceptionPolicy ExceptionPolicyParse(const char *option, bool support_flow)
Definition: util-exception-policy.c:231
DefragTrackerMoveToSpare
void DefragTrackerMoveToSpare(DefragTracker *h)
Definition: defrag-hash.c:82
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:537
DefragTracker_::hprev
struct DefragTracker_ * hprev
Definition: defrag.h:119
DefragTracker_::lock
SCMutex lock
Definition: defrag.h:87
DefragConfig_::hash_size
uint32_t hash_size
Definition: defrag-hash.h:71
DefragGetOsPolicy
uint8_t DefragGetOsPolicy(Packet *p)
Get the defrag policy based on the destination address of the packet.
Definition: defrag.c:929
DefragConfig_::prealloc
uint32_t prealloc
Definition: defrag-hash.h:72
DefragHashKey6_::src
uint32_t src[4]
Definition: defrag-hash.c:373
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
DefragTrackerHashRow_::head
DefragTracker * head
Definition: defrag-hash.h:61
DefragTracker_::remove
uint8_t remove
Definition: defrag.h:104
defrag_config
DefragConfig defrag_config
Definition: defrag-hash.c:30
DefragHashKey6_::vlan_id
uint16_t vlan_id[VLAN_MAX_LAYERS]
Definition: defrag-hash.c:375
DefragTrackerQueueLen
uint32_t DefragTrackerQueueLen(DefragTrackerQueue *q)
Definition: defrag-queue.c:134
DefragTracker_::seen_last
uint8_t seen_last
Definition: defrag.h:102
DefragTracker_::policy
uint8_t policy
Definition: defrag.h:97
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
DefragTracker_
Definition: defrag.h:86
DEFRAG_CHECK_MEMCAP
#define DEFRAG_CHECK_MEMCAP(size)
check if a memory alloc would fit in the memcap
Definition: defrag-hash.h:83
DefragTracker_::vlan_id
uint16_t vlan_id[VLAN_MAX_LAYERS]
Definition: defrag.h:90
DefragTrackerHashRow_::tail
DefragTracker * tail
Definition: defrag-hash.h:62
DEFRAG_DEFAULT_HASHSIZE
#define DEFRAG_DEFAULT_HASHSIZE
Definition: defrag-hash.c:160
StringParseUint32
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:313
DefragHashKey6_::dst
uint32_t dst[4]
Definition: defrag-hash.c:373
defrag-queue.h
DefragTrackerGetMemcap
uint64_t DefragTrackerGetMemcap(void)
Return memcap value.
Definition: defrag-hash.c:60
DefragTracker_::dst_addr
Address dst_addr
Definition: defrag.h:107
DefragTrackerDequeue
DefragTracker * DefragTrackerDequeue(DefragTrackerQueue *q)
remove a tracker from the queue
Definition: defrag-queue.c:101
IPV4_GET_IPID
#define IPV4_GET_IPID(p)
Definition: decode-ipv4.h:129
DRLOCK_LOCK
#define DRLOCK_LOCK(fb)
Definition: defrag-hash.h:52
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:295
SC_ATOMIC_SUB
#define SC_ATOMIC_SUB(name, val)
sub a value from our atomic variable
Definition: util-atomic.h:342
DefragHashKey6
struct DefragHashKey6_ DefragHashKey6
Packet_
Definition: decode.h:430
DefragTracker_::id
uint32_t id
Definition: defrag.h:92
DefragTracker_::src_addr
Address src_addr
Definition: defrag.h:106
DRLOCK_UNLOCK
#define DRLOCK_UNLOCK(fb)
Definition: defrag-hash.h:54
conf.h
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:535
DefragInitConfig
void DefragInitConfig(bool quiet)
initialize the configuration
Definition: defrag-hash.c:166
DefragTrackerQueue_
Definition: defrag-queue.h:42
DEFRAG_DEFAULT_MEMCAP
#define DEFRAG_DEFAULT_MEMCAP
Definition: defrag-hash.c:161
DefragHashKey4_::u32
uint32_t u32[5]
Definition: defrag-hash.c:366
DefragTrackerRelease
void DefragTrackerRelease(DefragTracker *t)
Definition: defrag-hash.c:149
DefragTracker_::proto
uint8_t proto
Definition: defrag.h:95
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:36
DefragConfig_::memcap_policy
enum ExceptionPolicy memcap_policy
Definition: defrag-hash.h:73
DRLOCK_DESTROY
#define DRLOCK_DESTROY(fb)
Definition: defrag-hash.h:51
DefragTrackerQueue_::len
uint32_t len
Definition: defrag-queue.h:45
suricata-common.h
DefragHashKey4_::pad
uint16_t pad[1]
Definition: defrag-hash.c:364
DefragGetTrackerFromHash
DefragTracker * DefragGetTrackerFromHash(Packet *p)
Definition: defrag-hash.c:535
DefragTrackerQueueInit
DefragTrackerQueue * DefragTrackerQueueInit(DefragTrackerQueue *q)
Definition: defrag-queue.c:32
DefragHashKey4_
Definition: defrag-hash.c:358
DefragHashKey6_
Definition: defrag-hash.c:370
VLAN_MAX_LAYERS
#define VLAN_MAX_LAYERS
Definition: decode-vlan.h:51
DefragConfig_
Definition: defrag-hash.h:68
CMP_DEFRAGTRACKER
#define CMP_DEFRAGTRACKER(d1, d2, id)
Definition: defrag-hash.c:445
FatalError
#define FatalError(...)
Definition: util-debug.h:502
util-hash-lookup3.h
DRLOCK_TRYLOCK
#define DRLOCK_TRYLOCK(fb)
Definition: defrag-hash.h:53
DefragTrackerSetMemcap
int DefragTrackerSetMemcap(uint64_t size)
Update memcap value.
Definition: defrag-hash.c:45
DefragConfig_::hash_rand
uint32_t hash_rand
Definition: defrag-hash.h:70
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
DefragTrackerEnqueue
void DefragTrackerEnqueue(DefragTrackerQueue *q, DefragTracker *dt)
add a tracker to a queue
Definition: defrag-queue.c:68
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DRLOCK_INIT
#define DRLOCK_INIT(fb)
Definition: defrag-hash.h:50
DefragTracker_::af
uint8_t af
Definition: defrag.h:99
IP_GET_IPPROTO
#define IP_GET_IPPROTO(p)
Definition: decode.h:257
util-random.h
DEFRAG_DEFAULT_PREALLOC
#define DEFRAG_DEFAULT_PREALLOC
Definition: defrag-hash.c:162
DefragTrackerDecrUsecnt
#define DefragTrackerDecrUsecnt(dt)
Definition: defrag-hash.c:123
defrag-hash.h
Packet_::dst
Address dst
Definition: decode.h:435
DefragHashKey6_::id
uint32_t id
Definition: defrag-hash.c:374
Packet_::vlan_id
uint16_t vlan_id[VLAN_MAX_LAYERS]
Definition: decode.h:457
DefragHashShutdown
void DefragHashShutdown(void)
shutdown the flow engine
Definition: defrag-hash.c:302
Packet_::ip6h
IPV6Hdr * ip6h
Definition: decode.h:537
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
util-misc.h
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:130
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(uint64_t, defrag_memuse)
DefragHashKey6_::pad
uint16_t pad[1]
Definition: defrag-hash.c:376
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCMutexDestroy
#define SCMutexDestroy
Definition: threads-debug.h:120
PKT_IS_IPV4
#define PKT_IS_IPV4(p)
Definition: decode.h:245
DefragHashKey4_::dst
uint32_t dst
Definition: defrag-hash.c:361
Packet_::src
Address src
Definition: decode.h:434
SCMutexTrylock
#define SCMutexTrylock(mut)
Definition: threads-debug.h:118