suricata
defrag-hash.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "conf.h"
20 #include "defrag-hash.h"
21 #include "defrag-queue.h"
22 #include "defrag-config.h"
23 #include "util-random.h"
24 #include "util-byte.h"
25 #include "util-misc.h"
26 #include "util-hash-lookup3.h"
27 
28 /** defrag tracker hash table */
31 SC_ATOMIC_DECLARE(uint64_t,defrag_memuse);
32 SC_ATOMIC_DECLARE(unsigned int,defragtracker_counter);
33 SC_ATOMIC_DECLARE(unsigned int,defragtracker_prune_idx);
34 
35 static DefragTracker *DefragTrackerGetUsedDefragTracker(void);
36 
37 /** queue with spare tracker */
38 static DefragTrackerQueue defragtracker_spare_q;
39 
40 /**
41  * \brief Update memcap value
42  *
43  * \param size new memcap value
44  */
45 int DefragTrackerSetMemcap(uint64_t size)
46 {
47  if ((uint64_t)SC_ATOMIC_GET(defrag_memuse) < size) {
48  SC_ATOMIC_SET(defrag_config.memcap, size);
49  return 1;
50  }
51 
52  return 0;
53 }
54 
55 /**
56  * \brief Return memcap value
57  *
58  * \retval memcap value
59  */
60 uint64_t DefragTrackerGetMemcap(void)
61 {
62  uint64_t memcapcopy = SC_ATOMIC_GET(defrag_config.memcap);
63  return memcapcopy;
64 }
65 
66 /**
67  * \brief Return memuse value
68  *
69  * \retval memuse value
70  */
71 uint64_t DefragTrackerGetMemuse(void)
72 {
73  uint64_t memusecopy = (uint64_t)SC_ATOMIC_GET(defrag_memuse);
74  return memusecopy;
75 }
76 
78 {
79  return DefragTrackerQueueLen(&defragtracker_spare_q);
80 }
81 
83 {
84  DefragTrackerEnqueue(&defragtracker_spare_q, h);
85  (void) SC_ATOMIC_SUB(defragtracker_counter, 1);
86 }
87 
88 static DefragTracker *DefragTrackerAlloc(void)
89 {
90  if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
91  return NULL;
92  }
93 
94  (void) SC_ATOMIC_ADD(defrag_memuse, sizeof(DefragTracker));
95 
96  DefragTracker *dt = SCMalloc(sizeof(DefragTracker));
97  if (unlikely(dt == NULL))
98  goto error;
99 
100  memset(dt, 0x00, sizeof(DefragTracker));
101 
102  SCMutexInit(&dt->lock, NULL);
103  SC_ATOMIC_INIT(dt->use_cnt);
104  return dt;
105 
106 error:
107  return NULL;
108 }
109 
110 static void DefragTrackerFree(DefragTracker *dt)
111 {
112  if (dt != NULL) {
114 
115  SCMutexDestroy(&dt->lock);
116  SCFree(dt);
117  (void) SC_ATOMIC_SUB(defrag_memuse, sizeof(DefragTracker));
118  }
119 }
120 
121 #define DefragTrackerIncrUsecnt(dt) \
122  SC_ATOMIC_ADD((dt)->use_cnt, 1)
123 #define DefragTrackerDecrUsecnt(dt) \
124  SC_ATOMIC_SUB((dt)->use_cnt, 1)
125 
126 static void DefragTrackerInit(DefragTracker *dt, Packet *p)
127 {
128  /* copy address */
129  COPY_ADDRESS(&p->src, &dt->src_addr);
130  COPY_ADDRESS(&p->dst, &dt->dst_addr);
131 
132  if (PKT_IS_IPV4(p)) {
133  dt->id = (int32_t)IPV4_GET_IPID(p);
134  dt->af = AF_INET;
135  } else {
136  dt->id = (int32_t)IPV6_EXTHDR_GET_FH_ID(p);
137  dt->af = AF_INET6;
138  }
139  dt->proto = IP_GET_IPPROTO(p);
140  dt->vlan_id[0] = p->vlan_id[0];
141  dt->vlan_id[1] = p->vlan_id[1];
142  dt->policy = DefragGetOsPolicy(p);
144  dt->remove = 0;
145  dt->seen_last = 0;
146 
147  (void) DefragTrackerIncrUsecnt(dt);
148 }
149 
151 {
152  (void) DefragTrackerDecrUsecnt(t);
153  SCMutexUnlock(&t->lock);
154 }
155 
157 {
159 }
160 
161 #define DEFRAG_DEFAULT_HASHSIZE 4096
162 #define DEFRAG_DEFAULT_MEMCAP 16777216
163 #define DEFRAG_DEFAULT_PREALLOC 1000
164 
165 /** \brief initialize the configuration
166  * \warning Not thread safe */
167 void DefragInitConfig(bool quiet)
168 {
169  SCLogDebug("initializing defrag engine...");
170 
171  memset(&defrag_config, 0, sizeof(defrag_config));
172  //SC_ATOMIC_INIT(flow_flags);
173  SC_ATOMIC_INIT(defragtracker_counter);
174  SC_ATOMIC_INIT(defrag_memuse);
175  SC_ATOMIC_INIT(defragtracker_prune_idx);
177  DefragTrackerQueueInit(&defragtracker_spare_q);
178 
179  /* set defaults */
180  defrag_config.hash_rand = (uint32_t)RandomGet();
184  defrag_config.memcap_policy = ExceptionPolicyParse("defrag.memcap-policy", false);
185 
186  /* Check if we have memcap and hash_size defined at config */
187  const char *conf_val;
188  uint32_t configval = 0;
189 
190  uint64_t defrag_memcap;
191  /** set config values for memcap, prealloc and hash_size */
192  if ((ConfGet("defrag.memcap", &conf_val)) == 1)
193  {
194  if (ParseSizeStringU64(conf_val, &defrag_memcap) < 0) {
195  SCLogError("Error parsing defrag.memcap "
196  "from conf file - %s. Killing engine",
197  conf_val);
198  exit(EXIT_FAILURE);
199  } else {
200  SC_ATOMIC_SET(defrag_config.memcap, defrag_memcap);
201  }
202  }
203  if ((ConfGet("defrag.hash-size", &conf_val)) == 1)
204  {
205  if (StringParseUint32(&configval, 10, strlen(conf_val),
206  conf_val) > 0) {
207  defrag_config.hash_size = configval;
208  } else {
209  WarnInvalidConfEntry("defrag.hash-size", "%"PRIu32, defrag_config.hash_size);
210  }
211  }
212 
213 
214  if ((ConfGet("defrag.trackers", &conf_val)) == 1)
215  {
216  if (StringParseUint32(&configval, 10, strlen(conf_val),
217  conf_val) > 0) {
218  defrag_config.prealloc = configval;
219  } else {
220  WarnInvalidConfEntry("defrag.trackers", "%"PRIu32, defrag_config.prealloc);
221  }
222  }
223  SCLogDebug("DefragTracker config from suricata.yaml: memcap: %"PRIu64", hash-size: "
224  "%"PRIu32", prealloc: %"PRIu32, SC_ATOMIC_GET(defrag_config.memcap),
226 
227  /* alloc hash memory */
228  uint64_t hash_size = defrag_config.hash_size * sizeof(DefragTrackerHashRow);
229  if (!(DEFRAG_CHECK_MEMCAP(hash_size))) {
230  SCLogError("allocating defrag hash failed: "
231  "max defrag memcap is smaller than projected hash size. "
232  "Memcap: %" PRIu64 ", Hash table size %" PRIu64 ". Calculate "
233  "total hash size by multiplying \"defrag.hash-size\" with %" PRIuMAX ", "
234  "which is the hash bucket size.",
235  SC_ATOMIC_GET(defrag_config.memcap), hash_size,
236  (uintmax_t)sizeof(DefragTrackerHashRow));
237  exit(EXIT_FAILURE);
238  }
240  if (unlikely(defragtracker_hash == NULL)) {
241  FatalError("Fatal error encountered in DefragTrackerInitConfig. Exiting...");
242  }
244 
245  uint32_t i = 0;
246  for (i = 0; i < defrag_config.hash_size; i++) {
248  }
249  (void) SC_ATOMIC_ADD(defrag_memuse, (defrag_config.hash_size * sizeof(DefragTrackerHashRow)));
250 
251  if (!quiet) {
252  SCLogConfig("allocated %"PRIu64" bytes of memory for the defrag hash... "
253  "%" PRIu32 " buckets of size %" PRIuMAX "",
254  SC_ATOMIC_GET(defrag_memuse), defrag_config.hash_size,
255  (uintmax_t)sizeof(DefragTrackerHashRow));
256  }
257 
258  if ((ConfGet("defrag.prealloc", &conf_val)) == 1)
259  {
260  if (ConfValIsTrue(conf_val)) {
261  /* pre allocate defrag trackers */
262  for (i = 0; i < defrag_config.prealloc; i++) {
263  if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
264  SCLogError("preallocating defrag trackers failed: "
265  "max defrag memcap reached. Memcap %" PRIu64 ", "
266  "Memuse %" PRIu64 ".",
268  ((uint64_t)SC_ATOMIC_GET(defrag_memuse) +
269  (uint64_t)sizeof(DefragTracker)));
270  exit(EXIT_FAILURE);
271  }
272 
273  DefragTracker *h = DefragTrackerAlloc();
274  if (h == NULL) {
275  SCLogError("preallocating defrag failed: %s", strerror(errno));
276  exit(EXIT_FAILURE);
277  }
278  DefragTrackerEnqueue(&defragtracker_spare_q,h);
279  }
280  if (!quiet) {
281  SCLogConfig("preallocated %" PRIu32 " defrag trackers of size %" PRIuMAX "",
282  defragtracker_spare_q.len, (uintmax_t)sizeof(DefragTracker));
283  }
284  }
285  }
286 
287  if (!quiet) {
288  SCLogConfig("defrag memory usage: %"PRIu64" bytes, maximum: %"PRIu64,
289  SC_ATOMIC_GET(defrag_memuse), SC_ATOMIC_GET(defrag_config.memcap));
290  }
291 
292  return;
293 }
294 
295 /** \brief print some defrag stats
296  * \warning Not thread safe */
297 static void DefragTrackerPrintStats (void)
298 {
299 }
300 
301 /** \brief shutdown the flow engine
302  * \warning Not thread safe */
304 {
305  DefragTracker *dt;
306  uint32_t u;
307 
308  DefragTrackerPrintStats();
309 
310  /* free spare queue */
311  while((dt = DefragTrackerDequeue(&defragtracker_spare_q))) {
312  BUG_ON(SC_ATOMIC_GET(dt->use_cnt) > 0);
313  DefragTrackerFree(dt);
314  }
315 
316  /* clear and free the hash */
317  if (defragtracker_hash != NULL) {
318  for (u = 0; u < defrag_config.hash_size; u++) {
319  dt = defragtracker_hash[u].head;
320  while (dt) {
321  DefragTracker *n = dt->hnext;
323  DefragTrackerFree(dt);
324  dt = n;
325  }
326 
328  }
330  defragtracker_hash = NULL;
331  }
332  (void) SC_ATOMIC_SUB(defrag_memuse, defrag_config.hash_size * sizeof(DefragTrackerHashRow));
333  DefragTrackerQueueDestroy(&defragtracker_spare_q);
334  return;
335 }
336 
337 /** \brief compare two raw ipv6 addrs
338  *
339  * \note we don't care about the real ipv6 ip's, this is just
340  * to consistently fill the DefragHashKey6 struct, without all
341  * the SCNtohl calls.
342  *
343  * \warning do not use elsewhere unless you know what you're doing.
344  * detect-engine-address-ipv6.c's AddressIPv6GtU32 is likely
345  * what you are looking for.
346  */
347 static inline int DefragHashRawAddressIPv6GtU32(const uint32_t *a, const uint32_t *b)
348 {
349  for (int i = 0; i < 4; i++) {
350  if (a[i] > b[i])
351  return 1;
352  if (a[i] < b[i])
353  break;
354  }
355 
356  return 0;
357 }
358 
359 typedef struct DefragHashKey4_ {
360  union {
361  struct {
362  uint32_t src, dst;
363  uint32_t id;
364  uint16_t vlan_id[2];
365  };
366  uint32_t u32[4];
367  };
369 
370 typedef struct DefragHashKey6_ {
371  union {
372  struct {
373  uint32_t src[4], dst[4];
374  uint32_t id;
375  uint16_t vlan_id[2];
376  };
377  uint32_t u32[10];
378  };
380 
381 /* calculate the hash key for this packet
382  *
383  * we're using:
384  * hash_rand -- set at init time
385  * source address
386  * destination address
387  * id
388  * vlan_id
389  */
390 static inline uint32_t DefragHashGetKey(Packet *p)
391 {
392  uint32_t key;
393 
394  if (p->ip4h != NULL) {
395  DefragHashKey4 dhk;
396  if (p->src.addr_data32[0] > p->dst.addr_data32[0]) {
397  dhk.src = p->src.addr_data32[0];
398  dhk.dst = p->dst.addr_data32[0];
399  } else {
400  dhk.src = p->dst.addr_data32[0];
401  dhk.dst = p->src.addr_data32[0];
402  }
403  dhk.id = (uint32_t)IPV4_GET_IPID(p);
404  dhk.vlan_id[0] = p->vlan_id[0];
405  dhk.vlan_id[1] = p->vlan_id[1];
406 
407  uint32_t hash = hashword(dhk.u32, 4, defrag_config.hash_rand);
408  key = hash % defrag_config.hash_size;
409  } else if (p->ip6h != NULL) {
410  DefragHashKey6 dhk;
411  if (DefragHashRawAddressIPv6GtU32(p->src.addr_data32, p->dst.addr_data32)) {
412  dhk.src[0] = p->src.addr_data32[0];
413  dhk.src[1] = p->src.addr_data32[1];
414  dhk.src[2] = p->src.addr_data32[2];
415  dhk.src[3] = p->src.addr_data32[3];
416  dhk.dst[0] = p->dst.addr_data32[0];
417  dhk.dst[1] = p->dst.addr_data32[1];
418  dhk.dst[2] = p->dst.addr_data32[2];
419  dhk.dst[3] = p->dst.addr_data32[3];
420  } else {
421  dhk.src[0] = p->dst.addr_data32[0];
422  dhk.src[1] = p->dst.addr_data32[1];
423  dhk.src[2] = p->dst.addr_data32[2];
424  dhk.src[3] = p->dst.addr_data32[3];
425  dhk.dst[0] = p->src.addr_data32[0];
426  dhk.dst[1] = p->src.addr_data32[1];
427  dhk.dst[2] = p->src.addr_data32[2];
428  dhk.dst[3] = p->src.addr_data32[3];
429  }
430  dhk.id = IPV6_EXTHDR_GET_FH_ID(p);
431  dhk.vlan_id[0] = p->vlan_id[0];
432  dhk.vlan_id[1] = p->vlan_id[1];
433 
434  uint32_t hash = hashword(dhk.u32, 10, defrag_config.hash_rand);
435  key = hash % defrag_config.hash_size;
436  } else
437  key = 0;
438 
439  return key;
440 }
441 
442 /* Since two or more trackers can have the same hash key, we need to compare
443  * the tracker with the current tracker key. */
444 #define CMP_DEFRAGTRACKER(d1,d2,id) \
445  (((CMP_ADDR(&(d1)->src_addr, &(d2)->src) && \
446  CMP_ADDR(&(d1)->dst_addr, &(d2)->dst)) || \
447  (CMP_ADDR(&(d1)->src_addr, &(d2)->dst) && \
448  CMP_ADDR(&(d1)->dst_addr, &(d2)->src))) && \
449  (d1)->proto == IP_GET_IPPROTO(d2) && \
450  (d1)->id == (id) && \
451  (d1)->vlan_id[0] == (d2)->vlan_id[0] && \
452  (d1)->vlan_id[1] == (d2)->vlan_id[1])
453 
454 static inline int DefragTrackerCompare(DefragTracker *t, Packet *p)
455 {
456  uint32_t id;
457  if (PKT_IS_IPV4(p)) {
458  id = (uint32_t)IPV4_GET_IPID(p);
459  } else {
460  id = IPV6_EXTHDR_GET_FH_ID(p);
461  }
462 
463  return CMP_DEFRAGTRACKER(t, p, id);
464 }
465 
466 /**
467  * \brief Get a new defrag tracker
468  *
469  * Get a new defrag tracker. We're checking memcap first and will try to make room
470  * if the memcap is reached.
471  *
472  * \retval dt *LOCKED* tracker on succes, NULL on error.
473  */
474 static DefragTracker *DefragTrackerGetNew(Packet *p)
475 {
476 #ifdef DEBUG
477  if (g_eps_defrag_memcap != UINT64_MAX && g_eps_defrag_memcap == p->pcap_cnt) {
478  SCLogNotice("simulating memcap hit for packet %" PRIu64, p->pcap_cnt);
480  return NULL;
481  }
482 #endif
483 
484  DefragTracker *dt = NULL;
485 
486  /* get a tracker from the spare queue */
487  dt = DefragTrackerDequeue(&defragtracker_spare_q);
488  if (dt == NULL) {
489  /* If we reached the max memcap, we get a used tracker */
490  if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
491  /* declare state of emergency */
492  //if (!(SC_ATOMIC_GET(defragtracker_flags) & DEFRAG_EMERGENCY)) {
493  // SC_ATOMIC_OR(defragtracker_flags, DEFRAG_EMERGENCY);
494 
495  /* under high load, waking up the flow mgr each time leads
496  * to high cpu usage. Flows are not timed out much faster if
497  * we check a 1000 times a second. */
498  // FlowWakeupFlowManagerThread();
499  //}
500 
501  dt = DefragTrackerGetUsedDefragTracker();
502  if (dt == NULL) {
504  return NULL;
505  }
506 
507  /* freed a tracker, but it's unlocked */
508  } else {
509  /* now see if we can alloc a new tracker */
510  dt = DefragTrackerAlloc();
511  if (dt == NULL) {
513  return NULL;
514  }
515 
516  /* tracker is initialized but *unlocked* */
517  }
518  } else {
519  /* tracker has been recycled before it went into the spare queue */
520 
521  /* tracker is initialized (recylced) but *unlocked* */
522  }
523 
524  (void) SC_ATOMIC_ADD(defragtracker_counter, 1);
525  SCMutexLock(&dt->lock);
526  return dt;
527 }
528 
529 /* DefragGetTrackerFromHash
530  *
531  * Hash retrieval function for trackers. Looks up the hash bucket containing the
532  * tracker pointer. Then compares the packet with the found tracker to see if it is
533  * the tracker we need. If it isn't, walk the list until the right tracker is found.
534  *
535  * returns a *LOCKED* tracker or NULL
536  */
538 {
539  DefragTracker *dt = NULL;
540 
541  /* get the key to our bucket */
542  uint32_t key = DefragHashGetKey(p);
543  /* get our hash bucket and lock it */
545  DRLOCK_LOCK(hb);
546 
547  /* see if the bucket already has a tracker */
548  if (hb->head == NULL) {
549  dt = DefragTrackerGetNew(p);
550  if (dt == NULL) {
551  DRLOCK_UNLOCK(hb);
552  return NULL;
553  }
554 
555  /* tracker is locked */
556  hb->head = dt;
557  hb->tail = dt;
558 
559  /* got one, now lock, initialize and return */
560  DefragTrackerInit(dt,p);
561 
562  DRLOCK_UNLOCK(hb);
563  return dt;
564  }
565 
566  /* ok, we have a tracker in the bucket. Let's find out if it is our tracker */
567  dt = hb->head;
568 
569  /* see if this is the tracker we are looking for */
570  if (dt->remove || DefragTrackerCompare(dt, p) == 0) {
571  DefragTracker *pdt = NULL; /* previous tracker */
572 
573  while (dt) {
574  pdt = dt;
575  dt = dt->hnext;
576 
577  if (dt == NULL) {
578  dt = pdt->hnext = DefragTrackerGetNew(p);
579  if (dt == NULL) {
580  DRLOCK_UNLOCK(hb);
581  return NULL;
582  }
583  hb->tail = dt;
584 
585  /* tracker is locked */
586 
587  dt->hprev = pdt;
588 
589  /* initialize and return */
590  DefragTrackerInit(dt,p);
591 
592  DRLOCK_UNLOCK(hb);
593  return dt;
594  }
595 
596  if (DefragTrackerCompare(dt, p) != 0) {
597  /* we found our tracker, lets put it on top of the
598  * hash list -- this rewards active trackers */
599  if (dt->hnext) {
600  dt->hnext->hprev = dt->hprev;
601  }
602  if (dt->hprev) {
603  dt->hprev->hnext = dt->hnext;
604  }
605  if (dt == hb->tail) {
606  hb->tail = dt->hprev;
607  }
608 
609  dt->hnext = hb->head;
610  dt->hprev = NULL;
611  hb->head->hprev = dt;
612  hb->head = dt;
613 
614  /* found our tracker, lock & return */
615  SCMutexLock(&dt->lock);
616  (void) DefragTrackerIncrUsecnt(dt);
617  DRLOCK_UNLOCK(hb);
618  return dt;
619  }
620  }
621  }
622 
623  /* lock & return */
624  SCMutexLock(&dt->lock);
625  (void) DefragTrackerIncrUsecnt(dt);
626  DRLOCK_UNLOCK(hb);
627  return dt;
628 }
629 
630 /** \brief look up a tracker in the hash
631  *
632  * \param a address to look up
633  *
634  * \retval h *LOCKED* tracker or NULL
635  */
637 {
638  DefragTracker *dt = NULL;
639 
640  /* get the key to our bucket */
641  uint32_t key = DefragHashGetKey(p);
642  /* get our hash bucket and lock it */
644  DRLOCK_LOCK(hb);
645 
646  /* see if the bucket already has a tracker */
647  if (hb->head == NULL) {
648  DRLOCK_UNLOCK(hb);
649  return dt;
650  }
651 
652  /* ok, we have a tracker in the bucket. Let's find out if it is our tracker */
653  dt = hb->head;
654 
655  /* see if this is the tracker we are looking for */
656  if (DefragTrackerCompare(dt, p) == 0) {
657  while (dt) {
658  dt = dt->hnext;
659 
660  if (dt == NULL) {
661  DRLOCK_UNLOCK(hb);
662  return dt;
663  }
664 
665  if (DefragTrackerCompare(dt, p) != 0) {
666  /* we found our tracker, lets put it on top of the
667  * hash list -- this rewards active tracker */
668  if (dt->hnext) {
669  dt->hnext->hprev = dt->hprev;
670  }
671  if (dt->hprev) {
672  dt->hprev->hnext = dt->hnext;
673  }
674  if (dt == hb->tail) {
675  hb->tail = dt->hprev;
676  }
677 
678  dt->hnext = hb->head;
679  dt->hprev = NULL;
680  hb->head->hprev = dt;
681  hb->head = dt;
682 
683  /* found our tracker, lock & return */
684  SCMutexLock(&dt->lock);
685  (void) DefragTrackerIncrUsecnt(dt);
686  DRLOCK_UNLOCK(hb);
687  return dt;
688  }
689  }
690  }
691 
692  /* lock & return */
693  SCMutexLock(&dt->lock);
694  (void) DefragTrackerIncrUsecnt(dt);
695  DRLOCK_UNLOCK(hb);
696  return dt;
697 }
698 
699 /** \internal
700  * \brief Get a tracker from the hash directly.
701  *
702  * Called in conditions where the spare queue is empty and memcap is reached.
703  *
704  * Walks the hash until a tracker can be freed. "defragtracker_prune_idx" atomic int makes
705  * sure we don't start at the top each time since that would clear the top of
706  * the hash leading to longer and longer search times under high pressure (observed).
707  *
708  * \retval dt tracker or NULL
709  */
710 static DefragTracker *DefragTrackerGetUsedDefragTracker(void)
711 {
712  uint32_t idx = SC_ATOMIC_GET(defragtracker_prune_idx) % defrag_config.hash_size;
713  uint32_t cnt = defrag_config.hash_size;
714 
715  while (cnt--) {
716  if (++idx >= defrag_config.hash_size)
717  idx = 0;
718 
720 
721  if (DRLOCK_TRYLOCK(hb) != 0)
722  continue;
723 
724  DefragTracker *dt = hb->tail;
725  if (dt == NULL) {
726  DRLOCK_UNLOCK(hb);
727  continue;
728  }
729 
730  if (SCMutexTrylock(&dt->lock) != 0) {
731  DRLOCK_UNLOCK(hb);
732  continue;
733  }
734 
735  /** never prune a tracker that is used by a packets
736  * we are currently processing in one of the threads */
737  if (SC_ATOMIC_GET(dt->use_cnt) > 0) {
738  DRLOCK_UNLOCK(hb);
739  SCMutexUnlock(&dt->lock);
740  continue;
741  }
742 
743  /* remove from the hash */
744  if (dt->hprev != NULL)
745  dt->hprev->hnext = dt->hnext;
746  if (dt->hnext != NULL)
747  dt->hnext->hprev = dt->hprev;
748  if (hb->head == dt)
749  hb->head = dt->hnext;
750  if (hb->tail == dt)
751  hb->tail = dt->hprev;
752 
753  dt->hnext = NULL;
754  dt->hprev = NULL;
755  DRLOCK_UNLOCK(hb);
756 
758 
759  SCMutexUnlock(&dt->lock);
760 
761  (void) SC_ATOMIC_ADD(defragtracker_prune_idx, (defrag_config.hash_size - cnt));
762  return dt;
763  }
764 
765  return NULL;
766 }
767 
768 
PKT_DROP_REASON_DEFRAG_MEMCAP
@ PKT_DROP_REASON_DEFRAG_MEMCAP
Definition: decode.h:394
util-byte.h
DefragTrackerFreeFrags
void DefragTrackerFreeFrags(DefragTracker *tracker)
Free all frags associated with a tracker.
Definition: defrag.c:153
DefragLookupTrackerFromHash
DefragTracker * DefragLookupTrackerFromHash(Packet *p)
look up a tracker in the hash
Definition: defrag-hash.c:636
ExceptionPolicyApply
void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
Definition: util-exception-policy.c:66
DefragHashKey4
struct DefragHashKey4_ DefragHashKey4
IPV6_EXTHDR_GET_FH_ID
#define IPV6_EXTHDR_GET_FH_ID(p)
Definition: decode-ipv6.h:130
DefragHashKey4_::src
uint32_t src
Definition: defrag-hash.c:362
hashword
uint32_t hashword(const uint32_t *k, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:174
DefragTracker_::hnext
struct DefragTracker_ * hnext
Definition: defrag.h:118
defragtracker_hash
DefragTrackerHashRow * defragtracker_hash
Definition: defrag-hash.c:29
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
DefragTrackerIncrUsecnt
#define DefragTrackerIncrUsecnt(dt)
Definition: defrag-hash.c:121
Packet_::vlan_id
uint16_t vlan_id[2]
Definition: decode.h:455
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
DefragTrackerHashRow_
Definition: defrag-hash.h:59
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:594
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:198
DefragTrackerSpareQueueGetSize
uint32_t DefragTrackerSpareQueueGetSize(void)
Definition: defrag-hash.c:77
DefragTrackerQueueDestroy
void DefragTrackerQueueDestroy(DefragTrackerQueue *q)
Destroy a tracker queue.
Definition: defrag-queue.c:57
DefragHashKey4_::id
uint32_t id
Definition: defrag-hash.c:363
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:333
DefragHashKey6_::vlan_id
uint16_t vlan_id[2]
Definition: defrag-hash.c:375
DefragTrackerHashRow
struct DefragTrackerHashRow_ DefragTrackerHashRow
DefragTrackerClearMemory
void DefragTrackerClearMemory(DefragTracker *dt)
Definition: defrag-hash.c:156
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
DefragTracker_::host_timeout
uint32_t host_timeout
Definition: defrag.h:110
DefragTracker_::vlan_id
uint16_t vlan_id[2]
Definition: defrag.h:90
RandomGet
long int RandomGet(void)
Definition: util-random.c:130
DefragHashKey6_::u32
uint32_t u32[10]
Definition: defrag-hash.c:377
DefragTrackerGetMemuse
uint64_t DefragTrackerGetMemuse(void)
Return memuse value.
Definition: defrag-hash.c:71
defrag-config.h
DefragPolicyGetHostTimeout
int DefragPolicyGetHostTimeout(Packet *p)
Definition: defrag-config.c:85
DefragTrackerMoveToSpare
void DefragTrackerMoveToSpare(DefragTracker *h)
Definition: defrag-hash.c:82
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:536
DefragTracker_::hprev
struct DefragTracker_ * hprev
Definition: defrag.h:119
DefragTracker_::lock
SCMutex lock
Definition: defrag.h:87
DefragConfig_::hash_size
uint32_t hash_size
Definition: defrag-hash.h:74
DefragGetOsPolicy
uint8_t DefragGetOsPolicy(Packet *p)
Get the defrag policy based on the destination address of the packet.
Definition: defrag.c:929
DefragConfig_::prealloc
uint32_t prealloc
Definition: defrag-hash.h:75
DefragHashKey6_::src
uint32_t src[4]
Definition: defrag-hash.c:373
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
DefragTrackerHashRow_::head
DefragTracker * head
Definition: defrag-hash.h:61
DefragTracker_::remove
uint8_t remove
Definition: defrag.h:104
defrag_config
DefragConfig defrag_config
Definition: defrag-hash.c:30
DefragTrackerQueueLen
uint32_t DefragTrackerQueueLen(DefragTrackerQueue *q)
Definition: defrag-queue.c:134
DefragTracker_::seen_last
uint8_t seen_last
Definition: defrag.h:102
DefragTracker_::policy
uint8_t policy
Definition: defrag.h:97
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
DefragTracker_
Definition: defrag.h:86
DEFRAG_CHECK_MEMCAP
#define DEFRAG_CHECK_MEMCAP(size)
check if a memory alloc would fit in the memcap
Definition: defrag-hash.h:86
DefragTrackerHashRow_::tail
DefragTracker * tail
Definition: defrag-hash.h:62
DEFRAG_DEFAULT_HASHSIZE
#define DEFRAG_DEFAULT_HASHSIZE
Definition: defrag-hash.c:161
StringParseUint32
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:313
DefragHashKey6_::dst
uint32_t dst[4]
Definition: defrag-hash.c:373
defrag-queue.h
DefragTrackerGetMemcap
uint64_t DefragTrackerGetMemcap(void)
Return memcap value.
Definition: defrag-hash.c:60
DefragTracker_::dst_addr
Address dst_addr
Definition: defrag.h:107
DefragTrackerDequeue
DefragTracker * DefragTrackerDequeue(DefragTrackerQueue *q)
remove a tracker from the queue
Definition: defrag-queue.c:101
IPV4_GET_IPID
#define IPV4_GET_IPID(p)
Definition: decode-ipv4.h:129
DRLOCK_LOCK
#define DRLOCK_LOCK(fb)
Definition: defrag-hash.h:52
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:289
SC_ATOMIC_SUB
#define SC_ATOMIC_SUB(name, val)
sub a value from our atomic variable
Definition: util-atomic.h:342
DefragHashKey6
struct DefragHashKey6_ DefragHashKey6
Packet_
Definition: decode.h:428
DefragTracker_::id
uint32_t id
Definition: defrag.h:92
DefragTracker_::src_addr
Address src_addr
Definition: defrag.h:106
DRLOCK_UNLOCK
#define DRLOCK_UNLOCK(fb)
Definition: defrag-hash.h:54
conf.h
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:531
DefragInitConfig
void DefragInitConfig(bool quiet)
initialize the configuration
Definition: defrag-hash.c:167
DefragTrackerQueue_
Definition: defrag-queue.h:42
DEFRAG_DEFAULT_MEMCAP
#define DEFRAG_DEFAULT_MEMCAP
Definition: defrag-hash.c:162
DefragTrackerRelease
void DefragTrackerRelease(DefragTracker *t)
Definition: defrag-hash.c:150
DefragTracker_::proto
uint8_t proto
Definition: defrag.h:95
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:36
DefragConfig_::memcap_policy
enum ExceptionPolicy memcap_policy
Definition: defrag-hash.h:76
DRLOCK_DESTROY
#define DRLOCK_DESTROY(fb)
Definition: defrag-hash.h:51
DefragTrackerQueue_::len
uint32_t len
Definition: defrag-queue.h:45
ExceptionPolicyParse
enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support_flow)
Definition: util-exception-policy.c:120
suricata-common.h
DefragGetTrackerFromHash
DefragTracker * DefragGetTrackerFromHash(Packet *p)
Definition: defrag-hash.c:537
DefragTrackerQueueInit
DefragTrackerQueue * DefragTrackerQueueInit(DefragTrackerQueue *q)
Definition: defrag-queue.c:32
DefragHashKey4_
Definition: defrag-hash.c:359
DefragHashKey6_
Definition: defrag-hash.c:370
DefragConfig_
Definition: defrag-hash.h:71
CMP_DEFRAGTRACKER
#define CMP_DEFRAGTRACKER(d1, d2, id)
Definition: defrag-hash.c:444
FatalError
#define FatalError(...)
Definition: util-debug.h:502
util-hash-lookup3.h
DRLOCK_TRYLOCK
#define DRLOCK_TRYLOCK(fb)
Definition: defrag-hash.h:53
DefragTrackerSetMemcap
int DefragTrackerSetMemcap(uint64_t size)
Update memcap value.
Definition: defrag-hash.c:45
DefragConfig_::hash_rand
uint32_t hash_rand
Definition: defrag-hash.h:73
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
DefragTrackerEnqueue
void DefragTrackerEnqueue(DefragTrackerQueue *q, DefragTracker *dt)
add a tracker to a queue
Definition: defrag-queue.c:68
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DRLOCK_INIT
#define DRLOCK_INIT(fb)
Definition: defrag-hash.h:50
DefragTracker_::af
uint8_t af
Definition: defrag.h:99
DefragHashKey4_::vlan_id
uint16_t vlan_id[2]
Definition: defrag-hash.c:364
IP_GET_IPPROTO
#define IP_GET_IPPROTO(p)
Definition: decode.h:257
util-random.h
DEFRAG_DEFAULT_PREALLOC
#define DEFRAG_DEFAULT_PREALLOC
Definition: defrag-hash.c:163
DefragTrackerDecrUsecnt
#define DefragTrackerDecrUsecnt(dt)
Definition: defrag-hash.c:123
defrag-hash.h
Packet_::dst
Address dst
Definition: decode.h:433
DefragHashKey6_::id
uint32_t id
Definition: defrag-hash.c:374
DefragHashShutdown
void DefragHashShutdown(void)
shutdown the flow engine
Definition: defrag-hash.c:303
Packet_::ip6h
IPV6Hdr * ip6h
Definition: decode.h:533
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
util-misc.h
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:129
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(uint64_t, defrag_memuse)
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCMutexDestroy
#define SCMutexDestroy
Definition: threads-debug.h:120
PKT_IS_IPV4
#define PKT_IS_IPV4(p)
Definition: decode.h:245
DefragHashKey4_::dst
uint32_t dst
Definition: defrag-hash.c:362
DefragHashKey4_::u32
uint32_t u32[4]
Definition: defrag-hash.c:366
Packet_::src
Address src
Definition: decode.h:432
SCMutexTrylock
#define SCMutexTrylock(mut)
Definition: threads-debug.h:118