suricata
Data Structures | Macros | Typedefs | Functions | Variables
flow-hash.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-hash.h"
#include "flow-util.h"
#include "flow-private.h"
#include "flow-manager.h"
#include "flow-storage.h"
#include "flow-timeout.h"
#include "flow-spare-pool.h"
#include "app-layer-parser.h"
#include "util-time.h"
#include "util-debug.h"
#include "util-device.h"
#include "util-hash-lookup3.h"
#include "conf.h"
#include "output.h"
#include "output-flow.h"
#include "stream-tcp.h"
#include "util-exception-policy.h"
Include dependency graph for flow-hash.c:

Go to the source code of this file.

Data Structures

struct  FlowHashKey4_
 
struct  FlowHashKey6_
 

Macros

#define FLOW_GET_NEW_TRIES   5
 
#define STATSADDUI64(cnt, value)
 

Typedefs

typedef struct FlowHashKey4_ FlowHashKey4
 
typedef struct FlowHashKey6_ FlowHashKey6
 

Functions

 SC_ATOMIC_EXTERN (unsigned int, flow_prune_idx)
 
 SC_ATOMIC_EXTERN (unsigned int, flow_flags)
 
uint32_t FlowGetIpPairProtoHash (const Packet *p)
 
uint32_t FlowKeyGetHash (FlowKey *fk)
 
void FlowSetupPacket (Packet *p)
 prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing. More...
 
FlowFlowGetFlowFromHash (ThreadVars *tv, FlowLookupStruct *fls, Packet *p, Flow **dest)
 Get Flow for packet. More...
 
FlowFlowGetExistingFlowFromFlowId (int64_t flow_id)
 Look for existing Flow using a flow id value. More...
 
FlowFlowGetFromFlowKey (FlowKey *key, struct timespec *ttime, const uint32_t hash)
 Get or create a Flow using a FlowKey. More...
 

Variables

TcpStreamCnf stream_config
 
FlowBucket * flow_hash
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t
Pablo Rincon Crespo pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Flow Hashing functions.

Definition in file flow-hash.c.

Macro Definition Documentation

◆ FLOW_GET_NEW_TRIES

#define FLOW_GET_NEW_TRIES   5

Definition at line 1106 of file flow-hash.c.

◆ STATSADDUI64

#define STATSADDUI64 (   cnt,
  value 
)
Value:
if (tv && dtv) { \
StatsAddUI64(tv, dtv->cnt, (value)); \
}

Definition at line 1157 of file flow-hash.c.

Typedef Documentation

◆ FlowHashKey4

typedef struct FlowHashKey4_ FlowHashKey4

◆ FlowHashKey6

typedef struct FlowHashKey6_ FlowHashKey6

Function Documentation

◆ FlowGetExistingFlowFromFlowId()

Flow* FlowGetExistingFlowFromFlowId ( int64_t  flow_id)

Look for existing Flow using a flow id value.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the flow_id with the found flow's flow_id to see if it is the flow we need.

Parameters
flow_idFlow ID of the flow to look for
Return values
fLOCKED flow or NULL

Definition at line 990 of file flow-hash.c.

References FBLOCK_LOCK, flow_config, flow_hash, FlowCnf_::hash_size, Flow_::next, and SCLogDebug.

◆ FlowGetFlowFromHash()

Flow* FlowGetFlowFromHash ( ThreadVars tv,
FlowLookupStruct fls,
Packet p,
Flow **  dest 
)

Get Flow for packet.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

If the flow is not found or the bucket was empty, a new flow is taken from the spare pool. The pool will alloc new flows as long as we stay within our memcap limit.

The p->flow pointer is updated to point to the flow.

Parameters
tvthread vars
dtvdecode thread vars (for flow log api thread data)
Return values
fLOCKED flow or NULL

Definition at line 865 of file flow-hash.c.

References FBLOCK_LOCK, flow_config, flow_hash, Packet_::flow_hash, FlowCnf_::hash_size, and SCLogDebug.

Referenced by FlowHandlePacket().

Here is the caller graph for this function:

◆ FlowGetFromFlowKey()

Flow* FlowGetFromFlowKey ( FlowKey key,
struct timespec *  ttime,
const uint32_t  hash 
)

Get or create a Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.

Parameters
keyPointer to FlowKey build using flow to look for
ttimetime to use for flow creation
hashValue of the flow hash
Return values
fLOCKED flow or NULL

Definition at line 1054 of file flow-hash.c.

◆ FlowGetIpPairProtoHash()

uint32_t FlowGetIpPairProtoHash ( const Packet p)

Definition at line 116 of file flow-hash.c.

References FlowHashKey4_::addrs, ARRAY_SIZE, Packet_::dst, flow_config, g_vlan_mask, FlowCnf_::hash_rand, hashword(), Packet_::ip4h, Packet_::ip6h, FlowHashKey4_::pad, FlowHashKey6_::pad, FlowHashKey4_::ports, FlowHashKey4_::proto, Packet_::proto, FlowHashKey4_::recur, Packet_::recursion_level, Packet_::src, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, and Packet_::vlan_id.

Here is the call graph for this function:

◆ FlowKeyGetHash()

uint32_t FlowKeyGetHash ( FlowKey fk)

Basic hashing function for FlowKey

Note
Function only used for bypass and TCP or UDP flows
this is only used at start to create Flow from pinned maps so fairness is not an issue

Definition at line 307 of file flow-hash.c.

References Address_::address, Address_::address_un_data32, FlowHashKey4_::addrs, ARRAY_SIZE, FlowKey_::dp, FlowKey_::dst, Address_::family, flow_config, g_livedev_mask, g_vlan_mask, FlowCnf_::hash_rand, hashword(), FlowHashKey4_::livedev, FlowKey_::livedev_id, FlowHashKey6_::pad, FlowHashKey4_::ports, FlowHashKey4_::proto, FlowKey_::proto, FlowHashKey4_::recur, FlowKey_::recursion_level, FlowKey_::sp, FlowKey_::src, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, and FlowKey_::vlan_id.

Here is the call graph for this function:

◆ FlowSetupPacket()

void FlowSetupPacket ( Packet p)

prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing.

Definition at line 520 of file flow-hash.c.

References Packet_::flags, Packet_::flow_hash, and PKT_WANTS_FLOW.

◆ SC_ATOMIC_EXTERN() [1/2]

SC_ATOMIC_EXTERN ( unsigned int  ,
flow_flags   
)

◆ SC_ATOMIC_EXTERN() [2/2]

SC_ATOMIC_EXTERN ( unsigned int  ,
flow_prune_idx   
)

Variable Documentation

◆ flow_hash

FlowBucket* flow_hash

Definition at line 58 of file flow-hash.c.

Referenced by FlowGetExistingFlowFromFlowId(), FlowGetFlowFromHash(), FlowInitConfig(), FlowReset(), and FlowShutdown().

◆ stream_config

TcpStreamCnf stream_config

Definition at line 219 of file stream-tcp.c.

Referenced by NapatechGetStreamConfig(), StreamTcpPruneSession(), StreamTcpReassembleCheckMemcap(), StreamTcpReassembleGetMemcap(), StreamTcpReassembleRealloc(), StreamTcpReassembleSetMemcap(), StreamTcpUTDeinit(), StreamTcpUTInitInline(), and UTHAddStreamToFlow().

dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32