#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-hash.h"
#include "flow-util.h"
#include "flow-private.h"
#include "flow-manager.h"
#include "flow-storage.h"
#include "flow-timeout.h"
#include "flow-spare-pool.h"
#include "flow-callbacks.h"
#include "app-layer-parser.h"
#include "util-time.h"
#include "util-debug.h"
#include "util-device.h"
#include "util-hash-lookup3.h"
#include "conf.h"
#include "output.h"
#include "output-flow.h"
#include "stream-tcp.h"
#include "util-exception-policy.h"

Include dependency graph for flow-hash.c:

Data Structures
struct	FlowHashKey4_

struct	FlowHashKey6_

Macros
#define	FLOW_GET_NEW_TRIES 5

#define	STATSADDUI64(cnt, value)

Typedefs
typedef struct FlowHashKey4_	FlowHashKey4

typedef struct FlowHashKey6_	FlowHashKey6

Functions
	SC_ATOMIC_EXTERN (unsigned int, flow_prune_idx)

	SC_ATOMIC_EXTERN (unsigned int, flow_flags)

uint32_t	FlowGetIpPairProtoHash (const Packet *p)

uint32_t	FlowKeyGetHash (FlowKey *fk)

void	FlowSetupPacket (Packet *p)
	prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing. More...

Flow *	FlowGetFlowFromHash (ThreadVars tv, FlowLookupStruct fls, Packet p, Flow *dest)
	Get Flow for packet. More...

Flow *	FlowGetExistingFlowFromFlowId (int64_t flow_id)
	Look for existing Flow using a flow id value. More...

Flow *	FlowGetFromFlowKey (FlowKey key, struct timespec ttime, const uint32_t hash)
	Get or create a Flow using a FlowKey. More...

Variables
TcpStreamCnf	stream_config

FlowBucket *	flow_hash

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Pablo Rincon Crespo pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Flow Hashing functions.

Definition in file flow-hash.c.

Macro Definition Documentation

◆ FLOW_GET_NEW_TRIES

#define FLOW_GET_NEW_TRIES 5

Definition at line 1108 of file flow-hash.c.

◆ STATSADDUI64

#define STATSADDUI64	(	cnt,
		value
	)

Value:

        if (tv && dtv) { \
            StatsAddUI64(tv, dtv->cnt, (value)); \
        }

Definition at line 1159 of file flow-hash.c.

Typedef Documentation

◆ FlowHashKey4

typedef struct FlowHashKey4_ FlowHashKey4

◆ FlowHashKey6

typedef struct FlowHashKey6_ FlowHashKey6

Function Documentation

◆ FlowGetExistingFlowFromFlowId()

Flow* FlowGetExistingFlowFromFlowId ( int64_t flow_id )

Look for existing Flow using a flow id value.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the flow_id with the found flow's flow_id to see if it is the flow we need.

Parameters

flow_id Flow ID of the flow to look for

Return values

f	LOCKED flow or NULL

Definition at line 992 of file flow-hash.c.

References FBLOCK_LOCK, flow_config, flow_hash, FlowCnf_::hash_size, Flow_::next, and SCLogDebug.

◆ FlowGetFlowFromHash()

Flow* FlowGetFlowFromHash	(	ThreadVars *	tv,
		FlowLookupStruct *	fls,
		Packet *	p,
		Flow **	dest
	)

Get Flow for packet.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

If the flow is not found or the bucket was empty, a new flow is taken from the spare pool. The pool will alloc new flows as long as we stay within our memcap limit.

The p->flow pointer is updated to point to the flow.

Parameters

tv	thread vars
dtv	decode thread vars (for flow log api thread data)

Return values

f	LOCKED flow or NULL

Definition at line 867 of file flow-hash.c.

References FBLOCK_LOCK, flow_config, flow_hash, Packet_::flow_hash, FlowCnf_::hash_size, and SCLogDebug.

Referenced by FlowHandlePacket().

Here is the caller graph for this function:

◆ FlowGetFromFlowKey()

Flow* FlowGetFromFlowKey	(	FlowKey *	key,
		struct timespec *	ttime,
		const uint32_t	hash
	)

Get or create a Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.

Parameters

key	Pointer to FlowKey build using flow to look for
ttime	time to use for flow creation
hash	Value of the flow hash

Return values

f	LOCKED flow or NULL

Definition at line 1056 of file flow-hash.c.

◆ FlowGetIpPairProtoHash()

uint32_t FlowGetIpPairProtoHash ( const Packet * p )

Definition at line 117 of file flow-hash.c.

◆ FlowKeyGetHash()

uint32_t FlowKeyGetHash ( FlowKey * fk )

Basic hashing function for FlowKey

Note: Function only used for bypass and TCP or UDP flows; this is only used at start to create Flow from pinned maps so fairness is not an issue

Definition at line 308 of file flow-hash.c.

References Address_::address, Address_::address_un_data32, FlowHashKey4_::addrs, ARRAY_SIZE, FlowKey_::dp, FlowKey_::dst, Address_::family, flow_config, g_livedev_mask, g_vlan_mask, FlowCnf_::hash_rand, hashword(), FlowHashKey4_::livedev, FlowKey_::livedev_id, FlowHashKey6_::pad, FlowHashKey4_::ports, FlowHashKey4_::proto, FlowKey_::proto, FlowHashKey4_::recur, FlowKey_::recursion_level, FlowKey_::sp, FlowKey_::src, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, and FlowKey_::vlan_id.

Here is the call graph for this function:

◆ FlowSetupPacket()

void FlowSetupPacket ( Packet * p )

prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing.

Definition at line 522 of file flow-hash.c.

References Packet_::flags, Packet_::flow_hash, and PKT_WANTS_FLOW.

◆ SC_ATOMIC_EXTERN() [1/2]

SC_ATOMIC_EXTERN	(	unsigned int	,
		flow_flags
	)

◆ SC_ATOMIC_EXTERN() [2/2]

SC_ATOMIC_EXTERN	(	unsigned int	,
		flow_prune_idx
	)

Variable Documentation

◆ flow_hash

FlowBucket* flow_hash

Definition at line 59 of file flow-hash.c.

Referenced by FlowGetExistingFlowFromFlowId(), FlowGetFlowFromHash(), FlowInitConfig(), FlowReset(), and FlowShutdown().

◆ stream_config

TcpStreamCnf stream_config

Definition at line 219 of file stream-tcp.c.

Referenced by StreamTcpPruneSession(), StreamTcpReassembleCheckMemcap(), StreamTcpReassembleGetMemcap(), StreamTcpReassembleRealloc(), StreamTcpReassembleSetMemcap(), StreamTcpUTDeinit(), StreamTcpUTInitInline(), and UTHAddStreamToFlow().

Data Structures

Macros

Typedefs

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ FLOW_GET_NEW_TRIES

◆ STATSADDUI64

Typedef Documentation

◆ FlowHashKey4

◆ FlowHashKey6

Function Documentation

◆ FlowGetExistingFlowFromFlowId()

◆ FlowGetFlowFromHash()

◆ FlowGetFromFlowKey()

◆ FlowGetIpPairProtoHash()

◆ FlowKeyGetHash()

◆ FlowSetupPacket()

◆ SC_ATOMIC_EXTERN() [1/2]

◆ SC_ATOMIC_EXTERN() [2/2]

Variable Documentation

◆ flow_hash

◆ stream_config