suricata
flow-hash.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-hash.h"
#include "flow-util.h"
#include "flow-private.h"
#include "flow-manager.h"
#include "flow-storage.h"
#include "app-layer-parser.h"
#include "util-time.h"
#include "util-debug.h"
#include "util-hash-lookup3.h"
#include "conf.h"
#include "output.h"
#include "output-flow.h"
Include dependency graph for flow-hash.c:

Go to the source code of this file.

Data Structures

struct  FlowHashKey4_
 
struct  FlowHashKey6_
 

Macros

#define FLOW_DEFAULT_FLOW_PRUNE   5
 

Typedefs

typedef struct FlowHashKey4_ FlowHashKey4
 
typedef struct FlowHashKey6_ FlowHashKey6
 

Functions

 SC_ATOMIC_EXTERN (unsigned int, flow_prune_idx)
 
 SC_ATOMIC_EXTERN (unsigned int, flow_flags)
 
uint32_t FlowKeyGetHash (FlowKey *fk)
 
void FlowSetupPacket (Packet *p)
 prepare packet for a life with flow Set PKT_WANTS_FLOW flag to incidate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing. More...
 
int TcpSessionPacketSsnReuse (const Packet *p, const Flow *f, void *tcp_ssn)
 
FlowFlowGetFlowFromHash (ThreadVars *tv, DecodeThreadVars *dtv, const Packet *p, Flow **dest)
 Get Flow for packet. More...
 
FlowFlowGetFromFlowKey (FlowKey *key, struct timespec *ttime, const uint32_t hash)
 Get or create a Flow using a FlowKey. More...
 
FlowFlowGetExistingFlowFromHash (FlowKey *key, const uint32_t hash)
 Look for existing Flow using a FlowKey. More...
 

Detailed Description

Macro Definition Documentation

#define FLOW_DEFAULT_FLOW_PRUNE   5

Definition at line 50 of file flow-hash.c.

Typedef Documentation

typedef struct FlowHashKey4_ FlowHashKey4
typedef struct FlowHashKey6_ FlowHashKey6

Function Documentation

Flow* FlowGetExistingFlowFromHash ( FlowKey key,
const uint32_t  hash 
)

Look for existing Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

Parameters
keyPointer to FlowKey build using flow to look for
hashValue of the flow hash
Return values
fLOCKED flow or NULL

Definition at line 819 of file flow-hash.c.

References Flow_::fb, FBLOCK_LOCK, FBLOCK_TRYLOCK, FBLOCK_UNLOCK, flow_config, FLOW_EMERGENCY, FLOW_END_FLAG_EMERGENCY, FLOW_END_FLAG_FORCED, FLOW_END_FLAG_STATE_BYPASSED, FLOW_END_FLAG_STATE_CLOSED, FLOW_END_FLAG_STATE_ESTABLISHED, FLOW_END_FLAG_STATE_NEW, Flow_::flow_end_flags, flow_hash, FLOW_STATE_CAPTURE_BYPASSED, FLOW_STATE_CLOSED, FLOW_STATE_ESTABLISHED, FLOW_STATE_LOCAL_BYPASSED, FLOW_STATE_NEW, FlowClearMemory(), FLOWLOCK_TRYWRLOCK, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, Flow_::hnext, Flow_::hprev, DecodeThreadVars_::output_flow_thread_data, OutputFlowLog(), Flow_::protomap, SC_ATOMIC_ADD, SC_ATOMIC_GET, SC_ATOMIC_SET, and SCLogDebug.

Referenced by FlowGetFromFlowKey().

Here is the call graph for this function:

Here is the caller graph for this function:

Flow* FlowGetFlowFromHash ( ThreadVars tv,
DecodeThreadVars dtv,
const Packet p,
Flow **  dest 
)

Get Flow for packet.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

If the flow is not found or the bucket was emtpy, a new flow is taken from the queue. FlowDequeue() will alloc new flows as long as we stay within our memcap limit.

The p->flow pointer is updated to point to the flow.

Parameters
tvthread vars
dtvdecode thread vars (for flow log api thread data)
Return values
fLOCKED flow or NULL

Definition at line 602 of file flow-hash.c.

References Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, flow_hash, Flow_::flow_hash, Packet_::flow_hash, FLOW_STATE_NEW, FlowInit(), FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, Flow_::hnext, Flow_::hprev, Flow_::proto, Flow_::protoctx, SCLogDebug, TcpSessionPacketSsnReuse(), and unlikely.

Referenced by FlowHandlePacket().

Here is the call graph for this function:

Here is the caller graph for this function:

Flow* FlowGetFromFlowKey ( FlowKey key,
struct timespec *  ttime,
const uint32_t  hash 
)

Get or create a Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.

Parameters
keyPointer to FlowKey build using flow to look for
ttimetime to use for flow creation
hashValue of the flow hash
Return values
fLOCKED flow or NULL

Definition at line 745 of file flow-hash.c.

References FlowKey_::dp, Flow_::dp, FlowKey_::dst, Flow_::dst, Address_::family, Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, Flow_::flags, flow_config, flow_hash, Flow_::flow_hash, FLOW_IPV4, FLOW_IPV6, flow_spare_q, FLOW_STATE_CAPTURE_BYPASSED, FlowAlloc(), FlowDequeue(), FlowGetExistingFlowFromHash(), FlowGetProtoMapping(), FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, FlowBucket_::head, Flow_::hnext, Flow_::hprev, Flow_::lastts, FlowKey_::proto, Flow_::proto, Flow_::protomap, Flow_::recursion_level, SCLogDebug, FlowKey_::sp, Flow_::sp, FlowKey_::src, Flow_::src, Flow_::startts, FlowKey_::vlan_id, and Flow_::vlan_id.

Here is the call graph for this function:

SC_ATOMIC_EXTERN ( unsigned  int,
flow_prune_idx   
)
SC_ATOMIC_EXTERN ( unsigned  int,
flow_flags   
)
int TcpSessionPacketSsnReuse ( const Packet p,
const Flow f,
void *  tcp_ssn 
)

Referenced by FlowGetFlowFromHash(), and FlowSetupPacket().

Here is the caller graph for this function: