suricata
Data Structures | Macros | Functions | Variables
flow-hash.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  FlowBucket_
 

Macros

#define FBLOCK_MUTEX
 
#define FBLOCK_INIT(fb)   SCMutexInit(&(fb)->m, NULL)
 
#define FBLOCK_DESTROY(fb)   SCMutexDestroy(&(fb)->m)
 
#define FBLOCK_LOCK(fb)   SCMutexLock(&(fb)->m)
 
#define FBLOCK_TRYLOCK(fb)   SCMutexTrylock(&(fb)->m)
 
#define FBLOCK_UNLOCK(fb)   SCMutexUnlock(&(fb)->m)
 

Functions

struct FlowBucket_ __attribute__ ((aligned(CLS))) FlowBucket
 
 SC_ATOMIC_DECLARE (int32_t, next_ts)
 
FlowFlowGetFlowFromHash (ThreadVars *tv, FlowLookupStruct *tctx, const Packet *, Flow **)
 Get Flow for packet. More...
 
FlowFlowGetFromFlowKey (FlowKey *key, struct timespec *ttime, const uint32_t hash)
 Get or create a Flow using a FlowKey. More...
 
FlowFlowGetExistingFlowFromHash (FlowKey *key, uint32_t hash)
 Look for existing Flow using a FlowKey. More...
 
uint32_t FlowKeyGetHash (FlowKey *flow_key)
 

Variables

Flowhead
 
Flowevicted
 
SCMutex m
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file flow-hash.h.

Macro Definition Documentation

◆ FBLOCK_DESTROY

#define FBLOCK_DESTROY (   fb)    SCMutexDestroy(&(fb)->m)

Definition at line 71 of file flow-hash.h.

◆ FBLOCK_INIT

#define FBLOCK_INIT (   fb)    SCMutexInit(&(fb)->m, NULL)

Definition at line 70 of file flow-hash.h.

◆ FBLOCK_LOCK

#define FBLOCK_LOCK (   fb)    SCMutexLock(&(fb)->m)

Definition at line 72 of file flow-hash.h.

◆ FBLOCK_MUTEX

#define FBLOCK_MUTEX

Spinlocks or Mutex for the flow buckets.

Definition at line 30 of file flow-hash.h.

◆ FBLOCK_TRYLOCK

#define FBLOCK_TRYLOCK (   fb)    SCMutexTrylock(&(fb)->m)

Definition at line 73 of file flow-hash.h.

◆ FBLOCK_UNLOCK

#define FBLOCK_UNLOCK (   fb)    SCMutexUnlock(&(fb)->m)

Definition at line 74 of file flow-hash.h.

Function Documentation

◆ __attribute__()

struct FlowBucket_ __attribute__ ( (aligned(CLS))  )

◆ FlowGetExistingFlowFromHash()

Flow* FlowGetExistingFlowFromHash ( FlowKey key,
const uint32_t  hash 
)

Look for existing Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

Parameters
keyPointer to FlowKey build using flow to look for
hashValue of the flow hash
Return values
fLOCKED flow or NULL

Definition at line 940 of file flow-hash.c.

References FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, flow_hash, FlowCnf_::hash_size, and SCLogDebug.

Referenced by FlowGetFromFlowKey().

Here is the caller graph for this function:

◆ FlowGetFlowFromHash()

Flow* FlowGetFlowFromHash ( ThreadVars tv,
FlowLookupStruct fls,
const Packet p,
Flow **  dest 
)

Get Flow for packet.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

If the flow is not found or the bucket was emtpy, a new flow is taken from the spare pool. The pool will alloc new flows as long as we stay within our memcap limit.

The p->flow pointer is updated to point to the flow.

Parameters
tvthread vars
dtvdecode thread vars (for flow log api thread data)
Return values
fLOCKED flow or NULL

Definition at line 755 of file flow-hash.c.

References flow_config, flow_hash, Packet_::flow_hash, and FlowCnf_::hash_size.

Referenced by FlowHandlePacket().

Here is the caller graph for this function:

◆ FlowGetFromFlowKey()

Flow* FlowGetFromFlowKey ( FlowKey key,
struct timespec *  ttime,
const uint32_t  hash 
)

Get or create a Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.

Parameters
keyPointer to FlowKey build using flow to look for
ttimetime to use for flow creation
hashValue of the flow hash
Return values
fLOCKED flow or NULL

Definition at line 878 of file flow-hash.c.

References FlowKey_::dp, Flow_::dp, FlowKey_::dst, Flow_::dst, Address_::family, Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, Flow_::flags, flow_config, flow_hash, Flow_::flow_hash, FLOW_IPV4, FLOW_IPV6, FlowAlloc(), FlowGetExistingFlowFromHash(), FlowGetProtoMapping(), FLOWLOCK_WRLOCK, FlowCnf_::hash_size, Flow_::lastts, Flow_::next, FlowKey_::proto, Flow_::proto, Flow_::protomap, Flow_::recursion_level, SCLogDebug, FlowKey_::sp, Flow_::sp, FlowKey_::src, Flow_::src, Flow_::startts, FlowKey_::vlan_id, and Flow_::vlan_id.

Here is the call graph for this function:

◆ FlowKeyGetHash()

uint32_t FlowKeyGetHash ( FlowKey fk)

Basic hashing function for FlowKey

Note
Function only used for bypass and TCP or UDP flows
this is only used at start to create Flow from pinned maps so fairness is not an issue

Definition at line 226 of file flow-hash.c.

References Address_::address, Address_::address_un_data32, FlowHashKey4_::addrs, FlowKey_::dp, FlowKey_::dst, Address_::family, flow_config, g_vlan_mask, FlowCnf_::hash_rand, hashword(), FlowHashKey4_::ports, FlowHashKey4_::proto, FlowKey_::proto, FlowHashKey4_::recur, FlowKey_::recursion_level, FlowKey_::sp, FlowKey_::src, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, and FlowKey_::vlan_id.

Here is the call graph for this function:

◆ SC_ATOMIC_DECLARE()

__attribute__::SC_ATOMIC_DECLARE ( int32_t  ,
next_ts   
)

timestamp in seconds of the earliest possible moment a flow will time out in this row. Set by the flow manager. Cleared to 0 by workers, either when new flows are added or when a flow state changes. The flow manager sets this to INT_MAX for empty buckets.

Variable Documentation

◆ evicted

Flow* evicted

head of the list of evicted flows for this row. Waiting to be collected by the Flow Manager.

Definition at line 4 of file flow-hash.h.

◆ head

Flow* head

head of the list of active flows for this row.

Definition at line 1 of file flow-hash.h.

Referenced by AppLayerProtoDetectPPRegister(), DetectPortCleanupList(), DetectPortInsert(), SBB_RB_FIND_INCLUSIVE(), SCLogAppendOPIfaceCtx(), StatsReleaseCounters(), ThresholdHostTimeoutCheck(), and ThresholdIPPairTimeoutCheck().

◆ m

SCMutex m

Definition at line 6 of file flow-hash.h.

Referenced by BoyerMoore(), BoyerMooreNocase(), DetectFileHashMatch(), TmqhOutputPacketpool(), TmThreadCreateCmdThreadByName(), and TmThreadCreateMgmtThreadByName().