#include "flow.h"
Go to the source code of this file.
Data Structures | |
| struct | FlowBucket_ |
Macros | |
| #define | FBLOCK_MUTEX |
| #define | FBLOCK_INIT(fb) SCMutexInit(&(fb)->m, NULL) |
| #define | FBLOCK_DESTROY(fb) SCMutexDestroy(&(fb)->m) |
| #define | FBLOCK_LOCK(fb) SCMutexLock(&(fb)->m) |
| #define | FBLOCK_TRYLOCK(fb) SCMutexTrylock(&(fb)->m) |
| #define | FBLOCK_UNLOCK(fb) SCMutexUnlock(&(fb)->m) |
Functions | |
| struct FlowBucket_ | __attribute__ ((aligned(CLS))) FlowBucket |
| SC_ATOMIC_DECLARE (uint32_t, next_ts) | |
| Flow * | FlowGetFlowFromHash (ThreadVars *tv, FlowLookupStruct *tctx, Packet *, Flow **) |
| Get Flow for packet. More... | |
| Flow * | FlowGetFromFlowKey (FlowKey *key, struct timespec *ttime, const uint32_t hash) |
| Get or create a Flow using a FlowKey. More... | |
| Flow * | FlowGetExistingFlowFromHash (FlowKey *key, uint32_t hash) |
| Look for existing Flow using a FlowKey. More... | |
| Flow * | FlowGetExistingFlowFromFlowId (int64_t flow_id) |
| Look for existing Flow using a flow id value. More... | |
| uint32_t | FlowKeyGetHash (FlowKey *flow_key) |
| uint32_t | FlowGetIpPairProtoHash (const Packet *p) |
Variables | |
| Flow * | head |
| Flow * | evicted |
| SCMutex | m |
Detailed Description
Definition in file flow-hash.h.
Macro Definition Documentation
◆ FBLOCK_DESTROY
| #define FBLOCK_DESTROY | ( | fb | ) | SCMutexDestroy(&(fb)->m) |
Definition at line 73 of file flow-hash.h.
◆ FBLOCK_INIT
| #define FBLOCK_INIT | ( | fb | ) | SCMutexInit(&(fb)->m, NULL) |
Definition at line 72 of file flow-hash.h.
◆ FBLOCK_LOCK
| #define FBLOCK_LOCK | ( | fb | ) | SCMutexLock(&(fb)->m) |
Definition at line 74 of file flow-hash.h.
◆ FBLOCK_MUTEX
| #define FBLOCK_MUTEX |
Spinlocks or Mutex for the flow buckets.
Definition at line 32 of file flow-hash.h.
◆ FBLOCK_TRYLOCK
| #define FBLOCK_TRYLOCK | ( | fb | ) | SCMutexTrylock(&(fb)->m) |
Definition at line 75 of file flow-hash.h.
◆ FBLOCK_UNLOCK
| #define FBLOCK_UNLOCK | ( | fb | ) | SCMutexUnlock(&(fb)->m) |
Definition at line 76 of file flow-hash.h.
Function Documentation
◆ __attribute__()
| struct FlowBucket_ __attribute__ | ( | (aligned(CLS)) | ) |
◆ FlowGetExistingFlowFromFlowId()
| Flow* FlowGetExistingFlowFromFlowId | ( | int64_t | flow_id | ) |
Look for existing Flow using a flow id value.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.
- Parameters
-
flow_id Flow ID of the flow to look for
- Return values
-
f LOCKED flow or NULL
Definition at line 921 of file flow-hash.c.
References FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, flow_hash, FlowCnf_::hash_size, and SCLogDebug.
◆ FlowGetExistingFlowFromHash()
Look for existing Flow using a FlowKey.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.
- Parameters
-
key Pointer to FlowKey build using flow to look for hash Value of the flow hash
- Return values
-
f LOCKED flow or NULL
Definition at line 1040 of file flow-hash.c.
References FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, flow_hash, FlowCnf_::hash_size, and SCLogDebug.
Referenced by FlowGetFromFlowKey().
◆ FlowGetFlowFromHash()
| Flow* FlowGetFlowFromHash | ( | ThreadVars * | tv, |
| FlowLookupStruct * | fls, | ||
| Packet * | p, | ||
| Flow ** | dest | ||
| ) |
Get Flow for packet.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.
If the flow is not found or the bucket was emtpy, a new flow is taken from the spare pool. The pool will alloc new flows as long as we stay within our memcap limit.
The p->flow pointer is updated to point to the flow.
- Parameters
-
tv thread vars dtv decode thread vars (for flow log api thread data)
- Return values
-
f LOCKED flow or NULL
Definition at line 799 of file flow-hash.c.
References FBLOCK_LOCK, flow_config, flow_hash, Packet_::flow_hash, FlowCnf_::hash_size, and SCLogDebug.
Referenced by FlowHandlePacket().
◆ FlowGetFromFlowKey()
Get or create a Flow using a FlowKey.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.
- Parameters
-
key Pointer to FlowKey build using flow to look for ttime time to use for flow creation hash Value of the flow hash
- Return values
-
f LOCKED flow or NULL
Definition at line 979 of file flow-hash.c.
References FlowKey_::dp, Flow_::dp, FlowKey_::dst, Flow_::dst, Address_::family, Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, Flow_::flags, flow_config, flow_hash, Flow_::flow_hash, FLOW_IPV4, FLOW_IPV6, FlowAlloc(), FlowGetExistingFlowFromHash(), FlowGetProtoMapping(), FLOWLOCK_WRLOCK, FlowCnf_::hash_size, Flow_::lastts, Flow_::next, FlowKey_::proto, Flow_::proto, Flow_::protomap, Flow_::recursion_level, SCLogDebug, SCTIME_FROM_TIMESPEC, FlowKey_::sp, Flow_::sp, FlowKey_::src, Flow_::src, Flow_::startts, FlowKey_::vlan_id, and Flow_::vlan_id.
◆ FlowGetIpPairProtoHash()
| uint32_t FlowGetIpPairProtoHash | ( | const Packet * | p | ) |
Definition at line 111 of file flow-hash.c.
References FlowHashKey4_::addrs, Packet_::dst, flow_config, g_vlan_mask, FlowCnf_::hash_rand, hashword(), Packet_::ip4h, Packet_::ip6h, FlowHashKey4_::ports, FlowHashKey4_::proto, Packet_::proto, FlowHashKey4_::recur, Packet_::recursion_level, Packet_::src, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, and Packet_::vlan_id.
◆ FlowKeyGetHash()
| uint32_t FlowKeyGetHash | ( | FlowKey * | fk | ) |
Basic hashing function for FlowKey
- Note
- Function only used for bypass and TCP or UDP flows
- this is only used at start to create Flow from pinned maps so fairness is not an issue
Definition at line 282 of file flow-hash.c.
References Address_::address, Address_::address_un_data32, FlowHashKey4_::addrs, FlowKey_::dp, FlowKey_::dst, Address_::family, flow_config, g_vlan_mask, FlowCnf_::hash_rand, hashword(), FlowHashKey4_::ports, FlowHashKey4_::proto, FlowKey_::proto, FlowHashKey4_::recur, FlowKey_::recursion_level, FlowKey_::sp, FlowKey_::src, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, and FlowKey_::vlan_id.
◆ SC_ATOMIC_DECLARE()
| __attribute__::SC_ATOMIC_DECLARE | ( | uint32_t | , |
| next_ts | |||
| ) |
timestamp in seconds of the earliest possible moment a flow will time out in this row. Set by the flow manager. Cleared to 0 by workers, either when new flows are added or when a flow state changes. The flow manager sets this to UINT_MAX for empty buckets.
Variable Documentation
◆ evicted
| Flow* evicted |
head of the list of evicted flows for this row. Waiting to be collected by the Flow Manager.
Definition at line 4 of file flow-hash.h.
◆ head
| Flow* head |
head of the list of active flows for this row.
Definition at line 1 of file flow-hash.h.
Referenced by AppLayerProtoDetectPPRegister(), DetectPortCleanupList(), DetectPortInsert(), SBB_RB_FIND_INCLUSIVE(), SCLogAppendOPIfaceCtx(), StatsReleaseCounters(), ThresholdHostTimeoutCheck(), and ThresholdIPPairTimeoutCheck().
◆ m
| SCMutex m |
Definition at line 6 of file flow-hash.h.
Referenced by BoyerMoore(), BoyerMooreNocase(), DetectFileHashMatch(), TmThreadCreateCmdThreadByName(), and TmThreadCreateMgmtThreadByName().
