flow-hash.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	FlowBucket_

Macros
#define	FBLOCK_MUTEX
#define	FBLOCK_INIT(fb)   SCMutexInit(&(fb)->m, NULL)
#define	FBLOCK_DESTROY(fb)   SCMutexDestroy(&(fb)->m)
#define	FBLOCK_LOCK(fb)   SCMutexLock(&(fb)->m)
#define	FBLOCK_TRYLOCK(fb)   SCMutexTrylock(&(fb)->m)
#define	FBLOCK_UNLOCK(fb)   SCMutexUnlock(&(fb)->m)

Functions
struct FlowBucket_	__attribute__ ((aligned(CLS))) FlowBucket
	SC_ATOMIC_DECLARE (int32_t, next_ts)
Flow *	FlowGetFlowFromHash (ThreadVars *tv, DecodeThreadVars *dtv, const Packet *, Flow **)
	Get Flow for packet. More...
Flow *	FlowGetFromFlowKey (FlowKey *key, struct timespec *ttime, const uint32_t hash)
	Get or create a Flow using a FlowKey. More...
Flow *	FlowGetExistingFlowFromHash (FlowKey *key, uint32_t hash)
	Look for existing Flow using a FlowKey. More...
uint32_t	FlowKeyGetHash (FlowKey *flow_key)
void	FlowDisableTcpReuseHandling (void)

Variables
Flow *	head
Flow *	tail
SCMutex	m

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file flow-hash.h.

Macro Definition Documentation

#define FBLOCK_DESTROY

(

fb

)

SCMutexDestroy(&(fb)->m)

Definition at line 67 of file flow-hash.h.

Referenced by FlowShutdown(), and TmModuleFlowRecyclerRegister().

#define FBLOCK_INIT

(

fb

)

SCMutexInit(&(fb)->m, NULL)

Definition at line 66 of file flow-hash.h.

Referenced by FlowInitConfig(), and TmModuleFlowRecyclerRegister().

#define FBLOCK_LOCK

(

fb

)

SCMutexLock(&(fb)->m)

Definition at line 68 of file flow-hash.h.

Referenced by FlowDisableFlowManagerThread(), FlowForceReassemblyForFlow(), FlowGetExistingFlowFromHash(), FlowGetFlowFromHash(), and FlowGetFromFlowKey().

#define FBLOCK_MUTEX

Spinlocks or Mutex for the flow buckets.

Definition at line 29 of file flow-hash.h.

#define FBLOCK_TRYLOCK

(

fb

)

SCMutexTrylock(&(fb)->m)

Definition at line 69 of file flow-hash.h.

Referenced by FlowDisableFlowManagerThread(), and FlowGetExistingFlowFromHash().

#define FBLOCK_UNLOCK

(

fb

)

SCMutexUnlock(&(fb)->m)

Definition at line 70 of file flow-hash.h.

Referenced by FlowDisableFlowManagerThread(), FlowForceReassemblyForFlow(), FlowGetExistingFlowFromHash(), FlowGetFlowFromHash(), and FlowGetFromFlowKey().

Function Documentation

struct FlowBucket_ __attribute__

(

(aligned(CLS))

)

void FlowDisableTcpReuseHandling

(

void

)

Flow* FlowGetExistingFlowFromHash	(	FlowKey *	key,
		const uint32_t	hash
	)

Look for existing Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

Parameters

key	Pointer to FlowKey build using flow to look for
hash	Value of the flow hash

Return values

f	LOCKED flow or NULL

Definition at line 819 of file flow-hash.c.

References Flow_::fb, FBLOCK_LOCK, FBLOCK_TRYLOCK, FBLOCK_UNLOCK, flow_config, FLOW_EMERGENCY, FLOW_END_FLAG_EMERGENCY, FLOW_END_FLAG_FORCED, FLOW_END_FLAG_STATE_BYPASSED, FLOW_END_FLAG_STATE_CLOSED, FLOW_END_FLAG_STATE_ESTABLISHED, FLOW_END_FLAG_STATE_NEW, Flow_::flow_end_flags, flow_hash, FLOW_STATE_CAPTURE_BYPASSED, FLOW_STATE_CLOSED, FLOW_STATE_ESTABLISHED, FLOW_STATE_LOCAL_BYPASSED, FLOW_STATE_NEW, FlowClearMemory(), FLOWLOCK_TRYWRLOCK, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, Flow_::hnext, Flow_::hprev, DecodeThreadVars_::output_flow_thread_data, OutputFlowLog(), Flow_::protomap, SC_ATOMIC_ADD, SC_ATOMIC_GET, SC_ATOMIC_SET, and SCLogDebug.

Referenced by FlowGetFromFlowKey().

Here is the call graph for this function:

Here is the caller graph for this function:

Flow* FlowGetFlowFromHash	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		const Packet *	p,
		Flow **	dest
	)

Get Flow for packet.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.

If the flow is not found or the bucket was emtpy, a new flow is taken from the queue. FlowDequeue() will alloc new flows as long as we stay within our memcap limit.

The p->flow pointer is updated to point to the flow.

Parameters

tv	thread vars
dtv	decode thread vars (for flow log api thread data)

Return values

f	LOCKED flow or NULL

Definition at line 602 of file flow-hash.c.

References Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, flow_hash, Flow_::flow_hash, Packet_::flow_hash, FLOW_STATE_NEW, FlowInit(), FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, Flow_::hnext, Flow_::hprev, Flow_::proto, Flow_::protoctx, SCLogDebug, TcpSessionPacketSsnReuse(), and unlikely.

Referenced by FlowHandlePacket().

Here is the call graph for this function:

Here is the caller graph for this function:

Flow* FlowGetFromFlowKey	(	FlowKey *	key,
		struct timespec *	ttime,
		const uint32_t	hash
	)

Get or create a Flow using a FlowKey.

Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.

Parameters

key	Pointer to FlowKey build using flow to look for
ttime	time to use for flow creation
hash	Value of the flow hash

Return values

f	LOCKED flow or NULL

Definition at line 745 of file flow-hash.c.

References FlowKey_::dp, Flow_::dp, FlowKey_::dst, Flow_::dst, Address_::family, Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, Flow_::flags, flow_config, flow_hash, Flow_::flow_hash, FLOW_IPV4, FLOW_IPV6, flow_spare_q, FLOW_STATE_CAPTURE_BYPASSED, FlowAlloc(), FlowDequeue(), FlowGetExistingFlowFromHash(), FlowGetProtoMapping(), FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, FlowBucket_::head, Flow_::hnext, Flow_::hprev, Flow_::lastts, FlowKey_::proto, Flow_::proto, Flow_::protomap, Flow_::recursion_level, SCLogDebug, FlowKey_::sp, Flow_::sp, FlowKey_::src, Flow_::src, Flow_::startts, FlowKey_::vlan_id, and Flow_::vlan_id.

Here is the call graph for this function:

uint32_t FlowKeyGetHash

(

FlowKey *

fk

)

Basic hashing function for FlowKey

Note

Function only used for bypass and TCP or UDP flows

this is only used at start to create Flow from pinned maps so fairness is not an issue

Definition at line 223 of file flow-hash.c.

References Address_::address, FlowAddress_::address, Address_::address_un_data32, FlowAddress_::address_un_data32, FlowHashKey4_::addrs, FlowKey_::dp, Flow_::dp, Packet_::dp, FlowHashKey6_::dst, FlowKey_::dst, Flow_::dst, Packet_::dst, ICMPV4Vars_::emb_dport, ICMPV4Vars_::emb_sport, Address_::family, flow_config, g_vlan_mask, FlowCnf_::hash_rand, hashword(), Flow_::icmp_d, Packet_::icmp_d, Flow_::icmp_s, Packet_::icmp_s, ICMPV4_DEST_UNREACH_IS_VALID, ICMPV4_GET_EMB_IPV4, ICMPV4_GET_EMB_PROTO, Packet_::icmpv4vars, IPV4_GET_RAW_IPDST_U32, IPV4_GET_RAW_IPSRC_U32, FlowHashKey4_::ports, FlowHashKey6_::ports, FlowHashKey4_::proto, FlowHashKey6_::proto, FlowKey_::proto, Flow_::proto, Packet_::proto, FlowHashKey4_::recur, FlowHashKey6_::recur, FlowKey_::recursion_level, Flow_::recursion_level, Packet_::recursion_level, FlowKey_::sp, Flow_::sp, Packet_::sp, FlowHashKey6_::src, FlowKey_::src, Flow_::src, Packet_::src, FlowHashKey4_::u32, FlowHashKey6_::u32, FlowHashKey4_::vlan_id, FlowHashKey6_::vlan_id, FlowKey_::vlan_id, Flow_::vlan_id, and Packet_::vlan_id.

Here is the call graph for this function:

__attribute__::SC_ATOMIC_DECLARE	(	int32_t	,
		next_ts
	)

timestamp in seconds of the earliest possible moment a flow will time out in this row. Set by the flow manager. Cleared to 0 by workers, either when new flows are added or when a flow state changes. The flow manager sets this to INT_MAX for empty buckets.

Variable Documentation

Flow* head

Definition at line 102 of file flow-hash.h.

Referenced by AppLayerProtoDetectPPRegister(), DecodeVXLANEnabledForPort(), DetectAddressAdd(), DetectAddressInsert(), DetectParseAddress(), DetectPortListsAreEqual(), IPOnlyAddSignature(), IPOnlyCIDRListFree(), SCLogAppendOPIfaceCtx(), SigGetThresholdTypeIter(), and SigMatchList2DataArray().

SCMutex m

Definition at line 105 of file flow-hash.h.

Referenced by BoyerMoore(), BoyerMooreCtxDeInit(), BoyerMooreNocase(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTlsRegister(), DetectTlsVersionRegister(), hashbig(), PacketProfileLoggertIdToString(), RegisterDCERPCParsers(), RunModeShutDown(), SCProfilingDumpPacketStats(), SCThresholdConfParseFile(), SigMatchSignaturesGetSgh(), StatsSetUI64(), StorageFinalize(), ThresholdIPPairTimeoutCheck(), TmqhOutputPacketpool(), TmThreadCreateCmdThreadByName(), and TmThreadCreateMgmtThreadByName().

Flow* tail

Definition at line 103 of file flow-hash.h.