suricata
Macros | Functions
flow-util.h File Reference
#include "detect-engine-state.h"
#include "tmqh-flow.h"
Include dependency graph for flow-util.h:

Go to the source code of this file.

Macros

#define COPY_TIMESTAMP(src, dst)   ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)
 
#define RESET_COUNTERS(f)
 
#define FLOW_INITIALIZE(f)
 
#define FLOW_RECYCLE(f)
 macro to recycle a flow before it goes into the spare queue for reuse. More...
 
#define FLOW_DESTROY(f)
 
#define FLOW_CHECK_MEMCAP(size)   ((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= SC_ATOMIC_GET(flow_config.memcap)))
 check if a memory alloc would fit in the memcap More...
 

Functions

FlowFlowAlloc (void)
 allocate a flow More...
 
FlowFlowAllocDirect (void)
 
void FlowFree (Flow *)
 cleanup & free the memory of a flow More...
 
uint8_t FlowGetProtoMapping (uint8_t)
 Function to map the protocol to the defined FLOW_PROTO_* enumeration. More...
 
void FlowInit (Flow *, const Packet *)
 
uint8_t FlowGetReverseProtoMapping (uint8_t rproto)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file flow-util.h.

Macro Definition Documentation

#define COPY_TIMESTAMP (   src,
  dst 
)    ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)

Definition at line 30 of file flow-util.h.

Referenced by FlowHandlePacketUpdate(), FlowInit(), and UTHBuildPacketReal().

#define FLOW_CHECK_MEMCAP (   size)    ((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= SC_ATOMIC_GET(flow_config.memcap)))

check if a memory alloc would fit in the memcap

Parameters
sizememory allocation size to check
Return values
1it fits
0no fit

Definition at line 135 of file flow-util.h.

Referenced by FlowAlloc(), FlowInitConfig(), FlowSetupPacket(), FlowUpdateState(), and TmModuleFlowRecyclerRegister().

#define FLOW_DESTROY (   f)
Value:
do { \
FlowCleanupAppLayer((f)); \
SC_ATOMIC_DESTROY((f)->flow_state); \
SC_ATOMIC_DESTROY((f)->use_cnt); \
\
FLOWLOCK_DESTROY((f)); \
GenericVarFree((f)->flowvar); \
} while(0)
SC_ATOMIC_DESTROY
#define SC_ATOMIC_DESTROY(name)
Destroy the lock used to protect this variable.
Definition: util-atomic.h:97
FLOWLOCK_DESTROY
#define FLOWLOCK_DESTROY(fb)
Definition: flow.h:238
GenericVarFree
void GenericVarFree(GenericVar *gv)
Definition: util-var.c:47
FlowCleanupAppLayer
void FlowCleanupAppLayer(Flow *f)
Definition: flow.c:125

Definition at line 119 of file flow-util.h.

Referenced by DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFlowbitsAnalyze(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectProtoContainsProto(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FlowFree(), FTPAtExitPrintStats(), IPOnlyAddSignature(), RegisterDCERPCParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSSHParsers(), RegisterSSLParsers(), SMTPParserCleanup(), TagTimeoutCheck(), and TmModuleFlowRecyclerRegister().

#define FLOW_INITIALIZE (   f)

Definition at line 39 of file flow-util.h.

Referenced by AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFlowbitsAnalyze(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectProtoContainsProto(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FlowAlloc(), FTPAtExitPrintStats(), IPOnlyAddSignature(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterModbusParsers(), RegisterSSHParsers(), RegisterSSLParsers(), SCSigSignatureOrderingModuleCleanup(), SMTPParserCleanup(), TagTimeoutCheck(), TmModuleFlowRecyclerRegister(), and UTHBuildFlow().

#define FLOW_RECYCLE (   f)

macro to recycle a flow before it goes into the spare queue for reuse.

Note that the lnext, lprev, hnext, hprev fields are untouched, those are managed by the queueing code. Same goes for fb (FlowBucket ptr) field.

Definition at line 83 of file flow-util.h.

Referenced by FlowClearMemory().

#define RESET_COUNTERS (   f)
Value:
do { \
(f)->todstpktcnt = 0; \
(f)->tosrcpktcnt = 0; \
(f)->todstbytecnt = 0; \
(f)->tosrcbytecnt = 0; \
} while (0)

Definition at line 32 of file flow-util.h.

Function Documentation

Flow* FlowAlloc ( void  )

allocate a flow

We check against the memuse counter. If it passes that check we increment the counter first, then we try to alloc.

Return values
fthe flow or NULL on out of memory

Definition at line 51 of file flow-util.c.

References FLOW_CHECK_MEMCAP, FLOW_INITIALIZE, FlowStorageSize(), SC_ATOMIC_ADD, SC_ATOMIC_SUB, SCMalloc, and unlikely.

Referenced by FlowGetFromFlowKey(), FlowInitConfig(), FlowSetupPacket(), FlowStorageRegister(), FlowUpdateSpareFlows(), and TagTimeoutCheck().

Here is the call graph for this function:

Here is the caller graph for this function:

Flow* FlowAllocDirect ( void  )
void FlowFree ( Flow f)

cleanup & free the memory of a flow

Parameters
fflow to clear & destroy

Definition at line 80 of file flow-util.c.

References FLOW_DESTROY, FlowStorageSize(), SC_ATOMIC_SUB, and SCFree.

Referenced by AppLayerParserStreamTruncated(), FlowShutdown(), FlowStorageRegister(), FlowUpdateSpareFlows(), and UTHFreeFlow().

Here is the call graph for this function:

Here is the caller graph for this function:

uint8_t FlowGetProtoMapping ( uint8_t  proto)

Function to map the protocol to the defined FLOW_PROTO_* enumeration.

Parameters
protoprotocol which is needed to be mapped

Definition at line 95 of file flow-util.c.

References FLOW_PROTO_DEFAULT, FLOW_PROTO_ICMP, FLOW_PROTO_SCTP, FLOW_PROTO_TCP, and FLOW_PROTO_UDP.

Referenced by AppLayerGetTxIterator(), AppLayerParserDestroyProtocolParserLocalStorage(), AppLayerParserGetEventInfo(), AppLayerParserGetEventInfoById(), AppLayerParserGetEventsByTx(), AppLayerParserGetFiles(), AppLayerParserGetFirstDataDir(), AppLayerParserGetProtocolParserLocalStorage(), AppLayerParserGetStateProgress(), AppLayerParserGetTx(), AppLayerParserGetTxDetectFlags(), AppLayerParserGetTxDetectState(), AppLayerParserParse(), AppLayerParserProtocolGetLoggerBits(), AppLayerParserProtocolHasLogger(), AppLayerParserProtocolIsTxEventAware(), AppLayerParserProtoIsRegistered(), AppLayerParserRegisterDetectFlagsFuncs(), AppLayerParserRegisterDetectStateFuncs(), AppLayerParserRegisterGetEventInfo(), AppLayerParserRegisterGetEventInfoById(), AppLayerParserRegisterGetEventsFunc(), AppLayerParserRegisterGetFilesFunc(), AppLayerParserRegisterGetStateProgressFunc(), AppLayerParserRegisterGetTx(), AppLayerParserRegisterGetTxCnt(), AppLayerParserRegisterGetTxIterator(), AppLayerParserRegisterLocalStorageFunc(), AppLayerParserRegisterLogger(), AppLayerParserRegisterLoggerBits(), AppLayerParserRegisterLoggerFuncs(), AppLayerParserRegisterOptionFlags(), AppLayerParserRegisterParser(), AppLayerParserRegisterParserAcceptableDataDirection(), AppLayerParserRegisterProtocolUnittests(), AppLayerParserRegisterStateFuncs(), AppLayerParserRegisterTruncateFunc(), AppLayerParserRegisterTxFreeFunc(), AppLayerParserRestoreParserTable(), AppLayerParserSetStreamDepth(), AppLayerParserSetTxDetectFlags(), AppLayerParserSetTxLogged(), AppLayerParserStateCleanup(), AppLayerParserStreamTruncated(), AppLayerParserSupportsFiles(), AppLayerParserSupportsTxDetectState(), AppLayerProtoDetectUnittestCtxRestore(), AppLayerRegisterThreadCounters(), AppLayerSetupCounters(), DetectDnsQueryRegister(), FlowGetFromFlowKey(), FlowInit(), FlowSetProtoFreeFunc(), FlowShutdown(), FlowUpdateState(), RegisterDCERPCUDPParsers(), and TagTimeoutCheck().

uint8_t FlowGetReverseProtoMapping ( uint8_t  rproto)

Definition at line 111 of file flow-util.c.

References FLOW_PROTO_ICMP, FLOW_PROTO_SCTP, FLOW_PROTO_TCP, FLOW_PROTO_UDP, Flow_::icmp_d, Flow_::icmp_s, ICMPv4GetCounterpart(), and ICMPv6GetCounterpart().

Referenced by AppLayerParserThreadCtxAlloc(), and AppLayerParserThreadCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

void FlowInit ( Flow ,
const Packet  
)

Definition at line 147 of file flow-util.c.

References COPY_TIMESTAMP, Flow_::dp, Flow_::dst, Flow_::flags, FLOW_IPV4, FLOW_IPV6, FLOW_SET_IPV4_DST_ADDR_FROM_PACKET, FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET, FLOW_SET_IPV6_DST_ADDR_FROM_PACKET, FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET, FlowGetProtoMapping(), Flow_::icmp_s, Packet_::icmp_s, Packet_::icmpv4h, Packet_::icmpv6h, IPV4_GET_IPTTL, IPV6_GET_HLIM, Flow_::livedev, Packet_::livedev, Flow_::max_ttl_toserver, Flow_::min_ttl_toserver, PKT_IS_IPV4, PKT_IS_IPV6, Flow_::proto, Packet_::proto, Flow_::protomap, Flow_::recursion_level, Packet_::recursion_level, SCEnter, SCLogDebug, SCReturn, Packet_::sctph, SET_SCTP_DST_PORT, SET_SCTP_SRC_PORT, SET_TCP_DST_PORT, SET_TCP_SRC_PORT, SET_UDP_DST_PORT, SET_UDP_SRC_PORT, Flow_::sp, Flow_::src, Flow_::startts, Packet_::tcph, Packet_::ts, Packet_::udph, Flow_::vlan_id, Packet_::vlan_id, Flow_::vlan_idx, and Packet_::vlan_idx.

Referenced by FlowGetFlowFromHash(), and FlowSetupPacket().

Here is the call graph for this function:

Here is the caller graph for this function: