suricata
flow-util.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __FLOW_UTIL_H__
25 #define __FLOW_UTIL_H__
26 
27 #include "flow.h"
28 #include "stream-tcp-private.h"
29 
30 #define COPY_TIMESTAMP(src, dst) ((dst)->tv_sec = (src)->tv_sec, (dst)->tv_usec = (src)->tv_usec)
31 
32 #define RESET_COUNTERS(f) \
33  do { \
34  (f)->todstpktcnt = 0; \
35  (f)->tosrcpktcnt = 0; \
36  (f)->todstbytecnt = 0; \
37  (f)->tosrcbytecnt = 0; \
38  } while (0)
39 
40 #define FLOW_INITIALIZE(f) \
41  do { \
42  (f)->sp = 0; \
43  (f)->dp = 0; \
44  (f)->proto = 0; \
45  (f)->livedev = NULL; \
46  (f)->timeout_at = 0; \
47  (f)->timeout_policy = 0; \
48  (f)->vlan_idx = 0; \
49  (f)->next = NULL; \
50  (f)->flow_state = 0; \
51  (f)->tenant_id = 0; \
52  (f)->parent_id = 0; \
53  (f)->probing_parser_toserver_alproto_masks = 0; \
54  (f)->probing_parser_toclient_alproto_masks = 0; \
55  (f)->flags = 0; \
56  (f)->file_flags = 0; \
57  (f)->protodetect_dp = 0; \
58  SCTIME_INIT((f)->lastts); \
59  FLOWLOCK_INIT((f)); \
60  (f)->protoctx = NULL; \
61  (f)->flow_end_flags = 0; \
62  (f)->alproto = 0; \
63  (f)->alproto_ts = 0; \
64  (f)->alproto_tc = 0; \
65  (f)->alproto_orig = 0; \
66  (f)->alproto_expect = 0; \
67  (f)->de_ctx_version = 0; \
68  (f)->thread_id[0] = 0; \
69  (f)->thread_id[1] = 0; \
70  (f)->alparser = NULL; \
71  (f)->alstate = NULL; \
72  (f)->sgh_toserver = NULL; \
73  (f)->sgh_toclient = NULL; \
74  (f)->flowvar = NULL; \
75  RESET_COUNTERS((f)); \
76  } while (0)
77 
78 /** \brief macro to recycle a flow before it goes into the spare queue for reuse.
79  *
80  * Note that the lnext, lprev, hnext fields are untouched, those are
81  * managed by the queueing code. Same goes for fb (FlowBucket ptr) field.
82  */
83 #define FLOW_RECYCLE(f) \
84  do { \
85  FlowCleanupAppLayer((f)); \
86  (f)->sp = 0; \
87  (f)->dp = 0; \
88  (f)->proto = 0; \
89  (f)->livedev = NULL; \
90  (f)->vlan_idx = 0; \
91  (f)->ffr = 0; \
92  (f)->next = NULL; \
93  (f)->timeout_at = 0; \
94  (f)->timeout_policy = 0; \
95  (f)->flow_state = 0; \
96  (f)->tenant_id = 0; \
97  (f)->parent_id = 0; \
98  (f)->probing_parser_toserver_alproto_masks = 0; \
99  (f)->probing_parser_toclient_alproto_masks = 0; \
100  (f)->flags = 0; \
101  (f)->file_flags = 0; \
102  (f)->protodetect_dp = 0; \
103  SCTIME_INIT((f)->lastts); \
104  (f)->protoctx = NULL; \
105  (f)->flow_end_flags = 0; \
106  (f)->alparser = NULL; \
107  (f)->alstate = NULL; \
108  (f)->alproto = 0; \
109  (f)->alproto_ts = 0; \
110  (f)->alproto_tc = 0; \
111  (f)->alproto_orig = 0; \
112  (f)->alproto_expect = 0; \
113  (f)->de_ctx_version = 0; \
114  (f)->thread_id[0] = 0; \
115  (f)->thread_id[1] = 0; \
116  (f)->sgh_toserver = NULL; \
117  (f)->sgh_toclient = NULL; \
118  GenericVarFree((f)->flowvar); \
119  (f)->flowvar = NULL; \
120  if (MacSetFlowStorageEnabled()) { \
121  MacSet *ms = FlowGetStorageById((f), MacSetGetFlowStorageID()); \
122  if (ms != NULL) { \
123  MacSetReset(ms); \
124  } \
125  } \
126  RESET_COUNTERS((f)); \
127  } while (0)
128 
129 #define FLOW_DESTROY(f) \
130  do { \
131  FlowCleanupAppLayer((f)); \
132  \
133  FLOWLOCK_DESTROY((f)); \
134  GenericVarFree((f)->flowvar); \
135  } while (0)
136 
137 /** \brief check if a memory alloc would fit in the memcap
138  *
139  * \param size memory allocation size to check
140  *
141  * \retval 1 it fits
142  * \retval 0 no fit
143  */
144 #define FLOW_CHECK_MEMCAP(size) \
145  ((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= \
146  SC_ATOMIC_GET(flow_config.memcap)))
147 
148 Flow *FlowAlloc(void);
149 Flow *FlowAllocDirect(void);
150 void FlowFree(Flow *);
151 uint8_t FlowGetProtoMapping(uint8_t);
152 void FlowInit(Flow *, const Packet *);
153 uint8_t FlowGetReverseProtoMapping(uint8_t rproto);
154 
155 /* flow end counter logic */
156 
157 typedef struct FlowEndCounters_ {
158  uint16_t flow_state[FLOW_STATE_SIZE];
159  uint16_t flow_tcp_state[TCP_CLOSED + 1];
160  uint16_t flow_tcp_liberal;
161 } FlowEndCounters;
162 
163 static inline void FlowEndCountersUpdate(ThreadVars *tv, FlowEndCounters *fec, Flow *f)
164 {
165  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
166  TcpSession *ssn = f->protoctx;
167  StatsIncr(tv, fec->flow_tcp_state[ssn->state]);
168  if (ssn->lossy_be_liberal) {
169  StatsIncr(tv, fec->flow_tcp_liberal);
170  }
171  }
172  StatsIncr(tv, fec->flow_state[f->flow_state]);
173 }
174 
175 void FlowEndCountersRegister(ThreadVars *t, FlowEndCounters *fec);
176 
177 #endif /* __FLOW_UTIL_H__ */
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:167
Flow_::proto
uint8_t proto
Definition: flow.h:379
Flow_
Flow data structure.
Definition: flow.h:357
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:98
FlowEndCounters_::flow_tcp_liberal
uint16_t flow_tcp_liberal
Definition: flow-util.h:160
FlowEndCounters_::flow_state
uint16_t flow_state[FLOW_STATE_SIZE]
Definition: flow-util.h:158
TcpSession_::lossy_be_liberal
bool lossy_be_liberal
Definition: stream-tcp-private.h:283
Flow_::protoctx
void * protoctx
Definition: flow.h:447
FlowAlloc
Flow * FlowAlloc(void)
allocate a flow
Definition: flow-util.c:54
Flow_::flow_state
FlowStateType flow_state
Definition: flow.h:418
FlowEndCounters_::flow_tcp_state
uint16_t flow_tcp_state[TCP_CLOSED+1]
Definition: flow-util.h:159
FlowEndCounters
struct FlowEndCounters_ FlowEndCounters
FlowAllocDirect
Flow * FlowAllocDirect(void)
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
FlowFree
void FlowFree(Flow *)
cleanup & free the memory of a flow
Definition: flow-util.c:83
TcpSession_::state
uint8_t state
Definition: stream-tcp-private.h:274
Packet_
Definition: decode.h:428
stream-tcp-private.h
FLOW_STATE_SIZE
#define FLOW_STATE_SIZE
Definition: flow.h:516
TCP_CLOSED
@ TCP_CLOSED
Definition: stream-tcp-private.h:161
FlowEndCountersRegister
void FlowEndCountersRegister(ThreadVars *t, FlowEndCounters *fec)
Definition: flow-util.c:242
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
FlowInit
void FlowInit(Flow *, const Packet *)
Definition: flow-util.c:146
TcpSession_
Definition: stream-tcp-private.h:272
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition: flow-util.c:112
flow.h
FlowEndCounters_
Definition: flow-util.h:157