suricata
flow-worker.c
Go to the documentation of this file.
1 /* Copyright (C) 2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Flow Workers are single thread modules taking care of (almost)
24  * everything related to packets with flows:
25  *
26  * - Lookup/creation
27  * - Stream tracking, reassembly
28  * - Applayer update
29  * - Detection
30  *
31  * This all while holding the flow lock.
32  */
33 
34 #include "suricata-common.h"
35 #include "suricata.h"
36 
37 #include "decode.h"
38 #include "stream-tcp.h"
39 #include "app-layer.h"
40 #include "detect-engine.h"
41 #include "output.h"
42 #include "app-layer-parser.h"
43 
44 #include "util-validate.h"
45 
46 #include "flow-util.h"
47 
48 typedef DetectEngineThreadCtx *DetectEngineThreadCtxPtr;
49 
50 typedef struct FlowWorkerThreadData_ {
51  DecodeThreadVars *dtv;
52 
53  union {
54  StreamTcpThread *stream_thread;
55  void *stream_thread_ptr;
56  };
57 
58  SC_ATOMIC_DECLARE(DetectEngineThreadCtxPtr, detect_thread);
59 
60  void *output_thread; /* Output thread data. */
61 
62  uint16_t local_bypass_pkts;
63  uint16_t local_bypass_bytes;
64  uint16_t both_bypass_pkts;
65  uint16_t both_bypass_bytes;
66 
67  PacketQueue pq;
68 
69 } FlowWorkerThreadData;
70 
71 /** \brief handle flow for packet
72  *
73  * Handle flow creation/lookup
74  */
75 static inline TmEcode FlowUpdate(ThreadVars *tv, FlowWorkerThreadData *fw, Packet *p)
76 {
77  FlowHandlePacketUpdate(p->flow, p);
78 
79  int state = SC_ATOMIC_GET(p->flow->flow_state);
80  switch (state) {
81 #ifdef CAPTURE_OFFLOAD
82  case FLOW_STATE_CAPTURE_BYPASSED:
83  StatsAddUI64(tv, fw->both_bypass_pkts, 1);
84  StatsAddUI64(tv, fw->both_bypass_bytes, GET_PKT_LEN(p));
85  return TM_ECODE_DONE;
86 #endif
87  case FLOW_STATE_LOCAL_BYPASSED:
88  StatsAddUI64(tv, fw->local_bypass_pkts, 1);
89  StatsAddUI64(tv, fw->local_bypass_bytes, GET_PKT_LEN(p));
90  return TM_ECODE_DONE;
91  default:
92  return TM_ECODE_OK;
93  }
94 }
95 
96 static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data);
97 
98 static TmEcode FlowWorkerThreadInit(ThreadVars *tv, const void *initdata, void **data)
99 {
100  FlowWorkerThreadData *fw = SCCalloc(1, sizeof(*fw));
101  if (fw == NULL)
102  return TM_ECODE_FAILED;
103 
104  SC_ATOMIC_INIT(fw->detect_thread);
105  SC_ATOMIC_SET(fw->detect_thread, NULL);
106 
107  fw->local_bypass_pkts = StatsRegisterCounter("flow_bypassed.local_pkts", tv);
108  fw->local_bypass_bytes = StatsRegisterCounter("flow_bypassed.local_bytes", tv);
109  fw->both_bypass_pkts = StatsRegisterCounter("flow_bypassed.local_capture_pkts", tv);
110  fw->both_bypass_bytes = StatsRegisterCounter("flow_bypassed.local_capture_bytes", tv);
111 
112  fw->dtv = DecodeThreadVarsAlloc(tv);
113  if (fw->dtv == NULL) {
114  FlowWorkerThreadDeinit(tv, fw);
115  return TM_ECODE_FAILED;
116  }
117 
118  /* setup TCP */
119  if (StreamTcpThreadInit(tv, NULL, &fw->stream_thread_ptr) != TM_ECODE_OK) {
120  FlowWorkerThreadDeinit(tv, fw);
121  return TM_ECODE_FAILED;
122  }
123 
124  if (DetectEngineEnabled()) {
125  /* setup DETECT */
126  void *detect_thread = NULL;
127  if (DetectEngineThreadCtxInit(tv, NULL, &detect_thread) != TM_ECODE_OK) {
128  FlowWorkerThreadDeinit(tv, fw);
129  return TM_ECODE_FAILED;
130  }
131  SC_ATOMIC_SET(fw->detect_thread, detect_thread);
132  }
133 
134  /* Setup outputs for this thread. */
135  if (OutputLoggerThreadInit(tv, initdata, &fw->output_thread) != TM_ECODE_OK) {
136  FlowWorkerThreadDeinit(tv, fw);
137  return TM_ECODE_FAILED;
138  }
139 
140  DecodeRegisterPerfCounters(fw->dtv, tv);
141  AppLayerRegisterThreadCounters(tv);
142 
143  /* setup pq for stream end pkts */
144  memset(&fw->pq, 0, sizeof(PacketQueue));
145  SCMutexInit(&fw->pq.mutex_q, NULL);
146 
147  *data = fw;
148  return TM_ECODE_OK;
149 }
150 
151 static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data)
152 {
153  FlowWorkerThreadData *fw = data;
154 
155  DecodeThreadVarsFree(tv, fw->dtv);
156 
157  /* free TCP */
158  StreamTcpThreadDeinit(tv, (void *)fw->stream_thread);
159 
160  /* free DETECT */
161  void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
162  if (detect_thread != NULL) {
163  DetectEngineThreadCtxDeinit(tv, detect_thread);
164  SC_ATOMIC_SET(fw->detect_thread, NULL);
165  }
166 
167  /* Free output. */
168  OutputLoggerThreadDeinit(tv, fw->output_thread);
169 
170  /* free pq */
171  BUG_ON(fw->pq.len);
172  SCMutexDestroy(&fw->pq.mutex_q);
173 
174  SC_ATOMIC_DESTROY(fw->detect_thread);
175  SCFree(fw);
176  return TM_ECODE_OK;
177 }
178 
179 TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
180 TmEcode StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
181 
182 static void FlowPruneFiles(Packet *p)
183 {
184  if (p->flow && p->flow->alstate) {
185  Flow *f = p->flow;
186  FileContainer *fc = AppLayerParserGetFiles(p->proto, f->alproto,
187  f->alstate, PKT_IS_TOSERVER(p) ? STREAM_TOSERVER : STREAM_TOCLIENT);
188  if (fc != NULL) {
189  FilePrune(fc);
190  }
191  }
192 }
193 
194 static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data, PacketQueue *preq, PacketQueue *unused)
195 {
196  FlowWorkerThreadData *fw = data;
197  void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
198 
199  SCLogDebug("packet %"PRIu64, p->pcap_cnt);
200 
201  /* update time */
202  if (!(PKT_IS_PSEUDOPKT(p))) {
203  TimeSetByThread(tv->id, &p->ts);
204  }
205 
206  /* handle Flow */
207  if (p->flags & PKT_WANTS_FLOW) {
208  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_FLOW);
209 
210  FlowHandlePacket(tv, fw->dtv, p);
211  if (likely(p->flow != NULL)) {
212  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
213  if (FlowUpdate(tv, fw, p) == TM_ECODE_DONE) {
214  FLOWLOCK_UNLOCK(p->flow);
215  return TM_ECODE_OK;
216  }
217  }
218  /* Flow is now LOCKED */
219 
220  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_FLOW);
221 
222  /* if PKT_WANTS_FLOW is not set, but PKT_HAS_FLOW is, then this is a
223  * pseudo packet created by the flow manager. */
224  } else if (p->flags & PKT_HAS_FLOW) {
225  FLOWLOCK_WRLOCK(p->flow);
226  }
227 
228  SCLogDebug("packet %"PRIu64" has flow? %s", p->pcap_cnt, p->flow ? "yes" : "no");
229 
230  /* handle TCP and app layer */
231  if (p->flow && PKT_IS_TCP(p)) {
232  SCLogDebug("packet %"PRIu64" is TCP. Direction %s", p->pcap_cnt, PKT_IS_TOSERVER(p) ? "TOSERVER" : "TOCLIENT");
233  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
234 
235  /* if detect is disabled, we need to apply file flags to the flow
236  * here on the first packet. */
237  if (detect_thread == NULL &&
238  ((PKT_IS_TOSERVER(p) && (p->flowflags & FLOW_PKT_TOSERVER_FIRST)) ||
239  (PKT_IS_TOCLIENT(p) && (p->flowflags & FLOW_PKT_TOCLIENT_FIRST))))
240  {
241  DisableDetectFlowFileFlags(p->flow);
242  }
243 
244  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_STREAM);
245  StreamTcp(tv, p, fw->stream_thread, &fw->pq, NULL);
246  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_STREAM);
247 
248  if (FlowChangeProto(p->flow)) {
249  StreamTcpDetectLogFlush(tv, fw->stream_thread, p->flow, p, &fw->pq);
250  }
251 
252  /* Packets here can safely access p->flow as it's locked */
253  SCLogDebug("packet %"PRIu64": extra packets %u", p->pcap_cnt, fw->pq.len);
254  Packet *x;
255  while ((x = PacketDequeue(&fw->pq))) {
256  SCLogDebug("packet %"PRIu64" extra packet %p", p->pcap_cnt, x);
257 
258  // TODO do we need to call StreamTcp on these pseudo packets or not?
259  //StreamTcp(tv, x, fw->stream_thread, &fw->pq, NULL);
260  if (detect_thread != NULL) {
261  FLOWWORKER_PROFILING_START(x, PROFILE_FLOWWORKER_DETECT);
262  Detect(tv, x, detect_thread, NULL, NULL);
263  FLOWWORKER_PROFILING_END(x, PROFILE_FLOWWORKER_DETECT);
264  }
265 
266  // Outputs
267  OutputLoggerLog(tv, x, fw->output_thread);
268 
269  /* put these packets in the preq queue so that they are
270  * by the other thread modules before packet 'p'. */
271  PacketEnqueue(preq, x);
272  }
273 
274  /* handle the app layer part of the UDP packet payload */
275  } else if (p->flow && p->proto == IPPROTO_UDP) {
276  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
277  AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
278  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
279  }
280 
281  PacketUpdateEngineEventCounters(tv, fw->dtv, p);
282 
283  /* handle Detect */
284  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
285  SCLogDebug("packet %"PRIu64" calling Detect", p->pcap_cnt);
286 
287  if (detect_thread != NULL) {
288  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_DETECT);
289  Detect(tv, p, detect_thread, NULL, NULL);
290  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_DETECT);
291  }
292 
293  // Outputs.
294  OutputLoggerLog(tv, p, fw->output_thread);
295 
296  /* Prune any stored files. */
297  FlowPruneFiles(p);
298 
299  /* Release tcp segments. Done here after alerting can use them. */
300  if (p->flow != NULL && p->proto == IPPROTO_TCP) {
301  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_TCPPRUNE);
302  StreamTcpPruneSession(p->flow, p->flowflags & FLOW_PKT_TOSERVER ?
303  STREAM_TOSERVER : STREAM_TOCLIENT);
304  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_TCPPRUNE);
305  }
306 
307  if (p->flow) {
308  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
309 
310  /* run tx cleanup last */
311  AppLayerParserTransactionsCleanup(p->flow);
312  FLOWLOCK_UNLOCK(p->flow);
313  }
314 
315  return TM_ECODE_OK;
316 }
317 
318 void FlowWorkerReplaceDetectCtx(void *flow_worker, void *detect_ctx)
319 {
320  FlowWorkerThreadData *fw = flow_worker;
321 
322  SC_ATOMIC_SET(fw->detect_thread, detect_ctx);
323 }
324 
325 void *FlowWorkerGetDetectCtxPtr(void *flow_worker)
326 {
327  FlowWorkerThreadData *fw = flow_worker;
328 
329  return SC_ATOMIC_GET(fw->detect_thread);
330 }
331 
332 const char *ProfileFlowWorkerIdToString(enum ProfileFlowWorkerId fwi)
333 {
334  switch (fwi) {
335  case PROFILE_FLOWWORKER_FLOW:
336  return "flow";
337  case PROFILE_FLOWWORKER_STREAM:
338  return "stream";
339  case PROFILE_FLOWWORKER_APPLAYERUDP:
340  return "app-layer";
341  case PROFILE_FLOWWORKER_DETECT:
342  return "detect";
343  case PROFILE_FLOWWORKER_TCPPRUNE:
344  return "tcp-prune";
345  case PROFILE_FLOWWORKER_SIZE:
346  return "size";
347  }
348  return "error";
349 }
350 
351 static void FlowWorkerExitPrintStats(ThreadVars *tv, void *data)
352 {
353  FlowWorkerThreadData *fw = data;
354  OutputLoggerExitPrintStats(tv, fw->output_thread);
355 }
356 
357 void TmModuleFlowWorkerRegister (void)
358 {
359  tmm_modules[TMM_FLOWWORKER].name = "FlowWorker";
360  tmm_modules[TMM_FLOWWORKER].ThreadInit = FlowWorkerThreadInit;
361  tmm_modules[TMM_FLOWWORKER].Func = FlowWorker;
362  tmm_modules[TMM_FLOWWORKER].ThreadDeinit = FlowWorkerThreadDeinit;
363  tmm_modules[TMM_FLOWWORKER].ThreadExitPrintStats = FlowWorkerExitPrintStats;
364  tmm_modules[TMM_FLOWWORKER].cap_flags = 0;
365  tmm_modules[TMM_FLOWWORKER].flags = TM_FLAG_STREAM_TM|TM_FLAG_DETECT_TM;
366 }
OutputLoggerLog
TmEcode OutputLoggerLog(ThreadVars *tv, Packet *p, void *thread_data)
Definition: output.c:917
DecodeThreadVarsAlloc
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition: decode.c:614
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
StreamTcp
TmEcode StreamTcp(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: stream-tcp.c:5143
Packet_::flow
struct Flow_ * flow
Definition: decode.h:445
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:67
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:499
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:265
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:70
DetectEngineThreadCtxPtr
DetectEngineThreadCtx * DetectEngineThreadCtxPtr
Definition: flow-worker.c:48
StreamTcpDetectLogFlush
void StreamTcpDetectLogFlush(ThreadVars *tv, StreamTcpThread *stt, Flow *f, Packet *p, PacketQueue *pq)
create packets in both directions to flush out logging and detection before switching protocols...
Definition: stream-tcp.c:6243
PKT_IS_TOCLIENT
#define PKT_IS_TOCLIENT(p)
Definition: decode.h:258
FlowWorkerThreadData_::stream_thread
StreamTcpThread * stream_thread
Definition: flow-worker.c:54
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:243
FlowWorkerThreadData_::output_thread
void * output_thread
Definition: flow-worker.c:60
TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: tm-modules.h:52
TcpReassemblyThreadCtx_::app_tctx
void * app_tctx
Definition: stream-tcp-reassemble.h:61
FlowWorkerReplaceDetectCtx
void FlowWorkerReplaceDetectCtx(void *flow_worker, void *detect_ctx)
Definition: flow-worker.c:318
DecodeRegisterPerfCounters
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition: decode.c:474
ProfileFlowWorkerId
ProfileFlowWorkerId
Definition: flow-worker.h:21
TimeSetByThread
void TimeSetByThread(const int thread_id, const struct timeval *tv)
Definition: util-time.c:107
FileContainer_
Definition: util-file.h:100
FlowWorkerGetDetectCtxPtr
void * FlowWorkerGetDetectCtxPtr(void *flow_worker)
Definition: flow-worker.c:325
OutputLoggerExitPrintStats
void OutputLoggerExitPrintStats(ThreadVars *tv, void *thread_data)
Definition: output.c:990
FLOW_PKT_TOSERVER_FIRST
#define FLOW_PKT_TOSERVER_FIRST
Definition: flow.h:206
FlowWorkerThreadData_::both_bypass_pkts
uint16_t both_bypass_pkts
Definition: flow-worker.c:64
PacketQueue_
Definition: decode.h:620
TM_FLAG_STREAM_TM
#define TM_FLAG_STREAM_TM
Definition: tm-modules.h:33
FLOWLOCK_WRLOCK
#define FLOWLOCK_WRLOCK(fb)
Definition: flow.h:240
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:561
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:2762
StreamTcpThreadInit
TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
Definition: stream-tcp.c:5179
FlowWorkerThreadData_::local_bypass_bytes
uint16_t local_bypass_bytes
Definition: flow-worker.c:63
SC_ATOMIC_DESTROY
#define SC_ATOMIC_DESTROY(name)
Destroy the lock used to protect this variable.
Definition: util-atomic.h:97
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:2970
StreamTcpThread_::ra_ctx
TcpReassemblyThreadCtx * ra_ctx
Definition: stream-tcp.h:103
StatsRegisterCounter
uint16_t StatsRegisterCounter(const char *name, struct ThreadVars_ *tv)
Registers a normal, unqualified counter.
Definition: counters.c:943
Flow_::alstate
void * alstate
Definition: flow.h:438
FlowWorkerThreadData_::stream_thread_ptr
void * stream_thread_ptr
Definition: flow-worker.c:55
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it&#39;s lock.
Definition: util-atomic.h:81
SCCalloc
#define SCCalloc(nm, a)
Definition: util-mem.h:253
FLOWWORKER_PROFILING_START
#define FLOWWORKER_PROFILING_START(p, id)
Definition: util-profiling.h:166
Packet_::proto
uint8_t proto
Definition: decode.h:430
OutputLoggerThreadInit
TmEcode OutputLoggerThreadInit(ThreadVars *tv, const void *initdata, void **data)
Definition: output.c:933
PacketQueue_::len
uint32_t len
Definition: decode.h:623
StreamTcpThread_
Definition: stream-tcp.h:70
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:632
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
FlowWorkerThreadData_::pq
PacketQueue pq
Definition: flow-worker.c:67
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
FlowWorkerThreadData_::dtv
DecodeThreadVars * dtv
Definition: flow-worker.c:51
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:439
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:240
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3127
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
PKT_IS_TOSERVER
#define PKT_IS_TOSERVER(p)
Definition: decode.h:257
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition: flow.h:201
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:357
OutputLoggerThreadDeinit
TmEcode OutputLoggerThreadDeinit(ThreadVars *tv, void *thread_data)
Definition: output.c:964
PacketUpdateEngineEventCounters
void PacketUpdateEngineEventCounters(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Definition: decode.c:122
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
Packet_
Definition: decode.h:407
TmModule_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: tm-modules.h:48
FilePrune
void FilePrune(FileContainer *ffc)
Definition: util-file.c:345
Detect
TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
Detection engine thread wrapper.
Definition: detect.c:1601
FLOW_PKT_TOCLIENT_FIRST
#define FLOW_PKT_TOCLIENT_FIRST
Definition: flow.h:207
FlowWorkerThreadData
struct FlowWorkerThreadData_ FlowWorkerThreadData
TmModule_::name
const char * name
Definition: tm-modules.h:44
FlowWorkerThreadData_::local_bypass_pkts
uint16_t local_bypass_pkts
Definition: flow-worker.c:62
DisableDetectFlowFileFlags
void DisableDetectFlowFileFlags(Flow *f)
disable file features we don&#39;t need Called if we have no detection engine.
Definition: detect.c:1659
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:207
ThreadVars_::id
int id
Definition: threadvars.h:69
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:898
SCFree
#define SCFree(a)
Definition: util-mem.h:322
PKT_IS_TCP
#define PKT_IS_TCP(p)
Definition: decode.h:253
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.h:73
StreamTcpThreadDeinit
TmEcode StreamTcpThreadDeinit(ThreadVars *tv, void *data)
Definition: stream-tcp.c:5246
FLOWWORKER_PROFILING_END
#define FLOWWORKER_PROFILING_END(p, id)
Definition: util-profiling.h:173
FlowWorkerThreadData_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(DetectEngineThreadCtxPtr, detect_thread)
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
FlowHandlePacketUpdate
void FlowHandlePacketUpdate(Flow *f, Packet *p)
Update Packet and Flow.
Definition: flow.c:398
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:192
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1093
PacketDequeue
Packet * PacketDequeue(PacketQueue *q)
Definition: packet-queue.c:167
PKT_WANTS_FLOW
#define PKT_WANTS_FLOW
Definition: decode.h:1114
PKT_IS_PSEUDOPKT
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Definition: decode.h:1132
ProfileFlowWorkerIdToString
const char * ProfileFlowWorkerIdToString(enum ProfileFlowWorkerId fwi)
Definition: flow-worker.c:332
FlowWorkerThreadData_::both_bypass_bytes
uint16_t both_bypass_bytes
Definition: flow-worker.c:65
TM_FLAG_DETECT_TM
#define TM_FLAG_DETECT_TM
Definition: tm-modules.h:34
AppLayerHandleUdp
int AppLayerHandleUdp(ThreadVars *tv, AppLayerThreadCtx *tctx, Packet *p, Flow *f)
Handle a app layer UDP message.
Definition: app-layer.c:688
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
Packet_::ts
struct timeval ts
Definition: decode.h:451
DetectEngineThreadCtx_
Definition: detect.h:1003
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:409
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:224
Packet_::flags
uint32_t flags
Definition: decode.h:443
AppLayerParserGetFiles
FileContainer * AppLayerParserGetFiles(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
Definition: app-layer-parser.c:878
StatsAddUI64
void StatsAddUI64(ThreadVars *tv, uint16_t id, uint64_t x)
Adds a value of type uint64_t to the local counter.
Definition: counters.c:147
likely
#define likely(expr)
Definition: util-optimize.h:32
DecodeThreadVarsFree
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition: decode.c:633
FlowWorkerThreadData_
Definition: flow-worker.c:50
Flow_
Flow data structure.
Definition: flow.h:325
PacketEnqueue
void PacketEnqueue(PacketQueue *q, Packet *p)
Definition: packet-queue.c:139
AppLayerRegisterThreadCounters
void AppLayerRegisterThreadCounters(ThreadVars *tv)
Registers per flow counters for all protocols.
Definition: app-layer.c:926
PacketQueue_::mutex_q
SCMutex mutex_q
Definition: decode.h:627
SCMutexDestroy
#define SCMutexDestroy
Definition: threads-debug.h:120
StreamTcpPruneSession
void StreamTcpPruneSession(Flow *f, uint8_t flags)
Remove idle TcpSegments from TcpSession.
Definition: stream-tcp-list.c:801