suricata
flow-worker.c
Go to the documentation of this file.
1 /* Copyright (C) 2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Flow Workers are single thread modules taking care of (almost)
24  * everything related to packets with flows:
25  *
26  * - Lookup/creation
27  * - Stream tracking, reassembly
28  * - Applayer update
29  * - Detection
30  *
31  * This all while holding the flow lock.
32  */
33 
34 #include "suricata-common.h"
35 #include "suricata.h"
36 
37 #include "decode.h"
38 #include "stream-tcp.h"
39 #include "app-layer.h"
40 #include "detect-engine.h"
41 #include "output.h"
42 #include "app-layer-parser.h"
43 
44 #include "util-validate.h"
45 
46 #include "flow-util.h"
47 
48 typedef DetectEngineThreadCtx *DetectEngineThreadCtxPtr;
49 
50 typedef struct FlowWorkerThreadData_ {
51  DecodeThreadVars *dtv;
52 
53  union {
54  StreamTcpThread *stream_thread;
55  void *stream_thread_ptr;
56  };
57 
58  SC_ATOMIC_DECLARE(DetectEngineThreadCtxPtr, detect_thread);
59 
60  void *output_thread; /* Output thread data. */
61 
62  PacketQueue pq;
63 
64 } FlowWorkerThreadData;
65 
66 /** \brief handle flow for packet
67  *
68  * Handle flow creation/lookup
69  */
70 static inline TmEcode FlowUpdate(Packet *p)
71 {
72  FlowHandlePacketUpdate(p->flow, p);
73 
74  int state = SC_ATOMIC_GET(p->flow->flow_state);
75  switch (state) {
76  case FLOW_STATE_CAPTURE_BYPASSED:
77  case FLOW_STATE_LOCAL_BYPASSED:
78  return TM_ECODE_DONE;
79  default:
80  return TM_ECODE_OK;
81  }
82 }
83 
84 static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data);
85 
86 static TmEcode FlowWorkerThreadInit(ThreadVars *tv, const void *initdata, void **data)
87 {
88  FlowWorkerThreadData *fw = SCCalloc(1, sizeof(*fw));
89  if (fw == NULL)
90  return TM_ECODE_FAILED;
91 
92  SC_ATOMIC_INIT(fw->detect_thread);
93  SC_ATOMIC_SET(fw->detect_thread, NULL);
94 
95  fw->dtv = DecodeThreadVarsAlloc(tv);
96  if (fw->dtv == NULL) {
97  FlowWorkerThreadDeinit(tv, fw);
98  return TM_ECODE_FAILED;
99  }
100 
101  /* setup TCP */
102  if (StreamTcpThreadInit(tv, NULL, &fw->stream_thread_ptr) != TM_ECODE_OK) {
103  FlowWorkerThreadDeinit(tv, fw);
104  return TM_ECODE_FAILED;
105  }
106 
107  if (DetectEngineEnabled()) {
108  /* setup DETECT */
109  void *detect_thread = NULL;
110  if (DetectEngineThreadCtxInit(tv, NULL, &detect_thread) != TM_ECODE_OK) {
111  FlowWorkerThreadDeinit(tv, fw);
112  return TM_ECODE_FAILED;
113  }
114  SC_ATOMIC_SET(fw->detect_thread, detect_thread);
115  }
116 
117  /* Setup outputs for this thread. */
118  if (OutputLoggerThreadInit(tv, initdata, &fw->output_thread) != TM_ECODE_OK) {
119  FlowWorkerThreadDeinit(tv, fw);
120  return TM_ECODE_FAILED;
121  }
122 
123  DecodeRegisterPerfCounters(fw->dtv, tv);
124  AppLayerRegisterThreadCounters(tv);
125 
126  /* setup pq for stream end pkts */
127  memset(&fw->pq, 0, sizeof(PacketQueue));
128  SCMutexInit(&fw->pq.mutex_q, NULL);
129 
130  *data = fw;
131  return TM_ECODE_OK;
132 }
133 
134 static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data)
135 {
136  FlowWorkerThreadData *fw = data;
137 
138  DecodeThreadVarsFree(tv, fw->dtv);
139 
140  /* free TCP */
141  StreamTcpThreadDeinit(tv, (void *)fw->stream_thread);
142 
143  /* free DETECT */
144  void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
145  if (detect_thread != NULL) {
146  DetectEngineThreadCtxDeinit(tv, detect_thread);
147  SC_ATOMIC_SET(fw->detect_thread, NULL);
148  }
149 
150  /* Free output. */
151  OutputLoggerThreadDeinit(tv, fw->output_thread);
152 
153  /* free pq */
154  BUG_ON(fw->pq.len);
155  SCMutexDestroy(&fw->pq.mutex_q);
156 
157  SC_ATOMIC_DESTROY(fw->detect_thread);
158  SCFree(fw);
159  return TM_ECODE_OK;
160 }
161 
162 TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
163 TmEcode StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
164 
165 static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data, PacketQueue *preq, PacketQueue *unused)
166 {
167  FlowWorkerThreadData *fw = data;
168  void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
169 
170  SCLogDebug("packet %"PRIu64, p->pcap_cnt);
171 
172  /* update time */
173  if (!(PKT_IS_PSEUDOPKT(p))) {
174  TimeSetByThread(tv->id, &p->ts);
175  }
176 
177  /* handle Flow */
178  if (p->flags & PKT_WANTS_FLOW) {
179  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_FLOW);
180 
181  FlowHandlePacket(tv, fw->dtv, p);
182  if (likely(p->flow != NULL)) {
183  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
184  if (FlowUpdate(p) == TM_ECODE_DONE) {
185  FLOWLOCK_UNLOCK(p->flow);
186  return TM_ECODE_OK;
187  }
188  }
189  /* Flow is now LOCKED */
190 
191  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_FLOW);
192 
193  /* if PKT_WANTS_FLOW is not set, but PKT_HAS_FLOW is, then this is a
194  * pseudo packet created by the flow manager. */
195  } else if (p->flags & PKT_HAS_FLOW) {
196  FLOWLOCK_WRLOCK(p->flow);
197  }
198 
199  SCLogDebug("packet %"PRIu64" has flow? %s", p->pcap_cnt, p->flow ? "yes" : "no");
200 
201  /* handle TCP and app layer */
202  if (p->flow && PKT_IS_TCP(p)) {
203  SCLogDebug("packet %"PRIu64" is TCP. Direction %s", p->pcap_cnt, PKT_IS_TOSERVER(p) ? "TOSERVER" : "TOCLIENT");
204  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
205 
206  /* if detect is disabled, we need to apply file flags to the flow
207  * here on the first packet. */
208  if (detect_thread == NULL &&
209  ((PKT_IS_TOSERVER(p) && (p->flowflags & FLOW_PKT_TOSERVER_FIRST)) ||
210  (PKT_IS_TOCLIENT(p) && (p->flowflags & FLOW_PKT_TOCLIENT_FIRST))))
211  {
212  DisableDetectFlowFileFlags(p->flow);
213  }
214 
215  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_STREAM);
216  StreamTcp(tv, p, fw->stream_thread, &fw->pq, NULL);
217  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_STREAM);
218 
219  if (FlowChangeProto(p->flow)) {
220  StreamTcpDetectLogFlush(tv, fw->stream_thread, p->flow, p, &fw->pq);
221  }
222 
223  /* Packets here can safely access p->flow as it's locked */
224  SCLogDebug("packet %"PRIu64": extra packets %u", p->pcap_cnt, fw->pq.len);
225  Packet *x;
226  while ((x = PacketDequeue(&fw->pq))) {
227  SCLogDebug("packet %"PRIu64" extra packet %p", p->pcap_cnt, x);
228 
229  // TODO do we need to call StreamTcp on these pseudo packets or not?
230  //StreamTcp(tv, x, fw->stream_thread, &fw->pq, NULL);
231  if (detect_thread != NULL) {
232  FLOWWORKER_PROFILING_START(x, PROFILE_FLOWWORKER_DETECT);
233  Detect(tv, x, detect_thread, NULL, NULL);
234  FLOWWORKER_PROFILING_END(x, PROFILE_FLOWWORKER_DETECT);
235  }
236 
237  // Outputs
238  OutputLoggerLog(tv, x, fw->output_thread);
239 
240  /* put these packets in the preq queue so that they are
241  * by the other thread modules before packet 'p'. */
242  PacketEnqueue(preq, x);
243  }
244 
245  /* handle the app layer part of the UDP packet payload */
246  } else if (p->flow && p->proto == IPPROTO_UDP) {
247  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
248  AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
249  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
250  }
251 
252  PacketUpdateEngineEventCounters(tv, fw->dtv, p);
253 
254  /* handle Detect */
255  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
256  SCLogDebug("packet %"PRIu64" calling Detect", p->pcap_cnt);
257 
258  if (detect_thread != NULL) {
259  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_DETECT);
260  Detect(tv, p, detect_thread, NULL, NULL);
261  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_DETECT);
262  }
263 
264  // Outputs.
265  OutputLoggerLog(tv, p, fw->output_thread);
266 
267  /* Release tcp segments. Done here after alerting can use them. */
268  if (p->flow != NULL && p->proto == IPPROTO_TCP) {
269  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_TCPPRUNE);
270  StreamTcpPruneSession(p->flow, p->flowflags & FLOW_PKT_TOSERVER ?
271  STREAM_TOSERVER : STREAM_TOCLIENT);
272  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_TCPPRUNE);
273  }
274 
275  if (p->flow) {
276  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
277 
278  /* run tx cleanup last */
279  AppLayerParserTransactionsCleanup(p->flow);
280  FLOWLOCK_UNLOCK(p->flow);
281  }
282 
283  return TM_ECODE_OK;
284 }
285 
286 void FlowWorkerReplaceDetectCtx(void *flow_worker, void *detect_ctx)
287 {
288  FlowWorkerThreadData *fw = flow_worker;
289 
290  SC_ATOMIC_SET(fw->detect_thread, detect_ctx);
291 }
292 
293 void *FlowWorkerGetDetectCtxPtr(void *flow_worker)
294 {
295  FlowWorkerThreadData *fw = flow_worker;
296 
297  return SC_ATOMIC_GET(fw->detect_thread);
298 }
299 
300 const char *ProfileFlowWorkerIdToString(enum ProfileFlowWorkerId fwi)
301 {
302  switch (fwi) {
303  case PROFILE_FLOWWORKER_FLOW:
304  return "flow";
305  case PROFILE_FLOWWORKER_STREAM:
306  return "stream";
307  case PROFILE_FLOWWORKER_APPLAYERUDP:
308  return "app-layer";
309  case PROFILE_FLOWWORKER_DETECT:
310  return "detect";
311  case PROFILE_FLOWWORKER_TCPPRUNE:
312  return "tcp-prune";
313  case PROFILE_FLOWWORKER_SIZE:
314  return "size";
315  }
316  return "error";
317 }
318 
319 static void FlowWorkerExitPrintStats(ThreadVars *tv, void *data)
320 {
321  FlowWorkerThreadData *fw = data;
322  OutputLoggerExitPrintStats(tv, fw->output_thread);
323 }
324 
325 void TmModuleFlowWorkerRegister (void)
326 {
327  tmm_modules[TMM_FLOWWORKER].name = "FlowWorker";
328  tmm_modules[TMM_FLOWWORKER].ThreadInit = FlowWorkerThreadInit;
329  tmm_modules[TMM_FLOWWORKER].Func = FlowWorker;
330  tmm_modules[TMM_FLOWWORKER].ThreadDeinit = FlowWorkerThreadDeinit;
331  tmm_modules[TMM_FLOWWORKER].ThreadExitPrintStats = FlowWorkerExitPrintStats;
332  tmm_modules[TMM_FLOWWORKER].cap_flags = 0;
333  tmm_modules[TMM_FLOWWORKER].flags = TM_FLAG_STREAM_TM|TM_FLAG_DETECT_TM;
334 }
OutputLoggerLog
TmEcode OutputLoggerLog(ThreadVars *tv, Packet *p, void *thread_data)
Definition: output.c:914
DecodeThreadVarsAlloc
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition: decode.c:570
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
SCMutexDestroy
#define SCMutexDestroy(x)
Definition: threads-arch-tile.h:57
StreamTcp
TmEcode StreamTcp(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: stream-tcp.c:5104
Packet_::flow
struct Flow_ * flow
Definition: decode.h:444
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:67
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:428
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:267
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:70
DetectEngineThreadCtxPtr
DetectEngineThreadCtx * DetectEngineThreadCtxPtr
Definition: flow-worker.c:48
StreamTcpDetectLogFlush
void StreamTcpDetectLogFlush(ThreadVars *tv, StreamTcpThread *stt, Flow *f, Packet *p, PacketQueue *pq)
create packets in both directions to flush out logging and detection before switching protocols...
Definition: stream-tcp.c:6206
PKT_IS_TOCLIENT
#define PKT_IS_TOCLIENT(p)
Definition: decode.h:257
FlowWorkerThreadData_::stream_thread
StreamTcpThread * stream_thread
Definition: flow-worker.c:54
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:235
FlowWorkerThreadData_::output_thread
void * output_thread
Definition: flow-worker.c:60
TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: tm-modules.h:52
TcpReassemblyThreadCtx_::app_tctx
void * app_tctx
Definition: stream-tcp-reassemble.h:61
FlowWorkerReplaceDetectCtx
void FlowWorkerReplaceDetectCtx(void *flow_worker, void *detect_ctx)
Definition: flow-worker.c:286
DecodeRegisterPerfCounters
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition: decode.c:431
ProfileFlowWorkerId
ProfileFlowWorkerId
Definition: flow-worker.h:21
TimeSetByThread
void TimeSetByThread(const int thread_id, const struct timeval *tv)
Definition: util-time.c:99
FlowWorkerGetDetectCtxPtr
void * FlowWorkerGetDetectCtxPtr(void *flow_worker)
Definition: flow-worker.c:293
OutputLoggerExitPrintStats
void OutputLoggerExitPrintStats(ThreadVars *tv, void *thread_data)
Definition: output.c:987
FLOW_PKT_TOSERVER_FIRST
#define FLOW_PKT_TOSERVER_FIRST
Definition: flow.h:198
PacketQueue_
Definition: decode.h:630
TM_FLAG_STREAM_TM
#define TM_FLAG_STREAM_TM
Definition: tm-modules.h:33
FLOWLOCK_WRLOCK
#define FLOWLOCK_WRLOCK(fb)
Definition: flow.h:232
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:566
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:2383
StreamTcpThreadInit
TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
Definition: stream-tcp.c:5140
SC_ATOMIC_DESTROY
#define SC_ATOMIC_DESTROY(name)
Destroy the lock used to protect this variable.
Definition: util-atomic.h:98
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:2591
StreamTcpThread_::ra_ctx
TcpReassemblyThreadCtx * ra_ctx
Definition: stream-tcp.h:103
FlowWorkerThreadData_::stream_thread_ptr
void * stream_thread_ptr
Definition: flow-worker.c:55
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it&#39;s lock.
Definition: util-atomic.h:82
SCCalloc
#define SCCalloc(nm, a)
Definition: util-mem.h:205
FLOWWORKER_PROFILING_START
#define FLOWWORKER_PROFILING_START(p, id)
Definition: util-profiling.h:166
SCMutexInit
#define SCMutexInit(mut, mutattr)
Definition: threads-arch-tile.h:59
Packet_::proto
uint8_t proto
Definition: decode.h:429
OutputLoggerThreadInit
TmEcode OutputLoggerThreadInit(ThreadVars *tv, const void *initdata, void **data)
Definition: output.c:930
PacketQueue_::len
uint32_t len
Definition: decode.h:633
StreamTcpThread_
Definition: stream-tcp.h:70
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:642
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
FlowWorkerThreadData_::pq
PacketQueue pq
Definition: flow-worker.c:62
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
FlowWorkerThreadData_::dtv
DecodeThreadVars * dtv
Definition: flow-worker.c:51
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:438
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:240
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:2748
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
PKT_IS_TOSERVER
#define PKT_IS_TOSERVER(p)
Definition: decode.h:256
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition: flow.h:193
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:325
OutputLoggerThreadDeinit
TmEcode OutputLoggerThreadDeinit(ThreadVars *tv, void *thread_data)
Definition: output.c:961
PacketUpdateEngineEventCounters
void PacketUpdateEngineEventCounters(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Definition: decode.c:121
Packet_
Definition: decode.h:406
TmModule_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: tm-modules.h:48
Detect
TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
Detection engine thread wrapper.
Definition: detect.c:1684
FLOW_PKT_TOCLIENT_FIRST
#define FLOW_PKT_TOCLIENT_FIRST
Definition: flow.h:199
FlowWorkerThreadData
struct FlowWorkerThreadData_ FlowWorkerThreadData
TmModule_::name
const char * name
Definition: tm-modules.h:44
DisableDetectFlowFileFlags
void DisableDetectFlowFileFlags(Flow *f)
disable file features we don&#39;t need Called if we have no detection engine.
Definition: detect.c:1742
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:208
ThreadVars_::id
int id
Definition: threadvars.h:69
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:869
SCFree
#define SCFree(a)
Definition: util-mem.h:236
PKT_IS_TCP
#define PKT_IS_TCP(p)
Definition: decode.h:252
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.h:73
StreamTcpThreadDeinit
TmEcode StreamTcpThreadDeinit(ThreadVars *tv, void *data)
Definition: stream-tcp.c:5213
FLOWWORKER_PROFILING_END
#define FLOWWORKER_PROFILING_END(p, id)
Definition: util-profiling.h:173
FlowWorkerThreadData_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(DetectEngineThreadCtxPtr, detect_thread)
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
FlowHandlePacketUpdate
void FlowHandlePacketUpdate(Flow *f, Packet *p)
Update Packet and Flow.
Definition: flow.c:330
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:193
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1101
PacketDequeue
Packet * PacketDequeue(PacketQueue *q)
Definition: packet-queue.c:167
PKT_WANTS_FLOW
#define PKT_WANTS_FLOW
Definition: decode.h:1122
PKT_IS_PSEUDOPKT
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Definition: decode.h:1140
ProfileFlowWorkerIdToString
const char * ProfileFlowWorkerIdToString(enum ProfileFlowWorkerId fwi)
Definition: flow-worker.c:300
TM_FLAG_DETECT_TM
#define TM_FLAG_DETECT_TM
Definition: tm-modules.h:34
AppLayerHandleUdp
int AppLayerHandleUdp(ThreadVars *tv, AppLayerThreadCtx *tctx, Packet *p, Flow *f)
Handle a app layer UDP message.
Definition: app-layer.c:660
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
Packet_::ts
struct timeval ts
Definition: decode.h:450
DetectEngineThreadCtx_
Definition: detect.h:962
Packet_::flags
uint32_t flags
Definition: decode.h:442
likely
#define likely(expr)
Definition: util-optimize.h:32
DecodeThreadVarsFree
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition: decode.c:596
FlowWorkerThreadData_
Definition: flow-worker.c:50
PacketEnqueue
void PacketEnqueue(PacketQueue *q, Packet *p)
Definition: packet-queue.c:139
AppLayerRegisterThreadCounters
void AppLayerRegisterThreadCounters(ThreadVars *tv)
Registers per flow counters for all protocols.
Definition: app-layer.c:896
PacketQueue_::mutex_q
SCMutex mutex_q
Definition: decode.h:637
StreamTcpPruneSession
void StreamTcpPruneSession(Flow *f, uint8_t flags)
Remove idle TcpSegments from TcpSession.
Definition: stream-tcp-list.c:801