suricata
flow-worker.c
Go to the documentation of this file.
1 /* Copyright (C) 2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Flow Workers are single thread modules taking care of (almost)
24  * everything related to packets with flows:
25  *
26  * - Lookup/creation
27  * - Stream tracking, reassembly
28  * - Applayer update
29  * - Detection
30  *
31  * This all while holding the flow lock.
32  */
33 
34 #include "suricata-common.h"
35 #include "suricata.h"
36 
37 #include "decode.h"
38 #include "stream-tcp.h"
39 #include "app-layer.h"
40 #include "detect-engine.h"
41 #include "output.h"
42 #include "app-layer-parser.h"
43 
44 #include "util-validate.h"
45 
46 #include "flow-util.h"
47 
48 typedef DetectEngineThreadCtx *DetectEngineThreadCtxPtr;
49 
50 typedef struct FlowWorkerThreadData_ {
51  DecodeThreadVars *dtv;
52 
53  union {
54  StreamTcpThread *stream_thread;
55  void *stream_thread_ptr;
56  };
57 
58  SC_ATOMIC_DECLARE(DetectEngineThreadCtxPtr, detect_thread);
59 
60  void *output_thread; /* Output thread data. */
61 
62  uint16_t local_bypass_pkts;
63  uint16_t local_bypass_bytes;
64  uint16_t both_bypass_pkts;
65  uint16_t both_bypass_bytes;
66 
67  PacketQueue pq;
68 
69 } FlowWorkerThreadData;
70 
71 /** \brief handle flow for packet
72  *
73  * Handle flow creation/lookup
74  */
75 static inline TmEcode FlowUpdate(ThreadVars *tv, FlowWorkerThreadData *fw, Packet *p)
76 {
77  FlowHandlePacketUpdate(p->flow, p);
78 
79  int state = SC_ATOMIC_GET(p->flow->flow_state);
80  switch (state) {
81  case FLOW_STATE_CAPTURE_BYPASSED:
82  StatsAddUI64(tv, fw->both_bypass_pkts, 1);
83  StatsAddUI64(tv, fw->both_bypass_bytes, GET_PKT_LEN(p));
84  return TM_ECODE_DONE;
85  case FLOW_STATE_LOCAL_BYPASSED:
86  StatsAddUI64(tv, fw->local_bypass_pkts, 1);
87  StatsAddUI64(tv, fw->local_bypass_bytes, GET_PKT_LEN(p));
88  return TM_ECODE_DONE;
89  default:
90  return TM_ECODE_OK;
91  }
92 }
93 
94 static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data);
95 
96 static TmEcode FlowWorkerThreadInit(ThreadVars *tv, const void *initdata, void **data)
97 {
98  FlowWorkerThreadData *fw = SCCalloc(1, sizeof(*fw));
99  if (fw == NULL)
100  return TM_ECODE_FAILED;
101 
102  SC_ATOMIC_INIT(fw->detect_thread);
103  SC_ATOMIC_SET(fw->detect_thread, NULL);
104 
105  fw->local_bypass_pkts = StatsRegisterCounter("flow_bypassed.local_pkts", tv);
106  fw->local_bypass_bytes = StatsRegisterCounter("flow_bypassed.local_bytes", tv);
107  fw->both_bypass_pkts = StatsRegisterCounter("flow_bypassed.local_capture_pkts", tv);
108  fw->both_bypass_bytes = StatsRegisterCounter("flow_bypassed.local_capture_bytes", tv);
109 
110  fw->dtv = DecodeThreadVarsAlloc(tv);
111  if (fw->dtv == NULL) {
112  FlowWorkerThreadDeinit(tv, fw);
113  return TM_ECODE_FAILED;
114  }
115 
116  /* setup TCP */
117  if (StreamTcpThreadInit(tv, NULL, &fw->stream_thread_ptr) != TM_ECODE_OK) {
118  FlowWorkerThreadDeinit(tv, fw);
119  return TM_ECODE_FAILED;
120  }
121 
122  if (DetectEngineEnabled()) {
123  /* setup DETECT */
124  void *detect_thread = NULL;
125  if (DetectEngineThreadCtxInit(tv, NULL, &detect_thread) != TM_ECODE_OK) {
126  FlowWorkerThreadDeinit(tv, fw);
127  return TM_ECODE_FAILED;
128  }
129  SC_ATOMIC_SET(fw->detect_thread, detect_thread);
130  }
131 
132  /* Setup outputs for this thread. */
133  if (OutputLoggerThreadInit(tv, initdata, &fw->output_thread) != TM_ECODE_OK) {
134  FlowWorkerThreadDeinit(tv, fw);
135  return TM_ECODE_FAILED;
136  }
137 
138  DecodeRegisterPerfCounters(fw->dtv, tv);
139  AppLayerRegisterThreadCounters(tv);
140 
141  /* setup pq for stream end pkts */
142  memset(&fw->pq, 0, sizeof(PacketQueue));
143  SCMutexInit(&fw->pq.mutex_q, NULL);
144 
145  *data = fw;
146  return TM_ECODE_OK;
147 }
148 
149 static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data)
150 {
151  FlowWorkerThreadData *fw = data;
152 
153  DecodeThreadVarsFree(tv, fw->dtv);
154 
155  /* free TCP */
156  StreamTcpThreadDeinit(tv, (void *)fw->stream_thread);
157 
158  /* free DETECT */
159  void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
160  if (detect_thread != NULL) {
161  DetectEngineThreadCtxDeinit(tv, detect_thread);
162  SC_ATOMIC_SET(fw->detect_thread, NULL);
163  }
164 
165  /* Free output. */
166  OutputLoggerThreadDeinit(tv, fw->output_thread);
167 
168  /* free pq */
169  BUG_ON(fw->pq.len);
170  SCMutexDestroy(&fw->pq.mutex_q);
171 
172  SC_ATOMIC_DESTROY(fw->detect_thread);
173  SCFree(fw);
174  return TM_ECODE_OK;
175 }
176 
177 TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
178 TmEcode StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
179 
180 static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data, PacketQueue *preq, PacketQueue *unused)
181 {
182  FlowWorkerThreadData *fw = data;
183  void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
184 
185  SCLogDebug("packet %"PRIu64, p->pcap_cnt);
186 
187  /* update time */
188  if (!(PKT_IS_PSEUDOPKT(p))) {
189  TimeSetByThread(tv->id, &p->ts);
190  }
191 
192  /* handle Flow */
193  if (p->flags & PKT_WANTS_FLOW) {
194  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_FLOW);
195 
196  FlowHandlePacket(tv, fw->dtv, p);
197  if (likely(p->flow != NULL)) {
198  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
199  if (FlowUpdate(tv, fw, p) == TM_ECODE_DONE) {
200  FLOWLOCK_UNLOCK(p->flow);
201  return TM_ECODE_OK;
202  }
203  }
204  /* Flow is now LOCKED */
205 
206  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_FLOW);
207 
208  /* if PKT_WANTS_FLOW is not set, but PKT_HAS_FLOW is, then this is a
209  * pseudo packet created by the flow manager. */
210  } else if (p->flags & PKT_HAS_FLOW) {
211  FLOWLOCK_WRLOCK(p->flow);
212  }
213 
214  SCLogDebug("packet %"PRIu64" has flow? %s", p->pcap_cnt, p->flow ? "yes" : "no");
215 
216  /* handle TCP and app layer */
217  if (p->flow && PKT_IS_TCP(p)) {
218  SCLogDebug("packet %"PRIu64" is TCP. Direction %s", p->pcap_cnt, PKT_IS_TOSERVER(p) ? "TOSERVER" : "TOCLIENT");
219  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
220 
221  /* if detect is disabled, we need to apply file flags to the flow
222  * here on the first packet. */
223  if (detect_thread == NULL &&
224  ((PKT_IS_TOSERVER(p) && (p->flowflags & FLOW_PKT_TOSERVER_FIRST)) ||
225  (PKT_IS_TOCLIENT(p) && (p->flowflags & FLOW_PKT_TOCLIENT_FIRST))))
226  {
227  DisableDetectFlowFileFlags(p->flow);
228  }
229 
230  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_STREAM);
231  StreamTcp(tv, p, fw->stream_thread, &fw->pq, NULL);
232  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_STREAM);
233 
234  if (FlowChangeProto(p->flow)) {
235  StreamTcpDetectLogFlush(tv, fw->stream_thread, p->flow, p, &fw->pq);
236  }
237 
238  /* Packets here can safely access p->flow as it's locked */
239  SCLogDebug("packet %"PRIu64": extra packets %u", p->pcap_cnt, fw->pq.len);
240  Packet *x;
241  while ((x = PacketDequeue(&fw->pq))) {
242  SCLogDebug("packet %"PRIu64" extra packet %p", p->pcap_cnt, x);
243 
244  // TODO do we need to call StreamTcp on these pseudo packets or not?
245  //StreamTcp(tv, x, fw->stream_thread, &fw->pq, NULL);
246  if (detect_thread != NULL) {
247  FLOWWORKER_PROFILING_START(x, PROFILE_FLOWWORKER_DETECT);
248  Detect(tv, x, detect_thread, NULL, NULL);
249  FLOWWORKER_PROFILING_END(x, PROFILE_FLOWWORKER_DETECT);
250  }
251 
252  // Outputs
253  OutputLoggerLog(tv, x, fw->output_thread);
254 
255  /* put these packets in the preq queue so that they are
256  * by the other thread modules before packet 'p'. */
257  PacketEnqueue(preq, x);
258  }
259 
260  /* handle the app layer part of the UDP packet payload */
261  } else if (p->flow && p->proto == IPPROTO_UDP) {
262  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
263  AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
264  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
265  }
266 
267  PacketUpdateEngineEventCounters(tv, fw->dtv, p);
268 
269  /* handle Detect */
270  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
271  SCLogDebug("packet %"PRIu64" calling Detect", p->pcap_cnt);
272 
273  if (detect_thread != NULL) {
274  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_DETECT);
275  Detect(tv, p, detect_thread, NULL, NULL);
276  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_DETECT);
277  }
278 
279  // Outputs.
280  OutputLoggerLog(tv, p, fw->output_thread);
281 
282  /* Release tcp segments. Done here after alerting can use them. */
283  if (p->flow != NULL && p->proto == IPPROTO_TCP) {
284  FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_TCPPRUNE);
285  StreamTcpPruneSession(p->flow, p->flowflags & FLOW_PKT_TOSERVER ?
286  STREAM_TOSERVER : STREAM_TOCLIENT);
287  FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_TCPPRUNE);
288  }
289 
290  if (p->flow) {
291  DEBUG_ASSERT_FLOW_LOCKED(p->flow);
292 
293  /* run tx cleanup last */
294  AppLayerParserTransactionsCleanup(p->flow);
295  FLOWLOCK_UNLOCK(p->flow);
296  }
297 
298  return TM_ECODE_OK;
299 }
300 
301 void FlowWorkerReplaceDetectCtx(void *flow_worker, void *detect_ctx)
302 {
303  FlowWorkerThreadData *fw = flow_worker;
304 
305  SC_ATOMIC_SET(fw->detect_thread, detect_ctx);
306 }
307 
308 void *FlowWorkerGetDetectCtxPtr(void *flow_worker)
309 {
310  FlowWorkerThreadData *fw = flow_worker;
311 
312  return SC_ATOMIC_GET(fw->detect_thread);
313 }
314 
315 const char *ProfileFlowWorkerIdToString(enum ProfileFlowWorkerId fwi)
316 {
317  switch (fwi) {
318  case PROFILE_FLOWWORKER_FLOW:
319  return "flow";
320  case PROFILE_FLOWWORKER_STREAM:
321  return "stream";
322  case PROFILE_FLOWWORKER_APPLAYERUDP:
323  return "app-layer";
324  case PROFILE_FLOWWORKER_DETECT:
325  return "detect";
326  case PROFILE_FLOWWORKER_TCPPRUNE:
327  return "tcp-prune";
328  case PROFILE_FLOWWORKER_SIZE:
329  return "size";
330  }
331  return "error";
332 }
333 
334 static void FlowWorkerExitPrintStats(ThreadVars *tv, void *data)
335 {
336  FlowWorkerThreadData *fw = data;
337  OutputLoggerExitPrintStats(tv, fw->output_thread);
338 }
339 
340 void TmModuleFlowWorkerRegister (void)
341 {
342  tmm_modules[TMM_FLOWWORKER].name = "FlowWorker";
343  tmm_modules[TMM_FLOWWORKER].ThreadInit = FlowWorkerThreadInit;
344  tmm_modules[TMM_FLOWWORKER].Func = FlowWorker;
345  tmm_modules[TMM_FLOWWORKER].ThreadDeinit = FlowWorkerThreadDeinit;
346  tmm_modules[TMM_FLOWWORKER].ThreadExitPrintStats = FlowWorkerExitPrintStats;
347  tmm_modules[TMM_FLOWWORKER].cap_flags = 0;
348  tmm_modules[TMM_FLOWWORKER].flags = TM_FLAG_STREAM_TM|TM_FLAG_DETECT_TM;
349 }
OutputLoggerLog
TmEcode OutputLoggerLog(ThreadVars *tv, Packet *p, void *thread_data)
Definition: output.c:915
DecodeThreadVarsAlloc
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition: decode.c:605
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
StreamTcp
TmEcode StreamTcp(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: stream-tcp.c:5103
Packet_::flow
struct Flow_ * flow
Definition: decode.h:445
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:67
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:496
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:267
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:70
DetectEngineThreadCtxPtr
DetectEngineThreadCtx * DetectEngineThreadCtxPtr
Definition: flow-worker.c:48
StreamTcpDetectLogFlush
void StreamTcpDetectLogFlush(ThreadVars *tv, StreamTcpThread *stt, Flow *f, Packet *p, PacketQueue *pq)
create packets in both directions to flush out logging and detection before switching protocols...
Definition: stream-tcp.c:6203
PKT_IS_TOCLIENT
#define PKT_IS_TOCLIENT(p)
Definition: decode.h:258
FlowWorkerThreadData_::stream_thread
StreamTcpThread * stream_thread
Definition: flow-worker.c:54
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:243
FlowWorkerThreadData_::output_thread
void * output_thread
Definition: flow-worker.c:60
TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: tm-modules.h:52
TcpReassemblyThreadCtx_::app_tctx
void * app_tctx
Definition: stream-tcp-reassemble.h:61
FlowWorkerReplaceDetectCtx
void FlowWorkerReplaceDetectCtx(void *flow_worker, void *detect_ctx)
Definition: flow-worker.c:301
DecodeRegisterPerfCounters
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition: decode.c:465
ProfileFlowWorkerId
ProfileFlowWorkerId
Definition: flow-worker.h:21
TimeSetByThread
void TimeSetByThread(const int thread_id, const struct timeval *tv)
Definition: util-time.c:107
FlowWorkerGetDetectCtxPtr
void * FlowWorkerGetDetectCtxPtr(void *flow_worker)
Definition: flow-worker.c:308
OutputLoggerExitPrintStats
void OutputLoggerExitPrintStats(ThreadVars *tv, void *thread_data)
Definition: output.c:988
FLOW_PKT_TOSERVER_FIRST
#define FLOW_PKT_TOSERVER_FIRST
Definition: flow.h:206
FlowWorkerThreadData_::both_bypass_pkts
uint16_t both_bypass_pkts
Definition: flow-worker.c:64
PacketQueue_
Definition: decode.h:620
TM_FLAG_STREAM_TM
#define TM_FLAG_STREAM_TM
Definition: tm-modules.h:33
FLOWLOCK_WRLOCK
#define FLOWLOCK_WRLOCK(fb)
Definition: flow.h:240
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:561
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:2761
StreamTcpThreadInit
TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
Definition: stream-tcp.c:5139
FlowWorkerThreadData_::local_bypass_bytes
uint16_t local_bypass_bytes
Definition: flow-worker.c:63
SC_ATOMIC_DESTROY
#define SC_ATOMIC_DESTROY(name)
Destroy the lock used to protect this variable.
Definition: util-atomic.h:97
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:2969
StreamTcpThread_::ra_ctx
TcpReassemblyThreadCtx * ra_ctx
Definition: stream-tcp.h:103
StatsRegisterCounter
uint16_t StatsRegisterCounter(const char *name, struct ThreadVars_ *tv)
Registers a normal, unqualified counter.
Definition: counters.c:931
FlowWorkerThreadData_::stream_thread_ptr
void * stream_thread_ptr
Definition: flow-worker.c:55
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it&#39;s lock.
Definition: util-atomic.h:81
SCCalloc
#define SCCalloc(nm, a)
Definition: util-mem.h:253
FLOWWORKER_PROFILING_START
#define FLOWWORKER_PROFILING_START(p, id)
Definition: util-profiling.h:166
Packet_::proto
uint8_t proto
Definition: decode.h:430
OutputLoggerThreadInit
TmEcode OutputLoggerThreadInit(ThreadVars *tv, const void *initdata, void **data)
Definition: output.c:931
PacketQueue_::len
uint32_t len
Definition: decode.h:623
StreamTcpThread_
Definition: stream-tcp.h:70
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:632
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
FlowWorkerThreadData_::pq
PacketQueue pq
Definition: flow-worker.c:67
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
FlowWorkerThreadData_::dtv
DecodeThreadVars * dtv
Definition: flow-worker.c:51
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:439
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:240
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3126
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
PKT_IS_TOSERVER
#define PKT_IS_TOSERVER(p)
Definition: decode.h:257
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition: flow.h:201
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:340
OutputLoggerThreadDeinit
TmEcode OutputLoggerThreadDeinit(ThreadVars *tv, void *thread_data)
Definition: output.c:962
PacketUpdateEngineEventCounters
void PacketUpdateEngineEventCounters(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Definition: decode.c:122
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
Packet_
Definition: decode.h:407
TmModule_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: tm-modules.h:48
Detect
TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
Detection engine thread wrapper.
Definition: detect.c:1602
FLOW_PKT_TOCLIENT_FIRST
#define FLOW_PKT_TOCLIENT_FIRST
Definition: flow.h:207
FlowWorkerThreadData
struct FlowWorkerThreadData_ FlowWorkerThreadData
TmModule_::name
const char * name
Definition: tm-modules.h:44
FlowWorkerThreadData_::local_bypass_pkts
uint16_t local_bypass_pkts
Definition: flow-worker.c:62
DisableDetectFlowFileFlags
void DisableDetectFlowFileFlags(Flow *f)
disable file features we don&#39;t need Called if we have no detection engine.
Definition: detect.c:1660
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:207
ThreadVars_::id
int id
Definition: threadvars.h:69
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:883
SCFree
#define SCFree(a)
Definition: util-mem.h:322
PKT_IS_TCP
#define PKT_IS_TCP(p)
Definition: decode.h:253
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.h:73
StreamTcpThreadDeinit
TmEcode StreamTcpThreadDeinit(ThreadVars *tv, void *data)
Definition: stream-tcp.c:5206
FLOWWORKER_PROFILING_END
#define FLOWWORKER_PROFILING_END(p, id)
Definition: util-profiling.h:173
FlowWorkerThreadData_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(DetectEngineThreadCtxPtr, detect_thread)
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
FlowHandlePacketUpdate
void FlowHandlePacketUpdate(Flow *f, Packet *p)
Update Packet and Flow.
Definition: flow.c:398
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:192
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1090
PacketDequeue
Packet * PacketDequeue(PacketQueue *q)
Definition: packet-queue.c:167
PKT_WANTS_FLOW
#define PKT_WANTS_FLOW
Definition: decode.h:1111
PKT_IS_PSEUDOPKT
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Definition: decode.h:1129
ProfileFlowWorkerIdToString
const char * ProfileFlowWorkerIdToString(enum ProfileFlowWorkerId fwi)
Definition: flow-worker.c:315
FlowWorkerThreadData_::both_bypass_bytes
uint16_t both_bypass_bytes
Definition: flow-worker.c:65
TM_FLAG_DETECT_TM
#define TM_FLAG_DETECT_TM
Definition: tm-modules.h:34
AppLayerHandleUdp
int AppLayerHandleUdp(ThreadVars *tv, AppLayerThreadCtx *tctx, Packet *p, Flow *f)
Handle a app layer UDP message.
Definition: app-layer.c:688
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
Packet_::ts
struct timeval ts
Definition: decode.h:451
DetectEngineThreadCtx_
Definition: detect.h:996
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:224
Packet_::flags
uint32_t flags
Definition: decode.h:443
StatsAddUI64
void StatsAddUI64(ThreadVars *tv, uint16_t id, uint64_t x)
Adds a value of type uint64_t to the local counter.
Definition: counters.c:142
likely
#define likely(expr)
Definition: util-optimize.h:32
DecodeThreadVarsFree
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition: decode.c:624
FlowWorkerThreadData_
Definition: flow-worker.c:50
PacketEnqueue
void PacketEnqueue(PacketQueue *q, Packet *p)
Definition: packet-queue.c:139
AppLayerRegisterThreadCounters
void AppLayerRegisterThreadCounters(ThreadVars *tv)
Registers per flow counters for all protocols.
Definition: app-layer.c:926
PacketQueue_::mutex_q
SCMutex mutex_q
Definition: decode.h:627
SCMutexDestroy
#define SCMutexDestroy
Definition: threads-debug.h:120
StreamTcpPruneSession
void StreamTcpPruneSession(Flow *f, uint8_t flags)
Remove idle TcpSegments from TcpSession.
Definition: stream-tcp-list.c:801