#include "decode.h"#include "util-time.h"#include "util-exception-policy.h"#include "util-exception-policy-types.h"#include "util-var.h"#include "util-optimize.h"#include "util-validate.h"#include "app-layer-protos.h"#include "util-storage.h"#include "flow-queue.h"
Go to the source code of this file.
Data Structures | |
| struct | FlowCnf_ |
| struct | FlowKey_ |
| struct | FlowAddress_ |
| struct | Flow_ |
| Flow data structure. More... | |
| struct | FlowProtoTimeout_ |
| struct | FlowProtoFreeFunc_ |
| struct | FlowBypassInfo_ |
| struct | FlowLookupStruct_ |
Typedefs | |
| typedef struct FlowStorageId | FlowStorageId |
| typedef struct AppLayerParserState_ | AppLayerParserState |
| typedef struct FlowCnf_ | FlowConfig |
| typedef struct FlowKey_ | FlowKey |
| typedef struct FlowAddress_ | FlowAddress |
| typedef unsigned short | FlowStateType |
| typedef uint16_t | FlowThreadId |
| typedef struct Flow_ | Flow |
| Flow data structure. More... | |
| typedef struct FlowProtoTimeout_ | FlowProtoTimeout |
| typedef struct FlowProtoFreeFunc_ | FlowProtoFreeFunc |
| typedef struct FlowBypassInfo_ | FlowBypassInfo |
| typedef struct FlowLookupStruct_ | FlowLookupStruct |
Enumerations | |
| enum | FlowState { FLOW_STATE_NEW = 0, FLOW_STATE_ESTABLISHED, FLOW_STATE_CLOSED, FLOW_STATE_LOCAL_BYPASSED } |
Functions | |
| void | FlowSetupPacket (Packet *p) |
| prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing. More... | |
| void | FlowHandlePacket (ThreadVars *, FlowLookupStruct *, Packet *) |
| Entry point for packet flow handling. More... | |
| void | FlowInitConfig (bool) |
| initialize the configuration More... | |
| void | FlowReset (void) |
| void | FlowShutdown (void) |
| shutdown the flow engine More... | |
| void | FlowSetIPOnlyFlag (Flow *, int) |
| Set the IPOnly scanned flag for 'direction'. More... | |
| void | FlowSetHasAlertsFlag (Flow *) |
| Set flag to indicate that flow has alerts. More... | |
| int | FlowHasAlerts (const Flow *) |
| Check if flow has alerts. More... | |
| void | FlowSetChangeProtoFlag (Flow *) |
| Set flag to indicate to change proto for the flow. More... | |
| void | FlowUnsetChangeProtoFlag (Flow *) |
| Unset flag to indicate to change proto for the flow. More... | |
| int | FlowChangeProto (Flow *) |
| Check if change proto flag is set for flow. More... | |
| void | FlowSwap (Flow *) |
| swap the flow's direction More... | |
| void | FlowRegisterTests (void) |
| Function to register the Flow Unitests. More... | |
| int | FlowSetProtoFreeFunc (uint8_t, void(*Free)(void *)) |
| Function to set the function to get protocol specific flow state. More... | |
| int | FlowGetPacketDirection (const Flow *, const Packet *) |
| determine the direction of the packet compared to the flow More... | |
| void | FlowCleanupAppLayer (Flow *) |
| void | FlowUpdateState (Flow *f, enum FlowState s) |
| int | FlowSetMemcap (uint64_t size) |
| Update memcap value. More... | |
| uint64_t | FlowGetMemcap (void) |
| Return memcap value. More... | |
| uint64_t | FlowGetMemuse (void) |
| enum ExceptionPolicy | FlowGetMemcapExceptionPolicy (void) |
| FlowStorageId | GetFlowBypassInfoID (void) |
| void | RegisterFlowBypassInfo (void) |
| void | FlowGetLastTimeAsParts (Flow *flow, uint64_t *secs, uint64_t *usecs) |
| Get flow last time as individual values. More... | |
| uint32_t | FlowGetFlags (Flow *flow) |
| Get flow flags. More... | |
| uint16_t | FlowGetSourcePort (Flow *flow) |
| Get flow source port. More... | |
| uint16_t | FlowGetDestinationPort (Flow *flow) |
| Get flow destination port. More... | |
| int | FlowClearMemory (Flow *, uint8_t) |
| Function clear the flow memory before queueing it to spare flow queue. More... | |
| uint8_t | FlowGetDisruptionFlags (const Flow *f, uint8_t flags) |
| get 'disruption' flags: GAP/DEPTH/PASS More... | |
| void | FlowHandlePacketUpdate (Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars *dtv) |
| Update Packet and Flow. More... | |
Detailed Description
Definition in file flow.h.
Macro Definition Documentation
◆ addr_data16
◆ addr_data32
◆ addr_data8
◆ FLOW_ACTION_DROP
| #define FLOW_ACTION_DROP BIT_U32(7) |
◆ FLOW_ACTION_PASS
| #define FLOW_ACTION_PASS BIT_U32(28) |
◆ FLOW_CHANGE_PROTO
| #define FLOW_CHANGE_PROTO BIT_U32(24) |
◆ FLOW_COPY_IPV4_ADDR_TO_PACKET
| #define FLOW_COPY_IPV4_ADDR_TO_PACKET | ( | fa, | |
| pa | |||
| ) |
◆ FLOW_COPY_IPV6_ADDR_TO_PACKET
| #define FLOW_COPY_IPV6_ADDR_TO_PACKET | ( | fa, | |
| pa | |||
| ) |
◆ FLOW_DIR_REVERSED
| #define FLOW_DIR_REVERSED BIT_U32(26) |
◆ FLOW_END_FLAG_EMERGENCY
◆ FLOW_END_FLAG_FORCED
◆ FLOW_END_FLAG_SHUTDOWN
◆ FLOW_END_FLAG_TIMEOUT
◆ FLOW_GET_DP
| #define FLOW_GET_DP | ( | f | ) | ((f)->flags & FLOW_DIR_REVERSED) ? (f)->sp : (f)->dp; |
◆ FLOW_GET_SP
| #define FLOW_GET_SP | ( | f | ) | ((f)->flags & FLOW_DIR_REVERSED) ? (f)->dp : (f)->sp; |
◆ FLOW_HAS_ALERTS
◆ FLOW_HAS_EXPECTATION
| #define FLOW_HAS_EXPECTATION BIT_U32(27) |
◆ FLOW_IPV4
◆ FLOW_IPV6
◆ FLOW_IS_IPV4
◆ FLOW_IS_IPV6
◆ FLOW_IS_PE_DONE
| #define FLOW_IS_PE_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PE_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PE_ALPROTO_DETECT_DONE)) |
◆ FLOW_IS_PM_DONE
| #define FLOW_IS_PM_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PM_ALPROTO_DETECT_DONE)) |
◆ FLOW_IS_PP_DONE
| #define FLOW_IS_PP_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PP_ALPROTO_DETECT_DONE)) |
◆ FLOW_NOPACKET_INSPECTION
| #define FLOW_NOPACKET_INSPECTION BIT_U32(5) |
◆ FLOW_NOPAYLOAD_INSPECTION
| #define FLOW_NOPAYLOAD_INSPECTION BIT_U32(6) |
◆ FLOW_PKT_ESTABLISHED
◆ FLOW_PKT_LAST_PSEUDO
| #define FLOW_PKT_LAST_PSEUDO 0x80 |
◆ FLOW_PKT_TOCLIENT
◆ FLOW_PKT_TOCLIENT_FIRST
◆ FLOW_PKT_TOCLIENT_IPONLY_SET
◆ FLOW_PKT_TOSERVER
◆ FLOW_PKT_TOSERVER_FIRST
◆ FLOW_PKT_TOSERVER_IPONLY_SET
◆ FLOW_PROTO_DETECT_TC_DONE
◆ FLOW_PROTO_DETECT_TS_DONE
◆ FLOW_QUIET
◆ FLOW_RESET_PE_DONE
| #define FLOW_RESET_PE_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PE_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PE_ALPROTO_DETECT_DONE)) |
◆ FLOW_RESET_PM_DONE
| #define FLOW_RESET_PM_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PM_ALPROTO_DETECT_DONE)) |
◆ FLOW_RESET_PP_DONE
| #define FLOW_RESET_PP_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PP_ALPROTO_DETECT_DONE)) |
◆ FLOW_SET_IPV4_DST_ADDR_FROM_PACKET
| #define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET | ( | ip4h, | |
| a | |||
| ) |
◆ FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET
| #define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET | ( | ip4h, | |
| a | |||
| ) |
◆ FLOW_SET_IPV6_DST_ADDR_FROM_PACKET
| #define FLOW_SET_IPV6_DST_ADDR_FROM_PACKET | ( | ip6h, | |
| a | |||
| ) |
◆ FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET
| #define FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET | ( | ip6h, | |
| a | |||
| ) |
◆ FLOW_SET_PE_DONE
| #define FLOW_SET_PE_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PE_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PE_ALPROTO_DETECT_DONE)) |
◆ FLOW_SET_PM_DONE
| #define FLOW_SET_PM_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PM_ALPROTO_DETECT_DONE)) |
◆ FLOW_SET_PP_DONE
| #define FLOW_SET_PP_DONE | ( | f, | |
| dir | |||
| ) | (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PP_ALPROTO_DETECT_DONE)) |
◆ FLOW_SGH_TOCLIENT
| #define FLOW_SGH_TOCLIENT BIT_U32(9) |
◆ FLOW_SGH_TOSERVER
| #define FLOW_SGH_TOSERVER BIT_U32(8) |
◆ FLOW_STATE_SIZE
◆ FLOW_TC_APP_UPDATE_NEXT
| #define FLOW_TC_APP_UPDATE_NEXT BIT_U32(2) |
◆ FLOW_TC_APP_UPDATED
◆ FLOW_TC_PE_ALPROTO_DETECT_DONE
| #define FLOW_TC_PE_ALPROTO_DETECT_DONE BIT_U32(18) |
◆ FLOW_TC_PM_ALPROTO_DETECT_DONE
| #define FLOW_TC_PM_ALPROTO_DETECT_DONE BIT_U32(16) |
◆ FLOW_TC_PP_ALPROTO_DETECT_DONE
| #define FLOW_TC_PP_ALPROTO_DETECT_DONE BIT_U32(17) |
◆ FLOW_TIMEOUT_REASSEMBLY_DONE
◆ FLOW_TO_DST_SEEN
| #define FLOW_TO_DST_SEEN BIT_U32(1) |
◆ FLOW_TO_SRC_SEEN
| #define FLOW_TO_SRC_SEEN BIT_U32(0) |
◆ FLOW_TOCLIENT_DROP_LOGGED
| #define FLOW_TOCLIENT_DROP_LOGGED BIT_U32(11) |
◆ FLOW_TOCLIENT_IPONLY_SET
| #define FLOW_TOCLIENT_IPONLY_SET BIT_U32(4) |
◆ FLOW_TOSERVER_DROP_LOGGED
| #define FLOW_TOSERVER_DROP_LOGGED BIT_U32(10) |
◆ FLOW_TOSERVER_IPONLY_SET
| #define FLOW_TOSERVER_IPONLY_SET BIT_U32(3) |
◆ FLOW_TS_APP_UPDATE_NEXT
| #define FLOW_TS_APP_UPDATE_NEXT BIT_U32(31) |
◆ FLOW_TS_APP_UPDATED
◆ FLOW_TS_PE_ALPROTO_DETECT_DONE
| #define FLOW_TS_PE_ALPROTO_DETECT_DONE BIT_U32(15) |
◆ FLOW_TS_PM_ALPROTO_DETECT_DONE
| #define FLOW_TS_PM_ALPROTO_DETECT_DONE BIT_U32(13) |
◆ FLOW_TS_PP_ALPROTO_DETECT_DONE
| #define FLOW_TS_PP_ALPROTO_DETECT_DONE BIT_U32(14) |
◆ FLOW_WRONG_THREAD
◆ FLOWFILE_INIT
◆ FLOWFILE_NO_MAGIC_TC
◆ FLOWFILE_NO_MAGIC_TS
| #define FLOWFILE_NO_MAGIC_TS BIT_U16(0) |
◆ FLOWFILE_NO_MD5_TC
◆ FLOWFILE_NO_MD5_TS
| #define FLOWFILE_NO_MD5_TS BIT_U16(4) |
◆ FLOWFILE_NO_SHA1_TC
◆ FLOWFILE_NO_SHA1_TS
| #define FLOWFILE_NO_SHA1_TS BIT_U16(6) |
◆ FLOWFILE_NO_SHA256_TC
◆ FLOWFILE_NO_SHA256_TS
| #define FLOWFILE_NO_SHA256_TS BIT_U16(8) |
◆ FLOWFILE_NO_SIZE_TC
◆ FLOWFILE_NO_SIZE_TS
| #define FLOWFILE_NO_SIZE_TS BIT_U16(10) |
◆ FLOWFILE_NO_STORE_TC
◆ FLOWFILE_NO_STORE_TS
| #define FLOWFILE_NO_STORE_TS BIT_U16(2) |
◆ FLOWFILE_NONE
| #define FLOWFILE_NONE (FLOWFILE_NONE_TS|FLOWFILE_NONE_TC) |
◆ FLOWFILE_NONE_TC
| #define FLOWFILE_NONE_TC |
◆ FLOWFILE_NONE_TS
| #define FLOWFILE_NONE_TS |
◆ FLOWFILE_STORE_TC
◆ FLOWFILE_STORE_TS
| #define FLOWFILE_STORE_TS BIT_U16(12) |
◆ FLOWLOCK_DESTROY
| #define FLOWLOCK_DESTROY | ( | fb | ) | SCMutexDestroy(&(fb)->m) |
◆ FLOWLOCK_INIT
| #define FLOWLOCK_INIT | ( | fb | ) | SCMutexInit(&(fb)->m, NULL) |
◆ FLOWLOCK_MUTEX
◆ FLOWLOCK_RDLOCK
| #define FLOWLOCK_RDLOCK | ( | fb | ) | SCMutexLock(&(fb)->m) |
◆ FLOWLOCK_TRYRDLOCK
| #define FLOWLOCK_TRYRDLOCK | ( | fb | ) | SCMutexTrylock(&(fb)->m) |
◆ FLOWLOCK_TRYWRLOCK
| #define FLOWLOCK_TRYWRLOCK | ( | fb | ) | SCMutexTrylock(&(fb)->m) |
◆ FLOWLOCK_UNLOCK
| #define FLOWLOCK_UNLOCK | ( | fb | ) | SCMutexUnlock(&(fb)->m) |
◆ FLOWLOCK_WRLOCK
| #define FLOWLOCK_WRLOCK | ( | fb | ) | SCMutexLock(&(fb)->m) |
◆ TOCLIENT
◆ TOSERVER
Typedef Documentation
◆ AppLayerParserState
| typedef struct AppLayerParserState_ AppLayerParserState |
◆ Flow
Flow data structure.
The flow is a global data structure that is created for new packets of a flow and then looked up for the following packets of a flow.
Locking
The flow is updated/used by multiple packets at the same time. This is why there is a flow-mutex. It's a mutex and not a spinlock because some operations on the flow can be quite expensive, thus spinning would be too expensive.
The flow "header" (addresses, ports, proto, recursion level) are static after the initialization and remain read-only throughout the entire live of a flow. This is why we can access those without protection of the lock.
◆ FlowAddress
| typedef struct FlowAddress_ FlowAddress |
◆ FlowBypassInfo
| typedef struct FlowBypassInfo_ FlowBypassInfo |
◆ FlowConfig
| typedef struct FlowCnf_ FlowConfig |
◆ FlowKey
◆ FlowLookupStruct
| typedef struct FlowLookupStruct_ FlowLookupStruct |
◆ FlowProtoFreeFunc
| typedef struct FlowProtoFreeFunc_ FlowProtoFreeFunc |
◆ FlowProtoTimeout
| typedef struct FlowProtoTimeout_ FlowProtoTimeout |
◆ FlowStateType
| typedef unsigned short FlowStateType |
◆ FlowStorageId
| typedef struct FlowStorageId FlowStorageId |
◆ FlowThreadId
| typedef uint16_t FlowThreadId |
Enumeration Type Documentation
◆ FlowState
| enum FlowState |
Function Documentation
◆ FlowChangeProto()
| int FlowChangeProto | ( | Flow * | f | ) |
Check if change proto flag is set for flow.
- Parameters
-
f flow
- Return values
-
1 change proto flag is set 0 change proto flag is not set
Definition at line 204 of file flow.c.
References Flow_::flags, and FLOW_CHANGE_PROTO.
Referenced by AppLayerRequestProtocolChange(), and LLVMFuzzerTestOneInput().
◆ FlowCleanupAppLayer()
| void FlowCleanupAppLayer | ( | Flow * | ) |
Definition at line 137 of file flow.c.
References Flow_::alparser, Flow_::alstate, AppLayerParserStateCleanup(), and Flow_::proto.
◆ FlowClearMemory()
| int FlowClearMemory | ( | Flow * | f, |
| uint8_t | proto_map | ||
| ) |
Function clear the flow memory before queueing it to spare flow queue.
- Parameters
-
f pointer to the flow needed to be cleared. proto_map mapped value of the protocol to FLOW_PROTO's.
Definition at line 1096 of file flow.c.
References AppLayerExpectationClean(), Flow_::flags, flow_freefuncs, FLOW_HAS_EXPECTATION, FLOW_RECYCLE, FlowFreeStorage(), FlowProtoFreeFunc_::Freefunc, Flow_::protoctx, SCEnter, SCReturnInt, and unlikely.
Referenced by FlowReset(), and FlowShutdown().
◆ FlowGetDestinationPort()
| uint16_t FlowGetDestinationPort | ( | Flow * | flow | ) |
◆ FlowGetDisruptionFlags()
| uint8_t FlowGetDisruptionFlags | ( | const Flow * | f, |
| uint8_t | flags | ||
| ) |
get 'disruption' flags: GAP/DEPTH/PASS
- Parameters
-
f locked flow flags existing flags to be amended
- Return values
-
flags original flags + disrupt flags (if any) \TODO handle UDP
Definition at line 1140 of file flow.c.
References TcpSession_::client, flags, TcpStream_::flags, Flow_::proto, Flow_::protoctx, TcpSession_::server, and STREAMTCP_STREAM_FLAG_DEPTH_REACHED.
◆ FlowGetFlags()
| uint32_t FlowGetFlags | ( | Flow * | flow | ) |
Get flow flags.
A function to get the flow flags useful when the caller only has an opaque pointer to the flow structure.
Definition at line 1230 of file flow.c.
References Flow_::flags.
◆ FlowGetLastTimeAsParts()
| void FlowGetLastTimeAsParts | ( | Flow * | flow, |
| uint64_t * | secs, | ||
| uint64_t * | usecs | ||
| ) |
Get flow last time as individual values.
Instead of returning a pointer to the timeval copy the timeval parts into output pointers to make it simpler to call from Rust over FFI using only basic data types.
Definition at line 1195 of file flow.c.
References Flow_::lastts, SCTIME_SECS, and SCTIME_USECS.
◆ FlowGetMemcap()
| uint64_t FlowGetMemcap | ( | void | ) |
Return memcap value.
- Return values
-
memcap value
Definition at line 120 of file flow.c.
References flow_config, and SC_ATOMIC_GET.
◆ FlowGetMemcapExceptionPolicy()
| enum ExceptionPolicy FlowGetMemcapExceptionPolicy | ( | void | ) |
Definition at line 126 of file flow.c.
Referenced by DecodeRegisterPerfCounters().
◆ FlowGetMemuse()
| uint64_t FlowGetMemuse | ( | void | ) |
Definition at line 126 of file flow.c.
References SC_ATOMIC_GET.
◆ FlowGetPacketDirection()
determine the direction of the packet compared to the flow
- Return values
-
0 to_server 1 to_client
Definition at line 288 of file flow.c.
References CMP_ADDR, CMP_PORT, Packet_::dp, Flow_::flags, FLOW_DIR_REVERSED, IPPROTO_SCTP, Packet_::proto, Flow_::sp, Packet_::sp, Flow_::src, Packet_::src, TOCLIENT, and TOSERVER.
Referenced by FlowHandlePacketUpdate(), and StreamTcp().
◆ FlowGetSourcePort()
| uint16_t FlowGetSourcePort | ( | Flow * | flow | ) |
◆ FlowHandlePacket()
| void FlowHandlePacket | ( | ThreadVars * | tv, |
| FlowLookupStruct * | fls, | ||
| Packet * | p | ||
| ) |
Entry point for packet flow handling.
This is called for every packet.
- Parameters
-
tv threadvars dtv decode thread vars (for flow output api thread data) p packet to handle flow for
Definition at line 519 of file flow.c.
References Packet_::flags, Packet_::flow, FlowGetFlowFromHash(), PKT_HAS_FLOW, and tv.
Referenced by UTHBuildPacketOfFlows().
◆ FlowHandlePacketUpdate()
| void FlowHandlePacketUpdate | ( | Flow * | f, |
| Packet * | p, | ||
| ThreadVars * | tv, | ||
| DecodeThreadVars * | dtv | ||
| ) |
Update Packet and Flow.
Updates packet and flow based on the new packet.
- Parameters
-
f locked flow p packet
- Note
- overwrites p::flowflags
Definition at line 387 of file flow.c.
References BypassedFlowUpdate(), EngineModeIsIPS(), Flow_::flags, FLOW_BYPASSED_TIMEOUT, FLOW_PKT_TOSERVER, Flow_::flow_state, FLOW_STATE_LOCAL_BYPASSED, FLOW_TO_DST_SEEN, Packet_::flowflags, FlowGetPacketDirection(), FlowUpdateState(), GET_PKT_LEN, Flow_::lastts, Packet_::pcap_cnt, SCLogDebug, SCTIME_CMP_GT, SCTIME_SECS, Flow_::timeout_at, Flow_::timeout_policy, Flow_::todstbytecnt, Flow_::todstpktcnt, TOSERVER, and Packet_::ts.
◆ FlowHasAlerts()
| int FlowHasAlerts | ( | const Flow * | f | ) |
Check if flow has alerts.
- Parameters
-
f flow
- Return values
-
1 has alerts 0 has not alerts
Definition at line 172 of file flow.c.
References Flow_::flags, and FLOW_HAS_ALERTS.
◆ FlowInitConfig()
| void FlowInitConfig | ( | bool | quiet | ) |
initialize the configuration
- Warning
- Not thread safe
set config values for memcap, prealloc and hash_size
Definition at line 533 of file flow.c.
References CLS, ConfGet(), ConfGetInt(), FlowCnf_::emergency_recovery, ExceptionPolicyParse(), FatalError, FBLOCK_INIT, FLOW_CHECK_MEMCAP, flow_config, FLOW_DEFAULT_EMERGENCY_RECOVERY, FLOW_DEFAULT_HASHSIZE, FLOW_DEFAULT_MEMCAP, FLOW_DEFAULT_PREALLOC, flow_hash, flow_recycle_q, FlowInitFlowProto(), FlowQueueInit(), FlowSparePoolInit(), FlowStorageSize(), FlowCnf_::hash_rand, FlowCnf_::hash_size, FlowCnf_::memcap_policy, ParseSizeStringU64(), FlowCnf_::prealloc, RandomGet(), SC_ATOMIC_ADD, SC_ATOMIC_GET, SC_ATOMIC_INIT, SC_ATOMIC_SET, SCLogDebug, SCLogError, SCMallocAligned, StringParseUint32(), and unlikely.
Referenced by PreRunInit().
◆ FlowRegisterTests()
| void FlowRegisterTests | ( | void | ) |
Function to register the Flow Unitests.
Definition at line 1447 of file flow.c.
References UtRegisterTest().
◆ FlowReset()
| void FlowReset | ( | void | ) |
Definition at line 662 of file flow.c.
References flow_config, flow_hash, FlowClearMemory(), FlowFree(), FlowGetProtoMapping(), FlowCnf_::hash_size, Flow_::next, and Flow_::proto.
◆ FlowSetChangeProtoFlag()
| void FlowSetChangeProtoFlag | ( | Flow * | f | ) |
Set flag to indicate to change proto for the flow.
- Parameters
-
f flow
Definition at line 185 of file flow.c.
References Flow_::flags, and FLOW_CHANGE_PROTO.
Referenced by AppLayerRequestProtocolChange().
◆ FlowSetHasAlertsFlag()
| void FlowSetHasAlertsFlag | ( | Flow * | f | ) |
Set flag to indicate that flow has alerts.
- Parameters
-
f flow
Definition at line 161 of file flow.c.
References Flow_::flags, and FLOW_HAS_ALERTS.
◆ FlowSetIPOnlyFlag()
| void FlowSetIPOnlyFlag | ( | Flow * | f, |
| int | direction | ||
| ) |
Set the IPOnly scanned flag for 'direction'.
- Parameters
-
f Flow to set the flag in direction direction to set the flag in
Definition at line 152 of file flow.c.
References Flow_::flags, FLOW_TOCLIENT_IPONLY_SET, and FLOW_TOSERVER_IPONLY_SET.
◆ FlowSetMemcap()
| int FlowSetMemcap | ( | uint64_t | size | ) |
Update memcap value.
- Parameters
-
size new memcap value
Definition at line 105 of file flow.c.
References flow_config, SC_ATOMIC_GET, and SC_ATOMIC_SET.
◆ FlowSetProtoFreeFunc()
| int FlowSetProtoFreeFunc | ( | uint8_t | proto, |
| void(*)(void *) | Free | ||
| ) |
Function to set the function to get protocol specific flow state.
- Parameters
-
proto protocol of which function is needed to be set. Free Function pointer which will be called to free the protocol specific memory.
Definition at line 1124 of file flow.c.
References flow_freefuncs, FlowGetProtoMapping(), FlowProtoFreeFunc_::Freefunc, and proto.
◆ FlowSetupPacket()
| void FlowSetupPacket | ( | Packet * | p | ) |
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing.
Definition at line 522 of file flow-hash.c.
References Packet_::flags, Packet_::flow_hash, and PKT_WANTS_FLOW.
◆ FlowShutdown()
| void FlowShutdown | ( | void | ) |
shutdown the flow engine
- Warning
- Not thread safe
Definition at line 680 of file flow.c.
References DEBUG_VALIDATE_BUG_ON, FBLOCK_DESTROY, flow_config, flow_hash, flow_recycle_q, FlowClearMemory(), FlowDequeue(), FlowFree(), FlowGetProtoMapping(), FlowQueueDestroy(), FlowSparePoolDestroy(), FlowCnf_::hash_size, Flow_::next, Flow_::proto, SC_ATOMIC_GET, SC_ATOMIC_SUB, and SCFreeAligned.
◆ FlowSwap()
| void FlowSwap | ( | Flow * | f | ) |
swap the flow's direction
- Note
- leaves the 'header' untouched. Interpret that based on FLOW_DIR_REVERSED flag.
- Warning
- : only valid before applayer parsing started. This function doesn't swap anything in Flow::alparser, Flow::alstate
Definition at line 255 of file flow.c.
References Flow_::flags, FLOW_DIR_REVERSED, Flow_::probing_parser_toclient_alproto_masks, Flow_::probing_parser_toserver_alproto_masks, and SWAP_VARS.
◆ FlowUnsetChangeProtoFlag()
| void FlowUnsetChangeProtoFlag | ( | Flow * | f | ) |
Unset flag to indicate to change proto for the flow.
- Parameters
-
f flow
Definition at line 194 of file flow.c.
References Flow_::flags, and FLOW_CHANGE_PROTO.
◆ FlowUpdateState()
Definition at line 1161 of file flow.c.
References Flow_::flow_state.
Referenced by FlowHandlePacketUpdate(), and PacketBypassCallback().
◆ GetFlowBypassInfoID()
| FlowStorageId GetFlowBypassInfoID | ( | void | ) |
Definition at line 214 of file flow-util.c.
References g_bypass_info_id.
Referenced by EveAddFlow(), and PacketBypassCallback().
◆ RegisterFlowBypassInfo()
| void RegisterFlowBypassInfo | ( | void | ) |
Definition at line 232 of file flow-util.c.
References FlowStorageRegister(), and g_bypass_info_id.
Referenced by PostConfLoadedSetup().
