suricata
host-timeout.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "host.h"
26 
27 #include "detect-engine-tag.h"
28 #include "detect-engine-threshold.h"
29 
30 #include "host-bit.h"
31 #include "host-timeout.h"
32 
33 #include "reputation.h"
34 
35 uint32_t HostGetSpareCount(void)
36 {
37  return HostSpareQueueGetSize();
38 }
39 
40 uint32_t HostGetActiveCount(void)
41 {
42  return SC_ATOMIC_GET(host_counter);
43 }
44 
45 /** \internal
46  * \brief See if we can really discard this host. Check use_cnt reference.
47  *
48  * \param h host
49  * \param ts timestamp
50  *
51  * \retval 0 not timed out just yet
52  * \retval 1 fully timed out, lets kill it
53  */
54 static int HostHostTimedOut(Host *h, SCTime_t ts)
55 {
56  int tags = 0;
57  int thresholds = 0;
58  int vars = 0;
59 
60  /** never prune a host that is used by a packet
61  * we are currently processing in one of the threads */
62  if (SC_ATOMIC_GET(h->use_cnt) > 0) {
63  return 0;
64  }
65 
66  if (h->iprep) {
67  if (SRepHostTimedOut(h) == 0)
68  return 0;
69 
70  SCLogDebug("host %p reputation timed out", h);
71  }
72 
73  if (TagHostHasTag(h) && TagTimeoutCheck(h, ts) == 0) {
74  tags = 1;
75  }
76  if (ThresholdHostHasThreshold(h) && ThresholdHostTimeoutCheck(h, ts) == 0) {
77  thresholds = 1;
78  }
79  if (HostHasHostBits(h) && HostBitsTimedoutCheck(h, ts) == 0) {
80  vars = 1;
81  }
82 
83  if (tags || thresholds || vars)
84  return 0;
85 
86  SCLogDebug("host %p timed out", h);
87  return 1;
88 }
89 
90 /**
91  * \internal
92  *
93  * \brief check all hosts in a hash row for timing out
94  *
95  * \param hb host hash row *LOCKED*
96  * \param h last host in the hash row
97  * \param ts timestamp
98  *
99  * \retval cnt timed out hosts
100  */
101 static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, SCTime_t ts)
102 {
103  uint32_t cnt = 0;
104 
105  do {
106  if (SCMutexTrylock(&h->m) != 0) {
107  h = h->hprev;
108  continue;
109  }
110 
111  Host *next_host = h->hprev;
112 
113  /* check if the host is fully timed out and
114  * ready to be discarded. */
115  if (HostHostTimedOut(h, ts) == 1) {
116  /* remove from the hash */
117  if (h->hprev != NULL)
118  h->hprev->hnext = h->hnext;
119  if (h->hnext != NULL)
120  h->hnext->hprev = h->hprev;
121  if (hb->head == h)
122  hb->head = h->hnext;
123  if (hb->tail == h)
124  hb->tail = h->hprev;
125 
126  h->hnext = NULL;
127  h->hprev = NULL;
128 
129  HostClearMemory (h);
130 
131  /* no one is referring to this host, use_cnt 0, removed from hash
132  * so we can unlock it and move it back to the spare queue. */
133  SCMutexUnlock(&h->m);
134 
135  /* move to spare list */
136  HostMoveToSpare(h);
137 
138  cnt++;
139  } else {
140  SCMutexUnlock(&h->m);
141  }
142 
143  h = next_host;
144  } while (h != NULL);
145 
146  return cnt;
147 }
148 
149 /**
150  * \brief time out hosts from the hash
151  *
152  * \param ts timestamp
153  *
154  * \retval cnt number of timed out host
155  */
156 uint32_t HostTimeoutHash(SCTime_t ts)
157 {
158  uint32_t idx = 0;
159  uint32_t cnt = 0;
160 
161  for (idx = 0; idx < host_config.hash_size; idx++) {
162  HostHashRow *hb = &host_hash[idx];
163 
164  if (HRLOCK_TRYLOCK(hb) != 0)
165  continue;
166 
167  /* host hash bucket is now locked */
168 
169  if (hb->tail == NULL) {
170  HRLOCK_UNLOCK(hb);
171  continue;
172  }
173 
174  /* we have a host, or more than one */
175  cnt += HostHashRowTimeout(hb, hb->tail, ts);
176  HRLOCK_UNLOCK(hb);
177  }
178 
179  return cnt;
180 }
181 
host.h
ts
uint64_t ts
Definition: source-erf-file.c:55
HostGetActiveCount
uint32_t HostGetActiveCount(void)
Definition: host-timeout.c:40
ThresholdHostTimeoutCheck
int ThresholdHostTimeoutCheck(Host *host, SCTime_t ts)
Definition: detect-engine-threshold.c:192
Host_::hnext
struct Host_ * hnext
Definition: host.h:75
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
Host_::m
SCMutex m
Definition: host.h:60
HostClearMemory
void HostClearMemory(Host *h)
Definition: host.c:157
ThresholdHostHasThreshold
int ThresholdHostHasThreshold(Host *host)
Definition: detect-engine-threshold.c:93
HRLOCK_UNLOCK
#define HRLOCK_UNLOCK(fb)
Definition: host.h:53
host_hash
HostHashRow * host_hash
Definition: host.c:50
Host_::hprev
struct Host_ * hprev
Definition: host.h:76
TagHostHasTag
int TagHostHasTag(Host *host)
Definition: detect-engine-tag.c:87
host_config
HostConfig host_config
Definition: host.c:53
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
HostHasHostBits
int HostHasHostBits(Host *host)
Definition: host-bit.c:58
detect-engine-tag.h
SCTime_t
Definition: util-time.h:40
reputation.h
host-timeout.h
TagTimeoutCheck
int TagTimeoutCheck(Host *host, SCTime_t ts)
Removes the entries exceeding the max timeout value.
Definition: detect-engine-tag.c:545
SRepHostTimedOut
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
Definition: reputation.c:207
Host_::iprep
void * iprep
Definition: host.h:69
suricata-common.h
HostMoveToSpare
void HostMoveToSpare(Host *h)
Definition: host.c:105
HostBitsTimedoutCheck
int HostBitsTimedoutCheck(Host *h, SCTime_t ts)
Definition: host-bit.c:67
HostConfig_::hash_size
uint32_t hash_size
Definition: host.h:98
HostTimeoutHash
uint32_t HostTimeoutHash(SCTime_t ts)
time out hosts from the hash
Definition: host-timeout.c:156
HostGetSpareCount
uint32_t HostGetSpareCount(void)
Definition: host-timeout.c:35
HRLOCK_TRYLOCK
#define HRLOCK_TRYLOCK(fb)
Definition: host.h:52
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
Host_
Definition: host.h:58
HostSpareQueueGetSize
uint32_t HostSpareQueueGetSize(void)
Definition: host.c:100
SCMutexTrylock
#define SCMutexTrylock(mut)
Definition: threads-debug.h:118
host-bit.h
detect-engine-threshold.h