suricata
ippair.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Information about ippairs.
24  */
25 
26 #include "suricata-common.h"
27 #include "conf.h"
28 
29 #include "util-debug.h"
30 #include "ippair.h"
31 #include "ippair-storage.h"
32 
33 #include "util-random.h"
34 #include "util-misc.h"
35 #include "util-byte.h"
36 #include "util-validate.h"
37 
38 #include "ippair-queue.h"
39 
40 #include "detect-tag.h"
41 #include "detect-engine-tag.h"
42 #include "detect-engine-threshold.h"
43 
44 #include "util-hash-lookup3.h"
45 
46 static IPPair *IPPairGetUsedIPPair(void);
47 
48 /** ippair hash table */
49 IPPairHashRow *ippair_hash;
50 /** queue with spare ippairs */
51 static IPPairQueue ippair_spare_q;
52 IPPairConfig ippair_config;
53 SC_ATOMIC_DECLARE(uint64_t,ippair_memuse);
54 SC_ATOMIC_DECLARE(uint32_t,ippair_counter);
55 SC_ATOMIC_DECLARE(uint32_t,ippair_prune_idx);
56 
57 /** size of the ippair object. Maybe updated in IPPairInitConfig to include
58  * the storage APIs additions. */
59 static uint16_t g_ippair_size = sizeof(IPPair);
60 
61 /**
62  * \brief Update memcap value
63  *
64  * \param size new memcap value
65  */
66 int IPPairSetMemcap(uint64_t size)
67 {
68  if ((uint64_t)SC_ATOMIC_GET(ippair_memuse) < size) {
69  SC_ATOMIC_SET(ippair_config.memcap, size);
70  return 1;
71  }
72 
73  return 0;
74 }
75 
76 /**
77  * \brief Return memcap value
78  *
79  * \retval memcap value
80  */
81 uint64_t IPPairGetMemcap(void)
82 {
83  uint64_t memcapcopy = SC_ATOMIC_GET(ippair_config.memcap);
84  return memcapcopy;
85 }
86 
87 /**
88  * \brief Return memuse value
89  *
90  * \retval memuse value
91  */
92 uint64_t IPPairGetMemuse(void)
93 {
94  uint64_t memusecopy = SC_ATOMIC_GET(ippair_memuse);
95  return memusecopy;
96 }
97 
98 void IPPairMoveToSpare(IPPair *h)
99 {
100  IPPairEnqueue(&ippair_spare_q, h);
101  (void) SC_ATOMIC_SUB(ippair_counter, 1);
102 }
103 
104 IPPair *IPPairAlloc(void)
105 {
106  if (!(IPPAIR_CHECK_MEMCAP(g_ippair_size))) {
107  return NULL;
108  }
109 
110  (void) SC_ATOMIC_ADD(ippair_memuse, g_ippair_size);
111 
112  IPPair *h = SCCalloc(1, g_ippair_size);
113  if (unlikely(h == NULL))
114  goto error;
115 
116  SCMutexInit(&h->m, NULL);
117  SC_ATOMIC_INIT(h->use_cnt);
118  return h;
119 
120 error:
121  return NULL;
122 }
123 
124 void IPPairFree(IPPair *h)
125 {
126  if (h != NULL) {
127  IPPairClearMemory(h);
128  SCMutexDestroy(&h->m);
129  SCFree(h);
130  (void) SC_ATOMIC_SUB(ippair_memuse, g_ippair_size);
131  }
132 }
133 
134 static IPPair *IPPairNew(Address *a, Address *b)
135 {
136  IPPair *p = IPPairAlloc();
137  if (p == NULL)
138  goto error;
139 
140  /* copy addresses */
141  COPY_ADDRESS(a, &p->a[0]);
142  COPY_ADDRESS(b, &p->a[1]);
143 
144  return p;
145 
146 error:
147  return NULL;
148 }
149 
150 void IPPairClearMemory(IPPair *h)
151 {
152  if (IPPairStorageSize() > 0)
153  IPPairFreeStorage(h);
154 }
155 
156 #define IPPAIR_DEFAULT_HASHSIZE 4096
157 #define IPPAIR_DEFAULT_MEMCAP 16777216
158 #define IPPAIR_DEFAULT_PREALLOC 1000
159 
160 /** \brief initialize the configuration
161  * \warning Not thread safe */
162 void IPPairInitConfig(bool quiet)
163 {
164  SCLogDebug("initializing ippair engine...");
165  if (IPPairStorageSize() > 0) {
166  DEBUG_VALIDATE_BUG_ON(sizeof(IPPair) + IPPairStorageSize() > UINT16_MAX);
167  g_ippair_size = (uint16_t)(sizeof(IPPair) + IPPairStorageSize());
168  }
169 
170  memset(&ippair_config, 0, sizeof(ippair_config));
171  //SC_ATOMIC_INIT(flow_flags);
172  SC_ATOMIC_INIT(ippair_counter);
173  SC_ATOMIC_INIT(ippair_memuse);
174  SC_ATOMIC_INIT(ippair_prune_idx);
175  SC_ATOMIC_INIT(ippair_config.memcap);
176  IPPairQueueInit(&ippair_spare_q);
177 
178  /* set defaults */
179  ippair_config.hash_rand = (uint32_t)RandomGet();
180  ippair_config.hash_size = IPPAIR_DEFAULT_HASHSIZE;
181  ippair_config.prealloc = IPPAIR_DEFAULT_PREALLOC;
182  SC_ATOMIC_SET(ippair_config.memcap, IPPAIR_DEFAULT_MEMCAP);
183 
184  /* Check if we have memcap and hash_size defined at config */
185  const char *conf_val;
186  uint32_t configval = 0;
187 
188  /** set config values for memcap, prealloc and hash_size */
189  uint64_t ippair_memcap;
190  if ((ConfGet("ippair.memcap", &conf_val)) == 1)
191  {
192  if (ParseSizeStringU64(conf_val, &ippair_memcap) < 0) {
193  SCLogError("Error parsing ippair.memcap "
194  "from conf file - %s. Killing engine",
195  conf_val);
196  exit(EXIT_FAILURE);
197  } else {
198  SC_ATOMIC_SET(ippair_config.memcap, ippair_memcap);
199  }
200  }
201  if ((ConfGet("ippair.hash-size", &conf_val)) == 1)
202  {
203  if (StringParseUint32(&configval, 10, strlen(conf_val),
204  conf_val) > 0) {
205  ippair_config.hash_size = configval;
206  }
207  }
208 
209  if ((ConfGet("ippair.prealloc", &conf_val)) == 1)
210  {
211  if (StringParseUint32(&configval, 10, strlen(conf_val),
212  conf_val) > 0) {
213  ippair_config.prealloc = configval;
214  } else {
215  WarnInvalidConfEntry("ippair.prealloc", "%"PRIu32, ippair_config.prealloc);
216  }
217  }
218  SCLogDebug("IPPair config from suricata.yaml: memcap: %"PRIu64", hash-size: "
219  "%"PRIu32", prealloc: %"PRIu32, SC_ATOMIC_GET(ippair_config.memcap),
220  ippair_config.hash_size, ippair_config.prealloc);
221 
222  /* alloc hash memory */
223  uint64_t hash_size = ippair_config.hash_size * sizeof(IPPairHashRow);
224  if (!(IPPAIR_CHECK_MEMCAP(hash_size))) {
225  SCLogError("allocating ippair hash failed: "
226  "max ippair memcap is smaller than projected hash size. "
227  "Memcap: %" PRIu64 ", Hash table size %" PRIu64 ". Calculate "
228  "total hash size by multiplying \"ippair.hash-size\" with %" PRIuMAX ", "
229  "which is the hash bucket size.",
230  SC_ATOMIC_GET(ippair_config.memcap), hash_size, (uintmax_t)sizeof(IPPairHashRow));
231  exit(EXIT_FAILURE);
232  }
233  ippair_hash = SCMallocAligned(ippair_config.hash_size * sizeof(IPPairHashRow), CLS);
234  if (unlikely(ippair_hash == NULL)) {
235  FatalError("Fatal error encountered in IPPairInitConfig. Exiting...");
236  }
237  memset(ippair_hash, 0, ippair_config.hash_size * sizeof(IPPairHashRow));
238 
239  uint32_t i = 0;
240  for (i = 0; i < ippair_config.hash_size; i++) {
241  HRLOCK_INIT(&ippair_hash[i]);
242  }
243  (void) SC_ATOMIC_ADD(ippair_memuse, (ippair_config.hash_size * sizeof(IPPairHashRow)));
244 
245  if (!quiet) {
246  SCLogConfig("allocated %"PRIu64" bytes of memory for the ippair hash... "
247  "%" PRIu32 " buckets of size %" PRIuMAX "",
248  SC_ATOMIC_GET(ippair_memuse), ippair_config.hash_size,
249  (uintmax_t)sizeof(IPPairHashRow));
250  }
251 
252  /* pre allocate ippairs */
253  for (i = 0; i < ippair_config.prealloc; i++) {
254  if (!(IPPAIR_CHECK_MEMCAP(g_ippair_size))) {
255  SCLogError("preallocating ippairs failed: "
256  "max ippair memcap reached. Memcap %" PRIu64 ", "
257  "Memuse %" PRIu64 ".",
258  SC_ATOMIC_GET(ippair_config.memcap),
259  ((uint64_t)SC_ATOMIC_GET(ippair_memuse) + g_ippair_size));
260  exit(EXIT_FAILURE);
261  }
262 
263  IPPair *h = IPPairAlloc();
264  if (h == NULL) {
265  SCLogError("preallocating ippair failed: %s", strerror(errno));
266  exit(EXIT_FAILURE);
267  }
268  IPPairEnqueue(&ippair_spare_q,h);
269  }
270 
271  if (!quiet) {
272  SCLogConfig("preallocated %" PRIu32 " ippairs of size %" PRIu16 "",
273  ippair_spare_q.len, g_ippair_size);
274  SCLogConfig("ippair memory usage: %"PRIu64" bytes, maximum: %"PRIu64,
275  SC_ATOMIC_GET(ippair_memuse), SC_ATOMIC_GET(ippair_config.memcap));
276  }
277 
278  return;
279 }
280 
281 /** \brief print some ippair stats
282  * \warning Not thread safe */
283 void IPPairPrintStats (void)
284 {
285 #ifdef IPPAIRBITS_STATS
286  SCLogPerf("ippairbits added: %" PRIu32 ", removed: %" PRIu32 ", max memory usage: %" PRIu32 "",
287  ippairbits_added, ippairbits_removed, ippairbits_memuse_max);
288 #endif /* IPPAIRBITS_STATS */
289  SCLogPerf("ippair memory usage: %"PRIu64" bytes, maximum: %"PRIu64,
290  SC_ATOMIC_GET(ippair_memuse), SC_ATOMIC_GET(ippair_config.memcap));
291  return;
292 }
293 
294 /** \brief shutdown the flow engine
295  * \warning Not thread safe */
296 void IPPairShutdown(void)
297 {
298  IPPair *h;
299  uint32_t u;
300 
301  IPPairPrintStats();
302 
303  /* free spare queue */
304  while((h = IPPairDequeue(&ippair_spare_q))) {
305  BUG_ON(SC_ATOMIC_GET(h->use_cnt) > 0);
306  IPPairFree(h);
307  }
308 
309  /* clear and free the hash */
310  if (ippair_hash != NULL) {
311  for (u = 0; u < ippair_config.hash_size; u++) {
312  h = ippair_hash[u].head;
313  while (h) {
314  IPPair *n = h->hnext;
315  IPPairFree(h);
316  h = n;
317  }
318 
319  HRLOCK_DESTROY(&ippair_hash[u]);
320  }
321  SCFreeAligned(ippair_hash);
322  ippair_hash = NULL;
323  }
324  (void) SC_ATOMIC_SUB(ippair_memuse, ippair_config.hash_size * sizeof(IPPairHashRow));
325  IPPairQueueDestroy(&ippair_spare_q);
326  return;
327 }
328 
329 /** \brief Cleanup the ippair engine
330  *
331  * Cleanup the ippair engine from tag and threshold.
332  *
333  */
334 void IPPairCleanup(void)
335 {
336  if (ippair_hash != NULL) {
337  for (uint32_t u = 0; u < ippair_config.hash_size; u++) {
338  IPPairHashRow *hb = &ippair_hash[u];
339  HRLOCK_LOCK(hb);
340  IPPair *h = ippair_hash[u].head;
341  while (h) {
342  if ((SC_ATOMIC_GET(h->use_cnt) > 0)) {
343  /* iprep is attached to ippair only clear local storage */
344  IPPairFreeStorage(h);
345  h = h->hnext;
346  } else {
347  IPPair *n = h->hnext;
348  /* remove from the hash */
349  if (h->hprev != NULL)
350  h->hprev->hnext = h->hnext;
351  if (h->hnext != NULL)
352  h->hnext->hprev = h->hprev;
353  if (hb->head == h)
354  hb->head = h->hnext;
355  if (hb->tail == h)
356  hb->tail = h->hprev;
357  h->hnext = NULL;
358  h->hprev = NULL;
359  IPPairClearMemory(h);
360  IPPairMoveToSpare(h);
361  h = n;
362  }
363  }
364  HRLOCK_UNLOCK(hb);
365  }
366  }
367 
368  return;
369 }
370 
371 /** \brief compare two raw ipv6 addrs
372  *
373  * \note we don't care about the real ipv6 ip's, this is just
374  * to consistently fill the FlowHashKey6 struct, without all
375  * the SCNtohl calls.
376  *
377  * \warning do not use elsewhere unless you know what you're doing.
378  * detect-engine-address-ipv6.c's AddressIPv6GtU32 is likely
379  * what you are looking for.
380  * Copied from FlowHashRawAddressIPv6GtU32
381  */
382 static inline int IPPairHashRawAddressIPv6GtU32(const uint32_t *a, const uint32_t *b)
383 {
384  int i;
385 
386  for (i = 0; i < 4; i++) {
387  if (a[i] > b[i])
388  return 1;
389  if (a[i] < b[i])
390  break;
391  }
392 
393  return 0;
394 }
395 
396 /* calculate the hash key for this packet
397  *
398  * we're using:
399  * hash_rand -- set at init time
400  * source address
401  */
402 static uint32_t IPPairGetKey(Address *a, Address *b)
403 {
404  uint32_t key;
405 
406  if (a->family == AF_INET) {
407  uint32_t addrs[2] = { MIN(a->addr_data32[0], b->addr_data32[0]),
408  MAX(a->addr_data32[0], b->addr_data32[0]) };
409  uint32_t hash = hashword(addrs, 2, ippair_config.hash_rand);
410  key = hash % ippair_config.hash_size;
411  } else if (a->family == AF_INET6) {
412  uint32_t addrs[8];
413  if (IPPairHashRawAddressIPv6GtU32(&a->addr_data32[0],&b->addr_data32[0])) {
414  addrs[0] = b->addr_data32[0];
415  addrs[1] = b->addr_data32[1];
416  addrs[2] = b->addr_data32[2];
417  addrs[3] = b->addr_data32[3];
418  addrs[4] = a->addr_data32[0];
419  addrs[5] = a->addr_data32[1];
420  addrs[6] = a->addr_data32[2];
421  addrs[7] = a->addr_data32[3];
422  } else {
423  addrs[0] = a->addr_data32[0];
424  addrs[1] = a->addr_data32[1];
425  addrs[2] = a->addr_data32[2];
426  addrs[3] = a->addr_data32[3];
427  addrs[4] = b->addr_data32[0];
428  addrs[5] = b->addr_data32[1];
429  addrs[6] = b->addr_data32[2];
430  addrs[7] = b->addr_data32[3];
431  }
432  uint32_t hash = hashword(addrs, 8, ippair_config.hash_rand);
433  key = hash % ippair_config.hash_size;
434  } else
435  key = 0;
436 
437  return key;
438 }
439 
440 /* Since two or more ippairs can have the same hash key, we need to compare
441  * the ippair with the current addresses. */
442 static inline int IPPairCompare(IPPair *p, Address *a, Address *b)
443 {
444  /* compare in both directions */
445  if ((CMP_ADDR(&p->a[0], a) && CMP_ADDR(&p->a[1], b)) ||
446  (CMP_ADDR(&p->a[0], b) && CMP_ADDR(&p->a[1], a)))
447  return 1;
448  return 0;
449 }
450 
451 /**
452  * \brief Get a new ippair
453  *
454  * Get a new ippair. We're checking memcap first and will try to make room
455  * if the memcap is reached.
456  *
457  * \retval h *LOCKED* ippair on succes, NULL on error.
458  */
459 static IPPair *IPPairGetNew(Address *a, Address *b)
460 {
461  IPPair *h = NULL;
462 
463  /* get a ippair from the spare queue */
464  h = IPPairDequeue(&ippair_spare_q);
465  if (h == NULL) {
466  /* If we reached the max memcap, we get a used ippair */
467  if (!(IPPAIR_CHECK_MEMCAP(g_ippair_size))) {
468  /* declare state of emergency */
469  //if (!(SC_ATOMIC_GET(ippair_flags) & IPPAIR_EMERGENCY)) {
470  // SC_ATOMIC_OR(ippair_flags, IPPAIR_EMERGENCY);
471 
472  /* under high load, waking up the flow mgr each time leads
473  * to high cpu usage. Flows are not timed out much faster if
474  * we check a 1000 times a second. */
475  // FlowWakeupFlowManagerThread();
476  //}
477 
478  h = IPPairGetUsedIPPair();
479  if (h == NULL) {
480  return NULL;
481  }
482 
483  /* freed a ippair, but it's unlocked */
484  } else {
485  /* now see if we can alloc a new ippair */
486  h = IPPairNew(a,b);
487  if (h == NULL) {
488  return NULL;
489  }
490 
491  /* ippair is initialized but *unlocked* */
492  }
493  } else {
494  /* ippair has been recycled before it went into the spare queue */
495 
496  /* ippair is initialized (recycled) but *unlocked* */
497  }
498 
499  (void) SC_ATOMIC_ADD(ippair_counter, 1);
500  SCMutexLock(&h->m);
501  return h;
502 }
503 
504 static void IPPairInit(IPPair *h, Address *a, Address *b)
505 {
506  COPY_ADDRESS(a, &h->a[0]);
507  COPY_ADDRESS(b, &h->a[1]);
508  (void) IPPairIncrUsecnt(h);
509 }
510 
511 void IPPairRelease(IPPair *h)
512 {
513  (void) IPPairDecrUsecnt(h);
514  SCMutexUnlock(&h->m);
515 }
516 
517 void IPPairUnlock(IPPair *h)
518 {
519  SCMutexUnlock(&h->m);
520 }
521 
522 /* IPPairGetIPPairFromHash
523  *
524  * Hash retrieval function for ippairs. Looks up the hash bucket containing the
525  * ippair pointer. Then compares the packet with the found ippair to see if it is
526  * the ippair we need. If it isn't, walk the list until the right ippair is found.
527  *
528  * returns a *LOCKED* ippair or NULL
529  */
530 IPPair *IPPairGetIPPairFromHash (Address *a, Address *b)
531 {
532  IPPair *h = NULL;
533 
534  /* get the key to our bucket */
535  uint32_t key = IPPairGetKey(a, b);
536  /* get our hash bucket and lock it */
537  IPPairHashRow *hb = &ippair_hash[key];
538  HRLOCK_LOCK(hb);
539 
540  /* see if the bucket already has a ippair */
541  if (hb->head == NULL) {
542  h = IPPairGetNew(a,b);
543  if (h == NULL) {
544  HRLOCK_UNLOCK(hb);
545  return NULL;
546  }
547 
548  /* ippair is locked */
549  hb->head = h;
550  hb->tail = h;
551 
552  /* got one, now lock, initialize and return */
553  IPPairInit(h,a,b);
554 
555  HRLOCK_UNLOCK(hb);
556  return h;
557  }
558 
559  /* ok, we have a ippair in the bucket. Let's find out if it is our ippair */
560  h = hb->head;
561 
562  /* see if this is the ippair we are looking for */
563  if (IPPairCompare(h, a, b) == 0) {
564  IPPair *ph = NULL; /* previous ippair */
565 
566  while (h) {
567  ph = h;
568  h = h->hnext;
569 
570  if (h == NULL) {
571  h = ph->hnext = IPPairGetNew(a,b);
572  if (h == NULL) {
573  HRLOCK_UNLOCK(hb);
574  return NULL;
575  }
576  hb->tail = h;
577 
578  /* ippair is locked */
579 
580  h->hprev = ph;
581 
582  /* initialize and return */
583  IPPairInit(h,a,b);
584 
585  HRLOCK_UNLOCK(hb);
586  return h;
587  }
588 
589  if (IPPairCompare(h, a, b) != 0) {
590  /* we found our ippair, lets put it on top of the
591  * hash list -- this rewards active ippairs */
592  if (h->hnext) {
593  h->hnext->hprev = h->hprev;
594  }
595  if (h->hprev) {
596  h->hprev->hnext = h->hnext;
597  }
598  if (h == hb->tail) {
599  hb->tail = h->hprev;
600  }
601 
602  h->hnext = hb->head;
603  h->hprev = NULL;
604  hb->head->hprev = h;
605  hb->head = h;
606 
607  /* found our ippair, lock & return */
608  SCMutexLock(&h->m);
609  (void) IPPairIncrUsecnt(h);
610  HRLOCK_UNLOCK(hb);
611  return h;
612  }
613  }
614  }
615 
616  /* lock & return */
617  SCMutexLock(&h->m);
618  (void) IPPairIncrUsecnt(h);
619  HRLOCK_UNLOCK(hb);
620  return h;
621 }
622 
623 /** \brief look up a ippair in the hash
624  *
625  * \param a address to look up
626  *
627  * \retval h *LOCKED* ippair or NULL
628  */
629 IPPair *IPPairLookupIPPairFromHash (Address *a, Address *b)
630 {
631  IPPair *h = NULL;
632 
633  /* get the key to our bucket */
634  uint32_t key = IPPairGetKey(a, b);
635  /* get our hash bucket and lock it */
636  IPPairHashRow *hb = &ippair_hash[key];
637  HRLOCK_LOCK(hb);
638 
639  /* see if the bucket already has a ippair */
640  if (hb->head == NULL) {
641  HRLOCK_UNLOCK(hb);
642  return h;
643  }
644 
645  /* ok, we have a ippair in the bucket. Let's find out if it is our ippair */
646  h = hb->head;
647 
648  /* see if this is the ippair we are looking for */
649  if (IPPairCompare(h, a, b) == 0) {
650  while (h) {
651  h = h->hnext;
652 
653  if (h == NULL) {
654  HRLOCK_UNLOCK(hb);
655  return h;
656  }
657 
658  if (IPPairCompare(h, a, b) != 0) {
659  /* we found our ippair, lets put it on top of the
660  * hash list -- this rewards active ippairs */
661  if (h->hnext) {
662  h->hnext->hprev = h->hprev;
663  }
664  if (h->hprev) {
665  h->hprev->hnext = h->hnext;
666  }
667  if (h == hb->tail) {
668  hb->tail = h->hprev;
669  }
670 
671  h->hnext = hb->head;
672  h->hprev = NULL;
673  hb->head->hprev = h;
674  hb->head = h;
675 
676  /* found our ippair, lock & return */
677  SCMutexLock(&h->m);
678  (void) IPPairIncrUsecnt(h);
679  HRLOCK_UNLOCK(hb);
680  return h;
681  }
682  }
683  }
684 
685  /* lock & return */
686  SCMutexLock(&h->m);
687  (void) IPPairIncrUsecnt(h);
688  HRLOCK_UNLOCK(hb);
689  return h;
690 }
691 
692 /** \internal
693  * \brief Get a ippair from the hash directly.
694  *
695  * Called in conditions where the spare queue is empty and memcap is reached.
696  *
697  * Walks the hash until a ippair can be freed. "ippair_prune_idx" atomic int makes
698  * sure we don't start at the top each time since that would clear the top of
699  * the hash leading to longer and longer search times under high pressure (observed).
700  *
701  * \retval h ippair or NULL
702  */
703 static IPPair *IPPairGetUsedIPPair(void)
704 {
705  uint32_t idx = SC_ATOMIC_GET(ippair_prune_idx) % ippair_config.hash_size;
706  uint32_t cnt = ippair_config.hash_size;
707 
708  while (cnt--) {
709  if (++idx >= ippair_config.hash_size)
710  idx = 0;
711 
712  IPPairHashRow *hb = &ippair_hash[idx];
713 
714  if (HRLOCK_TRYLOCK(hb) != 0)
715  continue;
716 
717  IPPair *h = hb->tail;
718  if (h == NULL) {
719  HRLOCK_UNLOCK(hb);
720  continue;
721  }
722 
723  if (SCMutexTrylock(&h->m) != 0) {
724  HRLOCK_UNLOCK(hb);
725  continue;
726  }
727 
728  /** never prune a ippair that is used by a packets
729  * we are currently processing in one of the threads */
730  if (SC_ATOMIC_GET(h->use_cnt) > 0) {
731  HRLOCK_UNLOCK(hb);
732  SCMutexUnlock(&h->m);
733  continue;
734  }
735 
736  /* remove from the hash */
737  if (h->hprev != NULL)
738  h->hprev->hnext = h->hnext;
739  if (h->hnext != NULL)
740  h->hnext->hprev = h->hprev;
741  if (hb->head == h)
742  hb->head = h->hnext;
743  if (hb->tail == h)
744  hb->tail = h->hprev;
745 
746  h->hnext = NULL;
747  h->hprev = NULL;
748  HRLOCK_UNLOCK(hb);
749 
750  IPPairClearMemory (h);
751 
752  SCMutexUnlock(&h->m);
753 
754  (void) SC_ATOMIC_ADD(ippair_prune_idx, (ippair_config.hash_size - cnt));
755  return h;
756  }
757 
758  return NULL;
759 }
760 
761 void IPPairRegisterUnittests(void)
762 {
763  RegisterIPPairStorageTests();
764 }
HRLOCK_DESTROY
#define HRLOCK_DESTROY(fb)
Definition: host.h:50
util-byte.h
ippair.h
IPPairQueue_::len
uint32_t len
Definition: ippair-queue.h:45
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:162
hashword
uint32_t hashword(const uint32_t *k, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:174
IPPAIR_DEFAULT_HASHSIZE
#define IPPAIR_DEFAULT_HASHSIZE
Definition: ippair.c:156
IPPair_::a
Address a[2]
Definition: ippair.h:63
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(uint64_t, ippair_memuse)
IPPairRelease
void IPPairRelease(IPPair *h)
Definition: ippair.c:511
CLS
#define CLS
Definition: suricata-common.h:56
IPPAIR_DEFAULT_PREALLOC
#define IPPAIR_DEFAULT_PREALLOC
Definition: ippair.c:158
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
IPPairIncrUsecnt
#define IPPairIncrUsecnt(h)
Definition: ippair.h:108
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:198
IPPairQueueInit
IPPairQueue * IPPairQueueInit(IPPairQueue *q)
Definition: ippair-queue.c:33
IPPairRegisterUnittests
void IPPairRegisterUnittests(void)
Definition: ippair.c:761
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:332
IPPAIR_CHECK_MEMCAP
#define IPPAIR_CHECK_MEMCAP(size)
check if a memory alloc would fit in the memcap
Definition: ippair.h:105
IPPairDecrUsecnt
#define IPPairDecrUsecnt(h)
Definition: ippair.h:110
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
MIN
#define MIN(x, y)
Definition: suricata-common.h:391
Address_
Definition: decode.h:116
IPPairDequeue
IPPair * IPPairDequeue(IPPairQueue *q)
remove a ippair from the queue
Definition: ippair-queue.c:102
RandomGet
long int RandomGet(void)
Definition: util-random.c:130
IPPairAlloc
IPPair * IPPairAlloc(void)
Definition: ippair.c:104
detect-tag.h
IPPairMoveToSpare
void IPPairMoveToSpare(IPPair *h)
Definition: ippair.c:98
MAX
#define MAX(x, y)
Definition: suricata-common.h:395
IPPairStorageSize
unsigned int IPPairStorageSize(void)
Definition: ippair-storage.c:30
IPPair_::m
SCMutex m
Definition: ippair.h:60
HRLOCK_LOCK
#define HRLOCK_LOCK(fb)
Definition: host.h:51
IPPairFree
void IPPairFree(IPPair *h)
Definition: ippair.c:124
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:296
IPPairConfig_::prealloc
uint32_t prealloc
Definition: ippair.h:95
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
HRLOCK_UNLOCK
#define HRLOCK_UNLOCK(fb)
Definition: host.h:53
util-debug.h
ippair_config
IPPairConfig ippair_config
Definition: ippair.c:52
IPPairCleanup
void IPPairCleanup(void)
Cleanup the ippair engine.
Definition: ippair.c:334
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
IPPairGetMemcap
uint64_t IPPairGetMemcap(void)
Return memcap value.
Definition: ippair.c:81
StringParseUint32
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:313
IPPairGetIPPairFromHash
IPPair * IPPairGetIPPairFromHash(Address *a, Address *b)
Definition: ippair.c:530
IPPairEnqueue
void IPPairEnqueue(IPPairQueue *q, IPPair *h)
add a ippair to a queue
Definition: ippair-queue.c:69
IPPairQueue_
Definition: ippair-queue.h:42
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
IPPAIR_DEFAULT_MEMCAP
#define IPPAIR_DEFAULT_MEMCAP
Definition: ippair.c:157
detect-engine-tag.h
IPPairUnlock
void IPPairUnlock(IPPair *h)
Definition: ippair.c:517
SC_ATOMIC_SUB
#define SC_ATOMIC_SUB(name, val)
sub a value from our atomic variable
Definition: util-atomic.h:341
SCFreeAligned
#define SCFreeAligned(p)
Definition: util-mem.h:77
conf.h
HRLOCK_INIT
#define HRLOCK_INIT(fb)
Definition: host.h:49
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:35
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
CMP_ADDR
#define CMP_ADDR(a1, a2)
Definition: decode.h:234
suricata-common.h
RegisterIPPairStorageTests
void RegisterIPPairStorageTests(void)
Definition: ippair-storage.c:292
IPPair_
Definition: ippair.h:58
IPPairConfig_::hash_size
uint32_t hash_size
Definition: ippair.h:94
SCMallocAligned
#define SCMallocAligned(size, align)
Definition: util-mem.h:68
SCLogPerf
#define SCLogPerf(...)
Definition: util-debug.h:230
IPPairGetMemuse
uint64_t IPPairGetMemuse(void)
Return memuse value.
Definition: ippair.c:92
IPPairClearMemory
void IPPairClearMemory(IPPair *h)
Definition: ippair.c:150
FatalError
#define FatalError(...)
Definition: util-debug.h:502
util-hash-lookup3.h
IPPair_::hprev
struct IPPair_ * hprev
Definition: ippair.h:70
util-validate.h
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
IPPairConfig_
Definition: ippair.h:91
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
IPPair_::hnext
struct IPPair_ * hnext
Definition: ippair.h:69
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ippair-queue.h
util-random.h
HRLOCK_TRYLOCK
#define HRLOCK_TRYLOCK(fb)
Definition: host.h:52
IPPairQueueDestroy
void IPPairQueueDestroy(IPPairQueue *q)
Destroy a ippair queue.
Definition: ippair-queue.c:58
IPPairSetMemcap
int IPPairSetMemcap(uint64_t size)
Update memcap value.
Definition: ippair.c:66
Address_::family
char family
Definition: decode.h:117
IPPairLookupIPPairFromHash
IPPair * IPPairLookupIPPairFromHash(Address *a, Address *b)
look up a ippair in the hash
Definition: ippair.c:629
IPPairFreeStorage
void IPPairFreeStorage(IPPair *h)
Definition: ippair-storage.c:50
IPPair
struct IPPair_ IPPair
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
util-misc.h
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:131
IPPairConfig_::hash_rand
uint32_t hash_rand
Definition: ippair.h:93
ippair-storage.h
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ippair_hash
IPPairHashRow * ippair_hash
Definition: ippair.c:49
SCMutexDestroy
#define SCMutexDestroy
Definition: threads-debug.h:120
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:103
IPPairPrintStats
void IPPairPrintStats(void)
print some ippair stats
Definition: ippair.c:283
SCMutexTrylock
#define SCMutexTrylock(mut)
Definition: threads-debug.h:118
detect-engine-threshold.h