Flow data structure. More...
#include <flow.h>
Public Member Functions | |
| SC_ATOMIC_DECLARE (FlowStateType, flow_state) | |
| SC_ATOMIC_DECLARE (FlowRefCount, use_cnt) | |
Detailed Description
Flow data structure.
The flow is a global data structure that is created for new packets of a flow and then looked up for the following packets of a flow.
Locking
The flow is updated/used by multiple packets at the same time. This is why there is a flow-mutex. It's a mutex and not a spinlock because some operations on the flow can be quite expensive, thus spinning would be too expensive.
The flow "header" (addresses, ports, proto, recursion level) are static after the initialization and remain read-only throughout the entire live of a flow. This is why we can access those without protection of the lock.
Member Function Documentation
◆ SC_ATOMIC_DECLARE() [1/2]
| Flow_::SC_ATOMIC_DECLARE | ( | FlowRefCount | , |
| use_cnt | |||
| ) |
how many pkts and stream msgs are using the flow right now. This variable is atomic so not protected by the Flow mutex "m".
On receiving a packet the counter is incremented while the flow bucked is locked, which is also the case on timeout pruning.
◆ SC_ATOMIC_DECLARE() [2/2]
| Flow_::SC_ATOMIC_DECLARE | ( | FlowStateType | , |
| flow_state | |||
| ) |
Field Documentation
◆ @123
| union { ... } |
◆ @125
| union { ... } |
◆ alparser
| AppLayerParserState* Flow_::alparser |
application level storage ptrs. parser internal state
Definition at line 451 of file flow.h.
Referenced by AppLayerDecoderEventsSetEvent(), AppLayerProtoDetectReset(), DeStateUpdateInspectTransactionId(), FlowCleanupAppLayer(), and FlowForceReassemblyNeedReassembly().
◆ alproto
| AppProto Flow_::alproto |
application level protocol
Definition at line 423 of file flow.h.
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), AppLayerIncTxCounter(), AppLayerParserSetTransactionInspectId(), AppLayerProtoDetectReset(), DetectEngineInspectBufferGeneric(), DetectRunStoreStateTx(), FlowForceReassemblyNeedReassembly(), FlowGetAppProtocol(), JsonAddFlow(), JsonBuildFileInfoRecord(), and LLVMFuzzerTestOneInput().
◆ alproto_expect
| AppProto Flow_::alproto_expect |
expected app protocol: used in protocol change/upgrade like in STARTTLS.
Definition at line 432 of file flow.h.
Referenced by AppLayerRequestProtocolChange(), and JsonAddFlow().
◆ alproto_orig
| AppProto Flow_::alproto_orig |
original application level protocol. Used to indicate the previous protocol when changing to another protocol , e.g. with STARTTLS.
Definition at line 429 of file flow.h.
Referenced by JsonAddFlow().
◆ alproto_tc
| AppProto Flow_::alproto_tc |
Definition at line 425 of file flow.h.
Referenced by AppLayerHandleTCPData(), AppLayerProtoDetectReset(), and JsonAddFlow().
◆ alproto_ts
| AppProto Flow_::alproto_ts |
Definition at line 424 of file flow.h.
Referenced by AppLayerHandleTCPData(), AppLayerProtoDetectReset(), and JsonAddFlow().
◆ alstate
| void* Flow_::alstate |
application layer state
Definition at line 452 of file flow.h.
Referenced by AppLayerProtoDetectReset(), DeStateUpdateInspectTransactionId(), DetectFileInspectGeneric(), FlowCleanupAppLayer(), FlowForceReassemblyNeedReassembly(), FlowGetAppState(), JsonFTPDataAddMetadata(), and SMTPProcessDataChunk().
◆ code
◆ de_ctx_version
| uint32_t Flow_::de_ctx_version |
◆ dp
| Port Flow_::dp |
tcp/udp destination port
Definition at line 353 of file flow.h.
Referenced by FlowGetFromFlowKey(), FlowInit(), and LLVMFuzzerTestOneInput().
◆ dst
| FlowAddress Flow_::dst |
Definition at line 344 of file flow.h.
Referenced by FlowGetFromFlowKey(), FlowInit(), and LLVMFuzzerTestOneInput().
◆ fb
| struct FlowBucket_* Flow_::fb |
Definition at line 467 of file flow.h.
Referenced by FlowGetFromFlowKey(), and FlowUpdateState().
◆ file_flags
| uint16_t Flow_::file_flags |
file tracking/extraction flags
Definition at line 396 of file flow.h.
Referenced by FileFlowToFlags().
◆ flags
| uint32_t Flow_::flags |
generic flags
Definition at line 394 of file flow.h.
Referenced by FlowChangeProto(), FlowGetFromFlowKey(), FlowGetPacketDirection(), FlowHandlePacketUpdate(), FlowHasAlerts(), FlowInit(), FlowSetChangeProtoFlag(), FlowSetHasAlertsFlag(), FlowSetIPOnlyFlag(), FlowSwap(), FlowUnsetChangeProtoFlag(), and LLVMFuzzerTestOneInput().
◆ flow_end_flags
◆ flow_hash
| uint32_t Flow_::flow_hash |
flow hash - the flow hash before hash table size mod.
Definition at line 368 of file flow.h.
Referenced by FlowGetFromFlowKey().
◆ flowvar
| GenericVar* Flow_::flowvar |
Definition at line 462 of file flow.h.
Referenced by FlowVarAddIdValue(), FlowVarAddIntNoLock(), FlowVarAddKeyValue(), FlowVarGet(), and FlowVarGetByKey().
◆ hnext
| struct Flow_* Flow_::hnext |
hash list pointers, protected by fb->s
Definition at line 465 of file flow.h.
Referenced by FlowGetFromFlowKey().
◆ hprev
| struct Flow_* Flow_::hprev |
Definition at line 466 of file flow.h.
Referenced by FlowGetFromFlowKey().
◆ icmp_d
| struct { ... } Flow_::icmp_d |
◆ icmp_s
| struct { ... } Flow_::icmp_s |
Referenced by FlowInit().
◆ lastts
| struct timeval Flow_::lastts |
Definition at line 373 of file flow.h.
Referenced by AppLayerExpectationCreate(), FlowGetFromFlowKey(), FlowGetLastTimeAsParts(), and FlowHandlePacketUpdate().
◆ livedev
| struct LiveDevice_* Flow_::livedev |
◆ lnext
| struct Flow_* Flow_::lnext |
queue list pointers, protected by queue mutex
Definition at line 470 of file flow.h.
Referenced by FlowDequeue(), FlowEnqueue(), and FlowMoveToSpare().
◆ lprev
| struct Flow_* Flow_::lprev |
Definition at line 471 of file flow.h.
Referenced by FlowDequeue(), FlowEnqueue(), and FlowMoveToSpare().
◆ m
◆ max_ttl_toclient
◆ max_ttl_toserver
| uint8_t Flow_::max_ttl_toserver |
Definition at line 444 of file flow.h.
Referenced by FlowInit().
◆ min_ttl_toclient
◆ min_ttl_toserver
| uint8_t Flow_::min_ttl_toserver |
◆ parent_id
◆ probing_parser_toclient_alproto_masks
| uint32_t Flow_::probing_parser_toclient_alproto_masks |
Definition at line 392 of file flow.h.
Referenced by AppLayerProtoDetectReset(), and FlowSwap().
◆ probing_parser_toserver_alproto_masks
| uint32_t Flow_::probing_parser_toserver_alproto_masks |
Definition at line 391 of file flow.h.
Referenced by AppLayerProtoDetectReset(), and FlowSwap().
◆ proto
| uint8_t Flow_::proto |
Definition at line 359 of file flow.h.
Referenced by AppLayerParserParse(), AppLayerParserSetTransactionInspectId(), DetectEngineInspectBufferGeneric(), DetectRunStoreStateTx(), FlowCleanupAppLayer(), FlowGetDisruptionFlags(), FlowGetFromFlowKey(), FlowInit(), HttpXFFGetIPFromTx(), JsonNFSAddMetadata(), JsonNFSAddMetadataRPC(), JsonRFBAddMetadata(), JsonSIPAddMetadata(), JsonSMBAddMetadata(), LLVMFuzzerTestOneInput(), StreamTcpAppLayerIsDisabled(), UTHAddStreamToFlow(), and UTHRemoveSessionFromFlow().
◆ protoctx
| void* Flow_::protoctx |
protocol specific data pointer, e.g. for TcpSession
Definition at line 414 of file flow.h.
Referenced by AppLayerParserTriggerRawStreamReassembly(), DetectEngineInspectStreamPayload(), FlowClearMemory(), FlowForceReassemblyForFlow(), FlowForceReassemblyNeedReassembly(), FlowGetDisruptionFlags(), LLVMFuzzerTestOneInput(), SMTPProcessDataChunk(), StreamTcpAppLayerIsDisabled(), StreamTcpDetectLogFlush(), StreamTcpDisableAppLayer(), StreamTcpPruneSession(), StreamTcpReassembleDepthReached(), StreamTcpSegmentForEach(), StreamTcpSessionPktFree(), UTHAddSessionToFlow(), UTHAddStreamToFlow(), and UTHRemoveSessionFromFlow().
◆ protodetect_dp
| uint16_t Flow_::protodetect_dp |
destination port to be used in protocol detection. This is meant for use with STARTTLS and HTTP CONNECT detection 0 if not used
Definition at line 400 of file flow.h.
Referenced by AppLayerRequestProtocolChange().
◆ protomap
| uint8_t Flow_::protomap |
mapping to Flow's protocol specific protocols for timeouts and state and free functions.
Definition at line 418 of file flow.h.
Referenced by AppLayerIncTxCounter(), AppLayerParserParse(), FlowGetFromFlowKey(), and LLVMFuzzerTestOneInput().
◆ recursion_level
| uint8_t Flow_::recursion_level |
Definition at line 360 of file flow.h.
Referenced by FlowGetFromFlowKey(), and FlowInit().
◆ sgh_toclient
| const struct SigGroupHead_* Flow_::sgh_toclient |
◆ sgh_toserver
| const struct SigGroupHead_* Flow_::sgh_toserver |
◆ sp
| Port Flow_::sp |
tcp/udp source port
Definition at line 346 of file flow.h.
Referenced by FlowGetFromFlowKey(), FlowGetPacketDirection(), FlowInit(), and LLVMFuzzerTestOneInput().
◆ src
| FlowAddress Flow_::src |
Definition at line 344 of file flow.h.
Referenced by FlowGetFromFlowKey(), FlowGetPacketDirection(), FlowInit(), and LLVMFuzzerTestOneInput().
◆ startts
| struct timeval Flow_::startts |
Definition at line 472 of file flow.h.
Referenced by FlowGetFromFlowKey(), and JsonAddFlow().
◆ tenant_id
| uint32_t Flow_::tenant_id |
◆ thread_id
| FlowThreadId Flow_::thread_id[2] |
◆ todstbytecnt
| uint64_t Flow_::todstbytecnt |
Definition at line 476 of file flow.h.
Referenced by FlowHandlePacketUpdate(), and JsonAddFlow().
◆ todstpktcnt
| uint32_t Flow_::todstpktcnt |
Definition at line 474 of file flow.h.
Referenced by FlowHandlePacketUpdate(), and JsonAddFlow().
◆ tosrcbytecnt
| uint64_t Flow_::tosrcbytecnt |
Definition at line 477 of file flow.h.
Referenced by JsonAddFlow().
◆ tosrcpktcnt
| uint32_t Flow_::tosrcpktcnt |
Definition at line 475 of file flow.h.
Referenced by JsonAddFlow().
◆ type
◆ vlan_id
| uint16_t Flow_::vlan_id[2] |
Definition at line 361 of file flow.h.
Referenced by FlowGetFromFlowKey(), and FlowInit().
◆ vlan_idx
| uint8_t Flow_::vlan_idx |
Definition at line 362 of file flow.h.
Referenced by FlowInit().
The documentation for this struct was generated from the following file:
- src/flow.h
