#include "suricata-common.h"#include "threads.h"#include "decode.h"#include "detect-engine-state.h"#include "flow.h"#include "flow-hash.h"#include "flow-util.h"#include "flow-private.h"#include "flow-manager.h"#include "flow-storage.h"#include "flow-timeout.h"#include "flow-spare-pool.h"#include "flow-callbacks.h"#include "app-layer-parser.h"#include "util-time.h"#include "util-debug.h"#include "util-device-private.h"#include "util-hash-lookup3.h"#include "conf.h"#include "output.h"#include "output-flow.h"#include "stream-tcp.h"#include "util-exception-policy.h"
Go to the source code of this file.
Data Structures | |
| struct | FlowHashKey4_ |
| struct | FlowHashKey6_ |
Macros | |
| #define | FLOW_GET_NEW_TRIES 5 |
| #define | STATSADDUI64(cnt, value) |
Typedefs | |
| typedef struct FlowHashKey4_ | FlowHashKey4 |
| typedef struct FlowHashKey6_ | FlowHashKey6 |
Functions | |
| SC_ATOMIC_EXTERN (unsigned int, flow_prune_idx) | |
| SC_ATOMIC_EXTERN (unsigned int, flow_flags) | |
| uint32_t | FlowGetIpPairProtoHash (const Packet *p) |
| uint32_t | FlowKeyGetHash (FlowKey *fk) |
| void | FlowSetupPacket (Packet *p) |
| prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing. | |
| Flow * | FlowGetFlowFromHash (ThreadVars *tv, FlowLookupStruct *fls, Packet *p, Flow **dest) |
| Get Flow for packet. | |
| Flow * | FlowGetExistingFlowFromFlowId (uint64_t flow_id) |
| Look for existing Flow using a flow id value. | |
| Flow * | FlowGetFromFlowKey (FlowKey *key, struct timespec *ttime, const uint32_t hash) |
| Get or create a Flow using a FlowKey. | |
Variables | |
| TcpStreamCnf | stream_config |
| FlowBucket * | flow_hash |
Detailed Description
Flow Hashing functions.
Definition in file flow-hash.c.
Macro Definition Documentation
◆ FLOW_GET_NEW_TRIES
| #define FLOW_GET_NEW_TRIES 5 |
Definition at line 1148 of file flow-hash.c.
◆ STATSADDUI64
| #define STATSADDUI64 | ( | cnt, | |
| value | |||
| ) |
Definition at line 1199 of file flow-hash.c.
Typedef Documentation
◆ FlowHashKey4
| typedef struct FlowHashKey4_ FlowHashKey4 |
◆ FlowHashKey6
| typedef struct FlowHashKey6_ FlowHashKey6 |
Function Documentation
◆ FlowGetExistingFlowFromFlowId()
| Flow * FlowGetExistingFlowFromFlowId | ( | uint64_t | flow_id | ) |
Look for existing Flow using a flow id value.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the flow_id with the found flow's flow_id to see if it is the flow we need.
- Parameters
-
flow_id Flow ID of the flow to look for
- Return values
-
f LOCKED flow or NULL
Definition at line 1033 of file flow-hash.c.
References FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, flow_hash, FLOWLOCK_WRLOCK, FlowCnf_::hash_size, Flow_::next, and SCLogDebug.
◆ FlowGetFlowFromHash()
| Flow * FlowGetFlowFromHash | ( | ThreadVars * | tv, |
| FlowLookupStruct * | fls, | ||
| Packet * | p, | ||
| Flow ** | dest | ||
| ) |
Get Flow for packet.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found.
If the flow is not found or the bucket was empty, a new flow is taken from the spare pool. The pool will alloc new flows as long as we stay within our memcap limit.
The p->flow pointer is updated to point to the flow.
- Parameters
-
tv thread vars dtv decode thread vars (for flow log api thread data)
- Return values
-
f LOCKED flow or NULL
Definition at line 903 of file flow-hash.c.
References BUG_ON, Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, flow_config, FLOW_EMERGENCY, Packet_::flow_hash, flow_hash, Flow_::flow_hash, FLOW_STATE_NEW, FlowInit(), FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FlowUpdateState(), FlowCnf_::hash_size, Flow_::next, Flow_::protoctx, SC_ATOMIC_GET, SCLogDebug, SCTIME_SECS, TcpSessionPacketSsnReuse(), Packet_::ts, tv, and unlikely.
Referenced by FlowHandlePacket().
◆ FlowGetFromFlowKey()
Get or create a Flow using a FlowKey.
Hash retrieval function for flows. Looks up the hash bucket containing the flow pointer. Then compares the packet with the found flow to see if it is the flow we need. If it isn't, walk the list until the right flow is found. Return a new Flow if ever no Flow was found.
- Parameters
-
key Pointer to FlowKey build using flow to look for ttime time to use for flow creation hash Value of the flow hash
- Return values
-
f LOCKED flow or NULL
Definition at line 1097 of file flow-hash.c.
References FlowKey_::dp, Flow_::dp, FlowKey_::dst, Flow_::dst, Address_::family, Flow_::fb, FBLOCK_LOCK, FBLOCK_UNLOCK, Flow_::flags, flow_config, flow_hash, Flow_::flow_hash, FLOW_IPV4, FLOW_IPV6, FlowAlloc(), FlowGetProtoMapping(), FLOWLOCK_WRLOCK, FlowCnf_::hash_size, Flow_::lastts, Flow_::next, FlowKey_::proto, Flow_::proto, Flow_::protomap, Flow_::recursion_level, SCLogDebug, SCTIME_FROM_TIMESPEC, FlowKey_::sp, Flow_::sp, FlowKey_::src, Flow_::src, Flow_::startts, FlowKey_::vlan_id, and Flow_::vlan_id.
◆ FlowGetIpPairProtoHash()
| uint32_t FlowGetIpPairProtoHash | ( | const Packet * | p | ) |
Definition at line 117 of file flow-hash.c.
References FlowHashKey4_::addrs, ARRAY_SIZE, Packet_::dst, FlowHashKey6_::dst, flow_config, g_recurlvl_mask, g_vlan_mask, FlowCnf_::hash_rand, hashword(), FlowHashKey4_::pad, FlowHashKey6_::pad, FlowHashKey4_::ports, FlowHashKey6_::ports, Packet_::proto, FlowHashKey4_::proto, FlowHashKey6_::proto, FlowHashKey4_::recur, FlowHashKey6_::recur, Packet_::recursion_level, Packet_::src, FlowHashKey6_::src, FlowHashKey6_::u32, FlowHashKey4_::u32, Packet_::vlan_id, FlowHashKey4_::vlan_id, and FlowHashKey6_::vlan_id.
◆ FlowKeyGetHash()
| uint32_t FlowKeyGetHash | ( | FlowKey * | fk | ) |
Basic hashing function for FlowKey
- Note
- Function only used for bypass and TCP or UDP flows
- this is only used at start to create Flow from pinned maps so fairness is not an issue
Definition at line 314 of file flow-hash.c.
References Address_::address, Address_::address_un_data32, FlowHashKey4_::addrs, ARRAY_SIZE, FlowKey_::dp, FlowHashKey6_::dst, FlowKey_::dst, Address_::family, flow_config, g_livedev_mask, g_recurlvl_mask, g_vlan_mask, FlowCnf_::hash_rand, hashword(), FlowHashKey4_::livedev, FlowHashKey6_::livedev, FlowKey_::livedev_id, FlowHashKey6_::pad, FlowHashKey4_::ports, FlowHashKey6_::ports, FlowHashKey4_::proto, FlowHashKey6_::proto, FlowKey_::proto, FlowHashKey4_::recur, FlowHashKey6_::recur, FlowKey_::recursion_level, FlowKey_::sp, FlowHashKey6_::src, FlowKey_::src, FlowHashKey6_::u32, FlowHashKey4_::u32, FlowHashKey4_::vlan_id, FlowHashKey6_::vlan_id, and FlowKey_::vlan_id.
◆ FlowSetupPacket()
| void FlowSetupPacket | ( | Packet * | p | ) |
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow lookup and calc the hash value to be used in the lookup and autofp flow balancing.
Definition at line 533 of file flow-hash.c.
References Packet_::flags, Packet_::flow_hash, and PKT_WANTS_FLOW.
Referenced by DecodeESP(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV4(), DecodeSCTP(), DecodeTCP(), and DecodeUDP().
◆ SC_ATOMIC_EXTERN() [1/2]
| SC_ATOMIC_EXTERN | ( | unsigned int | , |
| flow_flags | |||
| ) |
◆ SC_ATOMIC_EXTERN() [2/2]
| SC_ATOMIC_EXTERN | ( | unsigned int | , |
| flow_prune_idx | |||
| ) |
Variable Documentation
◆ flow_hash
| FlowBucket* flow_hash |
Definition at line 59 of file flow-hash.c.
Referenced by FlowGetExistingFlowFromFlowId(), FlowGetFlowFromHash(), FlowGetFromFlowKey(), FlowInitConfig(), FlowReset(), and FlowShutdown().
◆ stream_config
|
extern |
Definition at line 219 of file stream-tcp.c.
Referenced by AppLayerParserPostStreamSetup(), FileReassemblyDepth(), SCOutputRegisterStreamingLogger(), StreamTcpPruneSession(), StreamTcpReassembleCheckMemcap(), StreamTcpReassembleGetMemcap(), StreamTcpReassembleHandleSegment(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpReassembleInitThreadCtx(), StreamTcpReassembleRealloc(), StreamTcpReassembleSetMemcap(), StreamTcpUTDeinit(), StreamTcpUTInitInline(), and UTHAddStreamToFlow().
