suricata
flow-util.h
Go to the documentation of this file.
1/* Copyright (C) 2007-2012 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 */
23
24#ifndef SURICATA_FLOW_UTIL_H
25#define SURICATA_FLOW_UTIL_H
26
27#include "flow.h"
28#include "stream-tcp-private.h"
29
30#define RESET_COUNTERS(f) \
31 do { \
32 (f)->todstpktcnt = 0; \
33 (f)->tosrcpktcnt = 0; \
34 (f)->todstbytecnt = 0; \
35 (f)->tosrcbytecnt = 0; \
36 } while (0)
37
38#define FLOW_INITIALIZE(f) \
39 do { \
40 (f)->sp = 0; \
41 (f)->dp = 0; \
42 (f)->proto = 0; \
43 (f)->livedev = NULL; \
44 (f)->timeout_policy = 0; \
45 (f)->vlan_idx = 0; \
46 (f)->next = NULL; \
47 (f)->flow_state = 0; \
48 (f)->tenant_id = 0; \
49 (f)->parent_id = 0; \
50 (f)->probing_parser_toserver_alproto_masks = 0; \
51 (f)->probing_parser_toclient_alproto_masks = 0; \
52 (f)->flags = 0; \
53 (f)->file_flags = 0; \
54 (f)->protodetect_dp = 0; \
55 SCTIME_INIT((f)->lastts); \
56 FLOWLOCK_INIT((f)); \
57 (f)->protoctx = NULL; \
58 (f)->flow_end_flags = 0; \
59 (f)->alproto = 0; \
60 (f)->alproto_ts = 0; \
61 (f)->alproto_tc = 0; \
62 (f)->alproto_orig = 0; \
63 (f)->alproto_expect = 0; \
64 (f)->de_ctx_version = 0; \
65 (f)->thread_id[0] = 0; \
66 (f)->thread_id[1] = 0; \
67 (f)->alparser = NULL; \
68 (f)->alstate = NULL; \
69 (f)->sgh_toserver = NULL; \
70 (f)->sgh_toclient = NULL; \
71 (f)->flowvar = NULL; \
72 RESET_COUNTERS((f)); \
73 } while (0)
74
75/** \brief macro to recycle a flow before it goes into the spare queue for reuse.
76 *
77 * Note that the lnext, lprev, hnext fields are untouched, those are
78 * managed by the queueing code. Same goes for fb (FlowBucket ptr) field.
79 */
80#define FLOW_RECYCLE(f) \
81 do { \
82 FlowCleanupAppLayer((f)); \
83 (f)->sp = 0; \
84 (f)->dp = 0; \
85 (f)->proto = 0; \
86 (f)->livedev = NULL; \
87 (f)->vlan_idx = 0; \
88 (f)->ffr = 0; \
89 (f)->next = NULL; \
90 (f)->timeout_policy = 0; \
91 (f)->flow_state = 0; \
92 (f)->tenant_id = 0; \
93 (f)->parent_id = 0; \
94 (f)->probing_parser_toserver_alproto_masks = 0; \
95 (f)->probing_parser_toclient_alproto_masks = 0; \
96 (f)->flags = 0; \
97 (f)->file_flags = 0; \
98 (f)->protodetect_dp = 0; \
99 SCTIME_INIT((f)->lastts); \
100 (f)->protoctx = NULL; \
101 (f)->flow_end_flags = 0; \
102 (f)->alparser = NULL; \
103 (f)->alstate = NULL; \
104 (f)->alproto = 0; \
105 (f)->alproto_ts = 0; \
106 (f)->alproto_tc = 0; \
107 (f)->alproto_orig = 0; \
108 (f)->alproto_expect = 0; \
109 (f)->de_ctx_version = 0; \
110 (f)->thread_id[0] = 0; \
111 (f)->thread_id[1] = 0; \
112 (f)->sgh_toserver = NULL; \
113 (f)->sgh_toclient = NULL; \
114 GenericVarFree((f)->flowvar); \
115 (f)->flowvar = NULL; \
116 RESET_COUNTERS((f)); \
117 } while (0)
118
119#define FLOW_DESTROY(f) \
120 do { \
121 FlowCleanupAppLayer((f)); \
122 \
123 FLOWLOCK_DESTROY((f)); \
124 GenericVarFree((f)->flowvar); \
125 } while (0)
126
127/** \brief check if a memory alloc would fit in the memcap
128 *
129 * \param size memory allocation size to check
130 *
131 * \retval 1 it fits
132 * \retval 0 no fit
133 */
134#define FLOW_CHECK_MEMCAP(size) \
135 ((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= \
136 SC_ATOMIC_GET(flow_config.memcap)))
137
138Flow *FlowAlloc(void);
139void FlowFree(Flow *);
140uint8_t FlowGetProtoMapping(uint8_t);
141void FlowInit(ThreadVars *, Flow *, const Packet *);
142uint8_t FlowGetReverseProtoMapping(uint8_t rproto);
143
144/* flow end counter logic */
145
151
152static inline void FlowEndCountersUpdate(ThreadVars *tv, FlowEndCounters *fec, Flow *f)
153{
154 if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
155 TcpSession *ssn = f->protoctx;
156 StatsIncr(tv, fec->flow_tcp_state[ssn->state]);
157 if (ssn->flags & STREAMTCP_FLAG_LOSSY_BE_LIBERAL) {
158 StatsIncr(tv, fec->flow_tcp_liberal);
159 }
160 }
161 StatsIncr(tv, fec->flow_state[f->flow_state]);
162}
163
164void FlowEndCountersRegister(ThreadVars *t, FlowEndCounters *fec);
165
166#endif /* SURICATA_FLOW_UTIL_H */
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition counters.c:166
FlowInit
void FlowInit(ThreadVars *, Flow *, const Packet *)
Definition flow-util.c:147
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition flow-util.c:113
FlowEndCounters
struct FlowEndCounters_ FlowEndCounters
FlowAlloc
Flow * FlowAlloc(void)
allocate a flow
Definition flow-util.c:56
FlowEndCountersRegister
void FlowEndCountersRegister(ThreadVars *t, FlowEndCounters *fec)
Definition flow-util.c:246
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition flow-util.c:99
FlowFree
void FlowFree(Flow *)
cleanup & free the memory of a flow
Definition flow-util.c:84
FLOW_STATE_SIZE
#define FLOW_STATE_SIZE
Definition flow.h:515
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
TCP_CLOSED
@ TCP_CLOSED
Definition stream-tcp-private.h:162
STREAMTCP_FLAG_LOSSY_BE_LIBERAL
#define STREAMTCP_FLAG_LOSSY_BE_LIBERAL
Definition stream-tcp-private.h:194
FlowEndCounters_
Definition flow-util.h:146
FlowEndCounters_::flow_tcp_liberal
uint16_t flow_tcp_liberal
Definition flow-util.h:149
FlowEndCounters_::flow_tcp_state
uint16_t flow_tcp_state[TCP_CLOSED+1]
Definition flow-util.h:148
FlowEndCounters_::flow_state
uint16_t flow_state[FLOW_STATE_SIZE]
Definition flow-util.h:147
Flow_
Flow data structure.
Definition flow.h:356
Flow_::proto
uint8_t proto
Definition flow.h:378
Flow_::flow_state
FlowStateType flow_state
Definition flow.h:412
Flow_::protoctx
void * protoctx
Definition flow.h:441
Packet_
Definition decode.h:501
TcpSession_
Definition stream-tcp-private.h:283
TcpSession_::state
uint8_t state
Definition stream-tcp-private.h:285
TcpSession_::flags
uint32_t flags
Definition stream-tcp-private.h:294
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58