suricata
host-timeout.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2012 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 */
23
24#include "suricata-common.h"
25#include "host.h"
26
27#include "detect-engine-tag.h"
28
29#include "host-bit.h"
30#include "host-timeout.h"
31
32#include "reputation.h"
33
34/** \internal
35 * \brief See if we can really discard this host. Check use_cnt reference.
36 *
37 * \param h host
38 * \param ts timestamp
39 *
40 * \retval 0 not timed out just yet
41 * \retval 1 fully timed out, lets kill it
42 */
43static int HostHostTimedOut(Host *h, SCTime_t ts)
44{
45 int busy = 0;
46
47 /** never prune a host that is used by a packet
48 * we are currently processing in one of the threads */
49 if (SC_ATOMIC_GET(h->use_cnt) > 0) {
50 return 0;
51 }
52
53 busy |= (h->iprep && SRepHostTimedOut(h) == 0);
54 busy |= (TagHostHasTag(h) && TagTimeoutCheck(h, ts) == 0);
55 busy |= (HostHasHostBits(h) && HostBitsTimedoutCheck(h, ts) == 0);
56 SCLogDebug("host %p %s", h, busy ? "still active" : "timed out");
57 return !busy;
58}
59
60/**
61 * \internal
62 *
63 * \brief check all hosts in a hash row for timing out
64 *
65 * \param hb host hash row *LOCKED*
66 * \param h last host in the hash row
67 * \param ts timestamp
68 *
69 * \retval cnt timed out hosts
70 */
71static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, SCTime_t ts)
72{
73 uint32_t cnt = 0;
74
75 do {
76 if (SCMutexTrylock(&h->m) != 0) {
77 h = h->hprev;
78 continue;
79 }
80
81 Host *next_host = h->hprev;
82
83 /* check if the host is fully timed out and
84 * ready to be discarded. */
85 if (HostHostTimedOut(h, ts) == 1) {
86 /* remove from the hash */
87 if (h->hprev != NULL)
88 h->hprev->hnext = h->hnext;
89 if (h->hnext != NULL)
90 h->hnext->hprev = h->hprev;
91 if (hb->head == h)
92 hb->head = h->hnext;
93 if (hb->tail == h)
94 hb->tail = h->hprev;
95
96 h->hnext = NULL;
97 h->hprev = NULL;
98
100
101 /* no one is referring to this host, use_cnt 0, removed from hash
102 * so we can unlock it and move it back to the spare queue. */
103 SCMutexUnlock(&h->m);
104
105 /* move to spare list */
107
108 cnt++;
109 } else {
110 SCMutexUnlock(&h->m);
111 }
112
113 h = next_host;
114 } while (h != NULL);
115
116 return cnt;
117}
118
119/**
120 * \brief time out hosts from the hash
121 *
122 * \param ts timestamp
123 *
124 * \retval cnt number of timed out host
125 */
127{
128 uint32_t idx = 0;
129 uint32_t cnt = 0;
130
131 for (idx = 0; idx < host_config.hash_size; idx++) {
132 HostHashRow *hb = &host_hash[idx];
133
134 if (HRLOCK_TRYLOCK(hb) != 0)
135 continue;
136
137 /* host hash bucket is now locked */
138
139 if (hb->tail == NULL) {
140 HRLOCK_UNLOCK(hb);
141 continue;
142 }
143
144 /* we have a host, or more than one */
145 cnt += HostHashRowTimeout(hb, hb->tail, ts);
146 HRLOCK_UNLOCK(hb);
147 }
148
149 return cnt;
150}
151
int TagTimeoutCheck(Host *host, SCTime_t ts)
Removes the entries exceeding the max timeout value.
int TagHostHasTag(Host *host)
int HostHasHostBits(Host *host)
Definition host-bit.c:58
int HostBitsTimedoutCheck(Host *h, SCTime_t ts)
Definition host-bit.c:67
uint32_t HostTimeoutHash(SCTime_t ts)
time out hosts from the hash
void HostClearMemory(Host *h)
Definition host.c:150
HostConfig host_config
Definition host.c:53
HostHashRow * host_hash
Definition host.c:50
void HostMoveToSpare(Host *h)
Definition host.c:100
#define HRLOCK_UNLOCK(fb)
Definition host.h:53
#define HRLOCK_TRYLOCK(fb)
Definition host.h:52
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
Definition reputation.c:193
uint64_t ts
uint32_t hash_size
Definition host.h:98
Definition host.h:58
struct Host_ * hprev
Definition host.h:73
void * iprep
Definition host.h:69
SCMutex m
Definition host.h:60
struct Host_ * hnext
Definition host.h:72
#define SCMutexUnlock(mut)
#define SCMutexTrylock(mut)
uint32_t cnt
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
#define SCLogDebug(...)
Definition util-debug.h:275