1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
3 // Copyright (C) 2005-2013 Sourcefire, Inc.
5 // This program is free software; you can redistribute it and/or modify it
6 // under the terms of the GNU General Public License Version 2 as published
7 // by the Free Software Foundation. You may not use, modify or distribute
8 // this program under any other version of the GNU General Public License.
10 // This program is distributed in the hope that it will be useful, but
11 // WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 // General Public License for more details.
15 // You should have received a copy of the GNU General Public License along
16 // with this program; if not, write to the Free Software Foundation, Inc.,
17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 //--------------------------------------------------------------------------
20 // flow_control.h author Russ Combs <rucombs@cisco.com>
22 #ifndef FLOW_CONTROL_H
23 #define FLOW_CONTROL_H
25 // this is where all the flow caches are managed and where all flows are
26 // processed. flows are pruned as needed to process new flows.
31 #include "flow/flow_config.h"
32 #include "framework/counts.h"
33 #include "framework/decode_data.h"
34 #include "framework/inspector.h"
46 enum class PruneReason
: uint8_t;
47 enum class FlowDeleteState
: uint8_t;
52 FlowControl(const FlowCacheConfig
& fc
);
55 void set_flow_cache_config(const FlowCacheConfig
& cfg
);
56 const FlowCacheConfig
& get_flow_cache_config() const;
57 void init_proto(PktType
, snort::InspectSsnFunc
);
58 void init_exp(uint32_t max
);
59 unsigned get_flows_allocated() const;
61 bool process(PktType
, snort::Packet
*, bool* new_flow
= nullptr);
62 snort::Flow
* find_flow(const snort::FlowKey
*);
63 snort::Flow
* new_flow(const snort::FlowKey
*);
64 void release_flow(const snort::FlowKey
*);
65 void release_flow(snort::Flow
*, PruneReason
);
67 unsigned delete_flows(unsigned num_to_delete
);
68 bool prune_one(PruneReason
, bool do_cleanup
);
69 snort::Flow
* stale_flow_cleanup(FlowCache
*, snort::Flow
*, snort::Packet
*);
70 void timeout_flows(unsigned int, time_t cur_time
);
71 void check_expected_flow(snort::Flow
*, snort::Packet
*);
72 unsigned prune_multiple(PruneReason
, bool do_cleanup
);
74 int add_expected_ignore(
75 const snort::Packet
* ctrlPkt
, PktType
, IpProtocol
,
76 const snort::SfIp
*srcIP
, uint16_t srcPort
,
77 const snort::SfIp
*dstIP
, uint16_t dstPort
,
78 char direction
, snort::FlowData
*);
80 int add_expected(const snort::Packet
* ctrlPkt
, PktType
, IpProtocol
, const snort::SfIp
*srcIP
,
81 uint16_t srcPort
, const snort::SfIp
*dstIP
, uint16_t dstPort
, SnortProtocolId snort_protocol_id
,
82 snort::FlowData
*, bool swap_app_direction
= false, bool expect_multi
= false,
83 bool bidirectional
= false, bool expect_persist
= false);
85 class ExpectCache
* get_exp_cache()
91 PegCount
get_total_prunes() const;
92 PegCount
get_prunes(PruneReason
) const;
93 PegCount
get_proto_prune_count(PruneReason
, PktType
) const;
94 PegCount
get_total_deletes() const;
95 PegCount
get_deletes(FlowDeleteState state
) const;
98 PegCount
get_uni_flows() const;
99 PegCount
get_uni_ip_flows() const;
100 PegCount
get_num_flows() const;
103 void set_key(snort::FlowKey
*, snort::Packet
*);
104 unsigned process(snort::Flow
*, snort::Packet
*, bool new_ha_flow
);
105 void update_stats(snort::Flow
*, snort::Packet
*);
108 snort::InspectSsnFunc get_proto_session
[to_utype(PktType::MAX
)] = {};
109 PegCount num_flows
= 0;
110 FlowCache
* cache
= nullptr;
111 snort::Flow
* mem
= nullptr;
112 class ExpectCache
* exp_cache
= nullptr;
113 PktType last_pkt_type
= PktType::NONE
;
projects / thirdparty / snort3.git / blob