src/host-timeout.c

   1 /* Copyright (C) 2007-2012 Open Information Security Foundation
   2  *
   3  * You can copy, redistribute or modify this Program under the terms of
   4  * the GNU General Public License version 2 as published by the Free
   5  * Software Foundation.
   6  *
   7  * This program is distributed in the hope that it will be useful,
   8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  10  * GNU General Public License for more details.
  11  *
  12  * You should have received a copy of the GNU General Public License
  13  * version 2 along with this program; if not, write to the Free Software
  14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  15  * 02110-1301, USA.
  16  */
  17
  18 /**
  19  * \file
  20  *
  21  * \author Victor Julien <victor@inliniac.net>
  22  */
  23
  24 #include "suricata-common.h"
  25 #include "host.h"
  26
  27 #include "detect-engine-tag.h"
  28 #include "detect-engine-threshold.h"
  29
  30 #include "host-bit.h"
  31 #include "host-timeout.h"
  32
  33 #include "reputation.h"
  34
  35 uint32_t HostGetSpareCount(void)
  36 {
  37     return HostSpareQueueGetSize();
  38 }
  39
  40 uint32_t HostGetActiveCount(void)
  41 {
  42     return SC_ATOMIC_GET(host_counter);
  43 }
  44
  45 /** \internal
  46  *  \brief See if we can really discard this host. Check use_cnt reference.
  47  *
  48  *  \param h host
  49  *  \param ts timestamp
  50  *
  51  *  \retval 0 not timed out just yet
  52  *  \retval 1 fully timed out, lets kill it
  53  */
  54 static int HostHostTimedOut(Host *h, struct timeval *ts)
  55 {
  56     int tags = 0;
  57     int thresholds = 0;
  58     int vars = 0;
  59
  60     /** never prune a host that is used by a packet
  61      *  we are currently processing in one of the threads */
  62     if (SC_ATOMIC_GET(h->use_cnt) > 0) {
  63         return 0;
  64     }
  65
  66     if (h->iprep) {
  67         if (SRepHostTimedOut(h) == 0)
  68             return 0;
  69
  70         SCLogDebug("host %p reputation timed out", h);
  71     }
  72
  73     if (TagHostHasTag(h) && TagTimeoutCheck(h, ts) == 0) {
  74         tags = 1;
  75     }
  76     if (ThresholdHostHasThreshold(h) && ThresholdHostTimeoutCheck(h, ts) == 0) {
  77         thresholds = 1;
  78     }
  79     if (HostHasHostBits(h) && HostBitsTimedoutCheck(h, ts) == 0) {
  80         vars = 1;
  81     }
  82
  83     if (tags || thresholds || vars)
  84         return 0;
  85
  86     SCLogDebug("host %p timed out", h);
  87     return 1;
  88 }
  89
  90 /**
  91  *  \internal
  92  *
  93  *  \brief check all hosts in a hash row for timing out
  94  *
  95  *  \param hb host hash row *LOCKED*
  96  *  \param h last host in the hash row
  97  *  \param ts timestamp
  98  *
  99  *  \retval cnt timed out hosts
 100  */
 101 static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, struct timeval *ts)
 102 {
 103     uint32_t cnt = 0;
 104
 105     do {
 106         if (SCMutexTrylock(&h->m) != 0) {
 107             h = h->hprev;
 108             continue;
 109         }
 110
 111         Host *next_host = h->hprev;
 112
 113         /* check if the host is fully timed out and
 114          * ready to be discarded. */
 115         if (HostHostTimedOut(h, ts) == 1) {
 116             /* remove from the hash */
 117             if (h->hprev != NULL)
 118                 h->hprev->hnext = h->hnext;
 119             if (h->hnext != NULL)
 120                 h->hnext->hprev = h->hprev;
 121             if (hb->head == h)
 122                 hb->head = h->hnext;
 123             if (hb->tail == h)
 124                 hb->tail = h->hprev;
 125
 126             h->hnext = NULL;
 127             h->hprev = NULL;
 128
 129             HostClearMemory (h);
 130
 131             /* no one is referring to this host, use_cnt 0, removed from hash
 132              * so we can unlock it and move it back to the spare queue. */
 133             SCMutexUnlock(&h->m);
 134
 135             /* move to spare list */
 136             HostMoveToSpare(h);
 137
 138             cnt++;
 139         } else {
 140             SCMutexUnlock(&h->m);
 141         }
 142
 143         h = next_host;
 144     } while (h != NULL);
 145
 146     return cnt;
 147 }
 148
 149 /**
 150  *  \brief time out hosts from the hash
 151  *
 152  *  \param ts timestamp
 153  *
 154  *  \retval cnt number of timed out host
 155  */
 156 uint32_t HostTimeoutHash(struct timeval *ts)
 157 {
 158     uint32_t idx = 0;
 159     uint32_t cnt = 0;
 160
 161     for (idx = 0; idx < host_config.hash_size; idx++) {
 162         HostHashRow *hb = &host_hash[idx];
 163
 164         if (HRLOCK_TRYLOCK(hb) != 0)
 165             continue;
 166
 167         /* host hash bucket is now locked */
 168
 169         if (hb->tail == NULL) {
 170             HRLOCK_UNLOCK(hb);
 171             continue;
 172         }
 173
 174         /* we have a host, or more than one */
 175         cnt += HostHashRowTimeout(hb, hb->tail, ts);
 176         HRLOCK_UNLOCK(hb);
 177     }
 178
 179     return cnt;
 180 }
 181