host-queue.c host-queue.h \
host-storage.c host-storage.h \
host-timeout.c host-timeout.h \
+ippair.c ippair.h \
+ippair-queue.c ippair-queue.h \
+ippair-storage.c ippair-storage.h \
+ippair-timeout.c ippair-timeout.h \
log-dnslog.c log-dnslog.h \
log-droplog.c log-droplog.h \
log-file.c log-file.h \
--- /dev/null
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * IPPair queue handler functions
+ */
+
+#include "suricata-common.h"
+#include "threads.h"
+#include "debug.h"
+#include "ippair-queue.h"
+#include "util-error.h"
+#include "util-debug.h"
+#include "util-print.h"
+
+IPPairQueue *IPPairQueueInit (IPPairQueue *q)
+{
+ if (q != NULL) {
+ memset(q, 0, sizeof(IPPairQueue));
+ HQLOCK_INIT(q);
+ }
+ return q;
+}
+
+IPPairQueue *IPPairQueueNew()
+{
+ IPPairQueue *q = (IPPairQueue *)SCMalloc(sizeof(IPPairQueue));
+ if (q == NULL) {
+ SCLogError(SC_ERR_FATAL, "Fatal error encountered in IPPairQueueNew. Exiting...");
+ exit(EXIT_SUCCESS);
+ }
+ q = IPPairQueueInit(q);
+ return q;
+}
+
+/**
+ * \brief Destroy a ippair queue
+ *
+ * \param q the ippair queue to destroy
+ */
+void IPPairQueueDestroy (IPPairQueue *q)
+{
+ HQLOCK_DESTROY(q);
+}
+
+/**
+ * \brief add a ippair to a queue
+ *
+ * \param q queue
+ * \param h ippair
+ */
+void IPPairEnqueue (IPPairQueue *q, IPPair *h)
+{
+#ifdef DEBUG
+ BUG_ON(q == NULL || h == NULL);
+#endif
+
+ HQLOCK_LOCK(q);
+
+ /* more ippairs in queue */
+ if (q->top != NULL) {
+ h->lnext = q->top;
+ q->top->lprev = h;
+ q->top = h;
+ /* only ippair */
+ } else {
+ q->top = h;
+ q->bot = h;
+ }
+ q->len++;
+#ifdef DBG_PERF
+ if (q->len > q->dbg_maxlen)
+ q->dbg_maxlen = q->len;
+#endif /* DBG_PERF */
+ HQLOCK_UNLOCK(q);
+}
+
+/**
+ * \brief remove a ippair from the queue
+ *
+ * \param q queue
+ *
+ * \retval h ippair or NULL if empty list.
+ */
+IPPair *IPPairDequeue (IPPairQueue *q)
+{
+ HQLOCK_LOCK(q);
+
+ IPPair *h = q->bot;
+ if (h == NULL) {
+ HQLOCK_UNLOCK(q);
+ return NULL;
+ }
+
+ /* more packets in queue */
+ if (q->bot->lprev != NULL) {
+ q->bot = q->bot->lprev;
+ q->bot->lnext = NULL;
+ /* just the one we remove, so now empty */
+ } else {
+ q->top = NULL;
+ q->bot = NULL;
+ }
+
+#ifdef DEBUG
+ BUG_ON(q->len == 0);
+#endif
+ if (q->len > 0)
+ q->len--;
+
+ h->lnext = NULL;
+ h->lprev = NULL;
+
+ HQLOCK_UNLOCK(q);
+ return h;
+}
+
+uint32_t IPPairQueueLen(IPPairQueue *q)
+{
+ uint32_t len;
+ HQLOCK_LOCK(q);
+ len = q->len;
+ HQLOCK_UNLOCK(q);
+ return len;
+}
--- /dev/null
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#ifndef __IPPAIR_QUEUE_H__
+#define __IPPAIR_QUEUE_H__
+
+#include "suricata-common.h"
+#include "ippair.h"
+
+/** Spinlocks or Mutex for the ippair queues. */
+//#define HQLOCK_SPIN
+#define HQLOCK_MUTEX
+
+#ifdef HQLOCK_SPIN
+ #ifdef HQLOCK_MUTEX
+ #error Cannot enable both HQLOCK_SPIN and HQLOCK_MUTEX
+ #endif
+#endif
+
+/* Define a queue for storing ippairs */
+typedef struct IPPairQueue_
+{
+ IPPair *top;
+ IPPair *bot;
+ uint32_t len;
+#ifdef DBG_PERF
+ uint32_t dbg_maxlen;
+#endif /* DBG_PERF */
+#ifdef HQLOCK_MUTEX
+ SCMutex m;
+#elif defined HQLOCK_SPIN
+ SCSpinlock s;
+#else
+ #error Enable HQLOCK_SPIN or HQLOCK_MUTEX
+#endif
+} IPPairQueue;
+
+#ifdef HQLOCK_SPIN
+ #define HQLOCK_INIT(q) SCSpinInit(&(q)->s, 0)
+ #define HQLOCK_DESTROY(q) SCSpinDestroy(&(q)->s)
+ #define HQLOCK_LOCK(q) SCSpinLock(&(q)->s)
+ #define HQLOCK_TRYLOCK(q) SCSpinTrylock(&(q)->s)
+ #define HQLOCK_UNLOCK(q) SCSpinUnlock(&(q)->s)
+#elif defined HQLOCK_MUTEX
+ #define HQLOCK_INIT(q) SCMutexInit(&(q)->m, NULL)
+ #define HQLOCK_DESTROY(q) SCMutexDestroy(&(q)->m)
+ #define HQLOCK_LOCK(q) SCMutexLock(&(q)->m)
+ #define HQLOCK_TRYLOCK(q) SCMutexTrylock(&(q)->m)
+ #define HQLOCK_UNLOCK(q) SCMutexUnlock(&(q)->m)
+#else
+ #error Enable HQLOCK_SPIN or HQLOCK_MUTEX
+#endif
+
+/* prototypes */
+IPPairQueue *IPPairQueueNew();
+IPPairQueue *IPPairQueueInit(IPPairQueue *);
+void IPPairQueueDestroy (IPPairQueue *);
+
+void IPPairEnqueue (IPPairQueue *, IPPair *);
+IPPair *IPPairDequeue (IPPairQueue *);
+uint32_t IPPairQueueLen(IPPairQueue *);
+
+#endif /* __IPPAIR_QUEUE_H__ */
--- /dev/null
+/* Copyright (C) 2007-2013 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * IPPair wrapper around storage api
+ */
+
+#include "suricata-common.h"
+#include "ippair-storage.h"
+#include "util-unittest.h"
+
+unsigned int IPPairStorageSize(void)
+{
+ return StorageGetSize(STORAGE_IPPAIR);
+}
+
+void *IPPairGetStorageById(IPPair *h, int id)
+{
+ return StorageGetById((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id);
+}
+
+int IPPairSetStorageById(IPPair *h, int id, void *ptr)
+{
+ return StorageSetById((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id, ptr);
+}
+
+void *IPPairAllocStorageById(IPPair *h, int id)
+{
+ return StorageAllocByIdPrealloc((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id);
+}
+
+void IPPairFreeStorageById(IPPair *h, int id)
+{
+ StorageFreeById((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id);
+}
+
+void IPPairFreeStorage(IPPair *h)
+{
+ if (IPPairStorageSize() > 0)
+ StorageFreeAll((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR);
+}
+
+int IPPairStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void (*Free)(void *)) {
+ return StorageRegister(STORAGE_IPPAIR, name, size, Alloc, Free);
+}
+
+#ifdef UNITTESTS
+
+static void *StorageTestAlloc(unsigned int size)
+{
+ void *x = SCMalloc(size);
+ return x;
+}
+static void StorageTestFree(void *x)
+{
+ if (x)
+ SCFree(x);
+}
+
+static int IPPairStorageTest01(void)
+{
+ StorageInit();
+
+ int id1 = IPPairStorageRegister("test", 8, StorageTestAlloc, StorageTestFree);
+ if (id1 < 0)
+ goto error;
+ int id2 = IPPairStorageRegister("variable", 24, StorageTestAlloc, StorageTestFree);
+ if (id2 < 0)
+ goto error;
+ int id3 = IPPairStorageRegister("store", sizeof(void *), StorageTestAlloc, StorageTestFree);
+ if (id3 < 0)
+ goto error;
+
+ if (StorageFinalize() < 0)
+ goto error;
+
+ IPPairInitConfig(1);
+
+ Address a, b;
+ memset(&a, 0x00, sizeof(a));
+ memset(&b, 0x00, sizeof(b));
+ a.addr_data32[0] = 0x01020304;
+ b.addr_data32[0] = 0x04030201;
+ a.family = AF_INET;
+ b.family = AF_INET;
+ IPPair *h = IPPairGetIPPairFromHash(&a, &b);
+ if (h == NULL) {
+ printf("failed to get ippair: ");
+ goto error;
+ }
+
+ void *ptr = IPPairGetStorageById(h, id1);
+ if (ptr != NULL) {
+ goto error;
+ }
+ ptr = IPPairGetStorageById(h, id2);
+ if (ptr != NULL) {
+ goto error;
+ }
+ ptr = IPPairGetStorageById(h, id3);
+ if (ptr != NULL) {
+ goto error;
+ }
+
+ void *ptr1a = IPPairAllocStorageById(h, id1);
+ if (ptr1a == NULL) {
+ goto error;
+ }
+ void *ptr2a = IPPairAllocStorageById(h, id2);
+ if (ptr2a == NULL) {
+ goto error;
+ }
+ void *ptr3a = IPPairAllocStorageById(h, id3);
+ if (ptr3a == NULL) {
+ goto error;
+ }
+
+ void *ptr1b = IPPairGetStorageById(h, id1);
+ if (ptr1a != ptr1b) {
+ goto error;
+ }
+ void *ptr2b = IPPairGetStorageById(h, id2);
+ if (ptr2a != ptr2b) {
+ goto error;
+ }
+ void *ptr3b = IPPairGetStorageById(h, id3);
+ if (ptr3a != ptr3b) {
+ goto error;
+ }
+
+ IPPairRelease(h);
+
+ IPPairShutdown();
+ StorageCleanup();
+ return 1;
+error:
+ IPPairShutdown();
+ StorageCleanup();
+ return 0;
+}
+
+static int IPPairStorageTest02(void)
+{
+ StorageInit();
+
+ int id1 = IPPairStorageRegister("test", sizeof(void *), NULL, StorageTestFree);
+ if (id1 < 0)
+ goto error;
+
+ if (StorageFinalize() < 0)
+ goto error;
+
+ IPPairInitConfig(1);
+
+ Address a, b;
+ memset(&a, 0x00, sizeof(a));
+ memset(&b, 0x00, sizeof(b));
+ a.addr_data32[0] = 0x01020304;
+ b.addr_data32[0] = 0x04030201;
+ a.family = AF_INET;
+ b.family = AF_INET;
+ IPPair *h = IPPairGetIPPairFromHash(&a, &b);
+ if (h == NULL) {
+ printf("failed to get ippair: ");
+ goto error;
+ }
+
+ void *ptr = IPPairGetStorageById(h, id1);
+ if (ptr != NULL) {
+ goto error;
+ }
+
+ void *ptr1a = SCMalloc(128);
+ if (unlikely(ptr1a == NULL)) {
+ goto error;
+ }
+ IPPairSetStorageById(h, id1, ptr1a);
+
+ void *ptr1b = IPPairGetStorageById(h, id1);
+ if (ptr1a != ptr1b) {
+ goto error;
+ }
+
+ IPPairRelease(h);
+
+ IPPairShutdown();
+ StorageCleanup();
+ return 1;
+error:
+ IPPairShutdown();
+ StorageCleanup();
+ return 0;
+}
+
+static int IPPairStorageTest03(void)
+{
+ StorageInit();
+
+ int id1 = IPPairStorageRegister("test1", sizeof(void *), NULL, StorageTestFree);
+ if (id1 < 0)
+ goto error;
+ int id2 = IPPairStorageRegister("test2", sizeof(void *), NULL, StorageTestFree);
+ if (id2 < 0)
+ goto error;
+ int id3 = IPPairStorageRegister("test3", 32, StorageTestAlloc, StorageTestFree);
+ if (id3 < 0)
+ goto error;
+
+ if (StorageFinalize() < 0)
+ goto error;
+
+ IPPairInitConfig(1);
+
+ Address a, b;
+ memset(&a, 0x00, sizeof(a));
+ memset(&b, 0x00, sizeof(b));
+ a.addr_data32[0] = 0x01020304;
+ b.addr_data32[0] = 0x04030201;
+ a.family = AF_INET;
+ b.family = AF_INET;
+ IPPair *h = IPPairGetIPPairFromHash(&a, &b);
+ if (h == NULL) {
+ printf("failed to get ippair: ");
+ goto error;
+ }
+
+ void *ptr = IPPairGetStorageById(h, id1);
+ if (ptr != NULL) {
+ goto error;
+ }
+
+ void *ptr1a = SCMalloc(128);
+ if (unlikely(ptr1a == NULL)) {
+ goto error;
+ }
+ IPPairSetStorageById(h, id1, ptr1a);
+
+ void *ptr2a = SCMalloc(256);
+ if (unlikely(ptr2a == NULL)) {
+ goto error;
+ }
+ IPPairSetStorageById(h, id2, ptr2a);
+
+ void *ptr3a = IPPairAllocStorageById(h, id3);
+ if (ptr3a == NULL) {
+ goto error;
+ }
+
+ void *ptr1b = IPPairGetStorageById(h, id1);
+ if (ptr1a != ptr1b) {
+ goto error;
+ }
+ void *ptr2b = IPPairGetStorageById(h, id2);
+ if (ptr2a != ptr2b) {
+ goto error;
+ }
+ void *ptr3b = IPPairGetStorageById(h, id3);
+ if (ptr3a != ptr3b) {
+ goto error;
+ }
+
+ IPPairRelease(h);
+
+ IPPairShutdown();
+ StorageCleanup();
+ return 1;
+error:
+ IPPairShutdown();
+ StorageCleanup();
+ return 0;
+}
+#endif
+
+void RegisterIPPairStorageTests(void)
+{
+#ifdef UNITTESTS
+ UtRegisterTest("IPPairStorageTest01", IPPairStorageTest01, 1);
+ UtRegisterTest("IPPairStorageTest02", IPPairStorageTest02, 1);
+ UtRegisterTest("IPPairStorageTest03", IPPairStorageTest03, 1);
+#endif
+}
--- /dev/null
+/* Copyright (C) 2007-2013 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * IPPair wrapper around storage api
+ */
+
+#ifndef __IPPAIR_STORAGE_H__
+#define __IPPAIR_STORAGE_H__
+
+#include "util-storage.h"
+#include "ippair.h"
+
+unsigned int IPPairStorageSize(void);
+
+void *IPPairGetStorageById(IPPair *h, int id);
+int IPPairSetStorageById(IPPair *h, int id, void *ptr);
+void *IPPairAllocStorageById(IPPair *h, int id);
+
+void IPPairFreeStorageById(IPPair *h, int id);
+void IPPairFreeStorage(IPPair *h);
+
+void RegisterIPPairStorageTests(void);
+
+int IPPairStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void (*Free)(void *));
+
+#endif /* __IPPAIR_STORAGE_H__ */
--- /dev/null
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#include "suricata-common.h"
+#include "ippair.h"
+
+uint32_t IPPairGetSpareCount(void)
+{
+ return IPPairSpareQueueGetSize();
+}
+
+uint32_t IPPairGetActiveCount(void)
+{
+ return SC_ATOMIC_GET(ippair_counter);
+}
+
+/** \internal
+ * \brief See if we can really discard this ippair. Check use_cnt reference.
+ *
+ * \param h ippair
+ * \param ts timestamp
+ *
+ * \retval 0 not timed out just yet
+ * \retval 1 fully timed out, lets kill it
+ */
+static int IPPairIPPairTimedOut(IPPair *h, struct timeval *ts)
+{
+ /** never prune a ippair that is used by a packet
+ * we are currently processing in one of the threads */
+ if (SC_ATOMIC_GET(h->use_cnt) > 0) {
+ return 0;
+ }
+
+ SCLogDebug("ippair %p timed out", h);
+ return 1;
+}
+
+/**
+ * \internal
+ *
+ * \brief check all ippairs in a hash row for timing out
+ *
+ * \param hb ippair hash row *LOCKED*
+ * \param h last ippair in the hash row
+ * \param ts timestamp
+ *
+ * \retval cnt timed out ippairs
+ */
+static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, struct timeval *ts)
+{
+ uint32_t cnt = 0;
+
+ do {
+ if (SCMutexTrylock(&h->m) != 0) {
+ h = h->hprev;
+ continue;
+ }
+
+ IPPair *next_ippair = h->hprev;
+
+ /* check if the ippair is fully timed out and
+ * ready to be discarded. */
+ if (IPPairIPPairTimedOut(h, ts) == 1) {
+ /* remove from the hash */
+ if (h->hprev != NULL)
+ h->hprev->hnext = h->hnext;
+ if (h->hnext != NULL)
+ h->hnext->hprev = h->hprev;
+ if (hb->head == h)
+ hb->head = h->hnext;
+ if (hb->tail == h)
+ hb->tail = h->hprev;
+
+ h->hnext = NULL;
+ h->hprev = NULL;
+
+ IPPairClearMemory (h);
+
+ /* no one is referring to this ippair, use_cnt 0, removed from hash
+ * so we can unlock it and move it back to the spare queue. */
+ SCMutexUnlock(&h->m);
+
+ /* move to spare list */
+ IPPairMoveToSpare(h);
+
+ cnt++;
+ } else {
+ SCMutexUnlock(&h->m);
+ }
+
+ h = next_ippair;
+ } while (h != NULL);
+
+ return cnt;
+}
+
+/**
+ * \brief time out ippairs from the hash
+ *
+ * \param ts timestamp
+ *
+ * \retval cnt number of timed out ippair
+ */
+uint32_t IPPairTimeoutHash(struct timeval *ts)
+{
+ uint32_t idx = 0;
+ uint32_t cnt = 0;
+
+ for (idx = 0; idx < ippair_config.hash_size; idx++) {
+ IPPairHashRow *hb = &ippair_hash[idx];
+
+ if (HRLOCK_TRYLOCK(hb) != 0)
+ continue;
+
+ /* ippair hash bucket is now locked */
+
+ if (hb->tail == NULL) {
+ HRLOCK_UNLOCK(hb);
+ continue;
+ }
+
+ /* we have a ippair, or more than one */
+ cnt += IPPairHashRowTimeout(hb, hb->tail, ts);
+ HRLOCK_UNLOCK(hb);
+ }
+
+ return cnt;
+}
--- /dev/null
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#ifndef __IPPAIR_TIMEOUT_H__
+#define __IPPAIR_TIMEOUT_H__
+
+uint32_t IPPairTimeoutHash(struct timeval *ts);
+
+uint32_t IPPairGetSpareCount(void);
+uint32_t IPPairGetActiveCount(void);
+
+#endif
--- /dev/null
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * Information about ippairs.
+ */
+
+#include "suricata-common.h"
+#include "conf.h"
+
+#include "util-debug.h"
+#include "ippair.h"
+#include "ippair-storage.h"
+
+#include "util-random.h"
+#include "util-misc.h"
+#include "util-byte.h"
+
+#include "ippair-queue.h"
+
+#include "detect-tag.h"
+#include "detect-engine-tag.h"
+#include "detect-engine-threshold.h"
+
+#include "util-hash-lookup3.h"
+
+static IPPair *IPPairGetUsedIPPair(void);
+
+/** queue with spare ippairs */
+static IPPairQueue ippair_spare_q;
+
+uint32_t IPPairSpareQueueGetSize(void)
+{
+ return IPPairQueueLen(&ippair_spare_q);
+}
+
+void IPPairMoveToSpare(IPPair *h)
+{
+ IPPairEnqueue(&ippair_spare_q, h);
+ (void) SC_ATOMIC_SUB(ippair_counter, 1);
+}
+
+IPPair *IPPairAlloc(void)
+{
+ size_t size = sizeof(IPPair) + IPPairStorageSize();
+
+ if (!(IPPAIR_CHECK_MEMCAP(size))) {
+ return NULL;
+ }
+
+ (void) SC_ATOMIC_ADD(ippair_memuse, size);
+
+ IPPair *h = SCMalloc(size);
+ if (unlikely(h == NULL))
+ goto error;
+
+ memset(h, 0x00, size);
+
+ SCMutexInit(&h->m, NULL);
+ SC_ATOMIC_INIT(h->use_cnt);
+ return h;
+
+error:
+ return NULL;
+}
+
+void IPPairFree(IPPair *h)
+{
+ if (h != NULL) {
+ IPPairClearMemory(h);
+
+ SC_ATOMIC_DESTROY(h->use_cnt);
+ SCMutexDestroy(&h->m);
+ SCFree(h);
+ (void) SC_ATOMIC_SUB(ippair_memuse, (sizeof(IPPair) + IPPairStorageSize()));
+ }
+}
+
+IPPair *IPPairNew(Address *a, Address *b)
+{
+ IPPair *p = IPPairAlloc();
+ if (p == NULL)
+ goto error;
+
+ /* copy addresses */
+ COPY_ADDRESS(a, &p->a[0]);
+ COPY_ADDRESS(b, &p->a[1]);
+
+ return p;
+
+error:
+ return NULL;
+}
+
+void IPPairClearMemory(IPPair *h)
+{
+ if (IPPairStorageSize() > 0)
+ IPPairFreeStorage(h);
+}
+
+#define IPPAIR_DEFAULT_HASHSIZE 4096
+#define IPPAIR_DEFAULT_MEMCAP 16777216
+#define IPPAIR_DEFAULT_PREALLOC 1000
+
+/** \brief initialize the configuration
+ * \warning Not thread safe */
+void IPPairInitConfig(char quiet)
+{
+ SCLogDebug("initializing ippair engine...");
+
+ memset(&ippair_config, 0, sizeof(ippair_config));
+ //SC_ATOMIC_INIT(flow_flags);
+ SC_ATOMIC_INIT(ippair_counter);
+ SC_ATOMIC_INIT(ippair_memuse);
+ SC_ATOMIC_INIT(ippair_prune_idx);
+ IPPairQueueInit(&ippair_spare_q);
+
+ unsigned int seed = RandomTimePreseed();
+ /* set defaults */
+ ippair_config.hash_rand = (int)( IPPAIR_DEFAULT_HASHSIZE * (rand_r(&seed) / RAND_MAX + 1.0));
+
+ ippair_config.hash_size = IPPAIR_DEFAULT_HASHSIZE;
+ ippair_config.memcap = IPPAIR_DEFAULT_MEMCAP;
+ ippair_config.prealloc = IPPAIR_DEFAULT_PREALLOC;
+
+ /* Check if we have memcap and hash_size defined at config */
+ char *conf_val;
+ uint32_t configval = 0;
+
+ /** set config values for memcap, prealloc and hash_size */
+ if ((ConfGet("ippair.memcap", &conf_val)) == 1)
+ {
+ if (ParseSizeStringU64(conf_val, &ippair_config.memcap) < 0) {
+ SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ippair.memcap "
+ "from conf file - %s. Killing engine",
+ conf_val);
+ exit(EXIT_FAILURE);
+ }
+ }
+ if ((ConfGet("ippair.hash-size", &conf_val)) == 1)
+ {
+ if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
+ conf_val) > 0) {
+ ippair_config.hash_size = configval;
+ }
+ }
+
+ if ((ConfGet("ippair.prealloc", &conf_val)) == 1)
+ {
+ if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
+ conf_val) > 0) {
+ ippair_config.prealloc = configval;
+ } else {
+ WarnInvalidConfEntry("ippair.prealloc", "%"PRIu32, ippair_config.prealloc);
+ }
+ }
+ SCLogDebug("IPPair config from suricata.yaml: memcap: %"PRIu64", hash-size: "
+ "%"PRIu32", prealloc: %"PRIu32, ippair_config.memcap,
+ ippair_config.hash_size, ippair_config.prealloc);
+
+ /* alloc hash memory */
+ uint64_t hash_size = ippair_config.hash_size * sizeof(IPPairHashRow);
+ if (!(IPPAIR_CHECK_MEMCAP(hash_size))) {
+ SCLogError(SC_ERR_IPPAIR_INIT, "allocating ippair hash failed: "
+ "max ippair memcap is smaller than projected hash size. "
+ "Memcap: %"PRIu64", Hash table size %"PRIu64". Calculate "
+ "total hash size by multiplying \"ippair.hash-size\" with %"PRIuMAX", "
+ "which is the hash bucket size.", ippair_config.memcap, hash_size,
+ (uintmax_t)sizeof(IPPairHashRow));
+ exit(EXIT_FAILURE);
+ }
+ ippair_hash = SCCalloc(ippair_config.hash_size, sizeof(IPPairHashRow));
+ if (unlikely(ippair_hash == NULL)) {
+ SCLogError(SC_ERR_FATAL, "Fatal error encountered in IPPairInitConfig. Exiting...");
+ exit(EXIT_FAILURE);
+ }
+ memset(ippair_hash, 0, ippair_config.hash_size * sizeof(IPPairHashRow));
+
+ uint32_t i = 0;
+ for (i = 0; i < ippair_config.hash_size; i++) {
+ HRLOCK_INIT(&ippair_hash[i]);
+ }
+ (void) SC_ATOMIC_ADD(ippair_memuse, (ippair_config.hash_size * sizeof(IPPairHashRow)));
+
+ if (quiet == FALSE) {
+ SCLogInfo("allocated %llu bytes of memory for the ippair hash... "
+ "%" PRIu32 " buckets of size %" PRIuMAX "",
+ SC_ATOMIC_GET(ippair_memuse), ippair_config.hash_size,
+ (uintmax_t)sizeof(IPPairHashRow));
+ }
+
+ /* pre allocate ippairs */
+ for (i = 0; i < ippair_config.prealloc; i++) {
+ if (!(IPPAIR_CHECK_MEMCAP(sizeof(IPPair)))) {
+ SCLogError(SC_ERR_IPPAIR_INIT, "preallocating ippairs failed: "
+ "max ippair memcap reached. Memcap %"PRIu64", "
+ "Memuse %"PRIu64".", ippair_config.memcap,
+ ((uint64_t)SC_ATOMIC_GET(ippair_memuse) + (uint64_t)sizeof(IPPair)));
+ exit(EXIT_FAILURE);
+ }
+
+ IPPair *h = IPPairAlloc();
+ if (h == NULL) {
+ SCLogError(SC_ERR_IPPAIR_INIT, "preallocating ippair failed: %s", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ IPPairEnqueue(&ippair_spare_q,h);
+ }
+
+ if (quiet == FALSE) {
+ SCLogInfo("preallocated %" PRIu32 " ippairs of size %" PRIuMAX "",
+ ippair_spare_q.len, (uintmax_t)sizeof(IPPair));
+ SCLogInfo("ippair memory usage: %llu bytes, maximum: %"PRIu64,
+ SC_ATOMIC_GET(ippair_memuse), ippair_config.memcap);
+ }
+
+ return;
+}
+
+/** \brief print some ippair stats
+ * \warning Not thread safe */
+void IPPairPrintStats (void)
+{
+#ifdef IPPAIRBITS_STATS
+ SCLogInfo("ippairbits added: %" PRIu32 ", removed: %" PRIu32 ", max memory usage: %" PRIu32 "",
+ ippairbits_added, ippairbits_removed, ippairbits_memuse_max);
+#endif /* IPPAIRBITS_STATS */
+ SCLogInfo("ippair memory usage: %llu bytes, maximum: %"PRIu64,
+ SC_ATOMIC_GET(ippair_memuse), ippair_config.memcap);
+ return;
+}
+
+/** \brief shutdown the flow engine
+ * \warning Not thread safe */
+void IPPairShutdown(void)
+{
+ IPPair *h;
+ uint32_t u;
+
+ IPPairPrintStats();
+
+ /* free spare queue */
+ while((h = IPPairDequeue(&ippair_spare_q))) {
+ BUG_ON(SC_ATOMIC_GET(h->use_cnt) > 0);
+ IPPairFree(h);
+ }
+
+ /* clear and free the hash */
+ if (ippair_hash != NULL) {
+ for (u = 0; u < ippair_config.hash_size; u++) {
+ IPPair *h = ippair_hash[u].head;
+ while (h) {
+ IPPair *n = h->hnext;
+ IPPairFree(h);
+ h = n;
+ }
+
+ HRLOCK_DESTROY(&ippair_hash[u]);
+ }
+ SCFree(ippair_hash);
+ ippair_hash = NULL;
+ }
+ (void) SC_ATOMIC_SUB(ippair_memuse, ippair_config.hash_size * sizeof(IPPairHashRow));
+ IPPairQueueDestroy(&ippair_spare_q);
+
+ SC_ATOMIC_DESTROY(ippair_prune_idx);
+ SC_ATOMIC_DESTROY(ippair_memuse);
+ SC_ATOMIC_DESTROY(ippair_counter);
+ //SC_ATOMIC_DESTROY(flow_flags);
+ return;
+}
+
+/** \brief Cleanup the ippair engine
+ *
+ * Cleanup the ippair engine from tag and threshold.
+ *
+ */
+void IPPairCleanup(void)
+{
+ IPPair *h;
+ uint32_t u;
+
+ if (ippair_hash != NULL) {
+ for (u = 0; u < ippair_config.hash_size; u++) {
+ h = ippair_hash[u].head;
+ IPPairHashRow *hb = &ippair_hash[u];
+ HRLOCK_LOCK(hb);
+ while (h) {
+ if ((SC_ATOMIC_GET(h->use_cnt) > 0)) {
+ /* iprep is attached to ippair only clear local storage */
+ IPPairFreeStorage(h);
+ h = h->hnext;
+ } else {
+ IPPair *n = h->hnext;
+ /* remove from the hash */
+ if (h->hprev != NULL)
+ h->hprev->hnext = h->hnext;
+ if (h->hnext != NULL)
+ h->hnext->hprev = h->hprev;
+ if (hb->head == h)
+ hb->head = h->hnext;
+ if (hb->tail == h)
+ hb->tail = h->hprev;
+ h->hnext = NULL;
+ h->hprev = NULL;
+ IPPairClearMemory(h);
+ IPPairMoveToSpare(h);
+ h = n;
+ }
+ }
+ HRLOCK_UNLOCK(hb);
+ }
+ }
+
+ return;
+}
+
+/* calculate the hash key for this packet
+ *
+ * we're using:
+ * hash_rand -- set at init time
+ * source address
+ */
+static uint32_t IPPairGetKey(Address *a, Address *b)
+{
+ uint32_t key;
+
+ if (a->family == AF_INET) {
+ uint32_t hash = hashword(&a->addr_data32[0], 1, ippair_config.hash_rand);
+ key = hash % ippair_config.hash_size;
+ } else if (a->family == AF_INET6) {
+ uint32_t hash = hashword(a->addr_data32, 4, ippair_config.hash_rand);
+ key = hash % ippair_config.hash_size;
+ } else
+ key = 0;
+
+ return key;
+}
+
+/* Since two or more ippairs can have the same hash key, we need to compare
+ * the ippair with the current addresses. */
+static inline int IPPairCompare(IPPair *p, Address *a, Address *b)
+{
+ /* compare in both directions */
+ if ((CMP_ADDR(&p->a[0], a) && CMP_ADDR(&p->a[1], b)) ||
+ (CMP_ADDR(&p->a[0], b) && CMP_ADDR(&p->a[1], a)))
+ return 1;
+ return 0;
+}
+
+/**
+ * \brief Get a new ippair
+ *
+ * Get a new ippair. We're checking memcap first and will try to make room
+ * if the memcap is reached.
+ *
+ * \retval h *LOCKED* ippair on succes, NULL on error.
+ */
+static IPPair *IPPairGetNew(Address *a, Address *b)
+{
+ IPPair *h = NULL;
+
+ /* get a ippair from the spare queue */
+ h = IPPairDequeue(&ippair_spare_q);
+ if (h == NULL) {
+ /* If we reached the max memcap, we get a used ippair */
+ if (!(IPPAIR_CHECK_MEMCAP(sizeof(IPPair)))) {
+ /* declare state of emergency */
+ //if (!(SC_ATOMIC_GET(ippair_flags) & IPPAIR_EMERGENCY)) {
+ // SC_ATOMIC_OR(ippair_flags, IPPAIR_EMERGENCY);
+
+ /* under high load, waking up the flow mgr each time leads
+ * to high cpu usage. Flows are not timed out much faster if
+ * we check a 1000 times a second. */
+ // FlowWakeupFlowManagerThread();
+ //}
+
+ h = IPPairGetUsedIPPair();
+ if (h == NULL) {
+ return NULL;
+ }
+
+ /* freed a ippair, but it's unlocked */
+ } else {
+ /* now see if we can alloc a new ippair */
+ h = IPPairNew(a,b);
+ if (h == NULL) {
+ return NULL;
+ }
+
+ /* ippair is initialized but *unlocked* */
+ }
+ } else {
+ /* ippair has been recycled before it went into the spare queue */
+
+ /* ippair is initialized (recylced) but *unlocked* */
+ }
+
+ (void) SC_ATOMIC_ADD(ippair_counter, 1);
+ SCMutexLock(&h->m);
+ return h;
+}
+
+void IPPairInit(IPPair *h, Address *a, Address *b)
+{
+ COPY_ADDRESS(a, &h->a[0]);
+ COPY_ADDRESS(b, &h->a[1]);
+ (void) IPPairIncrUsecnt(h);
+}
+
+void IPPairRelease(IPPair *h)
+{
+ (void) IPPairDecrUsecnt(h);
+ SCMutexUnlock(&h->m);
+}
+
+void IPPairLock(IPPair *h)
+{
+ SCMutexLock(&h->m);
+}
+
+void IPPairUnlock(IPPair *h)
+{
+ SCMutexUnlock(&h->m);
+}
+
+/* IPPairGetIPPairFromHash
+ *
+ * Hash retrieval function for ippairs. Looks up the hash bucket containing the
+ * ippair pointer. Then compares the packet with the found ippair to see if it is
+ * the ippair we need. If it isn't, walk the list until the right ippair is found.
+ *
+ * returns a *LOCKED* ippair or NULL
+ */
+IPPair *IPPairGetIPPairFromHash (Address *a, Address *b)
+{
+ IPPair *h = NULL;
+
+ /* get the key to our bucket */
+ uint32_t key = IPPairGetKey(a, b);
+ /* get our hash bucket and lock it */
+ IPPairHashRow *hb = &ippair_hash[key];
+ HRLOCK_LOCK(hb);
+
+ /* see if the bucket already has a ippair */
+ if (hb->head == NULL) {
+ h = IPPairGetNew(a,b);
+ if (h == NULL) {
+ HRLOCK_UNLOCK(hb);
+ return NULL;
+ }
+
+ /* ippair is locked */
+ hb->head = h;
+ hb->tail = h;
+
+ /* got one, now lock, initialize and return */
+ IPPairInit(h,a,b);
+
+ HRLOCK_UNLOCK(hb);
+ return h;
+ }
+
+ /* ok, we have a ippair in the bucket. Let's find out if it is our ippair */
+ h = hb->head;
+
+ /* see if this is the ippair we are looking for */
+ if (IPPairCompare(h, a, b) == 0) {
+ IPPair *ph = NULL; /* previous ippair */
+
+ while (h) {
+ ph = h;
+ h = h->hnext;
+
+ if (h == NULL) {
+ h = ph->hnext = IPPairGetNew(a,b);
+ if (h == NULL) {
+ HRLOCK_UNLOCK(hb);
+ return NULL;
+ }
+ hb->tail = h;
+
+ /* ippair is locked */
+
+ h->hprev = ph;
+
+ /* initialize and return */
+ IPPairInit(h,a,b);
+
+ HRLOCK_UNLOCK(hb);
+ return h;
+ }
+
+ if (IPPairCompare(h, a, b) != 0) {
+ /* we found our ippair, lets put it on top of the
+ * hash list -- this rewards active ippairs */
+ if (h->hnext) {
+ h->hnext->hprev = h->hprev;
+ }
+ if (h->hprev) {
+ h->hprev->hnext = h->hnext;
+ }
+ if (h == hb->tail) {
+ hb->tail = h->hprev;
+ }
+
+ h->hnext = hb->head;
+ h->hprev = NULL;
+ hb->head->hprev = h;
+ hb->head = h;
+
+ /* found our ippair, lock & return */
+ SCMutexLock(&h->m);
+ (void) IPPairIncrUsecnt(h);
+ HRLOCK_UNLOCK(hb);
+ return h;
+ }
+ }
+ }
+
+ /* lock & return */
+ SCMutexLock(&h->m);
+ (void) IPPairIncrUsecnt(h);
+ HRLOCK_UNLOCK(hb);
+ return h;
+}
+
+/** \brief look up a ippair in the hash
+ *
+ * \param a address to look up
+ *
+ * \retval h *LOCKED* ippair or NULL
+ */
+IPPair *IPPairLookupIPPairFromHash (Address *a, Address *b)
+{
+ IPPair *h = NULL;
+
+ /* get the key to our bucket */
+ uint32_t key = IPPairGetKey(a, b);
+ /* get our hash bucket and lock it */
+ IPPairHashRow *hb = &ippair_hash[key];
+ HRLOCK_LOCK(hb);
+
+ /* see if the bucket already has a ippair */
+ if (hb->head == NULL) {
+ HRLOCK_UNLOCK(hb);
+ return h;
+ }
+
+ /* ok, we have a ippair in the bucket. Let's find out if it is our ippair */
+ h = hb->head;
+
+ /* see if this is the ippair we are looking for */
+ if (IPPairCompare(h, a, b) == 0) {
+ while (h) {
+ h = h->hnext;
+
+ if (h == NULL) {
+ HRLOCK_UNLOCK(hb);
+ return h;
+ }
+
+ if (IPPairCompare(h, a, b) != 0) {
+ /* we found our ippair, lets put it on top of the
+ * hash list -- this rewards active ippairs */
+ if (h->hnext) {
+ h->hnext->hprev = h->hprev;
+ }
+ if (h->hprev) {
+ h->hprev->hnext = h->hnext;
+ }
+ if (h == hb->tail) {
+ hb->tail = h->hprev;
+ }
+
+ h->hnext = hb->head;
+ h->hprev = NULL;
+ hb->head->hprev = h;
+ hb->head = h;
+
+ /* found our ippair, lock & return */
+ SCMutexLock(&h->m);
+ (void) IPPairIncrUsecnt(h);
+ HRLOCK_UNLOCK(hb);
+ return h;
+ }
+ }
+ }
+
+ /* lock & return */
+ SCMutexLock(&h->m);
+ (void) IPPairIncrUsecnt(h);
+ HRLOCK_UNLOCK(hb);
+ return h;
+}
+
+/** \internal
+ * \brief Get a ippair from the hash directly.
+ *
+ * Called in conditions where the spare queue is empty and memcap is reached.
+ *
+ * Walks the hash until a ippair can be freed. "ippair_prune_idx" atomic int makes
+ * sure we don't start at the top each time since that would clear the top of
+ * the hash leading to longer and longer search times under high pressure (observed).
+ *
+ * \retval h ippair or NULL
+ */
+static IPPair *IPPairGetUsedIPPair(void)
+{
+ uint32_t idx = SC_ATOMIC_GET(ippair_prune_idx) % ippair_config.hash_size;
+ uint32_t cnt = ippair_config.hash_size;
+
+ while (cnt--) {
+ if (++idx >= ippair_config.hash_size)
+ idx = 0;
+
+ IPPairHashRow *hb = &ippair_hash[idx];
+
+ if (HRLOCK_TRYLOCK(hb) != 0)
+ continue;
+
+ IPPair *h = hb->tail;
+ if (h == NULL) {
+ HRLOCK_UNLOCK(hb);
+ continue;
+ }
+
+ if (SCMutexTrylock(&h->m) != 0) {
+ HRLOCK_UNLOCK(hb);
+ continue;
+ }
+
+ /** never prune a ippair that is used by a packets
+ * we are currently processing in one of the threads */
+ if (SC_ATOMIC_GET(h->use_cnt) > 0) {
+ HRLOCK_UNLOCK(hb);
+ SCMutexUnlock(&h->m);
+ continue;
+ }
+
+ /* remove from the hash */
+ if (h->hprev != NULL)
+ h->hprev->hnext = h->hnext;
+ if (h->hnext != NULL)
+ h->hnext->hprev = h->hprev;
+ if (hb->head == h)
+ hb->head = h->hnext;
+ if (hb->tail == h)
+ hb->tail = h->hprev;
+
+ h->hnext = NULL;
+ h->hprev = NULL;
+ HRLOCK_UNLOCK(hb);
+
+ IPPairClearMemory (h);
+
+ SCMutexUnlock(&h->m);
+
+ (void) SC_ATOMIC_ADD(ippair_prune_idx, (ippair_config.hash_size - cnt));
+ return h;
+ }
+
+ return NULL;
+}
+
+void IPPairRegisterUnittests(void)
+{
+ RegisterIPPairStorageTests();
+}
--- /dev/null
+/* Copyright (C) 2007-2013 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#ifndef __IPPAIR_H__
+#define __IPPAIR_H__
+
+#include "decode.h"
+#include "util-storage.h"
+
+/** Spinlocks or Mutex for the flow buckets. */
+//#define HRLOCK_SPIN
+#define HRLOCK_MUTEX
+
+#ifdef HRLOCK_SPIN
+ #ifdef HRLOCK_MUTEX
+ #error Cannot enable both HRLOCK_SPIN and HRLOCK_MUTEX
+ #endif
+#endif
+
+#ifdef HRLOCK_SPIN
+ #define HRLOCK_TYPE SCSpinlock
+ #define HRLOCK_INIT(fb) SCSpinInit(&(fb)->lock, 0)
+ #define HRLOCK_DESTROY(fb) SCSpinDestroy(&(fb)->lock)
+ #define HRLOCK_LOCK(fb) SCSpinLock(&(fb)->lock)
+ #define HRLOCK_TRYLOCK(fb) SCSpinTrylock(&(fb)->lock)
+ #define HRLOCK_UNLOCK(fb) SCSpinUnlock(&(fb)->lock)
+#elif defined HRLOCK_MUTEX
+ #define HRLOCK_TYPE SCMutex
+ #define HRLOCK_INIT(fb) SCMutexInit(&(fb)->lock, NULL)
+ #define HRLOCK_DESTROY(fb) SCMutexDestroy(&(fb)->lock)
+ #define HRLOCK_LOCK(fb) SCMutexLock(&(fb)->lock)
+ #define HRLOCK_TRYLOCK(fb) SCMutexTrylock(&(fb)->lock)
+ #define HRLOCK_UNLOCK(fb) SCMutexUnlock(&(fb)->lock)
+#else
+ #error Enable HRLOCK_SPIN or HRLOCK_MUTEX
+#endif
+
+typedef struct IPPair_ {
+ /** ippair mutex */
+ SCMutex m;
+
+ /** ippair addresses -- ipv4 or ipv6 */
+ Address a[2];
+
+ /** use cnt, reference counter */
+ SC_ATOMIC_DECLARE(unsigned int, use_cnt);
+
+ /** storage api handle */
+ Storage *storage;
+
+ /** hash pointers, protected by hash row mutex/spin */
+ struct IPPair_ *hnext;
+ struct IPPair_ *hprev;
+
+ /** list pointers, protected by ippair-queue mutex/spin */
+ struct IPPair_ *lnext;
+ struct IPPair_ *lprev;
+} IPPair;
+
+typedef struct IPPairHashRow_ {
+ HRLOCK_TYPE lock;
+ IPPair *head;
+ IPPair *tail;
+} __attribute__((aligned(CLS))) IPPairHashRow;
+
+/** ippair hash table */
+IPPairHashRow *ippair_hash;
+
+#define IPPAIR_VERBOSE 0
+#define IPPAIR_QUIET 1
+
+typedef struct IPPairConfig_ {
+ uint64_t memcap;
+ uint32_t hash_rand;
+ uint32_t hash_size;
+ uint32_t prealloc;
+} IPPairConfig;
+
+/** \brief check if a memory alloc would fit in the memcap
+ *
+ * \param size memory allocation size to check
+ *
+ * \retval 1 it fits
+ * \retval 0 no fit
+ */
+#define IPPAIR_CHECK_MEMCAP(size) \
+ ((((uint64_t)SC_ATOMIC_GET(ippair_memuse) + (uint64_t)(size)) <= ippair_config.memcap))
+
+#define IPPairIncrUsecnt(h) \
+ (void)SC_ATOMIC_ADD((h)->use_cnt, 1)
+#define IPPairDecrUsecnt(h) \
+ (void)SC_ATOMIC_SUB((h)->use_cnt, 1)
+
+#define IPPairReference(dst_h_ptr, h) do { \
+ if ((h) != NULL) { \
+ IPPairIncrUsecnt((h)); \
+ *(dst_h_ptr) = h; \
+ } \
+ } while (0)
+
+#define IPPairDeReference(src_h_ptr) do { \
+ if (*(src_h_ptr) != NULL) { \
+ IPPairDecrUsecnt(*(src_h_ptr)); \
+ *(src_h_ptr) = NULL; \
+ } \
+ } while (0)
+
+IPPairConfig ippair_config;
+SC_ATOMIC_DECLARE(unsigned long long int,ippair_memuse);
+SC_ATOMIC_DECLARE(unsigned int,ippair_counter);
+SC_ATOMIC_DECLARE(unsigned int,ippair_prune_idx);
+
+void IPPairInitConfig(char quiet);
+void IPPairShutdown(void);
+void IPPairCleanup(void);
+
+IPPair *IPPairLookupIPPairFromHash (Address *, Address *);
+IPPair *IPPairGetIPPairFromHash (Address *, Address *);
+void IPPairRelease(IPPair *);
+void IPPairLock(IPPair *);
+void IPPairClearMemory(IPPair *);
+void IPPairMoveToSpare(IPPair *);
+uint32_t IPPairSpareQueueGetSize(void);
+void IPPairPrintStats (void);
+
+void IPPairRegisterUnittests(void);
+
+IPPair *IPPairAlloc(void);
+void IPPairFree(IPPair *);
+
+void IPPairLock(IPPair *);
+void IPPairUnlock(IPPair *);
+
+#endif /* __IPPAIR_H__ */
#include "pkt-var.h"
#include "host.h"
+#include "ippair.h"
#include "unix-manager.h"
#include "app-layer-detect-proto.h"
TmqhFlowRegisterTests();
FlowRegisterTests();
HostRegisterUnittests();
+ IPPairRegisterUnittests();
SCSigRegisterSignatureOrderingTests();
SCRadixRegisterTests();
DefragRegisterTests();
#include "output.h"
#include "host.h"
#include "defrag.h"
+#include "ippair.h"
#include "util-profiling.h"
SCPerfReleaseResources();
RunModeShutDown();
FlowShutdown();
+ IPPairShutdown();
HostCleanup();
StreamTcpFreeConfig(STREAM_VERBOSE);
DefragDestroy();
#endif /* PROFILING */
DefragInit();
FlowInitConfig(FLOW_QUIET);
+ IPPairInitConfig(FLOW_QUIET);
StreamTcpInitConfig(STREAM_VERBOSE);
RunModeInitializeOutputs();
SCPerfInitCounterApi();
#include "flow-bit.h"
#include "pkt-var.h"
+#include "ippair.h"
#include "host.h"
#include "unix-manager.h"
if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
FlowInitConfig(FLOW_VERBOSE);
StreamTcpInitConfig(STREAM_VERBOSE);
+ IPPairInitConfig(IPPAIR_VERBOSE);
}
if (MagicInit() != 0)
if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
SCPerfReleaseResources();
+ IPPairShutdown();
FlowShutdown();
StreamTcpFreeConfig(STREAM_VERBOSE);
}
CASE_CODE (SC_ERR_NO_NETMAP);
CASE_CODE (SC_ERR_NETMAP_CREATE);
CASE_CODE (SC_ERR_NETMAP_READ);
+ CASE_CODE (SC_ERR_IPPAIR_INIT);
}
return "UNKNOWN_ERROR";
SC_ERR_NETMAP_CREATE,
SC_ERR_NETMAP_READ,
SC_ERR_THREAD_DEINIT, /**< thread's deinit function failed */
+ SC_ERR_IPPAIR_INIT,
} SCError;
const char *SCErrorToString(SCError);
return "host";
case STORAGE_FLOW:
return "flow";
+ case STORAGE_IPPAIR:
+ return "ippair";
case STORAGE_MAX:
return "max";
}
typedef enum StorageEnum_ {
STORAGE_HOST,
STORAGE_FLOW,
+ STORAGE_IPPAIR,
STORAGE_MAX,
} StorageEnum;
projects / thirdparty / suricata.git / commitdiff
