The only user is the xbits subsys, so it's timeout controls all.
return IPPairGetStorageById(ippair, ippair_bit_id) ? 1 : 0;
}
+/** \retval 1 ippair timed out wrt xbits
+ * \retval 0 ippair still has active (non-expired) xbits */
+int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts)
+{
+ GenericVar *gv = IPPairGetStorageById(h, ippair_bit_id);
+ for ( ; gv != NULL; gv = gv->next) {
+ if (gv->type == DETECT_XBITS) {
+ XBit *xb = (XBit *)gv;
+ if (xb->expire > (uint32_t)ts->tv_sec)
+ return 0;
+ }
+ }
+ return 1;
+}
+
/* get the bit with idx from the ippair */
static XBit *IPPairBitGet(IPPair *h, uint16_t idx)
{
void IPPairBitInitCtx(void);
void IPPairBitRegisterTests(void);
-int IPPairHasIPPairBits(IPPair *host);
+int IPPairHasBits(IPPair *host);
+int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts);
void IPPairBitSet(IPPair *, uint16_t, uint32_t);
void IPPairBitUnset(IPPair *, uint16_t);
#include "suricata-common.h"
#include "ippair.h"
+#include "ippair-bit.h"
uint32_t IPPairGetSpareCount(void)
{
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
-static int IPPairIPPairTimedOut(IPPair *h, struct timeval *ts)
+static int IPPairTimedOut(IPPair *h, struct timeval *ts)
{
+ int vars = 0;
+
/** never prune a ippair that is used by a packet
* we are currently processing in one of the threads */
if (SC_ATOMIC_GET(h->use_cnt) > 0) {
return 0;
}
+ if (IPPairHasBits(h) && IPPairBitsTimedoutCheck(h, ts) == 0) {
+ vars = 1;
+ }
+
+ if (vars) {
+ return 0;
+ }
+
SCLogDebug("ippair %p timed out", h);
return 1;
}
/* check if the ippair is fully timed out and
* ready to be discarded. */
- if (IPPairIPPairTimedOut(h, ts) == 1) {
+ if (IPPairTimedOut(h, ts) == 1) {
/* remove from the hash */
if (h->hprev != NULL)
h->hprev->hnext = h->hnext;
projects / thirdparty / suricata.git / commitdiff
