return HostGetStorageById(host, host_bit_id) ? 1 : 0;
}
+/** \retval 1 host timed out wrt xbits
+ * \retval 0 host still has active (non-expired) xbits */
+int HostBitsTimedoutCheck(Host *h, struct timeval *ts)
+{
+ GenericVar *gv = HostGetStorageById(h, host_bit_id);
+ for ( ; gv != NULL; gv = gv->next) {
+ if (gv->type == DETECT_XBITS) {
+ XBit *xb = (XBit *)gv;
+ if (xb->expire > (uint32_t)ts->tv_sec)
+ return 0;
+ }
+ }
+ return 1;
+}
+
/* get the bit with idx from the host */
static XBit *HostBitGet(Host *h, uint16_t idx)
{
void HostBitRegisterTests(void);
int HostHasHostBits(Host *host);
+int HostBitsTimedoutCheck(Host *h, struct timeval *ts);
void HostBitSet(Host *, uint16_t, uint32_t);
void HostBitUnset(Host *, uint16_t);
#include "detect-engine-tag.h"
#include "detect-engine-threshold.h"
+
+#include "host-bit.h"
+
#include "reputation.h"
uint32_t HostGetSpareCount(void)
{
int tags = 0;
int thresholds = 0;
+ int vars = 0;
/** never prune a host that is used by a packet
* we are currently processing in one of the threads */
if (ThresholdHostHasThreshold(h) && ThresholdTimeoutCheck(h, ts) == 0) {
thresholds = 1;
}
+ if (HostHasHostBits(h) && HostBitsTimedoutCheck(h, ts) == 0) {
+ vars = 1;
+ }
- if (tags || thresholds)
+ if (tags || thresholds || vars)
return 0;
SCLogDebug("host %p timed out", h);
projects / thirdparty / suricata.git / commitdiff
