From: Victor Julien Date: Thu, 14 Mar 2013 16:08:14 +0000 (+0100) Subject: Use Host Storage API for per host thresholding X-Git-Tag: suricata-2.0beta2~473 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27023872de7cdda727cfca594412284ee563ea7b;p=thirdparty%2Fsuricata.git Use Host Storage API for per host thresholding --- diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c index baa9e44e38..7b440b9895 100644 --- a/src/detect-engine-threshold.c +++ b/src/detect-engine-threshold.c @@ -39,7 +39,9 @@ #include "debug.h" #include "detect.h" #include "flow.h" + #include "host.h" +#include "host-storage.h" #include "detect-parse.h" #include "detect-engine-sigorder.h" @@ -64,6 +66,29 @@ #include "util-var-name.h" #include "tm-threads.h" +static int threshold_id = -1; /**< host storage id for thresholds */ + +int ThresholdHostStorageId(void) { + return threshold_id; +} + +void ThresholdInit(void) { + threshold_id = HostStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree); +} + +int ThresholdHostHasThreshold(Host *host) { + return HostGetStorageById(host, threshold_id) ? 1 : 0; +} + +void DetectThresholdForceCleanup(Host *host) { + void *t = HostGetStorageById(host, threshold_id); + if (t != NULL) { + ThresholdListFree(t); + HostSetStorageById(host, threshold_id, NULL); + } + +} + /** * \brief Return next DetectThresholdData for signature * @@ -135,10 +160,9 @@ int ThresholdTimeoutCheck(Host *host, struct timeval *tv) DetectThresholdEntry *prev = NULL; int retval = 1; - if (host->threshold == NULL) - return 1; - - tmp = host->threshold; + tmp = HostGetStorageById(host, threshold_id); + if (tmp == NULL) + return 1; prev = NULL; while (tmp != NULL) { @@ -159,8 +183,7 @@ int ThresholdTimeoutCheck(Host *host, struct timeval *tv) SCFree(tde); } else { - host->threshold = tmp->next; - + HostSetStorageById(host, threshold_id, tmp->next); tde = tmp; tmp = tde->next; @@ -193,7 +216,7 @@ static DetectThresholdEntry *ThresholdHostLookupEntry(Host *h, uint32_t sid, uin { DetectThresholdEntry *e; - for (e = h->threshold; e != NULL; e = e->next) { + for (e = HostGetStorageById(h, threshold_id); e != NULL; e = e->next) { if (e->sid == sid && e->gid == gid) break; } @@ -243,8 +266,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 ret = 1; - e->next = h->threshold; - h->threshold = e; + e->next = HostGetStorageById(h, threshold_id); + HostSetStorageById(h, threshold_id, e); } break; } @@ -276,8 +299,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 e->current_count = 1; e->tv_sec1 = p->ts.tv_sec; - e->next = h->threshold; - h->threshold = e; + e->next = HostGetStorageById(h, threshold_id); + HostSetStorageById(h, threshold_id, e); } } break; @@ -316,8 +339,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 e->current_count = 1; e->tv_sec1 = p->ts.tv_sec; - e->next = h->threshold; - h->threshold = e; + e->next = HostGetStorageById(h, threshold_id); + HostSetStorageById(h, threshold_id, e); /* for the first match we return 1 to * indicate we should alert */ @@ -360,8 +383,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 e->tv_sec1 = p->ts.tv_sec; e->tv_usec1 = p->ts.tv_usec; - e->next = h->threshold; - h->threshold = e; + e->next = HostGetStorageById(h, threshold_id); + HostSetStorageById(h, threshold_id, e); } break; } @@ -449,8 +472,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 e->tv_sec1 = p->ts.tv_sec; e->tv_timeout = 0; - e->next = h->threshold; - h->threshold = e; + e->next = HostGetStorageById(h, threshold_id); + HostSetStorageById(h, threshold_id, e); } break; } diff --git a/src/detect-engine-threshold.h b/src/detect-engine-threshold.h index cc3df56792..b44538cd42 100644 --- a/src/detect-engine-threshold.h +++ b/src/detect-engine-threshold.h @@ -28,6 +28,10 @@ #include "detect.h" #include "host.h" +int ThresholdHostStorageId(void); +int ThresholdHostHasThreshold(Host *); +void DetectThresholdForceCleanup(Host *); + DetectThresholdData *SigGetThresholdType(Signature *, Packet *); DetectThresholdData *SigGetThresholdTypeIter(Signature *, Packet *, SigMatch **); int PacketAlertThreshold(DetectEngineCtx *, DetectEngineThreadCtx *, diff --git a/src/detect-threshold.c b/src/detect-threshold.c index aec9cb5464..11beed7ef6 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -24,6 +24,7 @@ * \file * * \author Breno Silva + * \author Victor Julien * * Implements the threshold keyword. * @@ -36,6 +37,7 @@ #include "decode.h" #include "host.h" +#include "host-storage.h" #include "detect.h" #include "detect-parse.h" @@ -45,6 +47,7 @@ #include "stream-tcp.h" #include "detect-threshold.h" +#include "detect-engine-threshold.h" #include "detect-parse.h" #include "detect-engine-address.h" @@ -623,10 +626,9 @@ static int DetectThresholdTestSig3(void) { goto cleanup; } - lookup_tsh = (DetectThresholdEntry *)host->threshold; - if (lookup_tsh == NULL) { + if (!(ThresholdHostHasThreshold(host))) { HostRelease(host); - printf("lookup_tsh is NULL: "); + printf("host has no threshold: "); goto cleanup; } HostRelease(host); @@ -645,7 +647,7 @@ static int DetectThresholdTestSig3(void) { } HostRelease(host); - lookup_tsh = (DetectThresholdEntry *)host->threshold; + lookup_tsh = HostGetStorageById(host, ThresholdHostStorageId()); if (lookup_tsh == NULL) { HostRelease(host); printf("lookup_tsh is NULL: "); diff --git a/src/host-timeout.c b/src/host-timeout.c index 8b596e0dc5..e9118af5fa 100644 --- a/src/host-timeout.c +++ b/src/host-timeout.c @@ -65,7 +65,7 @@ static int HostHostTimedOut(Host *h, struct timeval *ts) { if (TagHostHasTag(h) && TagTimeoutCheck(h, ts) == 0) { tags = 1; } - if (h->threshold && ThresholdTimeoutCheck(h, ts) == 0) { + if (ThresholdHostHasThreshold(h) && ThresholdTimeoutCheck(h, ts) == 0) { thresholds = 1; } diff --git a/src/host.c b/src/host.c index 954b88bdfb..b231268d90 100644 --- a/src/host.c +++ b/src/host.c @@ -105,10 +105,6 @@ error: } void HostClearMemory(Host *h) { - if (h->threshold != NULL) { - ThresholdListFree(h->threshold); - h->threshold = NULL; - } if (h->iprep != NULL) { SCFree(h->iprep); h->iprep = NULL; @@ -307,11 +303,7 @@ void HostCleanup(void) if ((SC_ATOMIC_GET(h->use_cnt) > 0) && (h->iprep != NULL)) { /* iprep is attached to host only clear tag and threshold */ DetectTagForceCleanup(h); - - if (h->threshold != NULL) { - ThresholdListFree(h->threshold); - h->threshold = NULL; - } + DetectThresholdForceCleanup(h); h = h->hnext; } else { Host *n = h->hnext; diff --git a/src/host.h b/src/host.h index 7f4584b616..0f35b18d23 100644 --- a/src/host.h +++ b/src/host.h @@ -65,9 +65,9 @@ typedef struct Host_ { /** use cnt, reference counter */ SC_ATOMIC_DECLARE(unsigned short, use_cnt); - /** pointers to threshold and iprep storage */ - void *threshold; + /** pointers to iprep storage */ void *iprep; + /** storage api handle */ Storage *storage;