From: Victor Julien Date: Thu, 18 Dec 2014 22:33:03 +0000 (+0100) Subject: ippair: track ippairs, enable tests X-Git-Tag: suricata-2.1beta4~82 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=99ae643e4e6142d5dea9c8a82aac4e8ed1d70679;p=thirdparty%2Fsuricata.git ippair: track ippairs, enable tests --- diff --git a/src/Makefile.am b/src/Makefile.am index d30cce2e5c..2d9cb14ec3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -210,6 +210,10 @@ host.c host.h \ host-queue.c host-queue.h \ host-storage.c host-storage.h \ host-timeout.c host-timeout.h \ +ippair.c ippair.h \ +ippair-queue.c ippair-queue.h \ +ippair-storage.c ippair-storage.h \ +ippair-timeout.c ippair-timeout.h \ log-dnslog.c log-dnslog.h \ log-droplog.c log-droplog.h \ log-file.c log-file.h \ diff --git a/src/ippair-queue.c b/src/ippair-queue.c new file mode 100644 index 0000000000..0f68200dd9 --- /dev/null +++ b/src/ippair-queue.c @@ -0,0 +1,143 @@ +/* Copyright (C) 2007-2012 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + * IPPair queue handler functions + */ + +#include "suricata-common.h" +#include "threads.h" +#include "debug.h" +#include "ippair-queue.h" +#include "util-error.h" +#include "util-debug.h" +#include "util-print.h" + +IPPairQueue *IPPairQueueInit (IPPairQueue *q) +{ + if (q != NULL) { + memset(q, 0, sizeof(IPPairQueue)); + HQLOCK_INIT(q); + } + return q; +} + +IPPairQueue *IPPairQueueNew() +{ + IPPairQueue *q = (IPPairQueue *)SCMalloc(sizeof(IPPairQueue)); + if (q == NULL) { + SCLogError(SC_ERR_FATAL, "Fatal error encountered in IPPairQueueNew. Exiting..."); + exit(EXIT_SUCCESS); + } + q = IPPairQueueInit(q); + return q; +} + +/** + * \brief Destroy a ippair queue + * + * \param q the ippair queue to destroy + */ +void IPPairQueueDestroy (IPPairQueue *q) +{ + HQLOCK_DESTROY(q); +} + +/** + * \brief add a ippair to a queue + * + * \param q queue + * \param h ippair + */ +void IPPairEnqueue (IPPairQueue *q, IPPair *h) +{ +#ifdef DEBUG + BUG_ON(q == NULL || h == NULL); +#endif + + HQLOCK_LOCK(q); + + /* more ippairs in queue */ + if (q->top != NULL) { + h->lnext = q->top; + q->top->lprev = h; + q->top = h; + /* only ippair */ + } else { + q->top = h; + q->bot = h; + } + q->len++; +#ifdef DBG_PERF + if (q->len > q->dbg_maxlen) + q->dbg_maxlen = q->len; +#endif /* DBG_PERF */ + HQLOCK_UNLOCK(q); +} + +/** + * \brief remove a ippair from the queue + * + * \param q queue + * + * \retval h ippair or NULL if empty list. + */ +IPPair *IPPairDequeue (IPPairQueue *q) +{ + HQLOCK_LOCK(q); + + IPPair *h = q->bot; + if (h == NULL) { + HQLOCK_UNLOCK(q); + return NULL; + } + + /* more packets in queue */ + if (q->bot->lprev != NULL) { + q->bot = q->bot->lprev; + q->bot->lnext = NULL; + /* just the one we remove, so now empty */ + } else { + q->top = NULL; + q->bot = NULL; + } + +#ifdef DEBUG + BUG_ON(q->len == 0); +#endif + if (q->len > 0) + q->len--; + + h->lnext = NULL; + h->lprev = NULL; + + HQLOCK_UNLOCK(q); + return h; +} + +uint32_t IPPairQueueLen(IPPairQueue *q) +{ + uint32_t len; + HQLOCK_LOCK(q); + len = q->len; + HQLOCK_UNLOCK(q); + return len; +} diff --git a/src/ippair-queue.h b/src/ippair-queue.h new file mode 100644 index 0000000000..5c80cf3917 --- /dev/null +++ b/src/ippair-queue.h @@ -0,0 +1,83 @@ +/* Copyright (C) 2007-2012 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __IPPAIR_QUEUE_H__ +#define __IPPAIR_QUEUE_H__ + +#include "suricata-common.h" +#include "ippair.h" + +/** Spinlocks or Mutex for the ippair queues. */ +//#define HQLOCK_SPIN +#define HQLOCK_MUTEX + +#ifdef HQLOCK_SPIN + #ifdef HQLOCK_MUTEX + #error Cannot enable both HQLOCK_SPIN and HQLOCK_MUTEX + #endif +#endif + +/* Define a queue for storing ippairs */ +typedef struct IPPairQueue_ +{ + IPPair *top; + IPPair *bot; + uint32_t len; +#ifdef DBG_PERF + uint32_t dbg_maxlen; +#endif /* DBG_PERF */ +#ifdef HQLOCK_MUTEX + SCMutex m; +#elif defined HQLOCK_SPIN + SCSpinlock s; +#else + #error Enable HQLOCK_SPIN or HQLOCK_MUTEX +#endif +} IPPairQueue; + +#ifdef HQLOCK_SPIN + #define HQLOCK_INIT(q) SCSpinInit(&(q)->s, 0) + #define HQLOCK_DESTROY(q) SCSpinDestroy(&(q)->s) + #define HQLOCK_LOCK(q) SCSpinLock(&(q)->s) + #define HQLOCK_TRYLOCK(q) SCSpinTrylock(&(q)->s) + #define HQLOCK_UNLOCK(q) SCSpinUnlock(&(q)->s) +#elif defined HQLOCK_MUTEX + #define HQLOCK_INIT(q) SCMutexInit(&(q)->m, NULL) + #define HQLOCK_DESTROY(q) SCMutexDestroy(&(q)->m) + #define HQLOCK_LOCK(q) SCMutexLock(&(q)->m) + #define HQLOCK_TRYLOCK(q) SCMutexTrylock(&(q)->m) + #define HQLOCK_UNLOCK(q) SCMutexUnlock(&(q)->m) +#else + #error Enable HQLOCK_SPIN or HQLOCK_MUTEX +#endif + +/* prototypes */ +IPPairQueue *IPPairQueueNew(); +IPPairQueue *IPPairQueueInit(IPPairQueue *); +void IPPairQueueDestroy (IPPairQueue *); + +void IPPairEnqueue (IPPairQueue *, IPPair *); +IPPair *IPPairDequeue (IPPairQueue *); +uint32_t IPPairQueueLen(IPPairQueue *); + +#endif /* __IPPAIR_QUEUE_H__ */ diff --git a/src/ippair-storage.c b/src/ippair-storage.c new file mode 100644 index 0000000000..dddc713658 --- /dev/null +++ b/src/ippair-storage.c @@ -0,0 +1,299 @@ +/* Copyright (C) 2007-2013 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + * IPPair wrapper around storage api + */ + +#include "suricata-common.h" +#include "ippair-storage.h" +#include "util-unittest.h" + +unsigned int IPPairStorageSize(void) +{ + return StorageGetSize(STORAGE_IPPAIR); +} + +void *IPPairGetStorageById(IPPair *h, int id) +{ + return StorageGetById((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id); +} + +int IPPairSetStorageById(IPPair *h, int id, void *ptr) +{ + return StorageSetById((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id, ptr); +} + +void *IPPairAllocStorageById(IPPair *h, int id) +{ + return StorageAllocByIdPrealloc((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id); +} + +void IPPairFreeStorageById(IPPair *h, int id) +{ + StorageFreeById((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR, id); +} + +void IPPairFreeStorage(IPPair *h) +{ + if (IPPairStorageSize() > 0) + StorageFreeAll((Storage *)((void *)h + sizeof(IPPair)), STORAGE_IPPAIR); +} + +int IPPairStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void (*Free)(void *)) { + return StorageRegister(STORAGE_IPPAIR, name, size, Alloc, Free); +} + +#ifdef UNITTESTS + +static void *StorageTestAlloc(unsigned int size) +{ + void *x = SCMalloc(size); + return x; +} +static void StorageTestFree(void *x) +{ + if (x) + SCFree(x); +} + +static int IPPairStorageTest01(void) +{ + StorageInit(); + + int id1 = IPPairStorageRegister("test", 8, StorageTestAlloc, StorageTestFree); + if (id1 < 0) + goto error; + int id2 = IPPairStorageRegister("variable", 24, StorageTestAlloc, StorageTestFree); + if (id2 < 0) + goto error; + int id3 = IPPairStorageRegister("store", sizeof(void *), StorageTestAlloc, StorageTestFree); + if (id3 < 0) + goto error; + + if (StorageFinalize() < 0) + goto error; + + IPPairInitConfig(1); + + Address a, b; + memset(&a, 0x00, sizeof(a)); + memset(&b, 0x00, sizeof(b)); + a.addr_data32[0] = 0x01020304; + b.addr_data32[0] = 0x04030201; + a.family = AF_INET; + b.family = AF_INET; + IPPair *h = IPPairGetIPPairFromHash(&a, &b); + if (h == NULL) { + printf("failed to get ippair: "); + goto error; + } + + void *ptr = IPPairGetStorageById(h, id1); + if (ptr != NULL) { + goto error; + } + ptr = IPPairGetStorageById(h, id2); + if (ptr != NULL) { + goto error; + } + ptr = IPPairGetStorageById(h, id3); + if (ptr != NULL) { + goto error; + } + + void *ptr1a = IPPairAllocStorageById(h, id1); + if (ptr1a == NULL) { + goto error; + } + void *ptr2a = IPPairAllocStorageById(h, id2); + if (ptr2a == NULL) { + goto error; + } + void *ptr3a = IPPairAllocStorageById(h, id3); + if (ptr3a == NULL) { + goto error; + } + + void *ptr1b = IPPairGetStorageById(h, id1); + if (ptr1a != ptr1b) { + goto error; + } + void *ptr2b = IPPairGetStorageById(h, id2); + if (ptr2a != ptr2b) { + goto error; + } + void *ptr3b = IPPairGetStorageById(h, id3); + if (ptr3a != ptr3b) { + goto error; + } + + IPPairRelease(h); + + IPPairShutdown(); + StorageCleanup(); + return 1; +error: + IPPairShutdown(); + StorageCleanup(); + return 0; +} + +static int IPPairStorageTest02(void) +{ + StorageInit(); + + int id1 = IPPairStorageRegister("test", sizeof(void *), NULL, StorageTestFree); + if (id1 < 0) + goto error; + + if (StorageFinalize() < 0) + goto error; + + IPPairInitConfig(1); + + Address a, b; + memset(&a, 0x00, sizeof(a)); + memset(&b, 0x00, sizeof(b)); + a.addr_data32[0] = 0x01020304; + b.addr_data32[0] = 0x04030201; + a.family = AF_INET; + b.family = AF_INET; + IPPair *h = IPPairGetIPPairFromHash(&a, &b); + if (h == NULL) { + printf("failed to get ippair: "); + goto error; + } + + void *ptr = IPPairGetStorageById(h, id1); + if (ptr != NULL) { + goto error; + } + + void *ptr1a = SCMalloc(128); + if (unlikely(ptr1a == NULL)) { + goto error; + } + IPPairSetStorageById(h, id1, ptr1a); + + void *ptr1b = IPPairGetStorageById(h, id1); + if (ptr1a != ptr1b) { + goto error; + } + + IPPairRelease(h); + + IPPairShutdown(); + StorageCleanup(); + return 1; +error: + IPPairShutdown(); + StorageCleanup(); + return 0; +} + +static int IPPairStorageTest03(void) +{ + StorageInit(); + + int id1 = IPPairStorageRegister("test1", sizeof(void *), NULL, StorageTestFree); + if (id1 < 0) + goto error; + int id2 = IPPairStorageRegister("test2", sizeof(void *), NULL, StorageTestFree); + if (id2 < 0) + goto error; + int id3 = IPPairStorageRegister("test3", 32, StorageTestAlloc, StorageTestFree); + if (id3 < 0) + goto error; + + if (StorageFinalize() < 0) + goto error; + + IPPairInitConfig(1); + + Address a, b; + memset(&a, 0x00, sizeof(a)); + memset(&b, 0x00, sizeof(b)); + a.addr_data32[0] = 0x01020304; + b.addr_data32[0] = 0x04030201; + a.family = AF_INET; + b.family = AF_INET; + IPPair *h = IPPairGetIPPairFromHash(&a, &b); + if (h == NULL) { + printf("failed to get ippair: "); + goto error; + } + + void *ptr = IPPairGetStorageById(h, id1); + if (ptr != NULL) { + goto error; + } + + void *ptr1a = SCMalloc(128); + if (unlikely(ptr1a == NULL)) { + goto error; + } + IPPairSetStorageById(h, id1, ptr1a); + + void *ptr2a = SCMalloc(256); + if (unlikely(ptr2a == NULL)) { + goto error; + } + IPPairSetStorageById(h, id2, ptr2a); + + void *ptr3a = IPPairAllocStorageById(h, id3); + if (ptr3a == NULL) { + goto error; + } + + void *ptr1b = IPPairGetStorageById(h, id1); + if (ptr1a != ptr1b) { + goto error; + } + void *ptr2b = IPPairGetStorageById(h, id2); + if (ptr2a != ptr2b) { + goto error; + } + void *ptr3b = IPPairGetStorageById(h, id3); + if (ptr3a != ptr3b) { + goto error; + } + + IPPairRelease(h); + + IPPairShutdown(); + StorageCleanup(); + return 1; +error: + IPPairShutdown(); + StorageCleanup(); + return 0; +} +#endif + +void RegisterIPPairStorageTests(void) +{ +#ifdef UNITTESTS + UtRegisterTest("IPPairStorageTest01", IPPairStorageTest01, 1); + UtRegisterTest("IPPairStorageTest02", IPPairStorageTest02, 1); + UtRegisterTest("IPPairStorageTest03", IPPairStorageTest03, 1); +#endif +} diff --git a/src/ippair-storage.h b/src/ippair-storage.h new file mode 100644 index 0000000000..0671ac9196 --- /dev/null +++ b/src/ippair-storage.h @@ -0,0 +1,45 @@ +/* Copyright (C) 2007-2013 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + * IPPair wrapper around storage api + */ + +#ifndef __IPPAIR_STORAGE_H__ +#define __IPPAIR_STORAGE_H__ + +#include "util-storage.h" +#include "ippair.h" + +unsigned int IPPairStorageSize(void); + +void *IPPairGetStorageById(IPPair *h, int id); +int IPPairSetStorageById(IPPair *h, int id, void *ptr); +void *IPPairAllocStorageById(IPPair *h, int id); + +void IPPairFreeStorageById(IPPair *h, int id); +void IPPairFreeStorage(IPPair *h); + +void RegisterIPPairStorageTests(void); + +int IPPairStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void (*Free)(void *)); + +#endif /* __IPPAIR_STORAGE_H__ */ diff --git a/src/ippair-timeout.c b/src/ippair-timeout.c new file mode 100644 index 0000000000..d1a6a24e0d --- /dev/null +++ b/src/ippair-timeout.c @@ -0,0 +1,148 @@ +/* Copyright (C) 2007-2012 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#include "suricata-common.h" +#include "ippair.h" + +uint32_t IPPairGetSpareCount(void) +{ + return IPPairSpareQueueGetSize(); +} + +uint32_t IPPairGetActiveCount(void) +{ + return SC_ATOMIC_GET(ippair_counter); +} + +/** \internal + * \brief See if we can really discard this ippair. Check use_cnt reference. + * + * \param h ippair + * \param ts timestamp + * + * \retval 0 not timed out just yet + * \retval 1 fully timed out, lets kill it + */ +static int IPPairIPPairTimedOut(IPPair *h, struct timeval *ts) +{ + /** never prune a ippair that is used by a packet + * we are currently processing in one of the threads */ + if (SC_ATOMIC_GET(h->use_cnt) > 0) { + return 0; + } + + SCLogDebug("ippair %p timed out", h); + return 1; +} + +/** + * \internal + * + * \brief check all ippairs in a hash row for timing out + * + * \param hb ippair hash row *LOCKED* + * \param h last ippair in the hash row + * \param ts timestamp + * + * \retval cnt timed out ippairs + */ +static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, struct timeval *ts) +{ + uint32_t cnt = 0; + + do { + if (SCMutexTrylock(&h->m) != 0) { + h = h->hprev; + continue; + } + + IPPair *next_ippair = h->hprev; + + /* check if the ippair is fully timed out and + * ready to be discarded. */ + if (IPPairIPPairTimedOut(h, ts) == 1) { + /* remove from the hash */ + if (h->hprev != NULL) + h->hprev->hnext = h->hnext; + if (h->hnext != NULL) + h->hnext->hprev = h->hprev; + if (hb->head == h) + hb->head = h->hnext; + if (hb->tail == h) + hb->tail = h->hprev; + + h->hnext = NULL; + h->hprev = NULL; + + IPPairClearMemory (h); + + /* no one is referring to this ippair, use_cnt 0, removed from hash + * so we can unlock it and move it back to the spare queue. */ + SCMutexUnlock(&h->m); + + /* move to spare list */ + IPPairMoveToSpare(h); + + cnt++; + } else { + SCMutexUnlock(&h->m); + } + + h = next_ippair; + } while (h != NULL); + + return cnt; +} + +/** + * \brief time out ippairs from the hash + * + * \param ts timestamp + * + * \retval cnt number of timed out ippair + */ +uint32_t IPPairTimeoutHash(struct timeval *ts) +{ + uint32_t idx = 0; + uint32_t cnt = 0; + + for (idx = 0; idx < ippair_config.hash_size; idx++) { + IPPairHashRow *hb = &ippair_hash[idx]; + + if (HRLOCK_TRYLOCK(hb) != 0) + continue; + + /* ippair hash bucket is now locked */ + + if (hb->tail == NULL) { + HRLOCK_UNLOCK(hb); + continue; + } + + /* we have a ippair, or more than one */ + cnt += IPPairHashRowTimeout(hb, hb->tail, ts); + HRLOCK_UNLOCK(hb); + } + + return cnt; +} diff --git a/src/ippair-timeout.h b/src/ippair-timeout.h new file mode 100644 index 0000000000..15d8e96a98 --- /dev/null +++ b/src/ippair-timeout.h @@ -0,0 +1,32 @@ +/* Copyright (C) 2007-2012 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __IPPAIR_TIMEOUT_H__ +#define __IPPAIR_TIMEOUT_H__ + +uint32_t IPPairTimeoutHash(struct timeval *ts); + +uint32_t IPPairGetSpareCount(void); +uint32_t IPPairGetActiveCount(void); + +#endif diff --git a/src/ippair.c b/src/ippair.c new file mode 100644 index 0000000000..780ee6ce16 --- /dev/null +++ b/src/ippair.c @@ -0,0 +1,687 @@ +/* Copyright (C) 2007-2012 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + * Information about ippairs. + */ + +#include "suricata-common.h" +#include "conf.h" + +#include "util-debug.h" +#include "ippair.h" +#include "ippair-storage.h" + +#include "util-random.h" +#include "util-misc.h" +#include "util-byte.h" + +#include "ippair-queue.h" + +#include "detect-tag.h" +#include "detect-engine-tag.h" +#include "detect-engine-threshold.h" + +#include "util-hash-lookup3.h" + +static IPPair *IPPairGetUsedIPPair(void); + +/** queue with spare ippairs */ +static IPPairQueue ippair_spare_q; + +uint32_t IPPairSpareQueueGetSize(void) +{ + return IPPairQueueLen(&ippair_spare_q); +} + +void IPPairMoveToSpare(IPPair *h) +{ + IPPairEnqueue(&ippair_spare_q, h); + (void) SC_ATOMIC_SUB(ippair_counter, 1); +} + +IPPair *IPPairAlloc(void) +{ + size_t size = sizeof(IPPair) + IPPairStorageSize(); + + if (!(IPPAIR_CHECK_MEMCAP(size))) { + return NULL; + } + + (void) SC_ATOMIC_ADD(ippair_memuse, size); + + IPPair *h = SCMalloc(size); + if (unlikely(h == NULL)) + goto error; + + memset(h, 0x00, size); + + SCMutexInit(&h->m, NULL); + SC_ATOMIC_INIT(h->use_cnt); + return h; + +error: + return NULL; +} + +void IPPairFree(IPPair *h) +{ + if (h != NULL) { + IPPairClearMemory(h); + + SC_ATOMIC_DESTROY(h->use_cnt); + SCMutexDestroy(&h->m); + SCFree(h); + (void) SC_ATOMIC_SUB(ippair_memuse, (sizeof(IPPair) + IPPairStorageSize())); + } +} + +IPPair *IPPairNew(Address *a, Address *b) +{ + IPPair *p = IPPairAlloc(); + if (p == NULL) + goto error; + + /* copy addresses */ + COPY_ADDRESS(a, &p->a[0]); + COPY_ADDRESS(b, &p->a[1]); + + return p; + +error: + return NULL; +} + +void IPPairClearMemory(IPPair *h) +{ + if (IPPairStorageSize() > 0) + IPPairFreeStorage(h); +} + +#define IPPAIR_DEFAULT_HASHSIZE 4096 +#define IPPAIR_DEFAULT_MEMCAP 16777216 +#define IPPAIR_DEFAULT_PREALLOC 1000 + +/** \brief initialize the configuration + * \warning Not thread safe */ +void IPPairInitConfig(char quiet) +{ + SCLogDebug("initializing ippair engine..."); + + memset(&ippair_config, 0, sizeof(ippair_config)); + //SC_ATOMIC_INIT(flow_flags); + SC_ATOMIC_INIT(ippair_counter); + SC_ATOMIC_INIT(ippair_memuse); + SC_ATOMIC_INIT(ippair_prune_idx); + IPPairQueueInit(&ippair_spare_q); + + unsigned int seed = RandomTimePreseed(); + /* set defaults */ + ippair_config.hash_rand = (int)( IPPAIR_DEFAULT_HASHSIZE * (rand_r(&seed) / RAND_MAX + 1.0)); + + ippair_config.hash_size = IPPAIR_DEFAULT_HASHSIZE; + ippair_config.memcap = IPPAIR_DEFAULT_MEMCAP; + ippair_config.prealloc = IPPAIR_DEFAULT_PREALLOC; + + /* Check if we have memcap and hash_size defined at config */ + char *conf_val; + uint32_t configval = 0; + + /** set config values for memcap, prealloc and hash_size */ + if ((ConfGet("ippair.memcap", &conf_val)) == 1) + { + if (ParseSizeStringU64(conf_val, &ippair_config.memcap) < 0) { + SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ippair.memcap " + "from conf file - %s. Killing engine", + conf_val); + exit(EXIT_FAILURE); + } + } + if ((ConfGet("ippair.hash-size", &conf_val)) == 1) + { + if (ByteExtractStringUint32(&configval, 10, strlen(conf_val), + conf_val) > 0) { + ippair_config.hash_size = configval; + } + } + + if ((ConfGet("ippair.prealloc", &conf_val)) == 1) + { + if (ByteExtractStringUint32(&configval, 10, strlen(conf_val), + conf_val) > 0) { + ippair_config.prealloc = configval; + } else { + WarnInvalidConfEntry("ippair.prealloc", "%"PRIu32, ippair_config.prealloc); + } + } + SCLogDebug("IPPair config from suricata.yaml: memcap: %"PRIu64", hash-size: " + "%"PRIu32", prealloc: %"PRIu32, ippair_config.memcap, + ippair_config.hash_size, ippair_config.prealloc); + + /* alloc hash memory */ + uint64_t hash_size = ippair_config.hash_size * sizeof(IPPairHashRow); + if (!(IPPAIR_CHECK_MEMCAP(hash_size))) { + SCLogError(SC_ERR_IPPAIR_INIT, "allocating ippair hash failed: " + "max ippair memcap is smaller than projected hash size. " + "Memcap: %"PRIu64", Hash table size %"PRIu64". Calculate " + "total hash size by multiplying \"ippair.hash-size\" with %"PRIuMAX", " + "which is the hash bucket size.", ippair_config.memcap, hash_size, + (uintmax_t)sizeof(IPPairHashRow)); + exit(EXIT_FAILURE); + } + ippair_hash = SCCalloc(ippair_config.hash_size, sizeof(IPPairHashRow)); + if (unlikely(ippair_hash == NULL)) { + SCLogError(SC_ERR_FATAL, "Fatal error encountered in IPPairInitConfig. Exiting..."); + exit(EXIT_FAILURE); + } + memset(ippair_hash, 0, ippair_config.hash_size * sizeof(IPPairHashRow)); + + uint32_t i = 0; + for (i = 0; i < ippair_config.hash_size; i++) { + HRLOCK_INIT(&ippair_hash[i]); + } + (void) SC_ATOMIC_ADD(ippair_memuse, (ippair_config.hash_size * sizeof(IPPairHashRow))); + + if (quiet == FALSE) { + SCLogInfo("allocated %llu bytes of memory for the ippair hash... " + "%" PRIu32 " buckets of size %" PRIuMAX "", + SC_ATOMIC_GET(ippair_memuse), ippair_config.hash_size, + (uintmax_t)sizeof(IPPairHashRow)); + } + + /* pre allocate ippairs */ + for (i = 0; i < ippair_config.prealloc; i++) { + if (!(IPPAIR_CHECK_MEMCAP(sizeof(IPPair)))) { + SCLogError(SC_ERR_IPPAIR_INIT, "preallocating ippairs failed: " + "max ippair memcap reached. Memcap %"PRIu64", " + "Memuse %"PRIu64".", ippair_config.memcap, + ((uint64_t)SC_ATOMIC_GET(ippair_memuse) + (uint64_t)sizeof(IPPair))); + exit(EXIT_FAILURE); + } + + IPPair *h = IPPairAlloc(); + if (h == NULL) { + SCLogError(SC_ERR_IPPAIR_INIT, "preallocating ippair failed: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + IPPairEnqueue(&ippair_spare_q,h); + } + + if (quiet == FALSE) { + SCLogInfo("preallocated %" PRIu32 " ippairs of size %" PRIuMAX "", + ippair_spare_q.len, (uintmax_t)sizeof(IPPair)); + SCLogInfo("ippair memory usage: %llu bytes, maximum: %"PRIu64, + SC_ATOMIC_GET(ippair_memuse), ippair_config.memcap); + } + + return; +} + +/** \brief print some ippair stats + * \warning Not thread safe */ +void IPPairPrintStats (void) +{ +#ifdef IPPAIRBITS_STATS + SCLogInfo("ippairbits added: %" PRIu32 ", removed: %" PRIu32 ", max memory usage: %" PRIu32 "", + ippairbits_added, ippairbits_removed, ippairbits_memuse_max); +#endif /* IPPAIRBITS_STATS */ + SCLogInfo("ippair memory usage: %llu bytes, maximum: %"PRIu64, + SC_ATOMIC_GET(ippair_memuse), ippair_config.memcap); + return; +} + +/** \brief shutdown the flow engine + * \warning Not thread safe */ +void IPPairShutdown(void) +{ + IPPair *h; + uint32_t u; + + IPPairPrintStats(); + + /* free spare queue */ + while((h = IPPairDequeue(&ippair_spare_q))) { + BUG_ON(SC_ATOMIC_GET(h->use_cnt) > 0); + IPPairFree(h); + } + + /* clear and free the hash */ + if (ippair_hash != NULL) { + for (u = 0; u < ippair_config.hash_size; u++) { + IPPair *h = ippair_hash[u].head; + while (h) { + IPPair *n = h->hnext; + IPPairFree(h); + h = n; + } + + HRLOCK_DESTROY(&ippair_hash[u]); + } + SCFree(ippair_hash); + ippair_hash = NULL; + } + (void) SC_ATOMIC_SUB(ippair_memuse, ippair_config.hash_size * sizeof(IPPairHashRow)); + IPPairQueueDestroy(&ippair_spare_q); + + SC_ATOMIC_DESTROY(ippair_prune_idx); + SC_ATOMIC_DESTROY(ippair_memuse); + SC_ATOMIC_DESTROY(ippair_counter); + //SC_ATOMIC_DESTROY(flow_flags); + return; +} + +/** \brief Cleanup the ippair engine + * + * Cleanup the ippair engine from tag and threshold. + * + */ +void IPPairCleanup(void) +{ + IPPair *h; + uint32_t u; + + if (ippair_hash != NULL) { + for (u = 0; u < ippair_config.hash_size; u++) { + h = ippair_hash[u].head; + IPPairHashRow *hb = &ippair_hash[u]; + HRLOCK_LOCK(hb); + while (h) { + if ((SC_ATOMIC_GET(h->use_cnt) > 0)) { + /* iprep is attached to ippair only clear local storage */ + IPPairFreeStorage(h); + h = h->hnext; + } else { + IPPair *n = h->hnext; + /* remove from the hash */ + if (h->hprev != NULL) + h->hprev->hnext = h->hnext; + if (h->hnext != NULL) + h->hnext->hprev = h->hprev; + if (hb->head == h) + hb->head = h->hnext; + if (hb->tail == h) + hb->tail = h->hprev; + h->hnext = NULL; + h->hprev = NULL; + IPPairClearMemory(h); + IPPairMoveToSpare(h); + h = n; + } + } + HRLOCK_UNLOCK(hb); + } + } + + return; +} + +/* calculate the hash key for this packet + * + * we're using: + * hash_rand -- set at init time + * source address + */ +static uint32_t IPPairGetKey(Address *a, Address *b) +{ + uint32_t key; + + if (a->family == AF_INET) { + uint32_t hash = hashword(&a->addr_data32[0], 1, ippair_config.hash_rand); + key = hash % ippair_config.hash_size; + } else if (a->family == AF_INET6) { + uint32_t hash = hashword(a->addr_data32, 4, ippair_config.hash_rand); + key = hash % ippair_config.hash_size; + } else + key = 0; + + return key; +} + +/* Since two or more ippairs can have the same hash key, we need to compare + * the ippair with the current addresses. */ +static inline int IPPairCompare(IPPair *p, Address *a, Address *b) +{ + /* compare in both directions */ + if ((CMP_ADDR(&p->a[0], a) && CMP_ADDR(&p->a[1], b)) || + (CMP_ADDR(&p->a[0], b) && CMP_ADDR(&p->a[1], a))) + return 1; + return 0; +} + +/** + * \brief Get a new ippair + * + * Get a new ippair. We're checking memcap first and will try to make room + * if the memcap is reached. + * + * \retval h *LOCKED* ippair on succes, NULL on error. + */ +static IPPair *IPPairGetNew(Address *a, Address *b) +{ + IPPair *h = NULL; + + /* get a ippair from the spare queue */ + h = IPPairDequeue(&ippair_spare_q); + if (h == NULL) { + /* If we reached the max memcap, we get a used ippair */ + if (!(IPPAIR_CHECK_MEMCAP(sizeof(IPPair)))) { + /* declare state of emergency */ + //if (!(SC_ATOMIC_GET(ippair_flags) & IPPAIR_EMERGENCY)) { + // SC_ATOMIC_OR(ippair_flags, IPPAIR_EMERGENCY); + + /* under high load, waking up the flow mgr each time leads + * to high cpu usage. Flows are not timed out much faster if + * we check a 1000 times a second. */ + // FlowWakeupFlowManagerThread(); + //} + + h = IPPairGetUsedIPPair(); + if (h == NULL) { + return NULL; + } + + /* freed a ippair, but it's unlocked */ + } else { + /* now see if we can alloc a new ippair */ + h = IPPairNew(a,b); + if (h == NULL) { + return NULL; + } + + /* ippair is initialized but *unlocked* */ + } + } else { + /* ippair has been recycled before it went into the spare queue */ + + /* ippair is initialized (recylced) but *unlocked* */ + } + + (void) SC_ATOMIC_ADD(ippair_counter, 1); + SCMutexLock(&h->m); + return h; +} + +void IPPairInit(IPPair *h, Address *a, Address *b) +{ + COPY_ADDRESS(a, &h->a[0]); + COPY_ADDRESS(b, &h->a[1]); + (void) IPPairIncrUsecnt(h); +} + +void IPPairRelease(IPPair *h) +{ + (void) IPPairDecrUsecnt(h); + SCMutexUnlock(&h->m); +} + +void IPPairLock(IPPair *h) +{ + SCMutexLock(&h->m); +} + +void IPPairUnlock(IPPair *h) +{ + SCMutexUnlock(&h->m); +} + +/* IPPairGetIPPairFromHash + * + * Hash retrieval function for ippairs. Looks up the hash bucket containing the + * ippair pointer. Then compares the packet with the found ippair to see if it is + * the ippair we need. If it isn't, walk the list until the right ippair is found. + * + * returns a *LOCKED* ippair or NULL + */ +IPPair *IPPairGetIPPairFromHash (Address *a, Address *b) +{ + IPPair *h = NULL; + + /* get the key to our bucket */ + uint32_t key = IPPairGetKey(a, b); + /* get our hash bucket and lock it */ + IPPairHashRow *hb = &ippair_hash[key]; + HRLOCK_LOCK(hb); + + /* see if the bucket already has a ippair */ + if (hb->head == NULL) { + h = IPPairGetNew(a,b); + if (h == NULL) { + HRLOCK_UNLOCK(hb); + return NULL; + } + + /* ippair is locked */ + hb->head = h; + hb->tail = h; + + /* got one, now lock, initialize and return */ + IPPairInit(h,a,b); + + HRLOCK_UNLOCK(hb); + return h; + } + + /* ok, we have a ippair in the bucket. Let's find out if it is our ippair */ + h = hb->head; + + /* see if this is the ippair we are looking for */ + if (IPPairCompare(h, a, b) == 0) { + IPPair *ph = NULL; /* previous ippair */ + + while (h) { + ph = h; + h = h->hnext; + + if (h == NULL) { + h = ph->hnext = IPPairGetNew(a,b); + if (h == NULL) { + HRLOCK_UNLOCK(hb); + return NULL; + } + hb->tail = h; + + /* ippair is locked */ + + h->hprev = ph; + + /* initialize and return */ + IPPairInit(h,a,b); + + HRLOCK_UNLOCK(hb); + return h; + } + + if (IPPairCompare(h, a, b) != 0) { + /* we found our ippair, lets put it on top of the + * hash list -- this rewards active ippairs */ + if (h->hnext) { + h->hnext->hprev = h->hprev; + } + if (h->hprev) { + h->hprev->hnext = h->hnext; + } + if (h == hb->tail) { + hb->tail = h->hprev; + } + + h->hnext = hb->head; + h->hprev = NULL; + hb->head->hprev = h; + hb->head = h; + + /* found our ippair, lock & return */ + SCMutexLock(&h->m); + (void) IPPairIncrUsecnt(h); + HRLOCK_UNLOCK(hb); + return h; + } + } + } + + /* lock & return */ + SCMutexLock(&h->m); + (void) IPPairIncrUsecnt(h); + HRLOCK_UNLOCK(hb); + return h; +} + +/** \brief look up a ippair in the hash + * + * \param a address to look up + * + * \retval h *LOCKED* ippair or NULL + */ +IPPair *IPPairLookupIPPairFromHash (Address *a, Address *b) +{ + IPPair *h = NULL; + + /* get the key to our bucket */ + uint32_t key = IPPairGetKey(a, b); + /* get our hash bucket and lock it */ + IPPairHashRow *hb = &ippair_hash[key]; + HRLOCK_LOCK(hb); + + /* see if the bucket already has a ippair */ + if (hb->head == NULL) { + HRLOCK_UNLOCK(hb); + return h; + } + + /* ok, we have a ippair in the bucket. Let's find out if it is our ippair */ + h = hb->head; + + /* see if this is the ippair we are looking for */ + if (IPPairCompare(h, a, b) == 0) { + while (h) { + h = h->hnext; + + if (h == NULL) { + HRLOCK_UNLOCK(hb); + return h; + } + + if (IPPairCompare(h, a, b) != 0) { + /* we found our ippair, lets put it on top of the + * hash list -- this rewards active ippairs */ + if (h->hnext) { + h->hnext->hprev = h->hprev; + } + if (h->hprev) { + h->hprev->hnext = h->hnext; + } + if (h == hb->tail) { + hb->tail = h->hprev; + } + + h->hnext = hb->head; + h->hprev = NULL; + hb->head->hprev = h; + hb->head = h; + + /* found our ippair, lock & return */ + SCMutexLock(&h->m); + (void) IPPairIncrUsecnt(h); + HRLOCK_UNLOCK(hb); + return h; + } + } + } + + /* lock & return */ + SCMutexLock(&h->m); + (void) IPPairIncrUsecnt(h); + HRLOCK_UNLOCK(hb); + return h; +} + +/** \internal + * \brief Get a ippair from the hash directly. + * + * Called in conditions where the spare queue is empty and memcap is reached. + * + * Walks the hash until a ippair can be freed. "ippair_prune_idx" atomic int makes + * sure we don't start at the top each time since that would clear the top of + * the hash leading to longer and longer search times under high pressure (observed). + * + * \retval h ippair or NULL + */ +static IPPair *IPPairGetUsedIPPair(void) +{ + uint32_t idx = SC_ATOMIC_GET(ippair_prune_idx) % ippair_config.hash_size; + uint32_t cnt = ippair_config.hash_size; + + while (cnt--) { + if (++idx >= ippair_config.hash_size) + idx = 0; + + IPPairHashRow *hb = &ippair_hash[idx]; + + if (HRLOCK_TRYLOCK(hb) != 0) + continue; + + IPPair *h = hb->tail; + if (h == NULL) { + HRLOCK_UNLOCK(hb); + continue; + } + + if (SCMutexTrylock(&h->m) != 0) { + HRLOCK_UNLOCK(hb); + continue; + } + + /** never prune a ippair that is used by a packets + * we are currently processing in one of the threads */ + if (SC_ATOMIC_GET(h->use_cnt) > 0) { + HRLOCK_UNLOCK(hb); + SCMutexUnlock(&h->m); + continue; + } + + /* remove from the hash */ + if (h->hprev != NULL) + h->hprev->hnext = h->hnext; + if (h->hnext != NULL) + h->hnext->hprev = h->hprev; + if (hb->head == h) + hb->head = h->hnext; + if (hb->tail == h) + hb->tail = h->hprev; + + h->hnext = NULL; + h->hprev = NULL; + HRLOCK_UNLOCK(hb); + + IPPairClearMemory (h); + + SCMutexUnlock(&h->m); + + (void) SC_ATOMIC_ADD(ippair_prune_idx, (ippair_config.hash_size - cnt)); + return h; + } + + return NULL; +} + +void IPPairRegisterUnittests(void) +{ + RegisterIPPairStorageTests(); +} diff --git a/src/ippair.h b/src/ippair.h new file mode 100644 index 0000000000..79affc6245 --- /dev/null +++ b/src/ippair.h @@ -0,0 +1,154 @@ +/* Copyright (C) 2007-2013 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __IPPAIR_H__ +#define __IPPAIR_H__ + +#include "decode.h" +#include "util-storage.h" + +/** Spinlocks or Mutex for the flow buckets. */ +//#define HRLOCK_SPIN +#define HRLOCK_MUTEX + +#ifdef HRLOCK_SPIN + #ifdef HRLOCK_MUTEX + #error Cannot enable both HRLOCK_SPIN and HRLOCK_MUTEX + #endif +#endif + +#ifdef HRLOCK_SPIN + #define HRLOCK_TYPE SCSpinlock + #define HRLOCK_INIT(fb) SCSpinInit(&(fb)->lock, 0) + #define HRLOCK_DESTROY(fb) SCSpinDestroy(&(fb)->lock) + #define HRLOCK_LOCK(fb) SCSpinLock(&(fb)->lock) + #define HRLOCK_TRYLOCK(fb) SCSpinTrylock(&(fb)->lock) + #define HRLOCK_UNLOCK(fb) SCSpinUnlock(&(fb)->lock) +#elif defined HRLOCK_MUTEX + #define HRLOCK_TYPE SCMutex + #define HRLOCK_INIT(fb) SCMutexInit(&(fb)->lock, NULL) + #define HRLOCK_DESTROY(fb) SCMutexDestroy(&(fb)->lock) + #define HRLOCK_LOCK(fb) SCMutexLock(&(fb)->lock) + #define HRLOCK_TRYLOCK(fb) SCMutexTrylock(&(fb)->lock) + #define HRLOCK_UNLOCK(fb) SCMutexUnlock(&(fb)->lock) +#else + #error Enable HRLOCK_SPIN or HRLOCK_MUTEX +#endif + +typedef struct IPPair_ { + /** ippair mutex */ + SCMutex m; + + /** ippair addresses -- ipv4 or ipv6 */ + Address a[2]; + + /** use cnt, reference counter */ + SC_ATOMIC_DECLARE(unsigned int, use_cnt); + + /** storage api handle */ + Storage *storage; + + /** hash pointers, protected by hash row mutex/spin */ + struct IPPair_ *hnext; + struct IPPair_ *hprev; + + /** list pointers, protected by ippair-queue mutex/spin */ + struct IPPair_ *lnext; + struct IPPair_ *lprev; +} IPPair; + +typedef struct IPPairHashRow_ { + HRLOCK_TYPE lock; + IPPair *head; + IPPair *tail; +} __attribute__((aligned(CLS))) IPPairHashRow; + +/** ippair hash table */ +IPPairHashRow *ippair_hash; + +#define IPPAIR_VERBOSE 0 +#define IPPAIR_QUIET 1 + +typedef struct IPPairConfig_ { + uint64_t memcap; + uint32_t hash_rand; + uint32_t hash_size; + uint32_t prealloc; +} IPPairConfig; + +/** \brief check if a memory alloc would fit in the memcap + * + * \param size memory allocation size to check + * + * \retval 1 it fits + * \retval 0 no fit + */ +#define IPPAIR_CHECK_MEMCAP(size) \ + ((((uint64_t)SC_ATOMIC_GET(ippair_memuse) + (uint64_t)(size)) <= ippair_config.memcap)) + +#define IPPairIncrUsecnt(h) \ + (void)SC_ATOMIC_ADD((h)->use_cnt, 1) +#define IPPairDecrUsecnt(h) \ + (void)SC_ATOMIC_SUB((h)->use_cnt, 1) + +#define IPPairReference(dst_h_ptr, h) do { \ + if ((h) != NULL) { \ + IPPairIncrUsecnt((h)); \ + *(dst_h_ptr) = h; \ + } \ + } while (0) + +#define IPPairDeReference(src_h_ptr) do { \ + if (*(src_h_ptr) != NULL) { \ + IPPairDecrUsecnt(*(src_h_ptr)); \ + *(src_h_ptr) = NULL; \ + } \ + } while (0) + +IPPairConfig ippair_config; +SC_ATOMIC_DECLARE(unsigned long long int,ippair_memuse); +SC_ATOMIC_DECLARE(unsigned int,ippair_counter); +SC_ATOMIC_DECLARE(unsigned int,ippair_prune_idx); + +void IPPairInitConfig(char quiet); +void IPPairShutdown(void); +void IPPairCleanup(void); + +IPPair *IPPairLookupIPPairFromHash (Address *, Address *); +IPPair *IPPairGetIPPairFromHash (Address *, Address *); +void IPPairRelease(IPPair *); +void IPPairLock(IPPair *); +void IPPairClearMemory(IPPair *); +void IPPairMoveToSpare(IPPair *); +uint32_t IPPairSpareQueueGetSize(void); +void IPPairPrintStats (void); + +void IPPairRegisterUnittests(void); + +IPPair *IPPairAlloc(void); +void IPPairFree(IPPair *); + +void IPPairLock(IPPair *); +void IPPairUnlock(IPPair *); + +#endif /* __IPPAIR_H__ */ diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 10f540ae03..d4c55f391e 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -60,6 +60,7 @@ #include "pkt-var.h" #include "host.h" +#include "ippair.h" #include "unix-manager.h" #include "app-layer-detect-proto.h" @@ -214,6 +215,7 @@ void RunUnittests(int list_unittests, char *regex_arg) TmqhFlowRegisterTests(); FlowRegisterTests(); HostRegisterUnittests(); + IPPairRegisterUnittests(); SCSigRegisterSignatureOrderingTests(); SCRadixRegisterTests(); DefragRegisterTests(); diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c index 1ee5ce0815..1d6b023fea 100644 --- a/src/runmode-unix-socket.c +++ b/src/runmode-unix-socket.c @@ -36,6 +36,7 @@ #include "output.h" #include "host.h" #include "defrag.h" +#include "ippair.h" #include "util-profiling.h" @@ -303,6 +304,7 @@ TmEcode UnixSocketPcapFilesCheck(void *data) SCPerfReleaseResources(); RunModeShutDown(); FlowShutdown(); + IPPairShutdown(); HostCleanup(); StreamTcpFreeConfig(STREAM_VERBOSE); DefragDestroy(); @@ -344,6 +346,7 @@ TmEcode UnixSocketPcapFilesCheck(void *data) #endif /* PROFILING */ DefragInit(); FlowInitConfig(FLOW_QUIET); + IPPairInitConfig(FLOW_QUIET); StreamTcpInitConfig(STREAM_VERBOSE); RunModeInitializeOutputs(); SCPerfInitCounterApi(); diff --git a/src/suricata.c b/src/suricata.c index e4e3cb5ae1..b766ff54e5 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -131,6 +131,7 @@ #include "flow-bit.h" #include "pkt-var.h" +#include "ippair.h" #include "host.h" #include "unix-manager.h" @@ -2238,6 +2239,7 @@ int main(int argc, char **argv) if (suri.run_mode != RUNMODE_UNIX_SOCKET) { FlowInitConfig(FLOW_VERBOSE); StreamTcpInitConfig(STREAM_VERBOSE); + IPPairInitConfig(IPPAIR_VERBOSE); } if (MagicInit() != 0) @@ -2427,6 +2429,7 @@ int main(int argc, char **argv) if (suri.run_mode != RUNMODE_UNIX_SOCKET) { SCPerfReleaseResources(); + IPPairShutdown(); FlowShutdown(); StreamTcpFreeConfig(STREAM_VERBOSE); } diff --git a/src/util-error.c b/src/util-error.c index d352a07e5c..354765343f 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -306,6 +306,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_NO_NETMAP); CASE_CODE (SC_ERR_NETMAP_CREATE); CASE_CODE (SC_ERR_NETMAP_READ); + CASE_CODE (SC_ERR_IPPAIR_INIT); } return "UNKNOWN_ERROR"; diff --git a/src/util-error.h b/src/util-error.h index 019d0179e5..db6b462206 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -295,6 +295,7 @@ typedef enum { SC_ERR_NETMAP_CREATE, SC_ERR_NETMAP_READ, SC_ERR_THREAD_DEINIT, /**< thread's deinit function failed */ + SC_ERR_IPPAIR_INIT, } SCError; const char *SCErrorToString(SCError); diff --git a/src/util-storage.c b/src/util-storage.c index cfba8461a0..ba9aa71685 100644 --- a/src/util-storage.c +++ b/src/util-storage.c @@ -54,6 +54,8 @@ const char *StoragePrintType(StorageEnum type) return "host"; case STORAGE_FLOW: return "flow"; + case STORAGE_IPPAIR: + return "ippair"; case STORAGE_MAX: return "max"; } diff --git a/src/util-storage.h b/src/util-storage.h index 0165ad5d55..d88b030fbd 100644 --- a/src/util-storage.h +++ b/src/util-storage.h @@ -29,6 +29,7 @@ typedef enum StorageEnum_ { STORAGE_HOST, STORAGE_FLOW, + STORAGE_IPPAIR, STORAGE_MAX, } StorageEnum;