/src/suricata7/src/flow-util.h
Line | Count | Source |
1 | | /* Copyright (C) 2007-2012 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | /** |
19 | | * \file |
20 | | * |
21 | | * \author Victor Julien <victor@inliniac.net> |
22 | | */ |
23 | | |
24 | | #ifndef __FLOW_UTIL_H__ |
25 | | #define __FLOW_UTIL_H__ |
26 | | |
27 | | #include "flow.h" |
28 | | #include "stream-tcp-private.h" |
29 | | |
30 | | #define RESET_COUNTERS(f) \ |
31 | 1.93M | do { \ |
32 | 1.93M | (f)->todstpktcnt = 0; \ |
33 | 1.93M | (f)->tosrcpktcnt = 0; \ |
34 | 1.93M | (f)->todstbytecnt = 0; \ |
35 | 1.93M | (f)->tosrcbytecnt = 0; \ |
36 | 1.93M | } while (0) |
37 | | |
38 | | #define FLOW_INITIALIZE(f) \ |
39 | 1.44M | do { \ |
40 | 1.44M | (f)->sp = 0; \ |
41 | 1.44M | (f)->dp = 0; \ |
42 | 1.44M | (f)->proto = 0; \ |
43 | 1.44M | (f)->livedev = NULL; \ |
44 | 1.44M | (f)->timeout_at = 0; \ |
45 | 1.44M | (f)->timeout_policy = 0; \ |
46 | 1.44M | (f)->vlan_idx = 0; \ |
47 | 1.44M | (f)->next = NULL; \ |
48 | 1.44M | (f)->flow_state = 0; \ |
49 | 1.44M | (f)->tenant_id = 0; \ |
50 | 1.44M | (f)->parent_id = 0; \ |
51 | 1.44M | (f)->probing_parser_toserver_alproto_masks = 0; \ |
52 | 1.44M | (f)->probing_parser_toclient_alproto_masks = 0; \ |
53 | 1.44M | (f)->flags = 0; \ |
54 | 1.44M | (f)->file_flags = 0; \ |
55 | 1.44M | (f)->protodetect_dp = 0; \ |
56 | 1.44M | SCTIME_INIT((f)->lastts); \ |
57 | 1.44M | FLOWLOCK_INIT((f)); \ |
58 | 1.44M | (f)->protoctx = NULL; \ |
59 | 1.44M | (f)->flow_end_flags = 0; \ |
60 | 1.44M | (f)->alproto = 0; \ |
61 | 1.44M | (f)->alproto_ts = 0; \ |
62 | 1.44M | (f)->alproto_tc = 0; \ |
63 | 1.44M | (f)->alproto_orig = 0; \ |
64 | 1.44M | (f)->alproto_expect = 0; \ |
65 | 1.44M | (f)->de_ctx_version = 0; \ |
66 | 1.44M | (f)->thread_id[0] = 0; \ |
67 | 1.44M | (f)->thread_id[1] = 0; \ |
68 | 1.44M | (f)->alparser = NULL; \ |
69 | 1.44M | (f)->alstate = NULL; \ |
70 | 1.44M | (f)->sgh_toserver = NULL; \ |
71 | 1.44M | (f)->sgh_toclient = NULL; \ |
72 | 1.44M | (f)->flowvar = NULL; \ |
73 | 1.44M | RESET_COUNTERS((f)); \ |
74 | 1.44M | } while (0) |
75 | | |
76 | | /** \brief macro to recycle a flow before it goes into the spare queue for reuse. |
77 | | * |
78 | | * Note that the lnext, lprev, hnext fields are untouched, those are |
79 | | * managed by the queueing code. Same goes for fb (FlowBucket ptr) field. |
80 | | */ |
81 | | #define FLOW_RECYCLE(f) \ |
82 | 493k | do { \ |
83 | 493k | FlowCleanupAppLayer((f)); \ |
84 | 493k | (f)->sp = 0; \ |
85 | 493k | (f)->dp = 0; \ |
86 | 493k | (f)->proto = 0; \ |
87 | 493k | (f)->livedev = NULL; \ |
88 | 493k | (f)->vlan_idx = 0; \ |
89 | 493k | (f)->ffr = 0; \ |
90 | 493k | (f)->next = NULL; \ |
91 | 493k | (f)->timeout_at = 0; \ |
92 | 493k | (f)->timeout_policy = 0; \ |
93 | 493k | (f)->flow_state = 0; \ |
94 | 493k | (f)->tenant_id = 0; \ |
95 | 493k | (f)->parent_id = 0; \ |
96 | 493k | (f)->probing_parser_toserver_alproto_masks = 0; \ |
97 | 493k | (f)->probing_parser_toclient_alproto_masks = 0; \ |
98 | 493k | (f)->flags = 0; \ |
99 | 493k | (f)->file_flags = 0; \ |
100 | 493k | (f)->protodetect_dp = 0; \ |
101 | 493k | SCTIME_INIT((f)->lastts); \ |
102 | 493k | (f)->protoctx = NULL; \ |
103 | 493k | (f)->flow_end_flags = 0; \ |
104 | 493k | (f)->alparser = NULL; \ |
105 | 493k | (f)->alstate = NULL; \ |
106 | 493k | (f)->alproto = 0; \ |
107 | 493k | (f)->alproto_ts = 0; \ |
108 | 493k | (f)->alproto_tc = 0; \ |
109 | 493k | (f)->alproto_orig = 0; \ |
110 | 493k | (f)->alproto_expect = 0; \ |
111 | 493k | (f)->de_ctx_version = 0; \ |
112 | 493k | (f)->thread_id[0] = 0; \ |
113 | 493k | (f)->thread_id[1] = 0; \ |
114 | 493k | (f)->sgh_toserver = NULL; \ |
115 | 493k | (f)->sgh_toclient = NULL; \ |
116 | 493k | GenericVarFree((f)->flowvar); \ |
117 | 493k | (f)->flowvar = NULL; \ |
118 | 493k | RESET_COUNTERS((f)); \ |
119 | 493k | } while (0) |
120 | | |
121 | | #define FLOW_DESTROY(f) \ |
122 | 771k | do { \ |
123 | 771k | FlowCleanupAppLayer((f)); \ |
124 | 771k | \ |
125 | 771k | FLOWLOCK_DESTROY((f)); \ |
126 | 771k | GenericVarFree((f)->flowvar); \ |
127 | 771k | } while (0) |
128 | | |
129 | | /** \brief check if a memory alloc would fit in the memcap |
130 | | * |
131 | | * \param size memory allocation size to check |
132 | | * |
133 | | * \retval 1 it fits |
134 | | * \retval 0 no fit |
135 | | */ |
136 | | #define FLOW_CHECK_MEMCAP(size) \ |
137 | 1.52M | ((((uint64_t)SC_ATOMIC_GET(flow_memuse) + (uint64_t)(size)) <= \ |
138 | 1.52M | SC_ATOMIC_GET(flow_config.memcap))) |
139 | | |
140 | | Flow *FlowAlloc(void); |
141 | | void FlowFree(Flow *); |
142 | | uint8_t FlowGetProtoMapping(uint8_t); |
143 | | void FlowInit(ThreadVars *, Flow *, const Packet *); |
144 | | uint8_t FlowGetReverseProtoMapping(uint8_t rproto); |
145 | | |
146 | | /* flow end counter logic */ |
147 | | |
148 | | typedef struct FlowEndCounters_ { |
149 | | uint16_t flow_state[FLOW_STATE_SIZE]; |
150 | | uint16_t flow_tcp_state[TCP_CLOSED + 1]; |
151 | | uint16_t flow_tcp_liberal; |
152 | | } FlowEndCounters; |
153 | | |
154 | | static inline void FlowEndCountersUpdate(ThreadVars *tv, FlowEndCounters *fec, Flow *f) |
155 | 206k | { |
156 | 206k | if (f->proto == IPPROTO_TCP && f->protoctx != NULL) { |
157 | 183k | TcpSession *ssn = f->protoctx; |
158 | 183k | StatsIncr(tv, fec->flow_tcp_state[ssn->state]); |
159 | 183k | if (ssn->flags & STREAMTCP_FLAG_LOSSY_BE_LIBERAL) { |
160 | 47.6k | StatsIncr(tv, fec->flow_tcp_liberal); |
161 | 47.6k | } |
162 | 183k | } |
163 | 206k | StatsIncr(tv, fec->flow_state[f->flow_state]); |
164 | 206k | } Unexecuted instantiation: fuzz_applayerparserparse.c:FlowEndCountersUpdate Unexecuted instantiation: app-layer-parser.c:FlowEndCountersUpdate Unexecuted instantiation: app-layer-smtp.c:FlowEndCountersUpdate Unexecuted instantiation: app-layer-ssl.c:FlowEndCountersUpdate Unexecuted instantiation: detect-engine-state.c:FlowEndCountersUpdate Unexecuted instantiation: flow.c:FlowEndCountersUpdate Unexecuted instantiation: flow-hash.c:FlowEndCountersUpdate Unexecuted instantiation: flow-manager.c:FlowEndCountersUpdate Unexecuted instantiation: flow-queue.c:FlowEndCountersUpdate Unexecuted instantiation: flow-spare-pool.c:FlowEndCountersUpdate Unexecuted instantiation: flow-storage.c:FlowEndCountersUpdate Unexecuted instantiation: flow-timeout.c:FlowEndCountersUpdate Unexecuted instantiation: flow-util.c:FlowEndCountersUpdate Unexecuted instantiation: stream-tcp.c:FlowEndCountersUpdate Unexecuted instantiation: stream-tcp-reassemble.c:FlowEndCountersUpdate Unexecuted instantiation: util-macset.c:FlowEndCountersUpdate Unexecuted instantiation: app-layer.c:FlowEndCountersUpdate Unexecuted instantiation: app-layer-detect-proto.c:FlowEndCountersUpdate Unexecuted instantiation: app-layer-htp.c:FlowEndCountersUpdate Unexecuted instantiation: detect-content.c:FlowEndCountersUpdate Unexecuted instantiation: detect-engine.c:FlowEndCountersUpdate Unexecuted instantiation: detect-engine-iponly.c:FlowEndCountersUpdate Unexecuted instantiation: detect-engine-proto.c:FlowEndCountersUpdate Unexecuted instantiation: detect-engine-sigorder.c:FlowEndCountersUpdate Unexecuted instantiation: detect-engine-tag.c:FlowEndCountersUpdate Unexecuted instantiation: detect-file-data.c:FlowEndCountersUpdate Unexecuted instantiation: detect-filemagic.c:FlowEndCountersUpdate Unexecuted instantiation: detect-filename.c:FlowEndCountersUpdate Unexecuted instantiation: detect-filesize.c:FlowEndCountersUpdate Unexecuted instantiation: detect-filestore.c:FlowEndCountersUpdate Unexecuted instantiation: detect-flowbits.c:FlowEndCountersUpdate Unexecuted instantiation: detect-frame.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ftpbounce.c:FlowEndCountersUpdate Unexecuted instantiation: detect-hostbits.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-client-body.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-cookie.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-header-common.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-header-names.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-host.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-method.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-protocol.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-raw-header.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-request-line.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-response-line.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-server-body.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-start.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-stat-code.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-stat-msg.c:FlowEndCountersUpdate Unexecuted instantiation: detect-http-ua.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ike-spi.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ike-nonce-payload.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ike-key-exchange-payload.c:FlowEndCountersUpdate Unexecuted instantiation: detect-iprep.c:FlowEndCountersUpdate Unexecuted instantiation: detect-lua.c:FlowEndCountersUpdate Unexecuted instantiation: detect-mqtt-subscribe-topic.c:FlowEndCountersUpdate Unexecuted instantiation: detect-mqtt-unsubscribe-topic.c:FlowEndCountersUpdate Unexecuted instantiation: detect-nfs-procedure.c:FlowEndCountersUpdate Unexecuted instantiation: detect-nfs-version.c:FlowEndCountersUpdate Unexecuted instantiation: detect-pcre.c:FlowEndCountersUpdate Unexecuted instantiation: detect-pkt-data.c:FlowEndCountersUpdate Unexecuted instantiation: detect-rfb-name.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-method.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-protocol.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-request-line.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-response-line.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-stat-code.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-stat-msg.c:FlowEndCountersUpdate Unexecuted instantiation: detect-sip-uri.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssh-hassh.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssh-hassh-server.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssh-hassh-server-string.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssh-hassh-string.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssh-proto-version.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssh-software-version.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssl-state.c:FlowEndCountersUpdate Unexecuted instantiation: detect-ssl-version.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tag.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-cert-fingerprint.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-cert-issuer.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-certs.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-cert-serial.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-cert-subject.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-cert-validity.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-ja3-hash.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-ja3s-hash.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-ja3s-string.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-ja3-string.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-sni.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tls-version.c:FlowEndCountersUpdate Unexecuted instantiation: detect-tos.c:FlowEndCountersUpdate Unexecuted instantiation: detect-uricontent.c:FlowEndCountersUpdate Unexecuted instantiation: detect-urilen.c:FlowEndCountersUpdate Unexecuted instantiation: detect-xbits.c:FlowEndCountersUpdate Unexecuted instantiation: flow-bit.c:FlowEndCountersUpdate flow-worker.c:FlowEndCountersUpdate Line | Count | Source | 155 | 206k | { | 156 | 206k | if (f->proto == IPPROTO_TCP && f->protoctx != NULL) { | 157 | 183k | TcpSession *ssn = f->protoctx; | 158 | 183k | StatsIncr(tv, fec->flow_tcp_state[ssn->state]); | 159 | 183k | if (ssn->flags & STREAMTCP_FLAG_LOSSY_BE_LIBERAL) { | 160 | 47.6k | StatsIncr(tv, fec->flow_tcp_liberal); | 161 | 47.6k | } | 162 | 183k | } | 163 | 206k | StatsIncr(tv, fec->flow_state[f->flow_state]); | 164 | 206k | } |
Unexecuted instantiation: detect-app-layer-event.c:FlowEndCountersUpdate Unexecuted instantiation: detect-bypass.c:FlowEndCountersUpdate Unexecuted instantiation: detect-byte-extract.c:FlowEndCountersUpdate Unexecuted instantiation: detect-bytemath.c:FlowEndCountersUpdate Unexecuted instantiation: detect-config.c:FlowEndCountersUpdate Unexecuted instantiation: detect-dce-iface.c:FlowEndCountersUpdate Unexecuted instantiation: detect-dce-opnum.c:FlowEndCountersUpdate Unexecuted instantiation: detect-dce-stub-data.c:FlowEndCountersUpdate Unexecuted instantiation: detect-dns-query.c:FlowEndCountersUpdate Unexecuted instantiation: stream.c:FlowEndCountersUpdate Unexecuted instantiation: fuzz_sigpcap_aware.c:FlowEndCountersUpdate Unexecuted instantiation: util-unittest-helper.c:FlowEndCountersUpdate Unexecuted instantiation: fuzz_sigpcap.c:FlowEndCountersUpdate Unexecuted instantiation: fuzz_applayerprotodetectgetproto.c:FlowEndCountersUpdate Unexecuted instantiation: fuzz_predefpcap_aware.c:FlowEndCountersUpdate |
165 | | |
166 | | void FlowEndCountersRegister(ThreadVars *t, FlowEndCounters *fec); |
167 | | |
168 | | #endif /* __FLOW_UTIL_H__ */ |