1 /* Copyright (C) 2007-2016 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18 /**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 */
23
24 #ifndef __FLOW_PRIVATE_H__
25 #define __FLOW_PRIVATE_H__
26
27 #include "flow-hash.h"
28 #include "flow-queue.h"
29
30 #include "util-atomic.h"
31
32 /* global flow flags */
33
34 /** Flow engine is in emergency mode. This means it doesn't have enough spare
35 * flows for new flows and/or it's memcap limit it reached. In this state the
36 * flow engine with evaluate flows with lower timeout settings. */
37 #define FLOW_EMERGENCY 0x01
38
39 /* Flow Time out values */
40 #define FLOW_DEFAULT_NEW_TIMEOUT 30
41 #define FLOW_DEFAULT_EST_TIMEOUT 300
42 #define FLOW_DEFAULT_CLOSED_TIMEOUT 0
43 #define FLOW_DEFAULT_BYPASSED_TIMEOUT 100
44 #define FLOW_IPPROTO_TCP_NEW_TIMEOUT 30
45 #define FLOW_IPPROTO_TCP_EST_TIMEOUT 300
46 #define FLOW_IPPROTO_TCP_CLOSED_TIMEOUT 10
47 #define FLOW_IPPROTO_TCP_BYPASSED_TIMEOUT 100
48 #define FLOW_IPPROTO_UDP_NEW_TIMEOUT 30
49 #define FLOW_IPPROTO_UDP_EST_TIMEOUT 300
50 #define FLOW_IPPROTO_UDP_BYPASSED_TIMEOUT 100
51 #define FLOW_IPPROTO_ICMP_NEW_TIMEOUT 30
52 #define FLOW_IPPROTO_ICMP_EST_TIMEOUT 300
53 #define FLOW_IPPROTO_ICMP_BYPASSED_TIMEOUT 100
54
55 #define FLOW_DEFAULT_EMERG_NEW_TIMEOUT 10
56 #define FLOW_DEFAULT_EMERG_EST_TIMEOUT 100
57 #define FLOW_DEFAULT_EMERG_CLOSED_TIMEOUT 0
58 #define FLOW_DEFAULT_EMERG_BYPASSED_TIMEOUT 50
59 #define FLOW_IPPROTO_TCP_EMERG_NEW_TIMEOUT 10
60 #define FLOW_IPPROTO_TCP_EMERG_EST_TIMEOUT 100
61 #define FLOW_IPPROTO_TCP_EMERG_CLOSED_TIMEOUT 5
62 #define FLOW_IPPROTO_UDP_EMERG_NEW_TIMEOUT 10
63 #define FLOW_IPPROTO_UDP_EMERG_EST_TIMEOUT 100
64 #define FLOW_IPPROTO_ICMP_EMERG_NEW_TIMEOUT 10
65 #define FLOW_IPPROTO_ICMP_EMERG_EST_TIMEOUT 100
66
67 #define FLOW_BYPASSED_TIMEOUT 100
68
69 enum {
70 FLOW_PROTO_TCP = 0,
71 FLOW_PROTO_UDP,
72 FLOW_PROTO_ICMP,
73 FLOW_PROTO_DEFAULT,
74
75 /* should be last */
76 FLOW_PROTO_MAX,
77 };
78 /* max used in app-layer (counters) */
79 #define FLOW_PROTO_APPLAYER_MAX FLOW_PROTO_UDP + 1
80
81 /*
82 * Variables
83 */
84
85 /** FlowProto specific timeouts and free/state functions */
86
87 extern FlowProtoTimeout flow_timeouts_normal[FLOW_PROTO_MAX];
88 extern FlowProtoTimeout flow_timeouts_emerg[FLOW_PROTO_MAX];
89 extern FlowProtoFreeFunc flow_freefuncs[FLOW_PROTO_MAX];
90
91 /** spare/unused/prealloced flows live here */
92 //extern FlowQueue flow_spare_q;
93
94 /** queue to pass flows to cleanup/log thread(s) */
95 extern FlowQueue flow_recycle_q;
96
97 extern FlowBucket *flow_hash;
98 extern FlowConfig flow_config;
99
100 /** flow memuse counter (atomic), for enforcing memcap limit */
101 SC_ATOMIC_EXTERN(uint64_t, flow_memuse);
102
103 typedef FlowProtoTimeout *FlowProtoTimeoutPtr;
104 SC_ATOMIC_EXTERN(FlowProtoTimeoutPtr, flow_timeouts);
105
FlowGetFlowTimeoutDirect(const FlowProtoTimeoutPtr flow_timeouts,const enum FlowState state,const uint8_t protomap)106 static inline uint32_t FlowGetFlowTimeoutDirect(
107 const FlowProtoTimeoutPtr flow_timeouts,
108 const enum FlowState state, const uint8_t protomap)
109 {
110 uint32_t timeout;
111 switch (state) {
112 default:
113 case FLOW_STATE_NEW:
114 timeout = flow_timeouts[protomap].new_timeout;
115 break;
116 case FLOW_STATE_ESTABLISHED:
117 timeout = flow_timeouts[protomap].est_timeout;
118 break;
119 case FLOW_STATE_CLOSED:
120 timeout = flow_timeouts[protomap].closed_timeout;
121 break;
122 #ifdef CAPTURE_OFFLOAD
123 case FLOW_STATE_CAPTURE_BYPASSED:
124 timeout = FLOW_BYPASSED_TIMEOUT;
125 break;
126 #endif
127 case FLOW_STATE_LOCAL_BYPASSED:
128 timeout = flow_timeouts[protomap].bypassed_timeout;
129 break;
130 }
131 return timeout;
132 }
133
134 /** \internal
135 * \brief get timeout for flow
136 *
137 * \param f flow
138 * \param state flow state
139 *
140 * \retval timeout timeout in seconds
141 */
FlowGetFlowTimeout(const Flow * f,enum FlowState state)142 static inline uint32_t FlowGetFlowTimeout(const Flow *f, enum FlowState state)
143 {
144 FlowProtoTimeoutPtr flow_timeouts = SC_ATOMIC_GET(flow_timeouts);
145 return FlowGetFlowTimeoutDirect(flow_timeouts, state, f->protomap);
146 }
147
148 /** \internal
149 * \brief get timeout policy for flow
150 * \note does not take emergency mode into account. Always
151 * returns the 'normal' policy.
152 *
153 * \param f flow
154 *
155 * \retval timeout timeout in seconds
156 */
FlowGetTimeoutPolicy(const Flow * f)157 static inline uint32_t FlowGetTimeoutPolicy(const Flow *f)
158 {
159 uint32_t timeout;
160 FlowProtoTimeoutPtr flow_timeouts = flow_timeouts_normal;
161 switch (f->flow_state) {
162 default:
163 case FLOW_STATE_NEW:
164 timeout = flow_timeouts[f->protomap].new_timeout;
165 break;
166 case FLOW_STATE_ESTABLISHED:
167 timeout = flow_timeouts[f->protomap].est_timeout;
168 break;
169 case FLOW_STATE_CLOSED:
170 timeout = flow_timeouts[f->protomap].closed_timeout;
171 break;
172 #ifdef CAPTURE_OFFLOAD
173 case FLOW_STATE_CAPTURE_BYPASSED:
174 timeout = FLOW_BYPASSED_TIMEOUT;
175 break;
176 #endif
177 case FLOW_STATE_LOCAL_BYPASSED:
178 timeout = flow_timeouts[f->protomap].bypassed_timeout;
179 break;
180 }
181 return timeout;
182 }
183 #endif /* __FLOW_PRIVATE_H__ */
184