int SFAT_AddMapEntry(MapEntry *entry)
{
tTargetBasedPolicyConfig *pConfig = &targetBasedPolicyConfig;
if (!pConfig->next.mapTable)
{
/* Attribute Table node includes memory for each entry,
* as defined by sizeof(MapEntry).
*/
pConfig->next.mapTable = sfxhash_new(ATTRIBUTE_MAP_MAX_ROWS,
sizeof(int),
sizeof(MapEntry),
0,
1,
NULL,
NULL,
1);
if (!pConfig->next.mapTable)
FatalError("Failed to allocate attribute map table\n");
}
/* Memcopy MapEntry to newly allocated one and store in
* a hash table based on entry->id for easy lookup.
*/
DEBUG_WRAP(
DebugMessage(DEBUG_ATTRIBUTE, "Adding Map Entry: %d %s\n",
entry->l_mapid, entry->s_mapvalue););
void file_resume_block_init(void)
{
fileHash = sfxhash_new(MAX_FILES_TRACKED, sizeof(FileHashKey), sizeof(FileNode), 0, 1,
NULL, NULL, 1);
if (!fileHash)
FatalError("Failed to create the expected channel hash table.\n");
}
void file_resume_block_init(void)
{
/* number of entries * overhead per entry */
unsigned long maxmem = sfxhash_calc_maxmem(MAX_FILES_TRACKED,
sizeof(FileHashKey) + sizeof(FileNode));
fileHash = sfxhash_new(MAX_FILES_TRACKED, sizeof(FileHashKey), sizeof(FileNode),
maxmem, 1, NULL, NULL, 1);
if (!fileHash)
FatalError("Failed to create the expected channel hash table.\n");
}
void InitTag(void)
{
unsigned int hashTableSize = TAG_MEMCAP/sizeof(TagNode);
ssn_tag_cache_ptr = sfxhash_new(
hashTableSize, /* number of hash buckets */
sizeof(tTagSessionKey), /* size of the key we're going to use */
0, /* size of the storage node */
0, /* disable memcap*/
0, /* use auto node recovery */
NULL, /* anr free function */
TagFreeSessionNodeFunc, /* user free function */
0); /* recycle node flag */
host_tag_cache_ptr = sfxhash_new(
hashTableSize, /* number of hash buckets */
sizeof(snort_ip), /* size of the key we're going to use */
0, /* size of the storage node */
0, /* disable memcap*/
0, /* use auto node recovery */
NULL, /* anr free function */
TagFreeHostNodeFunc, /* user free function */
0); /* recycle node flag */
}
/**
* Create a new scoreboard for tracking nodes.
*
* @param sbp scoreboard to initialize
* @param at_thr active talker thresholds
* @param sc_thr scanner thresholds (may not be needed)
* @param kind tracker location for this table
* @param description table description
* @param rows number of rows to populate the initial HASHTABLE() with
* @param memcap bytes we can spend on this scoreboard
*
* @return FLOW_SUCCESS on success, else failure
*/
int scoreboard_init(SCOREBOARD *sbp,
char *description,
TRACKER_POSITION kind,
unsigned int rows,
int memcap)
{
if(!sbp || !description)
{
return FLOW_ENULL;
}
if(rows < 1)
return FLOW_EINVALID;
if(memcap < (sizeof(SCORE_ENTRY) + sizeof(SFXHASH_NODE)))
return FLOW_EINVALID;
/* initialize s_init_entry*/
sb_init_entry();
memset(sbp, 0, sizeof(SCOREBOARD));
snprintf(sbp->description, SDESC_SIZE - 1, description);
sbp->description[SDESC_SIZE - 1] = '\0';
/* what size should we do? */
sbp->ipv4_table = sfxhash_new(rows, /* # of rows in HT*/
sizeof(u_int32_t), /* size of the key */
sizeof(SCORE_ENTRY), /* data size */
memcap, /* how much memory is alloted */
1, /* auto recover nodes */
scoreboard_anrfree, /* autorecovery function */
scoreboard_usrfree, /* free function for the data */
1); /* recycle old nodes */
if(sbp->ipv4_table == NULL)
{
flow_printf("Unable to create scoreboard table!\n");
return FLOW_ENOMEM;
}
sbp->kind = kind;
return FLOW_SUCCESS;
}
void ps_init_hash(unsigned long memcap)
{
int rows = 0;
int factor = 0;
#if SIZEOF_LONG_INT == 8
factor = 125;
#else
factor = 250;
#endif
rows = memcap/factor;
portscan_hash = sfxhash_new(rows, sizeof(PS_HASH_KEY), sizeof(PS_TRACKER),
memcap, 1, ps_tracker_free, NULL, 1);
if (portscan_hash == NULL)
FatalError("Failed to initialize portscan hash table.\n");
}
int InitFlowIPStats(SFFLOW *sfFlow)
{
static char first = 1;
if (first)
{
sfFlow->ipMap = sfxhash_new(1021, sizeof(sfSFSKey), sizeof(sfSFSValue),
perfmon_config->flowip_memcap, 1, NULL, NULL, 1);
first = 0;
}
else
{
sfxhash_make_empty(sfFlow->ipMap);
}
return 0;
}
SFXHASH * DetectionHashTableNew(void)
{
SFXHASH *doht = sfxhash_new(HASH_RULE_OPTIONS,
sizeof(detection_option_key_t),
0, /* Data size == 0, just store the ptr */
0, /* Memcap */
0, /* Auto node recovery */
NULL, /* Auto free function */
detection_hash_free_func, /* User free function */
1); /* Recycle nodes */
if (doht == NULL)
FatalError("Failed to create rule detection option hash table");
sfxhash_set_keyops(doht, detection_option_hash_func,
detection_option_key_compare_func);
return doht;
}
/**
* Initialize the server stats structure
*
* If we do not specify a watchnet, then we have no use for this
* structure
*
* @param ssp server stats structure to initialize
* @param watchnet what network we're watching for information
* @param rows how many rows the underlying table should use
* @param memcap what our total memory limit is
*
* @return FLOW_SUCCESS on success
*/
int server_stats_init(SERVER_STATS *ssp, IPSET *watchnetv4,
unsigned int rows, int memcap)
{
if(!ssp || !watchnetv4)
return FLOW_ENULL;
server_stats_init_entry();
memset(ssp, 0, sizeof(SERVER_STATS));
if(ipset_family(watchnetv4) != IPV4_FAMILY)
{
return FLOW_EINVALID;
}
/* what size should we do? */
ssp->ipv4_table = sfxhash_new(rows, /* # of rows in HT*/
sizeof(SERVER_KEY), /* size of the key */
sizeof(u_int32_t), /* data size */
memcap, /* how much memory is alloted */
1, /* auto recover nodes */
NULL, /* autorecovery function */
NULL, /* free function for the data */
1); /* recycle old nodes */
if(ssp->ipv4_table == NULL)
{
return FLOW_ENOMEM;
}
ssp->ipv4_watch = ipset_copy(watchnetv4);
if(!ssp->ipv4_watch)
{
sfxhash_delete(ssp->ipv4_table);
return FLOW_ENOMEM;
}
return FLOW_SUCCESS;
}
static void SFRF_New( unsigned nbytes )
{
int nrows;
/* Calc max ip nodes for this memory */
if ( nbytes < SFRF_BYTES )
{
nbytes = SFRF_BYTES;
}
nrows = nbytes / (SFRF_BYTES);
/* Create global hash table for all of the IP Nodes */
rf_hash = sfxhash_new(
nrows, /* try one node per row - for speed */
sizeof(tSFRFTrackingNodeKey), /* keys size */
sizeof(tSFRFTrackingNode), /* data size */
nbytes, /* memcap **/
1, /* ANR flag - true ?- Automatic Node Recovery=ANR */
0, /* ANR callback - none */
0, /* user freemem callback - none */
1) ; /* Recycle nodes ?*/
}
SFXHASH * sfthd_new_hash(unsigned nbytes, size_t key, size_t data)
{
size_t size = key + data;
int nrows;
/* Calc max ip nodes for this memory */
if ( nbytes < size )
{
nbytes = size;
}
nrows = nbytes / (size);
return sfxhash_new(
nrows, /* try one node per row - for speed */
key, /* keys size */
data, /* data size */
nbytes, /* memcap **/
1, /* ANR flag - true ?- Automatic Node Recovery=ANR */
0, /* ANR callback - none */
0, /* user freemem callback - none */
1 ) ; /* Recycle nodes ?*/
}
/* Create file cache */
FileCache *file_cache_create(uint64_t memcap, uint32_t cleanup_files)
{
FileCache *fileCache = NULL;
int max_files = 0;
uint64_t file_segment_memcap = memcap/2;
if( !memcap )
{
WarningMessage("%s(%d) File cache memory unlimited!\n",
file_name, file_line);
}
/* Half for file segment, half for file context tracking*/
max_files = get_max_files_from_memcap(memcap - file_segment_memcap);
fileCache = SnortAlloc( sizeof( *fileCache ) );
if( fileCache )
{
fileCache->max_files = max_files;
/* Okay, now create the table */
fileCache->hashTable = sfxhash_new(max_files, sizeof(FileKey), sizeof(FileEntry),
0, 0, NULL, file_entry_free_func, 1 );
if (!fileCache->hashTable)
FatalError( "%s(%d) Unable to create a file cache.\n", file_name, file_line);
sfxhash_set_max_nodes( fileCache->hashTable, max_files );
fileCache->file_segment_memcap = file_segment_memcap;
fileCache->max_file_depth = file_api->get_max_file_depth();
fileCache->cleanup_files = cleanup_files;
}
else
{
FatalError( "%s(%d) Unable to create a file cache.\n",
file_name, file_line);
}
return fileCache;
}
int flowcache_init(FLOWCACHE *flowcachep, unsigned int rows,
int memcap, int datasize, FLOWHASHID hashid)
{
int ret;
int real_datasize = 0;
if(!flowcachep)
{
return FLOW_ENULL;
}
if(datasize < 0)
{
return FLOW_ENULL;
}
if(memcap <= (int)(datasize + sizeof(FLOW) + sizeof(SFXHASH_NODE)))
{
/* come on man, you gotta give me enough memory to store 1. */
return FLOW_EINVALID;
}
if(rows < 1)
return FLOW_EINVALID;
/* zero out the struct for all the additional data strctures */
memset(flowcachep, 0, sizeof(FLOWCACHE));
/*
** If we have a datasize, then we need to decrement by 1 because
** the FLOWDATA already has one byte.
*/
if(datasize)
{
real_datasize = datasize - 1;
}
/*
** datasize-1 because there is already 1 byte in the FLOWDATA
** structure.
*/
flowcachep->ipv4_table =
sfxhash_new(rows, /* # of nodes in HT*/
sizeof(FLOWKEY), /* size of the key */
sizeof(FLOW) + real_datasize, /* data size */
memcap, /* max memory */
1, /* auto recover nodes */
flowcache_anrfree, /* autorecovery function */
flowcache_usrfree, /* data free function*/
1); /* recycle old nodes */
if(flowcachep->ipv4_table == NULL)
{
return FLOW_ENOMEM;
}
/* set our hash function to something that understands ipv4 flowkeys */
switch(hashid)
{
case HASH1:
ret = sfxhash_set_keyops(flowcachep->ipv4_table,
flowkey_hashfcn1,
flowkeycmp_fcn);
break;
case HASH2:
ret = sfxhash_set_keyops(flowcachep->ipv4_table,
flowkey_hashfcn2,
flowkeycmp_fcn);
break;
default:
ret = FLOW_EINVALID;
}
/* if setting the hash function or setting the comparison function fails,
abort */
if(ret != 0)
{
sfxhash_delete(flowcachep->ipv4_table);
return FLOW_BADJUJU;
}
flowcachep->max_flowbits_bytes = (unsigned int)datasize;
return FLOW_SUCCESS;
}
/*
* Hash test program : use 'sfxhash 1000 50000' to stress the Auto_NodeRecover feature
*/
int main ( int argc, char ** argv )
{
int i;
SFXHASH * t;
SFXHASH_NODE * n;
char strkey[256], strdata[256], * p;
int num = 100;
int mem = 0;
memset(strkey,0,20);
memset(strdata,0,20);
if( argc > 1 )
{
num = atoi(argv[1]);
}
if( argc > 2 )
{
mem = atoi(argv[2]);
}
/* Create a Hash Table */
t = sfxhash_new( 100, /* one row per element in table, when possible */
20, /* key size : padded with zeros */
20, /* data size: padded with zeros */
mem, /* max bytes, 0=no max */
1, /* enable AutoNodeRecovery */
anrfree, /* provide a function to let user know we want to kill a node */
usrfree, /* provide a function to release user memory */
1); /* Recycle nodes */
if(!t)
{
printf("Low Memory!\n");
exit(0);
}
/* Add Nodes to the Hash Table */
for(i=0;i<num;i++)
{
snprintf(strkey, sizeof(strkey), "KeyWord%5.5d",i+1);
strkey[sizeof(strkey) - 1] = '\0';
snprintf(strdata, sizeof(strdata), "KeyWord%5.5d",i+1);
strdata[sizeof(strdata) - 1] = '\0';
//strupr(strdata);
sfxhash_add( t, strkey /* user key */ , strdata /* user data */ );
}
/* Find and Display Nodes in the Hash Table */
printf("\n** FIND KEY TEST\n");
for(i=0;i<num;i++)
{
snprintf(strkey, sizeof(strkey) - 1, "KeyWord%5.5d",i+1);
strkey[sizeof(strkey) - 1] = '\0';
p = (char*) sfxhash_find( t, strkey );
if(p)printf("Hash-key=%*s, data=%*s\n", strlen(strkey),strkey, strlen(strkey), p );
}
/* Show memcap memory */
printf("\n...******\n");
sfmemcap_showmem(&t->mc);
printf("...******\n");
/* Display All Nodes in the Hash Table findfirst/findnext */
printf("\n...FINDFIRST / FINDNEXT TEST\n");
for( n = sfxhash_findfirst(t);
n != 0;
n = sfxhash_findnext(t) )
{
printf("hash-findfirst/next: n=%x, key=%s, data=%s\n", n, n->key, n->data );
/*
remove node we are looking at, this is first/next safe.
*/
if( sfxhash_remove(t,n->key) )
{
printf("...ERROR: Could not remove the key node!\n");
}
else
{
printf("...key node removed\n");
}
}
printf("...Auto-Node-Recovery: %d recycle attempts, %d completions.\n",t->anr_tries,t->anr_count);
/* Free the table and it's user data */
printf("...sfxhash_delete\n");
sfxhash_delete( t );
printf("\nnormal pgm finish\n\n");
return 0;
}
