static tSFRFTrackingNode* _getSFRFTrackingNode(
snort_ip_p ip,
unsigned tid,
time_t curTime
) {
tSFRFTrackingNode* dynNode = NULL;
tSFRFTrackingNodeKey key;
SFXHASH_NODE * hnode = NULL;
/* Setup key */
key.ip = *(IP_PTR(ip));
key.tid = tid;
key.policyId = getRuntimePolicy();
/*
* Check for any Permanent sid objects for this gid or add this one ...
*/
hnode = sfxhash_get_node(rf_hash, (void*)&key);
if ( hnode && hnode->data )
{
dynNode = (tSFRFTrackingNode*)hnode->data;
if ( dynNode->filterState == FS_NEW )
{
// first time initialization
dynNode->tstart = curTime;
#ifdef SFRF_OVER_RATE
dynNode->tlast = curTime;
#endif
dynNode->filterState = FS_OFF;
}
}
return dynNode;
}
static sfSFSValue *findFlowIPStats(SFFLOW *sfFlow, snort_ip_p src_addr, snort_ip_p dst_addr, int *swapped)
{
SFXHASH_NODE *node;
sfSFSKey key;
sfSFSValue *value;
if (IP_LESSER(src_addr, dst_addr))
{
IP_COPY_VALUE(key.ipA, src_addr);
IP_COPY_VALUE(key.ipB, dst_addr);
*swapped = 0;
}
else
{
IP_COPY_VALUE(key.ipA, dst_addr);
IP_COPY_VALUE(key.ipB, src_addr);
*swapped = 1;
}
value = sfxhash_find(sfFlow->ipMap, &key);
if (!value)
{
node = sfxhash_get_node(sfFlow->ipMap, &key);
if (!node)
{
DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "Key/Value pair didn't exist in the flow stats table and we couldn't add it!\n"););
int flowcache_newflow(FLOWCACHE *flowcachep, FLOWKEY *keyp, FLOW **flowpp)
{
static int run_once = 1;
#ifdef FLOW_PERF_FIX
FLOW *newflow = NULL;
SFXHASH_NODE *new_node = NULL;
#else
static FLOW zeroflow;
#endif
static FLOWKEY searchkey;
int ret;
if(!flowcachep || !keyp || !flowpp)
{
return FLOW_ENULL;
}
FCS_new(flowcachep, keyp);
if(run_once)
{
/* all the time that we're running this, we're actually going
to be filling in the key, and having zero'd out counters */
#ifndef FLOW_PERF_FIX
memset(&zeroflow, 0, sizeof(FLOW));
#endif
memset(&searchkey, 0, sizeof(FLOWKEY));
run_once = 0;
}
flowkey_normalize(&searchkey, keyp);
#ifdef FLOW_PERF_FIX
/* This just eliminates a memcpy. */
/* Since we're using auto node recovery, we should get a node back
* here that has a data pointer. */
/* flow_init resets the internal key & stats to zero. */
new_node = sfxhash_get_node(flowcachep->ipv4_table, &searchkey);
if (new_node && new_node->data)
{
newflow = new_node->data;
if(flow_init(newflow, keyp->protocol,
keyp->init_address, keyp->init_port,
keyp->resp_address, keyp->resp_port))
{
return FLOW_ENULL;
}
ret = SFXHASH_OK;
}
else
{
ret = SFXHASH_NOMEM;
}
#else
if(flow_init(&zeroflow, keyp->protocol,
keyp->init_address, keyp->init_port,
keyp->resp_address, keyp->resp_port))
{
return FLOW_ENULL;
}
ret = sfxhash_add(flowcachep->ipv4_table, &searchkey, &zeroflow);
#endif
switch(ret)
{
case SFXHASH_OK:
if(flowcache_mru(flowcachep,flowpp) != FLOW_SUCCESS)
{
/* something's wrong because we just added this thing!\n */
flow_printf("Unable to find a key I just added!\n");
return FLOW_BADJUJU;
}
if(init_flowdata(flowcachep, *flowpp))
{
return FLOW_BADJUJU;
}
return FLOW_SUCCESS;
case SFXHASH_NOMEM:
return FLOW_ENOMEM;
case SFXHASH_INTABLE:
default:
return FLOW_EINVALID;
}
}
FileEntry *file_cache_get(FileCache *fileCache, void* p, uint64_t file_id,
bool can_create)
{
SFXHASH_NODE *hnode;
FileKey fileKey;
Packet *pkt = (Packet *)p;
sfaddr_t* srcIP;
sfaddr_t* dstIP;
if ((fileCache == NULL) || (fileCache->hashTable == NULL))
return NULL;
if ((pkt->packet_flags & PKT_FROM_CLIENT))
{
srcIP = GET_SRC_IP(pkt);
dstIP = GET_DST_IP(pkt);
}
else
{
srcIP = GET_DST_IP(pkt);
dstIP = GET_SRC_IP(pkt);
}
sfaddr_copy_to_raw(&fileKey.dip, dstIP);
sfaddr_copy_to_raw(&fileKey.sip, srcIP);
fileKey.file_id = file_id;
if (!can_create)
{
hnode = sfxhash_find_node(fileCache->hashTable, &fileKey);
}
else
{
hnode = sfxhash_get_node(fileCache->hashTable, &fileKey);
if (!hnode)
{
/*No more file entries, free up some old ones*/
pruneFileCache(fileCache, NULL);
/* Should have some freed nodes now */
hnode = sfxhash_get_node(fileCache->hashTable, &fileKey);
#ifdef DEBUG_MSGS
if (!hnode)
LogMessage("%s(%d) Problem, no freed nodes\n", __FILE__, __LINE__);
#endif
}
}
if (hnode && hnode->data)
{
FileEntry *file_entry = (FileEntry *)hnode->data;
return file_entry;
}
else
{
return NULL;
}
}