snort_stream4_session.c

Linux snort-2.4.4源代码

#endif
    }
    return retSsn;
}
#endif

Session *GetSessionFromSplayTree(Packet *p)
{
    Session idx;
    Session *returned;
#ifdef DEBUG
    char flagbuf[9];
    CreateTCPFlagString(p, flagbuf);
#endif

    DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "Trying to get session...\n"););
    idx.server.ip = p->iph->ip_src.s_addr;
    idx.client.ip = p->iph->ip_dst.s_addr;
    idx.server.port = p->sp;
    idx.client.port = p->dp;

    DEBUG_WRAP(DebugMessage(DEBUG_STREAM,"Looking for sip: 0x%X sp: %d  cip: "
                "0x%X cp: %d flags: %s\n", idx.server.ip, idx.server.port, 
                idx.client.ip, idx.client.port, flagbuf););

    returned = (Session *) ubi_sptFind(RootPtr, (ubi_btItemPtr)&idx);

    if(returned == NULL)
    {
        DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "GetSession forward didn't work, "
                    "trying backwards...\n"););
        idx.server.ip = p->iph->ip_dst.s_addr;
        idx.client.ip = p->iph->ip_src.s_addr;
        idx.server.port = p->dp;
        idx.client.port = p->sp;
        DEBUG_WRAP(DebugMessage(DEBUG_STREAM,"Looking for sip: 0x%X sp: %d  "
                                "cip: 0x%X cp: %d flags: %s\n", idx.server.ip, 
                                idx.server.port, idx.client.ip, idx.client.port,
                                flagbuf););
        returned = (Session *) ubi_sptFind(RootPtr, (ubi_btItemPtr)&idx);
    }

    if(returned == NULL)
    {
        DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "Unable to find session\n"););
    }
    else
    {
        DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "Found session\n"););
    }

    return returned;

}

Session *RemoveSession(Session *ssn)
{
#ifdef USE_HASH_TABLE
    if (!RemoveSessionFromHashTable(ssn) )
        return ssn;
    else
        return NULL;
#else /* USE_SPLAY_TREE */
    Session *killme = NULL;
    if(ubi_trCount(RootPtr))
    {
        killme = (Session *) ubi_sptRemove(RootPtr, (ubi_btNodePtr) ssn);
    }
    return killme;
#endif
}

Session *GetSession(Packet *p)
{
#ifdef USE_HASH_TABLE
    return GetSessionFromHashTable(p);
#else /* USE_SPLAY_TREE */
    return GetSessionFromSplayTree(p);
#endif
}

#ifdef USE_HASH_TABLE
#else /* USE_SPLAY_TREE */
static int CompareFunc(ubi_trItemPtr ItemPtr, ubi_trNodePtr NodePtr)
{
    Session *nSession;
    Session *iSession; 

    nSession = ((Session *)NodePtr);
    iSession = (Session *)ItemPtr;

    if(nSession->server.ip < iSession->server.ip) return 1;
    else if(nSession->server.ip > iSession->server.ip) return -1;

    if(nSession->client.ip < iSession->client.ip) return 1;
    else if(nSession->client.ip > iSession->client.ip) return -1;
        
    if(nSession->server.port < iSession->server.port) return 1;
    else if(nSession->server.port > iSession->server.port) return -1;

    if(nSession->client.port < iSession->client.port) return 1;
    else if(nSession->client.port > iSession->client.port) return -1;

    return 0;
}
#endif

void InitSessionCache()
{
#ifdef USE_HASH_TABLE
    if (!sessionHashTable)
    {
        /* Create the hash table --
         * SESSION_HASH_TABLE_SIZE hash buckets
         * keysize = 12 bytes (2x 32bit IP, 2x16bit port)
         * data size = sizeof(Session) object
         * no max mem
         * no automatic node recovery
         * NULL node recovery free function
         * NULL user data free function
         * recycle nodes
         */
        /* Rule of thumb, size should be 1.4 times max to avoid
         * collisions.
         */
        int hashTableSize = (int) (s4data.max_sessions * 1.4);
        int maxSessionMem = s4data.max_sessions * (
                             sizeof(Session) +
                             sizeof(SFXHASH_NODE) +
                             sizeof(SessionHashKey) +
                             sizeof (SFXHASH_NODE *));
        int tableMem = (hashTableSize +1) * sizeof(SFXHASH_NODE*);
        int maxMem = maxSessionMem + tableMem;
        sessionHashTable = sfxhash_new(hashTableSize,
                        sizeof(SessionHashKey),
                        sizeof(Session), maxMem, 0, NULL, NULL, 1);


    }
#else /* USE_SPLAY_TREE */
    (void)ubi_trInitTree(RootPtr,       /* ptr to the tree head */
                         CompareFunc,   /* comparison function */
                         0);            /* don't allow overwrites/duplicates */

#endif
}

void PurgeSessionCache()
{
    Session *ssn = NULL;
#ifdef USE_HASH_TABLE
    ssn = (Session *)sfxhash_mru(sessionHashTable);
#else /* USE_SPLAY_TREE */
    ssn = (Session *)ubi_trFirst(RootPtr);
#endif
    while (ssn)
    {
        DeleteSession(ssn, 0);
#ifdef USE_HASH_TABLE
        ssn = (Session *)sfxhash_mru(sessionHashTable);
#else /* USE_SPLAY_TREE */
        ssn = (Session *)ubi_trFirst(RootPtr);
#endif
    }
}

void PrintSessionCache()
{
#ifdef USE_HASH_TABLE
    DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "%lu streams active, %u bytes in use\n", 
                            sfxhash_count(sessionHashTable), stream4_memory_usage););
#else /* USE_SPLAY_TREE */
    DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "%lu streams active, %u bytes in use\n", 
                            ubi_trCount(RootPtr), stream4_memory_usage););
#endif
    return;
}

int PruneSessionCache(u_int32_t thetime, int mustdie, Session *save_me)
{
#ifdef USE_HASH_TABLE
    return CleanHashTable(thetime, save_me, 1);
#else /* USE_SPLAY_TREE */
    Session *idx;
    u_int32_t pruned = 0;

    if(ubi_trCount(RootPtr) == 0)
    {
        return 0;
    }

    {
        if (thetime != 0)
        {
            char got_one;
            idx = (Session *) ubi_btLast((ubi_btNodePtr)RootPtr->root);

            if(idx == NULL)
            {
                return 0;
            }

            do
            {
                got_one = 0;            
                if(idx == save_me)
                {
                    idx = (Session *) ubi_btPrev((ubi_btNodePtr)idx);
                    continue;
                }

                if((idx->last_session_time+s4data.timeout) < thetime)
                {
                    Session *savidx = idx;

                    if(ubi_trCount(RootPtr) > 1)
                    {
                        idx = (Session *) ubi_btPrev((ubi_btNodePtr)idx);
                        DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "pruning stale session\n"););
                        DeleteSession(savidx, thetime);
                        pruned++;
                        got_one = 1;
                    }
                    else
                    {
                        DeleteSession(savidx, thetime);
                        pruned++;
                        return pruned;
                    }
                }
                else
                {
                    if(idx != NULL && ubi_trCount(RootPtr))
                    {
                        idx = (Session *) ubi_btPrev((ubi_btNodePtr)idx);
                    }
                    else
                    {
                        return pruned;
                    }
                }
            } while ((idx != NULL) && (got_one == 1));

            return pruned;
        }
        else if (s4data.cache_clean_percent == 0)
        {
            /* Free up xxx sessions at a time until we get under the
             * memcap */
            while ((stream4_memory_usage > s4data.memcap) &&
                   ubi_trCount(RootPtr) > 1)
            {
                int i;
                idx = (Session *) ubi_btLeafNode((ubi_btNodePtr)RootPtr);
                for (i=0;i<s4data.cache_clean_sessions && 
                         ubi_trCount(RootPtr) > 1; i++)
                {
                    if(idx != save_me)
                    {
                        DeleteSession(idx, thetime);
                        pruned++;
                        idx = (Session *) ubi_btLeafNode((ubi_btNodePtr)RootPtr);
                    }
                    else
                    {
                        Rotate((ubi_btNodePtr)idx);
                        idx = (Session *) ubi_btLeafNode((ubi_btNodePtr)RootPtr);
                        i--; /* Didn't clean this one */
                    }
                }
            }
        }
        else
        {
            /* Free up a percentage of the cache */
            u_int32_t smallPercent = (u_int32_t)(s4data.memcap * s4data.cache_clean_percent);
            idx = (Session *) ubi_btLeafNode((ubi_btNodePtr)RootPtr);
            while ((stream4_memory_usage > (s4data.memcap - smallPercent)) &&
                   ubi_trCount(RootPtr) > 1)
            {
                if(idx != save_me)
                {
                    DeleteSession(idx, thetime);
                    pruned++;
                    idx = (Session *) ubi_btLeafNode((ubi_btNodePtr)RootPtr);
                }
                else
                {
                    Rotate((ubi_btNodePtr)idx);
                    idx = (Session *) ubi_btLeafNode((ubi_btNodePtr)RootPtr);
                }
            }
        }
#ifdef DEBUG
        if(ubi_trCount(RootPtr) == 1) {
            DebugMessage(DEBUG_STREAM, "Emptied out the stream cache "
                         "completely mustdie: %d, memusage: %u\n",
                         mustdie,
                         stream4_memory_usage);
        }
#endif /* DEBUG */
        return pruned;
    }
#endif /* USE_HASH_TABLE */

    return 0;
}