#include "unique_tracker.h"
#include "sfxhash.h"
Go to the source code of this file.
Typedefs | |
| typedef _UT_KEY | UT_KEY |
Functions | |
| static void | ut_init_entry (void) |
| int | ut_init (UNIQUE_TRACKER *utp, unsigned int rows, int memcap) |
| int | ut_destroy (UNIQUE_TRACKER *utp) |
| int | ut_check (UNIQUE_TRACKER *utp, FLOWKEY *keyp, UT_TYPE *retval) |
| void | unique_tracker_dump (UNIQUE_TRACKER *ssp) |
| void | ut_stats (UNIQUE_TRACKER *utp, int dumpall) |
| int | ut_memcap (UNIQUE_TRACKER *utp) |
| int | ut_row_count (UNIQUE_TRACKER *utp) |
| int | ut_overhead_bytes (UNIQUE_TRACKER *sbp) |
Variables | |
| static UT_KEY | s_ut_key |
| static int | s_debug = 0 |
It's basically a hash of everything in the FLOWKEY save for the source port. This should be hit for every "new connection".
Definition in file unique_tracker.c.
|
|
|
|
|
Print out the entirety of the unique tracker
Definition at line 154 of file unique_tracker.c. References _UT_KEY::dip, _UT_KEY::dport, flow_printf(), _UNIQUE_TRACKER::ipv4_table, _sfxhash_node::key, NULL, _UT_KEY::protocol, sfxhash_ghead(), sfxhash_gnext(), _UT_KEY::sip, and snprintf. Referenced by ut_stats(). |
|
||||||||||||||||
|
Determine if a flowkey is sufficiently unique to be called new This assumes that sfxhash_add performs a splay to the top on an INTABLE add. This must be updated if that's ever changed.
Definition at line 98 of file unique_tracker.c. References _UT_KEY::dip, _UT_KEY::dport, FLOW_ENULL, FLOW_SUCCESS, _FLOWKEY::init_address, _UNIQUE_TRACKER::ipv4_table, NULL, _UT_KEY::protocol, _FLOWKEY::protocol, _FLOWKEY::resp_address, _FLOWKEY::resp_port, sfxhash_add(), SFXHASH_INTABLE, SFXHASH_NOMEM, SFXHASH_OK, _UT_KEY::sip, UT_NEW, and UT_OLD. Referenced by flowps_get_score(). |
|
|
Destroy a table completely
Definition at line 74 of file unique_tracker.c. References FLOW_ENULL, FLOW_SUCCESS, _UNIQUE_TRACKER::ipv4_table, and sfxhash_delete(). Referenced by flowps_destroy(), and flowps_init(). |
|
||||||||||||||||
|
Definition at line 38 of file unique_tracker.c. References FLOW_ENOMEM, FLOW_ENULL, flow_printf(), FLOW_SUCCESS, _UNIQUE_TRACKER::ipv4_table, memset, NULL, s_debug, sfxhash_new(), and ut_init_entry(). Referenced by flowps_init(). |
|
|
initialize the static s_init_key variable once and only once.This is used to zero out the key so that if the compiler pads the structure, we still have 0's in this keylookup. Definition at line 138 of file unique_tracker.c. References memset. Referenced by ut_init(). |
|
|
get the memcap
Definition at line 222 of file unique_tracker.c. References _UNIQUE_TRACKER::ipv4_table, _sfxhash::mc, MEMCAP::memcap, and NULL. Referenced by FlowPSOutputConfig(), and ut_stats(). |
|
|
get the overhead # of bytes
Definition at line 252 of file unique_tracker.c. References _UNIQUE_TRACKER::ipv4_table, NULL, and sfxhash_overhead_bytes(). Referenced by FlowPSOutputConfig(), and ut_stats(). |
|
|
get the # of rows in table
Definition at line 237 of file unique_tracker.c. References _UNIQUE_TRACKER::ipv4_table, _sfxhash::nrows, and NULL. Referenced by FlowPSOutputConfig(). |
|
||||||||||||
|
Definition at line 190 of file unique_tracker.c. References calc_percent(), flow_printf(), _UNIQUE_TRACKER::ipv4_table, sfxhash_anr_count(), sfxhash_count(), sfxhash_find_fail(), sfxhash_find_success(), sfxhash_find_total(), unique_tracker_dump(), ut_memcap(), and ut_overhead_bytes(). Referenced by flowps_stats(). |
|
|
Definition at line 32 of file unique_tracker.c. |
|
|
Definition at line 31 of file unique_tracker.c. |
1.4.2