Pull request #4558: main: support an instance ID dump for multiprocess

Merge in SNORT/snort3 from ~MMATIRKO/snort3:instance_id to master

Squashed commit of the following:

commit e6fd2fbf34761266266520c3a470285d3fad4673
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Dec 19 15:48:00 2024 -0500

    main: support an instance ID dump per-thread

diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 15f8236289f5f1434252ab287716e0acaf0dfffe..23d62d40135d79543b50c98ea6709efa61a438ea 100644 (file)
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -640,6 +640,8 @@ void Analyzer::init_unprivileged()
     InitTag();
     EventTrace_Init();
 
+    populate_instance_maps();
+
     memory::MemoryCap::thread_init();
     EventManager::open_outputs();
     IpsManager::setup_options(sc);
@@ -697,6 +699,8 @@ void Analyzer::term()
         daq_instance->finalize_message(msg, DAQ_VERDICT_BLOCK);
     }
 
+    invalidate_instance_maps();
+
     DetectionEngine::idle();
     InspectorManager::thread_stop(sc);
     InspectorManager::thread_term();

diff --git a/src/main/snort.cc b/src/main/snort.cc
index ef12ace815ef278254cefe08280c083d267eea2f..a7b989107d43aee19c8e6a0016db3a043534ad15 100644 (file)
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -23,6 +23,7 @@
 
 #include "snort.h"
 
+#include <cmath>
 #include <daq.h>
 #include <sys/stat.h>
 #include <syslog.h>
@@ -396,7 +397,7 @@ unsigned Snort::get_process_id()
     if (!sc->id_offset)
         return 1;
     else
-        return sc->id_offset / ThreadConfig::get_instance_max() + 1;
+        return std::ceil(sc->id_offset / (float) ThreadConfig::get_instance_max());
 }
 
 void Snort::setup(int argc, char* argv[])

diff --git a/src/main/test/distill_verdict_stubs.h b/src/main/test/distill_verdict_stubs.h
index 34a1ea037eb9663bbd4efd015b309e9a9aa46878..1924f70ebe452af3175bcbb1b5d5dedc094230b4 100644 (file)
--- a/src/main/test/distill_verdict_stubs.h
+++ b/src/main/test/distill_verdict_stubs.h
@@ -236,6 +236,8 @@ bool Flow::handle_allowlist() { return true; }
 void ThreadConfig::implement_thread_affinity(SThreadType, unsigned) { }
 void ThreadConfig::apply_thread_policy(SThreadType , unsigned ) { }
 void ThreadConfig::set_instance_tid(int) { }
+void populate_instance_maps() { }
+void invalidate_instance_maps() { }
 }
 
 bool FlowControl::move_to_allowlist(snort::Flow*) { return true; }

diff --git a/src/main/thread.cc b/src/main/thread.cc
index d288291edcd8d8f8f3ed7fb33d452e4288143e01..4ff0e30387915a3fb507b47b0370d697ed57082c 100644 (file)
--- a/src/main/thread.cc
+++ b/src/main/thread.cc
@@ -23,11 +23,18 @@
 
 #include "thread.h"
 
+#include <fstream>
+#include <iostream>
 #include <sys/stat.h>
 
+#include "log/messages.h"
+
+#include "snort.h"
 #include "snort_config.h"
 #include "thread_config.h"
 
+#define INST_MAP_NAME "instance_mappings.csv"
+
 //-------------------------------------------------------------------------
 // FIXIT-L instance_id zero indicates main thread during parse time and the
 // first packet thread during runtime.  not sure if i'm ok with that.
@@ -52,6 +59,38 @@ void set_thread_type(SThreadType type)
 
 namespace snort
 {
+
+void populate_instance_maps()
+{
+    std::string path;
+
+    get_instance_file(path, INST_MAP_NAME);
+
+    std::ofstream inst_file;
+    inst_file.open(path);
+
+    inst_file << "pid, snort process number, instance_id, relative_instance_id, max_instances\n";
+    inst_file << getpid() << ", ";
+    inst_file << Snort::get_process_id() << ", ";
+    inst_file << instance_id << ", ";
+    inst_file << get_relative_instance_number() << ", ";
+    inst_file << ThreadConfig::get_instance_max();
+    inst_file << "\n";
+
+    inst_file.close();
+}
+
+void invalidate_instance_maps()
+{
+    std::string path;
+
+    get_instance_file(path, INST_MAP_NAME);
+    std::ofstream inst_file;
+    inst_file.open(path);
+    inst_file << "(instance is inactive or has terminated)\n";
+    inst_file.close();
+}
+
 unsigned get_instance_id()
 { return instance_id; }
 

diff --git a/src/main/thread.h b/src/main/thread.h
index 75a97bcad7aa4ea48318aa14f16601fae77310d0..207414d8e9654eedeedfe6181279e7f790bd8673 100644 (file)
--- a/src/main/thread.h
+++ b/src/main/thread.h
@@ -41,6 +41,9 @@ uint16_t get_run_num();
 
 namespace snort
 {
+void populate_instance_maps();
+void invalidate_instance_maps();
+
 SO_PUBLIC unsigned get_instance_id();
 SO_PUBLIC unsigned get_relative_instance_number();
 SO_PUBLIC SThreadType get_thread_type();