From: Juliana Fajardini Date: Fri, 8 Aug 2025 15:42:38 +0000 (-0300) Subject: schema: add descriptions for flow stats counters X-Git-Tag: suricata-8.0.1~52 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1d27e268d13ceb3f55b263195e5506b9b5a9637d;p=thirdparty%2Fsuricata.git schema: add descriptions for flow stats counters Task #7794 --- diff --git a/etc/schema.json b/etc/schema.json index 2551c97c98..7924eb41cb 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -6656,6 +6656,7 @@ }, "flow": { "type": "object", + "description": "Stats on flow-related diagnostics", "additionalProperties": false, "properties": { "active": { @@ -6683,61 +6684,78 @@ "additionalProperties": false, "properties": { "capture_bypassed": { - "type": "integer" + "type": "integer", + "description": "Number of flows bypassed at the capture level -- counted at the time of flow end" }, "closed": { - "type": "integer" + "type": "integer", + "description": "Number of flows in 'closed' state at the time of flow end" }, "established": { - "type": "integer" + "type": "integer", + "description": "Number of flows in 'established' state at the time of flow end" }, "local_bypassed": { - "type": "integer" + "type": "integer", + "description": "Number of flows bypassed internally -- counted at the time of flow end" }, "new": { - "type": "integer" + "type": "integer", + "description": "Number of flows in 'new' state at the time of flow end" } } }, "tcp_liberal": { - "type": "integer" + "type": "integer", + "description": "Number of TCP flows ended that had liberal state" }, "tcp_state": { "type": "object", "additionalProperties": false, "properties": { "close_wait": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in CLOSE_WAIT state" }, "closed": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in CLOSED state" }, "closing": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in CLOSING state" }, "established": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in ESTABLISHED state" }, "fin_wait1": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in FIN_WAIT_1 state" }, "fin_wait2": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in FIN_WAIT_2 state" }, "last_ack": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in LAST_ACK state" }, "none": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions newly created" }, "syn_recv": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in SYN_RECV state" }, "syn_sent": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in SYN_SENT state" }, "time_wait": { - "type": "integer" + "type": "integer", + "description": "Number of TCP sessions in TIME_WAIT state" } } } @@ -6786,6 +6804,7 @@ }, "mgr": { "type": "object", + "description": "Flow manager stats counters", "additionalProperties": false, "properties": { "flows_checked": { @@ -6867,34 +6886,44 @@ }, "wrk": { "type": "object", + "description": "Flow worker threads stats", "additionalProperties": false, "properties": { "flows_evicted": { - "type": "integer" + "type": "integer", + "description": "Number of flows that were evicted" }, "flows_evicted_needs_work": { - "type": "integer" + "type": "integer", + "description": "Number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work" }, "flows_evicted_pkt_inject": { - "type": "integer" + "type": "integer", + "description": "Number of pseudo packets injected into worker threads to complete flows' processing. For any flow this can be between 0-2, this is the total for all flows." }, "flows_injected": { - "type": "integer" + "type": "integer", + "description": "Number of flows injected into the worker thread from another thread" }, "flows_injected_max": { - "type": "integer" + "type": "integer", + "description": "Maximum number of flows injected into the worker thread from another thread" }, "spare_sync": { - "type": "integer" + "type": "integer", + "description": "Number of times the engine attempted to fetch flows from the master flow pool/spare queue" }, "spare_sync_avg": { - "type": "integer" + "type": "integer", + "description": "Average number of flows a thread could fetch from the master flow pool/spare queue" }, "spare_sync_empty": { - "type": "integer" + "type": "integer", + "description": "Number of times the master spare pool was empty when requesting flows from it" }, "spare_sync_incomplete": { - "type": "integer" + "type": "integer", + "description": "Number of times spare flow syncs were incomplete (fetched with less than 100 flows in sync)" } } } diff --git a/src/flow-hash.c b/src/flow-hash.c index 2642dad305..632e5668b7 100644 --- a/src/flow-hash.c +++ b/src/flow-hash.c @@ -641,6 +641,10 @@ static inline Flow *FlowSpareSync(ThreadVars *tv, FlowLookupStruct *fls, if (f != NULL) { StatsAddUI64(tv, fls->dtv->counter_flow_spare_sync_avg, fls->spare_queue.len+1); if (fls->spare_queue.len < 99) { + /* When a new flow pool is fetched it has 100 flows in sync, + * so there should be 99 left if we're in full sync. + * If len is below 99, means the spare sync is incomplete */ + /* Track these instances */ StatsIncr(tv, fls->dtv->counter_flow_spare_sync_incomplete); } } else if (fls->spare_queue.len == 0) {