From 1c962e7521ed16a244318a1922b2c096ee5c95d7 Mon Sep 17 00:00:00 2001 From: "Tom Peters (thopeter)" Date: Mon, 28 Aug 2017 16:38:09 -0400 Subject: [PATCH] Merge pull request #995 in SNORT/snort3 from peg_max_conc_p2 to master Squashed commit of the following: commit 92c5a4145ce11a5610b88afb3120a75d3354178e Author: Steven Baigal Date: Fri Aug 11 15:40:19 2017 -0400 add peg count for max concurrent sessions - part2 --- src/service_inspectors/dce_rpc/dce_smb.h | 2 ++ .../dce_rpc/dce_smb_module.cc | 2 ++ src/service_inspectors/dce_rpc/dce_tcp.cc | 5 +++ src/service_inspectors/dce_rpc/dce_tcp.h | 2 ++ .../dce_rpc/dce_tcp_module.cc | 2 ++ src/service_inspectors/dce_rpc/dce_udp.cc | 5 +++ src/service_inspectors/dce_rpc/dce_udp.h | 2 ++ .../dce_rpc/dce_udp_module.cc | 2 ++ src/service_inspectors/dce_rpc/smb_message.cc | 5 +++ src/service_inspectors/dnp3/dnp3.cc | 9 ++++++ src/service_inspectors/dnp3/dnp3.h | 3 ++ src/service_inspectors/dnp3/dnp3_module.cc | 2 ++ src/service_inspectors/ftp_telnet/ftp.cc | 2 +- .../ftp_telnet/ftp_module.cc | 11 ++++++- .../ftp_telnet/ftp_module.h | 3 +- src/service_inspectors/ftp_telnet/ftpp_si.cc | 32 +++++++++++++++++-- src/service_inspectors/ftp_telnet/ftpp_si.h | 31 ++++++++++++------ src/service_inspectors/ftp_telnet/telnet.cc | 2 +- .../ftp_telnet/telnet_module.cc | 11 ++++++- .../ftp_telnet/telnet_module.h | 3 +- .../http_inspect/http_enum.h | 2 +- .../http_inspect/http_flow_data.cc | 8 +++++ .../http_inspect/http_module.h | 4 +++ .../http_inspect/http_tables.cc | 2 ++ .../rpc_decode/rpc_decode.cc | 14 +++++++- .../rpc_decode/rpc_module.cc | 11 ++++++- .../rpc_decode/rpc_module.h | 4 ++- 27 files changed, 159 insertions(+), 22 deletions(-) diff --git a/src/service_inspectors/dce_rpc/dce_smb.h b/src/service_inspectors/dce_rpc/dce_smb.h index d95f07e4e..68da3c09a 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.h +++ b/src/service_inspectors/dce_rpc/dce_smb.h @@ -187,6 +187,8 @@ struct dce2SmbStats PegCount smb2_tree_connect; PegCount smb2_tree_disconnect; PegCount smb2_close; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; }; extern THREAD_LOCAL dce2SmbStats dce2_smb_stats; diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc index ff3d6ab3d..6db0c3e41 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc @@ -76,6 +76,8 @@ static const PegInfo dce2_smb_pegs[] = { "smbv2_tree_connect", "total number of SMBv2 tree connect packets seen" }, { "smbv2_tree_disconnect", "total number of SMBv2 tree disconnect packets seen" }, { "smbv2_close", "total number of SMBv2 close packets seen" }, + { "concurrent_sessions", "total concurrent sessions" }, + { "max_concurrent_sessions", "maximum concurrent sessions" }, { nullptr, nullptr } }; diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc index 28b348378..56021ed05 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp.cc @@ -33,11 +33,16 @@ Dce2TcpFlowData::Dce2TcpFlowData() : FlowData(inspector_id) { + dce2_tcp_stats.concurrent_sessions++; + if(dce2_tcp_stats.max_concurrent_sessions < dce2_tcp_stats.concurrent_sessions) + dce2_tcp_stats.max_concurrent_sessions = dce2_tcp_stats.concurrent_sessions; } Dce2TcpFlowData::~Dce2TcpFlowData() { DCE2_CoCleanTracker(&dce2_tcp_session.co_tracker); + if (dce2_tcp_stats.concurrent_sessions > 0) + dce2_tcp_stats.concurrent_sessions--; } THREAD_LOCAL dce2TcpStats dce2_tcp_stats; diff --git a/src/service_inspectors/dce_rpc/dce_tcp.h b/src/service_inspectors/dce_rpc/dce_tcp.h index f9daeb992..94ddadfeb 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.h +++ b/src/service_inspectors/dce_rpc/dce_tcp.h @@ -65,6 +65,8 @@ struct dce2TcpStats /*DCE TCP specific*/ PegCount tcp_sessions; PegCount tcp_pkts; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; }; extern THREAD_LOCAL dce2TcpStats dce2_tcp_stats; diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.cc b/src/service_inspectors/dce_rpc/dce_tcp_module.cc index deef39ca0..883f5c49d 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.cc @@ -94,6 +94,8 @@ static const PegInfo dce2_tcp_pegs[] = { "server_frags_reassembled", "total connection-oriented server fragments reassembled" }, { "tcp_sessions", "total tcp sessions" }, { "tcp_packets", "total tcp packets" }, + { "concurrent_sessions", "total concurrent sessions" }, + { "max_concurrent_sessions", "maximum concurrent sessions" }, { nullptr, nullptr } }; diff --git a/src/service_inspectors/dce_rpc/dce_udp.cc b/src/service_inspectors/dce_rpc/dce_udp.cc index 66d93bef6..c8e0ca0a2 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.cc +++ b/src/service_inspectors/dce_rpc/dce_udp.cc @@ -57,11 +57,16 @@ static void DCE2_ClCleanTracker(DCE2_ClTracker* clt) //------------------------------------------------------------------------- Dce2UdpFlowData::Dce2UdpFlowData() : FlowData(inspector_id) { + dce2_udp_stats.concurrent_sessions++; + if(dce2_udp_stats.max_concurrent_sessions < dce2_udp_stats.concurrent_sessions) + dce2_udp_stats.max_concurrent_sessions = dce2_udp_stats.concurrent_sessions; } Dce2UdpFlowData::~Dce2UdpFlowData() { DCE2_ClCleanTracker(&dce2_udp_session.cl_tracker); + if (dce2_udp_stats.concurrent_sessions > 0) + dce2_udp_stats.concurrent_sessions--; } unsigned Dce2UdpFlowData::inspector_id = 0; diff --git a/src/service_inspectors/dce_rpc/dce_udp.h b/src/service_inspectors/dce_rpc/dce_udp.h index 17f19ec32..d330bf053 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.h +++ b/src/service_inspectors/dce_rpc/dce_udp.h @@ -60,6 +60,8 @@ struct dce2UdpStats PegCount cl_max_frag_size; PegCount cl_frag_reassembled; PegCount cl_max_seqnum; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; }; extern THREAD_LOCAL dce2UdpStats dce2_udp_stats; diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.cc b/src/service_inspectors/dce_rpc/dce_udp_module.cc index bfb8ec136..95b8165eb 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_module.cc @@ -71,6 +71,8 @@ static const PegInfo dce2_udp_pegs[] = { "max_fragment_size", "connection-less maximum fragment size" }, { "frags_reassembled", "total connection-less fragments reassembled" }, { "max_seqnum", "max connection-less seqnum" }, + { "concurrent_sessions", "total concurrent sessions" }, + { "max_concurrent_sessions", "maximum concurrent sessions" }, { nullptr, nullptr } }; diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index d15e47ad1..22799b5d1 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -1311,11 +1311,16 @@ static void DCE2_SmbDataFree(DCE2_SmbSsnData* ssd) Dce2SmbFlowData::Dce2SmbFlowData() : FlowData(inspector_id) { + dce2_smb_stats.concurrent_sessions++; + if(dce2_smb_stats.max_concurrent_sessions < dce2_smb_stats.concurrent_sessions) + dce2_smb_stats.max_concurrent_sessions = dce2_smb_stats.concurrent_sessions; } Dce2SmbFlowData::~Dce2SmbFlowData() { DCE2_SmbDataFree(&dce2_smb_session); + if (dce2_smb_stats.concurrent_sessions > 0) + dce2_smb_stats.concurrent_sessions--; } unsigned Dce2SmbFlowData::inspector_id = 0; diff --git a/src/service_inspectors/dnp3/dnp3.cc b/src/service_inspectors/dnp3/dnp3.cc index 1f180d79d..7875ada42 100644 --- a/src/service_inspectors/dnp3/dnp3.cc +++ b/src/service_inspectors/dnp3/dnp3.cc @@ -37,6 +37,15 @@ THREAD_LOCAL ProfileStats dnp3_perf_stats; Dnp3FlowData::Dnp3FlowData() : FlowData(inspector_id) { + dnp3_stats.concurrent_sessions++; + if(dnp3_stats.max_concurrent_sessions < dnp3_stats.concurrent_sessions) + dnp3_stats.max_concurrent_sessions = dnp3_stats.concurrent_sessions; +} + +Dnp3FlowData::~Dnp3FlowData() +{ + if (dnp3_stats.concurrent_sessions > 0) + dnp3_stats.concurrent_sessions--; } unsigned Dnp3FlowData::inspector_id = 0; diff --git a/src/service_inspectors/dnp3/dnp3.h b/src/service_inspectors/dnp3/dnp3.h index bf25fbf35..6cc9cf3b3 100644 --- a/src/service_inspectors/dnp3/dnp3.h +++ b/src/service_inspectors/dnp3/dnp3.h @@ -104,6 +104,8 @@ struct Dnp3Stats PegCount tcp_pdus; PegCount dnp3_link_layer_frames; PegCount dnp3_application_pdus; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; }; /* DNP3 header structures */ @@ -169,6 +171,7 @@ class Dnp3FlowData : public FlowData { public: Dnp3FlowData(); + ~Dnp3FlowData(); static void init() { diff --git a/src/service_inspectors/dnp3/dnp3_module.cc b/src/service_inspectors/dnp3/dnp3_module.cc index a4763b3cd..19904161e 100644 --- a/src/service_inspectors/dnp3/dnp3_module.cc +++ b/src/service_inspectors/dnp3/dnp3_module.cc @@ -56,6 +56,8 @@ static const PegInfo dnp3_pegs[] = { "tcp_pdus", "total tcp pdus" }, { "dnp3_link_layer_frames", "total dnp3 link layer frames" }, { "dnp3_application_pdus", "total dnp3 application pdus" }, + { "concurrent_sessions", "total concurrent dnp3 sessions" }, + { "max_concurrent_sessions", "maximum concurrent dnp3 sessions" }, { nullptr, nullptr } }; diff --git a/src/service_inspectors/ftp_telnet/ftp.cc b/src/service_inspectors/ftp_telnet/ftp.cc index 05fdb0f6d..2a8211d4a 100644 --- a/src/service_inspectors/ftp_telnet/ftp.cc +++ b/src/service_inspectors/ftp_telnet/ftp.cc @@ -50,7 +50,7 @@ int16_t ftp_data_app_id = SFTARGET_UNKNOWN_PROTOCOL; #define server_help "FTP inspector server module" THREAD_LOCAL ProfileStats ftpPerfStats; -THREAD_LOCAL SimpleStats ftstats; +THREAD_LOCAL FtpStats ftstats; //------------------------------------------------------------------------- // implementation stuff diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc index b59fe330c..5401022ed 100644 --- a/src/service_inspectors/ftp_telnet/ftp_module.cc +++ b/src/service_inspectors/ftp_telnet/ftp_module.cc @@ -335,6 +335,15 @@ static const RuleMap ftp_server_rules[] = { 0, nullptr } }; +static const PegInfo ftp_pegs[] = +{ + { "total_packets", "total packets" }, + { "concurrent_sessions", "total concurrent ftp sessions" }, + { "max_concurrent_sessions", "maximum concurrent ftp sessions" }, + + { nullptr, nullptr } +}; + //------------------------------------------------------------------------- FtpServerModule::FtpServerModule() : @@ -490,7 +499,7 @@ bool FtpServerModule::end(const char* fqn, int idx, SnortConfig*) } const PegInfo* FtpServerModule::get_pegs() const -{ return simple_pegs; } +{ return ftp_pegs; } PegCount* FtpServerModule::get_counts() const { return (PegCount*)&ftstats; } diff --git a/src/service_inspectors/ftp_telnet/ftp_module.h b/src/service_inspectors/ftp_telnet/ftp_module.h index 6f1a0f10c..94f375568 100644 --- a/src/service_inspectors/ftp_telnet/ftp_module.h +++ b/src/service_inspectors/ftp_telnet/ftp_module.h @@ -36,9 +36,10 @@ #define FTP_BOUNCE 8 #define FTP_EVASIVE_TELNET_CMD 9 +struct FtpStats; struct SnortConfig; -extern THREAD_LOCAL SimpleStats ftstats; +extern THREAD_LOCAL FtpStats ftstats; extern THREAD_LOCAL ProfileStats ftpPerfStats; //------------------------------------------------------------------------- diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.cc b/src/service_inspectors/ftp_telnet/ftpp_si.cc index 0d8a0f8c3..27f50a4ff 100644 --- a/src/service_inspectors/ftp_telnet/ftpp_si.cc +++ b/src/service_inspectors/ftp_telnet/ftpp_si.cc @@ -59,6 +59,20 @@ unsigned FtpFlowData::inspector_id = 0; unsigned TelnetFlowData::inspector_id = 0; +TelnetFlowData::TelnetFlowData() : FlowData(inspector_id) +{ + memset(&session, 0, sizeof(session)); + tnstats.concurrent_sessions++; + if(tnstats.max_concurrent_sessions < tnstats.concurrent_sessions) + tnstats.max_concurrent_sessions = tnstats.concurrent_sessions; +} + +TelnetFlowData::~TelnetFlowData() +{ + if (tnstats.concurrent_sessions > 0) + tnstats.concurrent_sessions--; +} + /* * Function: TelnetResetsession(TELNET_SESSION *session) * @@ -104,9 +118,7 @@ static int TelnetStatefulsessionInspection(Packet* p, TelnetResetsession(Newsession); Newsession->ft_ssn.proto = FTPP_SI_PROTO_TELNET; Newsession->telnet_conf = GlobalConf; - SiInput->pproto = FTPP_SI_PROTO_TELNET; - p->flow->set_flow_data(fd); *Telnetsession = Newsession; @@ -394,6 +406,21 @@ static inline int FTPResetsession(FTP_SESSION* Ftpsession) return FTPP_SUCCESS; } +FtpFlowData::FtpFlowData() : FlowData(inspector_id) +{ + memset(&session, 0, sizeof(session)); + ftstats.concurrent_sessions++; + if(ftstats.max_concurrent_sessions < ftstats.concurrent_sessions) + ftstats.max_concurrent_sessions = ftstats.concurrent_sessions; +} + +FtpFlowData::~FtpFlowData() +{ + FTPFreesession(&session); + if (ftstats.concurrent_sessions > 0) + ftstats.concurrent_sessions--; +} + /* * Purpose: Initialize the session and server configurations for this * packet/stream. In this function, we set the session pointer @@ -426,7 +453,6 @@ static int FTPStatefulsessionInspection( Newsession->ft_ssn.proto = FTPP_SI_PROTO_FTP; Newsession->client_conf = ClientConf; Newsession->server_conf = ServerConf; - p->flow->set_flow_data(fd); *Ftpsession = Newsession; diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.h b/src/service_inspectors/ftp_telnet/ftpp_si.h index 6da6564d2..57cbea5d2 100644 --- a/src/service_inspectors/ftp_telnet/ftpp_si.h +++ b/src/service_inspectors/ftp_telnet/ftpp_si.h @@ -39,6 +39,7 @@ #include "file_api/file_api.h" #include "flow/flow.h" #include "flow/flow_key.h" +#include "framework/counts.h" #include "ftp_client.h" #include "ftp_server.h" @@ -95,10 +96,8 @@ struct TELNET_SESSION class TelnetFlowData : public FlowData { public: - TelnetFlowData() : FlowData(inspector_id) - { memset(&session, 0, sizeof(session)); } - - ~TelnetFlowData() { } + TelnetFlowData(); + ~TelnetFlowData(); static void init() { inspector_id = FlowData::create_flow_data_id(); } @@ -180,11 +179,8 @@ void FTPFreesession(FTP_SESSION*); class FtpFlowData : public FlowData { public: - FtpFlowData() : FlowData(inspector_id) - { memset(&session, 0, sizeof(session)); } - - ~FtpFlowData() - { FTPFreesession(&session); } + FtpFlowData(); + ~FtpFlowData(); static void init() { inspector_id = FlowData::create_flow_data_id(); } @@ -274,5 +270,22 @@ int FTPsessionInspection( int SetSiInput(FTPP_SI_INPUT*, Packet*); +struct FtpStats +{ + PegCount total_packets; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; +}; + +struct TelnetStats +{ + PegCount total_packets; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; +}; + +extern THREAD_LOCAL FtpStats ftstats; +extern THREAD_LOCAL TelnetStats tnstats; + #endif diff --git a/src/service_inspectors/ftp_telnet/telnet.cc b/src/service_inspectors/ftp_telnet/telnet.cc index 29ecaa255..654571bc0 100644 --- a/src/service_inspectors/ftp_telnet/telnet.cc +++ b/src/service_inspectors/ftp_telnet/telnet.cc @@ -36,7 +36,7 @@ #include "telnet_module.h" THREAD_LOCAL ProfileStats telnetPerfStats; -THREAD_LOCAL SimpleStats tnstats; +THREAD_LOCAL TelnetStats tnstats; //------------------------------------------------------------------------- // implementation diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc index 6c738a9f8..934f00064 100644 --- a/src/service_inspectors/ftp_telnet/telnet_module.cc +++ b/src/service_inspectors/ftp_telnet/telnet_module.cc @@ -56,6 +56,15 @@ static const Parameter s_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; +static const PegInfo telnet_pegs[] = +{ + { "total_packets", "total packets" }, + { "concurrent_sessions", "total concurrent telnet sessions" }, + { "max_concurrent_sessions", "maximum concurrent telnet sessions" }, + + { nullptr, nullptr } +}; + static const RuleMap telnet_rules[] = { { TELNET_AYT_OVERFLOW, TELNET_AYT_OVERFLOW_STR }, @@ -123,7 +132,7 @@ bool TelnetModule::end(const char*, int, SnortConfig*) } const PegInfo* TelnetModule::get_pegs() const -{ return simple_pegs; } +{ return telnet_pegs; } PegCount* TelnetModule::get_counts() const { return (PegCount*)&tnstats; } diff --git a/src/service_inspectors/ftp_telnet/telnet_module.h b/src/service_inspectors/ftp_telnet/telnet_module.h index 8f4e6c10b..ebe243672 100644 --- a/src/service_inspectors/ftp_telnet/telnet_module.h +++ b/src/service_inspectors/ftp_telnet/telnet_module.h @@ -34,8 +34,9 @@ #define TEL_HELP "telnet inspection and normalization" struct SnortConfig; +struct TelnetStats; -extern THREAD_LOCAL SimpleStats tnstats; +extern THREAD_LOCAL TelnetStats tnstats; extern THREAD_LOCAL ProfileStats telnetPerfStats; class TelnetModule : public Module diff --git a/src/service_inspectors/http_inspect/http_enum.h b/src/service_inspectors/http_inspect/http_enum.h index 910aae390..8e3c12c1a 100644 --- a/src/service_inspectors/http_inspect/http_enum.h +++ b/src/service_inspectors/http_inspect/http_enum.h @@ -64,7 +64,7 @@ enum HTTP_BUFFER { HTTP_BUFFER_CLIENT_BODY = 1, HTTP_BUFFER_COOKIE, HTTP_BUFFER_ enum PEG_COUNT { PEG_FLOW = 0, PEG_SCAN, PEG_REASSEMBLE, PEG_INSPECT, PEG_REQUEST, PEG_RESPONSE, PEG_GET, PEG_HEAD, PEG_POST, PEG_PUT, PEG_DELETE, PEG_CONNECT, PEG_OPTIONS, PEG_TRACE, PEG_OTHER_METHOD, PEG_REQUEST_BODY, PEG_CHUNKED, PEG_URI_NORM, PEG_URI_PATH, PEG_URI_CODING, - PEG_COUNT_MAX }; + PEG_CONCURRENT_SESSIONS, PEG_MAX_CONCURRENT_SESSIONS, PEG_COUNT_MAX }; // Result of scanning by splitter enum ScanResult { SCAN_NOTFOUND, SCAN_FOUND, SCAN_FOUND_PIECE, SCAN_DISCARD, SCAN_DISCARD_PIECE, diff --git a/src/service_inspectors/http_inspect/http_flow_data.cc b/src/service_inspectors/http_inspect/http_flow_data.cc index 17c403db2..71d7eb224 100644 --- a/src/service_inspectors/http_inspect/http_flow_data.cc +++ b/src/service_inspectors/http_inspect/http_flow_data.cc @@ -25,6 +25,7 @@ #include "decompress/file_decomp.h" +#include "http_module.h" #include "http_test_manager.h" #include "http_transaction.h" @@ -49,6 +50,10 @@ HttpFlowData::HttpFlowData() : FlowData(inspector_id) } } #endif + HttpModule::increment_peg_counts(PEG_CONCURRENT_SESSIONS); + if (HttpModule::get_peg_counts(PEG_MAX_CONCURRENT_SESSIONS) < + HttpModule::get_peg_counts(PEG_CONCURRENT_SESSIONS)) + HttpModule::increment_peg_counts(PEG_MAX_CONCURRENT_SESSIONS); } HttpFlowData::~HttpFlowData() @@ -60,6 +65,9 @@ HttpFlowData::~HttpFlowData() fflush(nullptr); } #endif + if (HttpModule::get_peg_counts(PEG_CONCURRENT_SESSIONS) > 0) + HttpModule::decrement_peg_counts(PEG_CONCURRENT_SESSIONS); + for (int k=0; k <= 1; k++) { delete infractions[k]; diff --git a/src/service_inspectors/http_inspect/http_module.h b/src/service_inspectors/http_inspect/http_module.h index 9f6bc7e0e..48f4b71f5 100644 --- a/src/service_inspectors/http_inspect/http_module.h +++ b/src/service_inspectors/http_inspect/http_module.h @@ -105,6 +105,10 @@ public: PegCount* get_counts() const override { return peg_counts; } static void increment_peg_counts(HttpEnums::PEG_COUNT counter) { peg_counts[counter]++; return; } + static void decrement_peg_counts(HttpEnums::PEG_COUNT counter) + { peg_counts[counter]--; return; } + static PegCount get_peg_counts(HttpEnums::PEG_COUNT counter) + { return peg_counts[counter]; } #ifdef REG_TEST static const PegInfo* get_peg_names() { return peg_names; } diff --git a/src/service_inspectors/http_inspect/http_tables.cc b/src/service_inspectors/http_inspect/http_tables.cc index cd3e5089e..68c52af0d 100644 --- a/src/service_inspectors/http_inspect/http_tables.cc +++ b/src/service_inspectors/http_inspect/http_tables.cc @@ -403,6 +403,8 @@ const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] = { "uri_normalizations", "URIs needing to be normalization" }, { "uri_path", "URIs with path problems" }, { "uri_coding", "URIs with character coding problems" }, + { "concurrent_sessions", "total concurrent http sessions" }, + { "max_concurrent_sessions", "maximum concurrent http sessions" }, { nullptr, nullptr } }; diff --git a/src/service_inspectors/rpc_decode/rpc_decode.cc b/src/service_inspectors/rpc_decode/rpc_decode.cc index 55a67d7ea..c09064052 100644 --- a/src/service_inspectors/rpc_decode/rpc_decode.cc +++ b/src/service_inspectors/rpc_decode/rpc_decode.cc @@ -102,13 +102,20 @@ typedef enum _RpcStatus RPC_STATUS__DEFRAG } RpcStatus; +struct RpcStats +{ + PegCount total_packets; + PegCount concurrent_sessions; + PegCount max_concurrent_sessions; +}; + static const uint32_t flush_size = 28; #define mod_name "rpc_decode" #define mod_help "RPC inspector" THREAD_LOCAL ProfileStats rpcdecodePerfStats; -THREAD_LOCAL SimpleStats rdstats; +THREAD_LOCAL RpcStats rdstats; static int ConvertRPC(RpcDecodeConfig*, RpcSsnData*, Packet*); @@ -590,11 +597,16 @@ static inline void RpcSsnClean(RpcSsnData* rsdata) RpcFlowData::RpcFlowData() : FlowData(inspector_id) { memset(&session, 0, sizeof(session)); + rdstats.concurrent_sessions++; + if(rdstats.max_concurrent_sessions < rdstats.concurrent_sessions) + rdstats.max_concurrent_sessions = rdstats.concurrent_sessions; } RpcFlowData::~RpcFlowData() { RpcSsnClean(&session); + if (rdstats.concurrent_sessions > 0) + rdstats.concurrent_sessions--; } static RpcSsnData* RpcSsnDataNew(Packet* p) diff --git a/src/service_inspectors/rpc_decode/rpc_module.cc b/src/service_inspectors/rpc_decode/rpc_module.cc index 7aff796b0..73bca7112 100644 --- a/src/service_inspectors/rpc_decode/rpc_module.cc +++ b/src/service_inspectors/rpc_decode/rpc_module.cc @@ -58,6 +58,15 @@ static const RuleMap rpc_rules[] = #define s_name "rpc_decode" #define s_help "RPC inspector" +static const PegInfo rpc_pegs[] = +{ + { "total_packets", "total packets" }, + { "concurrent_sessions", "total concurrent rpc sessions" }, + { "max_concurrent_sessions", "maximum concurrent rpc sessions" }, + + { nullptr, nullptr } +}; + RpcDecodeModule::RpcDecodeModule() : Module(s_name, s_help, s_params) { } @@ -65,7 +74,7 @@ const RuleMap* RpcDecodeModule::get_rules() const { return rpc_rules; } const PegInfo* RpcDecodeModule::get_pegs() const -{ return simple_pegs; } +{ return rpc_pegs; } PegCount* RpcDecodeModule::get_counts() const { return (PegCount*)&rdstats; } diff --git a/src/service_inspectors/rpc_decode/rpc_module.h b/src/service_inspectors/rpc_decode/rpc_module.h index a123836b1..f396c1f36 100644 --- a/src/service_inspectors/rpc_decode/rpc_module.h +++ b/src/service_inspectors/rpc_decode/rpc_module.h @@ -32,7 +32,9 @@ #define RPC_INCOMPLETE_SEGMENT 4 #define RPC_ZERO_LENGTH_FRAGMENT 5 -extern THREAD_LOCAL SimpleStats rdstats; +struct RpcStats; + +extern THREAD_LOCAL RpcStats rdstats; extern THREAD_LOCAL ProfileStats rpcdecodePerfStats; class RpcDecodeModule : public Module -- 2.47.3