/* disable snort memory manager */
#cmakedefine NO_MEM_MGR 1
-/* enable deep profiling */
-#cmakedefine DEEP_PROFILING 1
-
/* signal to dump stats */
#cmakedefine SIGNAL_SNORT_DUMP_STATS @SIGNAL_SNORT_DUMP_STATS@
--enable-gprof-profile enable gprof profiling options (developers only)
--disable-snort-profiler
disable snort performance profiling (cpu and memory) (developers only)
- --enable-deep-profiling
- enabled detailed snort performance profiling (developers only)
--disable-memory-manager
disable snort memory manager (developers only)
--disable-corefiles prevent Snort from generating core files
--disable-snort-profiler)
append_cache_entry DISABLE_SNORT_PROFILER BOOL true
;;
- --enable-deep-profiling)
- append_cache_entry ENABLE_DEEP_PROFILING BOOL true
- ;;
--disable-memory-manager)
append_cache_entry DISABLE_MEMORY_MANAGER BOOL true
;;
using namespace snort;
-THREAD_LOCAL ProfileStats detectPerfStats;
THREAD_LOCAL ProfileStats eventqPerfStats;
-THREAD_LOCAL ProfileStats rebuiltPacketPerfStats;
bool snort_ignore(Packet*) { return true; }
struct RuleTreeNode;
extern THREAD_LOCAL snort::ProfileStats eventqPerfStats;
-extern THREAD_LOCAL snort::ProfileStats detectPerfStats;
-extern THREAD_LOCAL snort::ProfileStats rebuiltPacketPerfStats;
// main loop hooks
bool snort_ignore(snort::Packet*);
bool DetectionEngine::detect(Packet* p, bool offload_ok)
{
assert(p);
- Profile profile(detectPerfStats);
if ( !p->ptrs.ip_api.is_valid() )
return false;
enum FPTask : uint8_t
{
FP = 1,
- NON_FP = 2,
- BOTH = FP | NON_FP
+ NON_FP = 2
};
+THREAD_LOCAL ProfileStats mpsePerfStats;
THREAD_LOCAL ProfileStats rulePerfStats;
-THREAD_LOCAL ProfileStats ruleRTNEvalPerfStats;
-THREAD_LOCAL ProfileStats ruleOTNEvalPerfStats;
-THREAD_LOCAL ProfileStats ruleNFPEvalPerfStats;
static void fp_immediate(Packet*);
+static void fp_immediate(MpseGroup*, OtnxMatchData*, const uint8_t*, unsigned);
// Initialize the OtnxMatchData structure. We do this for
// every packet so this only sets the necessary counters to
*/
int fpEvalRTN(RuleTreeNode* rtn, Packet* p, int check_ports)
{
- DeepProfile rule_profile(rulePerfStats);
- DeepProfile rule_rtn_eval_profile(ruleRTNEvalPerfStats);
-
if ( !rtn )
return 0;
return 1;
}
+int fp_eval_option(void* v, Cursor& c, Packet* p)
+{
+ IpsOption* opt = (IpsOption*)v;
+ // FIXIT-L use this with RuleProfile enabled in profiler_defs.h
+ // all ips options should be double counted w/o this exclude but
+ // this causes rule_eval to underflow.
+ //ProfileExclude exclude(rulePerfStats);
+ return opt->eval(c, p);
+}
+
static int detection_option_tree_evaluate(detection_option_tree_root_t* root,
detection_option_eval_data_t* eval_data)
{
print_pattern(pmx->pmd);
{
- DeepProfile rule_profile(rulePerfStats);
/* NOTE: The otn will be the first one in the match state. If there are
* multiple rules associated with a match state, mucking with the otn
* may muck with an unintended rule */
last_check->rebuild_flag = (eval_data.p->packet_flags & PKT_REBUILT_STREAM);
}
- int ret = 0;
- {
- DeepProfile rule_otn_eval_profile(ruleOTNEvalPerfStats);
- ret = detection_option_tree_evaluate(root, &eval_data);
- }
+ int ret = detection_option_tree_evaluate(root, &eval_data);
if ( ret )
pmqs.qualified_events++;
// during any signature evaluation
if ( omd->p->ptrs.udph && (omd->p->proto_bits & (PROTO_BIT__TEREDO | PROTO_BIT__GTP)) )
{
- int start_state = 0;
- MpseStash* stash = omd->p->context->stash;
- stash->init();
- so->get_normal_mpse()->search(buf, len, rule_tree_queue, omd->p->context, &start_state);
- stash->process(rule_tree_match, omd->p->context);
+ fp_immediate(so, omd, buf, len);
}
else
{
int rval = 0;
{
- DeepProfile rule_profile(rulePerfStats);
- DeepProfile rule_nfp_eval_profile(ruleNFPEvalPerfStats);
trace_log(detection, TRACE_RULE_EVAL, "Testing non-content rules\n");
rval = detection_option_tree_evaluate(
(detection_option_tree_root_t*)port_group->nfp_tree, &eval_data);
void fp_partial(Packet* p)
{
+ Profile mpse_profile(mpsePerfStats);
IpsContext* c = p->context;
MpseStash* stash = c->stash;
stash->enable_process();
stash->enable_process();
if ( search )
+ {
+ Profile mpse_profile(mpsePerfStats);
c->searches.search_sync();
-
- stash->process(rule_tree_match, c);
- fpEvalPacket(p, FPTask::NON_FP);
- fpFinalSelectEvent(c->otnx, p);
- c->searches.items.clear();
+ }
+ {
+ Profile rule_profile(rulePerfStats);
+ stash->process(rule_tree_match, c);
+ fpEvalPacket(p, FPTask::NON_FP);
+ fpFinalSelectEvent(c->otnx, p);
+ c->searches.items.clear();
+ }
}
void fp_full(Packet* p)
{
IpsContext* c = p->context;
MpseStash* stash = c->stash;
- stash->enable_process();
- c->searches.search_sync();
- stash->process(rule_tree_match, c);
- c->searches.items.clear();
+ {
+ Profile mpse_profile(mpsePerfStats);
+ stash->enable_process();
+ c->searches.search_sync();
+ }
+ {
+ Profile rule_profile(rulePerfStats);
+ stash->process(rule_tree_match, c);
+ c->searches.items.clear();
+ }
+}
+
+static void fp_immediate(MpseGroup* so, OtnxMatchData* omd, const uint8_t* buf, unsigned len)
+{
+ MpseStash* stash = omd->p->context->stash;
+ {
+ Profile mpse_profile(mpsePerfStats);
+ int start_state = 0;
+ stash->init();
+ so->get_normal_mpse()->search(buf, len, rule_tree_queue, omd->p->context, &start_state);
+ }
+ {
+ Profile rule_profile(rulePerfStats);
+ stash->process(rule_tree_match, omd->p->context);
+ }
}
// matches trigger rule tree evaluation.
#include "main/thread.h"
+#include "profiler/profiler_defs.h"
#define REBUILD_FLAGS (PKT_REBUILT_FRAG | PKT_REBUILT_STREAM)
struct Packet;
struct ProfileStats;
}
+
+class Cursor;
struct PortGroup;
struct OptTreeNode;
+extern THREAD_LOCAL snort::ProfileStats mpsePerfStats;
extern THREAD_LOCAL snort::ProfileStats rulePerfStats;
-extern THREAD_LOCAL snort::ProfileStats ruleRTNEvalPerfStats;
-extern THREAD_LOCAL snort::ProfileStats ruleOTNEvalPerfStats;
-extern THREAD_LOCAL snort::ProfileStats ruleNFPEvalPerfStats;
struct RuleTreeNode;
int fpLogEvent(const RuleTreeNode*, const OptTreeNode*, snort::Packet*);
int fpEvalRTN(RuleTreeNode*, snort::Packet*, int check_ports);
+int fp_eval_option(void*, Cursor&, snort::Packet*);
#define MAX_NUM_RULE_TYPES 16 // max number of allowed rule types
virtual PatternMatchData* get_alternate_pattern()
{ return nullptr; }
- static int eval(void* v, Cursor& c, Packet* p)
- {
- IpsOption* opt = (IpsOption*)v;
- return opt->eval(c, p);
- }
-
static void set_buffer(const char*);
protected:
namespace snort
{
-THREAD_LOCAL ProfileStats mpsePerfStats;
//-------------------------------------------------------------------------
// base stuff
const unsigned char* T, int n, MpseMatch match,
void* context, int* current_state)
{
- DeepProfile profile(mpsePerfStats);
pmqs.matched_bytes += n;
return _search(T, n, match, context, current_state);
}
const unsigned char* T, int n, MpseMatch match,
void* context, int* current_state)
{
- DeepProfile profile(mpsePerfStats);
pmqs.matched_bytes += n;
return _search(T, n, match, context, current_state);
}
void Mpse::search(MpseBatch& batch, MpseType mpse_type)
{
- DeepProfile profile(mpsePerfStats);
_search(batch, mpse_type);
}
const MpseApi* api;
};
-extern THREAD_LOCAL ProfileStats mpsePerfStats;
-
typedef void (* MpseOptFunc)(SnortConfig*);
typedef void (* MpseExeFunc)();
IpsOption::EvalStatus TcpAckOption::eval(Cursor&, Packet* p)
{
- Profile profile(tcpAckPerfStats);
+ RuleProfile profile(tcpAckPerfStats);
if ( p->ptrs.tcph && config.eval(p->ptrs.tcph->th_ack) )
return MATCH;
IpsOption::EvalStatus Asn1Option::eval(Cursor& c, Packet* p)
{
- Profile profile(asn1PerfStats);
+ RuleProfile profile(asn1PerfStats);
// Failed if there is no data to decode.
if (!p->data)
IpsOption::EvalStatus Base64DecodeOption::eval(Cursor& c, Packet*)
{
- Profile profile(base64PerfStats);
+ RuleProfile profile(base64PerfStats);
base64_decode_buffer->size = 0;
Base64DecodeData* idx = (Base64DecodeData*)&config;
IpsOption::EvalStatus Base64DataOption::eval(Cursor& c, Packet*)
{
- Profile profile(base64PerfStats);
+ RuleProfile profile(base64PerfStats);
if ( !base64_decode_buffer->size )
return NO_MATCH;
IpsOption::EvalStatus LenOption::eval(Cursor& c, Packet*)
{
- Profile profile(lenCheckPerfStats);
+ RuleProfile profile(lenCheckPerfStats);
if ( config.eval(c.length()) )
return MATCH;
IpsOption::EvalStatus ByteExtractOption::eval(Cursor& c, Packet* p)
{
- Profile profile(byteExtractPerfStats);
+ RuleProfile profile(byteExtractPerfStats);
ByteExtractData* data = &config;
IpsOption::EvalStatus ByteJumpOption::eval(Cursor& c, Packet* p)
{
- Profile profile(byteJumpPerfStats);
+ RuleProfile profile(byteJumpPerfStats);
ByteJumpData* bjd = (ByteJumpData*)&config;
IpsOption::EvalStatus ByteMathOption::eval(Cursor& c, Packet* p)
{
- Profile profile(byteMathPerfStats);
+ RuleProfile profile(byteMathPerfStats);
if (p == nullptr)
return NO_MATCH;
IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p)
{
- Profile profile(byteTestPerfStats);
+ RuleProfile profile(byteTestPerfStats);
ByteTestData* btd = (ByteTestData*)&config;
uint32_t cmp_value = 0;
static IpsOption::EvalStatus CheckANDPatternMatch(ContentData* idx, Cursor& c)
{
- Profile profile(contentPerfStats);
+ RuleProfile profile(contentPerfStats);
int found = uniSearchReal(idx, c);
// Test the packet's payload size against the rule payload size value
IpsOption::EvalStatus DsizeOption::eval(Cursor&, Packet* p)
{
- Profile profile(dsizePerfStats);
+ RuleProfile profile(dsizePerfStats);
/* fake packet dsizes are always wrong
(unless they are PDUs) */
IpsOption::EvalStatus FileDataOption::eval(Cursor& c, Packet* p)
{
- Profile profile(fileDataPerfStats);
+ RuleProfile profile(fileDataPerfStats);
DataPointer dp = DetectionEngine::get_file_data(p->context);
IpsOption::EvalStatus FileTypeOption::eval(Cursor&, Packet* pkt)
{
- Profile profile(fileTypePerfStats);
+ RuleProfile profile(fileTypePerfStats);
if (!pkt->flow)
return NO_MATCH;
IpsOption::EvalStatus TcpFlagOption::eval(Cursor&, Packet* p)
{
- Profile profile(tcpFlagsPerfStats);
+ RuleProfile profile(tcpFlagsPerfStats);
// if error appeared when tcp header was processed,
// test fails automagically.
IpsOption::EvalStatus FlowCheckOption::eval(Cursor&, Packet* p)
{
- Profile profile(flowCheckPerfStats);
+ RuleProfile profile(flowCheckPerfStats);
FlowCheckData* fcd = &config;
IpsOption::EvalStatus FlowBitsOption::eval(Cursor&, Packet* p)
{
- Profile profile(flowBitsPerfStats);
+ RuleProfile profile(flowBitsPerfStats);
FLOWBITS_OP* flowbits = config;
IpsOption::EvalStatus FragBitsOption::eval(Cursor&, Packet* p)
{
- Profile profile(fragBitsPerfStats);
+ RuleProfile profile(fragBitsPerfStats);
if ( !p->has_ip() )
return NO_MATCH;
IpsOption::EvalStatus FragOffsetOption::eval(Cursor&, Packet* p)
{
- Profile profile(fragOffsetPerfStats);
+ RuleProfile profile(fragOffsetPerfStats);
if (!p->has_ip())
return NO_MATCH;
IpsOption::EvalStatus HashOption::eval(Cursor& c, Packet*)
{
- Profile profile(hash_ps[idx]);
+ RuleProfile profile(hash_ps[idx]);
int found = match(c);
IpsOption::EvalStatus IcmpIdOption::eval(Cursor&, Packet* p)
{
- Profile profile(icmpIdPerfStats);
+ RuleProfile profile(icmpIdPerfStats);
if (!p->ptrs.icmph)
return NO_MATCH;
IpsOption::EvalStatus IcmpSeqOption::eval(Cursor&, Packet* p)
{
- Profile profile(icmpSeqPerfStats);
+ RuleProfile profile(icmpSeqPerfStats);
if (!p->ptrs.icmph)
return NO_MATCH;
IpsOption::EvalStatus IcodeOption::eval(Cursor&, Packet* p)
{
- Profile profile(icmpCodePerfStats);
+ RuleProfile profile(icmpCodePerfStats);
// return 0 if we don't have an icmp header
if (!p->ptrs.icmph)
IpsOption::EvalStatus IpIdOption::eval(Cursor&, Packet* p)
{
- Profile profile(ipIdPerfStats);
+ RuleProfile profile(ipIdPerfStats);
if (!p->has_ip())
return NO_MATCH;
IpsOption::EvalStatus IpProtoOption::eval(Cursor&, Packet* p)
{
- Profile profile(ipProtoPerfStats);
+ RuleProfile profile(ipProtoPerfStats);
IpProtoData* ipd = &config;
IpsOption::EvalStatus IpOptOption::eval(Cursor&, Packet* p)
{
- Profile profile(ipOptionPerfStats);
+ RuleProfile profile(ipOptionPerfStats);
if ( !p->is_ip4() )
// if error occurred while ip header
IpsOption::EvalStatus IsDataAtOption::eval(Cursor& c, Packet*)
{
- Profile profile(isDataAtPerfStats);
+ RuleProfile profile(isDataAtPerfStats);
int offset;
IpsOption::EvalStatus IcmpTypeOption::eval(Cursor&, Packet* p)
{
- Profile profile(icmpTypePerfStats);
+ RuleProfile profile(icmpTypePerfStats);
// return 0 if we don't have an icmp header
if (!p->ptrs.icmph)
IpsOption::EvalStatus LuaJitOption::eval(Cursor& c, Packet*)
{
- Profile profile(luaIpsPerfStats);
+ RuleProfile profile(luaIpsPerfStats);
cursor = &c;
IpsOption::EvalStatus PcreOption::eval(Cursor& c, Packet*)
{
- Profile profile(pcrePerfStats);
+ RuleProfile profile(pcrePerfStats);
// short circuit this for testing pcre performance impact
if ( SnortConfig::no_pcre() )
IpsOption::EvalStatus PktDataOption::eval(Cursor& c, Packet* p)
{
- Profile profile(pktDataPerfStats);
+ RuleProfile profile(pktDataPerfStats);
c.reset(p);
return MATCH;
IpsOption::EvalStatus RawDataOption::eval(Cursor& c, Packet* p)
{
- Profile profile(rawDataPerfStats);
+ RuleProfile profile(rawDataPerfStats);
c.set(s_name, p->data, p->dsize);
return MATCH;
IpsOption::EvalStatus RegexOption::eval(Cursor& c, Packet*)
{
- Profile profile(regex_perf_stats);
+ RuleProfile profile(regex_perf_stats);
unsigned pos = c.get_delta();
IpsOption::EvalStatus ReplaceOption::eval(Cursor& c, Packet* p)
{
- Profile profile(replacePerfStats);
+ RuleProfile profile(replacePerfStats);
if ( p->is_cooked() )
return NO_MATCH;
void ReplaceOption::action(Packet*)
{
- Profile profile(replacePerfStats);
+ RuleProfile profile(replacePerfStats);
if ( pending() )
Replace_QueueChange(repl, (unsigned)pos());
IpsOption::EvalStatus RpcOption::eval(Cursor&, Packet* p)
{
- Profile profile(rpcCheckPerfStats);
+ RuleProfile profile(rpcCheckPerfStats);
if ( !is_valid(p) )
return NO_MATCH;
IpsOption::EvalStatus SdPatternOption::eval(Cursor& c, Packet* p)
{
- Profile profile(sd_pattern_perf_stats);
+ RuleProfile profile(sd_pattern_perf_stats);
unsigned matches = SdSearch(c, p);
IpsOption::EvalStatus TcpSeqOption::eval(Cursor&, Packet* p)
{
- Profile profile(tcpSeqPerfStats);
+ RuleProfile profile(tcpSeqPerfStats);
if (!p->ptrs.tcph)
return NO_MATCH;
IpsOption::EvalStatus SessionOption::eval(Cursor&, Packet* p)
{
- Profile profile(sessionPerfStats);
+ RuleProfile profile(sessionPerfStats);
if ( !p->dsize || !p->data )
return MATCH;
IpsOption::EvalStatus SoOption::eval(Cursor& c, Packet* p)
{
- Profile profile(soPerfStats);
+ RuleProfile profile(soPerfStats);
return func(data, c, p);
}
IpsOption::EvalStatus IpTosOption::eval(Cursor&, Packet* p)
{
- Profile profile(ipTosPerfStats);
+ RuleProfile profile(ipTosPerfStats);
if(!p->ptrs.ip_api.is_ip())
return NO_MATCH;
IpsOption::EvalStatus TtlOption::eval(Cursor&, Packet* p)
{
- Profile profile(ttlCheckPerfStats);
+ RuleProfile profile(ttlCheckPerfStats);
if(!p->ptrs.ip_api.is_ip())
return NO_MATCH;
IpsOption::EvalStatus TcpWinOption::eval(Cursor&, Packet* p)
{
- Profile profile(tcpWinPerfStats);
+ RuleProfile profile(tcpWinPerfStats);
if (!p->ptrs.tcph)
return NO_MATCH;
static MainHook_f main_hook = snort_ignore;
THREAD_LOCAL ProfileStats totalPerfStats;
+THREAD_LOCAL ProfileStats daqPerfStats;
+
static THREAD_LOCAL Analyzer* local_analyzer = nullptr;
//-------------------------------------------------------------------------
PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n",
get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id,
get_ips_policy()->user_policy_id);
- PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict));
+ PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict));
PacketTracer::dump(p);
}
if (verdict == DAQ_VERDICT_RETRY)
retry_queue->put(p->daq_msg);
+
else if ( !p->active->is_packet_held() )
{
// Publish an event if something has indicated that it wants the
FinalizePacketEvent event(p, verdict);
DataBus::publish(FINALIZE_PACKET_EVENT, event);
}
-
- p->daq_instance->finalize_message(p->daq_msg, verdict);
+ {
+ Profile profile(daqPerfStats);
+ p->daq_instance->finalize_message(p->daq_msg, verdict);
+ }
}
}
void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry)
{
+ Profile profile(totalPerfStats);
const DAQ_PktHdr_t* pkthdr = daq_msg_get_pkthdr(msg);
-
set_default_policy();
- Profile profile(totalPerfStats);
if (!retry)
{
default:
break;
}
- daq_instance->finalize_message(msg, DAQ_VERDICT_PASS);
+ {
+ Profile profile(daqPerfStats);
+ daq_instance->finalize_message(msg, DAQ_VERDICT_PASS);
+ }
}
void Analyzer::process_retry_queue()
*/
bool Analyzer::inspect_rebuilt(Packet* p)
{
- // Need to include this b/c call is outside the detect tree
- Profile detect_profile(detectPerfStats);
- DeepProfile rebuilt_profile(rebuiltPacketPerfStats);
-
DetectionEngine de;
return main_hook(p);
}
void Analyzer::finalize_daq_message(DAQ_Msg_h msg, DAQ_Verdict verdict)
{
+ // FIXIT-L excluding daqPerfStats profile here because it needs to
+ // be excluded by stream_tcp which requires some refactoring.
+ // Instead the profiler could automatically exclude from current
+ // context if new scope has no parent but that requires additional
+ // plumbing.
+ // Profile profile(daqPerfStats);
daq_instance->finalize_message(msg, verdict);
}
{
DAQ_Msg_h msg;
while ((msg = retry_queue->get()) != nullptr)
+ {
+ Profile profile(daqPerfStats);
daq_instance->finalize_message(msg, DAQ_VERDICT_BLOCK);
+ }
daq_instance->stop();
}
SFDAQ::set_local_instance(nullptr);
if (pause_after_cnt && pause_after_cnt < max_recv)
max_recv = pause_after_cnt;
- DAQ_RecvStatus rstat = daq_instance->receive_messages(max_recv);
+ DAQ_RecvStatus rstat;
+ {
+ Profile profile(daqPerfStats);
+ rstat = daq_instance->receive_messages(max_recv);
+ }
unsigned num_recv = 0;
DAQ_Msg_h msg;
// Dispose of any messages to be skipped first.
if (skip_cnt > 0)
{
+ Profile profile(daqPerfStats);
aux_counts.skipped++;
skip_cnt--;
daq_instance->finalize_message(msg, DAQ_VERDICT_PASS);
std::mutex pending_work_queue_mutex;
};
+extern THREAD_LOCAL snort::ProfileStats daqPerfStats;
extern THREAD_LOCAL snort::ProfileStats totalPerfStats;
#endif
static ProfileStats* get_profile(const char* key)
{
- if ( !strcmp(key, "detect") )
- return &detectPerfStats;
+ if ( !strcmp(key, "daq") )
+ return &daqPerfStats;
+
+ if ( !strcmp(key, "decode") )
+ return &decodePerfStats;
if ( !strcmp(key, "mpse") )
return &mpsePerfStats;
- if ( !strcmp(key, "rebuilt_packet") )
- return &rebuiltPacketPerfStats;
-
if ( !strcmp(key, "rule_eval") )
return &rulePerfStats;
- if ( !strcmp(key, "rtn_eval") )
- return &ruleRTNEvalPerfStats;
-
- if ( !strcmp(key, "rule_tree_eval") )
- return &ruleOTNEvalPerfStats;
-
- if ( !strcmp(key, "nfp_rule_tree_eval") )
- return &ruleNFPEvalPerfStats;
-
- if ( !strcmp(key, "decode") )
- return &decodePerfStats;
-
if ( !strcmp(key, "eventq") )
return &eventqPerfStats;
static void register_profiles()
{
- Profiler::register_module("detect", nullptr, get_profile);
- Profiler::register_module("mpse", "detect", get_profile);
- Profiler::register_module("rebuilt_packet", "detect", get_profile);
- Profiler::register_module("rule_eval", "detect", get_profile);
- Profiler::register_module("rtn_eval", "rule_eval", get_profile);
- Profiler::register_module("rule_tree_eval", "rule_eval", get_profile);
- Profiler::register_module("nfp_rule_tree_eval", "rule_eval", get_profile);
+ Profiler::register_module("daq", nullptr, get_profile);
Profiler::register_module("decode", nullptr, get_profile);
+ Profiler::register_module("mpse", nullptr, get_profile);
+ Profiler::register_module("rule_eval", nullptr, get_profile);
Profiler::register_module("eventq", nullptr, get_profile);
Profiler::register_module("total", nullptr, get_profile);
- Profiler::register_module("daq_meta", nullptr, get_profile);
}
-//-------------------------------------------------------------------------
-// helpers
-//-------------------------------------------------------------------------
-
//-------------------------------------------------------------------------
// initialization
//-------------------------------------------------------------------------
#include <cassert>
#include <list>
+#include "detection/fp_detect.h"
#include "detection/treenodes.h"
#include "log/messages.h"
#include "main/snort_config.h"
ips = (IpsOption*)prev;
}
- OptFpList* fpl = AddOptFuncToList(IpsOption::eval, otn);
+ OptFpList* fpl = AddOptFuncToList(fp_eval_option, otn);
fpl->ips_opt = ips;
fpl->type = ips->get_type();
dns_host_detector_process_patterns();
read_port_detectors(ODP_PORT_DETECTORS);
read_port_detectors(CUSTOM_PORT_DETECTORS);
- appid_http_profiler_init();
-#ifdef ENABLE_APPID_THIRD_PARTY
- tp_appid_profiler_init();
-#endif
once = true;
}
#ifdef USE_RNA_CONFIG
"body",
};
-static THREAD_LOCAL snort::ProfileStats process_http_perf_stats;
-static ProfileStats* get_profile(const char*)
-{
- return &process_http_perf_stats;
-}
-void appid_http_profiler_init()
-{
- Profiler::register_module("http_process", "appid", get_profile);
-}
-
AppIdHttpSession::AppIdHttpSession(AppIdSession& asd)
: asd(asd)
{
int AppIdHttpSession::process_http_packet(AppidSessionDirection direction,
AppidChangeBits& change_bits)
{
- DeepProfile profile(process_http_perf_stats);
AppId service_id = APP_ID_NONE;
AppId client_id = APP_ID_NONE;
AppId payload_id = APP_ID_NONE;
#endif
};
-void appid_http_profiler_init();
-
#endif
#define MAX_CANDIDATE_CLIENTS 10
-static THREAD_LOCAL ProfileStats client_disco_perf_stats;
-static ProfileStats* get_profile(const char*)
-{
- return &client_disco_perf_stats;
-}
-
ClientDiscovery* ClientDiscovery::discovery_manager = nullptr;
THREAD_LOCAL ClientAppMatch* match_free_list = nullptr;
for ( auto kv : udp_detectors )
kv.second->initialize();
-
- Profiler::register_module("client_discovery", "appid", get_profile);
}
void ClientDiscovery::finalize_client_plugins()
bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p,
AppidSessionDirection direction, AppidChangeBits& change_bits)
{
- DeepProfile profile(client_disco_perf_stats);
bool isTpAppidDiscoveryDone = false;
AppInfoTableEntry* entry;
uint32_t prevRnaClientState = asd.client_disco_state;
// first match wins...
IpsOption::EvalStatus AppIdIpsOption::eval(Cursor&, Packet* p)
{
+ RuleProfile profile(ips_appid_perf_stats);
+
if ( !p->flow )
return NO_MATCH;
- DeepProfile profile(ips_appid_perf_stats);
AppIdSession* session = appid_api.get_appid_session(*(p->flow));
if ( !session )
LUA_LOG_TRACE = 5,
};
-// FIXIT-L: Add separate perf stats for ODP detectors and custom
-// detectors if more granularity is desired
-static THREAD_LOCAL ProfileStats lua_validate_perf_stats;
-
-static ProfileStats* get_profile(const char*)
-{
- return &lua_validate_perf_stats;
-}
-void lua_detector_profiler_init()
-{
- Profiler::register_module("lua_validate", "appid", get_profile);
-}
-
static std::unordered_map<AppId, CHPApp*>* CHP_glossary = nullptr; // tracks http multipatterns
void init_chp_glossary()
int LuaServiceDetector::validate(AppIdDiscoveryArgs& args)
{
- DeepProfile profile(lua_validate_perf_stats);
//FIXIT-M: RELOAD - use lua references to get user data object from stack
auto my_lua_state = lua_detector_mgr? lua_detector_mgr->L : nullptr;
lua_settop(my_lua_state,0);
int LuaClientDetector::validate(AppIdDiscoveryArgs& args)
{
- DeepProfile profile(lua_validate_perf_stats);
//FIXIT-M: RELOAD - use lua references to get user data object from stack
auto my_lua_state = lua_detector_mgr? lua_detector_mgr->L : nullptr;
std::string name = this->name + "_";
{ return cd; }
};
-void lua_detector_profiler_init();
int register_detector(lua_State*);
void init_chp_glossary();
int init(lua_State*, int result=0);
void LuaDetectorManager::initialize(AppIdConfig& config, int is_control)
{
- if (is_control)
- lua_detector_profiler_init();
-
// FIXIT-M: RELOAD - When reload is supported, remove this line which prevents re-initialize
if (lua_detector_mgr)
return;
using namespace snort;
-static THREAD_LOCAL ProfileStats service_disco_perf_stats;
-static ProfileStats* get_profile(const char*)
-{
- return &service_disco_perf_stats;
-}
-
static ServiceDetector* ftp_service;
ServiceDiscovery* ServiceDiscovery::discovery_manager = nullptr;
kv.second->initialize();
service_detector_list.emplace_back(kv.second);
}
-
- Profiler::register_module("service_discovery", "appid", get_profile);
}
void ServiceDiscovery::finalize_service_patterns()
bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p,
AppidSessionDirection direction, AppidChangeBits& change_bits)
{
- DeepProfile profile(service_disco_perf_stats);
bool isTpAppidDiscoveryDone = false;
uint32_t prevRnaServiceState = asd.service_disco_state;
AppId tp_app_id = asd.get_tp_app_id();
typedef AppIdHttpSession::pair_t pair_t;
-static THREAD_LOCAL ProfileStats tp_lib_perf_stats;
-static THREAD_LOCAL ProfileStats tp_disco_perf_stats;
-
-static ProfileStats* get_profile(const char* key)
-{
- if ( !strcmp(key, "tp_discovery") )
- return &tp_disco_perf_stats;
- if ( !strcmp(key, "tp_library") )
- return &tp_lib_perf_stats;
- return nullptr;
-}
-
-void tp_appid_profiler_init()
-{
- Profiler::register_module("tp_discovery", "appid", get_profile);
- Profiler::register_module("tp_library", "tp_discovery", get_profile);
-}
-
static inline bool contains(const vector<AppId>& vec, const AppId val)
{
for (const auto& elem : vec)
bool do_tp_discovery(AppIdSession& asd, IpProtocol protocol,
Packet* p, AppidSessionDirection& direction, AppidChangeBits& change_bits)
{
- DeepProfile tp_disco_profile(tp_disco_perf_stats);
AppId tp_app_id = asd.get_tp_app_id();
if (tp_app_id == APP_ID_SSH && asd.payload.get_id() != APP_ID_SFTP &&
if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK)
|| asd.config->mod_config->tp_allow_probes)
{
- DeepProfile tp_lib_profile(tp_lib_perf_stats);
int tp_confidence;
ThirdPartyAppIDAttributeData tp_attribute_data;
vector<AppId> tp_proto_list;
class AppIdSession;
-void tp_appid_profiler_init();
-bool do_tp_discovery(AppIdSession&, IpProtocol, snort::Packet*, AppidSessionDirection&,
- AppidChangeBits&);
+bool do_tp_discovery(
+ AppIdSession&, IpProtocol, snort::Packet*, AppidSessionDirection&, AppidChangeBits&);
#endif
#ifdef NO_PROFILER
using Profile = ProfileDisabled;
-using DeepProfile = ProfileDisabled;
using NoProfile = ProfileDisabled;
#else
#ifdef NO_MEM_MGR
using Profile = NoMemContext;
using NoProfile = NoMemExclude;
-#ifdef DEEP_PROFILING
-using DeepProfile = NoMemContext;
-#else
-using DeepProfile = ProfileDisabled;
-#endif
#else
using Profile = ProfileContext;
using NoProfile = ProfileExclude;
-#ifdef DEEP_PROFILING
-using DeepProfile = ProfileContext;
-#else
-using DeepProfile = ProfileDisabled;
-#endif
#endif
#endif
+// developer enable for profiling rule options
+// see also fp_eval_option
+//using RuleProfile = ProfileContext;
+using RuleProfile = ProfileDisabled;
+
}
#endif
if (cot->ctx_ids == nullptr)
return DCE2_RET__ERROR;
- // FIXIT-M these Profile aren't actually helping ...
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_ctx);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_ctx);
- }
- // FIXIT-M add missing cases (HTTP, UDP, ...)
-
DCE2_CoCtxIdNode* ctx_id_node =
(DCE2_CoCtxIdNode*)DCE2_ListFind(cot->ctx_ids, (void*)(uintptr_t)ctx_id);
dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoSynId));
}
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_ctx);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_ctx);
- }
/* If there is already an accepted node with in the list
* with this ctx, just return */
}
}
-static void dce_co_process_ctx_result(DCE2_SsnData* sd,DCE2_CoTracker* cot,
- const DceRpcCoHdr* co_hdr,DCE2_Policy policy,
- uint16_t result)
+static void dce_co_process_ctx_result(DCE2_SsnData*, DCE2_CoTracker* cot,
+ const DceRpcCoHdr* co_hdr,DCE2_Policy policy, uint16_t result)
{
DCE2_CoCtxIdNode* ctx_node, * existing_ctx_node;
DCE2_Ret status;
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_ctx);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_ctx);
- }
-
/* Dequeue context item in pending queue - this will get put in the permanent
* context id list or freed */
ctx_node = (DCE2_CoCtxIdNode*)DCE2_QueueDequeue(cot->pending_ctx_ids);
int co_hdr_len = from_client ? DCE2_MOCK_HDR_LEN__CO_CLI : DCE2_MOCK_HDR_LEN__CO_SRV;
int smb_hdr_len = from_client ? DCE2_MOCK_HDR_LEN__SMB_CLI : DCE2_MOCK_HDR_LEN__SMB_SRV;
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_reass);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_reass);
- }
-
DCE2_RpktType rpkt_type;
Packet* rpkt = DCE2_CoGetRpkt(sd, cot, co_rtype, &rpkt_type);
if (rpkt == nullptr)
dce2CommonStats* dce_common_stats = dce_get_proto_stats_ptr(sd);
Packet* p = DetectionEngine::get_current_packet();
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_frag);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_frag);
- }
-
if ( p->is_from_client() )
{
if (frag_len > dce_common_stats->co_cli_max_frag_size)
Packet* rpkt = nullptr;
int smb_hdr_len = p->is_from_client() ? DCE2_MOCK_HDR_LEN__SMB_CLI : DCE2_MOCK_HDR_LEN__SMB_SRV;
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_reass);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_reass);
- }
-
switch (sd->trans)
{
case DCE2_TRANS_TYPE__SMB:
* buffer object if necessary.
*
********************************************************************/
-static DCE2_Ret DCE2_CoHandleSegmentation(DCE2_SsnData* sd, DCE2_CoSeg* seg,
+static DCE2_Ret DCE2_CoHandleSegmentation(DCE2_SsnData*, DCE2_CoSeg* seg,
const uint8_t* data_ptr, uint16_t data_len, uint16_t need_len, uint16_t* data_used)
{
- DCE2_Ret status;
-
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- Profile profile(dce2_tcp_pstat_co_seg);
- }
- else
- {
- Profile profile(dce2_smb_pstat_co_seg);
- }
-
if (seg == nullptr)
{
return DCE2_RET__ERROR;
}
}
- status = DCE2_HandleSegmentation(seg->buf,
- data_ptr, data_len, need_len, data_used);
-
- return status;
+ return DCE2_HandleSegmentation(seg->buf, data_ptr, data_len, need_len, data_used);
}
/********************************************************************
}
-static void dce2_protocol_detect(DCE2_SsnData* sd, snort::Packet* pkt)
-{
- if (sd->trans == DCE2_TRANS_TYPE__TCP)
- {
- // FIXIT-M this doesn't look right; profile immediately goes out of scope
- Profile profile(dce2_tcp_pstat_detect);
- }
- else if (sd->trans == DCE2_TRANS_TYPE__SMB)
- {
- Profile profile(dce2_smb_pstat_detect);
- }
- else
- {
- Profile profile(dce2_udp_pstat_detect);
- }
-
- DetectionEngine::detect(pkt);
-
- dce2_detected = 1;
-}
-
void DCE2_Detect(DCE2_SsnData* sd)
{
DceContextData::set_current_ropts(sd);
return;
}
snort::Packet* top_pkt = DetectionEngine::get_current_packet();
- dce2_protocol_detect(sd, top_pkt);
+ DetectionEngine::detect(top_pkt);
+ dce2_detected = 1;
/* Always reset rule option data after detecting */
DCE2_ResetRopts(sd , top_pkt);
}
#include "dce_smb2.h"
THREAD_LOCAL dce2SmbStats dce2_smb_stats;
-
-// used here
THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_main;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_session;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_new_session;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_req;
-
-// used elsewhere
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_detect;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_log;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_seg;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_frag;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_reass;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_ctx;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_seg;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_uid;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_tid;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fid;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_detect;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_api;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fingerprint;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_negotiate;
//-------------------------------------------------------------------------
// debug stuff
extern THREAD_LOCAL dce2SmbStats dce2_smb_stats;
extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_main;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_session;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_new_session;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_detect;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_log;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_seg;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_frag;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_reass;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_ctx;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_seg;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_req;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_uid;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_tid;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fid;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_detect;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_api;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fingerprint;
-extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_negotiate;
enum DCE2_SmbSsnState
{
if ((word_count != 13) && (word_count != 12))
return DCE2_RET__SUCCESS;
- snort::Profile profile(dce2_smb_pstat_smb_fingerprint);
-
if (word_count == 13)
{
uint16_t oem_pass_len =
if (DCE2_ComInfoByteCount(com_info) == 0)
return DCE2_RET__SUCCESS;
- snort::Profile profile(dce2_smb_pstat_smb_fingerprint);
-
if (DCE2_ComInfoWordCount(com_info) == 3)
{
dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info));
if (!DCE2_ComInfoCanProcessCommand(com_info))
return DCE2_RET__ERROR;
- snort::Profile profile(dce2_smb_pstat_smb_negotiate);
-
if (DCE2_ComInfoIsRequest(com_info))
{
// Have at least 2 bytes based on byte count check done earlier
return (PegCount*)&dce2_smb_stats;
}
-ProfileStats* Dce2SmbModule::get_profile(
- unsigned index, const char*& name, const char*& parent) const
+ProfileStats* Dce2SmbModule::get_profile() const
{
- switch ( index )
- {
- case 0:
- name = "dce_smb_main";
- parent = nullptr;
- return &dce2_smb_pstat_main;
-
- case 1:
- name = "dce_smb_session";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_session;
-
- case 2:
- name = "dce_smb_new_session";
- parent = "dce_smb_session";
-
- return &dce2_smb_pstat_new_session;
-
- case 3:
- name = "dce_smb_detect";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_detect;
-
- case 4:
- name = "dce_smb_log";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_log;
-
- case 5:
- name = "dce_smb_co_segment";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_co_seg;
-
- case 6:
- name = "dce_smb_co_fragment";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_co_frag;
-
- case 7:
- name = "dce_smb_co_reassembly";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_co_reass;
-
- case 8:
- name = "dce_smb_co_context";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_co_ctx;
-
- case 9:
- name = "dce_smb_segment";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_seg;
-
- case 10:
- name = "dce_smb_request";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_req;
-
- case 11:
- name = "dce_smb_uid";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_uid;
-
- case 12:
- name = "dce_smb_tid";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_tid;
-
- case 13:
- name = "dce_smb_fid";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_fid;
-
- case 14:
- name = "dce_smb_file";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_file;
-
- case 15:
- name = "dce_smb_file_detect";
- parent = "dce_smb_file";
- return &dce2_smb_pstat_smb_file_detect;
-
- case 16:
- name = "dce_smb_file_api";
- parent = "dce_smb_file";
- return &dce2_smb_pstat_smb_file_api;
-
- case 17:
- name = "dce_smb_fingerprint";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_fingerprint;
-
- case 18:
- name = "dce_smb_negotiate";
- parent = "dce_smb_main";
- return &dce2_smb_pstat_smb_negotiate;
- }
- return nullptr;
+ return &dce2_smb_pstat_main;
}
static int smb_invalid_share_compare(const void* a, const void* b)
const snort::RuleMap* get_rules() const override;
const PegInfo* get_pegs() const override;
PegCount* get_counts() const override;
- snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override;
+ snort::ProfileStats* get_profile() const override;
void get_data(dce2SmbProtoConf&);
Usage get_usage() const override
DCE2_Ret DCE2_SmbBufferTransactionData(DCE2_SmbTransactionTracker* ttracker,
const uint8_t* data_ptr, uint16_t dcnt, uint16_t ddisp)
{
- snort::Profile profile(dce2_smb_pstat_smb_req);
-
if (ttracker->dbuf == nullptr)
{
/* Buf size should be the total data count we need */
DCE2_Ret DCE2_SmbBufferTransactionParameters(DCE2_SmbTransactionTracker* ttracker,
const uint8_t* param_ptr, uint16_t pcnt, uint16_t pdisp)
{
- snort::Profile profile(dce2_smb_pstat_smb_req);
-
if (ttracker->pbuf == nullptr)
{
/* Buf size should be the total data count we need */
{
DCE2_Ret status;
- Profile profile(dce2_smb_pstat_smb_uid);
-
if ((ssd->uid != DCE2_SENTINEL) && (ssd->uid == (int)uid))
status = DCE2_RET__SUCCESS;
else
void DCE2_SmbInsertUid(DCE2_SmbSsnData* ssd, const uint16_t uid)
{
- Profile profile(dce2_smb_pstat_smb_uid);
-
if (ssd->uid == DCE2_SENTINEL)
{
ssd->uid = (int)uid;
{
const DCE2_Policy policy = DCE2_SsnGetServerPolicy(&ssd->sd);
- Profile profile(dce2_smb_pstat_smb_uid);
-
if ((ssd->uid != DCE2_SENTINEL) && (ssd->uid == (int)uid))
ssd->uid = DCE2_SENTINEL;
else
uint16_t uid = SmbUid(smb_hdr);
uint16_t tid = SmbTid(smb_hdr);
- Profile profile(dce2_smb_pstat_smb_req);
-
if (ssd == nullptr)
{
return nullptr;
DCE2_SmbFileTracker* DCE2_SmbNewFileTracker(DCE2_SmbSsnData* ssd,
const uint16_t uid, const uint16_t tid, const uint16_t fid)
{
- Profile profile(dce2_smb_pstat_smb_fid);
-
// Already have tracker for file API and not setting file data pointer
// so don't create new file tracker.
bool is_ipc = DCE2_SmbIsTidIPC(ssd, tid);
DCE2_SmbFileTracker* DCE2_SmbFindFileTracker(DCE2_SmbSsnData* ssd,
const uint16_t uid, const uint16_t tid, const uint16_t fid)
{
- Profile profile(dce2_smb_pstat_smb_fid);
-
DCE2_SmbFileTracker* ftracker;
if ((ssd->ftracker.fid_v1 != DCE2_SENTINEL) && (ssd->ftracker.fid_v1 == (int)fid))
{
if (ftracker == nullptr)
return;
- Profile profile(dce2_smb_pstat_smb_fid);
-
if (ssd->fapi_ftracker == ftracker)
DCE2_SmbFinishFileAPI(ssd);
if (ftracker == nullptr)
return;
- Profile profile(dce2_smb_pstat_smb_fid);
-
ftracker->fid_v1 = DCE2_SENTINEL;
if (ftracker->file_name != nullptr)
{
void DCE2_SmbCleanTransactionTracker(DCE2_SmbTransactionTracker* ttracker)
{
- Profile profile(dce2_smb_pstat_smb_req);
-
if (ttracker == nullptr)
{
return;
void DCE2_SmbCleanRequestTracker(DCE2_SmbRequestTracker* rtracker)
{
- Profile profile(dce2_smb_pstat_smb_req);
-
if (rtracker == nullptr)
{
return;
void DCE2_SmbRemoveRequestTracker(DCE2_SmbSsnData* ssd,
DCE2_SmbRequestTracker* rtracker)
{
- Profile profile(dce2_smb_pstat_smb_req);
-
if ((ssd == nullptr) || (rtracker == nullptr))
{
return;
DCE2_SmbFileTracker* DCE2_SmbDequeueTmpFileTracker(DCE2_SmbSsnData* ssd,
DCE2_SmbRequestTracker* rtracker, const uint16_t fid)
{
- Profile profile(dce2_smb_pstat_smb_fid);
-
DCE2_SmbFileTracker* ftracker = (DCE2_SmbFileTracker*)DCE2_QueueDequeue(rtracker->ft_queue);
if (ftracker == nullptr)
{
DCE2_Ret status;
- Profile profile(dce2_smb_pstat_smb_tid);
-
if ((ssd->tid != DCE2_SENTINEL) && ((ssd->tid & 0x0000ffff) == (int)tid))
status = DCE2_RET__SUCCESS;
else
void DCE2_SmbRemoveTid(DCE2_SmbSsnData* ssd, const uint16_t tid)
{
- Profile profile(dce2_smb_pstat_smb_tid);
-
if ((ssd->tid != DCE2_SENTINEL) && ((ssd->tid & 0x0000ffff) == (int)tid))
ssd->tid = DCE2_SENTINEL;
else
void DCE2_SmbInsertTid(DCE2_SmbSsnData* ssd,
const uint16_t tid, const bool is_ipc)
{
- Profile profile(dce2_smb_pstat_smb_tid);
-
if (!is_ipc && (!DCE2_ScSmbFileInspection((dce2SmbProtoConf*)ssd->sd.config)
|| ((ssd->max_file_depth == -1) && DCE2_ScSmbFileDepth(
(dce2SmbProtoConf*)ssd->sd.config) == -1)))
void DCE2_SmbQueueTmpFileTracker(DCE2_SmbSsnData* ssd,
DCE2_SmbRequestTracker* rtracker, const uint16_t uid, const uint16_t tid)
{
- Profile profile(dce2_smb_pstat_smb_fid);
-
DCE2_SmbFileTracker* ftracker = (DCE2_SmbFileTracker*)
snort_calloc(sizeof(DCE2_SmbFileTracker));
DCE2_Ret DCE2_SmbHandleSegmentation(DCE2_Buffer** buf,
const uint8_t* data_ptr, uint32_t add_len, uint32_t alloc_size)
{
- Profile profile(dce2_smb_pstat_smb_seg);
-
if (buf == nullptr)
{
return DCE2_RET__ERROR;
static FileVerdict DCE2_SmbLookupFileVerdict()
{
- Profile profile(dce2_smb_pstat_smb_file_api);
-
FileContext* file = DCE2_get_main_file_context();
if ( !file )
static void DCE2_SmbFinishFileBlockVerdict(DCE2_SmbSsnData* ssd)
{
- Profile profile(dce2_smb_pstat_smb_file);
-
FileVerdict verdict = DCE2_SmbLookupFileVerdict();
if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERDICT_REJECT))
{
if (ftracker == nullptr)
return;
- Profile profile(dce2_smb_pstat_smb_file);
FileFlows* file_flows = FileFlows::get_file_flows(p->flow);
bool upload = (ftracker->ff_file_direction == DCE2_SMB_FILE_DIRECTION__UPLOAD);
if ((ftracker->ff_file_size == 0)
&& (ftracker->ff_bytes_processed != 0))
{
- Profile sub_profile(dce2_smb_pstat_smb_file_api);
if (file_flows->file_process(p, nullptr, 0, SNORT_FILE_END, upload))
{
if (upload)
position = SNORT_FILE_MIDDLE;
}
- Profile profile(dce2_smb_pstat_smb_file_api);
Packet* p = DetectionEngine::get_current_packet();
FileFlows* file_flows = FileFlows::get_file_flows(p->flow);
if (!file_flows->file_process(p, data_ptr, (int)data_len, position, upload,
if (data_len == 0)
return;
- Profile profile(dce2_smb_pstat_smb_file);
-
// Account for wrapping. Not likely but just in case.
if ((ftracker->ff_bytes_processed + data_len) < ftracker->ff_bytes_processed)
{
void DCE2_FileDetect()
{
Packet* top_pkt = DetectionEngine::get_current_packet();
-
- Profile profile(dce2_smb_pstat_smb_file_detect);
DetectionEngine::detect(top_pkt);
-
dce2_detected = 1;
}
}
THREAD_LOCAL dce2TcpStats dce2_tcp_stats;
-
THREAD_LOCAL ProfileStats dce2_tcp_pstat_main;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_session;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_new_session;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_detect;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_log;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_seg;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_frag;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_reass;
-THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_ctx;
unsigned Dce2TcpFlowData::inspector_id = 0;
static DCE2_TcpSsnData* dce2_create_new_tcp_session(Packet* p, dce2TcpProtoConf* config)
{
- Profile profile(dce2_tcp_pstat_new_session);
-
DCE2_TcpSsnData* dce2_tcp_sess = set_new_dce2_tcp_session(p);
if ( dce2_tcp_sess )
static DCE2_TcpSsnData* dce2_handle_tcp_session(Packet* p, dce2TcpProtoConf* config)
{
- Profile profile(dce2_tcp_pstat_session);
-
DCE2_TcpSsnData* dce2_tcp_sess = get_dce2_tcp_session_data(p->flow);
if (dce2_tcp_sess == nullptr)
extern THREAD_LOCAL dce2TcpStats dce2_tcp_stats;
extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_main;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_session;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_new_session;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_session_state;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_detect;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_log;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_seg;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_frag;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_reass;
-extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_ctx;
inline bool DCE2_TcpAutodetect(snort::Packet* p)
{
return (PegCount*)&dce2_tcp_stats;
}
-ProfileStats* Dce2TcpModule::get_profile(
- unsigned index, const char*& name, const char*& parent) const
+ProfileStats* Dce2TcpModule::get_profile() const
{
- switch ( index )
- {
- case 0:
- name = "dce_tcp_main";
- parent = nullptr;
- return &dce2_tcp_pstat_main;
-
- case 1:
- name = "dce_tcp_session";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_session;
-
- case 2:
- name = "dce_tcp_new_session";
- parent = "dce_tcp_session";
- return &dce2_tcp_pstat_new_session;
-
- case 3:
- name = "dce_tcp_detect";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_detect;
-
- case 4:
- name = "dce_tcp_log";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_log;
-
- case 5:
- name = "dce_tcp_co_segment";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_co_seg;
-
- case 6:
- name = "dce_tcp_co_fragment";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_co_frag;
-
- case 7:
- name = "dce_tcp_co_reassembly";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_co_reass;
-
- case 8:
- name = "dce_tcp_co_context";
- parent = "dce_tcp_main";
- return &dce2_tcp_pstat_co_ctx;
- }
- return nullptr;
+ return &dce2_tcp_pstat_main;
}
bool Dce2TcpModule::set(const char*, Value& v, SnortConfig*)
const snort::RuleMap* get_rules() const override;
const PegInfo* get_pegs() const override;
PegCount* get_counts() const override;
- snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override;
+ snort::ProfileStats* get_profile() const override;
void get_data(dce2TcpProtoConf&);
Usage get_usage() const override
using namespace snort;
THREAD_LOCAL dce2UdpStats dce2_udp_stats;
-
THREAD_LOCAL ProfileStats dce2_udp_pstat_main;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_session;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_new_session;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_detect;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_log;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_acts;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_frag;
-THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_reass;
static void DCE2_ClCleanTracker(DCE2_ClTracker* clt)
{
static DCE2_UdpSsnData* dce2_create_new_udp_session(Packet* p, dce2UdpProtoConf* config)
{
- Profile profile(dce2_udp_pstat_new_session);
-
DCE2_UdpSsnData* dce2_udp_sess = set_new_dce2_udp_session(p);
-
DCE2_ResetRopts(&dce2_udp_sess->sd, p);
dce2_udp_stats.udp_sessions++;
static DCE2_UdpSsnData* dce2_handle_udp_session(Packet* p, dce2UdpProtoConf* config)
{
- Profile profile(dce2_udp_pstat_session);
-
DCE2_UdpSsnData* dce2_udp_sess = get_dce2_udp_session_data(p->flow);
if (dce2_udp_sess == nullptr)
extern THREAD_LOCAL dce2UdpStats dce2_udp_stats;
extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_main;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_session;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_new_session;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_detect;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_log;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_cl_acts;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_cl_frag;
-extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_cl_reass;
struct DceRpcClHdr /* Connectionless header */
{
return (PegCount*)&dce2_udp_stats;
}
-ProfileStats* Dce2UdpModule::get_profile(
- unsigned index, const char*& name, const char*& parent) const
+ProfileStats* Dce2UdpModule::get_profile() const
{
- switch ( index )
- {
- case 0:
- name = "dce_udp_main";
- parent = nullptr;
- return &dce2_udp_pstat_main;
-
- case 1:
- name = "dce_udp_session";
- parent = "dce_udp_main";
- return &dce2_udp_pstat_session;
-
- case 2:
- name = "dce_udp_new_session";
- parent = "dce_udp_session";
- return &dce2_udp_pstat_new_session;
-
- case 3:
- name = "dce_udp_detect";
- parent = "dce_udp_main";
- return &dce2_udp_pstat_detect;
-
- case 4:
- name = "dce_udp_log";
- parent = "dce_udp_main";
- return &dce2_udp_pstat_log;
-
- case 5:
- name = "dce_udp_cl_acts";
- parent = "dce_udp_main";
- return &dce2_udp_pstat_cl_acts;
-
- case 6:
- name = "dce_udp_cl_frag";
- parent = "dce_udp_main";
- return &dce2_udp_pstat_cl_frag;
-
- case 7:
- name = "dce_udp_cl_reass";
- parent = "dce_udp_main";
- return &dce2_udp_pstat_cl_reass;
- }
- return nullptr;
+ return &dce2_udp_pstat_main;
}
bool Dce2UdpModule::set(const char* fqn, Value& v, SnortConfig* c)
const snort::RuleMap* get_rules() const override;
const PegInfo* get_pegs() const override;
PegCount* get_counts() const override;
- snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override;
+ snort::ProfileStats* get_profile() const override;
void get_data(dce2UdpProtoConf&);
Usage get_usage() const override
if (DCE2_ClHdrChecks(sd, cl_hdr) != DCE2_RET__SUCCESS)
return;
- Profile profile(dce2_udp_pstat_cl_acts);
at = DCE2_ClGetActTracker(clt, cl_hdr);
if (at == nullptr)
return;
uint16_t frag_len;
int status;
- Profile profile(dce2_udp_pstat_cl_frag);
-
/* If the frag length is less than data length there might be authentication
* data that we don't want to include, otherwise just set to data len */
if (DceRpcClLen(cl_hdr) < data_len)
DCE2_ClFragNode* fnode;
uint32_t stub_len = 0;
- Profile profile(dce2_udp_pstat_cl_reass);
-
for (fnode = (DCE2_ClFragNode*)DCE2_ListFirst(ft->frags);
fnode != nullptr;
fnode = (DCE2_ClFragNode*)DCE2_ListNext(ft->frags))
IpsOption::EvalStatus Dce2IfaceOption::eval(Cursor&, Packet* p)
{
- Profile profile(dce2_iface_perf_stats);
+ RuleProfile profile(dce2_iface_perf_stats);
if (p->dsize == 0)
{
IpsOption::EvalStatus Dce2OpnumOption::eval(Cursor&, Packet* p)
{
- Profile profile(dce2_opnum_perf_stats);
+ RuleProfile profile(dce2_opnum_perf_stats);
if (p->dsize == 0)
{
IpsOption::EvalStatus Dce2StubDataOption::eval(Cursor& c, Packet* p)
{
- Profile profile(dce2_stub_data_perf_stats);
+ RuleProfile profile(dce2_stub_data_perf_stats);
if (p->dsize == 0)
{
uint16_t pid = SmbPid(smb_hdr);
uint16_t mid = SmbMid(smb_hdr);
- Profile profile(dce2_smb_pstat_smb_req);
-
DCE2_SmbRequestTracker* tmp_rtracker = &ssd->rtracker;
int smb_com = SmbCom(smb_hdr);
switch (smb_com)
static DCE2_SmbSsnData* dce2_create_new_smb_session(Packet* p, dce2SmbProtoConf* config)
{
- Profile profile(dce2_smb_pstat_new_session);
-
DCE2_SmbSsnData* dce2_smb_sess = set_new_dce2_smb_session(p);
if ( dce2_smb_sess )
{
DCE2_SmbSsnData* dce2_handle_smb_session(Packet* p, dce2SmbProtoConf* config)
{
- Profile profile(dce2_smb_pstat_session);
-
DCE2_SmbSsnData* dce2_smb_sess = get_dce2_smb_session_data(p->flow);
if (dce2_smb_sess == nullptr)
IpsOption::EvalStatus Dnp3DataOption::eval(Cursor& c, Packet* p)
{
- Profile profile(dnp3_data_perf_stats);
+ RuleProfile profile(dnp3_data_perf_stats);
if ((p->has_tcp_data() && !p->is_full_pdu()) || !p->flow || !p->dsize)
return NO_MATCH;
IpsOption::EvalStatus Dnp3FuncOption::eval(Cursor&, Packet* p)
{
- Profile profile(dnp3_func_perf_stats);
+ RuleProfile profile(dnp3_func_perf_stats);
if ((p->has_tcp_data() && !p->is_full_pdu()) || !p->flow || !p->dsize)
return NO_MATCH;
IpsOption::EvalStatus Dnp3IndOption::eval(Cursor&, Packet* p)
{
- Profile profile(dnp3_ind_perf_stats);
+ RuleProfile profile(dnp3_ind_perf_stats);
if ((p->has_tcp_data() && !p->is_full_pdu()) || !p->flow || !p->dsize)
return NO_MATCH;
IpsOption::EvalStatus Dnp3ObjOption::eval(Cursor&, Packet* p)
{
- Profile profile(dnp3_obj_perf_stats);
+ RuleProfile profile(dnp3_obj_perf_stats);
size_t header_size;
IpsOption::EvalStatus GtpInfoOption::eval(Cursor& c, Packet* p)
{
- Profile profile(gtp_info_prof);
+ RuleProfile profile(gtp_info_prof);
if ( !p or !p->flow )
return NO_MATCH;
IpsOption::EvalStatus GtpTypeOption::eval(Cursor&, Packet* p)
{
- Profile profile(gtp_type_prof);
+ RuleProfile profile(gtp_type_prof);
if ( !p or !p->flow )
return NO_MATCH;
IpsOption::EvalStatus GtpVersionOption::eval(Cursor&, Packet* p)
{
- Profile profile(gtp_ver_prof);
+ RuleProfile profile(gtp_ver_prof);
if ( !p->flow )
return NO_MATCH;
IpsOption::EvalStatus HttpIpsOption::eval(Cursor& c, Packet* p)
{
- Profile profile(HttpCursorModule::http_ps[psi]);
+ RuleProfile profile(HttpCursorModule::http_ps[psi]);
if (!p->flow || !p->flow->gadget)
return NO_MATCH;
IpsOption::EvalStatus ModbusDataOption::eval(Cursor& c, Packet* p)
{
- Profile profile(modbus_data_prof);
+ RuleProfile profile(modbus_data_prof);
if ( !p->flow )
return NO_MATCH;
IpsOption::EvalStatus ModbusFuncOption::eval(Cursor&, Packet* p)
{
- Profile profile(modbus_func_prof);
+ RuleProfile profile(modbus_func_prof);
if ( !p->flow )
return NO_MATCH;
IpsOption::EvalStatus ModbusUnitOption::eval(Cursor&, Packet* p)
{
- Profile profile(modbus_unit_prof);
+ RuleProfile profile(modbus_unit_prof);
if ( !p->flow )
return NO_MATCH;
IpsOption::EvalStatus SipIpsOption::eval(Cursor& c, Packet* p)
{
- Profile profile(sip_ps[idx]);
+ RuleProfile profile(sip_ps[idx]);
if ((!p->has_tcp_data() && !p->is_udp()) || !p->flow || !p->dsize)
return NO_MATCH;
IpsOption::EvalStatus SipMethodOption::eval(Cursor&, Packet* p)
{
- Profile profile(sipMethodRuleOptionPerfStats);
+ RuleProfile profile(sipMethodRuleOptionPerfStats);
if ( !p->flow )
return NO_MATCH;
IpsOption::EvalStatus SipStatCodeOption::eval(Cursor&, Packet* p)
{
- Profile profile(sipStatCodeRuleOptionPerfStats);
+ RuleProfile profile(sipStatCodeRuleOptionPerfStats);
if ((!p->has_tcp_data() && !p->is_udp()) || !p->flow || !p->dsize)
return NO_MATCH;
IpsOption::EvalStatus SslStateOption::eval(Cursor&, Packet* pkt)
{
- Profile profile(sslStateRuleOptionPerfStats);
+ RuleProfile profile(sslStateRuleOptionPerfStats);
if ( !(pkt->packet_flags & PKT_REBUILT_STREAM) && !pkt->is_full_pdu() )
return NO_MATCH;
IpsOption::EvalStatus SslVersionOption::eval(Cursor&, Packet* pkt)
{
- Profile profile(sslVersionRuleOptionPerfStats);
+ RuleProfile profile(sslVersionRuleOptionPerfStats);
if ( !(pkt->packet_flags & PKT_REBUILT_STREAM) && !pkt->is_full_pdu() )
return NO_MATCH;
"SOLARIS"
};
-THREAD_LOCAL ProfileStats fragPerfStats;
-THREAD_LOCAL ProfileStats fragInsertPerfStats;
-THREAD_LOCAL ProfileStats fragRebuildPerfStats;
-
static void FragPrintEngineConfig(FragEngine* engine)
{
LogMessage("Defrag engine config:\n");
*/
static void FragRebuild(FragTracker* ft, Packet* p)
{
- DeepProfile profile(fragRebuildPerfStats);
size_t offset = 0;
Packet* dpkt = DetectionEngine::set_next_packet(p);
ip_stats.total++;
ip_stats.fragmented_bytes += p->pktlen + 4; /* 4 for the CRC */
- DeepProfile profile(fragPerfStats);
-
if (!ft->engine )
{
new_tracker(p, ft);
int16_t fragLength;
const uint16_t net_frag_offset = p->ptrs.ip_api.off();
- DeepProfile profile(fragInsertPerfStats);
-
if (p->is_ip6() && (net_frag_offset == 0))
{
const ip::IP6Frag* const fragHdr = layer::get_inner_ip6_frag();
const RuleMap* StreamIpModule::get_rules() const
{ return stream_ip_rules; }
-ProfileStats* StreamIpModule::get_profile(
- unsigned index, const char*& name, const char*& parent) const
-{
- switch ( index )
- {
- case 0:
- name = "stream_ip";
- parent = nullptr;
- return &ip_perf_stats;
-
- case 1:
- name = "frag";
- parent = "stream_ip";
- return &fragPerfStats;
-
- case 2:
- name = "frag_insert";
- parent = "frag";
- return &fragInsertPerfStats;
-
- case 3:
- name = "frag_rebuild";
- parent = "frag";
- return &fragRebuildPerfStats;
- }
- return nullptr;
-}
+ProfileStats* StreamIpModule::get_profile() const
+{ return &ip_perf_stats; }
StreamIpConfig* StreamIpModule::get_data()
{
extern const PegInfo ip_pegs[];
extern THREAD_LOCAL snort::ProfileStats ip_perf_stats;
-extern THREAD_LOCAL snort::ProfileStats fragPerfStats;
-extern THREAD_LOCAL snort::ProfileStats fragInsertPerfStats;
-extern THREAD_LOCAL snort::ProfileStats fragRebuildPerfStats;
extern Trace TRACE_NAME(stream_ip);
//-------------------------------------------------------------------------
bool end(const char*, int, snort::SnortConfig*) override;
const snort::RuleMap* get_rules() const override;
- snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override;
+ snort::ProfileStats* get_profile() const override;
const PegInfo* get_pegs() const override;
PegCount* get_counts() const override;
StreamIpConfig* get_data();
if ( Stream::expected_flow(flow, p) )
{
ip_stats.sessions--; // Incremented in SESSION_STATS_ADD
- MODULE_PROFILE_END(ip_perf_stats);
return false;
}
#endif
void TcpStreamTracker::init_on_syn_sent(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
tsd.get_flow()->set_session_flags(SSNFLAG_SEEN_CLIENT);
if ( tsd.get_tcph()->are_flags_set(TH_CWR | TH_ECE) )
tsd.get_flow()->set_session_flags(SSNFLAG_ECN_CLIENT_QUERY);
void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
irs = tsd.get_seg_seq();
// FIXIT-H can we really set the vars below now?
rcv_nxt = tsd.get_seg_seq() + 1;
void TcpStreamTracker::init_on_synack_sent(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
tsd.get_flow()->set_session_flags(SSNFLAG_SEEN_SERVER);
if (tsd.get_tcph()->are_flags_set(TH_CWR | TH_ECE))
tsd.get_flow()->set_session_flags(SSNFLAG_ECN_SERVER_REPLY);
void TcpStreamTracker::init_on_synack_recv(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
iss = tsd.get_seg_ack() - 1;
irs = tsd.get_seg_seq();
snd_una = tsd.get_seg_ack();
void TcpStreamTracker::init_on_3whs_ack_sent(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
tsd.get_flow()->set_session_flags(SSNFLAG_SEEN_CLIENT);
if ( tsd.get_tcph()->are_flags_set(TH_CWR | TH_ECE) )
void TcpStreamTracker::init_on_3whs_ack_recv(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
iss = tsd.get_seg_ack() - 1;
irs = tsd.get_seg_seq();
snd_una = tsd.get_seg_ack();
void TcpStreamTracker::init_on_data_seg_sent(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
Flow* flow = tsd.get_flow();
if ( flow->ssn_state.direction == FROM_CLIENT )
void TcpStreamTracker::init_on_data_seg_recv(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpNewSessPerfStats);
-
iss = tsd.get_seg_ack();
irs = tsd.get_seg_seq();
snd_una = tsd.get_seg_ack();
// max paf max = max datagram - eth mtu - 255 = 63780
#define MAX_PAF_MAX (65535 - PAF_LIMIT_FUZZ - 255)
+THREAD_LOCAL snort::ProfileStats pafPerfStats;
+
//--------------------------------------------------------------------
static uint32_t paf_flush (PAF_State* ps, PafAux& px, uint32_t* flags)
const uint8_t* data, uint32_t len, uint32_t total,
uint32_t seq, uint32_t* flags)
{
+ Profile profile(pafPerfStats);
PafAux px;
if ( !paf_initialized(ps) )
#ifndef PAF_H
#define PAF_H
+#include "main/thread.h"
+#include "profiler/profiler_defs.h"
#include "stream/stream_splitter.h"
namespace snort
struct Packet;
}
+extern THREAD_LOCAL snort::ProfileStats pafPerfStats;
+
void* paf_new(unsigned max); // create new paf config (per policy)
void paf_delete(void*); // free config
IpsOption::EvalStatus ReassembleOption::eval(Cursor&, Packet* pkt)
{
+ RuleProfile profile(streamReassembleRuleOptionPerfStats);
+
if (!pkt->flow || !pkt->ptrs.tcph)
return NO_MATCH;
{
- DeepProfile profile(streamReassembleRuleOptionPerfStats);
Flow* lwssn = (Flow*)pkt->flow;
TcpSession* tcpssn = (TcpSession*)lwssn->session;
IpsOption::EvalStatus SizeOption::eval(Cursor&, Packet* pkt)
{
- DeepProfile profile(streamSizePerfStats);
+ RuleProfile profile(streamSizePerfStats);
if ( !pkt->flow || pkt->flow->pkt_type != PktType::TCP )
return NO_MATCH;
#include "main/snort_config.h"
#include "profiler/profiler_defs.h"
+#include "stream/paf.h"
using namespace snort;
using namespace std;
//-------------------------------------------------------------------------
THREAD_LOCAL ProfileStats s5TcpPerfStats;
-THREAD_LOCAL ProfileStats s5TcpNewSessPerfStats;
-THREAD_LOCAL ProfileStats s5TcpStatePerfStats;
-THREAD_LOCAL ProfileStats s5TcpDataPerfStats;
-THREAD_LOCAL ProfileStats s5TcpInsertPerfStats;
-THREAD_LOCAL ProfileStats s5TcpPAFPerfStats;
-THREAD_LOCAL ProfileStats s5TcpFlushPerfStats;
-THREAD_LOCAL ProfileStats s5TcpBuildPacketPerfStats;
const PegInfo tcp_pegs[] =
{
return &s5TcpPerfStats;
case 1:
- name = "tcpNewSess";
- parent = "stream_tcp";
- return &s5TcpNewSessPerfStats;
-
- case 2:
- name = "tcpState";
- parent = "stream_tcp";
- return &s5TcpStatePerfStats;
-
- case 3:
- name = "tcpData";
- parent = "tcpState";
- return &s5TcpDataPerfStats;
-
- case 4:
- name = "tcpPktInsert";
- parent = "tcpData";
- return &s5TcpInsertPerfStats;
-
- case 5:
- name = "tcpPAF";
- parent = "tcpState";
- return &s5TcpPAFPerfStats;
-
- case 6:
- name = "tcpFlush";
- parent = "tcpState";
- return &s5TcpFlushPerfStats;
-
- case 7:
- name = "tcpBuildPacket";
- parent = "tcpFlush";
- return &s5TcpBuildPacketPerfStats;
+ name = "paf";
+ parent = nullptr;
+ return &pafPerfStats;
}
return nullptr;
}
extern const PegInfo tcp_pegs[];
extern THREAD_LOCAL snort::ProfileStats s5TcpPerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpNewSessPerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpStatePerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpDataPerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpInsertPerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpPAFPerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpFlushPerfStats;
-extern THREAD_LOCAL snort::ProfileStats s5TcpBuildPacketPerfStats;
extern THREAD_LOCAL snort::ProfileStats streamSizePerfStats;
struct TcpStats
int TcpReassembler::flush_data_segments(
TcpReassemblerState& trs, Packet* p, uint32_t total, Packet* pdu)
{
- uint32_t total_flushed = 0;
- uint32_t flags = PKT_PDU_HEAD;
-
assert(trs.sos.seglist.cur_rseg);
- DeepProfile profile(s5TcpBuildPacketPerfStats);
+ uint32_t total_flushed = 0;
+ uint32_t flags = PKT_PDU_HEAD;
uint32_t to_seq = trs.sos.seglist.cur_rseg->c_seq + total;
while ( SEQ_LT(trs.sos.seglist.cur_rseg->c_seq, to_seq) )
int TcpReassembler::_flush_to_seq(
TcpReassemblerState& trs, uint32_t bytes, Packet* p, uint32_t pkt_flags)
{
- DeepProfile profile(s5TcpFlushPerfStats);
-
if ( !p )
{
// FIXIT-H we need to have user_policy_id in this case
tcpStats.rebuilt_packets++;
tcpStats.rebuilt_bytes += flushed_bytes;
-#ifdef DEEP_PROFILING
- NoProfile exclude(s5TcpFlushPerfStats);
-#else
NoProfile exclude(s5TcpPerfStats);
-#endif
if ( !Analyzer::get_local_analyzer()->inspect_rebuilt(pdu) )
last_pdu = pdu;
trs.flush_count++;
show_rebuilt_packet(trs, pdu);
-
-#ifdef DEEP_PROFILING
- NoProfile exclude(s5TcpFlushPerfStats);
-#else
NoProfile exclude(s5TcpPerfStats);
-#endif
-
Analyzer::get_local_analyzer()->inspect_rebuilt(pdu);
if ( trs.tracker->splitter )
int32_t TcpReassembler::flush_pdu_ips(TcpReassemblerState& trs, uint32_t* flags, Packet* p)
{
assert(trs.sos.session->flow == p->flow);
- DeepProfile profile(s5TcpPAFPerfStats);
if ( !is_q_sequenced(trs) )
return -1;
continue;
}
- int32_t flush_pt = paf_check(
- trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(),
- tsn->c_len, total, tsn->c_seq, flags);
+ int32_t flush_pt;
+ {
+ NoProfile exclude(s5TcpPerfStats);
+ flush_pt = paf_check(
+ trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(),
+ tsn->c_len, total, tsn->c_seq, flags);
+ }
if (flush_pt >= 0)
{
int32_t TcpReassembler::flush_pdu_ackd(TcpReassemblerState& trs, uint32_t* flags, Packet* p)
{
assert(trs.sos.session->flow == p->flow);
- DeepProfile profile(s5TcpPAFPerfStats);
uint32_t total = 0;
TcpSegmentNode* tsn = SEQ_LT(trs.sos.seglist_base_seq, trs.tracker->r_win_base) ?
size = trs.tracker->r_win_base - tsn->c_seq;
total += size;
-
- int32_t flush_pt = paf_check(
- trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(),
- size, total, tsn->c_seq, flags);
+ int32_t flush_pt;
+ {
+ NoProfile exclude(s5TcpPerfStats);
+ flush_pt = paf_check(
+ trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(),
+ size, total, tsn->c_seq, flags);
+ }
if ( flush_pt >= 0 )
{
int TcpReassembler::queue_packet_for_reassembly(
TcpReassemblerState& trs, TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpInsertPerfStats);
-
int rc = STREAM_INSERT_OK;
if ( trs.sos.seg_count == 0 )
int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
{
- DeepProfile profile(s5TcpDataPerfStats);
-
const tcp::TCPHdr* tcph = tsd.get_tcph();
uint32_t seq = tsd.get_seg_seq();
return ACTION_NOTHING;
else
{
- DeepProfile tcp_state_profile(s5TcpStatePerfStats);
-
if ( tsm->eval(tsd, *talker, *listener) )
{
do_packet_analysis_post_checks(p);
projects / thirdparty / snort3.git / commitdiff
