Merge pull request #2117 in SNORT/snort3 from ~DERAMADA/snort3:log_daq_pool_size...

Squashed commit of the following:

commit f6bad88e3d04736dc28e96f74299306ebcf89c4d
Author: deramada <deramada@cisco.com>
Date:   Mon Mar 30 12:25:28 2020 -0400

    packet_io: log daq pool size

diff --git a/src/main/modules.cc b/src/main/modules.cc
index 913b7b8851c51ea691c114aa4b34827283f6df7b..870b8e3aad35655eab9d4c18afeec3398cfb65bb 100644 (file)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -833,6 +833,7 @@ static PegInfo active_pegs[]
     { CountType::SUM, "failed_direct_injects", "total crafted packet direct injects that failed" },
     { CountType::SUM, "holds_denied", "total number of packet hold requests denied" },
     { CountType::SUM, "holds_canceled", "total number of packet hold requests canceled" },
+    { CountType::SUM, "holds_allowed", "total number of packet hold requests allowed" },
     { CountType::END, nullptr, nullptr }
 };
 

diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index 452c3bdb745e57932a1b6a796b066508370f51de..8b4e9248ec83b594a730287cd262f3f99aa017d6 100644 (file)
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -586,21 +586,20 @@ bool Active::retry_packet(const Packet* p)
     return true;
 }
 
-bool Active::hold_packet(const Packet* p)
+void Active::hold_packet(const Packet* p)
 {
     if (active_action >= ACT_HOLD)
-        return false;
+        return;
 
     // FIXIT-L same semi-arbitrary heuristic as the retry queue logic - reevaluate later
     if (!p->daq_instance || p->daq_instance->get_pool_available() < p->daq_instance->get_batch_size())
     {
         active_counts.holds_denied++;
-        return false;
+        return;
     }
 
     active_action = ACT_HOLD;
-
-    return true;
+    active_counts.holds_allowed++;
 }
 
 void Active::cancel_packet_hold()

diff --git a/src/packet_io/active.h b/src/packet_io/active.h
index 1ae4ba37b3d1ae68700495e6206637677f442881..fd0c17f907983c732c157da9f6649527ad98713d 100644 (file)
--- a/src/packet_io/active.h
+++ b/src/packet_io/active.h
@@ -44,6 +44,7 @@ public:
         PegCount failed_direct_injects;
         PegCount holds_denied;
         PegCount holds_canceled;
+        PegCount holds_allowed;
     };
 
     enum ActiveStatus : uint8_t
@@ -95,7 +96,7 @@ public:
     void drop_packet(const Packet*, bool force = false);
     void daq_drop_packet(const Packet*);
     bool retry_packet(const Packet*);
-    bool hold_packet(const Packet*);
+    void hold_packet(const Packet*);
     void cancel_packet_hold();
 
     void allow_session(Packet*);

diff --git a/src/packet_io/dev_notes.txt b/src/packet_io/dev_notes.txt
index eacb664269ba59620731bc1ea5a95fdfd4cee9db..e6c85a3eda66c0173fb67c6c692734ec6243eeab 100644 (file)
--- a/src/packet_io/dev_notes.txt
+++ b/src/packet_io/dev_notes.txt
@@ -5,3 +5,9 @@ There is one DAQ instance per active source (interface, pcap, etc.).  The
 DAQ determines the required root decoder, instantiated upon thread
 initialization, and which remains the same for all packets.
 
+The other modules use the Active interface to detain packets. A packet will
+not be held if it would drop the the available DAQ message pool down below 
+the DAQ batch size. DAQ batch size (the number of packets Snort can process
+in batch mode) can be configured using this command line option 
+--daq-batch-size and the pool size is obtained using a DAQ API call: 
+daq_instance_get_msg_pool_info(DAQ_Instance_h, DAQ_MsgPoolInfo_t)

diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc
index 1b84f629e1ae02093df74ec1beb17fabcdd56c87..701b4c05a06e9df30d4929bea64a312db131b665 100644 (file)
--- a/src/packet_io/sfdaq_instance.cc
+++ b/src/packet_io/sfdaq_instance.cc
@@ -167,6 +167,8 @@ bool SFDAQInstance::start()
     pool_size = mpool_info.size;
     pool_available = mpool_info.available;
     assert(pool_size == pool_available);
+    if (SnortConfig::log_verbose())
+        LogMessage("DAQ pool size: %d\n", pool_size);
 
     dlt = daq_instance_get_datalink_type(instance);
     get_tunnel_capabilities();

diff --git a/src/service_inspectors/http_inspect/http_tables.cc b/src/service_inspectors/http_inspect/http_tables.cc
index 62ebd4f4df91317bdbb7f01127d92c1f4ef83d80..815bd184249da51b1c54033b3069704793cb90d7 100644 (file)
--- a/src/service_inspectors/http_inspect/http_tables.cc
+++ b/src/service_inspectors/http_inspect/http_tables.cc
@@ -412,7 +412,7 @@ const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] =
     { CountType::SUM, "uri_coding", "URIs with character coding problems" },
     { CountType::NOW, "concurrent_sessions", "total concurrent http sessions" },
     { CountType::MAX, "max_concurrent_sessions", "maximum concurrent http sessions" },
-    { CountType::SUM, "detained_packets", "packet hold requests for detained inspection" },
+    { CountType::SUM, "detains_requested", "packet hold requests for detained inspection" },
     { CountType::SUM, "partial_inspections", "pre-inspections for detained inspection" },
     { CountType::SUM, "excess_parameters", "repeat parameters exceeding max" },
     { CountType::SUM, "parameters", "HTTP parameters inspected" },