]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c99536)
perf: optimizes alert fast log
authorPhilippe Antoine <contact@catenacyber.fr>
Fri, 6 Dec 2019 07:58:56 +0000 (08:58 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 18 Feb 2020 15:20:38 +0000 (16:20 +0100)
In the case when we have multiple alerts for one packet
We suppose this happens more often than having decoder_event != 0

src/alert-fastlog.c patch | blob | blame | history

diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index 46f4f7ed3bf9af678158cec30c3b6f19e68d3e24..f1cd686417c45fedce00ad966524f298982d5b54 100644 (file)
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -128,6 +128,18 @@ int AlertFastLogger(ThreadVars *tv, void *data, const Packet *p)
      */
     char alert_buffer[MAX_FASTLOG_BUFFER_SIZE];
 
+    char proto[16] = "";
+    if (SCProtoNameValid(IP_GET_IPPROTO(p)) == TRUE) {
+        strlcpy(proto, known_proto[IP_GET_IPPROTO(p)], sizeof(proto));
+    } else {
+        snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IP_GET_IPPROTO(p));
+    }
+    uint16_t src_port_or_icmp = p->sp;
+    uint16_t dst_port_or_icmp = p->dp;
+    if (IP_GET_IPPROTO(p) == IPPROTO_ICMP || IP_GET_IPPROTO(p) == IPPROTO_ICMPV6) {
+        src_port_or_icmp = p->icmp_s.type;
+        dst_port_or_icmp = p->icmp_s.code;
+    }
     for (i = 0; i < p->alerts.cnt; i++) {
         const PacketAlert *pa = &p->alerts.alerts[i];
         if (unlikely(pa->s == NULL)) {
@@ -144,18 +156,6 @@ int AlertFastLogger(ThreadVars *tv, void *data, const Packet *p)
         /* Create the alert string without locking. */
         int size = 0;
         if (likely(decoder_event == 0)) {
-            char proto[16] = "";
-            if (SCProtoNameValid(IP_GET_IPPROTO(p)) == TRUE) {
-                strlcpy(proto, known_proto[IP_GET_IPPROTO(p)], sizeof(proto));
-            } else {
-                snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IP_GET_IPPROTO(p));
-            }
-            uint16_t src_port_or_icmp = p->sp;
-            uint16_t dst_port_or_icmp = p->dp;
-            if (IP_GET_IPPROTO(p) == IPPROTO_ICMP || IP_GET_IPPROTO(p) == IPPROTO_ICMPV6) {
-                src_port_or_icmp = p->icmp_s.type;
-                dst_port_or_icmp = p->icmp_s.code;
-            }
             PrintBufferData(alert_buffer, &size, MAX_FASTLOG_ALERT_SIZE,
                             "%s  %s[**] [%" PRIu32 ":%" PRIu32 ":%"
                             PRIu32 "] %s [**] [Classification: %s] [Priority: %"PRIu32"]"
Mirror of https://github.com/OISF/suricata.git