unsigned num = sizeof(file_totals) / sizeof(PegCount);
- for ( unsigned i = 0; i < num; ++i )
- {
- PegCount* t = (PegCount*)&file_totals;
- PegCount* s = (PegCount*)file_stats;
+ PegCount* t = (PegCount*)&file_totals;
+ PegCount* s = (PegCount*)file_stats;
+
+ for (unsigned i = 0; i < num; ++i)
t[i] += s[i];
- }
+
+ memset(file_stats, 0, sizeof(*file_stats));
}
void file_stats_clear()
}
if ( !check_total )
- {
- memset(&file_totals,0,sizeof(file_totals));
return;
- }
LogLabel("File Statistics");
LogLabel("file type stats (files)");
if ( !check_total )
{
- memset(&file_totals,0,sizeof(file_totals));
return;
}
#endif
// these are global / shared by all threads
FileCapture::print_mem_usage();
- memset(&file_totals,0,sizeof(file_totals));
}
void AppIdPegCounts::cleanup_dynamic_sum()
{
- for ( unsigned app_num = 0; app_num < AppIdPegCounts::appid_detectors_info.size(); app_num++ )
+ for (unsigned app_num = 0; app_num < AppIdPegCounts::appid_detectors_info.size(); app_num++)
{
memset(appid_dynamic_sum[app_num].stats, 0, sizeof(PegCount) *
DetectorPegs::NUM_APPID_DETECTOR_PEGS);
{
std::lock_guard<std::mutex> _lock(r_mutex);
const unsigned peg_num = appid_peg_counts->size() ? (appid_peg_counts->size() - 1) : 0;
- const AppIdDynamicPeg* ptr = (AppIdDynamicPeg*)appid_peg_counts->data();
+ AppIdDynamicPeg* ptr = (AppIdDynamicPeg*)appid_peg_counts->data();
- for ( unsigned i = 0; i < peg_num; ++i )
+ for (unsigned i = 0; i < peg_num; ++i)
{
for (unsigned j = 0; j < DetectorPegs::NUM_APPID_DETECTOR_PEGS; ++j)
appid_dynamic_sum[i].stats[j] += ptr[i].stats[j];
+
+ ptr[i].zero_out();
}
// unknown_app stats
for (unsigned j = 0; j < DetectorPegs::NUM_APPID_DETECTOR_PEGS; ++j)
appid_dynamic_sum[SF_APPID_MAX].stats[j] += ptr[peg_num].stats[j];
+ ptr[peg_num].zero_out();
}
}
return !memcmp(stats, &all_zeroed_peg, sizeof(stats));
}
+ void zero_out()
+ {
+ memcpy(stats, &all_zeroed_peg, sizeof(stats));
+ }
+
void print(const char* app, char* buf, int buf_size)
{
snprintf(buf, buf_size, "%25.25s: " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10")
add_library( normalize OBJECT
+ norm_stats.cc
+ norm_stats.h
normalize.cc
normalize.h
norm_module.cc
#endif
#include "norm.h"
+#include "norm_stats.h"
#include "detection/ips_context.h"
#include "main/snort_config.h"
using namespace snort;
-enum PegCounts
-{
- PC_IP4_TRIM,
- PC_IP4_TOS,
- PC_IP4_DF,
- PC_IP4_RF,
- PC_IP4_TTL,
- PC_IP4_OPTS,
- PC_ICMP4_ECHO,
- PC_IP6_TTL,
- PC_IP6_OPTS,
- PC_ICMP6_ECHO,
- PC_TCP_SYN_OPT,
- PC_TCP_OPT,
- PC_TCP_PAD,
- PC_TCP_RSV,
- PC_TCP_NS,
- PC_TCP_URP,
- PC_TCP_ECN_PKT,
- PC_TCP_TS_ECR,
- PC_TCP_REQ_URG,
- PC_TCP_REQ_PAY,
- PC_TCP_REQ_URP,
- PC_MAX
-};
-
-const PegInfo norm_names[] =
-{
- { CountType::SUM, "ip4_trim", "eth packets trimmed to datagram size" },
- { CountType::SUM, "ip4_tos", "type of service normalizations" },
- { CountType::SUM, "ip4_df", "don't frag bit normalizations" },
- { CountType::SUM, "ip4_rf", "reserved flag bit clears" },
- { CountType::SUM, "ip4_ttl", "time-to-live normalizations" },
- { CountType::SUM, "ip4_opts", "ip4 options cleared" },
- { CountType::SUM, "icmp4_echo", "icmp4 ping normalizations" },
- { CountType::SUM, "ip6_hops", "ip6 hop limit normalizations" },
- { CountType::SUM, "ip6_options", "ip6 options cleared" },
- { CountType::SUM, "icmp6_echo", "icmp6 echo normalizations" },
- { CountType::SUM, "tcp_syn_options", "SYN only options cleared from non-SYN packets" },
- { CountType::SUM, "tcp_options", "packets with options cleared" },
- { CountType::SUM, "tcp_padding", "packets with padding cleared" },
- { CountType::SUM, "tcp_reserved", "packets with reserved bits cleared" },
- { CountType::SUM, "tcp_nonce", "packets with nonce bit cleared" },
- { CountType::SUM, "tcp_urgent_ptr", "packets without data with urgent pointer cleared" },
- { CountType::SUM, "tcp_ecn_pkt", "packets with ECN bits cleared" },
- { CountType::SUM, "tcp_ts_ecr", "timestamp cleared on non-ACKs" },
- { CountType::SUM, "tcp_req_urg", "cleared urgent pointer when urgent flag is not set" },
- { CountType::SUM, "tcp_req_pay",
- "cleared urgent pointer and urgent flag when there is no payload" },
- { CountType::SUM, "tcp_req_urp", "cleared the urgent flag if the urgent pointer is not set" },
- { CountType::END, nullptr, nullptr }
-};
-
-static THREAD_LOCAL PegCount normStats[PC_MAX+PC_TCP_MAX][NORM_MODE_MAX];
-
//static int Norm_Eth(Packet*, uint8_t layer, int changes);
static int Norm_IP4(NormalizerConfig*, Packet*, uint8_t layer, int changes);
static int Norm_ICMP4(NormalizerConfig*, Packet*, uint8_t layer, int changes);
p->packet_flags |= PKT_RESIZED;
changes++;
}
- normStats[PC_IP4_TRIM][mode]++;
+ norm_stats[PC_IP4_TRIM][mode]++;
}
}
if ( Norm_IsEnabled(c, NORM_IP4_TOS) )
h->ip_tos = 0;
changes++;
}
- normStats[PC_IP4_TOS][mode]++;
+ norm_stats[PC_IP4_TOS][mode]++;
}
}
#if 0
fragbits &= ~IP4_FLAG_DF;
changes++;
}
- normStats[PC_IP4_DF][mode]++;
+ norm_stats[PC_IP4_DF][mode]++;
}
}
if ( Norm_IsEnabled(c, NORM_IP4_RF) )
fragbits &= ~IP4_FLAG_RF;
changes++;
}
- normStats[PC_IP4_RF][mode]++;
+ norm_stats[PC_IP4_RF][mode]++;
}
}
if ( fragbits != origbits )
p->ptrs.decode_flags &= ~DECODE_ERR_BAD_TTL;
changes++;
}
- normStats[PC_IP4_TTL][mode]++;
+ norm_stats[PC_IP4_TTL][mode]++;
}
}
if ( p->layers[layer].length > ip::IP4_HEADER_LEN )
memset(opts, static_cast<uint8_t>(ip::IPOptionCodes::NOP), len);
changes++;
}
- normStats[PC_IP4_OPTS][mode]++;
+ norm_stats[PC_IP4_OPTS][mode]++;
}
return changes;
}
h->code = icmp::IcmpCode::ECHO_CODE;
changes++;
}
- normStats[PC_ICMP4_ECHO][mode]++;
+ norm_stats[PC_ICMP4_ECHO][mode]++;
}
return changes;
}
p->ptrs.decode_flags &= ~DECODE_ERR_BAD_TTL;
changes++;
}
- normStats[PC_IP6_TTL][mode]++;
+ norm_stats[PC_IP6_TTL][mode]++;
}
}
return changes;
h->code = static_cast<icmp::IcmpCode>(0);
changes++;
}
- normStats[PC_ICMP6_ECHO][mode]++;
+ norm_stats[PC_ICMP6_ECHO][mode]++;
}
return changes;
}
changes++;
}
- normStats[PC_IP6_OPTS][mode]++;
+ norm_stats[PC_IP6_OPTS][mode]++;
return changes;
}
NopDaOpt(opts+i, olen);
changes++;
}
- normStats[PC_TCP_SYN_OPT][mode]++;
+ norm_stats[PC_TCP_SYN_OPT][mode]++;
}
break;
memset(opts+i+TS_ECR_OFFSET, 0, TS_ECR_LENGTH);
changes++;
}
- normStats[PC_TCP_TS_ECR][mode]++;
+ norm_stats[PC_TCP_TS_ECR][mode]++;
}
break;
NopDaOpt(opts+i, olen);
changes++;
}
- normStats[PC_TCP_OPT][mode]++;
+ norm_stats[PC_TCP_OPT][mode]++;
}
}
i += olen;
memset(opts+i, 0, len-i);
changes++;
}
- normStats[PC_TCP_PAD][mode]++;
+ norm_stats[PC_TCP_PAD][mode]++;
}
return changes;
}
memset(opts+i, 0, len-i);
changes++;
}
- normStats[PC_TCP_PAD][mode]++;
+ norm_stats[PC_TCP_PAD][mode]++;
}
return changes;
}
h->th_offx2 &= ~TH_RSV;
changes++;
}
- normStats[PC_TCP_RSV][mode]++;
+ norm_stats[PC_TCP_RSV][mode]++;
}
}
if ( Norm_IsEnabled(c, NORM_TCP_ECN_PKT) )
h->th_flags &= ~(TH_CWR|TH_ECE);
changes++;
}
- normStats[PC_TCP_ECN_PKT][mode]++;
+ norm_stats[PC_TCP_ECN_PKT][mode]++;
}
if ( h->th_offx2 & TH_NS )
{
h->th_offx2 &= ~TH_NS;
changes++;
}
- normStats[PC_TCP_NS][mode]++;
+ norm_stats[PC_TCP_NS][mode]++;
}
}
if ( h->th_urp )
h->th_urp = 0;
changes++;
}
- normStats[PC_TCP_REQ_URG][mode]++;
+ norm_stats[PC_TCP_REQ_URG][mode]++;
}
}
else if ( !p->dsize )
h->th_urp = 0;
changes++;
}
- normStats[PC_TCP_REQ_PAY][mode]++;
+ norm_stats[PC_TCP_REQ_PAY][mode]++;
}
}
else if ( h->urp() > p->dsize )
h->set_urp(p->dsize);
changes++;
}
- normStats[PC_TCP_URP][mode]++;
+ norm_stats[PC_TCP_URP][mode]++;
}
}
}
h->th_flags &= ~TH_URG;
changes++;
}
- normStats[PC_TCP_REQ_URP][mode]++;
+ norm_stats[PC_TCP_REQ_URP][mode]++;
}
}
//-----------------------------------------------------------------------
-const PegInfo* Norm_GetPegs()
-{ return norm_names; }
-
-NormPegs Norm_GetCounts(unsigned& c)
-{
- c = PC_MAX;
- return normStats;
-}
-
-//-----------------------------------------------------------------------
-
int Norm_SetConfig(NormalizerConfig* nc)
{
if ( !nc->normalizer_flags )
typedef int (* NormalFunc)( // FIXIT-L why is this exposed?
struct NormalizerConfig*, snort::Packet*, uint8_t layer, int changes);
-extern const PegInfo norm_names[];
-
struct NormalizerConfig
{
uint32_t normalizer_flags;
return nc->normalizer_options[byte] & bit;
}
-const PegInfo* Norm_GetPegs();
-NormPegs Norm_GetCounts(unsigned&);
-
#endif
#endif
#include "norm_module.h"
+#include "norm_stats.h"
#include "main/policy.h"
#include "stream/tcp/tcp_normalizer.h"
if ( !test_pegs.empty() )
return &test_pegs[0];
- const PegInfo* p = Norm_GetPegs();
+ const PegInfo* p = &norm_names[0];
assert(p);
while ( p->name )
test_pegs.emplace_back(*p);
p++;
}
-
- p = TcpNormalizer::get_normalization_pegs();
- assert(p);
-
- while ( p->name )
- {
- add_test_peg(*p);
- test_pegs.emplace_back(*p);
- p++;
- }
-
test_pegs.emplace_back(*p);
+
return &test_pegs[0];
}
PegCount* NormalizeModule::get_counts() const
-{
- unsigned c = 0;
- NormPegs p = Norm_GetCounts(c);
-
- unsigned tc = 0;
- NormPegs tp = TcpNormalizer::get_normalization_counts(tc);
-
- for ( unsigned i = 0; i < tc; ++i )
- {
- p[c+i][NORM_MODE_ON] = tp[i][NORM_MODE_ON];
- p[c+i][NORM_MODE_TEST] = tp[i][NORM_MODE_TEST];
- }
-
- return (PegCount*)p;
-}
-
+{ return (PegCount*)norm_stats; }
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved.
+// Copyright (C) 2010-2013 Sourcefire, Inc.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// norm_stats.cc author cisco.com
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "norm_stats.h"
+
+const PegInfo norm_names[] =
+{
+ { CountType::SUM, "ip4_trim", "eth packets trimmed to datagram size" },
+ { CountType::SUM, "ip4_tos", "type of service normalizations" },
+ { CountType::SUM, "ip4_df", "don't frag bit normalizations" },
+ { CountType::SUM, "ip4_rf", "reserved flag bit clears" },
+ { CountType::SUM, "ip4_ttl", "time-to-live normalizations" },
+ { CountType::SUM, "ip4_opts", "ip4 options cleared" },
+ { CountType::SUM, "icmp4_echo", "icmp4 ping normalizations" },
+ { CountType::SUM, "ip6_hops", "ip6 hop limit normalizations" },
+ { CountType::SUM, "ip6_options", "ip6 options cleared" },
+ { CountType::SUM, "icmp6_echo", "icmp6 echo normalizations" },
+ { CountType::SUM, "tcp_syn_options", "SYN only options cleared from non-SYN packets" },
+ { CountType::SUM, "tcp_options", "packets with options cleared" },
+ { CountType::SUM, "tcp_padding", "packets with padding cleared" },
+ { CountType::SUM, "tcp_reserved", "packets with reserved bits cleared" },
+ { CountType::SUM, "tcp_nonce", "packets with nonce bit cleared" },
+ { CountType::SUM, "tcp_urgent_ptr", "packets without data with urgent pointer cleared" },
+ { CountType::SUM, "tcp_ecn_pkt", "packets with ECN bits cleared" },
+ { CountType::SUM, "tcp_ts_ecr", "timestamp cleared on non-ACKs" },
+ { CountType::SUM, "tcp_req_urg", "cleared urgent pointer when urgent flag is not set" },
+ { CountType::SUM, "tcp_req_pay",
+ "cleared urgent pointer and urgent flag when there is no payload" },
+ { CountType::SUM, "tcp_req_urp", "cleared the urgent flag if the urgent pointer is not set" },
+
+ // These peg counts are shared with stream_tcp
+ { CountType::SUM, "tcp_trim_syn", "tcp segments trimmed on SYN" },
+ { CountType::SUM, "tcp_trim_rst", "RST packets with data trimmed" },
+ { CountType::SUM, "tcp_trim_win", "data trimmed to window" },
+ { CountType::SUM, "tcp_trim_mss", "data trimmed to MSS" },
+ { CountType::SUM, "tcp_ecn_session", "ECN bits cleared" },
+ { CountType::SUM, "tcp_ts_nop", "timestamp options cleared" },
+ { CountType::SUM, "tcp_ips_data", "normalized segments" },
+ { CountType::SUM, "tcp_block", "blocked segments" },
+
+ { CountType::END, nullptr, nullptr }
+};
+
+THREAD_LOCAL PegCount norm_stats[PC_MAX][NORM_MODE_MAX];
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved.
+// Copyright (C) 2010-2013 Sourcefire, Inc.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// norm_stats.h author cisco.com
+
+#ifndef NORM_STATS_H
+#define NORM_STATS_H
+
+#include "framework/counts.h"
+#include "main/thread.h"
+
+#include "normalize.h"
+
+enum PegCounts
+{
+ PC_IP4_TRIM,
+ PC_IP4_TOS,
+ PC_IP4_DF,
+ PC_IP4_RF,
+ PC_IP4_TTL,
+ PC_IP4_OPTS,
+ PC_ICMP4_ECHO,
+ PC_IP6_TTL,
+ PC_IP6_OPTS,
+ PC_ICMP6_ECHO,
+ PC_TCP_SYN_OPT,
+ PC_TCP_OPT,
+ PC_TCP_PAD,
+ PC_TCP_RSV,
+ PC_TCP_NS,
+ PC_TCP_URP,
+ PC_TCP_ECN_PKT,
+ PC_TCP_TS_ECR,
+ PC_TCP_REQ_URG,
+ PC_TCP_REQ_PAY,
+ PC_TCP_REQ_URP,
+
+ // These peg counts are shared with stream_tcp
+ PC_TCP_TRIM_SYN,
+ PC_TCP_TRIM_RST,
+ PC_TCP_TRIM_WIN,
+ PC_TCP_TRIM_MSS,
+ PC_TCP_ECN_SSN,
+ PC_TCP_TS_NOP,
+ PC_TCP_IPS_DATA,
+ PC_TCP_BLOCK,
+
+ PC_MAX
+};
+
+#define TCP_PEGS_START PC_TCP_TRIM_SYN
+
+extern THREAD_LOCAL PegCount norm_stats[PC_MAX][NORM_MODE_MAX];
+extern const PegInfo norm_names[];
+
+#endif
#ifndef NORMALIZE_H
#define NORMALIZE_H
-#include "framework/counts.h"
-
// these control protocol specific normalizations
enum NormFlags
{
NORM_ALL = 0xFFFFFFFF, // all normalizations on
};
-enum NormMode : int8_t
+enum NormMode
{
NORM_MODE_TEST,
NORM_MODE_ON,
NORM_MODE_MAX
};
-typedef PegCount (* NormPegs)[NORM_MODE_MAX];
-
bool Normalize_IsEnabled(NormFlags);
NormMode Normalize_GetMode(NormFlags);
{ CountType::SUM, "ignored_bytes", "total ignored bytes" },
{ CountType::SUM, "smb_client_segs_reassembled", "total smb client segments reassembled" },
{ CountType::SUM, "smb_server_segs_reassembled", "total smb server segments reassembled" },
- { CountType::SUM, "max_outstanding_requests", "total smb maximum outstanding requests" },
+ { CountType::MAX, "max_outstanding_requests", "maximum outstanding requests" },
{ CountType::SUM, "files_processed", "total smb files processed" },
{ CountType::SUM, "v2_setup", "total number of SMBv2 setup packets seen" },
{ CountType::SUM, "v2_setup_err_resp",
static BaseStats g_stats;
THREAD_LOCAL BaseStats stream_base_stats;
+THREAD_LOCAL PegCount current_flows_prev;
+THREAD_LOCAL PegCount uni_flows_prev;
+THREAD_LOCAL PegCount uni_ip_flows_prev;
// FIXIT-L dependency on stats define in another file
const PegInfo base_pegs[] =
{ CountType::SUM, "reload_allowed_deletes", "number of allowed flows deleted by config reloads" },
{ CountType::SUM, "reload_blocked_deletes", "number of blocked flows deleted by config reloads" },
{ CountType::SUM, "reload_offloaded_deletes", "number of offloaded flows deleted by config reloads" },
+
+ // Keep the NOW stats at the bottom as it requires special sum_stats logic
{ CountType::NOW, "current_flows", "current number of flows in cache" },
{ CountType::NOW, "uni_flows", "number of uni flows in cache" },
{ CountType::NOW, "uni_ip_flows", "number of uni ip flows in cache" },
{ CountType::END, nullptr, nullptr }
};
+#define NOW_PEGS_NUM 3
+
// FIXIT-L dependency on stats define in another file
void base_prep()
{
stream_base_stats.reload_allowed_flow_deletes = flow_con->get_deletes(FlowDeleteState::ALLOWED);
stream_base_stats.reload_offloaded_flow_deletes= flow_con->get_deletes(FlowDeleteState::OFFLOADED);
stream_base_stats.reload_blocked_flow_deletes= flow_con->get_deletes(FlowDeleteState::BLOCKED);
+
stream_base_stats.current_flows = flow_con->get_num_flows();
stream_base_stats.uni_flows = flow_con->get_uni_flows();
stream_base_stats.uni_ip_flows = flow_con->get_uni_ip_flows();
+
ExpectCache* exp_cache = flow_con->get_exp_cache();
if ( exp_cache )
void base_sum()
{
sum_stats((PegCount*)&g_stats, (PegCount*)&stream_base_stats,
- array_size(base_pegs) - 1);
+ array_size(base_pegs) - 1 - NOW_PEGS_NUM);
+
+ g_stats.current_flows += (int64_t)stream_base_stats.current_flows - (int64_t)current_flows_prev;
+ g_stats.uni_flows += (int64_t)stream_base_stats.uni_flows - (int64_t)uni_flows_prev;
+ g_stats.uni_ip_flows += (int64_t)stream_base_stats.uni_ip_flows - (int64_t)uni_ip_flows_prev;
+
base_reset(false);
}
void base_reset(bool reset_all)
{
- if ( flow_con )
- flow_con->clear_counts();
+ current_flows_prev = stream_base_stats.current_flows;
+ uni_flows_prev = stream_base_stats.uni_flows;
+ uni_ip_flows_prev = stream_base_stats.uni_ip_flows;
memset(&stream_base_stats, 0, sizeof(stream_base_stats));
- if ( reset_all )
+ if ( flow_con )
{
- if ( flow_con )
- {
- ExpectCache* exp_cache = flow_con->get_exp_cache();
- if ( exp_cache )
- exp_cache->reset_stats();
- }
- memset(&g_stats, 0, sizeof(g_stats));
+ flow_con->clear_counts();
+ ExpectCache* exp_cache = flow_con->get_exp_cache();
+ if ( exp_cache )
+ exp_cache->reset_stats();
}
+
+ if ( reset_all )
+ memset(&g_stats, 0, sizeof(g_stats));
}
//-------------------------------------------------------------------------
PegCount reload_allowed_flow_deletes;
PegCount reload_blocked_flow_deletes;
PegCount reload_offloaded_flow_deletes;
+
+ // Keep the NOW stats at the bottom as it requires special sum_stats logic
PegCount current_flows;
PegCount uni_flows;
PegCount uni_ip_flows;
unsigned offset = trs.sos.tsd->get_seq() - trs.sos.left->i_seq;
trs.sos.tsd->rewrite_payload(0, trs.sos.left->data + offset);
}
- tcp_norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
+ norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
}
else
{
trs.sos.tsd->rewrite_payload(0, trs.sos.left->data + offset, length);
}
- tcp_norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
+ norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
}
trs.sos.seq += trs.sos.overlap;
trs.sos.tsd->rewrite_payload(offset, trs.sos.right->data, length);
}
- tcp_norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
+ norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
trs.sos.trunc_len = trs.sos.overlap;
}
trs.sos.tsd->rewrite_payload(offset, trs.sos.right->data, trs.sos.right->i_len);
}
- tcp_norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
+ norm_stats[PC_TCP_IPS_DATA][trs.sos.tcp_ips_data]++;
if ( SEQ_EQ(trs.sos.right->i_seq, trs.sos.seq) )
{
#include <vector>
-#include "normalize/normalize.h"
+#include "normalize/norm_stats.h"
#include "stream/paf.h"
#include "tcp_segment_node.h"
using namespace snort;
-THREAD_LOCAL PegCount tcp_norm_stats[PC_TCP_MAX][NORM_MODE_MAX];
-
-static const PegInfo pegName[] =
-{
- { CountType::SUM, "tcp_trim_syn", "tcp segments trimmed on SYN" },
- { CountType::SUM, "tcp_trim_rst", "RST packets with data trimmed" },
- { CountType::SUM, "tcp_trim_win", "data trimmed to window" },
- { CountType::SUM, "tcp_trim_mss", "data trimmed to MSS" },
- { CountType::SUM, "tcp_ecn_session", "ECN bits cleared" },
- { CountType::SUM, "tcp_ts_nop", "timestamp options cleared" },
- { CountType::SUM, "tcp_ips_data", "normalized segments" },
- { CountType::SUM, "tcp_block", "blocked segments" },
- { CountType::END, nullptr, nullptr }
-};
-
-const PegInfo* TcpNormalizer::get_normalization_pegs()
-{
- return pegName;
-}
-
-NormPegs TcpNormalizer::get_normalization_counts(unsigned& c)
-{
- c = PC_TCP_MAX;
- return tcp_norm_stats;
-}
-
bool TcpNormalizer::trim_payload(TcpNormalizerState&, TcpSegmentDescriptor& tsd, uint32_t max,
- NormMode mode, TcpPegCounts peg, bool force)
+ NormMode mode, PegCounts peg, bool force)
{
if ( force )
mode = NORM_MODE_ON;
- tcp_norm_stats[peg][mode]++;
+ norm_stats[peg][mode]++;
if ( mode == NORM_MODE_ON )
{
bool TcpNormalizer::strip_tcp_timestamp(
TcpNormalizerState&, TcpSegmentDescriptor& tsd, const tcp::TcpOption* opt, NormMode mode)
{
- tcp_norm_stats[PC_TCP_TS_NOP][mode]++;
+ norm_stats[PC_TCP_TS_NOP][mode]++;
if (mode == NORM_MODE_ON)
{
const int8_t mode = (f == NORM_TCP_BLOCK) ? tns.tcp_block : tns.opt_block;
- tcp_norm_stats[PC_TCP_BLOCK][mode]++;
+ norm_stats[PC_TCP_BLOCK][mode]++;
if (mode == NORM_MODE_ON)
{
tsd.set_packet_flags(PKT_MODIFIED);
}
- tcp_norm_stats[PC_TCP_ECN_SSN][tns.strip_ecn]++;
+ norm_stats[PC_TCP_ECN_SSN][tns.strip_ecn]++;
}
}
void TcpNormalizer::reset_stats()
{
- for (int i = 0; i < PC_TCP_MAX; i++)
+ for (int i = TCP_PEGS_START; i < PC_MAX; i++)
for (int j = 0; j < NORM_MODE_MAX; j++)
- tcp_norm_stats[i][j] = 0;
+ norm_stats[i][j] = 0;
}
#include "main/thread.h"
#include "normalize/normalize.h"
+#include "normalize/norm_stats.h"
#include "protocols/tcp_options.h"
-enum TcpPegCounts
-{
- PC_TCP_TRIM_SYN,
- PC_TCP_TRIM_RST,
- PC_TCP_TRIM_WIN,
- PC_TCP_TRIM_MSS,
- PC_TCP_ECN_SSN,
- PC_TCP_TS_NOP,
- PC_TCP_IPS_DATA,
- PC_TCP_BLOCK,
- PC_TCP_MAX
-};
-
-extern THREAD_LOCAL PegCount tcp_norm_stats[PC_TCP_MAX][NORM_MODE_MAX];
-
class TcpStreamSession;
class TcpStreamTracker;
class TcpSegmentDescriptor;
virtual int handle_repeated_syn(State&, TcpSegmentDescriptor&) = 0;
virtual uint16_t set_urg_offset(State&, const snort::tcp::TCPHdr* tcph, uint16_t dsize);
- static const PegInfo* get_normalization_pegs();
- static NormPegs get_normalization_counts(unsigned&);
static void reset_stats();
protected:
TcpNormalizer() = default;
- virtual bool trim_payload(State&, TcpSegmentDescriptor&, uint32_t, NormMode, TcpPegCounts,
+ virtual bool trim_payload(State&, TcpSegmentDescriptor&, uint32_t, NormMode, PegCounts,
bool force = false);
virtual bool strip_tcp_timestamp(
State&, TcpSegmentDescriptor&, const snort::tcp::TcpOption*, NormMode);
projects / thirdparty / snort3.git / commitdiff
