return 0;
}
+int main_set_watchdog_params(lua_State* L)
+{
+ ControlConn* ctrlcon = ControlConn::query_from_lua(L);
+ SnortConfig* sc = SnortConfig::get_main_conf();
+
+ if ( sc && L )
+ {
+ int seconds = luaL_optint(L, 1, -1);
+ int thread_count = luaL_optint(L, 2, -1);
+ // Timer and thread count are accessed only in main thread context
+ if ( seconds != -1 )
+ sc->set_watchdog(seconds);
+
+ if ( thread_count != -1 )
+ sc->set_watchdog_min_thread_count(thread_count);
+
+ std::ostringstream watchdog_timer_msg;
+ watchdog_timer_msg << "== setting watchdog timer to " << sc->watchdog_timer
+ << ", min thread count to " << sc->watchdog_min_thread_count << "\n";
+ send_response(ctrlcon, watchdog_timer_msg.str().c_str());
+ }
+
+ return 0;
+}
+
int main_rotate_stats(lua_State* L)
{
ControlConn* ctrlcon = ControlConn::query_from_lua(L);
int main_delete_inspector(lua_State* = nullptr);
int main_dump_stats(lua_State* = nullptr);
int main_reset_stats(lua_State* = nullptr);
+int main_set_watchdog_params(lua_State* = nullptr);
int main_rotate_stats(lua_State* = nullptr);
int main_reload_config(lua_State* = nullptr);
int main_reload_policy(lua_State* = nullptr);
{ "watchdog_timer", Parameter::PT_INT, "0:60", "0",
"watchdog timer for packet threads (seconds, 0 to disable)" },
+ { "watchdog_min_thread_count", Parameter::PT_INT, "1:65535", "1",
+ "minimum unresponsive threads for watchdog to trigger" },
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
else if ( v.is("watchdog_timer") )
sc->set_watchdog(v.get_uint16());
+ else if ( v.is("watchdog_min_thread_count") )
+ sc->set_watchdog_min_thread_count(v.get_uint16());
+
return true;
}
watchdog_timer = n;
}
+void SnortConfig::set_watchdog_min_thread_count(uint16_t n)
+{
+ watchdog_min_thread_count = n;
+}
+
void SnortConfig::set_dirty_pig(bool enabled)
{
dirty_pig = enabled;
int user_id = -1;
int group_id = -1;
uint16_t watchdog_timer = 0;
+ uint16_t watchdog_min_thread_count = 1;
bool dirty_pig = false;
std::string chroot_dir; /* -t or config chroot */
void set_umask(uint32_t);
void set_utc(bool);
void set_watchdog(uint16_t);
+ void set_watchdog_min_thread_count(uint16_t);
SO_PUBLIC bool set_latency_enable();
//------------------------------------------------------
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
+static const Parameter s_watchdog[] =
+{
+ { "timer", Parameter::PT_INT, "0:max32", nullptr,
+ "timer for watchdog" },
+ { "min_thread_count", Parameter::PT_INT, "0:max32", nullptr,
+ "min thread count for watchdog" },
+
+ { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
+};
+
static const Command snort_cmds[] =
{
+ { "set_watchdog_params", main_set_watchdog_params, s_watchdog, "set watchdog parameters" },
{ "show_plugins", main_dump_plugins, nullptr, "show available plugins" },
{ "delete_inspector", main_delete_inspector, s_delete,
unsigned max = ThreadConfig::get_instance_max();
if ( waiting )
{
- WarningMessage("Packet processing thread is unresponsive, aborting Snort!\n");
+ uint16_t thread_count = 0;
+ WarningMessage("Packet processing threads are unresponsive\n");
WarningMessage("Unresponsive thread ID: ");
for ( unsigned i = 0; i < max; ++i )
+ {
if ( !resp[i] )
+ {
+ ++thread_count;
WarningMessage("%d ", i);
+ }
+ }
WarningMessage("\n");
- abort();
+ if ( thread_count >= SnortConfig::get_conf()->watchdog_min_thread_count )
+ {
+ WarningMessage("Aborting Snort\n");
+ abort();
+ }
}
for ( unsigned i = 0; i < max; ++i )
projects / thirdparty / snort3.git / commitdiff
