Pull request #3752: detection: add new pegcount

Merge in SNORT/snort3 from ~YCHALOV/snort3:sse_total_distance to master

Squashed commit of the following:

commit f41962a935ec8edf4de99df43bcc569877afc9f8
Author: Yurii Chalov <ychalov@cisco.com>
Date:   Thu Jan 26 13:08:52 2023 +0100

    detection: add new pegcount

diff --git a/src/detection/detection_continuation.h b/src/detection/detection_continuation.h
index f9741e792972b252d007db9fed045e3add762d29..e8550acf0030a9265701aa05eafefad3d877a98a 100644 (file)
--- a/src/detection/detection_continuation.h
+++ b/src/detection/detection_continuation.h
@@ -62,8 +62,8 @@ private:
 
     struct State
     {
-        State() : data(), root(), selector(nullptr), node(nullptr),
-            waypoint(0), sid(0), packet_number(0), opt_parent(false)
+        State() : data(), root(), selector(nullptr), node(nullptr), waypoint(0),
+            original_waypoint(0), sid(0), packet_number(0), opt_parent(false)
         {
             for (uint8_t i = 0; i < NUM_IPS_OPTIONS_VARS; ++i)
                 byte_extract_vars[i] = 0;
@@ -72,8 +72,9 @@ private:
         State(const detection_option_tree_node_t& n, const detection_option_eval_data_t& d,
             snort::IpsOption* s, unsigned wp, uint64_t id, bool p) : data(d),
             root(1, nullptr, d.otn, new RuleLatencyState[snort::ThreadConfig::get_instance_max()]()),
-            selector(s), node(const_cast<detection_option_tree_node_t*>(&n)),
-            waypoint(wp), sid(id), packet_number(d.p->context->packet_number), opt_parent(p)
+            selector(s), node(const_cast<detection_option_tree_node_t*>(&n)), waypoint(wp),
+            original_waypoint(wp), sid(id), packet_number(d.p->context->packet_number),
+            opt_parent(p)
         {
             for (uint8_t i = 0; i < NUM_IPS_OPTIONS_VARS; ++i)
                 snort::GetVarValueByIndex(&byte_extract_vars[i], i);
@@ -91,6 +92,7 @@ private:
         snort::IpsOption* selector;
         detection_option_tree_node_t* node;
         unsigned waypoint;
+        const unsigned original_waypoint;
         uint64_t sid;
         uint64_t packet_number;
         uint32_t byte_extract_vars[NUM_IPS_OPTIONS_VARS];
@@ -258,9 +260,15 @@ bool Continuation::State::eval(snort::Packet& p)
     clear_trace_cursor_info();
 
     if (result)
+    {
         snort::pc.cont_matches++;
+        snort::pc.cont_match_distance += original_waypoint;
+    }
     else
+    {
         snort::pc.cont_mismatches++;
+        snort::pc.cont_mismatch_distance += original_waypoint;
+    }
 
     return true;
 }

diff --git a/src/utils/stats.cc b/src/utils/stats.cc
index a59ac7890f2688f3068e445f91bbdad2cf2c33fd..6986e17a9c433f02da4ce59e4b8e6fd8af08459f 100644 (file)
--- a/src/utils/stats.cc
+++ b/src/utils/stats.cc
@@ -221,6 +221,8 @@ const PegInfo pc_names[] =
     { CountType::SUM, "cont_matches", "total number of continuations matched" },
     { CountType::SUM, "cont_mismatches", "total number of continuations mismatched" },
     { CountType::MAX, "cont_max_num", "peak number of simultaneous continuations per flow" },
+    { CountType::SUM, "cont_match_distance", "total number of bytes jumped over by matched continuations"},
+    { CountType::SUM, "cont_mismatch_distance", "total number of bytes jumped over by mismatched continuations"},
     { CountType::END, nullptr, nullptr }
 };
 

diff --git a/src/utils/stats.h b/src/utils/stats.h
index 808bfffb42c7a0dc031849217505fb394053c6fb..ccad8f4639afbf594cf97854603215816ecf1900 100644 (file)
--- a/src/utils/stats.h
+++ b/src/utils/stats.h
@@ -70,6 +70,8 @@ struct PacketCount
     PegCount cont_matches;
     PegCount cont_mismatches;
     PegCount cont_max_num;
+    PegCount cont_match_distance;
+    PegCount cont_mismatch_distance;
 };
 
 struct ProcessCount