Pull request #3894: rna: add stats for rna graphs

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:rna_graphs to master

Squashed commit of the following:

commit 92a7848dfd79dfcd809a1501165f7325b42af2d3
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Wed Jun 14 08:42:16 2023 -0400

    rna: add stats for rna graphs

diff --git a/src/network_inspectors/rna/rna_event_handler.cc b/src/network_inspectors/rna/rna_event_handler.cc
index aaec81ec824c8beed4779c6fea31714243bb51fb..3db23dc1157967c65aa31459d33e201f2866e49b 100644 (file)
--- a/src/network_inspectors/rna/rna_event_handler.cc
+++ b/src/network_inspectors/rna/rna_event_handler.cc
@@ -32,6 +32,7 @@ void RnaAppidEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.appid_change;
+    update_rna_pkt_stats(event);
     pnd.analyze_appid_changes(event);
 }
 
@@ -39,6 +40,7 @@ void RnaIcmpBidirectionalEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.icmp_bidirectional;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_icmp(event.get_packet());
 }
 
@@ -46,6 +48,7 @@ void RnaIcmpNewFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.icmp_new;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_icmp(event.get_packet());
 }
 
@@ -53,6 +56,7 @@ void RnaIpBidirectionalEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.ip_bidirectional;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_ip(event.get_packet());
 }
 
@@ -60,6 +64,7 @@ void RnaIpNewFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.ip_new;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_ip(event.get_packet());
 }
 
@@ -67,6 +72,7 @@ void RnaTcpSynEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.tcp_syn;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_tcp(event.get_packet(), TcpPacketType::SYN);
 }
 
@@ -74,6 +80,7 @@ void RnaTcpSynAckEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.tcp_syn_ack;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_tcp(event.get_packet(), TcpPacketType::SYN_ACK);
 }
 
@@ -81,6 +88,7 @@ void RnaTcpMidstreamEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.tcp_midstream;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_tcp(event.get_packet(), TcpPacketType::MIDSTREAM);
 }
 
@@ -88,6 +96,7 @@ void RnaUdpBidirectionalEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.udp_bidirectional;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_udp(event.get_packet());
 }
 
@@ -95,14 +104,15 @@ void RnaUdpNewFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.udp_new;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_udp(event.get_packet());
 }
 
 void RnaIdleEventHandler::handle(DataEvent& event, Flow*)
 {
-    UNUSED(event);
     Profile profile(rna_perf_stats);
     ++rna_stats.change_host_update;
+    update_rna_pkt_stats(event);
     pnd.generate_change_host_update();
 }
 
@@ -110,6 +120,7 @@ void RnaDHCPInfoEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.dhcp_info;
+    update_rna_pkt_stats(event);
     pnd.add_dhcp_info(event);
 }
 
@@ -117,6 +128,7 @@ void RnaDHCPDataEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.dhcp_data;
+    update_rna_pkt_stats(event);
     pnd.analyze_dhcp_fingerprint(event);
 }
 
@@ -124,6 +136,7 @@ void RnaFpSMBEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.smb;
+    update_rna_pkt_stats(event);
     pnd.analyze_smb_fingerprint(event);
 }
 
@@ -131,6 +144,7 @@ void RnaCPEOSInfoEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.cpe_os;
+    update_rna_pkt_stats(event);
     pnd.analyze_cpe_os_info(event);
 }
 
@@ -138,5 +152,6 @@ void RnaNetFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.netflow_record;
+    update_rna_pkt_stats(event);
     pnd.analyze_netflow(event);
 }

diff --git a/src/network_inspectors/rna/rna_event_handler.h b/src/network_inspectors/rna/rna_event_handler.h
index 1f49b57f1858f73cc930b4bd9ee629658eb7ec9f..b6faa45c656538a47a880d4f72b98d59d987f871 100644 (file)
--- a/src/network_inspectors/rna/rna_event_handler.h
+++ b/src/network_inspectors/rna/rna_event_handler.h
@@ -26,6 +26,17 @@
 #include "rna_module.h"
 #include "rna_pnd.h"
 
+inline static void update_rna_pkt_stats(const snort::Packet* p)
+{
+    ++rna_stats.total_packets_in_interval;
+    rna_stats.total_bytes_in_interval += p->pktlen;
+}
+
+inline static void update_rna_pkt_stats(snort::DataEvent& event)
+{
+    update_rna_pkt_stats(event.get_packet());
+}
+
 class RnaAppidEventHandler : public snort::DataHandler
 {
 public:

diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc
index 46946b75a32f8baac1cc61234ce7a586805595db..92eb8328bcd6167053b2791623456c0eb315fcab 100644 (file)
--- a/src/network_inspectors/rna/rna_inspector.cc
+++ b/src/network_inspectors/rna/rna_inspector.cc
@@ -134,6 +134,7 @@ void RnaInspector::eval(Packet* p)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.other_packets;
+    update_rna_pkt_stats(p);
 
     assert( !p->flow );
     assert( !(BIT((unsigned)p->type()) & PROTO_BIT__ANY_SSN) );

diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc
index 70c16820dc61bfaaf62b49ad80a51e32a33a32a3..7e8dac0f79a0cab8c0d019a1a67e8428d2514506 100644 (file)
--- a/src/network_inspectors/rna/rna_logger.cc
+++ b/src/network_inspectors/rna/rna_logger.cc
@@ -248,6 +248,7 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_
     }
 
     EventManager::call_loggers(nullptr, const_cast<Packet*>(p), "RNA", &rle);
+    ++rna_stats.total_events_in_interval;
 
 #ifdef DEBUG_MSGS
     rna_logger_message(rle, p);

diff --git a/src/network_inspectors/rna/rna_module.cc b/src/network_inspectors/rna/rna_module.cc
index 012c9bd413a94ce8dcd9459e8805083c05c8a01e..f55a6a5d9714b94702a07ee6456e1edbd84e6efd 100644 (file)
--- a/src/network_inspectors/rna/rna_module.cc
+++ b/src/network_inspectors/rna/rna_module.cc
@@ -388,6 +388,9 @@ static const PegInfo rna_pegs[] =
     { CountType::SUM, "dhcp_info", "count of new DHCP lease events received" },
     { CountType::SUM, "smb", "count of new SMB events received" },
     { CountType::SUM, "netflow_record", "count of netflow record events received" },
+    { CountType::SUM, "total_events_in_interval", "count of RNA events generated" },
+    { CountType::SUM, "total_packets_in_interval", "count of packets processed" },
+    { CountType::SUM, "total_bytes_in_interval", "count of bytes processed" },
     { CountType::END, nullptr, nullptr},
 };
 

diff --git a/src/network_inspectors/rna/rna_module.h b/src/network_inspectors/rna/rna_module.h
index d97f30d989a0668db5eb3f0554c6b09e7f885da4..442dab59938b04a5c8a763cd135826051e7ea301 100644 (file)
--- a/src/network_inspectors/rna/rna_module.h
+++ b/src/network_inspectors/rna/rna_module.h
@@ -55,6 +55,9 @@ struct RnaStats
     PegCount dhcp_info;
     PegCount smb;
     PegCount netflow_record;
+    PegCount total_events_in_interval;
+    PegCount total_packets_in_interval;
+    PegCount total_bytes_in_interval;
 };
 
 extern THREAD_LOCAL RnaStats rna_stats;