#include <assert.h>
+#include "main/modules.h"
+#include "main/snort_debug.h"
#include "utils/stats.h"
+
#include "ips_context.h"
#ifdef UNIT_TEST
{
assert(busy.empty());
assert(idle.size() > 0);
-//printf("%ld cs::start %u (i=%lu, b=%lu)\n",
-// pc.total_from_daq, idle.back()->get_slot(), idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::start %u (i=%lu, b=%lu)\n",
+ pc.total_from_daq, idle.back()->get_slot(), idle.size(), busy.size());
busy.push_back(idle.back());
idle.pop_back();
}
void ContextSwitcher::stop()
{
assert(busy.size() == 1);
-//printf("%ld cs::stop %u (i=%lu, b=%lu)\n",
-// pc.total_from_daq, busy.back()->get_slot(), idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::stop %u (i=%lu, b=%lu)\n",
+ pc.total_from_daq, busy.back()->get_slot(), idle.size(), busy.size());
idle.push_back(busy.back());
busy.pop_back();
}
void ContextSwitcher::abort()
{
-//printf("%ld cs::abort (i=%lu, b=%lu)\n",
-// pc.total_from_daq, idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::abort (i=%lu, b=%lu)\n",
+ pc.total_from_daq, idle.size(), busy.size());
for ( unsigned i = 0; i < hold.capacity(); ++i )
{
if ( hold[i] )
IpsContext* ContextSwitcher::interrupt()
{
assert(!idle.empty());
-//printf("%ld cs::interrupt %u (i=%lu, b=%lu)\n",
-// pc.total_from_daq, idle.back()->get_slot(), idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::interrupt %u (i=%lu, b=%lu)\n",
+ pc.total_from_daq, idle.back()->get_slot(), idle.size(), busy.size());
busy.push_back(idle.back());
idle.pop_back();
return busy.back();
IpsContext* ContextSwitcher::complete()
{
assert(!busy.empty());
-//printf("%ld cs::complete %u (i=%lu, b=%lu)\n",
-// pc.total_from_daq, busy.back()->get_slot(), idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::complete %u (i=%lu, b=%lu)\n",
+ pc.total_from_daq, busy.back()->get_slot(), idle.size(), busy.size());
idle.push_back(busy.back());
busy.pop_back();
return busy.empty() ? nullptr : busy.back();
unsigned ContextSwitcher::suspend()
{
assert(!busy.empty());
-//printf("%ld cs::suspend %u (i=%lu, b=%lu)\n",
-// pc.total_from_daq, busy.back()->get_slot(), idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::suspend %u (i=%lu, b=%lu)\n",
+ pc.total_from_daq, busy.back()->get_slot(), idle.size(), busy.size());
IpsContext* c = busy.back();
busy.pop_back();
unsigned slot = c->get_slot();
void ContextSwitcher::resume(unsigned slot)
{
assert(slot <= hold.capacity());
-//printf("%ld cs::resume %u (i=%lu, b=%lu)\n",
-// pc.total_from_daq, slot, idle.size(), busy.size());
+ trace_logf(detection, "%ld cs::resume %u (i=%lu, b=%lu)\n",
+ pc.total_from_daq, slot, idle.size(), busy.size());
busy.push_back(hold[slot]);
hold[slot] = nullptr;
}
#include "framework/endianness.h"
#include "helpers/ring.h"
#include "latency/packet_latency.h"
+#include "main/modules.h"
#include "main/snort.h"
#include "main/snort_config.h"
+#include "main/snort_debug.h"
#include "main/thread.h"
#include "managers/inspector_manager.h"
#include "packet_io/active.h"
#include "fp_detect.h"
#include "ips_context.h"
+Trace TRACE_NAME(detection);
+
THREAD_LOCAL DetectionEngine::ActiveRules active_rules = DetectionEngine::NONE;
static THREAD_LOCAL unsigned s_events = 0;
while ( !offload_ids->empty() )
{
const struct timespec blip = { 0, 1 };
-//printf("%lu de::sleep\n", pc.total_from_daq);
+ trace_logf(detection, "%lu de::sleep\n", pc.total_from_daq);
nanosleep(&blip, nullptr);
onload();
}
-//printf("%lu de::idle (r=%d)\n", pc.total_from_daq, offload_ids->count());
+ trace_logf(detection, "%lu de::idle (r=%d)\n", pc.total_from_daq, offload_ids->count());
}
void DetectionEngine::onload(Flow* flow)
while ( flow->test_session_flags(SSNFLAG_OFFLOAD) )
{
const struct timespec blip = { 0, 1 };
-//printf("%lu de::sleep\n", pc.total_from_daq);
+ trace_logf(detection, "%lu de::sleep\n", pc.total_from_daq);
nanosleep(&blip, nullptr);
onload();
}
if ( !c->onload )
return;
-//printf("%lu de::onload %u (r=%d)\n", pc.total_from_daq, *id, offload_ids->count());
+ trace_logf(detection, "%lu de::onload %u (r=%d)\n",
+ pc.total_from_daq, *id, offload_ids->count());
+
Packet* p = c->packet;
p->flow->clear_session_flags(SSNFLAG_OFFLOAD);
bool DetectionEngine::offload(Packet* p)
{
ContextSwitcher* sw = Snort::get_switcher();
- FastPatternConfig* fp = snort_conf->fast_pattern_config;
- if ( p->type() != PktType::PDU or (p->dsize < fp->get_offload_limit()) or !sw->can_hold() )
+ if ( p->type() != PktType::PDU or (p->dsize < snort_conf->offload_limit) or !sw->can_hold() )
{
fp_local(p);
return false;
unsigned id = sw->suspend();
offload_ids->put(id);
-//printf("%lu de::offload %u (r=%d)\n", pc.total_from_daq, id, offload_ids->count());
+
+ trace_logf(detection, "%lu de::offload %u (r=%d)\n",
+ pc.total_from_daq, id, offload_ids->count());
p->context->onload = false;
p->context->offload = new std::thread(fp_offload, p, snort_conf);
search_api = MpseManager::get_search_api("ac_bnfa");
assert(search_api);
trim = MpseManager::search_engine_trim(search_api);
-
- offload_limit = 99999; // FIXIT-H use common value
}
FastPatternConfig::~FastPatternConfig()
int get_bleed_over_port_limit()
{ return bleedover_port_limit; }
- void set_offload_limit(unsigned n)
- { offload_limit = n; }
-
- unsigned get_offload_limit()
- { return offload_limit; }
-
int get_single_rule_group()
{ return portlists_flags & PL_SINGLE_RULE_GROUP; }
unsigned max_queue_events;
unsigned bleedover_port_limit;
- unsigned offload_limit;
int search_opt;
int portlists_flags;
{ "asn1", Parameter::PT_INT, "1:", "256",
"maximum decode nodes" },
+ { "offload_limit", Parameter::PT_INT, "0:", "99999",
+ "minimum sizeof PDU to offload fast pattern search (defaults to disabled)" },
+
{ "pcre_enable", Parameter::PT_BOOL, nullptr, "true",
"disable pcre pattern matching" },
class DetectionModule : public Module
{
public:
- DetectionModule() : Module("detection", detection_help, detection_params) {}
+ DetectionModule() :
+ Module("detection", detection_help, detection_params, false, &TRACE_NAME(detection)) {}
bool set(const char*, Value&, SnortConfig*) override;
const PegInfo* get_pegs() const override
{ return (PegCount*) &pc; }
};
-bool DetectionModule::set(const char*, Value& v, SnortConfig* sc)
+bool DetectionModule::set(const char* fqn, Value& v, SnortConfig* sc)
{
if ( v.is("asn1") )
sc->asn1_mem = v.get_long();
+ else if ( v.is("offload_limit") )
+ sc->offload_limit = v.get_long();
+
else if ( v.is("pcre_enable") )
v.update_mask(sc->run_flags, RUN_FLAG__NO_PCRE, true);
sc->pcre_match_limit_recursion = v.get_long();
else
- return false;
+ return Module::set(fqn, v, sc);
return true;
}
{ "inspect_stream_inserts", Parameter::PT_BOOL, nullptr, "false",
"inspect reassembled payload - disabling is good for performance, bad for detection" },
- { "offload_limit", Parameter::PT_INT, "0:", "99999",
- "minimum sizeof PDU to offload fast pattern search (defaults to disabled)" },
-
{ "search_method", Parameter::PT_DYNAMIC, (void*)&get_search_methods, "ac_bnfa",
"set fast pattern algorithm - choose available search engine" },
else if ( v.is("inspect_stream_inserts") )
fp->set_stream_insert(v.get_bool());
- else if ( v.is("offload_limit") )
- fp->set_offload_limit(v.get_long());
-
else if ( v.is("search_method") )
{
if ( !fp->set_detect_search_method(v.get_string()) )
// this is for builtin module initialization.
// ideally, modules.cc would be refactored and several files.
+#include "main/snort_debug.h"
+
void module_init();
+extern Trace TRACE_NAME(detection); // FIXIT-L refactor detection module out
+
#endif
int asn1_mem = 0;
uint32_t run_flags = 0;
+ unsigned offload_limit = 99999;
+
//------------------------------------------------------
// process stuff
projects / thirdparty / snort3.git / commitdiff
