From: Steve Chew (stechew) <stechew@cisco.com>
Date: Fri, 13 Sep 2019 18:50:05 +0000 (-0400)
Subject: Merge pull request #1734 in SNORT/snort3 from ~SBAIGAL/snort3:unknown_daq_pkt_evt... 
X-Git-Tag: 3.0.0-262~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=032a1cfb54939fe48fa12304ba763881ff58b3f2;p=thirdparty%2Fsnort3.git

Merge pull request #1734 in SNORT/snort3 from ~SBAIGAL/snort3:unknown_daq_pkt_evt to master

Squashed commit of the following:

commit 3d5082836611e94807b296bfb9ea0f2321c5a069
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date:   Tue Sep 3 13:52:16 2019 -0400

    analyzer: publish other message event for unknown DAQ messages

    made updated on comments

    made changes based on comments
---

diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 115daec9c..88c694b16 100644
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -58,6 +58,7 @@
 #include "packet_tracer/packet_tracer.h"
 #include "profiler/profiler.h"
 #include "pub_sub/finalize_packet_event.h"
+#include "pub_sub/other_message_event.h"
 #include "side_channel/side_channel.h"
 #include "stream/stream.h"
 #include "time/packet_time.h"
@@ -353,6 +354,7 @@ void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry)
 
 void Analyzer::process_daq_msg(DAQ_Msg_h msg, bool retry)
 {
+    DAQ_Verdict verdict = DAQ_VERDICT_PASS;
     switch (daq_msg_get_type(msg))
     {
         case DAQ_MSG_TYPE_PACKET:
@@ -364,11 +366,17 @@ void Analyzer::process_daq_msg(DAQ_Msg_h msg, bool retry)
             process_daq_sof_eof_msg(msg);
             break;
         default:
+            {
+                OtherMessageEvent event(msg, verdict);
+                aux_counts.other_messages++;
+                // the verdict can be updated by event handler
+                DataBus::publish(OTHER_MESSAGE_EVENT, event);
+            }
             break;
     }
     {
         Profile profile(daqPerfStats);
-        daq_instance->finalize_message(msg, DAQ_VERDICT_PASS);
+        daq_instance->finalize_message(msg, verdict);
     }
 }
 
diff --git a/src/packet_io/sfdaq_module.cc b/src/packet_io/sfdaq_module.cc
index 975edb7e9..ccb25eb47 100644
--- a/src/packet_io/sfdaq_module.cc
+++ b/src/packet_io/sfdaq_module.cc
@@ -190,6 +190,7 @@ struct DAQStats
     PegCount retries_dropped;
     PegCount retries_processed;
     PegCount retries_discarded;
+    PegCount other_messages;
 };
 
 const PegInfo daq_names[] =
@@ -221,6 +222,7 @@ const PegInfo daq_names[] =
     { CountType::SUM, "retries_dropped", "messages dropped when overrunning the retry queue" },
     { CountType::SUM, "retries_processed", "messages processed from the retry queue" },
     { CountType::SUM, "retries_discarded", "messages discarded when purging the retry queue" },
+    { CountType::SUM, "other_messages", "messages received from DAQ with unrecognized message type" },
     { CountType::END, nullptr, nullptr }
 };
 
@@ -295,6 +297,7 @@ void SFDAQModule::prep_counts()
     stats.retries_dropped = aux_counts.retries_dropped;
     stats.retries_processed = aux_counts.retries_processed;
     stats.retries_discarded = aux_counts.retries_discarded;
+    stats.other_messages = aux_counts.other_messages;
 
     memset(&aux_counts, 0, sizeof(AuxCount));
 
diff --git a/src/pub_sub/CMakeLists.txt b/src/pub_sub/CMakeLists.txt
index 4fa0f2874..73a44aa42 100644
--- a/src/pub_sub/CMakeLists.txt
+++ b/src/pub_sub/CMakeLists.txt
@@ -3,6 +3,7 @@ set (PUB_SUB_INCLUDES
     expect_events.h
     finalize_packet_event.h
     http_events.h
+    other_message_event.h
     sip_events.h
 )
 
diff --git a/src/pub_sub/other_message_event.h b/src/pub_sub/other_message_event.h
new file mode 100644
index 000000000..350fcfb94
--- /dev/null
+++ b/src/pub_sub/other_message_event.h
@@ -0,0 +1,53 @@
+//--------------------------------------------------------------------------
+// Copyright (C) 2019-2019 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation.  You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+//--------------------------------------------------------------------------
+// other_message_event.h author Steven Baigal <sbaigal@cisco.com>
+
+#ifndef OTHER_MESSAGE_EVENT_H
+#define OTHER_MESSAGE_EVENT_H
+
+#include <daq_common.h>
+
+#include "framework/data_bus.h"
+
+#define OTHER_MESSAGE_EVENT "daq.other.message"
+
+namespace snort
+{
+
+class SO_PUBLIC OtherMessageEvent : public snort::DataEvent
+{
+public:
+    OtherMessageEvent(DAQ_Msg_h msg, DAQ_Verdict& v) :
+        daq_msg(msg), verdict(v)
+    {
+    }
+
+    DAQ_Msg_h get_daq_msg()
+    { return daq_msg; }
+
+    DAQ_Verdict& get_verdict()
+    { return verdict; }
+
+private:
+    DAQ_Msg_h daq_msg;
+    DAQ_Verdict& verdict;
+};
+
+}
+
+#endif
diff --git a/src/utils/stats.h b/src/utils/stats.h
index 8d70bfc87..3f69240da 100644
--- a/src/utils/stats.h
+++ b/src/utils/stats.h
@@ -89,6 +89,7 @@ struct AuxCount
     PegCount retries_dropped;
     PegCount retries_processed;
     PegCount retries_discarded;
+    PegCount other_messages;
 };
 
 extern ProcessCount proc_stats;