From: Adrian Mamolea (admamole) Date: Mon, 5 Aug 2024 15:58:43 +0000 (+0000) Subject: Pull request #4395: ips_options: separate main thread pcre counts from packet threads... X-Git-Tag: 3.3.3.0~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a3e45972672b8fc123c365c9bffe2ddf2c07cf2;p=thirdparty%2Fsnort3.git Pull request #4395: ips_options: separate main thread pcre counts from packet threads stats Merge in SNORT/snort3 from ~ADMAMOLE/snort3:tsan_fix2 to master Squashed commit of the following: commit 6d5844717ca216945fb0d4983a0dc8611ef768a1 Author: Adrian Mamolea Date: Thu Jul 25 10:43:31 2024 -0400 ips_options: separate main thread pcre counts from packet threads stats --- diff --git a/src/ips_options/CMakeLists.txt b/src/ips_options/CMakeLists.txt index 3512b4860..e5c687449 100644 --- a/src/ips_options/CMakeLists.txt +++ b/src/ips_options/CMakeLists.txt @@ -34,7 +34,6 @@ SET( PLUGIN_LIST ips_js_data.cc ips_metadata.cc ips_msg.cc - ips_pcre.cc ips_pkt_data.cc ips_priority.cc ips_raw_data.cc @@ -60,6 +59,7 @@ set (IPS_SOURCES ips_luajit.cc ips_options.cc ips_options.h + ips_pcre.cc ips_replace.cc ips_so.cc ips_vba_data.cc @@ -121,7 +121,6 @@ else (STATIC_IPS_OPTIONS) add_dynamic_module(ips_js_data ips_options ips_js_data.cc) add_dynamic_module(ips_metadata ips_options ips_metadata.cc) add_dynamic_module(ips_msg ips_options ips_msg.cc) - add_dynamic_module(ips_pcre ips_options ips_pcre.cc) add_dynamic_module(ips_pkt_data ips_options ips_pkt_data.cc) add_dynamic_module(ips_priority ips_options ips_priority.cc) add_dynamic_module(ips_raw_data ips_options ips_raw_data.cc) diff --git a/src/ips_options/ips_options.cc b/src/ips_options/ips_options.cc index 9181aea05..5012f9184 100644 --- a/src/ips_options/ips_options.cc +++ b/src/ips_options/ips_options.cc @@ -30,6 +30,7 @@ using namespace snort; // these have various dependencies: extern const BaseApi* ips_detection_filter[]; // perf stats extern const BaseApi* ips_flowbits[]; // public methods like flowbits_setter +extern const BaseApi* ips_pcre[]; // FIXIT-L called directly from parser extern const BaseApi* ips_replace[]; // needs snort::SFDAQ::can_replace extern const BaseApi* ips_so[]; // needs SO manager extern const BaseApi* ips_vba_data[]; // FIXIT-L some trace dependency @@ -69,7 +70,6 @@ extern const BaseApi* ips_itype[]; extern const BaseApi* ips_js_data[]; extern const BaseApi* ips_metadata[]; extern const BaseApi* ips_msg[]; -extern const BaseApi* ips_pcre[]; extern const BaseApi* ips_pkt_data[]; extern const BaseApi* ips_priority[]; extern const BaseApi* ips_raw_data[]; @@ -97,6 +97,7 @@ void load_ips_options() { PluginManager::load_plugins(ips_detection_filter); PluginManager::load_plugins(ips_flowbits); + PluginManager::load_plugins(ips_pcre); PluginManager::load_plugins(ips_replace); PluginManager::load_plugins(ips_so); PluginManager::load_plugins(ips_vba_data); @@ -136,7 +137,6 @@ void load_ips_options() PluginManager::load_plugins(ips_js_data); PluginManager::load_plugins(ips_metadata); PluginManager::load_plugins(ips_msg); - PluginManager::load_plugins(ips_pcre); PluginManager::load_plugins(ips_pkt_data); PluginManager::load_plugins(ips_priority); PluginManager::load_plugins(ips_raw_data); diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index 731fef9ed..cf0ed8ce7 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -35,6 +35,7 @@ #include "framework/pig_pen.h" #include "hash/hash_key_operations.h" #include "helpers/scratch_allocator.h" +#include "log/log_stats.h" #include "log/messages.h" #include "main/snort_config.h" #include "managers/ips_manager.h" @@ -67,6 +68,8 @@ using namespace snort; #define s_name "pcre" #define mod_regex_name "regex" +void show_pcre_counts(); + struct PcreData { pcre* re; /* compiled regex */ @@ -90,18 +93,36 @@ static ScratchAllocator* scratcher = nullptr; static THREAD_LOCAL ProfileStats pcrePerfStats; +struct PcreCounts +{ + unsigned pcre_rules; +#ifdef HAVE_HYPERSCAN + unsigned pcre_to_hyper; +#endif + unsigned pcre_native; +}; + +PcreCounts pcre_counts; + +void show_pcre_counts() +{ + if (pcre_counts.pcre_rules == 0) + return; + + LogLabel("pcre counts"); + LogCount("pcre_rules", pcre_counts.pcre_rules); +#ifdef HAVE_HYPERSCAN + LogCount("pcre_to_hyper", pcre_counts.pcre_to_hyper); +#endif + LogCount("pcre_native", pcre_counts.pcre_native); +} + //------------------------------------------------------------------------- // stats foo //------------------------------------------------------------------------- struct PcreStats { - PegCount pcre_rules; -#ifdef HAVE_HYPERSCAN - PegCount pcre_to_hyper; -#endif - PegCount pcre_native; - PegCount pcre_negated; PegCount pcre_match_limit; PegCount pcre_recursion_limit; PegCount pcre_error; @@ -109,12 +130,6 @@ struct PcreStats const PegInfo pcre_pegs[] = { - { CountType::SUM, "pcre_rules", "total rules processed with pcre option" }, -#ifdef HAVE_HYPERSCAN - { CountType::SUM, "pcre_to_hyper", "total pcre rules by hyperscan engine" }, -#endif - { CountType::SUM, "pcre_native", "total pcre rules compiled by pcre engine" }, - { CountType::SUM, "pcre_negated", "total pcre rules using negation syntax" }, { CountType::SUM, "pcre_match_limit", "total number of times pcre hit the match limit" }, { CountType::SUM, "pcre_recursion_limit", "total number of times pcre hit the recursion limit" }, { CountType::SUM, "pcre_error", "total number of times pcre returns error" }, @@ -122,7 +137,7 @@ const PegInfo pcre_pegs[] = { CountType::END, nullptr, nullptr } }; -PcreStats pcre_stats; +THREAD_LOCAL PcreStats pcre_stats; //------------------------------------------------------------------------- // implementation foo @@ -685,9 +700,6 @@ public: PcreData* get_data(); - bool global_stats() const override - { return true; } - Usage get_usage() const override { return DETECT; } @@ -800,14 +812,14 @@ static void mod_dtor(Module* m) static IpsOption* pcre_ctor(Module* p, IpsInfo& info) { - pcre_stats.pcre_rules++; + pcre_counts.pcre_rules++; PcreModule* m = (PcreModule*)p; #ifdef HAVE_HYPERSCAN Module* mod_regex = m->get_mod_regex(); if ( mod_regex ) { - pcre_stats.pcre_to_hyper++; + pcre_counts.pcre_to_hyper++; const IpsApi* opt_api = IpsManager::get_option_api(mod_regex_name); return opt_api->ctor(mod_regex, info); } @@ -816,7 +828,7 @@ static IpsOption* pcre_ctor(Module* p, IpsInfo& info) UNUSED(info); #endif { - pcre_stats.pcre_native++; + pcre_counts.pcre_native++; PcreData* d = m->get_data(); return new PcreOption(d); } diff --git a/src/parser/parser.cc b/src/parser/parser.cc index 42467185b..04063257a 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -73,6 +73,8 @@ static std::string s_aux_rules; static std::string s_special_rules; static std::string s_special_includer; +void show_pcre_counts(); + class RuleTreeHashKeyOps : public HashKeyOperations { public: @@ -606,6 +608,7 @@ static void ShowPolicyStats(const SnortConfig* sc) void ParseRulesFinish(SnortConfig* sc) { + show_pcre_counts(); ShowPolicyStats(sc); if ( !sc->dump_rule_info() )