From: russ Date: Sun, 30 Jun 2019 04:04:55 +0000 (-0400) Subject: Squashed commit of the following: X-Git-Tag: 3.0.0-258~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13e6f61e709ffdaa50e105a684e22ed31a930429;p=thirdparty%2Fsnort3.git Squashed commit of the following: commit f1e74ea89089c180ee2ed823daa009d19954b922 Author: russ Date: Sat Jun 29 17:49:25 2019 -0400 profiler: convert ips options to use optional profiles Avoid the perf hit and double counting (with rule_eval) for detection options with normal builds. Not deleted since it could be helpful to see individual options in some cases despite the issues. Due to a bug, this is commented out but should be made a build option once fixed. commit b06b0aebed47a2f8676346e4a7c3dcb2dd522f75 Author: russ Date: Thu Jun 27 10:28:44 2019 -0400 profiler: split out paf from stream_tcp PAF (Protocol Aware Flushing) is the delegation by stream_tcp of flush point determination by service inspectors which encapsulate PDU analysis. This change splits out the scanning portion of the PAF interface. Reassembly will be dealt with later. http_inspect will be the biggest contributor to PAF since it front-loads considerable to the scanning phase. commit 9dfdc6c399eddd925185e4a0e1dbeec1df91ba5d Author: russ Date: Wed Jun 26 21:36:37 2019 -0400 profiler: track DAQ message receives and finalizes commit 8ec66593d58130bca89071a2d4a2a0429af57223 Author: russ Date: Wed Jun 26 17:28:57 2019 -0400 profiler: eliminate deep profiling Deep profiling creates broken totals, impacts performance, and is not a good substitute for actual profiling with gprof etc. Furthermore, shallow profiling (ie a single bucket per component and subsystem) provides enough information to tune Snort effectively. --- diff --git a/config.cmake.h.in b/config.cmake.h.in index 624d5ec73..b1631abef 100644 --- a/config.cmake.h.in +++ b/config.cmake.h.in @@ -79,9 +79,6 @@ /* disable snort memory manager */ #cmakedefine NO_MEM_MGR 1 -/* enable deep profiling */ -#cmakedefine DEEP_PROFILING 1 - /* signal to dump stats */ #cmakedefine SIGNAL_SNORT_DUMP_STATS @SIGNAL_SNORT_DUMP_STATS@ diff --git a/configure_cmake.sh b/configure_cmake.sh index 54df54850..7a01cf462 100755 --- a/configure_cmake.sh +++ b/configure_cmake.sh @@ -51,8 +51,6 @@ Optional Features: --enable-gprof-profile enable gprof profiling options (developers only) --disable-snort-profiler disable snort performance profiling (cpu and memory) (developers only) - --enable-deep-profiling - enabled detailed snort performance profiling (developers only) --disable-memory-manager disable snort memory manager (developers only) --disable-corefiles prevent Snort from generating core files @@ -246,9 +244,6 @@ while [ $# -ne 0 ]; do --disable-snort-profiler) append_cache_entry DISABLE_SNORT_PROFILER BOOL true ;; - --enable-deep-profiling) - append_cache_entry ENABLE_DEEP_PROFILING BOOL true - ;; --disable-memory-manager) append_cache_entry DISABLE_MEMORY_MANAGER BOOL true ;; diff --git a/src/detection/detect.cc b/src/detection/detect.cc index fbdc0449f..7f47b2a23 100644 --- a/src/detection/detect.cc +++ b/src/detection/detect.cc @@ -50,9 +50,7 @@ using namespace snort; -THREAD_LOCAL ProfileStats detectPerfStats; THREAD_LOCAL ProfileStats eventqPerfStats; -THREAD_LOCAL ProfileStats rebuiltPacketPerfStats; bool snort_ignore(Packet*) { return true; } diff --git a/src/detection/detect.h b/src/detection/detect.h index 5ab213b38..241d2d6eb 100644 --- a/src/detection/detect.h +++ b/src/detection/detect.h @@ -35,8 +35,6 @@ struct RuleFpList; struct RuleTreeNode; extern THREAD_LOCAL snort::ProfileStats eventqPerfStats; -extern THREAD_LOCAL snort::ProfileStats detectPerfStats; -extern THREAD_LOCAL snort::ProfileStats rebuiltPacketPerfStats; // main loop hooks bool snort_ignore(snort::Packet*); diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index 98f02c7da..8bf8d9966 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -524,7 +524,6 @@ void DetectionEngine::wait_for_context() bool DetectionEngine::detect(Packet* p, bool offload_ok) { assert(p); - Profile profile(detectPerfStats); if ( !p->ptrs.ip_api.is_valid() ) return false; diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index c34695709..b0a25321f 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -84,16 +84,14 @@ using namespace snort; enum FPTask : uint8_t { FP = 1, - NON_FP = 2, - BOTH = FP | NON_FP + NON_FP = 2 }; +THREAD_LOCAL ProfileStats mpsePerfStats; THREAD_LOCAL ProfileStats rulePerfStats; -THREAD_LOCAL ProfileStats ruleRTNEvalPerfStats; -THREAD_LOCAL ProfileStats ruleOTNEvalPerfStats; -THREAD_LOCAL ProfileStats ruleNFPEvalPerfStats; static void fp_immediate(Packet*); +static void fp_immediate(MpseGroup*, OtnxMatchData*, const uint8_t*, unsigned); // Initialize the OtnxMatchData structure. We do this for // every packet so this only sets the necessary counters to @@ -310,9 +308,6 @@ int fpAddMatch(OtnxMatchData* omd_local, int /*pLen*/, const OptTreeNode* otn) */ int fpEvalRTN(RuleTreeNode* rtn, Packet* p, int check_ports) { - DeepProfile rule_profile(rulePerfStats); - DeepProfile rule_rtn_eval_profile(ruleRTNEvalPerfStats); - if ( !rtn ) return 0; @@ -330,6 +325,16 @@ int fpEvalRTN(RuleTreeNode* rtn, Packet* p, int check_ports) return 1; } +int fp_eval_option(void* v, Cursor& c, Packet* p) +{ + IpsOption* opt = (IpsOption*)v; + // FIXIT-L use this with RuleProfile enabled in profiler_defs.h + // all ips options should be double counted w/o this exclude but + // this causes rule_eval to underflow. + //ProfileExclude exclude(rulePerfStats); + return opt->eval(c, p); +} + static int detection_option_tree_evaluate(detection_option_tree_root_t* root, detection_option_eval_data_t* eval_data) { @@ -375,7 +380,6 @@ static int rule_tree_match( print_pattern(pmx->pmd); { - DeepProfile rule_profile(rulePerfStats); /* NOTE: The otn will be the first one in the match state. If there are * multiple rules associated with a match state, mucking with the otn * may muck with an unintended rule */ @@ -396,11 +400,7 @@ static int rule_tree_match( last_check->rebuild_flag = (eval_data.p->packet_flags & PKT_REBUILT_STREAM); } - int ret = 0; - { - DeepProfile rule_otn_eval_profile(ruleOTNEvalPerfStats); - ret = detection_option_tree_evaluate(root, &eval_data); - } + int ret = detection_option_tree_evaluate(root, &eval_data); if ( ret ) pmqs.qualified_events++; @@ -879,11 +879,7 @@ static inline int batch_search( // during any signature evaluation if ( omd->p->ptrs.udph && (omd->p->proto_bits & (PROTO_BIT__TEREDO | PROTO_BIT__GTP)) ) { - int start_state = 0; - MpseStash* stash = omd->p->context->stash; - stash->init(); - so->get_normal_mpse()->search(buf, len, rule_tree_queue, omd->p->context, &start_state); - stash->process(rule_tree_match, omd->p->context); + fp_immediate(so, omd, buf, len); } else { @@ -1069,8 +1065,6 @@ static inline void eval_nfp( int rval = 0; { - DeepProfile rule_profile(rulePerfStats); - DeepProfile rule_nfp_eval_profile(ruleNFPEvalPerfStats); trace_log(detection, TRACE_RULE_EVAL, "Testing non-content rules\n"); rval = detection_option_tree_evaluate( (detection_option_tree_root_t*)port_group->nfp_tree, &eval_data); @@ -1339,6 +1333,7 @@ static void fpEvalPacket(Packet* p, FPTask task) void fp_partial(Packet* p) { + Profile mpse_profile(mpsePerfStats); IpsContext* c = p->context; MpseStash* stash = c->stash; stash->enable_process(); @@ -1358,12 +1353,17 @@ void fp_complete(Packet* p, bool search) stash->enable_process(); if ( search ) + { + Profile mpse_profile(mpsePerfStats); c->searches.search_sync(); - - stash->process(rule_tree_match, c); - fpEvalPacket(p, FPTask::NON_FP); - fpFinalSelectEvent(c->otnx, p); - c->searches.items.clear(); + } + { + Profile rule_profile(rulePerfStats); + stash->process(rule_tree_match, c); + fpEvalPacket(p, FPTask::NON_FP); + fpFinalSelectEvent(c->otnx, p); + c->searches.items.clear(); + } } void fp_full(Packet* p) @@ -1376,9 +1376,30 @@ static void fp_immediate(Packet* p) { IpsContext* c = p->context; MpseStash* stash = c->stash; - stash->enable_process(); - c->searches.search_sync(); - stash->process(rule_tree_match, c); - c->searches.items.clear(); + { + Profile mpse_profile(mpsePerfStats); + stash->enable_process(); + c->searches.search_sync(); + } + { + Profile rule_profile(rulePerfStats); + stash->process(rule_tree_match, c); + c->searches.items.clear(); + } +} + +static void fp_immediate(MpseGroup* so, OtnxMatchData* omd, const uint8_t* buf, unsigned len) +{ + MpseStash* stash = omd->p->context->stash; + { + Profile mpse_profile(mpsePerfStats); + int start_state = 0; + stash->init(); + so->get_normal_mpse()->search(buf, len, rule_tree_queue, omd->p->context, &start_state); + } + { + Profile rule_profile(rulePerfStats); + stash->process(rule_tree_match, omd->p->context); + } } diff --git a/src/detection/fp_detect.h b/src/detection/fp_detect.h index 432bb80fa..a85c68236 100644 --- a/src/detection/fp_detect.h +++ b/src/detection/fp_detect.h @@ -30,6 +30,7 @@ // matches trigger rule tree evaluation. #include "main/thread.h" +#include "profiler/profiler_defs.h" #define REBUILD_FLAGS (PKT_REBUILT_FRAG | PKT_REBUILT_STREAM) @@ -39,17 +40,18 @@ class IpsContext; struct Packet; struct ProfileStats; } + +class Cursor; struct PortGroup; struct OptTreeNode; +extern THREAD_LOCAL snort::ProfileStats mpsePerfStats; extern THREAD_LOCAL snort::ProfileStats rulePerfStats; -extern THREAD_LOCAL snort::ProfileStats ruleRTNEvalPerfStats; -extern THREAD_LOCAL snort::ProfileStats ruleOTNEvalPerfStats; -extern THREAD_LOCAL snort::ProfileStats ruleNFPEvalPerfStats; struct RuleTreeNode; int fpLogEvent(const RuleTreeNode*, const OptTreeNode*, snort::Packet*); int fpEvalRTN(RuleTreeNode*, snort::Packet*, int check_ports); +int fp_eval_option(void*, Cursor&, snort::Packet*); #define MAX_NUM_RULE_TYPES 16 // max number of allowed rule types diff --git a/src/framework/ips_option.h b/src/framework/ips_option.h index 7dea341f0..64c2ae2ec 100644 --- a/src/framework/ips_option.h +++ b/src/framework/ips_option.h @@ -102,12 +102,6 @@ public: virtual PatternMatchData* get_alternate_pattern() { return nullptr; } - static int eval(void* v, Cursor& c, Packet* p) - { - IpsOption* opt = (IpsOption*)v; - return opt->eval(c, p); - } - static void set_buffer(const char*); protected: diff --git a/src/framework/mpse.cc b/src/framework/mpse.cc index 0158aaa8f..8d2ec00c9 100644 --- a/src/framework/mpse.cc +++ b/src/framework/mpse.cc @@ -38,7 +38,6 @@ using namespace std; namespace snort { -THREAD_LOCAL ProfileStats mpsePerfStats; //------------------------------------------------------------------------- // base stuff @@ -55,7 +54,6 @@ int Mpse::search( const unsigned char* T, int n, MpseMatch match, void* context, int* current_state) { - DeepProfile profile(mpsePerfStats); pmqs.matched_bytes += n; return _search(T, n, match, context, current_state); } @@ -64,14 +62,12 @@ int Mpse::search_all( const unsigned char* T, int n, MpseMatch match, void* context, int* current_state) { - DeepProfile profile(mpsePerfStats); pmqs.matched_bytes += n; return _search(T, n, match, context, current_state); } void Mpse::search(MpseBatch& batch, MpseType mpse_type) { - DeepProfile profile(mpsePerfStats); _search(batch, mpse_type); } diff --git a/src/framework/mpse.h b/src/framework/mpse.h index deb4ca6e2..d6fabc0a4 100644 --- a/src/framework/mpse.h +++ b/src/framework/mpse.h @@ -119,8 +119,6 @@ private: const MpseApi* api; }; -extern THREAD_LOCAL ProfileStats mpsePerfStats; - typedef void (* MpseOptFunc)(SnortConfig*); typedef void (* MpseExeFunc)(); diff --git a/src/ips_options/ips_ack.cc b/src/ips_options/ips_ack.cc index 10e292311..322619970 100644 --- a/src/ips_options/ips_ack.cc +++ b/src/ips_options/ips_ack.cc @@ -83,7 +83,7 @@ bool TcpAckOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus TcpAckOption::eval(Cursor&, Packet* p) { - Profile profile(tcpAckPerfStats); + RuleProfile profile(tcpAckPerfStats); if ( p->ptrs.tcph && config.eval(p->ptrs.tcph->th_ack) ) return MATCH; diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index e4f61a866..00b3cee2e 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -155,7 +155,7 @@ bool Asn1Option::operator==(const IpsOption& rhs) const IpsOption::EvalStatus Asn1Option::eval(Cursor& c, Packet* p) { - Profile profile(asn1PerfStats); + RuleProfile profile(asn1PerfStats); // Failed if there is no data to decode. if (!p->data) diff --git a/src/ips_options/ips_base64.cc b/src/ips_options/ips_base64.cc index 276fdfda5..29848926d 100644 --- a/src/ips_options/ips_base64.cc +++ b/src/ips_options/ips_base64.cc @@ -120,7 +120,7 @@ bool Base64DecodeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Base64DecodeOption::eval(Cursor& c, Packet*) { - Profile profile(base64PerfStats); + RuleProfile profile(base64PerfStats); base64_decode_buffer->size = 0; Base64DecodeData* idx = (Base64DecodeData*)&config; @@ -291,7 +291,7 @@ public: IpsOption::EvalStatus Base64DataOption::eval(Cursor& c, Packet*) { - Profile profile(base64PerfStats); + RuleProfile profile(base64PerfStats); if ( !base64_decode_buffer->size ) return NO_MATCH; diff --git a/src/ips_options/ips_bufferlen.cc b/src/ips_options/ips_bufferlen.cc index a933ccd8a..4d22cbc72 100644 --- a/src/ips_options/ips_bufferlen.cc +++ b/src/ips_options/ips_bufferlen.cc @@ -82,7 +82,7 @@ bool LenOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus LenOption::eval(Cursor& c, Packet*) { - Profile profile(lenCheckPerfStats); + RuleProfile profile(lenCheckPerfStats); if ( config.eval(c.length()) ) return MATCH; diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc index 33d5de253..81c663d2e 100644 --- a/src/ips_options/ips_byte_extract.cc +++ b/src/ips_options/ips_byte_extract.cc @@ -143,7 +143,7 @@ bool ByteExtractOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ByteExtractOption::eval(Cursor& c, Packet* p) { - Profile profile(byteExtractPerfStats); + RuleProfile profile(byteExtractPerfStats); ByteExtractData* data = &config; diff --git a/src/ips_options/ips_byte_jump.cc b/src/ips_options/ips_byte_jump.cc index 681685135..87ecab86d 100644 --- a/src/ips_options/ips_byte_jump.cc +++ b/src/ips_options/ips_byte_jump.cc @@ -203,7 +203,7 @@ bool ByteJumpOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ByteJumpOption::eval(Cursor& c, Packet* p) { - Profile profile(byteJumpPerfStats); + RuleProfile profile(byteJumpPerfStats); ByteJumpData* bjd = (ByteJumpData*)&config; diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index 1f03a8bca..1f4dd1b6c 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -161,7 +161,7 @@ bool ByteMathOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ByteMathOption::eval(Cursor& c, Packet* p) { - Profile profile(byteMathPerfStats); + RuleProfile profile(byteMathPerfStats); if (p == nullptr) return NO_MATCH; diff --git a/src/ips_options/ips_byte_test.cc b/src/ips_options/ips_byte_test.cc index 96ab40dc3..905d47f6f 100644 --- a/src/ips_options/ips_byte_test.cc +++ b/src/ips_options/ips_byte_test.cc @@ -269,7 +269,7 @@ bool ByteTestOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p) { - Profile profile(byteTestPerfStats); + RuleProfile profile(byteTestPerfStats); ByteTestData* btd = (ByteTestData*)&config; uint32_t cmp_value = 0; diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc index 4c105c700..73f8c93a9 100644 --- a/src/ips_options/ips_content.cc +++ b/src/ips_options/ips_content.cc @@ -376,7 +376,7 @@ static int uniSearchReal(ContentData* cd, Cursor& c) static IpsOption::EvalStatus CheckANDPatternMatch(ContentData* idx, Cursor& c) { - Profile profile(contentPerfStats); + RuleProfile profile(contentPerfStats); int found = uniSearchReal(idx, c); diff --git a/src/ips_options/ips_dsize.cc b/src/ips_options/ips_dsize.cc index 02049a9a5..cc59cc16c 100644 --- a/src/ips_options/ips_dsize.cc +++ b/src/ips_options/ips_dsize.cc @@ -82,7 +82,7 @@ bool DsizeOption::operator==(const IpsOption& ips) const // Test the packet's payload size against the rule payload size value IpsOption::EvalStatus DsizeOption::eval(Cursor&, Packet* p) { - Profile profile(dsizePerfStats); + RuleProfile profile(dsizePerfStats); /* fake packet dsizes are always wrong (unless they are PDUs) */ diff --git a/src/ips_options/ips_file_data.cc b/src/ips_options/ips_file_data.cc index 22e228341..1cfb5804c 100644 --- a/src/ips_options/ips_file_data.cc +++ b/src/ips_options/ips_file_data.cc @@ -51,7 +51,7 @@ public: IpsOption::EvalStatus FileDataOption::eval(Cursor& c, Packet* p) { - Profile profile(fileDataPerfStats); + RuleProfile profile(fileDataPerfStats); DataPointer dp = DetectionEngine::get_file_data(p->context); diff --git a/src/ips_options/ips_file_type.cc b/src/ips_options/ips_file_type.cc index ef3e8c58b..67ed7fa56 100644 --- a/src/ips_options/ips_file_type.cc +++ b/src/ips_options/ips_file_type.cc @@ -81,7 +81,7 @@ bool FileTypeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus FileTypeOption::eval(Cursor&, Packet* pkt) { - Profile profile(fileTypePerfStats); + RuleProfile profile(fileTypePerfStats); if (!pkt->flow) return NO_MATCH; diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc index 688a75764..6bee2077d 100644 --- a/src/ips_options/ips_flags.cc +++ b/src/ips_options/ips_flags.cc @@ -115,7 +115,7 @@ bool TcpFlagOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus TcpFlagOption::eval(Cursor&, Packet* p) { - Profile profile(tcpFlagsPerfStats); + RuleProfile profile(tcpFlagsPerfStats); // if error appeared when tcp header was processed, // test fails automagically. diff --git a/src/ips_options/ips_flow.cc b/src/ips_options/ips_flow.cc index eea65841d..1a19e8f95 100644 --- a/src/ips_options/ips_flow.cc +++ b/src/ips_options/ips_flow.cc @@ -117,7 +117,7 @@ bool FlowCheckOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus FlowCheckOption::eval(Cursor&, Packet* p) { - Profile profile(flowCheckPerfStats); + RuleProfile profile(flowCheckPerfStats); FlowCheckData* fcd = &config; diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc index a76ac0a89..c13484f63 100644 --- a/src/ips_options/ips_flowbits.cc +++ b/src/ips_options/ips_flowbits.cc @@ -257,7 +257,7 @@ bool FlowBitsOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus FlowBitsOption::eval(Cursor&, Packet* p) { - Profile profile(flowBitsPerfStats); + RuleProfile profile(flowBitsPerfStats); FLOWBITS_OP* flowbits = config; diff --git a/src/ips_options/ips_fragbits.cc b/src/ips_options/ips_fragbits.cc index 10f125e59..79e8884e1 100644 --- a/src/ips_options/ips_fragbits.cc +++ b/src/ips_options/ips_fragbits.cc @@ -318,7 +318,7 @@ bool FragBitsOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus FragBitsOption::eval(Cursor&, Packet* p) { - Profile profile(fragBitsPerfStats); + RuleProfile profile(fragBitsPerfStats); if ( !p->has_ip() ) return NO_MATCH; diff --git a/src/ips_options/ips_fragoffset.cc b/src/ips_options/ips_fragoffset.cc index ec56b0879..dc0739fa4 100644 --- a/src/ips_options/ips_fragoffset.cc +++ b/src/ips_options/ips_fragoffset.cc @@ -79,7 +79,7 @@ bool FragOffsetOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus FragOffsetOption::eval(Cursor&, Packet* p) { - Profile profile(fragOffsetPerfStats); + RuleProfile profile(fragOffsetPerfStats); if (!p->has_ip()) return NO_MATCH; diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc index 65a054707..6f253acca 100644 --- a/src/ips_options/ips_hash.cc +++ b/src/ips_options/ips_hash.cc @@ -197,7 +197,7 @@ int HashOption::match(Cursor& c) IpsOption::EvalStatus HashOption::eval(Cursor& c, Packet*) { - Profile profile(hash_ps[idx]); + RuleProfile profile(hash_ps[idx]); int found = match(c); diff --git a/src/ips_options/ips_icmp_id.cc b/src/ips_options/ips_icmp_id.cc index b33baaa33..ba4fe5586 100644 --- a/src/ips_options/ips_icmp_id.cc +++ b/src/ips_options/ips_icmp_id.cc @@ -103,7 +103,7 @@ bool IcmpIdOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IcmpIdOption::eval(Cursor&, Packet* p) { - Profile profile(icmpIdPerfStats); + RuleProfile profile(icmpIdPerfStats); if (!p->ptrs.icmph) return NO_MATCH; diff --git a/src/ips_options/ips_icmp_seq.cc b/src/ips_options/ips_icmp_seq.cc index cbf84b885..7c2291b1b 100644 --- a/src/ips_options/ips_icmp_seq.cc +++ b/src/ips_options/ips_icmp_seq.cc @@ -103,7 +103,7 @@ bool IcmpSeqOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IcmpSeqOption::eval(Cursor&, Packet* p) { - Profile profile(icmpSeqPerfStats); + RuleProfile profile(icmpSeqPerfStats); if (!p->ptrs.icmph) return NO_MATCH; diff --git a/src/ips_options/ips_icode.cc b/src/ips_options/ips_icode.cc index 7e436da2f..bb079fa43 100644 --- a/src/ips_options/ips_icode.cc +++ b/src/ips_options/ips_icode.cc @@ -80,7 +80,7 @@ bool IcodeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IcodeOption::eval(Cursor&, Packet* p) { - Profile profile(icmpCodePerfStats); + RuleProfile profile(icmpCodePerfStats); // return 0 if we don't have an icmp header if (!p->ptrs.icmph) diff --git a/src/ips_options/ips_id.cc b/src/ips_options/ips_id.cc index 3037cd78b..4064678a3 100644 --- a/src/ips_options/ips_id.cc +++ b/src/ips_options/ips_id.cc @@ -79,7 +79,7 @@ bool IpIdOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IpIdOption::eval(Cursor&, Packet* p) { - Profile profile(ipIdPerfStats); + RuleProfile profile(ipIdPerfStats); if (!p->has_ip()) return NO_MATCH; diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc index 6fc30d021..0d32f1dfb 100644 --- a/src/ips_options/ips_ip_proto.cc +++ b/src/ips_options/ips_ip_proto.cc @@ -106,7 +106,7 @@ bool IpProtoOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IpProtoOption::eval(Cursor&, Packet* p) { - Profile profile(ipProtoPerfStats); + RuleProfile profile(ipProtoPerfStats); IpProtoData* ipd = &config; diff --git a/src/ips_options/ips_ipopts.cc b/src/ips_options/ips_ipopts.cc index 7ababab5a..e270a3880 100644 --- a/src/ips_options/ips_ipopts.cc +++ b/src/ips_options/ips_ipopts.cc @@ -99,7 +99,7 @@ bool IpOptOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IpOptOption::eval(Cursor&, Packet* p) { - Profile profile(ipOptionPerfStats); + RuleProfile profile(ipOptionPerfStats); if ( !p->is_ip4() ) // if error occurred while ip header diff --git a/src/ips_options/ips_isdataat.cc b/src/ips_options/ips_isdataat.cc index f550a6f2e..b967440d4 100644 --- a/src/ips_options/ips_isdataat.cc +++ b/src/ips_options/ips_isdataat.cc @@ -129,7 +129,7 @@ bool IsDataAtOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IsDataAtOption::eval(Cursor& c, Packet*) { - Profile profile(isDataAtPerfStats); + RuleProfile profile(isDataAtPerfStats); int offset; diff --git a/src/ips_options/ips_itype.cc b/src/ips_options/ips_itype.cc index afbc0fa76..076e5b3ec 100644 --- a/src/ips_options/ips_itype.cc +++ b/src/ips_options/ips_itype.cc @@ -81,7 +81,7 @@ bool IcmpTypeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IcmpTypeOption::eval(Cursor&, Packet* p) { - Profile profile(icmpTypePerfStats); + RuleProfile profile(icmpTypePerfStats); // return 0 if we don't have an icmp header if (!p->ptrs.icmph) diff --git a/src/ips_options/ips_luajit.cc b/src/ips_options/ips_luajit.cc index 96932b294..c2da9ea40 100644 --- a/src/ips_options/ips_luajit.cc +++ b/src/ips_options/ips_luajit.cc @@ -179,7 +179,7 @@ bool LuaJitOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus LuaJitOption::eval(Cursor& c, Packet*) { - Profile profile(luaIpsPerfStats); + RuleProfile profile(luaIpsPerfStats); cursor = &c; diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index bc3ef0c60..5737c94ef 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -538,7 +538,7 @@ bool PcreOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus PcreOption::eval(Cursor& c, Packet*) { - Profile profile(pcrePerfStats); + RuleProfile profile(pcrePerfStats); // short circuit this for testing pcre performance impact if ( SnortConfig::no_pcre() ) diff --git a/src/ips_options/ips_pkt_data.cc b/src/ips_options/ips_pkt_data.cc index aaadfb312..ccf2c5a39 100644 --- a/src/ips_options/ips_pkt_data.cc +++ b/src/ips_options/ips_pkt_data.cc @@ -46,7 +46,7 @@ public: IpsOption::EvalStatus PktDataOption::eval(Cursor& c, Packet* p) { - Profile profile(pktDataPerfStats); + RuleProfile profile(pktDataPerfStats); c.reset(p); return MATCH; diff --git a/src/ips_options/ips_raw_data.cc b/src/ips_options/ips_raw_data.cc index 997d14537..096b7b5eb 100644 --- a/src/ips_options/ips_raw_data.cc +++ b/src/ips_options/ips_raw_data.cc @@ -46,7 +46,7 @@ public: IpsOption::EvalStatus RawDataOption::eval(Cursor& c, Packet* p) { - Profile profile(rawDataPerfStats); + RuleProfile profile(rawDataPerfStats); c.set(s_name, p->data, p->dsize); return MATCH; diff --git a/src/ips_options/ips_regex.cc b/src/ips_options/ips_regex.cc index 00f79c4db..44cf9087f 100644 --- a/src/ips_options/ips_regex.cc +++ b/src/ips_options/ips_regex.cc @@ -166,7 +166,7 @@ static int hs_match( IpsOption::EvalStatus RegexOption::eval(Cursor& c, Packet*) { - Profile profile(regex_perf_stats); + RuleProfile profile(regex_perf_stats); unsigned pos = c.get_delta(); diff --git a/src/ips_options/ips_replace.cc b/src/ips_options/ips_replace.cc index 7b194513b..712f6841b 100644 --- a/src/ips_options/ips_replace.cc +++ b/src/ips_options/ips_replace.cc @@ -156,7 +156,7 @@ bool ReplaceOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ReplaceOption::eval(Cursor& c, Packet* p) { - Profile profile(replacePerfStats); + RuleProfile profile(replacePerfStats); if ( p->is_cooked() ) return NO_MATCH; @@ -175,7 +175,7 @@ IpsOption::EvalStatus ReplaceOption::eval(Cursor& c, Packet* p) void ReplaceOption::action(Packet*) { - Profile profile(replacePerfStats); + RuleProfile profile(replacePerfStats); if ( pending() ) Replace_QueueChange(repl, (unsigned)pos()); diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc index 08e3cffdf..4cf3f062b 100644 --- a/src/ips_options/ips_rpc.cc +++ b/src/ips_options/ips_rpc.cc @@ -118,7 +118,7 @@ bool RpcOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus RpcOption::eval(Cursor&, Packet* p) { - Profile profile(rpcCheckPerfStats); + RuleProfile profile(rpcCheckPerfStats); if ( !is_valid(p) ) return NO_MATCH; diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc index c29b4867c..fd93c868c 100644 --- a/src/ips_options/ips_sd_pattern.cc +++ b/src/ips_options/ips_sd_pattern.cc @@ -265,7 +265,7 @@ unsigned SdPatternOption::SdSearch(Cursor& c, Packet* p) IpsOption::EvalStatus SdPatternOption::eval(Cursor& c, Packet* p) { - Profile profile(sd_pattern_perf_stats); + RuleProfile profile(sd_pattern_perf_stats); unsigned matches = SdSearch(c, p); diff --git a/src/ips_options/ips_seq.cc b/src/ips_options/ips_seq.cc index 42c2c449e..0497cb6d4 100644 --- a/src/ips_options/ips_seq.cc +++ b/src/ips_options/ips_seq.cc @@ -80,7 +80,7 @@ bool TcpSeqOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus TcpSeqOption::eval(Cursor&, Packet* p) { - Profile profile(tcpSeqPerfStats); + RuleProfile profile(tcpSeqPerfStats); if (!p->ptrs.tcph) return NO_MATCH; diff --git a/src/ips_options/ips_session.cc b/src/ips_options/ips_session.cc index 8bdc649bc..cbad19121 100644 --- a/src/ips_options/ips_session.cc +++ b/src/ips_options/ips_session.cc @@ -129,7 +129,7 @@ bool SessionOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SessionOption::eval(Cursor&, Packet* p) { - Profile profile(sessionPerfStats); + RuleProfile profile(sessionPerfStats); if ( !p->dsize || !p->data ) return MATCH; diff --git a/src/ips_options/ips_so.cc b/src/ips_options/ips_so.cc index 3a5ad6899..a5afb09fa 100644 --- a/src/ips_options/ips_so.cc +++ b/src/ips_options/ips_so.cc @@ -103,7 +103,7 @@ bool SoOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SoOption::eval(Cursor& c, Packet* p) { - Profile profile(soPerfStats); + RuleProfile profile(soPerfStats); return func(data, c, p); } diff --git a/src/ips_options/ips_tos.cc b/src/ips_options/ips_tos.cc index c8efa59b2..5b4a3ee7c 100644 --- a/src/ips_options/ips_tos.cc +++ b/src/ips_options/ips_tos.cc @@ -83,7 +83,7 @@ bool IpTosOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus IpTosOption::eval(Cursor&, Packet* p) { - Profile profile(ipTosPerfStats); + RuleProfile profile(ipTosPerfStats); if(!p->ptrs.ip_api.is_ip()) return NO_MATCH; diff --git a/src/ips_options/ips_ttl.cc b/src/ips_options/ips_ttl.cc index 97a6da881..e8ff111c9 100644 --- a/src/ips_options/ips_ttl.cc +++ b/src/ips_options/ips_ttl.cc @@ -80,7 +80,7 @@ bool TtlOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus TtlOption::eval(Cursor&, Packet* p) { - Profile profile(ttlCheckPerfStats); + RuleProfile profile(ttlCheckPerfStats); if(!p->ptrs.ip_api.is_ip()) return NO_MATCH; diff --git a/src/ips_options/ips_window.cc b/src/ips_options/ips_window.cc index 808becd3f..e35ec603d 100644 --- a/src/ips_options/ips_window.cc +++ b/src/ips_options/ips_window.cc @@ -80,7 +80,7 @@ bool TcpWinOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus TcpWinOption::eval(Cursor&, Packet* p) { - Profile profile(tcpWinPerfStats); + RuleProfile profile(tcpWinPerfStats); if (!p->ptrs.tcph) return NO_MATCH; diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index 6d028f110..1788d9fc2 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -75,6 +75,8 @@ using namespace std; static MainHook_f main_hook = snort_ignore; THREAD_LOCAL ProfileStats totalPerfStats; +THREAD_LOCAL ProfileStats daqPerfStats; + static THREAD_LOCAL Analyzer* local_analyzer = nullptr; //------------------------------------------------------------------------- @@ -285,8 +287,8 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p) PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n", get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id, get_ips_policy()->user_policy_id); - PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict)); + PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict)); PacketTracer::dump(p); } @@ -296,6 +298,7 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p) if (verdict == DAQ_VERDICT_RETRY) retry_queue->put(p->daq_msg); + else if ( !p->active->is_packet_held() ) { // Publish an event if something has indicated that it wants the @@ -305,17 +308,18 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p) FinalizePacketEvent event(p, verdict); DataBus::publish(FINALIZE_PACKET_EVENT, event); } - - p->daq_instance->finalize_message(p->daq_msg, verdict); + { + Profile profile(daqPerfStats); + p->daq_instance->finalize_message(p->daq_msg, verdict); + } } } void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry) { + Profile profile(totalPerfStats); const DAQ_PktHdr_t* pkthdr = daq_msg_get_pkthdr(msg); - set_default_policy(); - Profile profile(totalPerfStats); if (!retry) { @@ -363,7 +367,10 @@ void Analyzer::process_daq_msg(DAQ_Msg_h msg, bool retry) default: break; } - daq_instance->finalize_message(msg, DAQ_VERDICT_PASS); + { + Profile profile(daqPerfStats); + daq_instance->finalize_message(msg, DAQ_VERDICT_PASS); + } } void Analyzer::process_retry_queue() @@ -383,10 +390,6 @@ void Analyzer::process_retry_queue() */ bool Analyzer::inspect_rebuilt(Packet* p) { - // Need to include this b/c call is outside the detect tree - Profile detect_profile(detectPerfStats); - DeepProfile rebuilt_profile(rebuiltPacketPerfStats); - DetectionEngine de; return main_hook(p); } @@ -410,6 +413,12 @@ void Analyzer::post_process_packet(Packet* p) void Analyzer::finalize_daq_message(DAQ_Msg_h msg, DAQ_Verdict verdict) { + // FIXIT-L excluding daqPerfStats profile here because it needs to + // be excluded by stream_tcp which requires some refactoring. + // Instead the profiler could automatically exclude from current + // context if new scope has no parent but that requires additional + // plumbing. + // Profile profile(daqPerfStats); daq_instance->finalize_message(msg, verdict); } @@ -551,7 +560,10 @@ void Analyzer::term() { DAQ_Msg_h msg; while ((msg = retry_queue->get()) != nullptr) + { + Profile profile(daqPerfStats); daq_instance->finalize_message(msg, DAQ_VERDICT_BLOCK); + } daq_instance->stop(); } SFDAQ::set_local_instance(nullptr); @@ -681,7 +693,11 @@ DAQ_RecvStatus Analyzer::process_messages() if (pause_after_cnt && pause_after_cnt < max_recv) max_recv = pause_after_cnt; - DAQ_RecvStatus rstat = daq_instance->receive_messages(max_recv); + DAQ_RecvStatus rstat; + { + Profile profile(daqPerfStats); + rstat = daq_instance->receive_messages(max_recv); + } unsigned num_recv = 0; DAQ_Msg_h msg; @@ -690,6 +706,7 @@ DAQ_RecvStatus Analyzer::process_messages() // Dispose of any messages to be skipped first. if (skip_cnt > 0) { + Profile profile(daqPerfStats); aux_counts.skipped++; skip_cnt--; daq_instance->finalize_message(msg, DAQ_VERDICT_PASS); diff --git a/src/main/analyzer.h b/src/main/analyzer.h index 2e0b6e667..0aff93722 100644 --- a/src/main/analyzer.h +++ b/src/main/analyzer.h @@ -135,6 +135,7 @@ private: std::mutex pending_work_queue_mutex; }; +extern THREAD_LOCAL snort::ProfileStats daqPerfStats; extern THREAD_LOCAL snort::ProfileStats totalPerfStats; #endif diff --git a/src/main/snort.cc b/src/main/snort.cc index 5d5c1ee97..3e9b23135 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -100,30 +100,18 @@ static pid_t snort_main_thread_pid = 0; static ProfileStats* get_profile(const char* key) { - if ( !strcmp(key, "detect") ) - return &detectPerfStats; + if ( !strcmp(key, "daq") ) + return &daqPerfStats; + + if ( !strcmp(key, "decode") ) + return &decodePerfStats; if ( !strcmp(key, "mpse") ) return &mpsePerfStats; - if ( !strcmp(key, "rebuilt_packet") ) - return &rebuiltPacketPerfStats; - if ( !strcmp(key, "rule_eval") ) return &rulePerfStats; - if ( !strcmp(key, "rtn_eval") ) - return &ruleRTNEvalPerfStats; - - if ( !strcmp(key, "rule_tree_eval") ) - return &ruleOTNEvalPerfStats; - - if ( !strcmp(key, "nfp_rule_tree_eval") ) - return &ruleNFPEvalPerfStats; - - if ( !strcmp(key, "decode") ) - return &decodePerfStats; - if ( !strcmp(key, "eventq") ) return &eventqPerfStats; @@ -135,23 +123,14 @@ static ProfileStats* get_profile(const char* key) static void register_profiles() { - Profiler::register_module("detect", nullptr, get_profile); - Profiler::register_module("mpse", "detect", get_profile); - Profiler::register_module("rebuilt_packet", "detect", get_profile); - Profiler::register_module("rule_eval", "detect", get_profile); - Profiler::register_module("rtn_eval", "rule_eval", get_profile); - Profiler::register_module("rule_tree_eval", "rule_eval", get_profile); - Profiler::register_module("nfp_rule_tree_eval", "rule_eval", get_profile); + Profiler::register_module("daq", nullptr, get_profile); Profiler::register_module("decode", nullptr, get_profile); + Profiler::register_module("mpse", nullptr, get_profile); + Profiler::register_module("rule_eval", nullptr, get_profile); Profiler::register_module("eventq", nullptr, get_profile); Profiler::register_module("total", nullptr, get_profile); - Profiler::register_module("daq_meta", nullptr, get_profile); } -//------------------------------------------------------------------------- -// helpers -//------------------------------------------------------------------------- - //------------------------------------------------------------------------- // initialization //------------------------------------------------------------------------- diff --git a/src/managers/ips_manager.cc b/src/managers/ips_manager.cc index 98ad87759..ca515f61c 100644 --- a/src/managers/ips_manager.cc +++ b/src/managers/ips_manager.cc @@ -26,6 +26,7 @@ #include #include +#include "detection/fp_detect.h" #include "detection/treenodes.h" #include "log/messages.h" #include "main/snort_config.h" @@ -293,7 +294,7 @@ bool IpsManager::option_end( ips = (IpsOption*)prev; } - OptFpList* fpl = AddOptFuncToList(IpsOption::eval, otn); + OptFpList* fpl = AddOptFuncToList(fp_eval_option, otn); fpl->ips_opt = ips; fpl->type = ips->get_type(); diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 93dbadee0..a8b81f119 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -766,10 +766,6 @@ bool AppIdConfig::init_appid(SnortConfig* sc) dns_host_detector_process_patterns(); read_port_detectors(ODP_PORT_DETECTORS); read_port_detectors(CUSTOM_PORT_DETECTORS); - appid_http_profiler_init(); -#ifdef ENABLE_APPID_THIRD_PARTY - tp_appid_profiler_init(); -#endif once = true; } #ifdef USE_RNA_CONFIG diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index a3c73539f..d7b9ef8f7 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -52,16 +52,6 @@ static const char* httpFieldName[ NUM_HTTP_FIELDS ] = // for use in debug messag "body", }; -static THREAD_LOCAL snort::ProfileStats process_http_perf_stats; -static ProfileStats* get_profile(const char*) -{ - return &process_http_perf_stats; -} -void appid_http_profiler_init() -{ - Profiler::register_module("http_process", "appid", get_profile); -} - AppIdHttpSession::AppIdHttpSession(AppIdSession& asd) : asd(asd) { @@ -385,7 +375,6 @@ void AppIdHttpSession::process_chp_buffers(AppidChangeBits& change_bits) int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, AppidChangeBits& change_bits) { - DeepProfile profile(process_http_perf_stats); AppId service_id = APP_ID_NONE; AppId client_id = APP_ID_NONE; AppId payload_id = APP_ID_NONE; diff --git a/src/network_inspectors/appid/appid_http_session.h b/src/network_inspectors/appid/appid_http_session.h index f3a5113af..e507f0c54 100644 --- a/src/network_inspectors/appid/appid_http_session.h +++ b/src/network_inspectors/appid/appid_http_session.h @@ -232,7 +232,5 @@ protected: #endif }; -void appid_http_profiler_init(); - #endif diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index 0e5fc1c16..1ef86cbe9 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -52,12 +52,6 @@ using namespace snort; #define MAX_CANDIDATE_CLIENTS 10 -static THREAD_LOCAL ProfileStats client_disco_perf_stats; -static ProfileStats* get_profile(const char*) -{ - return &client_disco_perf_stats; -} - ClientDiscovery* ClientDiscovery::discovery_manager = nullptr; THREAD_LOCAL ClientAppMatch* match_free_list = nullptr; @@ -123,8 +117,6 @@ void ClientDiscovery::initialize() for ( auto kv : udp_detectors ) kv.second->initialize(); - - Profiler::register_module("client_discovery", "appid", get_profile); } void ClientDiscovery::finalize_client_plugins() @@ -356,7 +348,6 @@ void ClientDiscovery::exec_client_detectors(AppIdSession& asd, Packet* p, bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, AppidSessionDirection direction, AppidChangeBits& change_bits) { - DeepProfile profile(client_disco_perf_stats); bool isTpAppidDiscoveryDone = false; AppInfoTableEntry* entry; uint32_t prevRnaClientState = asd.client_disco_state; diff --git a/src/network_inspectors/appid/ips_appid_option.cc b/src/network_inspectors/appid/ips_appid_option.cc index 6b90aa3d5..c8f5d0120 100644 --- a/src/network_inspectors/appid/ips_appid_option.cc +++ b/src/network_inspectors/appid/ips_appid_option.cc @@ -119,10 +119,11 @@ bool AppIdIpsOption::match_id_against_rule(int32_t id) // first match wins... IpsOption::EvalStatus AppIdIpsOption::eval(Cursor&, Packet* p) { + RuleProfile profile(ips_appid_perf_stats); + if ( !p->flow ) return NO_MATCH; - DeepProfile profile(ips_appid_perf_stats); AppIdSession* session = appid_api.get_appid_session(*(p->flow)); if ( !session ) diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 9a0c134ab..ee1c869be 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -64,19 +64,6 @@ enum LuaLogLevels LUA_LOG_TRACE = 5, }; -// FIXIT-L: Add separate perf stats for ODP detectors and custom -// detectors if more granularity is desired -static THREAD_LOCAL ProfileStats lua_validate_perf_stats; - -static ProfileStats* get_profile(const char*) -{ - return &lua_validate_perf_stats; -} -void lua_detector_profiler_init() -{ - Profiler::register_module("lua_validate", "appid", get_profile); -} - static std::unordered_map* CHP_glossary = nullptr; // tracks http multipatterns void init_chp_glossary() @@ -2673,7 +2660,6 @@ LuaServiceObject::LuaServiceObject(AppIdDiscovery* sdm, const std::string& detec int LuaServiceDetector::validate(AppIdDiscoveryArgs& args) { - DeepProfile profile(lua_validate_perf_stats); //FIXIT-M: RELOAD - use lua references to get user data object from stack auto my_lua_state = lua_detector_mgr? lua_detector_mgr->L : nullptr; lua_settop(my_lua_state,0); @@ -2751,7 +2737,6 @@ LuaStateDescriptor* LuaObject::validate_lua_state(bool packet_context) int LuaClientDetector::validate(AppIdDiscoveryArgs& args) { - DeepProfile profile(lua_validate_perf_stats); //FIXIT-M: RELOAD - use lua references to get user data object from stack auto my_lua_state = lua_detector_mgr? lua_detector_mgr->L : nullptr; std::string name = this->name + "_"; diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h index 2df317d8c..0fbc9fc1d 100644 --- a/src/network_inspectors/appid/lua_detector_api.h +++ b/src/network_inspectors/appid/lua_detector_api.h @@ -138,7 +138,6 @@ public: { return cd; } }; -void lua_detector_profiler_init(); int register_detector(lua_State*); void init_chp_glossary(); int init(lua_State*, int result=0); diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index b52240c58..f8c53cce1 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -198,9 +198,6 @@ LuaDetectorManager::~LuaDetectorManager() void LuaDetectorManager::initialize(AppIdConfig& config, int is_control) { - if (is_control) - lua_detector_profiler_init(); - // FIXIT-M: RELOAD - When reload is supported, remove this line which prevents re-initialize if (lua_detector_mgr) return; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 8a9a0e21b..9e765644f 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -86,12 +86,6 @@ using namespace snort; -static THREAD_LOCAL ProfileStats service_disco_perf_stats; -static ProfileStats* get_profile(const char*) -{ - return &service_disco_perf_stats; -} - static ServiceDetector* ftp_service; ServiceDiscovery* ServiceDiscovery::discovery_manager = nullptr; @@ -177,8 +171,6 @@ void ServiceDiscovery::initialize() kv.second->initialize(); service_detector_list.emplace_back(kv.second); } - - Profiler::register_module("service_discovery", "appid", get_profile); } void ServiceDiscovery::finalize_service_patterns() @@ -589,7 +581,6 @@ int ServiceDiscovery::add_ftp_service_state(AppIdSession& asd) bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, AppidSessionDirection direction, AppidChangeBits& change_bits) { - DeepProfile profile(service_disco_perf_stats); bool isTpAppidDiscoveryDone = false; uint32_t prevRnaServiceState = asd.service_disco_state; AppId tp_app_id = asd.get_tp_app_id(); diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index a47a91ebb..4914a7880 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -53,24 +53,6 @@ using namespace snort; typedef AppIdHttpSession::pair_t pair_t; -static THREAD_LOCAL ProfileStats tp_lib_perf_stats; -static THREAD_LOCAL ProfileStats tp_disco_perf_stats; - -static ProfileStats* get_profile(const char* key) -{ - if ( !strcmp(key, "tp_discovery") ) - return &tp_disco_perf_stats; - if ( !strcmp(key, "tp_library") ) - return &tp_lib_perf_stats; - return nullptr; -} - -void tp_appid_profiler_init() -{ - Profiler::register_module("tp_discovery", "appid", get_profile); - Profiler::register_module("tp_library", "tp_discovery", get_profile); -} - static inline bool contains(const vector& vec, const AppId val) { for (const auto& elem : vec) @@ -636,7 +618,6 @@ static inline void check_terminate_tp_module(AppIdSession& asd, uint16_t tpPktCo bool do_tp_discovery(AppIdSession& asd, IpProtocol protocol, Packet* p, AppidSessionDirection& direction, AppidChangeBits& change_bits) { - DeepProfile tp_disco_profile(tp_disco_perf_stats); AppId tp_app_id = asd.get_tp_app_id(); if (tp_app_id == APP_ID_SSH && asd.payload.get_id() != APP_ID_SFTP && @@ -674,7 +655,6 @@ bool do_tp_discovery(AppIdSession& asd, IpProtocol protocol, if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK) || asd.config->mod_config->tp_allow_probes) { - DeepProfile tp_lib_profile(tp_lib_perf_stats); int tp_confidence; ThirdPartyAppIDAttributeData tp_attribute_data; vector tp_proto_list; diff --git a/src/network_inspectors/appid/tp_appid_utils.h b/src/network_inspectors/appid/tp_appid_utils.h index 590ba53ce..05a9bb845 100644 --- a/src/network_inspectors/appid/tp_appid_utils.h +++ b/src/network_inspectors/appid/tp_appid_utils.h @@ -26,8 +26,7 @@ class AppIdSession; -void tp_appid_profiler_init(); -bool do_tp_discovery(AppIdSession&, IpProtocol, snort::Packet*, AppidSessionDirection&, - AppidChangeBits&); +bool do_tp_discovery( + AppIdSession&, IpProtocol, snort::Packet*, AppidSessionDirection&, AppidChangeBits&); #endif diff --git a/src/profiler/profiler_defs.h b/src/profiler/profiler_defs.h index f9e089cc8..6e1530105 100644 --- a/src/profiler/profiler_defs.h +++ b/src/profiler/profiler_defs.h @@ -124,27 +124,21 @@ public: #ifdef NO_PROFILER using Profile = ProfileDisabled; -using DeepProfile = ProfileDisabled; using NoProfile = ProfileDisabled; #else #ifdef NO_MEM_MGR using Profile = NoMemContext; using NoProfile = NoMemExclude; -#ifdef DEEP_PROFILING -using DeepProfile = NoMemContext; -#else -using DeepProfile = ProfileDisabled; -#endif #else using Profile = ProfileContext; using NoProfile = ProfileExclude; -#ifdef DEEP_PROFILING -using DeepProfile = ProfileContext; -#else -using DeepProfile = ProfileDisabled; -#endif #endif #endif +// developer enable for profiling rule options +// see also fp_eval_option +//using RuleProfile = ProfileContext; +using RuleProfile = ProfileDisabled; + } #endif diff --git a/src/service_inspectors/dce_rpc/dce_co.cc b/src/service_inspectors/dce_rpc/dce_co.cc index d2f9fc2dd..f1e6bdc9f 100644 --- a/src/service_inspectors/dce_rpc/dce_co.cc +++ b/src/service_inspectors/dce_rpc/dce_co.cc @@ -225,17 +225,6 @@ static DCE2_Ret DCE2_CoSetIface(DCE2_SsnData* sd, DCE2_CoTracker* cot, uint16_t if (cot->ctx_ids == nullptr) return DCE2_RET__ERROR; - // FIXIT-M these Profile aren't actually helping ... - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_ctx); - } - else - { - Profile profile(dce2_smb_pstat_co_ctx); - } - // FIXIT-M add missing cases (HTTP, UDP, ...) - DCE2_CoCtxIdNode* ctx_id_node = (DCE2_CoCtxIdNode*)DCE2_ListFind(cot->ctx_ids, (void*)(uintptr_t)ctx_id); @@ -567,14 +556,6 @@ static DCE2_CoCtxIdNode* dce_co_process_ctx_id(DCE2_SsnData* sd,DCE2_CoTracker* dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoSynId)); } - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_ctx); - } - else - { - Profile profile(dce2_smb_pstat_co_ctx); - } /* If there is already an accepted node with in the list * with this ctx, just return */ @@ -657,22 +638,12 @@ static void DCE2_CoCtxReq(DCE2_SsnData* sd, DCE2_CoTracker* cot, const DceRpcCoH } } -static void dce_co_process_ctx_result(DCE2_SsnData* sd,DCE2_CoTracker* cot, - const DceRpcCoHdr* co_hdr,DCE2_Policy policy, - uint16_t result) +static void dce_co_process_ctx_result(DCE2_SsnData*, DCE2_CoTracker* cot, + const DceRpcCoHdr* co_hdr,DCE2_Policy policy, uint16_t result) { DCE2_CoCtxIdNode* ctx_node, * existing_ctx_node; DCE2_Ret status; - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_ctx); - } - else - { - Profile profile(dce2_smb_pstat_co_ctx); - } - /* Dequeue context item in pending queue - this will get put in the permanent * context id list or freed */ ctx_node = (DCE2_CoCtxIdNode*)DCE2_QueueDequeue(cot->pending_ctx_ids); @@ -1202,15 +1173,6 @@ static Packet* dce_co_reassemble(DCE2_SsnData* sd, DCE2_CoTracker* cot, int co_hdr_len = from_client ? DCE2_MOCK_HDR_LEN__CO_CLI : DCE2_MOCK_HDR_LEN__CO_SRV; int smb_hdr_len = from_client ? DCE2_MOCK_HDR_LEN__SMB_CLI : DCE2_MOCK_HDR_LEN__SMB_SRV; - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_reass); - } - else - { - Profile profile(dce2_smb_pstat_co_reass); - } - DCE2_RpktType rpkt_type; Packet* rpkt = DCE2_CoGetRpkt(sd, cot, co_rtype, &rpkt_type); if (rpkt == nullptr) @@ -1316,15 +1278,6 @@ static DCE2_Ret dce_co_handle_frag(DCE2_SsnData* sd, DCE2_CoTracker* cot, dce2CommonStats* dce_common_stats = dce_get_proto_stats_ptr(sd); Packet* p = DetectionEngine::get_current_packet(); - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_frag); - } - else - { - Profile profile(dce2_smb_pstat_co_frag); - } - if ( p->is_from_client() ) { if (frag_len > dce_common_stats->co_cli_max_frag_size) @@ -2052,15 +2005,6 @@ static Packet* DCE2_CoGetSegRpkt(DCE2_SsnData* sd, Packet* rpkt = nullptr; int smb_hdr_len = p->is_from_client() ? DCE2_MOCK_HDR_LEN__SMB_CLI : DCE2_MOCK_HDR_LEN__SMB_SRV; - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_reass); - } - else - { - Profile profile(dce2_smb_pstat_co_reass); - } - switch (sd->trans) { case DCE2_TRANS_TYPE__SMB: @@ -2208,20 +2152,9 @@ static DCE2_Ret DCE2_HandleSegmentation(DCE2_Buffer* seg_buf, const uint8_t* dat * buffer object if necessary. * ********************************************************************/ -static DCE2_Ret DCE2_CoHandleSegmentation(DCE2_SsnData* sd, DCE2_CoSeg* seg, +static DCE2_Ret DCE2_CoHandleSegmentation(DCE2_SsnData*, DCE2_CoSeg* seg, const uint8_t* data_ptr, uint16_t data_len, uint16_t need_len, uint16_t* data_used) { - DCE2_Ret status; - - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - Profile profile(dce2_tcp_pstat_co_seg); - } - else - { - Profile profile(dce2_smb_pstat_co_seg); - } - if (seg == nullptr) { return DCE2_RET__ERROR; @@ -2236,10 +2169,7 @@ static DCE2_Ret DCE2_CoHandleSegmentation(DCE2_SsnData* sd, DCE2_CoSeg* seg, } } - status = DCE2_HandleSegmentation(seg->buf, - data_ptr, data_len, need_len, data_used); - - return status; + return DCE2_HandleSegmentation(seg->buf, data_ptr, data_len, need_len, data_used); } /******************************************************************** diff --git a/src/service_inspectors/dce_rpc/dce_common.cc b/src/service_inspectors/dce_rpc/dce_common.cc index 392d0cd1d..dbf55b849 100644 --- a/src/service_inspectors/dce_rpc/dce_common.cc +++ b/src/service_inspectors/dce_rpc/dce_common.cc @@ -154,27 +154,6 @@ bool dce2_paf_abort(Flow* flow, DCE2_SsnData* sd) } -static void dce2_protocol_detect(DCE2_SsnData* sd, snort::Packet* pkt) -{ - if (sd->trans == DCE2_TRANS_TYPE__TCP) - { - // FIXIT-M this doesn't look right; profile immediately goes out of scope - Profile profile(dce2_tcp_pstat_detect); - } - else if (sd->trans == DCE2_TRANS_TYPE__SMB) - { - Profile profile(dce2_smb_pstat_detect); - } - else - { - Profile profile(dce2_udp_pstat_detect); - } - - DetectionEngine::detect(pkt); - - dce2_detected = 1; -} - void DCE2_Detect(DCE2_SsnData* sd) { DceContextData::set_current_ropts(sd); @@ -186,7 +165,8 @@ void DCE2_Detect(DCE2_SsnData* sd) return; } snort::Packet* top_pkt = DetectionEngine::get_current_packet(); - dce2_protocol_detect(sd, top_pkt); + DetectionEngine::detect(top_pkt); + dce2_detected = 1; /* Always reset rule option data after detecting */ DCE2_ResetRopts(sd , top_pkt); } diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index a5b3459a8..d1202b602 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -39,29 +39,7 @@ #include "dce_smb2.h" THREAD_LOCAL dce2SmbStats dce2_smb_stats; - -// used here THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_main; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_session; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_new_session; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_req; - -// used elsewhere -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_detect; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_log; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_seg; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_frag; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_reass; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_ctx; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_seg; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_uid; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_tid; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fid; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_detect; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_api; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fingerprint; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_negotiate; //------------------------------------------------------------------------- // debug stuff diff --git a/src/service_inspectors/dce_rpc/dce_smb.h b/src/service_inspectors/dce_rpc/dce_smb.h index d54977da3..b7e8623f3 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.h +++ b/src/service_inspectors/dce_rpc/dce_smb.h @@ -193,24 +193,6 @@ struct dce2SmbStats extern THREAD_LOCAL dce2SmbStats dce2_smb_stats; extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_main; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_session; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_new_session; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_detect; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_log; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_seg; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_frag; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_reass; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_co_ctx; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_seg; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_req; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_uid; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_tid; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fid; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_detect; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_file_api; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_fingerprint; -extern THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_smb_negotiate; enum DCE2_SmbSsnState { diff --git a/src/service_inspectors/dce_rpc/dce_smb_commands.cc b/src/service_inspectors/dce_rpc/dce_smb_commands.cc index 73b1cbc3c..49b093a75 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_commands.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_commands.cc @@ -1216,8 +1216,6 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if ((word_count != 13) && (word_count != 12)) return DCE2_RET__SUCCESS; - snort::Profile profile(dce2_smb_pstat_smb_fingerprint); - if (word_count == 13) { uint16_t oem_pass_len = @@ -1386,8 +1384,6 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ComInfoByteCount(com_info) == 0) return DCE2_RET__SUCCESS; - snort::Profile profile(dce2_smb_pstat_smb_fingerprint); - if (DCE2_ComInfoWordCount(com_info) == 3) { dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); @@ -1567,8 +1563,6 @@ DCE2_Ret DCE2_SmbNegotiate(DCE2_SmbSsnData* ssd, const SmbNtHdr*, if (!DCE2_ComInfoCanProcessCommand(com_info)) return DCE2_RET__ERROR; - snort::Profile profile(dce2_smb_pstat_smb_negotiate); - if (DCE2_ComInfoIsRequest(com_info)) { // Have at least 2 bytes based on byte count check done earlier diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc index 491f609c4..d2d01d800 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc @@ -218,108 +218,9 @@ PegCount* Dce2SmbModule::get_counts() const return (PegCount*)&dce2_smb_stats; } -ProfileStats* Dce2SmbModule::get_profile( - unsigned index, const char*& name, const char*& parent) const +ProfileStats* Dce2SmbModule::get_profile() const { - switch ( index ) - { - case 0: - name = "dce_smb_main"; - parent = nullptr; - return &dce2_smb_pstat_main; - - case 1: - name = "dce_smb_session"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_session; - - case 2: - name = "dce_smb_new_session"; - parent = "dce_smb_session"; - - return &dce2_smb_pstat_new_session; - - case 3: - name = "dce_smb_detect"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_detect; - - case 4: - name = "dce_smb_log"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_log; - - case 5: - name = "dce_smb_co_segment"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_co_seg; - - case 6: - name = "dce_smb_co_fragment"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_co_frag; - - case 7: - name = "dce_smb_co_reassembly"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_co_reass; - - case 8: - name = "dce_smb_co_context"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_co_ctx; - - case 9: - name = "dce_smb_segment"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_seg; - - case 10: - name = "dce_smb_request"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_req; - - case 11: - name = "dce_smb_uid"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_uid; - - case 12: - name = "dce_smb_tid"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_tid; - - case 13: - name = "dce_smb_fid"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_fid; - - case 14: - name = "dce_smb_file"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_file; - - case 15: - name = "dce_smb_file_detect"; - parent = "dce_smb_file"; - return &dce2_smb_pstat_smb_file_detect; - - case 16: - name = "dce_smb_file_api"; - parent = "dce_smb_file"; - return &dce2_smb_pstat_smb_file_api; - - case 17: - name = "dce_smb_fingerprint"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_fingerprint; - - case 18: - name = "dce_smb_negotiate"; - parent = "dce_smb_main"; - return &dce2_smb_pstat_smb_negotiate; - } - return nullptr; + return &dce2_smb_pstat_main; } static int smb_invalid_share_compare(const void* a, const void* b) diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.h b/src/service_inspectors/dce_rpc/dce_smb_module.h index 3920f6a7a..505cf2c68 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.h +++ b/src/service_inspectors/dce_rpc/dce_smb_module.h @@ -82,7 +82,7 @@ public: const snort::RuleMap* get_rules() const override; const PegInfo* get_pegs() const override; PegCount* get_counts() const override; - snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override; + snort::ProfileStats* get_profile() const override; void get_data(dce2SmbProtoConf&); Usage get_usage() const override diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc index 48328284e..fa4b34aae 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc @@ -370,8 +370,6 @@ DCE2_Ret DCE2_SmbValidateTransactionFields( DCE2_Ret DCE2_SmbBufferTransactionData(DCE2_SmbTransactionTracker* ttracker, const uint8_t* data_ptr, uint16_t dcnt, uint16_t ddisp) { - snort::Profile profile(dce2_smb_pstat_smb_req); - if (ttracker->dbuf == nullptr) { /* Buf size should be the total data count we need */ @@ -390,8 +388,6 @@ DCE2_Ret DCE2_SmbBufferTransactionData(DCE2_SmbTransactionTracker* ttracker, DCE2_Ret DCE2_SmbBufferTransactionParameters(DCE2_SmbTransactionTracker* ttracker, const uint8_t* param_ptr, uint16_t pcnt, uint16_t pdisp) { - snort::Profile profile(dce2_smb_pstat_smb_req); - if (ttracker->pbuf == nullptr) { /* Buf size should be the total data count we need */ diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc index cd2d4b542..1e280dc40 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc @@ -155,8 +155,6 @@ DCE2_Ret DCE2_SmbFindUid(DCE2_SmbSsnData* ssd, const uint16_t uid) { DCE2_Ret status; - Profile profile(dce2_smb_pstat_smb_uid); - if ((ssd->uid != DCE2_SENTINEL) && (ssd->uid == (int)uid)) status = DCE2_RET__SUCCESS; else @@ -167,8 +165,6 @@ DCE2_Ret DCE2_SmbFindUid(DCE2_SmbSsnData* ssd, const uint16_t uid) void DCE2_SmbInsertUid(DCE2_SmbSsnData* ssd, const uint16_t uid) { - Profile profile(dce2_smb_pstat_smb_uid); - if (ssd->uid == DCE2_SENTINEL) { ssd->uid = (int)uid; @@ -194,8 +190,6 @@ void DCE2_SmbRemoveUid(DCE2_SmbSsnData* ssd, const uint16_t uid) { const DCE2_Policy policy = DCE2_SsnGetServerPolicy(&ssd->sd); - Profile profile(dce2_smb_pstat_smb_uid); - if ((ssd->uid != DCE2_SENTINEL) && (ssd->uid == (int)uid)) ssd->uid = DCE2_SENTINEL; else @@ -261,8 +255,6 @@ DCE2_SmbRequestTracker* DCE2_SmbNewRequestTracker(DCE2_SmbSsnData* ssd, uint16_t uid = SmbUid(smb_hdr); uint16_t tid = SmbTid(smb_hdr); - Profile profile(dce2_smb_pstat_smb_req); - if (ssd == nullptr) { return nullptr; @@ -342,8 +334,6 @@ DCE2_SmbRequestTracker* DCE2_SmbNewRequestTracker(DCE2_SmbSsnData* ssd, DCE2_SmbFileTracker* DCE2_SmbNewFileTracker(DCE2_SmbSsnData* ssd, const uint16_t uid, const uint16_t tid, const uint16_t fid) { - Profile profile(dce2_smb_pstat_smb_fid); - // Already have tracker for file API and not setting file data pointer // so don't create new file tracker. bool is_ipc = DCE2_SmbIsTidIPC(ssd, tid); @@ -448,8 +438,6 @@ DCE2_Ret DCE2_SmbInitFileTracker(DCE2_SmbSsnData* ssd, DCE2_SmbFileTracker* DCE2_SmbFindFileTracker(DCE2_SmbSsnData* ssd, const uint16_t uid, const uint16_t tid, const uint16_t fid) { - Profile profile(dce2_smb_pstat_smb_fid); - DCE2_SmbFileTracker* ftracker; if ((ssd->ftracker.fid_v1 != DCE2_SENTINEL) && (ssd->ftracker.fid_v1 == (int)fid)) { @@ -552,8 +540,6 @@ void DCE2_SmbRemoveFileTracker(DCE2_SmbSsnData* ssd, DCE2_SmbFileTracker* ftrack if (ftracker == nullptr) return; - Profile profile(dce2_smb_pstat_smb_fid); - if (ssd->fapi_ftracker == ftracker) DCE2_SmbFinishFileAPI(ssd); @@ -573,8 +559,6 @@ void DCE2_SmbCleanFileTracker(DCE2_SmbFileTracker* ftracker) if (ftracker == nullptr) return; - Profile profile(dce2_smb_pstat_smb_fid); - ftracker->fid_v1 = DCE2_SENTINEL; if (ftracker->file_name != nullptr) { @@ -644,8 +628,6 @@ void DCE2_SmbCleanSessionFileTracker(DCE2_SmbSsnData* ssd, DCE2_SmbFileTracker* void DCE2_SmbCleanTransactionTracker(DCE2_SmbTransactionTracker* ttracker) { - Profile profile(dce2_smb_pstat_smb_req); - if (ttracker == nullptr) { return; @@ -662,8 +644,6 @@ void DCE2_SmbCleanTransactionTracker(DCE2_SmbTransactionTracker* ttracker) void DCE2_SmbCleanRequestTracker(DCE2_SmbRequestTracker* rtracker) { - Profile profile(dce2_smb_pstat_smb_req); - if (rtracker == nullptr) { return; @@ -694,8 +674,6 @@ void DCE2_SmbCleanRequestTracker(DCE2_SmbRequestTracker* rtracker) void DCE2_SmbRemoveRequestTracker(DCE2_SmbSsnData* ssd, DCE2_SmbRequestTracker* rtracker) { - Profile profile(dce2_smb_pstat_smb_req); - if ((ssd == nullptr) || (rtracker == nullptr)) { return; @@ -749,8 +727,6 @@ void DCE2_SmbRemoveFileTrackerFromRequestTrackers(DCE2_SmbSsnData* ssd, DCE2_SmbFileTracker* DCE2_SmbDequeueTmpFileTracker(DCE2_SmbSsnData* ssd, DCE2_SmbRequestTracker* rtracker, const uint16_t fid) { - Profile profile(dce2_smb_pstat_smb_fid); - DCE2_SmbFileTracker* ftracker = (DCE2_SmbFileTracker*)DCE2_QueueDequeue(rtracker->ft_queue); if (ftracker == nullptr) @@ -810,8 +786,6 @@ DCE2_Ret DCE2_SmbFindTid(DCE2_SmbSsnData* ssd, const uint16_t tid) { DCE2_Ret status; - Profile profile(dce2_smb_pstat_smb_tid); - if ((ssd->tid != DCE2_SENTINEL) && ((ssd->tid & 0x0000ffff) == (int)tid)) status = DCE2_RET__SUCCESS; else @@ -822,8 +796,6 @@ DCE2_Ret DCE2_SmbFindTid(DCE2_SmbSsnData* ssd, const uint16_t tid) void DCE2_SmbRemoveTid(DCE2_SmbSsnData* ssd, const uint16_t tid) { - Profile profile(dce2_smb_pstat_smb_tid); - if ((ssd->tid != DCE2_SENTINEL) && ((ssd->tid & 0x0000ffff) == (int)tid)) ssd->tid = DCE2_SENTINEL; else @@ -862,8 +834,6 @@ void DCE2_SmbRemoveTid(DCE2_SmbSsnData* ssd, const uint16_t tid) void DCE2_SmbInsertTid(DCE2_SmbSsnData* ssd, const uint16_t tid, const bool is_ipc) { - Profile profile(dce2_smb_pstat_smb_tid); - if (!is_ipc && (!DCE2_ScSmbFileInspection((dce2SmbProtoConf*)ssd->sd.config) || ((ssd->max_file_depth == -1) && DCE2_ScSmbFileDepth( (dce2SmbProtoConf*)ssd->sd.config) == -1))) @@ -979,8 +949,6 @@ void DCE2_SmbInvalidShareCheck(DCE2_SmbSsnData* ssd, void DCE2_SmbQueueTmpFileTracker(DCE2_SmbSsnData* ssd, DCE2_SmbRequestTracker* rtracker, const uint16_t uid, const uint16_t tid) { - Profile profile(dce2_smb_pstat_smb_fid); - DCE2_SmbFileTracker* ftracker = (DCE2_SmbFileTracker*) snort_calloc(sizeof(DCE2_SmbFileTracker)); @@ -1272,8 +1240,6 @@ Packet* DCE2_SmbGetRpkt(DCE2_SmbSsnData* ssd, DCE2_Ret DCE2_SmbHandleSegmentation(DCE2_Buffer** buf, const uint8_t* data_ptr, uint32_t add_len, uint32_t alloc_size) { - Profile profile(dce2_smb_pstat_smb_seg); - if (buf == nullptr) { return DCE2_RET__ERROR; @@ -1468,8 +1434,6 @@ static void DCE2_SmbInjectDeletePdu(DCE2_SmbFileTracker* ftracker) static FileVerdict DCE2_SmbLookupFileVerdict() { - Profile profile(dce2_smb_pstat_smb_file_api); - FileContext* file = DCE2_get_main_file_context(); if ( !file ) @@ -1485,8 +1449,6 @@ static FileVerdict DCE2_SmbLookupFileVerdict() static void DCE2_SmbFinishFileBlockVerdict(DCE2_SmbSsnData* ssd) { - Profile profile(dce2_smb_pstat_smb_file); - FileVerdict verdict = DCE2_SmbLookupFileVerdict(); if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERDICT_REJECT)) { @@ -1505,7 +1467,6 @@ static void DCE2_SmbFinishFileAPI(DCE2_SmbSsnData* ssd) if (ftracker == nullptr) return; - Profile profile(dce2_smb_pstat_smb_file); FileFlows* file_flows = FileFlows::get_file_flows(p->flow); bool upload = (ftracker->ff_file_direction == DCE2_SMB_FILE_DIRECTION__UPLOAD); @@ -1516,7 +1477,6 @@ static void DCE2_SmbFinishFileAPI(DCE2_SmbSsnData* ssd) if ((ftracker->ff_file_size == 0) && (ftracker->ff_bytes_processed != 0)) { - Profile sub_profile(dce2_smb_pstat_smb_file_api); if (file_flows->file_process(p, nullptr, 0, SNORT_FILE_END, upload)) { if (upload) @@ -1578,7 +1538,6 @@ static DCE2_Ret DCE2_SmbFileAPIProcess(DCE2_SmbSsnData* ssd, position = SNORT_FILE_MIDDLE; } - Profile profile(dce2_smb_pstat_smb_file_api); Packet* p = DetectionEngine::get_current_packet(); FileFlows* file_flows = FileFlows::get_file_flows(p->flow); if (!file_flows->file_process(p, data_ptr, (int)data_len, position, upload, @@ -1762,8 +1721,6 @@ void DCE2_SmbProcessFileData(DCE2_SmbSsnData* ssd, if (data_len == 0) return; - Profile profile(dce2_smb_pstat_smb_file); - // Account for wrapping. Not likely but just in case. if ((ftracker->ff_bytes_processed + data_len) < ftracker->ff_bytes_processed) { @@ -1886,10 +1843,7 @@ void DCE2_SmbProcessFileData(DCE2_SmbSsnData* ssd, void DCE2_FileDetect() { Packet* top_pkt = DetectionEngine::get_current_packet(); - - Profile profile(dce2_smb_pstat_smb_file_detect); DetectionEngine::detect(top_pkt); - dce2_detected = 1; } diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc index 8219f325a..369f33691 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp.cc @@ -50,16 +50,7 @@ Dce2TcpFlowData::~Dce2TcpFlowData() } THREAD_LOCAL dce2TcpStats dce2_tcp_stats; - THREAD_LOCAL ProfileStats dce2_tcp_pstat_main; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_session; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_new_session; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_detect; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_log; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_seg; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_frag; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_reass; -THREAD_LOCAL ProfileStats dce2_tcp_pstat_co_ctx; unsigned Dce2TcpFlowData::inspector_id = 0; @@ -80,8 +71,6 @@ static DCE2_TcpSsnData* set_new_dce2_tcp_session(Packet* p) static DCE2_TcpSsnData* dce2_create_new_tcp_session(Packet* p, dce2TcpProtoConf* config) { - Profile profile(dce2_tcp_pstat_new_session); - DCE2_TcpSsnData* dce2_tcp_sess = set_new_dce2_tcp_session(p); if ( dce2_tcp_sess ) @@ -102,8 +91,6 @@ static DCE2_TcpSsnData* dce2_create_new_tcp_session(Packet* p, dce2TcpProtoConf* static DCE2_TcpSsnData* dce2_handle_tcp_session(Packet* p, dce2TcpProtoConf* config) { - Profile profile(dce2_tcp_pstat_session); - DCE2_TcpSsnData* dce2_tcp_sess = get_dce2_tcp_session_data(p->flow); if (dce2_tcp_sess == nullptr) diff --git a/src/service_inspectors/dce_rpc/dce_tcp.h b/src/service_inspectors/dce_rpc/dce_tcp.h index a3c9994a8..f60fd4365 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.h +++ b/src/service_inspectors/dce_rpc/dce_tcp.h @@ -71,15 +71,6 @@ struct dce2TcpStats extern THREAD_LOCAL dce2TcpStats dce2_tcp_stats; extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_main; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_session; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_new_session; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_session_state; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_detect; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_log; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_seg; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_frag; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_reass; -extern THREAD_LOCAL snort::ProfileStats dce2_tcp_pstat_co_ctx; inline bool DCE2_TcpAutodetect(snort::Packet* p) { diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.cc b/src/service_inspectors/dce_rpc/dce_tcp_module.cc index ad7e5e85a..e9da1877a 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.cc @@ -137,57 +137,9 @@ PegCount* Dce2TcpModule::get_counts() const return (PegCount*)&dce2_tcp_stats; } -ProfileStats* Dce2TcpModule::get_profile( - unsigned index, const char*& name, const char*& parent) const +ProfileStats* Dce2TcpModule::get_profile() const { - switch ( index ) - { - case 0: - name = "dce_tcp_main"; - parent = nullptr; - return &dce2_tcp_pstat_main; - - case 1: - name = "dce_tcp_session"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_session; - - case 2: - name = "dce_tcp_new_session"; - parent = "dce_tcp_session"; - return &dce2_tcp_pstat_new_session; - - case 3: - name = "dce_tcp_detect"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_detect; - - case 4: - name = "dce_tcp_log"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_log; - - case 5: - name = "dce_tcp_co_segment"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_co_seg; - - case 6: - name = "dce_tcp_co_fragment"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_co_frag; - - case 7: - name = "dce_tcp_co_reassembly"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_co_reass; - - case 8: - name = "dce_tcp_co_context"; - parent = "dce_tcp_main"; - return &dce2_tcp_pstat_co_ctx; - } - return nullptr; + return &dce2_tcp_pstat_main; } bool Dce2TcpModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.h b/src/service_inspectors/dce_rpc/dce_tcp_module.h index 89d5fa6c4..607b9b41c 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.h +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.h @@ -47,7 +47,7 @@ public: const snort::RuleMap* get_rules() const override; const PegInfo* get_pegs() const override; PegCount* get_counts() const override; - snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override; + snort::ProfileStats* get_profile() const override; void get_data(dce2TcpProtoConf&); Usage get_usage() const override diff --git a/src/service_inspectors/dce_rpc/dce_udp.cc b/src/service_inspectors/dce_rpc/dce_udp.cc index 15ad3b7f8..4aa322954 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.cc +++ b/src/service_inspectors/dce_rpc/dce_udp.cc @@ -34,15 +34,7 @@ using namespace snort; THREAD_LOCAL dce2UdpStats dce2_udp_stats; - THREAD_LOCAL ProfileStats dce2_udp_pstat_main; -THREAD_LOCAL ProfileStats dce2_udp_pstat_session; -THREAD_LOCAL ProfileStats dce2_udp_pstat_new_session; -THREAD_LOCAL ProfileStats dce2_udp_pstat_detect; -THREAD_LOCAL ProfileStats dce2_udp_pstat_log; -THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_acts; -THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_frag; -THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_reass; static void DCE2_ClCleanTracker(DCE2_ClTracker* clt) { @@ -91,10 +83,7 @@ static DCE2_UdpSsnData* set_new_dce2_udp_session(Packet* p) static DCE2_UdpSsnData* dce2_create_new_udp_session(Packet* p, dce2UdpProtoConf* config) { - Profile profile(dce2_udp_pstat_new_session); - DCE2_UdpSsnData* dce2_udp_sess = set_new_dce2_udp_session(p); - DCE2_ResetRopts(&dce2_udp_sess->sd, p); dce2_udp_stats.udp_sessions++; @@ -106,8 +95,6 @@ static DCE2_UdpSsnData* dce2_create_new_udp_session(Packet* p, dce2UdpProtoConf* static DCE2_UdpSsnData* dce2_handle_udp_session(Packet* p, dce2UdpProtoConf* config) { - Profile profile(dce2_udp_pstat_session); - DCE2_UdpSsnData* dce2_udp_sess = get_dce2_udp_session_data(p->flow); if (dce2_udp_sess == nullptr) diff --git a/src/service_inspectors/dce_rpc/dce_udp.h b/src/service_inspectors/dce_rpc/dce_udp.h index 9c388ac62..0b2f4fab6 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.h +++ b/src/service_inspectors/dce_rpc/dce_udp.h @@ -66,13 +66,6 @@ struct dce2UdpStats extern THREAD_LOCAL dce2UdpStats dce2_udp_stats; extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_main; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_session; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_new_session; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_detect; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_log; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_cl_acts; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_cl_frag; -extern THREAD_LOCAL snort::ProfileStats dce2_udp_pstat_cl_reass; struct DceRpcClHdr /* Connectionless header */ { diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.cc b/src/service_inspectors/dce_rpc/dce_udp_module.cc index c30fbc31a..b4b915cbd 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_module.cc @@ -103,52 +103,9 @@ PegCount* Dce2UdpModule::get_counts() const return (PegCount*)&dce2_udp_stats; } -ProfileStats* Dce2UdpModule::get_profile( - unsigned index, const char*& name, const char*& parent) const +ProfileStats* Dce2UdpModule::get_profile() const { - switch ( index ) - { - case 0: - name = "dce_udp_main"; - parent = nullptr; - return &dce2_udp_pstat_main; - - case 1: - name = "dce_udp_session"; - parent = "dce_udp_main"; - return &dce2_udp_pstat_session; - - case 2: - name = "dce_udp_new_session"; - parent = "dce_udp_session"; - return &dce2_udp_pstat_new_session; - - case 3: - name = "dce_udp_detect"; - parent = "dce_udp_main"; - return &dce2_udp_pstat_detect; - - case 4: - name = "dce_udp_log"; - parent = "dce_udp_main"; - return &dce2_udp_pstat_log; - - case 5: - name = "dce_udp_cl_acts"; - parent = "dce_udp_main"; - return &dce2_udp_pstat_cl_acts; - - case 6: - name = "dce_udp_cl_frag"; - parent = "dce_udp_main"; - return &dce2_udp_pstat_cl_frag; - - case 7: - name = "dce_udp_cl_reass"; - parent = "dce_udp_main"; - return &dce2_udp_pstat_cl_reass; - } - return nullptr; + return &dce2_udp_pstat_main; } bool Dce2UdpModule::set(const char* fqn, Value& v, SnortConfig* c) diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.h b/src/service_inspectors/dce_rpc/dce_udp_module.h index 33c3cb6c3..226c69043 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.h +++ b/src/service_inspectors/dce_rpc/dce_udp_module.h @@ -59,7 +59,7 @@ public: const snort::RuleMap* get_rules() const override; const PegInfo* get_pegs() const override; PegCount* get_counts() const override; - snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override; + snort::ProfileStats* get_profile() const override; void get_data(dce2UdpProtoConf&); Usage get_usage() const override diff --git a/src/service_inspectors/dce_rpc/dce_udp_processing.cc b/src/service_inspectors/dce_rpc/dce_udp_processing.cc index fd9755b06..c9e6e34e3 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_processing.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_processing.cc @@ -123,7 +123,6 @@ void DCE2_ClProcess(DCE2_SsnData* sd, DCE2_ClTracker* clt) if (DCE2_ClHdrChecks(sd, cl_hdr) != DCE2_RET__SUCCESS) return; - Profile profile(dce2_udp_pstat_cl_acts); at = DCE2_ClGetActTracker(clt, cl_hdr); if (at == nullptr) return; @@ -386,8 +385,6 @@ static void DCE2_ClHandleFrag(DCE2_SsnData* sd, DCE2_ClActTracker* at, const Dce uint16_t frag_len; int status; - Profile profile(dce2_udp_pstat_cl_frag); - /* If the frag length is less than data length there might be authentication * data that we don't want to include, otherwise just set to data len */ if (DceRpcClLen(cl_hdr) < data_len) @@ -548,8 +545,6 @@ static void DCE2_ClFragReassemble( DCE2_ClFragNode* fnode; uint32_t stub_len = 0; - Profile profile(dce2_udp_pstat_cl_reass); - for (fnode = (DCE2_ClFragNode*)DCE2_ListFirst(ft->frags); fnode != nullptr; fnode = (DCE2_ClFragNode*)DCE2_ListNext(ft->frags)) diff --git a/src/service_inspectors/dce_rpc/ips_dce_iface.cc b/src/service_inspectors/dce_rpc/ips_dce_iface.cc index f7aa2e0bd..939eb11d9 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_iface.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_iface.cc @@ -366,7 +366,7 @@ bool Dce2IfaceOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dce2IfaceOption::eval(Cursor&, Packet* p) { - Profile profile(dce2_iface_perf_stats); + RuleProfile profile(dce2_iface_perf_stats); if (p->dsize == 0) { diff --git a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc index 7eb57051d..5faa20c80 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc @@ -400,7 +400,7 @@ bool Dce2OpnumOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dce2OpnumOption::eval(Cursor&, Packet* p) { - Profile profile(dce2_opnum_perf_stats); + RuleProfile profile(dce2_opnum_perf_stats); if (p->dsize == 0) { diff --git a/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc b/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc index 08d083209..7a4e7d194 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc @@ -71,7 +71,7 @@ bool Dce2StubDataOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dce2StubDataOption::eval(Cursor& c, Packet* p) { - Profile profile(dce2_stub_data_perf_stats); + RuleProfile profile(dce2_stub_data_perf_stats); if (p->dsize == 0) { diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 3eff1aa32..085d87d51 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -446,8 +446,6 @@ static DCE2_SmbRequestTracker* DCE2_SmbFindRequestTracker(DCE2_SmbSsnData* ssd, uint16_t pid = SmbPid(smb_hdr); uint16_t mid = SmbMid(smb_hdr); - Profile profile(dce2_smb_pstat_smb_req); - DCE2_SmbRequestTracker* tmp_rtracker = &ssd->rtracker; int smb_com = SmbCom(smb_hdr); switch (smb_com) @@ -1334,8 +1332,6 @@ static DCE2_SmbSsnData* set_new_dce2_smb_session(Packet* p) static DCE2_SmbSsnData* dce2_create_new_smb_session(Packet* p, dce2SmbProtoConf* config) { - Profile profile(dce2_smb_pstat_new_session); - DCE2_SmbSsnData* dce2_smb_sess = set_new_dce2_smb_session(p); if ( dce2_smb_sess ) { @@ -2549,8 +2545,6 @@ void DCE2_SmbInitGlobals() DCE2_SmbSsnData* dce2_handle_smb_session(Packet* p, dce2SmbProtoConf* config) { - Profile profile(dce2_smb_pstat_session); - DCE2_SmbSsnData* dce2_smb_sess = get_dce2_smb_session_data(p->flow); if (dce2_smb_sess == nullptr) diff --git a/src/service_inspectors/dnp3/ips_dnp3_data.cc b/src/service_inspectors/dnp3/ips_dnp3_data.cc index ddf644474..b0cae6c6b 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_data.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_data.cc @@ -72,7 +72,7 @@ bool Dnp3DataOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dnp3DataOption::eval(Cursor& c, Packet* p) { - Profile profile(dnp3_data_perf_stats); + RuleProfile profile(dnp3_data_perf_stats); if ((p->has_tcp_data() && !p->is_full_pdu()) || !p->flow || !p->dsize) return NO_MATCH; diff --git a/src/service_inspectors/dnp3/ips_dnp3_func.cc b/src/service_inspectors/dnp3/ips_dnp3_func.cc index 8e4709ebe..35d1d89a5 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_func.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_func.cc @@ -79,7 +79,7 @@ bool Dnp3FuncOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dnp3FuncOption::eval(Cursor&, Packet* p) { - Profile profile(dnp3_func_perf_stats); + RuleProfile profile(dnp3_func_perf_stats); if ((p->has_tcp_data() && !p->is_full_pdu()) || !p->flow || !p->dsize) return NO_MATCH; diff --git a/src/service_inspectors/dnp3/ips_dnp3_ind.cc b/src/service_inspectors/dnp3/ips_dnp3_ind.cc index b18de22e5..07a991411 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_ind.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_ind.cc @@ -80,7 +80,7 @@ bool Dnp3IndOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dnp3IndOption::eval(Cursor&, Packet* p) { - Profile profile(dnp3_ind_perf_stats); + RuleProfile profile(dnp3_ind_perf_stats); if ((p->has_tcp_data() && !p->is_full_pdu()) || !p->flow || !p->dsize) return NO_MATCH; diff --git a/src/service_inspectors/dnp3/ips_dnp3_obj.cc b/src/service_inspectors/dnp3/ips_dnp3_obj.cc index ace12ee4f..9e8f2bb5c 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_obj.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_obj.cc @@ -107,7 +107,7 @@ bool Dnp3ObjOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus Dnp3ObjOption::eval(Cursor&, Packet* p) { - Profile profile(dnp3_obj_perf_stats); + RuleProfile profile(dnp3_obj_perf_stats); size_t header_size; diff --git a/src/service_inspectors/gtp/ips_gtp_info.cc b/src/service_inspectors/gtp/ips_gtp_info.cc index ee1e4f2ab..20481122a 100644 --- a/src/service_inspectors/gtp/ips_gtp_info.cc +++ b/src/service_inspectors/gtp/ips_gtp_info.cc @@ -99,7 +99,7 @@ bool GtpInfoOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus GtpInfoOption::eval(Cursor& c, Packet* p) { - Profile profile(gtp_info_prof); + RuleProfile profile(gtp_info_prof); if ( !p or !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/gtp/ips_gtp_type.cc b/src/service_inspectors/gtp/ips_gtp_type.cc index 7cb2fb3c7..efb1338bb 100644 --- a/src/service_inspectors/gtp/ips_gtp_type.cc +++ b/src/service_inspectors/gtp/ips_gtp_type.cc @@ -98,7 +98,7 @@ bool GtpTypeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus GtpTypeOption::eval(Cursor&, Packet* p) { - Profile profile(gtp_type_prof); + RuleProfile profile(gtp_type_prof); if ( !p or !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/gtp/ips_gtp_version.cc b/src/service_inspectors/gtp/ips_gtp_version.cc index ecde58f8a..2aadb97e0 100644 --- a/src/service_inspectors/gtp/ips_gtp_version.cc +++ b/src/service_inspectors/gtp/ips_gtp_version.cc @@ -78,7 +78,7 @@ bool GtpVersionOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus GtpVersionOption::eval(Cursor&, Packet* p) { - Profile profile(gtp_ver_prof); + RuleProfile profile(gtp_ver_prof); if ( !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/http_inspect/ips_http.cc b/src/service_inspectors/http_inspect/ips_http.cc index 5f3eeee09..883d06757 100644 --- a/src/service_inspectors/http_inspect/ips_http.cc +++ b/src/service_inspectors/http_inspect/ips_http.cc @@ -205,7 +205,7 @@ bool HttpIpsOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus HttpIpsOption::eval(Cursor& c, Packet* p) { - Profile profile(HttpCursorModule::http_ps[psi]); + RuleProfile profile(HttpCursorModule::http_ps[psi]); if (!p->flow || !p->flow->gadget) return NO_MATCH; diff --git a/src/service_inspectors/modbus/ips_modbus_data.cc b/src/service_inspectors/modbus/ips_modbus_data.cc index 44160bb74..a3ed4e201 100644 --- a/src/service_inspectors/modbus/ips_modbus_data.cc +++ b/src/service_inspectors/modbus/ips_modbus_data.cc @@ -70,7 +70,7 @@ bool ModbusDataOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ModbusDataOption::eval(Cursor& c, Packet* p) { - Profile profile(modbus_data_prof); + RuleProfile profile(modbus_data_prof); if ( !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/modbus/ips_modbus_func.cc b/src/service_inspectors/modbus/ips_modbus_func.cc index f8a32d2ec..033ff0038 100644 --- a/src/service_inspectors/modbus/ips_modbus_func.cc +++ b/src/service_inspectors/modbus/ips_modbus_func.cc @@ -125,7 +125,7 @@ bool ModbusFuncOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ModbusFuncOption::eval(Cursor&, Packet* p) { - Profile profile(modbus_func_prof); + RuleProfile profile(modbus_func_prof); if ( !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/modbus/ips_modbus_unit.cc b/src/service_inspectors/modbus/ips_modbus_unit.cc index ec5e21b0b..ac92c696f 100644 --- a/src/service_inspectors/modbus/ips_modbus_unit.cc +++ b/src/service_inspectors/modbus/ips_modbus_unit.cc @@ -77,7 +77,7 @@ bool ModbusUnitOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ModbusUnitOption::eval(Cursor&, Packet* p) { - Profile profile(modbus_unit_prof); + RuleProfile profile(modbus_unit_prof); if ( !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/sip/ips_sip.cc b/src/service_inspectors/sip/ips_sip.cc index 9e5580ff0..83be695ca 100644 --- a/src/service_inspectors/sip/ips_sip.cc +++ b/src/service_inspectors/sip/ips_sip.cc @@ -100,7 +100,7 @@ private: IpsOption::EvalStatus SipIpsOption::eval(Cursor& c, Packet* p) { - Profile profile(sip_ps[idx]); + RuleProfile profile(sip_ps[idx]); if ((!p->has_tcp_data() && !p->is_udp()) || !p->flow || !p->dsize) return NO_MATCH; diff --git a/src/service_inspectors/sip/ips_sip_method.cc b/src/service_inspectors/sip/ips_sip_method.cc index 04a8ee1c1..f68a2bea1 100644 --- a/src/service_inspectors/sip/ips_sip_method.cc +++ b/src/service_inspectors/sip/ips_sip_method.cc @@ -103,7 +103,7 @@ bool SipMethodOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SipMethodOption::eval(Cursor&, Packet* p) { - Profile profile(sipMethodRuleOptionPerfStats); + RuleProfile profile(sipMethodRuleOptionPerfStats); if ( !p->flow ) return NO_MATCH; diff --git a/src/service_inspectors/sip/ips_sip_stat_code.cc b/src/service_inspectors/sip/ips_sip_stat_code.cc index 430b364dc..7022271b1 100644 --- a/src/service_inspectors/sip/ips_sip_stat_code.cc +++ b/src/service_inspectors/sip/ips_sip_stat_code.cc @@ -90,7 +90,7 @@ bool SipStatCodeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SipStatCodeOption::eval(Cursor&, Packet* p) { - Profile profile(sipStatCodeRuleOptionPerfStats); + RuleProfile profile(sipStatCodeRuleOptionPerfStats); if ((!p->has_tcp_data() && !p->is_udp()) || !p->flow || !p->dsize) return NO_MATCH; diff --git a/src/service_inspectors/ssl/ips_ssl_state.cc b/src/service_inspectors/ssl/ips_ssl_state.cc index 55f5b9115..a5b2e713b 100644 --- a/src/service_inspectors/ssl/ips_ssl_state.cc +++ b/src/service_inspectors/ssl/ips_ssl_state.cc @@ -98,7 +98,7 @@ bool SslStateOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SslStateOption::eval(Cursor&, Packet* pkt) { - Profile profile(sslStateRuleOptionPerfStats); + RuleProfile profile(sslStateRuleOptionPerfStats); if ( !(pkt->packet_flags & PKT_REBUILT_STREAM) && !pkt->is_full_pdu() ) return NO_MATCH; diff --git a/src/service_inspectors/ssl/ips_ssl_version.cc b/src/service_inspectors/ssl/ips_ssl_version.cc index 1413a49e0..417c9da7e 100644 --- a/src/service_inspectors/ssl/ips_ssl_version.cc +++ b/src/service_inspectors/ssl/ips_ssl_version.cc @@ -98,7 +98,7 @@ bool SslVersionOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SslVersionOption::eval(Cursor&, Packet* pkt) { - Profile profile(sslVersionRuleOptionPerfStats); + RuleProfile profile(sslVersionRuleOptionPerfStats); if ( !(pkt->packet_flags & PKT_REBUILT_STREAM) && !pkt->is_full_pdu() ) return NO_MATCH; diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index bda68f334..a807ee9ed 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -183,10 +183,6 @@ static const char* const frag_policy_names[] = "SOLARIS" }; -THREAD_LOCAL ProfileStats fragPerfStats; -THREAD_LOCAL ProfileStats fragInsertPerfStats; -THREAD_LOCAL ProfileStats fragRebuildPerfStats; - static void FragPrintEngineConfig(FragEngine* engine) { LogMessage("Defrag engine config:\n"); @@ -604,7 +600,6 @@ static inline int FragIsComplete(FragTracker* ft) */ static void FragRebuild(FragTracker* ft, Packet* p) { - DeepProfile profile(fragRebuildPerfStats); size_t offset = 0; Packet* dpkt = DetectionEngine::set_next_packet(p); @@ -948,8 +943,6 @@ void Defrag::process(Packet* p, FragTracker* ft) ip_stats.total++; ip_stats.fragmented_bytes += p->pktlen + 4; /* 4 for the CRC */ - DeepProfile profile(fragPerfStats); - if (!ft->engine ) { new_tracker(p, ft); @@ -1107,8 +1100,6 @@ int Defrag::insert(Packet* p, FragTracker* ft, FragEngine* fe) int16_t fragLength; const uint16_t net_frag_offset = p->ptrs.ip_api.off(); - DeepProfile profile(fragInsertPerfStats); - if (p->is_ip6() && (net_frag_offset == 0)) { const ip::IP6Frag* const fragHdr = layer::get_inner_ip6_frag(); diff --git a/src/stream/ip/ip_module.cc b/src/stream/ip/ip_module.cc index 5cf3ba67c..fa2303b6d 100644 --- a/src/stream/ip/ip_module.cc +++ b/src/stream/ip/ip_module.cc @@ -136,33 +136,8 @@ StreamIpModule::~StreamIpModule() const RuleMap* StreamIpModule::get_rules() const { return stream_ip_rules; } -ProfileStats* StreamIpModule::get_profile( - unsigned index, const char*& name, const char*& parent) const -{ - switch ( index ) - { - case 0: - name = "stream_ip"; - parent = nullptr; - return &ip_perf_stats; - - case 1: - name = "frag"; - parent = "stream_ip"; - return &fragPerfStats; - - case 2: - name = "frag_insert"; - parent = "frag"; - return &fragInsertPerfStats; - - case 3: - name = "frag_rebuild"; - parent = "frag"; - return &fragRebuildPerfStats; - } - return nullptr; -} +ProfileStats* StreamIpModule::get_profile() const +{ return &ip_perf_stats; } StreamIpConfig* StreamIpModule::get_data() { diff --git a/src/stream/ip/ip_module.h b/src/stream/ip/ip_module.h index bfe79fc5b..d7645fad9 100644 --- a/src/stream/ip/ip_module.h +++ b/src/stream/ip/ip_module.h @@ -82,9 +82,6 @@ struct IpStats extern const PegInfo ip_pegs[]; extern THREAD_LOCAL snort::ProfileStats ip_perf_stats; -extern THREAD_LOCAL snort::ProfileStats fragPerfStats; -extern THREAD_LOCAL snort::ProfileStats fragInsertPerfStats; -extern THREAD_LOCAL snort::ProfileStats fragRebuildPerfStats; extern Trace TRACE_NAME(stream_ip); //------------------------------------------------------------------------- @@ -107,7 +104,7 @@ public: bool end(const char*, int, snort::SnortConfig*) override; const snort::RuleMap* get_rules() const override; - snort::ProfileStats* get_profile(unsigned, const char*&, const char*&) const override; + snort::ProfileStats* get_profile() const override; const PegInfo* get_pegs() const override; PegCount* get_counts() const override; StreamIpConfig* get_data(); diff --git a/src/stream/ip/ip_session.cc b/src/stream/ip/ip_session.cc index 2a44eb5da..ba267518c 100644 --- a/src/stream/ip/ip_session.cc +++ b/src/stream/ip/ip_session.cc @@ -153,7 +153,6 @@ bool IpSession::setup(Packet* p) if ( Stream::expected_flow(flow, p) ) { ip_stats.sessions--; // Incremented in SESSION_STATS_ADD - MODULE_PROFILE_END(ip_perf_stats); return false; } #endif diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc index e784b9776..5312adf8c 100644 --- a/src/stream/libtcp/tcp_stream_tracker.cc +++ b/src/stream/libtcp/tcp_stream_tracker.cc @@ -256,8 +256,6 @@ void TcpStreamTracker::set_splitter(const Flow* flow) void TcpStreamTracker::init_on_syn_sent(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - tsd.get_flow()->set_session_flags(SSNFLAG_SEEN_CLIENT); if ( tsd.get_tcph()->are_flags_set(TH_CWR | TH_ECE) ) tsd.get_flow()->set_session_flags(SSNFLAG_ECN_CLIENT_QUERY); @@ -282,8 +280,6 @@ void TcpStreamTracker::init_on_syn_sent(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - irs = tsd.get_seg_seq(); // FIXIT-H can we really set the vars below now? rcv_nxt = tsd.get_seg_seq() + 1; @@ -296,8 +292,6 @@ void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_synack_sent(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - tsd.get_flow()->set_session_flags(SSNFLAG_SEEN_SERVER); if (tsd.get_tcph()->are_flags_set(TH_CWR | TH_ECE)) tsd.get_flow()->set_session_flags(SSNFLAG_ECN_SERVER_REPLY); @@ -327,8 +321,6 @@ void TcpStreamTracker::init_on_synack_sent(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_synack_recv(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - iss = tsd.get_seg_ack() - 1; irs = tsd.get_seg_seq(); snd_una = tsd.get_seg_ack(); @@ -344,8 +336,6 @@ void TcpStreamTracker::init_on_synack_recv(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_3whs_ack_sent(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - tsd.get_flow()->set_session_flags(SSNFLAG_SEEN_CLIENT); if ( tsd.get_tcph()->are_flags_set(TH_CWR | TH_ECE) ) @@ -373,8 +363,6 @@ void TcpStreamTracker::init_on_3whs_ack_sent(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_3whs_ack_recv(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - iss = tsd.get_seg_ack() - 1; irs = tsd.get_seg_seq(); snd_una = tsd.get_seg_ack(); @@ -391,8 +379,6 @@ void TcpStreamTracker::init_on_3whs_ack_recv(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_data_seg_sent(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - Flow* flow = tsd.get_flow(); if ( flow->ssn_state.direction == FROM_CLIENT ) @@ -424,8 +410,6 @@ void TcpStreamTracker::init_on_data_seg_sent(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_data_seg_recv(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpNewSessPerfStats); - iss = tsd.get_seg_ack(); irs = tsd.get_seg_seq(); snd_una = tsd.get_seg_ack(); diff --git a/src/stream/paf.cc b/src/stream/paf.cc index dd4cf5035..455f98a21 100644 --- a/src/stream/paf.cc +++ b/src/stream/paf.cc @@ -57,6 +57,8 @@ struct PafAux // max paf max = max datagram - eth mtu - 255 = 63780 #define MAX_PAF_MAX (65535 - PAF_LIMIT_FUZZ - 255) +THREAD_LOCAL snort::ProfileStats pafPerfStats; + //-------------------------------------------------------------------- static uint32_t paf_flush (PAF_State* ps, PafAux& px, uint32_t* flags) @@ -252,6 +254,7 @@ int32_t paf_check ( const uint8_t* data, uint32_t len, uint32_t total, uint32_t seq, uint32_t* flags) { + Profile profile(pafPerfStats); PafAux px; if ( !paf_initialized(ps) ) diff --git a/src/stream/paf.h b/src/stream/paf.h index 2e4e9cd7f..315792f80 100644 --- a/src/stream/paf.h +++ b/src/stream/paf.h @@ -25,6 +25,8 @@ #ifndef PAF_H #define PAF_H +#include "main/thread.h" +#include "profiler/profiler_defs.h" #include "stream/stream_splitter.h" namespace snort @@ -32,6 +34,8 @@ namespace snort struct Packet; } +extern THREAD_LOCAL snort::ProfileStats pafPerfStats; + void* paf_new(unsigned max); // create new paf config (per policy) void paf_delete(void*); // free config diff --git a/src/stream/tcp/ips_stream_reassemble.cc b/src/stream/tcp/ips_stream_reassemble.cc index c6da5924a..95f538f14 100644 --- a/src/stream/tcp/ips_stream_reassemble.cc +++ b/src/stream/tcp/ips_stream_reassemble.cc @@ -110,11 +110,12 @@ bool ReassembleOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus ReassembleOption::eval(Cursor&, Packet* pkt) { + RuleProfile profile(streamReassembleRuleOptionPerfStats); + if (!pkt->flow || !pkt->ptrs.tcph) return NO_MATCH; { - DeepProfile profile(streamReassembleRuleOptionPerfStats); Flow* lwssn = (Flow*)pkt->flow; TcpSession* tcpssn = (TcpSession*)lwssn->session; diff --git a/src/stream/tcp/ips_stream_size.cc b/src/stream/tcp/ips_stream_size.cc index ae0b11416..c6d3ac65e 100644 --- a/src/stream/tcp/ips_stream_size.cc +++ b/src/stream/tcp/ips_stream_size.cc @@ -95,7 +95,7 @@ bool SizeOption::operator==(const IpsOption& ips) const IpsOption::EvalStatus SizeOption::eval(Cursor&, Packet* pkt) { - DeepProfile profile(streamSizePerfStats); + RuleProfile profile(streamSizePerfStats); if ( !pkt->flow || pkt->flow->pkt_type != PktType::TCP ) return NO_MATCH; diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index c8520cf71..642fcddec 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -26,6 +26,7 @@ #include "main/snort_config.h" #include "profiler/profiler_defs.h" +#include "stream/paf.h" using namespace snort; using namespace std; @@ -35,13 +36,6 @@ using namespace std; //------------------------------------------------------------------------- THREAD_LOCAL ProfileStats s5TcpPerfStats; -THREAD_LOCAL ProfileStats s5TcpNewSessPerfStats; -THREAD_LOCAL ProfileStats s5TcpStatePerfStats; -THREAD_LOCAL ProfileStats s5TcpDataPerfStats; -THREAD_LOCAL ProfileStats s5TcpInsertPerfStats; -THREAD_LOCAL ProfileStats s5TcpPAFPerfStats; -THREAD_LOCAL ProfileStats s5TcpFlushPerfStats; -THREAD_LOCAL ProfileStats s5TcpBuildPacketPerfStats; const PegInfo tcp_pegs[] = { @@ -249,39 +243,9 @@ ProfileStats* StreamTcpModule::get_profile( return &s5TcpPerfStats; case 1: - name = "tcpNewSess"; - parent = "stream_tcp"; - return &s5TcpNewSessPerfStats; - - case 2: - name = "tcpState"; - parent = "stream_tcp"; - return &s5TcpStatePerfStats; - - case 3: - name = "tcpData"; - parent = "tcpState"; - return &s5TcpDataPerfStats; - - case 4: - name = "tcpPktInsert"; - parent = "tcpData"; - return &s5TcpInsertPerfStats; - - case 5: - name = "tcpPAF"; - parent = "tcpState"; - return &s5TcpPAFPerfStats; - - case 6: - name = "tcpFlush"; - parent = "tcpState"; - return &s5TcpFlushPerfStats; - - case 7: - name = "tcpBuildPacket"; - parent = "tcpFlush"; - return &s5TcpBuildPacketPerfStats; + name = "paf"; + parent = nullptr; + return &pafPerfStats; } return nullptr; } diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h index 8aaf85fa9..0d9734454 100644 --- a/src/stream/tcp/tcp_module.h +++ b/src/stream/tcp/tcp_module.h @@ -52,13 +52,6 @@ extern const PegInfo tcp_pegs[]; extern THREAD_LOCAL snort::ProfileStats s5TcpPerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpNewSessPerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpStatePerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpDataPerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpInsertPerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpPAFPerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpFlushPerfStats; -extern THREAD_LOCAL snort::ProfileStats s5TcpBuildPacketPerfStats; extern THREAD_LOCAL snort::ProfileStats streamSizePerfStats; struct TcpStats diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 3241b996e..07069bc57 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -391,12 +391,10 @@ uint32_t TcpReassembler::get_flush_data_len( int TcpReassembler::flush_data_segments( TcpReassemblerState& trs, Packet* p, uint32_t total, Packet* pdu) { - uint32_t total_flushed = 0; - uint32_t flags = PKT_PDU_HEAD; - assert(trs.sos.seglist.cur_rseg); - DeepProfile profile(s5TcpBuildPacketPerfStats); + uint32_t total_flushed = 0; + uint32_t flags = PKT_PDU_HEAD; uint32_t to_seq = trs.sos.seglist.cur_rseg->c_seq + total; while ( SEQ_LT(trs.sos.seglist.cur_rseg->c_seq, to_seq) ) @@ -535,8 +533,6 @@ Packet* TcpReassembler::initialize_pdu( int TcpReassembler::_flush_to_seq( TcpReassemblerState& trs, uint32_t bytes, Packet* p, uint32_t pkt_flags) { - DeepProfile profile(s5TcpFlushPerfStats); - if ( !p ) { // FIXIT-H we need to have user_policy_id in this case @@ -583,11 +579,7 @@ int TcpReassembler::_flush_to_seq( tcpStats.rebuilt_packets++; tcpStats.rebuilt_bytes += flushed_bytes; -#ifdef DEEP_PROFILING - NoProfile exclude(s5TcpFlushPerfStats); -#else NoProfile exclude(s5TcpPerfStats); -#endif if ( !Analyzer::get_local_analyzer()->inspect_rebuilt(pdu) ) last_pdu = pdu; @@ -676,13 +668,7 @@ int TcpReassembler::do_zero_byte_flush(TcpReassemblerState& trs, Packet* p, uint trs.flush_count++; show_rebuilt_packet(trs, pdu); - -#ifdef DEEP_PROFILING - NoProfile exclude(s5TcpFlushPerfStats); -#else NoProfile exclude(s5TcpPerfStats); -#endif - Analyzer::get_local_analyzer()->inspect_rebuilt(pdu); if ( trs.tracker->splitter ) @@ -913,7 +899,6 @@ uint32_t TcpReassembler::get_forward_packet_dir(TcpReassemblerState&, const Pack int32_t TcpReassembler::flush_pdu_ips(TcpReassemblerState& trs, uint32_t* flags, Packet* p) { assert(trs.sos.session->flow == p->flow); - DeepProfile profile(s5TcpPAFPerfStats); if ( !is_q_sequenced(trs) ) return -1; @@ -946,9 +931,13 @@ int32_t TcpReassembler::flush_pdu_ips(TcpReassemblerState& trs, uint32_t* flags, continue; } - int32_t flush_pt = paf_check( - trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(), - tsn->c_len, total, tsn->c_seq, flags); + int32_t flush_pt; + { + NoProfile exclude(s5TcpPerfStats); + flush_pt = paf_check( + trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(), + tsn->c_len, total, tsn->c_seq, flags); + } if (flush_pt >= 0) { @@ -996,7 +985,6 @@ void TcpReassembler::fallback(TcpReassemblerState& trs) int32_t TcpReassembler::flush_pdu_ackd(TcpReassemblerState& trs, uint32_t* flags, Packet* p) { assert(trs.sos.session->flow == p->flow); - DeepProfile profile(s5TcpPAFPerfStats); uint32_t total = 0; TcpSegmentNode* tsn = SEQ_LT(trs.sos.seglist_base_seq, trs.tracker->r_win_base) ? @@ -1022,10 +1010,13 @@ int32_t TcpReassembler::flush_pdu_ackd(TcpReassemblerState& trs, uint32_t* flags size = trs.tracker->r_win_base - tsn->c_seq; total += size; - - int32_t flush_pt = paf_check( - trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(), - size, total, tsn->c_seq, flags); + int32_t flush_pt; + { + NoProfile exclude(s5TcpPerfStats); + flush_pt = paf_check( + trs.tracker->splitter, &trs.tracker->paf_state, p, tsn->payload(), + size, total, tsn->c_seq, flags); + } if ( flush_pt >= 0 ) { @@ -1317,8 +1308,6 @@ int TcpReassembler::insert_segment_in_seglist( int TcpReassembler::queue_packet_for_reassembly( TcpReassemblerState& trs, TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpInsertPerfStats); - int rc = STREAM_INSERT_OK; if ( trs.sos.seg_count == 0 ) diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 823b18479..be2d4457b 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -370,8 +370,6 @@ void TcpSession::update_stream_order(TcpSegmentDescriptor& tsd, bool aligned) int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd) { - DeepProfile profile(s5TcpDataPerfStats); - const tcp::TCPHdr* tcph = tsd.get_tcph(); uint32_t seq = tsd.get_seg_seq(); @@ -1039,8 +1037,6 @@ int TcpSession::process(Packet* p) return ACTION_NOTHING; else { - DeepProfile tcp_state_profile(s5TcpStatePerfStats); - if ( tsm->eval(tsd, *talker, *listener) ) { do_packet_analysis_post_checks(p);