From: Michael Matirko (mmatirko) <mmatirko@cisco.com>
Date: Mon, 13 Jan 2025 22:26:20 +0000 (+0000)
Subject: Pull request #4558: main: support an instance ID dump for multiprocess
X-Git-Tag: 3.6.2.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1af5deee828ad46f8fa4cdc057c26a96e442c5f7;p=thirdparty%2Fsnort3.git

Pull request #4558: main: support an instance ID dump for multiprocess

Merge in SNORT/snort3 from ~MMATIRKO/snort3:instance_id to master

Squashed commit of the following:

commit e6fd2fbf34761266266520c3a470285d3fad4673
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Dec 19 15:48:00 2024 -0500

    main: support an instance ID dump per-thread
---

diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 15f823628..23d62d401 100644
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -640,6 +640,8 @@ void Analyzer::init_unprivileged()
     InitTag();
     EventTrace_Init();
 
+    populate_instance_maps();
+
     memory::MemoryCap::thread_init();
     EventManager::open_outputs();
     IpsManager::setup_options(sc);
@@ -697,6 +699,8 @@ void Analyzer::term()
         daq_instance->finalize_message(msg, DAQ_VERDICT_BLOCK);
     }
 
+    invalidate_instance_maps();
+
     DetectionEngine::idle();
     InspectorManager::thread_stop(sc);
     InspectorManager::thread_term();
diff --git a/src/main/snort.cc b/src/main/snort.cc
index ef12ace81..a7b989107 100644
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -23,6 +23,7 @@
 
 #include "snort.h"
 
+#include <cmath>
 #include <daq.h>
 #include <sys/stat.h>
 #include <syslog.h>
@@ -396,7 +397,7 @@ unsigned Snort::get_process_id()
     if (!sc->id_offset)
         return 1;
     else
-        return sc->id_offset / ThreadConfig::get_instance_max() + 1;
+        return std::ceil(sc->id_offset / (float) ThreadConfig::get_instance_max());
 }
 
 void Snort::setup(int argc, char* argv[])
diff --git a/src/main/test/distill_verdict_stubs.h b/src/main/test/distill_verdict_stubs.h
index 34a1ea037..1924f70eb 100644
--- a/src/main/test/distill_verdict_stubs.h
+++ b/src/main/test/distill_verdict_stubs.h
@@ -236,6 +236,8 @@ bool Flow::handle_allowlist() { return true; }
 void ThreadConfig::implement_thread_affinity(SThreadType, unsigned) { }
 void ThreadConfig::apply_thread_policy(SThreadType , unsigned ) { }
 void ThreadConfig::set_instance_tid(int) { }
+void populate_instance_maps() { }
+void invalidate_instance_maps() { }
 }
 
 bool FlowControl::move_to_allowlist(snort::Flow*) { return true; }
diff --git a/src/main/thread.cc b/src/main/thread.cc
index d288291ed..4ff0e3038 100644
--- a/src/main/thread.cc
+++ b/src/main/thread.cc
@@ -23,11 +23,18 @@
 
 #include "thread.h"
 
+#include <fstream>
+#include <iostream>
 #include <sys/stat.h>
 
+#include "log/messages.h"
+
+#include "snort.h"
 #include "snort_config.h"
 #include "thread_config.h"
 
+#define INST_MAP_NAME "instance_mappings.csv"
+
 //-------------------------------------------------------------------------
 // FIXIT-L instance_id zero indicates main thread during parse time and the
 // first packet thread during runtime.  not sure if i'm ok with that.
@@ -52,6 +59,38 @@ void set_thread_type(SThreadType type)
 
 namespace snort
 {
+
+void populate_instance_maps()
+{
+    std::string path;
+
+    get_instance_file(path, INST_MAP_NAME);
+
+    std::ofstream inst_file;
+    inst_file.open(path);
+
+    inst_file << "pid, snort process number, instance_id, relative_instance_id, max_instances\n";
+    inst_file << getpid() << ", ";
+    inst_file << Snort::get_process_id() << ", ";
+    inst_file << instance_id << ", ";
+    inst_file << get_relative_instance_number() << ", ";
+    inst_file << ThreadConfig::get_instance_max();
+    inst_file << "\n";
+
+    inst_file.close();
+}
+
+void invalidate_instance_maps()
+{
+    std::string path;
+
+    get_instance_file(path, INST_MAP_NAME);
+    std::ofstream inst_file;
+    inst_file.open(path);
+    inst_file << "(instance is inactive or has terminated)\n";
+    inst_file.close();
+}
+
 unsigned get_instance_id()
 { return instance_id; }
 
diff --git a/src/main/thread.h b/src/main/thread.h
index 75a97bcad..207414d8e 100644
--- a/src/main/thread.h
+++ b/src/main/thread.h
@@ -41,6 +41,9 @@ uint16_t get_run_num();
 
 namespace snort
 {
+void populate_instance_maps();
+void invalidate_instance_maps();
+
 SO_PUBLIC unsigned get_instance_id();
 SO_PUBLIC unsigned get_relative_instance_number();
 SO_PUBLIC SThreadType get_thread_type();