From: Steve Chew (stechew) Date: Mon, 19 Jul 2021 21:49:09 +0000 (+0000) Subject: Merge pull request #2925 in SNORT/snort3 from ~SBAIGAL/snort3:cli to master X-Git-Tag: 3.1.9.0~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24a7ff64f833b0847c89aaab090495d66b586535;p=thirdparty%2Fsnort3.git Merge pull request #2925 in SNORT/snort3 from ~SBAIGAL/snort3:cli to master Squashed commit of the following: commit 09519fc596dfb0dd1b406a9ee5bb26b2520c2d32 Author: Steven Baigal (sbaigal) Date: Fri Jun 4 12:30:10 2021 -0400 dump_stats: direct output back to command channel stats: update file and appid stats to use Log functions provided from stats.cc add LogText for simple string logging without separator logic --- diff --git a/src/control/control.h b/src/control/control.h index 446cd193e..d96ce4080 100644 --- a/src/control/control.h +++ b/src/control/control.h @@ -75,5 +75,7 @@ private: bool removed = false; }; -#endif +#define LogRespond(cn, ...) if (cn) cn->respond(__VA_ARGS__); else LogMessage(__VA_ARGS__) +#define LogfRespond(cn, fh, ...) if (cn) cn->respond(__VA_ARGS__); else LogMessage(fh, __VA_ARGS__) +#endif diff --git a/src/file_api/file_stats.cc b/src/file_api/file_stats.cc index 2cfd3f781..b3970f00d 100644 --- a/src/file_api/file_stats.cc +++ b/src/file_api/file_stats.cc @@ -97,34 +97,37 @@ void file_stats_print() LogLabel("File Statistics"); LogLabel("file type stats (files)"); - LogMessage(" Type Download Upload \n"); + LogLabel(" Type Download Upload "); processed_total[0] = 0; processed_total[1] = 0; processed_data_total[0] = 0; processed_data_total[1] = 0; + char buff[128]; for (unsigned i = 0; i < FILE_ID_MAX; i++) { std::string type_name = file_type_name(i); if (type_name.length() && (file_totals.files_processed[i][0] || file_totals.files_processed[i][1] )) { - LogMessage("%12s(%3d) " FMTu64("-10") " " FMTu64("-10") " \n", + snprintf(buff, sizeof(buff), "%12s(%3d) " FMTu64("-10") " " FMTu64("-10") " ", type_name.c_str(), i, file_totals.files_processed[i][0], file_totals.files_processed[i][1]); + LogText(buff); processed_total[0]+= file_totals.files_processed[i][0]; processed_total[1]+= file_totals.files_processed[i][1]; } } - LogMessage(" Total " FMTu64("-10") " " FMTu64("-10") " \n", + snprintf(buff, sizeof(buff), " Total " FMTu64("-10") " " FMTu64("-10") " ", processed_total[0], processed_total[1]); + LogText(buff); LogLabel("file type stats (bytes)"); - LogMessage(" Type Download Upload \n"); + LogLabel(" Type Download Upload "); for (unsigned i = 0; i < FILE_ID_MAX; i++) { @@ -132,18 +135,20 @@ void file_stats_print() if (type_name.length() && (file_totals.files_processed[i][0] || file_totals.files_processed[i][1] )) { - LogMessage("%12s(%3d) " FMTu64("-10") " " FMTu64("-10") " \n", + snprintf(buff, sizeof(buff), "%12s(%3d) " FMTu64("-10") " " FMTu64("-10") " ", type_name.c_str(), i, file_totals.data_processed[i][0], file_totals.data_processed[i][1]); + LogText(buff); processed_data_total[0]+= file_totals.data_processed[i][0]; processed_data_total[1]+= file_totals.data_processed[i][1]; } } - LogMessage(" Total " FMTu64("-10") " " FMTu64("-10") " \n", + snprintf(buff, sizeof(buff), " Total " FMTu64("-10") " " FMTu64("-10") " ", processed_data_total[0], processed_data_total[1]); + LogText(buff); check_total = 0; @@ -161,7 +166,7 @@ void file_stats_print() LogLabel("file signature stats"); - LogMessage(" Type Download Upload \n"); + LogLabel(" Type Download Upload "); processed_total[0] = 0; processed_total[1] = 0; @@ -171,15 +176,17 @@ void file_stats_print() if (type_name.length() && (file_totals.signatures_processed[i][0] || file_totals.signatures_processed[i][1] )) { - LogMessage("%12s(%3d) " FMTu64("-10") " " FMTu64("-10") " \n", + snprintf(buff, sizeof(buff), "%12s(%3d) " FMTu64("-10") " " FMTu64("-10") " ", type_name.c_str(), i, file_totals.signatures_processed[i][0], file_totals.signatures_processed[i][1]); + LogText(buff); processed_total[0]+= file_totals.signatures_processed[i][0]; processed_total[1]+= file_totals.signatures_processed[i][1]; } } - LogMessage(" Total " FMTu64("-10") " " FMTu64("-10") " \n", + snprintf(buff, sizeof(buff), " Total " FMTu64("-10") " " FMTu64("-10") " ", processed_total[0], processed_total[1]); + LogText(buff); #if 0 LogLabel("file type verdicts"); // FIXIT-RC should be fixed diff --git a/src/main.cc b/src/main.cc index 775c33fa3..ec66560c1 100644 --- a/src/main.cc +++ b/src/main.cc @@ -324,7 +324,7 @@ int main_dump_stats(lua_State* L) { ControlConn* ctrlcon = ControlConn::query_from_lua(L); send_response(ctrlcon, "== dumping stats\n"); - main_broadcast_command(new ACGetStats(), ctrlcon); + main_broadcast_command(new ACGetStats(ctrlcon), ctrlcon); return 0; } diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc index 3a8fd2d10..725e31abd 100644 --- a/src/main/analyzer_command.cc +++ b/src/main/analyzer_command.cc @@ -92,8 +92,9 @@ ACGetStats::~ACGetStats() // FIXIT-L This should track the owner so it can dump stats to the // shell instead of the logs when initiated by a shell command - DropStats(); - LogMessage("==================================================\n"); // Marking End of stats + DropStats(ctrlcon); + LogRespond(ctrlcon, "==================================================\n"); // Marking End of stats + ModuleManager::clear_global_active_counters(); } diff --git a/src/main/analyzer_command.h b/src/main/analyzer_command.h index f19b784ed..5dc8b3755 100644 --- a/src/main/analyzer_command.h +++ b/src/main/analyzer_command.h @@ -50,9 +50,12 @@ private: class ACGetStats : public snort::AnalyzerCommand { public: + ACGetStats(ControlConn* conn) : ctrlcon(conn) {} bool execute(Analyzer&, void**) override; const char* stringify() override { return "GET_STATS"; } ~ACGetStats() override; +private: + ControlConn* ctrlcon; }; typedef enum clear_counter_type diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc index 6f1b8255f..99b1acd49 100644 --- a/src/network_inspectors/appid/appid_peg_counts.cc +++ b/src/network_inspectors/appid/appid_peg_counts.cc @@ -161,8 +161,10 @@ void AppIdPegCounts::print() LogLabel("Appid Statistics"); LogLabel("detected apps and services"); - LogMessage("%25.25s: %-10s %-10s %-10s %-10s %-10s %-10s %-10s\n", + char buff[120]; + snprintf(buff, sizeof(buff), "%25.25s: %-10s %-10s %-10s %-10s %-10s %-10s %-10s", "Application", "Flows", "Clients", "Users", "Payloads", "Misc", "Incompat.", "Failed"); + LogText(buff); for (unsigned i = 0; i < app_num; i++) { @@ -171,14 +173,13 @@ void AppIdPegCounts::print() continue; std::string app_name = AppIdPegCounts::appid_detectors_info[i]; - LogMessage("%25.25s:", app_name.c_str()); - pegs->print(); + pegs->print(app_name.c_str(), buff, sizeof(buff)); + LogText(buff); } if (!unknown_pegs->all_zeros()) { - LogMessage("%25.25s:", "unknown"); - unknown_pegs->print(); + unknown_pegs->print("unknown", buff, sizeof(buff)); + LogText(buff); } } - diff --git a/src/network_inspectors/appid/appid_peg_counts.h b/src/network_inspectors/appid/appid_peg_counts.h index 47270e05e..291427373 100644 --- a/src/network_inspectors/appid/appid_peg_counts.h +++ b/src/network_inspectors/appid/appid_peg_counts.h @@ -68,10 +68,10 @@ public: return !memcmp(stats, &zeroed_peg, sizeof(stats)); } - void print() + void print(const char* app, char* buf, int buf_size) { - snort::LogMessage(" " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") - " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10")"\n", + snprintf(buf, buf_size, "%25.25s: " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") + " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10"), app, stats[0], stats[1], stats[2], stats[3], stats[4], stats[5], stats[6]); } }; diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 5bc129721..3d246704f 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -73,6 +73,8 @@ PegCount Module::get_global_count(char const*) const { return 0; } void LogMessage(const char*,...) {} void ErrorMessage(const char*,...) {} void LogLabel(const char*, FILE*) {} +void LogText(const char*, FILE*) {} + // Stubs for utils char* snort_strdup(const char* str) diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 3dd537111..427a2231f 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -52,6 +52,8 @@ char* snort_strdup(const char* str) void ErrorMessage(const char*,...) { } void WarningMessage(const char*,...) { } void LogMessage(const char*,...) { } +void LogText(const char*, FILE*) {} + void ParseWarning(WarningGroup, const char*, ...) { } void LogLabel(const char*, FILE*) {} diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index 881a65c2a..7b9051ea7 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -44,6 +44,8 @@ void LogMessage(const char* format,...) } void ErrorMessage(const char*,...) {} void LogLabel(const char*, FILE*) {} +void LogText(const char* s, FILE*) { LogMessage("%s\n", s); } + // Stubs for utils char* snort_strdup(const char* str) diff --git a/src/network_inspectors/perf_monitor/perf_module.cc b/src/network_inspectors/perf_monitor/perf_module.cc index 1e6ede6e5..fe901aca9 100644 --- a/src/network_inspectors/perf_monitor/perf_module.cc +++ b/src/network_inspectors/perf_monitor/perf_module.cc @@ -194,18 +194,19 @@ static int disable_flow_ip_profiling(lua_State* L) return 0; } -static int show_flow_ip_profiling(lua_State*) +static int show_flow_ip_profiling(lua_State* L) { bool status = false; + ControlConn* ctrlcon = ControlConn::query_from_lua(L); PerfMonitor* perf_monitor = (PerfMonitor*)InspectorManager::get_inspector(PERF_NAME, true); if (perf_monitor) status = perf_monitor->is_flow_ip_enabled(); else - LogMessage("perf_monitor is not configured\n"); + LogRespond(ctrlcon, "perf_monitor is not configured\n"); - LogMessage("Snort flow ip profiling is %s\n", status ? "enabled" : "disabled"); + LogRespond(ctrlcon, "Snort flow ip profiling is %s\n", status ? "enabled" : "disabled"); return 0; } diff --git a/src/utils/stats.cc b/src/utils/stats.cc index 180344062..344fd9135 100644 --- a/src/utils/stats.cc +++ b/src/utils/stats.cc @@ -25,6 +25,7 @@ #include +#include "control/control.h" #include "detection/detection_engine.h" #include "file_api/file_stats.h" #include "filters/sfthreshold.h" @@ -51,48 +52,60 @@ namespace snort { THREAD_LOCAL PacketCount pc; +static THREAD_LOCAL ControlConn* s_ctrlcon = nullptr; //------------------------------------------------------------------------- static inline void LogSeparator(FILE* fh = stdout) { - LogMessage(fh, "%s\n", STATS_SEPARATOR); + LogfRespond(s_ctrlcon, fh, "%s\n", STATS_SEPARATOR); +} + +void LogText(const char* s, FILE* fh) +{ + LogfRespond(s_ctrlcon, fh, "%s\n", s); } void LogLabel(const char* s, FILE* fh) { if ( *s == ' ' ) { - LogMessage(fh, "%s\n", s); + LogfRespond(s_ctrlcon, fh, "%s\n", s); } else { LogSeparator(fh); - LogMessage(fh, "%s\n", s); + LogfRespond(s_ctrlcon, fh, "%s\n", s); } } void LogValue(const char* s, const char* v, FILE* fh) { - LogMessage(fh, "%25.25s: %s\n", s, v); + LogfRespond(s_ctrlcon, fh, "%25.25s: %s\n", s, v); } void LogCount(const char* s, uint64_t c, FILE* fh) { if ( c ) - LogMessage(fh, "%25.25s: " STDu64 "\n", s, c); + { + LogfRespond(s_ctrlcon, fh, "%25.25s: " STDu64 "\n", s, c); + } } void LogStat(const char* s, uint64_t n, uint64_t tot, FILE* fh) { if ( n ) - LogMessage(fh, "%25.25s: " FMTu64("-12") "\t(%7.3f%%)\n", s, n, CalcPct(n, tot)); + { + LogfRespond(s_ctrlcon, fh, "%25.25s: " FMTu64("-12") "\t(%7.3f%%)\n", s, n, CalcPct(n, tot)); + } } void LogStat(const char* s, double d, FILE* fh) { if ( d ) - LogMessage(fh, "%25.25s: %g\n", s, d); + { + LogfRespond(s_ctrlcon, fh, "%25.25s: %g\n", s, d); + } } } @@ -228,8 +241,9 @@ const PegInfo proc_names[] = //------------------------------------------------------------------------- -void DropStats() +void DropStats(ControlConn* ctrlcon) { + s_ctrlcon = ctrlcon; LogLabel("Packet Statistics"); ModuleManager::get_module("daq")->show_stats(); @@ -242,6 +256,7 @@ void DropStats() LogLabel("Summary Statistics"); show_stats((PegCount*)&proc_stats, proc_names, array_size(proc_names)-1, "process"); + s_ctrlcon = nullptr; } //------------------------------------------------------------------------- diff --git a/src/utils/stats.h b/src/utils/stats.h index 85d04f37f..50c825ecb 100644 --- a/src/utils/stats.h +++ b/src/utils/stats.h @@ -31,6 +31,8 @@ using IndexVec = std::vector; +class ControlConn; + // FIXIT-L split this out into appropriate modules struct PacketCount { @@ -99,6 +101,7 @@ extern SO_PUBLIC THREAD_LOCAL PacketCount pc; SO_PUBLIC inline PegCount get_packet_number() { return pc.analyzed_pkts; } SO_PUBLIC void LogLabel(const char*, FILE* = stdout); +SO_PUBLIC void LogText(const char*, FILE* = stdout); SO_PUBLIC void LogValue(const char*, const char*, FILE* = stdout); SO_PUBLIC void LogCount(const char*, uint64_t, FILE* = stdout); @@ -116,7 +119,7 @@ void sum_stats(SimpleStats* sums, SimpleStats* counts); void show_stats(SimpleStats*, const char* module_name); double CalcPct(uint64_t, uint64_t); -void DropStats(); +void DropStats(ControlConn* ctrlcon = nullptr); void PrintStatistics(); void TimeStart(); void TimeStop();