From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Fri, 3 Apr 2020 19:11:40 +0000 (+0000)
Subject: Merge pull request #2117 in SNORT/snort3 from ~DERAMADA/snort3:log_daq_pool_size... 
X-Git-Tag: 3.0.1-2~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a06e2e282791aea67c119217c4545c408cb700f;p=thirdparty%2Fsnort3.git

Merge pull request #2117 in SNORT/snort3 from ~DERAMADA/snort3:log_daq_pool_size to master

Squashed commit of the following:

commit f6bad88e3d04736dc28e96f74299306ebcf89c4d
Author: deramada <deramada@cisco.com>
Date:   Mon Mar 30 12:25:28 2020 -0400

    packet_io: log daq pool size
---

diff --git a/src/main/modules.cc b/src/main/modules.cc
index 913b7b885..870b8e3aa 100644
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -833,6 +833,7 @@ static PegInfo active_pegs[]
     { CountType::SUM, "failed_direct_injects", "total crafted packet direct injects that failed" },
     { CountType::SUM, "holds_denied", "total number of packet hold requests denied" },
     { CountType::SUM, "holds_canceled", "total number of packet hold requests canceled" },
+    { CountType::SUM, "holds_allowed", "total number of packet hold requests allowed" },
     { CountType::END, nullptr, nullptr }
 };
 
diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index 452c3bdb7..8b4e9248e 100644
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -586,21 +586,20 @@ bool Active::retry_packet(const Packet* p)
     return true;
 }
 
-bool Active::hold_packet(const Packet* p)
+void Active::hold_packet(const Packet* p)
 {
     if (active_action >= ACT_HOLD)
-        return false;
+        return;
 
     // FIXIT-L same semi-arbitrary heuristic as the retry queue logic - reevaluate later
     if (!p->daq_instance || p->daq_instance->get_pool_available() < p->daq_instance->get_batch_size())
     {
         active_counts.holds_denied++;
-        return false;
+        return;
     }
 
     active_action = ACT_HOLD;
-
-    return true;
+    active_counts.holds_allowed++;
 }
 
 void Active::cancel_packet_hold()
diff --git a/src/packet_io/active.h b/src/packet_io/active.h
index 1ae4ba37b..fd0c17f90 100644
--- a/src/packet_io/active.h
+++ b/src/packet_io/active.h
@@ -44,6 +44,7 @@ public:
         PegCount failed_direct_injects;
         PegCount holds_denied;
         PegCount holds_canceled;
+        PegCount holds_allowed;
     };
 
     enum ActiveStatus : uint8_t
@@ -95,7 +96,7 @@ public:
     void drop_packet(const Packet*, bool force = false);
     void daq_drop_packet(const Packet*);
     bool retry_packet(const Packet*);
-    bool hold_packet(const Packet*);
+    void hold_packet(const Packet*);
     void cancel_packet_hold();
 
     void allow_session(Packet*);
diff --git a/src/packet_io/dev_notes.txt b/src/packet_io/dev_notes.txt
index eacb66426..e6c85a3ed 100644
--- a/src/packet_io/dev_notes.txt
+++ b/src/packet_io/dev_notes.txt
@@ -5,3 +5,9 @@ There is one DAQ instance per active source (interface, pcap, etc.).  The
 DAQ determines the required root decoder, instantiated upon thread
 initialization, and which remains the same for all packets.
 
+The other modules use the Active interface to detain packets. A packet will
+not be held if it would drop the the available DAQ message pool down below 
+the DAQ batch size. DAQ batch size (the number of packets Snort can process
+in batch mode) can be configured using this command line option 
+--daq-batch-size and the pool size is obtained using a DAQ API call: 
+daq_instance_get_msg_pool_info(DAQ_Instance_h, DAQ_MsgPoolInfo_t)
diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc
index 1b84f629e..701b4c05a 100644
--- a/src/packet_io/sfdaq_instance.cc
+++ b/src/packet_io/sfdaq_instance.cc
@@ -167,6 +167,8 @@ bool SFDAQInstance::start()
     pool_size = mpool_info.size;
     pool_available = mpool_info.available;
     assert(pool_size == pool_available);
+    if (SnortConfig::log_verbose())
+        LogMessage("DAQ pool size: %d\n", pool_size);
 
     dlt = daq_instance_get_datalink_type(instance);
     get_tunnel_capabilities();
diff --git a/src/service_inspectors/http_inspect/http_tables.cc b/src/service_inspectors/http_inspect/http_tables.cc
index 62ebd4f4d..815bd1842 100644
--- a/src/service_inspectors/http_inspect/http_tables.cc
+++ b/src/service_inspectors/http_inspect/http_tables.cc
@@ -412,7 +412,7 @@ const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] =
     { CountType::SUM, "uri_coding", "URIs with character coding problems" },
     { CountType::NOW, "concurrent_sessions", "total concurrent http sessions" },
     { CountType::MAX, "max_concurrent_sessions", "maximum concurrent http sessions" },
-    { CountType::SUM, "detained_packets", "packet hold requests for detained inspection" },
+    { CountType::SUM, "detains_requested", "packet hold requests for detained inspection" },
     { CountType::SUM, "partial_inspections", "pre-inspections for detained inspection" },
     { CountType::SUM, "excess_parameters", "repeat parameters exceeding max" },
     { CountType::SUM, "parameters", "HTTP parameters inspected" },