From: Vitalii Izhyk -X (viizhyk - SOFTSERVE INC at Cisco) <viizhyk@cisco.com>
Date: Mon, 16 Dec 2024 18:31:49 +0000 (+0000)
Subject: Pull request #4481: Include FP detection time in ConnProfiling
X-Git-Tag: 3.6.1.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56930f9d89b245fda9872f2afb08055d70f28ea7;p=thirdparty%2Fsnort3.git

Pull request #4481: Include FP detection time in ConnProfiling

Merge in SNORT/snort3 from ~VIIZHYK/snort3:fp_detection to master

Squashed commit of the following:

commit fb421c5addc2cc9b687155e735b88cffaddbd63c
Author: viizhyk <viizhyk@cisco.com>
Date:   Mon Dec 16 13:14:31 2024 -0500

    inspector_manager: Refactored instrumentation code of connection profiling.
---

diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index def14a234..1ca422ef6 100644
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -641,8 +641,11 @@ bool DetectionEngine::inspect(Packet* p)
         {
             enable_content(p);
 
+            p->inspection_started_timestamp = TO_USECS_FROM_EPOCH(SnortClock::now());
             InspectorManager::execute(p);
+
             inspected = true;
+            p->inspection_started_timestamp = TO_USECS_FROM_EPOCH(SnortClock::now());
 
             if ( !all_disabled(p) )
             {
@@ -652,6 +655,10 @@ bool DetectionEngine::inspect(Packet* p)
                 if ( detect(p, offload_enabled) )
                     return false; // don't finish out offloaded packets
             }
+            if ( p->flow )
+            {
+                p->flow->add_inspection_duration(TO_USECS_FROM_EPOCH(SnortClock::now()) - p->inspection_started_timestamp);
+            }
         }
         finish_inspect_with_latency(p);
     }
diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc
index be4dbc601..3eaf0f298 100644
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -2072,8 +2072,6 @@ inline void InspectorManager::internal_execute(Packet* p)
 // new it_xxx) is run just once per flow (and all non-flow packets).
 void InspectorManager::execute(Packet* p)
 {
-    p->inspection_started_timestamp = TO_USECS_FROM_EPOCH(SnortClock::now());
-
     if ( trace_enabled(snort_trace, TRACE_INSPECTOR_MANAGER, DEFAULT_TRACE_LOG_LEVEL, p) )
         internal_execute<true>(p);
     else