From: Vivitha Thiraviam -X (vithirav - HCL TECHNOLOGIES LIMITED at Cisco) Date: Wed, 19 Nov 2025 20:22:33 +0000 (+0000) Subject: Pull request #4982: main: Retry queue timeout option added X-Git-Tag: 3.10.0.0~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e0b4708c1856fe3e4a0b4b0c107cfce6d69967a;p=thirdparty%2Fsnort3.git Pull request #4982: main: Retry queue timeout option added Merge in SNORT/snort3 from ~VITHIRAV/snort3:retry_queue_timeout to master Squashed commit of the following: commit 61f65bb7adef7ce6e4b836ee07c8a62030c66fb7 Author: vithirav Date: Tue Nov 18 20:45:04 2025 -0800 main: Retry queue timeout option added --- diff --git a/src/main.cc b/src/main.cc index f050f5a9c..5b8b8193a 100644 --- a/src/main.cc +++ b/src/main.cc @@ -180,7 +180,7 @@ bool Pig::prep(const char* source) return false; } requires_privileged_start = instance->can_start_unprivileged(); - analyzer = new Analyzer(instance, idx, source, sc->pkt_cnt); + analyzer = new Analyzer(instance, idx, source, sc->pkt_cnt, sc->retry_timeout); analyzer->set_skip_cnt(sc->pkt_skip); #ifdef REG_TEST analyzer->set_pause_after_cnt(sc->pkt_pause_cnt); diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index 39e7e1af6..b2d9ef07f 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -104,6 +104,7 @@ class RetryQueue public: RetryQueue(unsigned interval_ms) { + LogMessage("Retry queue interval is: %u ms\n", interval_ms); assert(interval_ms > 0); interval = { static_cast(interval_ms / 1000), static_cast((interval_ms % 1000) * 1000) }; } @@ -746,12 +747,12 @@ void Analyzer::term() TraceApi::thread_term(); } -Analyzer::Analyzer(SFDAQInstance* instance, unsigned i, const char* s, uint64_t msg_cnt) : +Analyzer::Analyzer(SFDAQInstance* instance, unsigned i, const char* s, uint64_t msg_cnt, const uint32_t retry_timeout) : id(i), exit_after_cnt(msg_cnt), source(s ? s : ""), daq_instance(instance), - retry_queue(new RetryQueue(200)), + retry_queue(new RetryQueue(retry_timeout)), oops_handler(new OopsHandler()) { set_state(State::NEW); diff --git a/src/main/analyzer.h b/src/main/analyzer.h index 124ab2575..be16eb0f5 100644 --- a/src/main/analyzer.h +++ b/src/main/analyzer.h @@ -81,7 +81,7 @@ public: static void set_main_hook(MainHook_f); Analyzer() = delete; - Analyzer(snort::SFDAQInstance*, unsigned id, const char* source, uint64_t msg_cnt = 0); + Analyzer(snort::SFDAQInstance*, unsigned id, const char* source, uint64_t msg_cnt = 0, const uint32_t retry_timeout = 200); ~Analyzer(); void operator()(Swapper*, uint16_t run_num); diff --git a/src/main/snort_config.h b/src/main/snort_config.h index a49e4a63c..ab69519fb 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -423,7 +423,7 @@ public: SoRules* so_rules = nullptr; DumpConfigType dump_config_type = DUMP_CONFIG_NONE; - + uint32_t retry_timeout = 200; // Milliseconds to hold packet on retry queue. std::string dump_config_file; std::thread* config_dumper = nullptr; private: diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index b63ac7158..24fd58b35 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -573,6 +573,9 @@ static const Parameter s_params[] = { "--process-all-events", Parameter::PT_IMPLIED, nullptr, nullptr, "process all action groups" }, + { "--retry-timeout", Parameter::PT_INT, "0:max32", "200", + "Number of milliseconds a packet stays in the retry queue before being reexamined" }, + { "--rule", Parameter::PT_STRING, nullptr, nullptr, " to be added to configuration; may be repeated" }, @@ -1150,6 +1153,9 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( is(v, "--process-all-events") ) sc->set_process_all_events(true); + else if ( is(v, "--retry-timeout") ) + sc->retry_timeout = v.get_uint32(); + else if ( is(v, "--rule") ) parser_append_rules(v.get_string()); diff --git a/src/main/test/distill_verdict_stubs.h b/src/main/test/distill_verdict_stubs.h index 8b177bbf4..492781018 100644 --- a/src/main/test/distill_verdict_stubs.h +++ b/src/main/test/distill_verdict_stubs.h @@ -212,7 +212,6 @@ const uint8_t* PacketManager::encode_reject(UnreachResponse, EncodeFlags, const void FileService::thread_init() { } void FileService::thread_term() { } void ErrorMessage(const char*,...) { } -void LogMessage(const char*,...) { } [[noreturn]] void FatalError(const char*,...) { exit(-1); } void ParseWarning(WarningGroup, const char*, ...) { } void HighAvailabilityManager::thread_init() { } diff --git a/src/main/test/distill_verdict_test.cc b/src/main/test/distill_verdict_test.cc index aec78f220..3e823ddb3 100644 --- a/src/main/test/distill_verdict_test.cc +++ b/src/main/test/distill_verdict_test.cc @@ -59,6 +59,20 @@ unsigned DataBus::get_id(const PubKey&) { return 0; } void ThreadConfig::update_thread_status(bool) {} void ThreadConfig::kick_watchdog() {} + +// Mock the log function to copy the log message +char captured_log[64]; +void LogMessage(const char* format, va_list& args) +{ + vsnprintf(captured_log, sizeof(captured_log),format, args); +} +void LogMessage(const char* format,...) +{ + va_list args; + va_start(args, format); + LogMessage(format, args); + va_end(args); +} } const FlowCacheConfig& FlowControl::get_flow_cache_config() const @@ -89,7 +103,7 @@ TEST_GROUP(distill_verdict_tests) pkt.action = &active_action; di = new SFDAQInstance(nullptr, 0, nullptr); pkt.daq_instance = di; - analyzer = new Analyzer(di, 0, nullptr); + analyzer = new Analyzer(di, 0, nullptr, 0, 40); } void teardown() override @@ -185,6 +199,10 @@ TEST(distill_verdict_tests, deferred_trust_prevent_whitelist) mock().checkExpectations(); } +TEST(distill_verdict_tests, logmessage_verify) +{ + STRCMP_EQUAL(captured_log, "Retry queue interval is: 40 ms\n"); +} //------------------------------------------------------------------------- // main //------------------------------------------------------------------------- diff --git a/src/parser/parser.cc b/src/parser/parser.cc index be85ca16f..910bc1f58 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -331,6 +331,7 @@ SnortConfig* ParseSnortConf(const SnortConfig* cmd_line_conf, const char* fname) sc->output_flags = cmd_line_conf->output_flags; sc->tweaks = cmd_line_conf->tweaks; sc->dump_config_type = cmd_line_conf->dump_config_type; + sc->retry_timeout = cmd_line_conf->retry_timeout; sc->dump_config_file = cmd_line_conf->dump_config_file; sc->pid_filename = cmd_line_conf->pid_filename; sc->max_procs = cmd_line_conf->max_procs;