From: Abhishek Rawat (abhrawat) Date: Wed, 16 Apr 2025 12:54:28 +0000 (+0000) Subject: Pull request #4650: main: added show snort latency data cli support X-Git-Tag: 3.7.3.0~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e81687de158c95c216884663cfba9ba80194636;p=thirdparty%2Fsnort3.git Pull request #4650: main: added show snort latency data cli support Merge in SNORT/snort3 from ~ABHRAWAT/snort3:snort_latency_dioctl to master Squashed commit of the following: commit 2f8aec88f4b3e329f931ada996bb272ff2a0716b Author: abhrawat Date: Mon Sep 9 09:17:38 2024 +0000 main: added show snort latency data cli support --- diff --git a/src/main.cc b/src/main.cc index 8ab1ebcfa..cdc9ae17e 100644 --- a/src/main.cc +++ b/src/main.cc @@ -871,6 +871,13 @@ int show_snort_cpu(lua_State* L) return 0; } +int show_snort_packet_latency(lua_State* L) +{ + ControlConn* ctrlconn = ControlConn::query_from_lua(L); + send_response(ctrlconn, "Snort Packet latency data\n\n"); + main_broadcast_command(new ACShowSnortPacketLatencyData(ctrlconn), ctrlconn); + return 0; +} //------------------------------------------------------------------------- // housekeeping foo //------------------------------------------------------------------------- diff --git a/src/main.h b/src/main.h index 04b96a636..21a32d7c1 100644 --- a/src/main.h +++ b/src/main.h @@ -48,6 +48,7 @@ int main_quit(lua_State* = nullptr); int main_help(lua_State* = nullptr); int convert_counter_type(const char* type); int show_snort_cpu(lua_State* = nullptr); +int show_snort_packet_latency(lua_State* = nullptr); #ifdef SHELL int main_dump_plugins(lua_State* = nullptr); diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc index acd401c0b..632e3cd26 100644 --- a/src/main/analyzer_command.cc +++ b/src/main/analyzer_command.cc @@ -302,30 +302,27 @@ SFDAQInstance* AnalyzerCommand::get_daq_instance(Analyzer& analyzer) ACShowSnortCPU::~ACShowSnortCPU() { - if (DAQ_SUCCESS == status) - { - double cpu_usage_30s = 0.0; - double cpu_usage_120s = 0.0; - double cpu_usage_300s = 0.0; - int instance = 0; - - for (const auto& cu : cpu_usage) - { - log_message("%-3d \t%-6d \t%.1f%% \t%.1f%% \t%.1f%%\n", - instance, ThreadConfig::get_instance_tid(instance), cu.cpu_usage_30s, - cu.cpu_usage_120s, cu.cpu_usage_300s); - - cpu_usage_30s += cu.cpu_usage_30s; - cpu_usage_120s += cu.cpu_usage_120s; - cpu_usage_300s += cu.cpu_usage_300s; - instance++; - } + double cpu_usage_30s = 0.0; + double cpu_usage_120s = 0.0; + double cpu_usage_300s = 0.0; + int instance = 0; - if (instance) - log_message("\nSummary \t%.1f%% \t%.1f%% \t%.1f%%\n", - cpu_usage_30s/instance, cpu_usage_120s/instance, - cpu_usage_300s/instance); + for (const auto& cu : cpu_usage) + { + log_message("%-3d \t%-6d \t%.1f%% \t%.1f%% \t%.1f%%\n", + instance, ThreadConfig::get_instance_tid(instance), cu.cpu_usage_30s, + cu.cpu_usage_120s, cu.cpu_usage_300s); + + cpu_usage_30s += cu.cpu_usage_30s; + cpu_usage_120s += cu.cpu_usage_120s; + cpu_usage_300s += cu.cpu_usage_300s; + instance++; } + + if (instance) + log_message("\nSummary \t%.1f%% \t%.1f%% \t%.1f%%\n", + cpu_usage_30s/instance, cpu_usage_120s/instance, + cpu_usage_300s/instance); } bool ACShowSnortCPU::execute(Analyzer& analyzer, void**) @@ -333,20 +330,82 @@ bool ACShowSnortCPU::execute(Analyzer& analyzer, void**) DIOCTL_GetCpuProfileData get_data = {}; SFDAQInstance* instance = get_daq_instance(analyzer); + if (!instance) + return true; + + int instance_id = get_instance_id(); - status = instance->ioctl((DAQ_IoctlCmd)DIOCTL_GET_CPU_PROFILE_DATA, + int status = instance->ioctl((DAQ_IoctlCmd)DIOCTL_GET_CPU_PROFILE_DATA, (void *)(&get_data), sizeof(DIOCTL_GetCpuProfileData)); if (DAQ_SUCCESS != status) { - LogRespond(ctrlcon, "Fetching profile data failed from DAQ instance %d\n", get_instance_id()); + LogRespond(ctrlcon, "Fetching profile data failed from DAQ instance %d\n", instance_id); return true; } - auto& stat = cpu_usage[get_instance_id()]; + auto& stat = cpu_usage[instance_id]; stat.cpu_usage_30s = static_cast(get_data.cpu_usage_percent_30s); stat.cpu_usage_120s = static_cast(get_data.cpu_usage_percent_120s); stat.cpu_usage_300s = static_cast(get_data.cpu_usage_percent_300s); return true; } + +ACShowSnortPacketLatencyData::~ACShowSnortPacketLatencyData() +{ + const std::array protocol_names = { "TCP", "UDP", "Others" }; + int instance = 0; + + LogRespond(ctrlcon, "%-3s \t%-6s \t%-8s \t%-12s \t%-12s \t%-12s \t%-20s \t%-15s \t%-12s\n", + "Id", "Tid", "Proto", "Max_pkt(us)", "Pkt_count", "Sum_time(us)", + "Conn_meta_null", "Avg Packet Time(us)", "Max Latency(us)"); + + for (auto& ld: latency_data) + { + for (size_t i = 0; i < protocol_names.size(); i++) + { + auto& latency_data_proto = ld.snort_latency_data[i]; + double average_pkt_time = latency_data_proto.pkt_count > 0 ? + (latency_data_proto.sum_time*1.0 / latency_data_proto.pkt_count / 1000.0) : 0.0; + + LogRespond(ctrlcon, "%-3d \t%-6d \t%-8s \t%-12lu \t%-12lu \t%-12lu \t%-20lu \t%-15.3f \t%-12lu\n", + instance, ThreadConfig::get_instance_tid(instance), + protocol_names[i], + latency_data_proto.snort_up_max_pkt_time/1000, + latency_data_proto.pkt_count, + latency_data_proto.sum_time/1000, + latency_data_proto.conn_meta_null_counters, + average_pkt_time, + latency_data_proto.max_pkt_time/1000); + } + LogRespond(ctrlcon, "----------------------------------------------------\n"); + instance++; + } +} + +bool ACShowSnortPacketLatencyData::execute(Analyzer& analyzer, void**) +{ + DIOCTL_GetSnortLatencyData latency_data_array = {}; + + SFDAQInstance* instance = get_daq_instance(analyzer); + if (!instance){ + LogRespond(ctrlcon, "Fetching latency data failed from DAQ instance\n"); + return true; + } + int instance_id = get_instance_id(); + int status = instance->ioctl( + (DAQ_IoctlCmd)DIOCTL_GET_SNORT_LATENCY_DATA, + (void *)(&latency_data_array), + sizeof(DIOCTL_GetSnortLatencyData)); + + if (DAQ_SUCCESS != status) + { + LogRespond(ctrlcon, "Fetching latency data failed from DAQ instance\n"); + return true; + } + + auto& stat = latency_data[instance_id]; + stat = latency_data_array; + return true; +} diff --git a/src/main/analyzer_command.h b/src/main/analyzer_command.h index 34898335c..df5c7ab26 100644 --- a/src/main/analyzer_command.h +++ b/src/main/analyzer_command.h @@ -226,7 +226,19 @@ private: double cpu_usage_300s; }; std::vector cpu_usage; - int status = DAQ_SUCCESS; +}; + +class ACShowSnortPacketLatencyData : public snort::AnalyzerCommand +{ +public: + explicit ACShowSnortPacketLatencyData(ControlConn* conn) + : AnalyzerCommand(conn), latency_data(snort::ThreadConfig::get_instance_max()) + { } + bool execute(Analyzer&, void**) override; + const char* stringify() override { return "SHOW_SNORT_PACKET_LATENCY_DATA"; } + ~ACShowSnortPacketLatencyData() override; +private: + std::vector latency_data; }; namespace snort diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index 2f421f8c4..b63ac7158 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -157,6 +157,7 @@ static const Command snort_cmds[] = { "log_command", main_log_command,main_log_command_param, "enable or disable command logging"}, { "show_config_generation", main_show_config_generation, nullptr, "show loaded configuration ID"}, { "show_snort_cpu", show_snort_cpu, nullptr, "show snort cpu usage"}, + { "show_snort_packet_latency", show_snort_packet_latency, nullptr, "show snort packet latency data"}, // FIXIT-M rewrite trough to permit updates on the fly //{ "process", main_process, nullptr, "process given pcap" },