From: Victor Julien Date: Thu, 23 May 2024 18:46:22 +0000 (+0200) Subject: defrag: add various counters X-Git-Tag: suricata-8.0.0-beta1~1220 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83dc703d1fd5a435178f220a3e79cd65b73b4cbb;p=thirdparty%2Fsuricata.git defrag: add various counters --- diff --git a/etc/schema.json b/etc/schema.json index 8bcd1b0d79..7d3f92801e 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -5190,8 +5190,25 @@ "defrag": { "type": "object", "properties": { - "max_frag_hits": { - "type": "integer" + "tracker_soft_reuse": { + "type": "integer", + "description": + "Finished tracker re-used from hash table before being moved to spare pool" + }, + "tracker_hard_reuse": { + "type": "integer", + "description": + "Active tracker force closed before completion and reused for new tracker" + }, + "max_trackers_reached": { + "type": "integer", + "description": + "How many times a packet wasn't reassembled due to max-trackers limit being reached" + }, + "max_frags_reached": { + "type": "integer", + "description": + "How many times a fragment wasn't stored due to max-frags limit being reached" }, "memcap_exception_policy": { "description": diff --git a/src/decode.c b/src/decode.c index 3eefbcbcb7..e0deafabc9 100644 --- a/src/decode.c +++ b/src/decode.c @@ -675,8 +675,10 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv) dtv->counter_defrag_ipv6_fragments = StatsRegisterCounter("defrag.ipv6.fragments", tv); dtv->counter_defrag_ipv6_reassembled = StatsRegisterCounter("defrag.ipv6.reassembled", tv); - dtv->counter_defrag_max_hit = - StatsRegisterCounter("defrag.max_frag_hits", tv); + dtv->counter_defrag_max_hit = StatsRegisterCounter("defrag.max_trackers_reached", tv); + dtv->counter_defrag_no_frags = StatsRegisterCounter("defrag.max_frags_reached", tv); + dtv->counter_defrag_tracker_soft_reuse = StatsRegisterCounter("defrag.tracker_soft_reuse", tv); + dtv->counter_defrag_tracker_hard_reuse = StatsRegisterCounter("defrag.tracker_hard_reuse", tv); ExceptionPolicySetStatsCounters(tv, &dtv->counter_defrag_memcap_eps, &defrag_memcap_eps_stats, DefragGetMemcapExceptionPolicy(), "defrag.memcap_exception_policy.", diff --git a/src/decode.h b/src/decode.h index 4531a4faa8..a2961f43b3 100644 --- a/src/decode.h +++ b/src/decode.h @@ -999,6 +999,9 @@ typedef struct DecodeThreadVars_ uint16_t counter_defrag_ipv6_fragments; uint16_t counter_defrag_ipv6_reassembled; uint16_t counter_defrag_max_hit; + uint16_t counter_defrag_no_frags; + uint16_t counter_defrag_tracker_soft_reuse; + uint16_t counter_defrag_tracker_hard_reuse; ExceptionPolicyCounters counter_defrag_memcap_eps; uint16_t counter_flow_memcap; diff --git a/src/defrag-hash.c b/src/defrag-hash.c index 623fd28b7f..11fef806ea 100644 --- a/src/defrag-hash.c +++ b/src/defrag-hash.c @@ -33,7 +33,8 @@ SC_ATOMIC_DECLARE(uint64_t,defrag_memuse); SC_ATOMIC_DECLARE(unsigned int,defragtracker_counter); SC_ATOMIC_DECLARE(unsigned int,defragtracker_prune_idx); -static DefragTracker *DefragTrackerGetUsedDefragTracker(void); +static DefragTracker *DefragTrackerGetUsedDefragTracker( + ThreadVars *tv, const DecodeThreadVars *dtv); /** queue with spare tracker */ static DefragTrackerStack defragtracker_spare_q; @@ -486,7 +487,7 @@ static DefragTracker *DefragTrackerGetNew(ThreadVars *tv, DecodeThreadVars *dtv, if (dt == NULL) { /* If we reached the max memcap, we get a used tracker */ if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) { - dt = DefragTrackerGetUsedDefragTracker(); + dt = DefragTrackerGetUsedDefragTracker(tv, dtv); if (dt == NULL) { ExceptionPolicyApply(p, defrag_config.memcap_policy, PKT_DROP_REASON_DEFRAG_MEMCAP); DefragExceptionPolicyStatsIncr(tv, dtv, defrag_config.memcap_policy); @@ -646,7 +647,7 @@ DefragTracker *DefragLookupTrackerFromHash (Packet *p) * * \retval dt tracker or NULL */ -static DefragTracker *DefragTrackerGetUsedDefragTracker(void) +static DefragTracker *DefragTrackerGetUsedDefragTracker(ThreadVars *tv, const DecodeThreadVars *dtv) { uint32_t idx = SC_ATOMIC_GET(defragtracker_prune_idx) % defrag_config.hash_size; uint32_t cnt = defrag_config.hash_size; @@ -679,6 +680,9 @@ static DefragTracker *DefragTrackerGetUsedDefragTracker(void) continue; } + /* only count "forced" reuse */ + bool incr_reuse_cnt = !dt->remove; + /* remove from the hash */ hb->head = dt->hnext; @@ -689,6 +693,12 @@ static DefragTracker *DefragTrackerGetUsedDefragTracker(void) SCMutexUnlock(&dt->lock); + if (incr_reuse_cnt) { + StatsIncr(tv, dtv->counter_defrag_tracker_hard_reuse); + } else { + StatsIncr(tv, dtv->counter_defrag_tracker_soft_reuse); + } + (void) SC_ATOMIC_ADD(defragtracker_prune_idx, (defrag_config.hash_size - cnt)); return dt; } diff --git a/src/defrag.c b/src/defrag.c index 3802bba392..1d55d9a944 100644 --- a/src/defrag.c +++ b/src/defrag.c @@ -872,6 +872,9 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker, } else { ENGINE_SET_EVENT(p, IPV6_FRAG_IGNORED); } + if (tv != NULL && dtv != NULL) { + StatsIncr(tv, dtv->counter_defrag_no_frags); + } goto error_remove_tracker; } new->pkt = SCMalloc(GET_PKT_LEN(p));