From: Steve Chew (stechew) <stechew@cisco.com>
Date: Sun, 4 Jun 2023 16:19:50 +0000 (+0000)
Subject: Pull request #3855: flow: introduced granular counters for idle_prunes
X-Git-Tag: 3.1.64.0~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a045375fd3a100a149778a1101d015e77ffddb8b;p=thirdparty%2Fsnort3.git

Pull request #3855: flow: introduced granular counters for idle_prunes

Merge in SNORT/snort3 from ~RCONJEEV/snort3:rconjeev_us824999 to master

Squashed commit of the following:

commit e0b6f73b0314f204e536403604d48c93355cc0d7
Author: RAGHURAAM CONJEEVARAM UDAYANAN -X (rconjeev - XORIANT CORPORATION at Cisco) <rconjeev@cisco.com>
Date:   Fri May 19 15:26:27 2023 +0530

    flow: introduced granular counters for idle_prunes
---

diff --git a/src/flow/flow_cache.cc b/src/flow/flow_cache.cc
index 3bab4cb94..f7bafec1c 100644
--- a/src/flow/flow_cache.cc
+++ b/src/flow/flow_cache.cc
@@ -162,7 +162,7 @@ Flow* FlowCache::allocate(const FlowKey* key)
     time_t timestamp = packet_time();
     if ( hash_table->get_num_nodes() >= config.max_flows )
     {
-        if ( !prune_stale(timestamp, nullptr) )
+        if ( !prune_idle(timestamp, nullptr) )
         {
             if ( !prune_unis(key->pkt_type) )
                 prune_excess(nullptr);
@@ -213,7 +213,7 @@ void FlowCache::retire(Flow* flow)
     remove(flow);
 }
 
-unsigned FlowCache::prune_stale(uint32_t thetime, const Flow* save_me)
+unsigned FlowCache::prune_idle(uint32_t thetime, const Flow* save_me)
 {
     ActiveSuspendContext act_susp(Active::ASP_PRUNE);
 
@@ -247,7 +247,7 @@ unsigned FlowCache::prune_stale(uint32_t thetime, const Flow* save_me)
                 break;
 
             flow->ssn_state.session_flags |= SSNFLAG_TIMEDOUT;
-            if ( release(flow, PruneReason::IDLE) )
+            if ( release(flow, PruneReason::IDLE_MAX_FLOWS) )
                 ++pruned;
 
             flow = static_cast<Flow*>(hash_table->lru_first());
@@ -417,7 +417,7 @@ unsigned FlowCache::timeout(unsigned num_flows, time_t thetime)
             }
 
             flow->ssn_state.session_flags |= SSNFLAG_TIMEDOUT;
-            if ( release(flow, PruneReason::IDLE) )
+            if ( release(flow, PruneReason::IDLE_PROTOCOL_TIMEOUT) )
                 ++retired;
 
             flow = static_cast<Flow*>(hash_table->lru_current());
diff --git a/src/flow/flow_cache.h b/src/flow/flow_cache.h
index b23342f0d..9ea5acced 100644
--- a/src/flow/flow_cache.h
+++ b/src/flow/flow_cache.h
@@ -56,7 +56,7 @@ public:
 
     bool release(snort::Flow*, PruneReason = PruneReason::NONE, bool do_cleanup = true);
 
-    unsigned prune_stale(uint32_t thetime, const snort::Flow* save_me);
+    unsigned prune_idle(uint32_t thetime, const snort::Flow* save_me);
     unsigned prune_excess(const snort::Flow* save_me);
     bool prune_one(PruneReason, bool do_cleanup);
     unsigned timeout(unsigned num_flows, time_t cur_time);
diff --git a/src/flow/prune_stats.h b/src/flow/prune_stats.h
index f90da6275..650f6397a 100644
--- a/src/flow/prune_stats.h
+++ b/src/flow/prune_stats.h
@@ -28,12 +28,13 @@
 
 enum class PruneReason : uint8_t
 {
-    IDLE,
     EXCESS,
     UNI,
     MEMCAP,
     HA,
     STALE,
+	IDLE_MAX_FLOWS,
+	IDLE_PROTOCOL_TIMEOUT,
     NONE,
     MAX
 };
diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc
index 15abe460f..7d8afd2ff 100644
--- a/src/stream/base/stream_base.cc
+++ b/src/stream/base/stream_base.cc
@@ -66,7 +66,8 @@ const PegInfo base_pegs[] =
 {
     { CountType::SUM, "flows", "total sessions" },
     { CountType::SUM, "total_prunes", "total sessions pruned" },
-    { CountType::SUM, "idle_prunes", " sessions pruned due to timeout" },
+	{ CountType::SUM, "idle_prunes_max_flows", " sessions pruned due to pruning timeout since max flows is reached" },
+	{ CountType::SUM, "idle_prunes_proto_timeout", " sessions pruned due to protocol timeout" },
     { CountType::SUM, "excess_prunes", "sessions pruned due to excess" },
     { CountType::SUM, "uni_prunes", "uni sessions pruned" },
     { CountType::SUM, "memcap_prunes", "sessions pruned due to memcap" },
@@ -102,7 +103,8 @@ void base_prep()
 
     stream_base_stats.flows = flow_con->get_flows();
     stream_base_stats.prunes = flow_con->get_total_prunes();
-    stream_base_stats.timeout_prunes = flow_con->get_prunes(PruneReason::IDLE);
+    stream_base_stats.max_flow_prunes = flow_con->get_prunes(PruneReason::IDLE_MAX_FLOWS);
+    stream_base_stats.protocol_timeout_prunes = flow_con->get_prunes(PruneReason::IDLE_PROTOCOL_TIMEOUT);
     stream_base_stats.excess_prunes = flow_con->get_prunes(PruneReason::EXCESS);
     stream_base_stats.uni_prunes = flow_con->get_prunes(PruneReason::UNI);
     stream_base_stats.memcap_prunes = flow_con->get_prunes(PruneReason::MEMCAP);
diff --git a/src/stream/base/stream_module.h b/src/stream/base/stream_module.h
index 96a8f6e19..f8db8fd49 100644
--- a/src/stream/base/stream_module.h
+++ b/src/stream/base/stream_module.h
@@ -56,7 +56,8 @@ struct BaseStats
 {
      PegCount flows;
      PegCount prunes;
-     PegCount timeout_prunes;
+     PegCount max_flow_prunes;
+     PegCount protocol_timeout_prunes;
      PegCount excess_prunes;
      PegCount uni_prunes;
      PegCount memcap_prunes;