From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun, 16 Jun 2019 14:59:35 +0000 (-0400)
Subject: Merge pull request #1628 in SNORT/snort3 from ~BBANTWAL/snort3:pegcounts to master
X-Git-Tag: 3.0.0-257~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a75810f4bb9180acc8666ea82f73e23c060cac14;p=thirdparty%2Fsnort3.git

Merge pull request #1628 in SNORT/snort3 from ~BBANTWAL/snort3:pegcounts to master

Squashed commit of the following:

commit 46120f09f1374a79a945dcf8c14bcdaf70a16c8c
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Tue Jun 11 10:15:18 2019 -0400

    adding stats for offloader busy

commit 98821ce7200c8f1fd72476e264bc4f782a74dfd6
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Tue Jun 4 12:41:48 2019 -0400

    adding pegcounts for context chain suspends

commit b71215b8870e26706d2a93336dcb2be03f4012a7
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Tue Jun 4 09:53:47 2019 -0400

    detection: adding pegcounts for fallback, offload failures

commit 1ad6aa682e0d3f6faf9fb91256f322c089f754d9
Author: russ <rucombs@cisco.com>
Date:   Sat Jun 1 15:54:10 2019 -0400

    detection: add peg for onload wait conditions
---

diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index 3c3bf1436..5fa4dcf7f 100644
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -399,6 +399,7 @@ bool DetectionEngine::do_offload(Packet* p)
         else
         {
             sw->suspend();
+            pc.offload_suspends++;
             return true;
         }
     }
@@ -408,13 +409,17 @@ bool DetectionEngine::offload(Packet* p)
 {
     ContextSwitcher* sw = Analyzer::get_switcher();
 
-    bool depends_on_suspended = p->flow ? p->flow->context_chain.front() : sw->non_flow_chain.front();
-    bool can_offload = offloader->available();
+    bool depends_on_suspended = 
+        p->flow ? p->flow->context_chain.front() : sw->non_flow_chain.front();
+
     bool should_offload = p->dsize >= SnortConfig::get_conf()->offload_limit;
 
-    if ( can_offload and should_offload )
+    if ( should_offload )
     {
-        return do_offload(p);
+        if ( offloader->available() )
+            return do_offload(p);
+
+        pc.offload_busy++;
     }
 
     if ( depends_on_suspended )
@@ -422,6 +427,7 @@ bool DetectionEngine::offload(Packet* p)
         fp_partial(p);
         p->context->searches.search_sync();
         sw->suspend();
+        pc.offload_suspends++;
         return true;
     }
 
@@ -450,6 +456,9 @@ void DetectionEngine::idle()
 
 void DetectionEngine::onload(Flow* flow)
 {
+    if ( flow->is_suspended() )
+        pc.onload_waits++;
+
     while ( flow->is_suspended() )
     {
         trace_logf(detection,
diff --git a/src/detection/regex_offload.cc b/src/detection/regex_offload.cc
index 9a426453d..8bea6ca57 100644
--- a/src/detection/regex_offload.cc
+++ b/src/detection/regex_offload.cc
@@ -39,6 +39,9 @@
 #include "latency/rule_latency.h"
 #include "main/snort_config.h"
 #include "managers/module_manager.h"
+#include "utils/stats.h"
+
+using namespace snort;
 
 // FIXIT-L this could be offloader specific
 struct RegexRequest
@@ -137,10 +140,10 @@ bool MpseRegexOffload::get(snort::Packet*& p)
         {
             if (batch->can_fallback())
             {
-                // FIXIT-M Add peg counts to record offload search fallback attempts
                 batch->search_sync();
+                pc.offload_fallback++;
             }
-            // FIXIT-M else Add peg counts to record offload search failures
+            pc.offload_failures++;
         }
 
         snort::IpsContext* c = (snort::IpsContext*)(batch->context);
@@ -276,16 +279,17 @@ void ThreadRegexOffload::worker(RegexRequest* req, snort::SnortConfig* initial_c
         {
             if (c->searches.can_fallback())
             {
-                // FIXIT-M Add peg counts to record offload search fallback attempts
                 c->searches.search_sync();
+                pc.offload_fallback++;
             }
-            // FIXIT-M else Add peg counts to record offload search failures
+            pc.offload_failures++;
         }
 
         c->searches.items.clear();
         req->offload = false;
     }
     snort::ModuleManager::accumulate_offload("search_engine");
+    snort::ModuleManager::accumulate_offload("detection");
 
     // FIXIT-M break this over-coupling. In reality we shouldn't be evaluating latency in offload.
     PacketLatency::tterm();
diff --git a/src/utils/stats.cc b/src/utils/stats.cc
index ca6a22ac1..0bd4f972b 100644
--- a/src/utils/stats.cc
+++ b/src/utils/stats.cc
@@ -190,6 +190,11 @@ const PegInfo pc_names[] =
     { CountType::SUM, "event_limit", "events filtered" },
     { CountType::SUM, "alert_limit", "events previously triggered on same PDU" },
     { CountType::SUM, "context_stalls", "times processing stalled to wait for an available context" },
+    { CountType::SUM, "offload_busy", "times offload was not available" },
+    { CountType::SUM, "onload_waits", "times processing waited for onload to complete" },
+    { CountType::SUM, "offload_fallback", "fast pattern offload search fallback attempts" },
+    { CountType::SUM, "offload_failures", "fast pattern offload search failures" },
+    { CountType::SUM, "offload_suspends", "fast pattern search suspends due to offload context chains" },
     { CountType::END, nullptr, nullptr }
 };
 
diff --git a/src/utils/stats.h b/src/utils/stats.h
index 24a66f540..6e24ccaee 100644
--- a/src/utils/stats.h
+++ b/src/utils/stats.h
@@ -55,6 +55,11 @@ struct PacketCount
     PegCount event_limit;
     PegCount alert_limit;
     PegCount context_stalls;
+    PegCount offload_busy;
+    PegCount onload_waits;
+    PegCount offload_fallback;
+    PegCount offload_failures;
+    PegCount offload_suspends;
 };
 
 struct ProcessCount