From: ARUNKUMAR KAYAMBU -X (akayambu - XORIANT CORPORATION at Cisco) <akayambu@cisco.com>
Date: Tue, 22 Oct 2024 15:09:19 +0000 (+0000)
Subject: Pull request #4486: Add thread instance number to dump_flows control command output
X-Git-Tag: 3.5.1.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b29afef91078ee04c05fadb741a3c677899f5ecc;p=thirdparty%2Fsnort3.git

Pull request #4486: Add thread instance number to dump_flows control command output

Merge in SNORT/snort3 from ~AKAYAMBU/snort3:add_instance_number to master

Squashed commit of the following:

commit 52fa22e84bfcb080b6f94c95f1401d0778b1ee2a
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date:   Mon Oct 14 18:00:22 2024 -0400

    stream: add thread instance number to dump_flows control command output
---

diff --git a/src/flow/flow_cache.cc b/src/flow/flow_cache.cc
index b00b949ba..54b0eca22 100644
--- a/src/flow/flow_cache.cc
+++ b/src/flow/flow_cache.cc
@@ -843,16 +843,16 @@ void FlowCache::output_flow(std::fstream& stream, const Flow& flow, const struct
     switch ( flow.pkt_type )
     {
         case PktType::IP:
-            out << "IP " << flow.key->addressSpaceId << ": " << src_ip << " " << dst_ip;
+            out << "Instance-ID: " << get_relative_instance_number() << " IP " << flow.key->addressSpaceId << ": " << src_ip << " " << dst_ip;
             break;
 
         case PktType::ICMP:
-            out << "ICMP " << flow.key->addressSpaceId << ": " << src_ip << " type " << src_port << " "
+            out << "Instance-ID: " << get_relative_instance_number() << " ICMP " << flow.key->addressSpaceId << ": " << src_ip << " type " << src_port << " "
                 << dst_ip;
             break;
 
         case PktType::TCP:
-            out << "TCP " << flow.key->addressSpaceId << ": " << src_ip << "/" << src_port << " "
+            out << "Instance-ID: " << get_relative_instance_number() << " TCP " << flow.key->addressSpaceId << ": " << src_ip << "/" << src_port << " "
                 << dst_ip << "/" << dst_port;
             if (flow.session)
             {
@@ -863,7 +863,7 @@ void FlowCache::output_flow(std::fstream& stream, const Flow& flow, const struct
             break;
 
         case PktType::UDP:
-            out << "UDP " << flow.key->addressSpaceId << ": "<< src_ip << "/" << src_port << " "
+            out << "Instance-ID: " << get_relative_instance_number() << " UDP " << flow.key->addressSpaceId << ": "<< src_ip << "/" << src_port << " "
                 << dst_ip << "/" << dst_port;
             break;
 
diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc
index f96c3d0a2..dcd28e0c3 100644
--- a/src/flow/test/flow_cache_test.cc
+++ b/src/flow/test/flow_cache_test.cc
@@ -111,6 +111,7 @@ time_t packet_time() { return 0; }
 void trace_vprintf(const char*, TraceLevel, const char*, const Packet*, const char*, va_list) {}
 
 unsigned get_instance_id() { return 0; }
+unsigned get_relative_instance_number() { return 1; }
 
 namespace ip
 {
diff --git a/src/main/dev_notes.txt b/src/main/dev_notes.txt
index f4dd2df01..a42602e34 100644
--- a/src/main/dev_notes.txt
+++ b/src/main/dev_notes.txt
@@ -75,4 +75,15 @@ In systems without NUMA architecture, this feature will not affect system
 performance or behavior. This, alongside with libhwloc, presents an efficient 
 cross-platform mechanism for thread configuration and managing CPU affinity 
 of threads, not only considering CPU architecture but also memory access policies, 
-providing a more balanced and optimized execution environment.
\ No newline at end of file
+providing a more balanced and optimized execution environment.
+
+use of get_relative_instance_number() in thread.cc:
+
+packet thread's instance_id is zero indexed. id_offset if used will determine
+starting id of the thread relative to all snort processes in a multiprocess environment.
+get_relative_instance_number() is used by dump_flows to print the instance number
+of a thread. Please note relative instance number starts from 1 so thread with
+instance_id 0 will have relative instance number as 1.
+If there are 2 snort processes run in multi process environment each with 3 threads,
+snort process 1 threads will have relative instance number 1,2 and 3.
+The second process's threads will have relative instance number 4,5 and 6.
diff --git a/src/main/thread.cc b/src/main/thread.cc
index f0b52cae8..b39741bb6 100644
--- a/src/main/thread.cc
+++ b/src/main/thread.cc
@@ -55,6 +55,13 @@ namespace snort
 unsigned get_instance_id()
 { return instance_id; }
 
+unsigned get_relative_instance_number()
+{ 
+    // Added +1 here so we get instance numbers starting from 1 for display purposes
+    const SnortConfig* sc = SnortConfig::get_conf();
+    return instance_id + sc->id_offset + 1;
+}
+
 SThreadType get_thread_type()
 { return thread_type; }
 
diff --git a/src/main/thread.h b/src/main/thread.h
index 972e41a37..75a97bcad 100644
--- a/src/main/thread.h
+++ b/src/main/thread.h
@@ -42,6 +42,7 @@ uint16_t get_run_num();
 namespace snort
 {
 SO_PUBLIC unsigned get_instance_id();
+SO_PUBLIC unsigned get_relative_instance_number();
 SO_PUBLIC SThreadType get_thread_type();
 
 SO_PUBLIC inline bool in_main_thread()