From: Adrian Mamolea (admamole) <admamole@cisco.com>
Date: Tue, 11 Jul 2023 17:12:41 +0000 (+0000)
Subject: Pull request #3894: rna: add stats for rna graphs
X-Git-Tag: 3.1.66.0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2f64e42c9c58711ad994574be81d632b6e58a43;p=thirdparty%2Fsnort3.git

Pull request #3894: rna: add stats for rna graphs

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:rna_graphs to master

Squashed commit of the following:

commit 92a7848dfd79dfcd809a1501165f7325b42af2d3
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Wed Jun 14 08:42:16 2023 -0400

    rna: add stats for rna graphs
---

diff --git a/src/network_inspectors/rna/rna_event_handler.cc b/src/network_inspectors/rna/rna_event_handler.cc
index aaec81ec8..3db23dc11 100644
--- a/src/network_inspectors/rna/rna_event_handler.cc
+++ b/src/network_inspectors/rna/rna_event_handler.cc
@@ -32,6 +32,7 @@ void RnaAppidEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.appid_change;
+    update_rna_pkt_stats(event);
     pnd.analyze_appid_changes(event);
 }
 
@@ -39,6 +40,7 @@ void RnaIcmpBidirectionalEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.icmp_bidirectional;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_icmp(event.get_packet());
 }
 
@@ -46,6 +48,7 @@ void RnaIcmpNewFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.icmp_new;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_icmp(event.get_packet());
 }
 
@@ -53,6 +56,7 @@ void RnaIpBidirectionalEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.ip_bidirectional;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_ip(event.get_packet());
 }
 
@@ -60,6 +64,7 @@ void RnaIpNewFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.ip_new;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_ip(event.get_packet());
 }
 
@@ -67,6 +72,7 @@ void RnaTcpSynEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.tcp_syn;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_tcp(event.get_packet(), TcpPacketType::SYN);
 }
 
@@ -74,6 +80,7 @@ void RnaTcpSynAckEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.tcp_syn_ack;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_tcp(event.get_packet(), TcpPacketType::SYN_ACK);
 }
 
@@ -81,6 +88,7 @@ void RnaTcpMidstreamEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.tcp_midstream;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_tcp(event.get_packet(), TcpPacketType::MIDSTREAM);
 }
 
@@ -88,6 +96,7 @@ void RnaUdpBidirectionalEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.udp_bidirectional;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_udp(event.get_packet());
 }
 
@@ -95,14 +104,15 @@ void RnaUdpNewFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.udp_new;
+    update_rna_pkt_stats(event);
     pnd.analyze_flow_udp(event.get_packet());
 }
 
 void RnaIdleEventHandler::handle(DataEvent& event, Flow*)
 {
-    UNUSED(event);
     Profile profile(rna_perf_stats);
     ++rna_stats.change_host_update;
+    update_rna_pkt_stats(event);
     pnd.generate_change_host_update();
 }
 
@@ -110,6 +120,7 @@ void RnaDHCPInfoEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.dhcp_info;
+    update_rna_pkt_stats(event);
     pnd.add_dhcp_info(event);
 }
 
@@ -117,6 +128,7 @@ void RnaDHCPDataEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.dhcp_data;
+    update_rna_pkt_stats(event);
     pnd.analyze_dhcp_fingerprint(event);
 }
 
@@ -124,6 +136,7 @@ void RnaFpSMBEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.smb;
+    update_rna_pkt_stats(event);
     pnd.analyze_smb_fingerprint(event);
 }
 
@@ -131,6 +144,7 @@ void RnaCPEOSInfoEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.cpe_os;
+    update_rna_pkt_stats(event);
     pnd.analyze_cpe_os_info(event);
 }
 
@@ -138,5 +152,6 @@ void RnaNetFlowEventHandler::handle(DataEvent& event, Flow*)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.netflow_record;
+    update_rna_pkt_stats(event);
     pnd.analyze_netflow(event);
 }
diff --git a/src/network_inspectors/rna/rna_event_handler.h b/src/network_inspectors/rna/rna_event_handler.h
index 1f49b57f1..b6faa45c6 100644
--- a/src/network_inspectors/rna/rna_event_handler.h
+++ b/src/network_inspectors/rna/rna_event_handler.h
@@ -26,6 +26,17 @@
 #include "rna_module.h"
 #include "rna_pnd.h"
 
+inline static void update_rna_pkt_stats(const snort::Packet* p)
+{
+    ++rna_stats.total_packets_in_interval;
+    rna_stats.total_bytes_in_interval += p->pktlen;
+}
+
+inline static void update_rna_pkt_stats(snort::DataEvent& event)
+{
+    update_rna_pkt_stats(event.get_packet());
+}
+
 class RnaAppidEventHandler : public snort::DataHandler
 {
 public:
diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc
index 46946b75a..92eb8328b 100644
--- a/src/network_inspectors/rna/rna_inspector.cc
+++ b/src/network_inspectors/rna/rna_inspector.cc
@@ -134,6 +134,7 @@ void RnaInspector::eval(Packet* p)
 {
     Profile profile(rna_perf_stats);
     ++rna_stats.other_packets;
+    update_rna_pkt_stats(p);
 
     assert( !p->flow );
     assert( !(BIT((unsigned)p->type()) & PROTO_BIT__ANY_SSN) );
diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc
index 70c16820d..7e8dac0f7 100644
--- a/src/network_inspectors/rna/rna_logger.cc
+++ b/src/network_inspectors/rna/rna_logger.cc
@@ -248,6 +248,7 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_
     }
 
     EventManager::call_loggers(nullptr, const_cast<Packet*>(p), "RNA", &rle);
+    ++rna_stats.total_events_in_interval;
 
 #ifdef DEBUG_MSGS
     rna_logger_message(rle, p);
diff --git a/src/network_inspectors/rna/rna_module.cc b/src/network_inspectors/rna/rna_module.cc
index 012c9bd41..f55a6a5d9 100644
--- a/src/network_inspectors/rna/rna_module.cc
+++ b/src/network_inspectors/rna/rna_module.cc
@@ -388,6 +388,9 @@ static const PegInfo rna_pegs[] =
     { CountType::SUM, "dhcp_info", "count of new DHCP lease events received" },
     { CountType::SUM, "smb", "count of new SMB events received" },
     { CountType::SUM, "netflow_record", "count of netflow record events received" },
+    { CountType::SUM, "total_events_in_interval", "count of RNA events generated" },
+    { CountType::SUM, "total_packets_in_interval", "count of packets processed" },
+    { CountType::SUM, "total_bytes_in_interval", "count of bytes processed" },
     { CountType::END, nullptr, nullptr},
 };
 
diff --git a/src/network_inspectors/rna/rna_module.h b/src/network_inspectors/rna/rna_module.h
index d97f30d98..442dab599 100644
--- a/src/network_inspectors/rna/rna_module.h
+++ b/src/network_inspectors/rna/rna_module.h
@@ -55,6 +55,9 @@ struct RnaStats
     PegCount dhcp_info;
     PegCount smb;
     PegCount netflow_record;
+    PegCount total_events_in_interval;
+    PegCount total_packets_in_interval;
+    PegCount total_bytes_in_interval;
 };
 
 extern THREAD_LOCAL RnaStats rna_stats;