From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Sun, 27 Oct 2024 14:13:07 +0000 (-0400)
Subject: app-layer/stats: Expand memuse/memcap handling
X-Git-Tag: suricata-8.0.0-beta1~713
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b30df19f1a468ef793f3305aed1ca0c388302307;p=thirdparty%2Fsuricata.git

app-layer/stats: Expand memuse/memcap handling

This commit adds memcap/memuse handling to the unix-socket interface:
- ftp
- http-byterange
- host

New stats:
- ippair: memuse, memcap
- host: memuse, memcap
- http-byterange: memuse, memcap
---

diff --git a/etc/schema.json b/etc/schema.json
index cf03a2db30..08959e3c7a 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -6389,6 +6389,42 @@
                     "additionalProperties": false
                 },
                 "http": {
+                    "type": "object",
+                    "properties": {
+                        "memcap": {
+                            "type": "integer"
+                        },
+                        "memuse": {
+                            "type": "integer"
+                        },
+                        "byterange": {
+                            "type": "object",
+                            "properties": {
+                                "memcap": {
+                                    "type": "integer"
+                                },
+                                "memuse": {
+                                    "type": "integer"
+                                }
+                            },
+                            "additionalProperties": false
+                        }
+                    },
+                    "additionalProperties": false
+                },
+                "host": {
+                    "type": "object",
+                    "properties": {
+                        "memcap": {
+                            "type": "integer"
+                        },
+                        "memuse": {
+                            "type": "integer"
+                        }
+                    },
+                    "additionalProperties": false
+                },
+                "ippair": {
                     "type": "object",
                     "properties": {
                         "memcap": {
diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c
index a1a99d4bd7..15238b9f65 100644
--- a/src/app-layer-ftp.c
+++ b/src/app-layer-ftp.c
@@ -174,6 +174,16 @@ uint64_t FTPMemcapGlobalCounter(void)
     return tmpval;
 }
 
+int FTPSetMemcap(uint64_t size)
+{
+    if ((uint64_t)SC_ATOMIC_GET(ftp_memcap) < size) {
+        SC_ATOMIC_SET(ftp_memcap, size);
+        return 1;
+    }
+
+    return 0;
+}
+
 /**
  *  \brief Check if alloc'ing "size" would mean we're over memcap
  *
diff --git a/src/app-layer-ftp.h b/src/app-layer-ftp.h
index 5be11d81f8..e69415d8cf 100644
--- a/src/app-layer-ftp.h
+++ b/src/app-layer-ftp.h
@@ -185,6 +185,7 @@ typedef struct FtpDataState_ {
 void RegisterFTPParsers(void);
 void FTPParserRegisterTests(void);
 void FTPParserCleanup(void);
+int FTPSetMemcap(uint64_t size);
 uint64_t FTPMemuseGlobalCounter(void);
 uint64_t FTPMemcapGlobalCounter(void);
 
diff --git a/src/app-layer-htp-range.c b/src/app-layer-htp-range.c
index b1f2b62423..9e8a4e1e64 100644
--- a/src/app-layer-htp-range.c
+++ b/src/app-layer-htp-range.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 Open Information Security Foundation
+/* Copyright (C) 2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -42,6 +42,28 @@ static void HttpRangeBlockDerefContainer(HttpRangeContainerBlock *b);
 
 #define CONTAINER_URLRANGE_HASH_SIZE 256
 
+int HTPByteRangeSetMemcap(uint64_t size)
+{
+    if (size == 0 || (uint64_t)SC_ATOMIC_GET(ContainerUrlRangeList.ht->memuse) < size) {
+        SC_ATOMIC_SET(ContainerUrlRangeList.ht->config.memcap, size);
+        return 1;
+    }
+
+    return 0;
+}
+
+uint64_t HTPByteRangeMemcapGlobalCounter(void)
+{
+    uint64_t tmpval = SC_ATOMIC_GET(ContainerUrlRangeList.ht->config.memcap);
+    return tmpval;
+}
+
+uint64_t HTPByteRangeMemuseGlobalCounter(void)
+{
+    uint64_t tmpval = SC_ATOMIC_GET(ContainerUrlRangeList.ht->memuse);
+    return tmpval;
+}
+
 int HttpRangeContainerBufferCompare(HttpRangeContainerBuffer *a, HttpRangeContainerBuffer *b)
 {
     // lexical order : start, buflen, offset
diff --git a/src/app-layer-htp-range.h b/src/app-layer-htp-range.h
index fb0dc5b768..8fb561020b 100644
--- a/src/app-layer-htp-range.h
+++ b/src/app-layer-htp-range.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 Open Information Security Foundation
+/* Copyright (C) 2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -111,4 +111,8 @@ HttpRangeContainerBlock *HttpRangeContainerOpenFile(const unsigned char *key, ui
 
 void HttpRangeFreeBlock(HttpRangeContainerBlock *b);
 
+uint64_t HTPByteRangeMemcapGlobalCounter(void);
+uint64_t HTPByteRangeMemuseGlobalCounter(void);
+int HTPByteRangeSetMemcap(uint64_t);
+
 #endif /* SURICATA_APP_LAYER_HTP_RANGE_H */
diff --git a/src/app-layer.c b/src/app-layer.c
index 94f99f44f8..9654c7d82e 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -31,6 +31,7 @@
 #include "app-layer-protos.h"
 #include "app-layer-expectation.h"
 #include "app-layer-ftp.h"
+#include "app-layer-htp-range.h"
 #include "app-layer-detect-proto.h"
 #include "app-layer-frames.h"
 #include "stream-tcp-reassemble.h"
@@ -1113,6 +1114,12 @@ void AppLayerRegisterGlobalCounters(void)
     StatsRegisterGlobalCounter("ftp.memuse", FTPMemuseGlobalCounter);
     StatsRegisterGlobalCounter("ftp.memcap", FTPMemcapGlobalCounter);
     StatsRegisterGlobalCounter("app_layer.expectations", ExpectationGetCounter);
+    StatsRegisterGlobalCounter("http.byterange.memuse", HTPByteRangeMemuseGlobalCounter);
+    StatsRegisterGlobalCounter("http.byterange.memcap", HTPByteRangeMemcapGlobalCounter);
+    StatsRegisterGlobalCounter("ippair.memuse", IPPairGetMemuse);
+    StatsRegisterGlobalCounter("ippair.memcap", IPPairGetMemuse);
+    StatsRegisterGlobalCounter("host.memuse", HostGetMemuse);
+    StatsRegisterGlobalCounter("host.memcap", HostGetMemcap);
 }
 
 static bool IsAppLayerErrorExceptionPolicyStatsValid(enum ExceptionPolicy policy)
diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c
index bdb9156d5b..3c390e99a6 100644
--- a/src/runmode-unix-socket.c
+++ b/src/runmode-unix-socket.c
@@ -44,7 +44,9 @@
 #include "defrag-hash.h"
 #include "ippair.h"
 #include "app-layer.h"
+#include "app-layer-ftp.h"
 #include "app-layer-htp-mem.h"
+#include "app-layer-htp-range.h"
 #include "host-bit.h"
 
 #include "util-misc.h"
@@ -97,9 +99,12 @@ static MemcapCommand memcaps[] = {
             StreamTcpReassembleMemuseGlobalCounter },
     { "flow", FlowSetMemcap, FlowGetMemcap, FlowGetMemuse },
     { "applayer-proto-http", HTPSetMemcap, HTPGetMemcap, HTPMemuseGlobalCounter },
+    { "applayer-proto-http-byterange", HTPByteRangeSetMemcap, HTPByteRangeMemcapGlobalCounter,
+            HTPByteRangeMemuseGlobalCounter },
     { "defrag", DefragTrackerSetMemcap, DefragTrackerGetMemcap, DefragTrackerGetMemuse },
     { "ippair", IPPairSetMemcap, IPPairGetMemcap, IPPairGetMemuse },
     { "host", HostSetMemcap, HostGetMemcap, HostGetMemuse },
+    { "ftp", FTPSetMemcap, FTPMemcapGlobalCounter, FTPMemuseGlobalCounter },
 };
 
 float MemcapsGetPressure(void)