From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Tue, 13 Nov 2018 16:22:21 +0000 (-0500)
Subject: Merge pull request #1427 in SNORT/snort3 from ~MDAGON/snort3:resume_for_n_2 to master
X-Git-Tag: 3.0.0-250~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc2ce4271188f35f5bfa4f34f711515c53244b45;p=thirdparty%2Fsnort3.git

Merge pull request #1427 in SNORT/snort3 from ~MDAGON/snort3:resume_for_n_2 to master

Squashed commit of the following:

commit 43a577aefa680521ac85217168d9174061bdfe3b
Author: mdagon <mdagon@cisco.com>
Date:   Fri Nov 2 15:57:48 2018 -0400

    main: support resume(n) command

    resume() expanded to support an optional packet number argument.
    When provided, Snort will resume, process n packets and pause.
    In addition pause-after-n updated to support multi packet threads.
---

diff --git a/src/main.cc b/src/main.cc
index cbe6bc0a9..b703888a3 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -194,7 +194,7 @@ bool Pig::queue_command(AnalyzerCommand* ac, bool orphan)
 #ifdef DEBUG_MSGS
     unsigned ac_ref_count = ac->get();
     trace_logf(snort, "[%u] Queuing command %s for execution (refcount %u)\n",
-            idx, ac->stringify(), ac_ref_count);
+        idx, ac->stringify(), ac_ref_count);
 #else
     ac->get();
 #endif
@@ -208,13 +208,13 @@ void Pig::reap_command(AnalyzerCommand* ac)
     if (ac_ref_count == 0)
     {
         trace_logf(snort, "[%u] Destroying completed command %s\n",
-                idx, ac->stringify());
+            idx, ac->stringify());
         delete ac;
     }
 #ifdef DEBUG_MSGS
     else
         trace_logf(snort, "[%u] Reaped ongoing command %s (refcount %u)\n",
-                idx, ac->stringify(), ac_ref_count);
+            idx, ac->stringify(), ac_ref_count);
 #endif
 }
 
@@ -271,7 +271,7 @@ static AnalyzerCommand* get_command(AnalyzerCommand* ac, bool from_shell)
 void snort::main_broadcast_command(AnalyzerCommand* ac, bool from_shell)
 {
     unsigned dispatched = 0;
-    
+
     ac = get_command(ac, from_shell);
     trace_logf(snort, "Broadcasting %s command\n", ac->stringify());
 
@@ -538,9 +538,24 @@ int main_pause(lua_State* L)
 
 int main_resume(lua_State* L)
 {
-    bool from_shell = ( L != nullptr );
+    const bool from_shell = ( L != nullptr );
+
+    int pkt_num = 0;
+    if (from_shell)
+    {
+        const int num_of_args = lua_gettop(L);
+        if (num_of_args)
+        {
+            pkt_num = lua_tonumber(L, 1);
+            if (pkt_num < 1)
+            {
+                current_request->respond("Invalid usage of resume(n), n should be a number > 0\n");
+                return 0;
+            }
+        }
+    }
     current_request->respond("== resuming\n", from_shell);
-    main_broadcast_command(new ACResume(), from_shell);
+    main_broadcast_command(new ACResume(pkt_num), from_shell);
     paused = false;
     return 0;
 }
@@ -558,6 +573,7 @@ int main_dump_plugins(lua_State*)
     PluginManager::dump_plugins();
     return 0;
 }
+
 #endif
 
 int main_quit(lua_State* L)
diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 61f80a8e0..6c9caf87b 100644
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -148,10 +148,12 @@ void Analyzer::analyze()
     // The main analyzer loop is terminated by a command returning false or an error during acquire
     while (!exit_requested)
     {
-        if ( Snort::get_pause())
+        TestPause& s_pause = Snort::get_test_pause();
+        if (s_pause.get_pause())
         {
             pause();
-            Snort::clear_pause();
+            s_pause.clear_pause();
+            s_pause.set_pause_cnt(0);
             snort::LogMessage("== paused\n");
         }
         if (handle_command())
@@ -212,10 +214,14 @@ void Analyzer::pause()
             get_state_string());
 }
 
-void Analyzer::resume()
+void Analyzer::resume(int pkt_cnt)
 {
     if (state == State::PAUSED)
+    {
+        TestPause& s_pause = Snort::get_test_pause();
+        s_pause.set_pause_cnt(pkt_cnt);
         set_state(State::RUNNING);
+    }
     else
         ErrorMessage("Analyzer: Received RESUME command while in state %s\n",
             get_state_string());
diff --git a/src/main/analyzer.h b/src/main/analyzer.h
index c7fee7636..56d304f29 100644
--- a/src/main/analyzer.h
+++ b/src/main/analyzer.h
@@ -66,7 +66,7 @@ public:
     void run(bool paused = false);
     void stop();
     void pause();
-    void resume();
+    void resume(int pkt_cnt);
     void reload_daq();
 
 private:
diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc
index 8695c1e7d..e3c1f578d 100644
--- a/src/main/analyzer_command.cc
+++ b/src/main/analyzer_command.cc
@@ -57,7 +57,7 @@ void ACPause::execute(Analyzer& analyzer)
 
 void ACResume::execute(Analyzer& analyzer)
 {
-    analyzer.resume();
+    analyzer.resume(pkt_count);
 }
 
 void ACRotate::execute(Analyzer&)
diff --git a/src/main/analyzer_command.h b/src/main/analyzer_command.h
index bd990270e..ff5872195 100644
--- a/src/main/analyzer_command.h
+++ b/src/main/analyzer_command.h
@@ -55,8 +55,11 @@ public:
 class ACResume : public AnalyzerCommand
 {
 public:
+    ACResume(int n): pkt_count(n){}
     void execute(Analyzer&) override;
     const char* stringify() override { return "RESUME"; }
+private:
+    int pkt_count;
 };
 
 class ACRotate : public AnalyzerCommand
diff --git a/src/main/snort.cc b/src/main/snort.cc
index 73c6bd6bc..b845e1129 100644
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -120,6 +120,15 @@ static THREAD_LOCAL ContextSwitcher* s_switcher = nullptr;
 ContextSwitcher* Snort::get_switcher()
 { return s_switcher; }
 
+// Test util - used for pause-after-n and resume(n)
+static THREAD_LOCAL TestPause s_pause;
+
+TestPause& Snort::get_test_pause()
+{ return s_pause; }
+ 
+void TestPause::set_pause_cnt(int cnt)
+{ pause_cnt = cnt ? (cnt + pc.total_from_daq) : 0; }
+
 //-------------------------------------------------------------------------
 // perf stats
 // FIXIT-M move these to appropriate modules
@@ -214,6 +223,7 @@ static void show_source(const char* pcap)
         pcap, SFDAQ::get_snap_len());
 }
 
+
 //-------------------------------------------------------------------------
 // initialization
 //-------------------------------------------------------------------------
@@ -489,8 +499,6 @@ void Snort::clean_exit(int)
 bool Snort::initializing = true;
 bool Snort::reloading = false;
 bool Snort::privileges_dropped = false;
-bool Snort::pause = false;
-bool Snort::was_paused = false;
 
 bool Snort::is_starting()
 { return initializing; }
@@ -1028,14 +1036,18 @@ DAQ_Verdict Snort::packet_callback(
 
     if ( SnortConfig::get_conf()->pkt_cnt && pc.total_from_daq >= SnortConfig::get_conf()->pkt_cnt )
         SFDAQ::break_loop(-1);
-#ifdef REG_TEST
-    else if ( SnortConfig::get_conf()->pkt_pause_cnt && !was_paused && 
-             pc.total_from_daq >= SnortConfig::get_conf()->pkt_pause_cnt )
+
+    // Check for resume(n) 
+    else if ((s_pause.pause_cnt && pc.total_from_daq >= s_pause.pause_cnt) 
+#ifdef REG_TEST   // pause-after-n
+        || ( SnortConfig::get_conf()->pkt_pause_cnt && !s_pause.was_paused && 
+	pc.total_from_daq >= SnortConfig::get_conf()->pkt_pause_cnt )
+#endif
+	)
     {
         SFDAQ::break_loop(0);
-        was_paused = pause = true;
-    }
-#endif
+        s_pause.was_paused = s_pause.pause = true;
+    }  
     else if ( break_time() )
         SFDAQ::break_loop(0);
 
diff --git a/src/main/snort.h b/src/main/snort.h
index 5caef79cf..81969f5a4 100644
--- a/src/main/snort.h
+++ b/src/main/snort.h
@@ -36,6 +36,19 @@ struct SnortConfig;
 
 typedef void (* MainHook_f)(Packet*);
 
+class TestPause
+{
+public:
+    bool get_pause() { return pause; }
+    void clear_pause() { pause = false; }
+    void set_pause_cnt(int cnt);
+
+public:
+    bool pause = false;
+    bool was_paused = false;
+    uint64_t pause_cnt = 0;
+};
+
 class Snort
 {
 public:
@@ -71,9 +84,7 @@ public:
     static ContextSwitcher* get_switcher();
 
     SO_PUBLIC static Packet* get_packet();
-
-    static bool get_pause() { return pause; }
-    static void clear_pause() { pause = false; }
+    static TestPause& get_test_pause();
 
 private:
     static void init(int, char**);
@@ -84,9 +95,8 @@ private:
     static bool initializing;
     static bool reloading;
     static bool privileges_dropped;
-    static bool pause;
-    static bool was_paused;
 };
+
 }
 
 #endif
diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc
index 8d53d1bd3..a4e7f9afd 100644
--- a/src/main/snort_module.cc
+++ b/src/main/snort_module.cc
@@ -77,6 +77,14 @@ static const Parameter s_module[] =
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
 
+static const Parameter s_pktnum[] =
+{
+    { "pkt_num", Parameter::PT_INT, "1:", nullptr,
+      "resume and pause after pkt_num packets" },
+
+    { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
+};
+
 static const Command snort_cmds[] =
 {
     { "show_plugins", main_dump_plugins, nullptr, "show available plugins" },
@@ -93,7 +101,8 @@ static const Command snort_cmds[] =
     //{ "process", main_process, nullptr, "process given pcap" },
 
     { "pause", main_pause, nullptr, "suspend packet processing" },
-    { "resume", main_resume, nullptr, "continue packet processing" },
+    { "resume", main_resume, s_pktnum, "continue packet processing. "
+      "If number of packet is specified, will resume for n packets and pause" },
     { "detach", main_detach, nullptr, "exit shell w/o shutdown" },
     { "quit", main_quit, nullptr, "shutdown and dump-stats" },
     { "help", main_help, nullptr, "this output" },
@@ -392,7 +401,7 @@ static const Parameter s_params[] =
 
 #ifdef REG_TEST
     { "--pause-after-n", Parameter::PT_INT, "1:", nullptr,
-      "<count> pause after count packets, to be used with single packet thread only", },
+      "<count> pause after count packets", },
 #endif
 
     { "--parsing-follows-files", Parameter::PT_IMPLIED, nullptr, nullptr,