From: Juliana Fajardini Date: Tue, 21 Mar 2023 21:15:57 +0000 (-0300) Subject: stream/reassemble: add exception policy counters X-Git-Tag: suricata-8.0.0-beta1~1508 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd9a20ffcfd6fcd176efa003493b68f99ec99a63;p=thirdparty%2Fsuricata.git stream/reassemble: add exception policy counters Add stats counters for exception policies applied in case of memcap hit during stream reassembly. Task #5816 --- diff --git a/etc/schema.json b/etc/schema.json index 41eae16303..28e26df5ea 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -5367,6 +5367,11 @@ "pseudo_failed": { "type": "integer" }, + "reassembly_exception_policy": { + "description": + "How many times reassembly memcap exception policy was applied, and which one", + "$ref": "#/$defs/exceptionPolicy" + }, "reassembly_gap": { "type": "integer" }, diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 88f32adf3f..114b98e051 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2022 Open Information Security Foundation +/* Copyright (C) 2007-2024 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -1949,6 +1949,15 @@ static int StreamTcpReassembleHandleSegmentUpdateACK (ThreadVars *tv, SCReturnInt(0); } +static void StreamTcpReassembleExceptionPolicyStatsIncr( + ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, enum ExceptionPolicy policy) +{ + uint16_t id = ra_ctx->counter_tcp_reas_eps.eps_id[policy]; + if (likely(tv && id > 0)) { + StatsIncr(tv, id); + } +} + int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p) { @@ -2015,6 +2024,8 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ /* failure can only be because of memcap hit, so see if this should lead to a drop */ ExceptionPolicyApply( p, stream_config.reassembly_memcap_policy, PKT_DROP_REASON_STREAM_REASSEMBLY); + StreamTcpReassembleExceptionPolicyStatsIncr( + tv, ra_ctx, stream_config.reassembly_memcap_policy); SCReturnInt(-1); } diff --git a/src/stream-tcp-reassemble.h b/src/stream-tcp-reassemble.h index b71be74b7f..9a13b023af 100644 --- a/src/stream-tcp-reassemble.h +++ b/src/stream-tcp-reassemble.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2024 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -28,6 +28,7 @@ #include "suricata.h" #include "flow.h" #include "stream-tcp-private.h" +#include "util-exception-policy.h" /** Supported OS list and default OS policy is BSD */ enum @@ -64,6 +65,8 @@ typedef struct TcpReassemblyThreadCtx_ { /** TCP segments which are not being reassembled due to memcap was reached */ uint16_t counter_tcp_segment_memcap; + /** times exception policy for stream reassembly memcap was applied **/ + ExceptionPolicyCounters counter_tcp_reas_eps; uint16_t counter_tcp_segment_from_cache; uint16_t counter_tcp_segment_from_pool; diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 8efbd1c97c..dca1811de1 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2023 Open Information Security Foundation +/* Copyright (C) 2007-2024 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -116,6 +116,32 @@ ExceptionPolicyStatsSetts stream_memcap_eps_stats = { }; // clang-format on +/* Settings order as in the enum */ +// clang-format off +ExceptionPolicyStatsSetts stream_reassembly_memcap_eps_stats = { + .valid_settings_ids = { + /* EXCEPTION_POLICY_NOT_SET */ false, + /* EXCEPTION_POLICY_AUTO */ false, + /* EXCEPTION_POLICY_PASS_PACKET */ true, + /* EXCEPTION_POLICY_PASS_FLOW */ true, + /* EXCEPTION_POLICY_BYPASS_FLOW */ true, + /* EXCEPTION_POLICY_DROP_PACKET */ false, + /* EXCEPTION_POLICY_DROP_FLOW */ false, + /* EXCEPTION_POLICY_REJECT */ true, + }, + .valid_settings_ips = { + /* EXCEPTION_POLICY_NOT_SET */ false, + /* EXCEPTION_POLICY_AUTO */ false, + /* EXCEPTION_POLICY_PASS_PACKET */ true, + /* EXCEPTION_POLICY_PASS_FLOW */ true, + /* EXCEPTION_POLICY_BYPASS_FLOW */ true, + /* EXCEPTION_POLICY_DROP_PACKET */ true, + /* EXCEPTION_POLICY_DROP_FLOW */ true, + /* EXCEPTION_POLICY_REJECT */ true, + }, +}; +// clang-format on + static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *, TcpSession *, Packet *); void StreamTcpReturnStreamSegments (TcpStream *); void StreamTcpInitConfig(bool); @@ -728,6 +754,14 @@ void StreamTcpFreeConfig(bool quiet) SCLogDebug("ssn_pool_cnt %"PRIu64"", ssn_pool_cnt); } +static bool IsReassemblyMemcapExceptionPolicyStatsValid(enum ExceptionPolicy exception_policy) +{ + if (EngineModeIsIPS()) { + return stream_reassembly_memcap_eps_stats.valid_settings_ips[exception_policy]; + } + return stream_reassembly_memcap_eps_stats.valid_settings_ids[exception_policy]; +} + static bool IsStreamTcpSessionMemcapExceptionPolicyStatsValid(enum ExceptionPolicy policy) { if (EngineModeIsIPS()) { @@ -5825,6 +5859,11 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data) SCReturnInt(TM_ECODE_FAILED); stt->ra_ctx->counter_tcp_segment_memcap = StatsRegisterCounter("tcp.segment_memcap_drop", tv); + + ExceptionPolicySetStatsCounters(tv, &stt->ra_ctx->counter_tcp_reas_eps, + &stream_reassembly_memcap_eps_stats, stream_config.reassembly_memcap_policy, + "tcp.reassembly_exception_policy.", IsReassemblyMemcapExceptionPolicyStatsValid); + stt->ra_ctx->counter_tcp_segment_from_cache = StatsRegisterCounter("tcp.segment_from_cache", tv); stt->ra_ctx->counter_tcp_segment_from_pool = StatsRegisterCounter("tcp.segment_from_pool", tv);