From d81dc2c4de263cf01e4f8eef60f6e5c8d04e1c52 Mon Sep 17 00:00:00 2001 From: "Naveen Gujje (ngujje)" Date: Tue, 9 Feb 2021 08:02:35 +0000 Subject: [PATCH] Merge pull request #2668 in SNORT/snort3 from ~SUNIMUKH/snort3:clear_counter to master Squashed commit of the following: commit edc690f9464477764c96dbc175411d6e2b0e543f Author: Sunirmal Mukherjee Date: Tue Dec 8 03:14:39 2020 -0500 snort: clear snort counter for modules, daq, file_id, appid --- src/file_api/file_module.cc | 5 ++ src/file_api/file_module.h | 2 + src/file_api/file_stats.cc | 8 ++++ src/file_api/file_stats.h | 1 + src/flow/expect_cache.h | 7 +++ src/framework/module.cc | 19 ++++++-- src/main.cc | 9 ++++ src/main.h | 1 + src/main/analyzer_command.cc | 9 ++++ src/main/analyzer_command.h | 34 ++++++++++++++ src/main/snort.cc | 4 +- src/main/snort_module.cc | 1 + src/managers/module_manager.cc | 47 +++++++++++++++++++ src/managers/module_manager.h | 2 + src/network_inspectors/appid/appid_module.cc | 6 +++ src/network_inspectors/appid/appid_module.h | 2 + .../appid/appid_peg_counts.cc | 22 +++++++-- .../appid/appid_peg_counts.h | 1 + .../test/http_url_patterns_test.cc | 1 + .../appid/test/appid_api_test.cc | 2 + .../appid/test/appid_detector_test.cc | 2 + .../appid/test/appid_discovery_test.cc | 1 + .../appid/test/appid_http_event_test.cc | 1 + .../appid/test/appid_http_session_test.cc | 2 + .../appid/test/appid_session_api_test.cc | 1 + src/packet_io/sfdaq_module.cc | 5 ++ src/packet_io/sfdaq_module.h | 1 + src/packet_io/trough.h | 4 ++ src/protocols/packet_manager.cc | 6 +++ src/protocols/packet_manager.h | 2 + src/stream/base/stream_base.cc | 15 +++++- src/stream/base/stream_module.h | 2 +- src/stream/tcp/tcp_module.cc | 6 +++ src/stream/tcp/tcp_module.h | 2 + src/stream/tcp/tcp_normalizer.cc | 6 +++ src/stream/tcp/tcp_normalizer.h | 1 + 36 files changed, 227 insertions(+), 13 deletions(-) diff --git a/src/file_api/file_module.cc b/src/file_api/file_module.cc index 7f42b87d6..fa5e1606b 100644 --- a/src/file_api/file_module.cc +++ b/src/file_api/file_module.cc @@ -506,3 +506,8 @@ void FileIdModule::show_dynamic_stats() file_stats_print(); } +void FileIdModule::reset_stats() +{ + file_stats_clear(); + Module::reset_stats(); +} diff --git a/src/file_api/file_module.h b/src/file_api/file_module.h index 7f7bc48d9..bec62194d 100644 --- a/src/file_api/file_module.h +++ b/src/file_api/file_module.h @@ -51,6 +51,8 @@ public: void load_config(FileConfig*& dst); + void reset_stats() override; + Usage get_usage() const override { return GLOBAL; } diff --git a/src/file_api/file_stats.cc b/src/file_api/file_stats.cc index 237f93d7e..8b8958f9e 100644 --- a/src/file_api/file_stats.cc +++ b/src/file_api/file_stats.cc @@ -68,6 +68,14 @@ void file_stats_sum() } } +void file_stats_clear() +{ + memset(&file_counts, 0, sizeof(file_counts)); + memset(&file_totals, 0, sizeof(file_totals)); + if (file_stats) + memset(file_stats, 0, sizeof(*file_stats)); +} + void file_stats_print() { uint64_t processed_total[2]; diff --git a/src/file_api/file_stats.h b/src/file_api/file_stats.h index 64de22ef8..b4eb524d2 100644 --- a/src/file_api/file_stats.h +++ b/src/file_api/file_stats.h @@ -74,6 +74,7 @@ void file_stats_term(); void file_stats_sum(); void file_stats_print(); +void file_stats_clear(); #endif diff --git a/src/flow/expect_cache.h b/src/flow/expect_cache.h index 44b62babf..2aa434eda 100644 --- a/src/flow/expect_cache.h +++ b/src/flow/expect_cache.h @@ -107,6 +107,13 @@ public: unsigned long get_realized() { return realized; } unsigned long get_prunes() { return prunes; } unsigned long get_overflows() { return overflows; } + void reset_stats() + { + expects = 0; + realized = 0; + prunes = 0; + overflows = 0; + } private: void prune_lru(); diff --git a/src/framework/module.cc b/src/framework/module.cc index 582abfcad..2b3daced4 100644 --- a/src/framework/module.cc +++ b/src/framework/module.cc @@ -126,13 +126,19 @@ void Module::show_stats() void Module::reset_stats() { + PegCount* p = get_counts(); + + if ( !p ) + return; + + const PegInfo* pegs = get_pegs(); + + if ( !pegs ) + return; + if ( num_counts <= 0 ) { num_counts = 0; - const PegInfo* pegs = get_pegs(); - - if ( !pegs ) - return; while ( pegs[num_counts].name ) ++num_counts; @@ -141,7 +147,12 @@ void Module::reset_stats() } for ( int i = 0; i < num_counts; i++ ) + { counts[i] = 0; + + if ( pegs[i].type != CountType::NOW ) + p[i] = 0; + } } PegCount Module::get_global_count(const char* name) const diff --git a/src/main.cc b/src/main.cc index 8282d9ed4..89f340161 100644 --- a/src/main.cc +++ b/src/main.cc @@ -320,6 +320,15 @@ int main_dump_stats(lua_State* L) return 0; } +int main_reset_stats(lua_State* L) +{ + int type = luaL_optint(L, 1, 0); + bool from_shell = ( L != nullptr ); + current_request->respond("== clearing stats\n", from_shell); + main_broadcast_command(new ACResetStats(static_cast(type)), true); + return 0; +} + int main_rotate_stats(lua_State* L) { bool from_shell = ( L != nullptr ); diff --git a/src/main.h b/src/main.h index 22d2710d1..479b533af 100644 --- a/src/main.h +++ b/src/main.h @@ -31,6 +31,7 @@ SharedRequest get_current_request(); // commands provided by the snort module int main_delete_inspector(lua_State* = nullptr); int main_dump_stats(lua_State* = nullptr); +int main_reset_stats(lua_State* = nullptr); int main_rotate_stats(lua_State* = nullptr); int main_reload_config(lua_State* = nullptr); int main_reload_policy(lua_State* = nullptr); diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc index 64cfe2438..1afa76eb8 100644 --- a/src/main/analyzer_command.cc +++ b/src/main/analyzer_command.cc @@ -94,6 +94,15 @@ ACGetStats::~ACGetStats() LogMessage("==================================================\n"); // Marking End of stats } +bool ACResetStats::execute(Analyzer&, void**) +{ + ModuleManager::reset_stats(requested_type); + return true; +} + +ACResetStats::ACResetStats(clear_counter_type_t requested_type_l) : requested_type( + requested_type_l) { } + ACSwap::ACSwap(Swapper* ps, SharedRequest req, bool from_shell) : ps(ps), request(req), from_shell(from_shell) { assert(Swapper::get_reload_in_progress() == false); diff --git a/src/main/analyzer_command.h b/src/main/analyzer_command.h index 1c9d904ec..e16f6bda5 100644 --- a/src/main/analyzer_command.h +++ b/src/main/analyzer_command.h @@ -53,6 +53,40 @@ public: ~ACGetStats() override; }; +typedef enum clear_counter_type +{ + TYPE_UNKNOWN=-1, + TYPE_DAQ=0, + TYPE_MODULE, + TYPE_APPID, + TYPE_FILE_ID, + TYPE_SNORT, + TYPE_HA +} clear_counter_type_t; + +// FIXIT-M Will replace this vector with an unordered map of +// when +// will come up with more granular form of clearing module stats. +static std::vector clear_counter_type_string_map +{ + "daq", + "module", + "appid", + "file_id", + "snort", + "high_availability" +}; + +class ACResetStats : public snort::AnalyzerCommand +{ +public: + explicit ACResetStats(clear_counter_type_t requested_type); + bool execute(Analyzer&, void**) override; + const char* stringify() override { return "RESET_STATS"; } +private: + clear_counter_type_t requested_type; +}; + class ACPause : public snort::AnalyzerCommand { public: diff --git a/src/main/snort.cc b/src/main/snort.cc index 4680e30fb..bd3b901e9 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -182,6 +182,8 @@ void Snort::init(int argc, char** argv) HighAvailabilityManager::configure(sc->ha_config); + ModuleManager::reset_stats(sc); + if (sc->alert_before_pass()) sc->rule_order = "reset block drop alert pass log"; @@ -205,8 +207,6 @@ void Snort::init(int argc, char** argv) // Must be after InspectorManager::configure() FileService::post_init(sc); - ModuleManager::reset_stats(sc); - if (sc->file_mask != 0) umask(sc->file_mask); else diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index 5f83814cc..a48bfd473 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -106,6 +106,7 @@ static const Command snort_cmds[] = "delete an inspector from the default policy" }, { "dump_stats", main_dump_stats, nullptr, "show summary statistics" }, + { "reset_stats", main_reset_stats, nullptr, "clear summary statistics" }, { "rotate_stats", main_rotate_stats, nullptr, "roll perfmonitor log files" }, { "reload_config", main_reload_config, s_reload_w_path, "load new configuration" }, { "reload_policy", main_reload_policy, s_reload, "reload part or all of the default policy" }, diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 2cab9293d..9694d7951 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -46,6 +46,7 @@ #include "parser/parse_conf.h" #include "parser/parser.h" #include "profiler/profiler.h" +#include "protocols/packet_manager.h" #include "utils/util.h" #include "plugin_manager.h" @@ -1387,6 +1388,52 @@ void ModuleManager::reset_stats(SnortConfig*) } } +void ModuleManager::reset_stats(clear_counter_type_t type) +{ + if ( type != TYPE_MODULE and type != TYPE_UNKNOWN ) + { + ModHook* mh = get_hook(clear_counter_type_string_map[type]); + if ( mh and mh->mod ) + { + lock_guard lock(stats_mutex); + mh->mod->reset_stats(); + } + + } + else + { + auto mod_hooks = get_all_modhooks(); + for ( auto* mh : mod_hooks ) + { + bool ignore = false; + + // FIXIT-M Will remove this for loop when will come up with more + // granular form of clearing module stats. + for ( int i = 0; i < static_cast(clear_counter_type_string_map.size()); i++ ) + { + if ( !strcmp(mh->mod->get_name(), clear_counter_type_string_map[i]) ) + { + ignore = true; + break; + } + } + + if ( type == TYPE_UNKNOWN or !ignore ) + { + lock_guard lock(stats_mutex); + mh->mod->reset_stats(); + } + } + } + if ( type == TYPE_DAQ or type == TYPE_UNKNOWN ) + { + lock_guard lock(stats_mutex); + PacketManager::reset_stats(); + } +} + + + //------------------------------------------------------------------------- // parameter loading //------------------------------------------------------------------------- diff --git a/src/managers/module_manager.h b/src/managers/module_manager.h index fc0d53b8d..0a33a0fcb 100644 --- a/src/managers/module_manager.h +++ b/src/managers/module_manager.h @@ -28,6 +28,7 @@ #include #include +#include "main/analyzer_command.h" #include "main/snort_types.h" //------------------------------------------------------------------------- @@ -87,6 +88,7 @@ public: static void accumulate(); static void accumulate_offload(const char* name); static void reset_stats(SnortConfig*); + static void reset_stats(clear_counter_type_t); static std::set gids; SO_PUBLIC static std::mutex stats_mutex; diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 91809baaf..788875ec8 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -540,6 +540,12 @@ void AppIdModule::show_dynamic_stats() AppIdPegCounts::print(); } +void AppIdModule::reset_stats() +{ + AppIdPegCounts::cleanup_dynamic_sum(); + Module::reset_stats(); +} + bool AppIdReloadTuner::tinit() { return AppIdServiceState::initialize(memcap); diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index 68a6c363a..408444439 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -88,6 +88,8 @@ public: const AppIdConfig* get_data(); + void reset_stats() override; + Usage get_usage() const override { return CONTEXT; } void sum_stats(bool) override; diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc index ec28957d8..1abfbfacd 100644 --- a/src/network_inspectors/appid/appid_peg_counts.cc +++ b/src/network_inspectors/appid/appid_peg_counts.cc @@ -55,6 +55,20 @@ void AppIdPegCounts::cleanup_peg_info() appid_detector_pegs_idx.clear(); } +void AppIdPegCounts::cleanup_dynamic_sum() +{ + if ( !appid_peg_counts ) + return; + + for ( unsigned app_num = 0; app_num < AppIdPegCounts::appid_detectors_info.size(); app_num++ ) + { + memset(appid_dynamic_sum[app_num].stats, 0, sizeof(PegCount) * + DetectorPegs::NUM_APPID_DETECTOR_PEGS); + memset((*appid_peg_counts)[app_num].stats, 0, sizeof(PegCount) * + DetectorPegs::NUM_APPID_DETECTOR_PEGS); + } +} + void AppIdPegCounts::add_app_peg_info(std::string app_name, AppId app_id) { std::replace(app_name.begin(), app_name.end(), ' ', '_'); @@ -68,7 +82,7 @@ void AppIdPegCounts::sum_stats() if (!appid_peg_counts) return; - const unsigned peg_num = appid_peg_counts->size() - 1; + const unsigned peg_num = appid_peg_counts->size() ? (appid_peg_counts->size() - 1) : 0; const AppIdDynamicPeg* ptr = (AppIdDynamicPeg*)appid_peg_counts->data(); for ( unsigned i = 0; i < peg_num; ++i ) @@ -86,7 +100,7 @@ void AppIdPegCounts::update_service_count(AppId id, bool increment) { if (increment) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++; - else + else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]--; } @@ -94,7 +108,7 @@ void AppIdPegCounts::update_client_count(AppId id, bool increment) { if (increment) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++; - else + else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]--; } @@ -102,7 +116,7 @@ void AppIdPegCounts::update_payload_count(AppId id, bool increment) { if (increment) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++; - else + else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]--; } diff --git a/src/network_inspectors/appid/appid_peg_counts.h b/src/network_inspectors/appid/appid_peg_counts.h index 2c0219abe..b77ae553b 100644 --- a/src/network_inspectors/appid/appid_peg_counts.h +++ b/src/network_inspectors/appid/appid_peg_counts.h @@ -80,6 +80,7 @@ public: static void init_pegs(); static void cleanup_pegs(); static void cleanup_peg_info(); + static void cleanup_dynamic_sum(); static void update_service_count(AppId id, bool increment); static void update_client_count(AppId id, bool increment); diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 3d94c40f4..631d4af8d 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -75,6 +75,7 @@ int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) DnsPatternMatchers::~DnsPatternMatchers() { } SipPatternMatchers::~SipPatternMatchers() { } SslPatternMatchers::~SslPatternMatchers() { } +void AppIdModule::reset_stats() {} TEST_GROUP(http_url_patterns_tests) { diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index d581d8d9d..465a768c9 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -67,6 +67,8 @@ AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) : StashGenericObject(STASH_GENERIC_OBJECT_APPID) {} } +void AppIdModule::reset_stats() {} + class DummyInspector : public snort::Inspector { public: diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index 2f7491dd3..f4e46aa2d 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -49,6 +49,8 @@ void ApplicationDescriptor::set_id( void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} +void AppIdModule::reset_stats() {} + class TestDetector : public AppIdDetector { public: diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index fd2d4ca33..d23faa2d6 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -108,6 +108,7 @@ void IpApi::set(const SfIp& sip, const SfIp& dip) AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) : StashGenericObject(STASH_GENERIC_OBJECT_APPID) {} } // namespace snort +void AppIdModule::reset_stats() {} // Stubs for publish void DataBus::publish(const char*, DataEvent& event, Flow*) diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index 1ef7d05f5..02809c2e1 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -89,6 +89,7 @@ AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol, AppidSes { return nullptr; } +void AppIdModule::reset_stats() {} void AppIdSession::set_application_ids_service(AppId, AppidChangeBits&) {} void AppIdSession::set_ss_application_ids(AppId, AppId, AppId, AppId, AppId, AppidChangeBits&) {} AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index) const diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index c046bd0a0..b23f4e528 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -145,6 +145,8 @@ bool AppIdSession::is_tp_appid_available() const return true; } +void AppIdModule::reset_stats() {} + // AppIdDebug mock functions void AppIdDebug::activate(const uint32_t*, const uint32_t*, uint16_t, uint16_t, IpProtocol, const int, uint16_t, const AppIdSession*, bool, diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index 9c86bae12..9e7e0ad82 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -37,6 +37,7 @@ static OdpContext odpctxt(config, nullptr); static Flow flow; void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void AppIdModule::reset_stats() {} Inspector* InspectorManager::get_inspector(char const*, bool, const snort::SnortConfig*) { diff --git a/src/packet_io/sfdaq_module.cc b/src/packet_io/sfdaq_module.cc index 119640ac8..db27ba1d1 100644 --- a/src/packet_io/sfdaq_module.cc +++ b/src/packet_io/sfdaq_module.cc @@ -258,3 +258,8 @@ void SFDAQModule::prep_counts() prev_daq_stats = new_daq_stats; } +void SFDAQModule::reset_stats() +{ + Trough::clear_file_count(); + Module::reset_stats(); +} diff --git a/src/packet_io/sfdaq_module.h b/src/packet_io/sfdaq_module.h index 736947bb0..4c236eb62 100644 --- a/src/packet_io/sfdaq_module.h +++ b/src/packet_io/sfdaq_module.h @@ -42,6 +42,7 @@ public: const PegInfo* get_pegs() const override; PegCount* get_counts() const override; void prep_counts() override; + void reset_stats() override; bool counts_need_prep() const override { return true; } diff --git a/src/packet_io/trough.h b/src/packet_io/trough.h index e5f5c2559..60f674b79 100644 --- a/src/packet_io/trough.h +++ b/src/packet_io/trough.h @@ -48,6 +48,10 @@ public: { return file_count; } + static void clear_file_count() + { + file_count = 0; + } static unsigned get_queue_size() { return pcap_queue.size(); diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index f5450bfb1..843260338 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -882,6 +882,12 @@ void PacketManager::dump_stats() (unsigned int)pkt_names.size(), "codec"); } +void PacketManager::reset_stats() +{ + std::fill(std::begin(g_stats), std::end(g_stats), 0); + std::fill(std::begin(s_stats), std::end(s_stats), 0); +} + void PacketManager::accumulate() { static std::mutex stats_mutex; diff --git a/src/protocols/packet_manager.h b/src/protocols/packet_manager.h index fd9806e41..c9b395ddc 100644 --- a/src/protocols/packet_manager.h +++ b/src/protocols/packet_manager.h @@ -109,6 +109,8 @@ public: // print codec information. MUST be called after thread_term. static void dump_stats(); + static void reset_stats(); + // Get the name of the given protocol ID static const char* get_proto_name(ProtocolId); diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc index 2de2a211b..df1e7dbae 100644 --- a/src/stream/base/stream_base.cc +++ b/src/stream/base/stream_base.cc @@ -113,7 +113,7 @@ void base_sum() { sum_stats((PegCount*)&g_stats, (PegCount*)&stream_base_stats, array_size(base_pegs) - 1); - base_reset(); + base_reset(false); } void base_stats() @@ -121,12 +121,23 @@ void base_stats() show_stats((PegCount*)&g_stats, base_pegs, array_size(base_pegs) - 1, MOD_NAME); } -void base_reset() +void base_reset(bool reset_all) { if ( flow_con ) flow_con->clear_counts(); memset(&stream_base_stats, 0, sizeof(stream_base_stats)); + + if ( reset_all ) + { + if ( flow_con ) + { + ExpectCache* exp_cache = flow_con->get_exp_cache(); + if ( exp_cache ) + exp_cache->reset_stats(); + } + memset(&g_stats, 0, sizeof(g_stats)); + } } //------------------------------------------------------------------------- diff --git a/src/stream/base/stream_module.h b/src/stream/base/stream_module.h index a789bc5a0..5979f73f4 100644 --- a/src/stream/base/stream_module.h +++ b/src/stream/base/stream_module.h @@ -168,6 +168,6 @@ private: extern void base_prep(); extern void base_sum(); extern void base_stats(); -extern void base_reset(); +extern void base_reset(bool reset_all=true); #endif diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index d1642490c..18b9dad8d 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -23,6 +23,7 @@ #endif #include "tcp_module.h" +#include "tcp_normalizer.h" #include "main/snort_config.h" #include "profiler/profiler_defs.h" @@ -380,3 +381,8 @@ const PegInfo* StreamTcpModule::get_pegs() const PegCount* StreamTcpModule::get_counts() const { return (PegCount*)&tcpStats; } +void StreamTcpModule::reset_stats() +{ + TcpNormalizer::reset_stats(); + Module::reset_stats(); +} diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h index 9fd3d7a7d..39693dd6d 100644 --- a/src/stream/tcp/tcp_module.h +++ b/src/stream/tcp/tcp_module.h @@ -131,6 +131,8 @@ public: const snort::RuleMap* get_rules() const override; + void reset_stats() override; + unsigned get_gid() const override { return GID_STREAM_TCP; } diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc index cb6d0278a..fe7f33e30 100644 --- a/src/stream/tcp/tcp_normalizer.cc +++ b/src/stream/tcp/tcp_normalizer.cc @@ -422,3 +422,9 @@ uint16_t TcpNormalizer::set_urg_offset( return urg_offset; } +void TcpNormalizer::reset_stats() +{ + for (int i = 0; i < PC_TCP_MAX; i++) + for (int j = 0; j < NORM_MODE_MAX; j++) + tcp_norm_stats[i][j] = 0; +} diff --git a/src/stream/tcp/tcp_normalizer.h b/src/stream/tcp/tcp_normalizer.h index 0ad6b8d6b..b5caa335e 100644 --- a/src/stream/tcp/tcp_normalizer.h +++ b/src/stream/tcp/tcp_normalizer.h @@ -94,6 +94,7 @@ public: static const PegInfo* get_normalization_pegs(); static NormPegs get_normalization_counts(unsigned&); + static void reset_stats(); protected: TcpNormalizer() = default; -- 2.47.3