aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/profiling: track bytes scanned by prefilter engines

Browse Source
pull/7884/head
Victor Julien 4 years ago
parent 682e2a07fe
commit 040404b093
22 changed files with 130 additions and 44 deletions
Show Stats Download Patch File Download Diff File

2
src/detect-dns-query.c
Unescape Escape View File

@ -57,6 +57,7 @@
#include "app-layer-parser.h"
#include "detect-dns-query.h"
#include "util-profiling.h"
#include "util-unittest-helper.h"
#include "rust.h"
@ -169,6 +170,7 @@ static void PrefilterTxDnsQuery(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;

3
src/detect-engine-frame.c
Unescape Escape View File

@ -49,7 +49,7 @@ void DetectRunPrefilterFrame(DetectEngineThreadCtx *det_ctx, const SigGroupHead
BUG_ON(engine->alproto == ALPROTO_UNKNOWN);
if (engine->alproto == alproto && engine->ctx.frame_type == frame->type) {
SCLogDebug("frame %p engine %p", frame, engine);
PREFILTER_PROFILING_START;
PREFILTER_PROFILING_START(det_ctx);
engine->cb.PrefilterFrame(det_ctx, engine->pectx, p, frames, frame, idx);
PREFILTER_PROFILING_END(det_ctx, engine->gid);
}
@ -102,6 +102,7 @@ static void PrefilterMpmFrame(DetectEngineThreadCtx *det_ctx, const void *pectx,
(void)mpm_table[mpm_ctx->mpm_type].Search(
mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, data, data_len);
SCLogDebug("det_ctx->pmq.rule_id_array_cnt %u", det_ctx->pmq.rule_id_array_cnt);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
}
}

6
src/detect-engine-payload.c
Unescape Escape View File

@ -47,7 +47,7 @@
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-validate.h"
#include "util-profiling.h"
#include "util-mpm-ac.h"
struct StreamMpmData {
@ -67,6 +67,7 @@ static int StreamMpmFunc(
(void)mpm_table[smd->mpm_ctx->mpm_type].Search(smd->mpm_ctx,
&smd->det_ctx->mtcs, &smd->det_ctx->pmq,
data, data_len);
PREFILTER_PROFILING_ADD_BYTES(smd->det_ctx, data_len);
}
return 0;
}
@ -101,6 +102,7 @@ static void PrefilterPktStream(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtc, &det_ctx->pmq,
p->payload, p->payload_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, p->payload_len);
}
}
}
@ -124,6 +126,8 @@ static void PrefilterPktPayload(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtc, &det_ctx->pmq,
p->payload, p->payload_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, p->payload_len);
}
int PrefilterPktPayloadRegister(DetectEngineCtx *de_ctx,

8
src/detect-engine-prefilter.c
Unescape Escape View File

@ -117,7 +117,7 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
}
}
PREFILTER_PROFILING_START;
PREFILTER_PROFILING_START(det_ctx);
engine->cb.PrefilterTx(det_ctx, engine->pectx,
p, p->flow, tx->tx_ptr, tx->tx_id, flow_flags);
PREFILTER_PROFILING_END(det_ctx, engine->gid);
@ -159,7 +159,7 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
/* run packet engines */
PrefilterEngine *engine = sgh->pkt_engines;
do {
PREFILTER_PROFILING_START;
PREFILTER_PROFILING_START(det_ctx);
engine->cb.Prefilter(det_ctx, p, engine->pectx);
PREFILTER_PROFILING_END(det_ctx, engine->gid);
@ -178,7 +178,7 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_PF_PAYLOAD);
PrefilterEngine *engine = sgh->payload_engines;
while (1) {
PREFILTER_PROFILING_START;
PREFILTER_PROFILING_START(det_ctx);
engine->cb.Prefilter(det_ctx, p, engine->pectx);
PREFILTER_PROFILING_END(det_ctx, engine->gid);
@ -743,6 +743,7 @@ static void PrefilterMpm(DetectEngineThreadCtx *det_ctx,
if (data != NULL && data_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq, data, data_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
}
}
@ -813,6 +814,7 @@ static void PrefilterMpmPkt(DetectEngineThreadCtx *det_ctx,
if (data != NULL && data_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq, data, data_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
}
}

3
src/detect-file-data.c
Unescape Escape View File

@ -49,6 +49,7 @@
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-file-decompression.h"
#include "util-profiling.h"
static int DetectFiledataSetup (DetectEngineCtx *, Signature *, const char *);
#ifdef UNITTESTS
@ -465,6 +466,7 @@ static void PrefilterTxHTTPFiledata(DetectEngineThreadCtx *det_ctx, const void *
if (buffer->inspect_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(
mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
}
@ -681,6 +683,7 @@ static void PrefilterTxFiledata(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_file_id++;
}

2
src/detect-filemagic.c
Unescape Escape View File

@ -46,6 +46,7 @@
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-profiling.h"
#include "app-layer.h"
#include "app-layer-parser.h"
@ -559,6 +560,7 @@ static void PrefilterTxFilemagic(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_file_id++;
}

2
src/detect-filename.c
Unescape Escape View File

@ -46,6 +46,7 @@
#include "util-spm-bm.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-profiling.h"
#include "app-layer.h"
@ -455,6 +456,7 @@ static void PrefilterTxFilename(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_file_id++;
}

2
src/detect-http-client-body.c
Unescape Escape View File

@ -58,6 +58,7 @@
#include "app-layer-htp.h"
#include "detect-http-client-body.h"
#include "stream-tcp.h"
#include "util-profiling.h"
static int DetectHttpClientBodySetup(DetectEngineCtx *, Signature *, const char *);
static int DetectHttpClientBodySetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str);
@ -366,6 +367,7 @@ static void PrefilterTxHttpRequestBody(DetectEngineThreadCtx *det_ctx, const voi
if (buffer->inspect_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(
mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
}

4
src/detect-http-header.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2021 Open Information Security Foundation
/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -47,6 +47,7 @@
#include "util-debug.h"
#include "util-print.h"
#include "util-memcmp.h"
#include "util-profiling.h"
#include "app-layer.h"
#include "app-layer-parser.h"
@ -271,6 +272,7 @@ static void PrefilterMpmHttpHeader(DetectEngineThreadCtx *det_ctx,
if (data != NULL && data_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq, data, data_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
}
}

4
src/detect-http-raw-header.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2019 Open Information Security Foundation
/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -46,6 +46,7 @@
#include "flow-util.h"
#include "util-debug.h"
#include "util-profiling.h"
#include "app-layer.h"
#include "app-layer-parser.h"
@ -267,6 +268,7 @@ static void PrefilterMpmHttpHeaderRaw(DetectEngineThreadCtx *det_ctx,
if (data != NULL && data_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq, data, data_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
}
}

5
src/detect-http2.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation
/* Copyright (C) 2020-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -37,6 +37,7 @@
#include "detect-http2.h"
#include "util-byte.h"
#include "rust.h"
#include "util-profiling.h"
#ifdef UNITTESTS
void DetectHTTP2frameTypeRegisterTests (void);
@ -727,6 +728,7 @@ static void PrefilterTxHttp2HName(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;
@ -858,6 +860,7 @@ static void PrefilterTxHttp2Header(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;

4
src/detect-ike-vendor.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation
/* Copyright (C) 2020-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -33,6 +33,7 @@
#include "util-byte.h"
#include "rust-bindings.h"
#include "util-profiling.h"
static int DetectIkeVendorSetup(DetectEngineCtx *, Signature *, const char *);
@ -105,6 +106,7 @@ static void PrefilterTxIkeVendor(DetectEngineThreadCtx *det_ctx, const void *pec
if (buffer->inspect_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(
mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;
}

4
src/detect-krb5-cname.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2018 Open Information Security Foundation
/* Copyright (C) 2018-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -35,6 +35,7 @@
#include "rust.h"
#include "app-layer-krb5.h"
#include "util-profiling.h"
static int g_krb5_cname_buffer_id = 0;
@ -159,6 +160,7 @@ static void PrefilterTxKrb5CName(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;

4
src/detect-krb5-sname.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2018 Open Information Security Foundation
/* Copyright (C) 2018-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -35,6 +35,7 @@
#include "rust.h"
#include "app-layer-krb5.h"
#include "util-profiling.h"
static int g_krb5_sname_buffer_id = 0;
@ -159,6 +160,7 @@ static void PrefilterTxKrb5SName(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;

4
src/detect-mqtt-subscribe-topic.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation
/* Copyright (C) 2020-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -52,6 +52,7 @@
#include "util-unittest.h"
#include "util-spm.h"
#include "util-print.h"
#include "util-profiling.h"
static int DetectMQTTSubscribeTopicSetup(DetectEngineCtx *, Signature *, const char *);
@ -161,6 +162,7 @@ static void PrefilterTxMQTTSubscribeTopic(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;
}

4
src/detect-mqtt-unsubscribe-topic.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation
/* Copyright (C) 2020-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -52,6 +52,7 @@
#include "util-unittest.h"
#include "util-spm.h"
#include "util-print.h"
#include "util-profiling.h"
static int DetectMQTTUnsubscribeTopicSetup(DetectEngineCtx *, Signature *, const char *);
@ -161,6 +162,7 @@ static void PrefilterTxMQTTUnsubscribeTopic(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;
}

4
src/detect-quic-cyu-hash.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2021 Open Information Security Foundation
/* Copyright (C) 2021-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -32,6 +32,7 @@
#include "detect-quic-cyu-hash.h"
#include "detect-engine-build.h"
#include "rust.h"
#include "util-profiling.h"
#ifdef UNITTESTS
static void DetectQuicCyuHashRegisterTests(void);
@ -155,6 +156,7 @@ static void PrefilterTxQuicHash(DetectEngineThreadCtx *det_ctx, const void *pect
if (buffer->inspect_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(
mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;

4
src/detect-quic-cyu-string.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2021 Open Information Security Foundation
/* Copyright (C) 2021-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -30,6 +30,7 @@
#include "detect-quic-cyu-string.h"
#include "detect-engine-build.h"
#include "rust.h"
#include "util-profiling.h"
#ifdef UNITTESTS
static void DetectQuicCyuStringRegisterTests(void);
@ -147,6 +148,7 @@ static void PrefilterTxQuicString(DetectEngineThreadCtx *det_ctx, const void *pe
if (buffer->inspect_len >= mpm_ctx->minlen) {
(void)mpm_table[mpm_ctx->mpm_type].Search(
mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
local_id++;

2
src/detect-tls-certs.c
Unescape Escape View File

@ -52,6 +52,7 @@
#include "app-layer.h"
#include "app-layer-ssl.h"
#include "util-profiling.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
@ -220,6 +221,7 @@ static void PrefilterTxTlsCerts(DetectEngineThreadCtx *det_ctx,
(void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
&det_ctx->mtcu, &det_ctx->pmq,
buffer->inspect, buffer->inspect_len);
PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len);
}
cbdata.local_id++;

4
src/detect.h
Unescape Escape View File

@ -1199,6 +1199,10 @@ typedef struct DetectEngineThreadCtx_ {
struct SCProfilePrefilterData_ *prefilter_perf_data;
int prefilter_perf_size;
/** bytes inspected by current prefilter callback call */
uint64_t prefilter_bytes;
/** number of times we inspected a buffer */
uint64_t prefilter_bytes_called;
#endif
} DetectEngineThreadCtx;

53
src/util-profiling-prefilter.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2017 Open Information Security Foundation
/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -45,6 +45,11 @@ typedef struct SCProfilePrefilterData_ {
uint64_t called;
uint64_t total;
uint64_t max;
uint64_t total_bytes;
uint64_t max_bytes;
uint64_t bytes_called; /**< number of times total_bytes was updated. Differs from `called` as a
prefilter engine may skip mpm if the smallest pattern is bigger than
the buffer to inspect. */
const char *name;
} SCProfilePrefilterData;
@ -100,13 +105,20 @@ static void DoDump(SCProfilePrefilterDetectCtx *rules_ctx, FILE *fp, const char
fprintf(fp, " ----------------------------------------------"
"------------------------------------------------------"
"----------------------------\n");
fprintf(fp, " %-32s %-15s %-15s %-15s %-15s\n", "Prefilter", "Ticks", "Called", "Max Ticks", "Avg");
fprintf(fp, " %-32s %-15s %-15s %-15s %-15s %-15s %-15s %-15s %-15s %-15s\n", "Prefilter",
"Ticks", "Called", "Max Ticks", "Avg", "Bytes", "Called", "Max Bytes", "Avg Bytes",
"Ticks/Byte");
fprintf(fp, " -------------------------------- "
"--------------- "
"--------------- "
"--------------- "
"--------------- "
"\n");
"--------------- "
"--------------- "
"--------------- "
"--------------- "
"--------------- "
"\n");
for (i = 0; i < (int)rules_ctx->size; i++) {
SCProfilePrefilterData *d = &rules_ctx->data[i];
if (d == NULL || d->called== 0)
@ -117,14 +129,20 @@ static void DoDump(SCProfilePrefilterDetectCtx *rules_ctx, FILE *fp, const char
if (ticks && d->called) {
avgticks = (double)(ticks / d->called);
}
double avgbytes = 0;
if (d->total_bytes && d->called) {
avgbytes = (double)(d->total_bytes / d->bytes_called);
}
double ticks_per_byte = 0;
if (ticks && d->total_bytes) {
ticks_per_byte = (double)(ticks / d->total_bytes);
}
fprintf(fp,
" %-32s %-15"PRIu64" %-15"PRIu64" %-15"PRIu64" %-15.2f\n",
d->name,
ticks,
d->called,
d->max,
avgticks);
" %-32s %-15" PRIu64 " %-15" PRIu64 " %-15" PRIu64 " %-15.2f %-15" PRIu64
" %-15" PRIu64 " %-15" PRIu64 " %-15.2f %-15.2f\n",
d->name, ticks, d->called, d->max, avgticks, d->total_bytes, d->bytes_called,
d->max_bytes, avgbytes, ticks_per_byte);
}
}
@ -180,8 +198,8 @@ SCProfilingPrefilterDump(DetectEngineCtx *de_ctx)
* \param ticks Number of CPU ticks for this rule.
* \param match Did the rule match?
*/
void
SCProfilingPrefilterUpdateCounter(DetectEngineThreadCtx *det_ctx, int id, uint64_t ticks)
void SCProfilingPrefilterUpdateCounter(DetectEngineThreadCtx *det_ctx, int id, uint64_t ticks,
uint64_t bytes, uint64_t bytes_called)
{
if (det_ctx != NULL && det_ctx->prefilter_perf_data != NULL &&
id < (int)det_ctx->de_ctx->prefilter_id)
@ -192,6 +210,11 @@ SCProfilingPrefilterUpdateCounter(DetectEngineThreadCtx *det_ctx, int id, uint64
if (ticks > p->max)
p->max = ticks;
p->total += ticks;
p->bytes_called += bytes_called;
if (bytes > p->max_bytes)
p->max_bytes = bytes;
p->total_bytes += bytes;
}
}
@ -255,6 +278,14 @@ static void SCProfilingPrefilterThreadMerge(DetectEngineCtx *de_ctx, DetectEngin
de_ctx->profile_prefilter_ctx->data[i].total += det_ctx->prefilter_perf_data[i].total;
if (det_ctx->prefilter_perf_data[i].max > de_ctx->profile_prefilter_ctx->data[i].max)
de_ctx->profile_prefilter_ctx->data[i].max = det_ctx->prefilter_perf_data[i].max;
de_ctx->profile_prefilter_ctx->data[i].total_bytes +=
det_ctx->prefilter_perf_data[i].total_bytes;
if (det_ctx->prefilter_perf_data[i].max_bytes >
de_ctx->profile_prefilter_ctx->data[i].max_bytes)
de_ctx->profile_prefilter_ctx->data[i].max_bytes =
det_ctx->prefilter_perf_data[i].max_bytes;
de_ctx->profile_prefilter_ctx->data[i].bytes_called +=
det_ctx->prefilter_perf_data[i].bytes_called;
}
}

46
src/util-profiling.h
Unescape Escape View File

@ -275,28 +275,36 @@ PktProfiling *SCProfilePacketStart(void);
extern int profiling_prefilter_enabled;
extern thread_local int profiling_prefilter_entered;
#define PREFILTER_PROFILING_START \
uint64_t profile_prefilter_start_ = 0; \
uint64_t profile_prefilter_end_ = 0; \
if (profiling_prefilter_enabled) { \
if (profiling_prefilter_entered > 0) { \
SCLogError(SC_ERR_FATAL, "Re-entered profiling, exiting."); \
abort(); \
} \
profiling_prefilter_entered++; \
profile_prefilter_start_ = UtilCpuGetTicks(); \
#define PREFILTER_PROFILING_START(det_ctx) \
(det_ctx)->prefilter_bytes = 0; \
(det_ctx)->prefilter_bytes_called = 0; \
uint64_t profile_prefilter_start_ = 0; \
uint64_t profile_prefilter_end_ = 0; \
if (profiling_prefilter_enabled) { \
if (profiling_prefilter_entered > 0) { \
SCLogError(SC_ERR_FATAL, "Re-entered profiling, exiting."); \
abort(); \
} \
profiling_prefilter_entered++; \
profile_prefilter_start_ = UtilCpuGetTicks(); \
}
/* we allow this macro to be called if profiling_prefilter_entered == 0,
* so that we don't have to refactor some of the detection code. */
#define PREFILTER_PROFILING_END(ctx, profile_id) \
if (profiling_prefilter_enabled && profiling_prefilter_entered) { \
profile_prefilter_end_ = UtilCpuGetTicks(); \
if (profile_prefilter_end_ > profile_prefilter_start_) \
SCProfilingPrefilterUpdateCounter((ctx),(profile_id),(profile_prefilter_end_ - profile_prefilter_start_)); \
profiling_prefilter_entered--; \
#define PREFILTER_PROFILING_END(ctx, profile_id) \
if (profiling_prefilter_enabled && profiling_prefilter_entered) { \
profile_prefilter_end_ = UtilCpuGetTicks(); \
if (profile_prefilter_end_ > profile_prefilter_start_) \
SCProfilingPrefilterUpdateCounter((ctx), (profile_id), \
(profile_prefilter_end_ - profile_prefilter_start_), (ctx)->prefilter_bytes, \
(ctx)->prefilter_bytes_called); \
profiling_prefilter_entered--; \
}
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes) \
(det_ctx)->prefilter_bytes += (bytes); \
(det_ctx)->prefilter_bytes_called++
void SCProfilingRulesGlobalInit(void);
void SCProfilingRuleDestroyCtx(struct SCProfileDetectCtx_ *);
void SCProfilingRuleInitCounters(DetectEngineCtx *);
@ -315,7 +323,8 @@ struct SCProfilePrefilterDetectCtx_;
void SCProfilingPrefilterGlobalInit(void);
void SCProfilingPrefilterDestroyCtx(DetectEngineCtx *);
void SCProfilingPrefilterInitCounters(DetectEngineCtx *);
void SCProfilingPrefilterUpdateCounter(DetectEngineThreadCtx *det_ctx, int id, uint64_t ticks);
void SCProfilingPrefilterUpdateCounter(DetectEngineThreadCtx *det_ctx, int id, uint64_t ticks,
uint64_t bytes, uint64_t bytes_called);
void SCProfilingPrefilterThreadSetup(struct SCProfilePrefilterDetectCtx_ *, DetectEngineThreadCtx *);
void SCProfilingPrefilterThreadCleanup(DetectEngineThreadCtx *);
@ -368,8 +377,9 @@ void SCProfilingDump(void);
#define FLOWWORKER_PROFILING_START(p, id)
#define FLOWWORKER_PROFILING_END(p, id)
#define PREFILTER_PROFILING_START
#define PREFILTER_PROFILING_START(ctx)
#define PREFILTER_PROFILING_END(ctx, profile_id)
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
#endif /* PROFILING */

Write Preview
Loading…
Cancel
Save