From 8522da8ea505aca02b722a9cb3c22a3a00a25812 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 28 Nov 2013 19:02:14 +0100 Subject: [PATCH] stream: add option to disable raw reassembly Raw reassembly is used only by the detection engine. For users only caring about logging it's a significant overhead, both in cpu and memory usage. The option is called 'raw' and lives under the stream.reassembly options. stream: memcap: 32mb checksum-validation: yes # reject wrong csums inline: auto # auto will use inline mode in IPS mode, yes or no set it statically reassembly: memcap: 64mb depth: 1mb # reassemble 1mb into a stream toserver-chunk-size: 2560 toclient-chunk-size: 2560 randomize-chunk-size: yes #randomize-chunk-range: 10 raw: false # <- new option --- src/stream-tcp-private.h | 5 ++--- src/stream-tcp-reassemble.c | 7 ++++++- src/stream-tcp.c | 12 ++++++++++++ src/stream-tcp.h | 3 +++ 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h index 88f2a2cb2f..a97b0469a5 100644 --- a/src/stream-tcp-private.h +++ b/src/stream-tcp-private.h @@ -119,9 +119,8 @@ enum #define STREAMTCP_FLAG_TIMESTAMP 0x0008 /** Server supports wscale (even though it can be 0) */ #define STREAMTCP_FLAG_SERVER_WSCALE 0x0010 - -/** vacancy at 0x0020 */ - +/** 'Raw' reassembly is disabled for this ssn. */ +#define STREAMTCP_FLAG_DISABLE_RAW 0x0020 /** Flag to indicate that the session is handling asynchronous stream.*/ #define STREAMTCP_FLAG_ASYNC 0x0040 /** Flag to indicate we're dealing with 4WHS: SYN, SYN, SYN/ACK, ACK diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 3fc162e6f9..d61ad2c146 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -2211,6 +2211,8 @@ static int StreamTcpReassembleInlineRaw (TcpReassemblyThreadCtx *ra_ctx, SCEnter(); SCLogDebug("start p %p, seq %"PRIu32, p, TCP_GET_SEQ(p)); + if (ssn->flags & STREAMTCP_FLAG_DISABLE_RAW) + SCReturnInt(0); if (stream->seg_list == NULL) { SCReturnInt(0); } @@ -3043,6 +3045,9 @@ static int StreamTcpReassembleRaw (TcpReassemblyThreadCtx *ra_ctx, SCEnter(); SCLogDebug("start p %p", p); + if (ssn->flags & STREAMTCP_FLAG_DISABLE_RAW) + SCReturnInt(0); + if (stream->seg_list == NULL) { /* send an empty EOF msg if we have no segments but TCP state * is beyond ESTABLISHED */ @@ -3673,7 +3678,7 @@ TcpSegment* StreamTcpGetSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, segment request due to memcap limit */ SCPerfCounterIncr(ra_ctx->counter_tcp_segment_memcap, tv->sc_perf_pca); } else { - seg->flags = 0; + seg->flags = stream_config.segment_init_flags; seg->next = NULL; seg->prev = NULL; } diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 50b2d6536c..6500627872 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -577,6 +577,17 @@ void StreamTcpInitConfig(char quiet) stream_config.reassembly_toclient_chunk_size); } + int enable_raw = 1; + if (ConfGetBool("stream.reassembly.raw", &enable_raw) == 1) { + if (!enable_raw) { + stream_config.ssn_init_flags = STREAMTCP_FLAG_DISABLE_RAW; + stream_config.segment_init_flags = SEGMENTTCP_FLAG_RAW_PROCESSED; + } + } else { + enable_raw = 1; + } + SCLogInfo("stream.reassembly.raw: %s", enable_raw ? "enabled" : "disabled"); + /* init the memcap/use tracking */ SC_ATOMIC_INIT(st_memuse); @@ -646,6 +657,7 @@ TcpSession *StreamTcpNewSession (Packet *p, int id) } ssn->state = TCP_NONE; + ssn->flags = stream_config.ssn_init_flags; } return ssn; diff --git a/src/stream-tcp.h b/src/stream-tcp.h index 87bfcca9e1..97fad866fb 100644 --- a/src/stream-tcp.h +++ b/src/stream-tcp.h @@ -48,6 +48,9 @@ typedef struct TcpStreamCnf_ { uint64_t memcap; uint64_t reassembly_memcap; /**< max memory usage for stream reassembly */ + uint32_t ssn_init_flags; /**< new ssn flags will be initialized to this */ + uint8_t segment_init_flags; /**< new seg flags will be initialized to this */ + uint32_t prealloc_sessions; /**< ssns to prealloc per stream thread */ int midstream; int async_oneside;