aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add profiling to stateful detection engine + other fixups.

Browse Source
remotes/origin/master-1.0.x
Jason Ish 16 years ago committed by Victor Julien
parent a9ed9a8196
commit ea4b7cc33b
4 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
src/detect-engine-state.c
Unescape Escape View File

@ -39,6 +39,7 @@
#include "app-layer-htp.h"
#include "util-unittest.h"
#include "util-profiling.h"
#define CASE_CODE(E) case E: return #E
const char *DeStateMatchResultToString(DeStateMatchResult res)
@ -332,10 +333,13 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
continue;
}
PROFILING_START;
/* let's continue detection */
SigMatch *sm;
int match = 0;
for (sm = item->nm; sm != NULL; sm = sm->next) {
int match = sigmatch_table[sm->type].AppLayerMatch(tv,
match = sigmatch_table[sm->type].AppLayerMatch(tv,
det_ctx, f, flags, alstate, s, sm);
if (match == 0) {
item->nm = sm;
@ -349,6 +353,9 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("signature %"PRIu32" match state %s",
s->id, DeStateMatchResultToString(det_ctx->de_state_sig_array[item->sid]));
RULE_PROFILING_END(s, match);
}
}

11
src/detect.c
Unescape Escape View File

@ -649,6 +649,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
}
if (s->flags & SIG_FLAG_MPM_URI) {
if (det_ctx->pmq.pattern_id_bitarray != NULL) {
/* filter out sigs that want pattern matches, but
@ -722,12 +723,12 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
if (de_state_start == TRUE) {
SCLogDebug("stateful app layer match inspection starting");
if (DeStateDetectStartDetection(th_v, det_ctx, s, p->flow, flags, alstate, alproto) != 1)
continue;
goto next;
} else {
SCLogDebug("signature %"PRIu32" (%"PRIuMAX"): %s",
s->id, (uintmax_t)s->num, DeStateMatchResultToString(det_ctx->de_state_sig_array[s->num]));
if (det_ctx->de_state_sig_array[s->num] != DE_STATE_MATCH_NEW) {
continue;
goto next;
}
}
}
@ -791,7 +792,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
/* Limit the number of times we do this recursive thing.
* XXX is this a sane limit? Should it be configurable? */
if (det_ctx->pkt_cnt == 10)
break;
goto done;
} while (rmatch);
} else {
@ -833,6 +834,10 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
next:
RULE_PROFILING_END(s, match);
continue;
done:
RULE_PROFILING_END(s, match);
break;
}
if (p->flow != NULL) {

5
src/util-profiling.c
Unescape Escape View File

@ -77,6 +77,11 @@ typedef struct SCProfileSummary_ {
int profiling_rules_enabled = 0;
/**
* Used as a check so we don't double enter a profiling run.
*/
__thread int profiling_entered = 0;
/**
* \brief Initialize profiling.
*/

7
src/util-profiling.h
Unescape Escape View File

@ -29,11 +29,17 @@
#include "util-cpu.h"
extern int profiling_rules_enabled;
extern __thread int profiling_entered;
#define PROFILING_START \
uint64_t profile_start_ = 0; \
uint64_t profile_end_ = 0; \
if (profiling_rules_enabled) { \
if (profiling_entered > 0) { \
SCLogError(SC_ERR_FATAL, "Re-entered profiling, exiting."); \
exit(1); \
} \
profiling_entered++; \
profile_start_ = UtilCpuGetTicks(); \
}
@ -42,6 +48,7 @@ extern int profiling_rules_enabled;
profile_end_ = UtilCpuGetTicks(); \
SCProfilingUpdateRuleCounter(r->profiling_id, \
profile_end_ - profile_start_, m); \
profiling_entered--; \
}
void SCProfilingInit(void);

Write Preview
Loading…
Cancel
Save