Commit Graph

43 Commits (2953b3f6403e94874c0c7b19faf52706cff66138)

Author SHA1 Message Date
Eric Leblond 3f107fa130 decode: Packet action start with PACKET
Rename all Packet action macro to have them prefixed by PACKET.
13 years ago
Eric Leblond a35c367942 action handling: use macro for test.
Use test macro instead of direct access to action field.

This patch has been obtained by using the following
spatch file:

  @@
  Packet *p;
  expression E;
  @@

  - p->action & E
  + TEST_PACKET_ACTION(p, E)
13 years ago
Nikolay Denev 894ad21be5 setsockopt() failures are already fatal,
so treat them as such and print error instead of warning.
13 years ago
Nikolay Denev 29b69fb026 set SO_BROADCAST on the divert socket so that broadcast
packets can be reinjected.
13 years ago
Eric Leblond 4542cd0eec ipfw: suppress non loop receive function 13 years ago
Anoop Saldanha b33986c887 Add a packet src for every packet generated inside suricata. 13 years ago
Eric Leblond 6d55446655 ipfw: avoid critical error for broadcast
In some setup, suricata may receive broadcast packets and the call
to sendto may fail if the wrong interface is choosen by kernel.
This patch change the error treatment to avoid to leave when
this problem occurs.
13 years ago
Eric Leblond 41cb365a39 ipfw: add missing include 13 years ago
Eric Leblond e168824d80 freebsd: fix function usage.
The unlock function was not correctly used in error treatment.
13 years ago
Anoop Saldanha 34581ce902 rx TMs shouldn't return TM_ECODE_FAILED if engine is in shutdown mode + minor cleanup 13 years ago
Eric Leblond a3465fb971 Rename 'worker' running mode to 'workers'
This patch renamed the 'worker' running mode into 'workers'. Thus,
there is only one name in Suricata for the same thing. Backward
compatibility is ensured by replacing "worker" by "workers" when
the old name is used. A warning is printed in the log when the old
name is used.
14 years ago
Anoop Saldanha bc6cf43840 #482 - use decode_flag for all decode TMs. Use the flag as a way to retrieve decode TMs from ThreadVars 14 years ago
Anoop Saldanha cd4705e699 flag recieve acq tms that previously missed the receive_tm flag 14 years ago
Eric Leblond 9545a56426 ipfw: suppress poll before sendto
Calling poll before using sendto seems a bit overkill.
14 years ago
Eric Leblond 6f1b40dd4b ipfw: don't use socket lock in 'worker' mode
This patch is the IPFW version of NFQ latest patch.
14 years ago
Eric Leblond 6e7a8f38bf ipfw: Add support for autofp and worker runmode
This patch convert ipfw code to the PcktAcqLoop API and
rework the running mode to use the running mode wrapper
already used by NFQ.
14 years ago
Eric Leblond c1ad64b333 ips: update copyright date and author list. 14 years ago
Eric Leblond d4cbc7c38c ipfw: funnier to manage capability in running code. 14 years ago
Eric Leblond f1cb4da442 ipfw: fix indentation of the file.
I will have to work a lot on this one. It will be easier with a
correct indentation.
14 years ago
Anoop Saldanha 3f1c4efceb Add new flags var to tm module. TMs can now set flags to identify special properties. Also use these to identify receive TMs 14 years ago
Victor Julien c590bba4a4 Undo tunnel reference counting using atomic operations. Revert to mutex based code. 14 years ago
Victor Julien 820b0ded82 Add per packet profiling.
Per packet profiling uses tick based accounting. It has 2 outputs, a summary
and a csv file that contains per packet stats.

Stats per packet include:
 1) total ticks spent
 2) ticks spent per individual thread module
 3) "threading overhead" which is simply calculated by subtracting (2) of (1).

A number of changes were made to integrate the new code in a clean way:
a number of generic enums are now placed in tm-threads-common.h so we can
include them from any part of the engine.

Code depends on --enable-profiling just like the rule profiling code.

New yaml parameters:

profiling:
  # packet profiling
  packets:

    # Profiling can be disabled here, but it will still have a
    # performance impact if compiled in.
    enabled: yes
    filename: packet_stats.log
    append: yes

    # per packet csv output
    csv:

      # Output can be disabled here, but it will still have a
      # performance impact if compiled in.
      enabled: no
      filename: packet_stats.csv

Example output of summary stats:

IP ver   Proto   cnt        min      max          avg
------   -----   ------     ------   ----------   -------
 IPv4       6     19436      11448      5404365     32993
 IPv4     256         4      11511        49968     30575

Per Thread module stats:

Thread Module              IP ver   Proto   cnt        min      max          avg
------------------------   ------   -----   ------     ------   ----------   -------
TMM_DECODEPCAPFILE          IPv4       6     19434       1242        47889      1770
TMM_DETECT                  IPv4       6     19436       1107       137241      1504
TMM_ALERTFASTLOG            IPv4       6     19436         90         1323       155
TMM_ALERTUNIFIED2ALERT      IPv4       6     19436        108         1359       138
TMM_ALERTDEBUGLOG           IPv4       6     19436         90         1134       154
TMM_LOGHTTPLOG              IPv4       6     19436        414      5392089      7944
TMM_STREAMTCP               IPv4       6     19434        828      1299159     19438

The proto 256 is a counter for handling of pseudo/tunnel packets.

Example output of csv:

pcap_cnt,ipver,ipproto,total,TMM_DECODENFQ,TMM_VERDICTNFQ,TMM_RECEIVENFQ,TMM_RECEIVEPCAP,TMM_RECEIVEPCAPFILE,TMM_DECODEPCAP,TMM_DECODEPCAPFILE,TMM_RECEIVEPFRING,TMM_DECODEPFRING,TMM_DETECT,TMM_ALERTFASTLOG,TMM_ALERTFASTLOG4,TMM_ALERTFASTLOG6,TMM_ALERTUNIFIEDLOG,TMM_ALERTUNIFIEDALERT,TMM_ALERTUNIFIED2ALERT,TMM_ALERTPRELUDE,TMM_ALERTDEBUGLOG,TMM_ALERTSYSLOG,TMM_LOGDROPLOG,TMM_ALERTSYSLOG4,TMM_ALERTSYSLOG6,TMM_RESPONDREJECT,TMM_LOGHTTPLOG,TMM_LOGHTTPLOG4,TMM_LOGHTTPLOG6,TMM_PCAPLOG,TMM_STREAMTCP,TMM_DECODEIPFW,TMM_VERDICTIPFW,TMM_RECEIVEIPFW,TMM_RECEIVEERFFILE,TMM_DECODEERFFILE,TMM_RECEIVEERFDAG,TMM_DECODEERFDAG,threading
1,4,6,172008,0,0,0,0,0,0,47889,0,0,48582,1323,0,0,0,0,1359,0,1134,0,0,0,0,0,8028,0,0,0,49356,0,0,0,0,0,0,0,14337

First line of the file contains labels.

2 example gnuplot scripts added to plot the data.
14 years ago
Victor Julien 52eb8d2be0 Convert mutex protected tunnel counters to lockless atomic counters. 15 years ago
Victor Julien cd75201dc7 Fix pfring commandline handling. 15 years ago
Anoop Saldanha d7c707e656 modify runmodes to take all arguments from the conf API 15 years ago
Victor Julien 477bc1d050 Set DROP flag on a packet in addition to the REJECT flags. This makes sure we not only send a reject, but also drop the offending packet. Closes #248. 15 years ago
Victor Julien acc38c9ebf Make sure we don't try to 'verdict' the fake PKT_PSEUDO_STREAM_END packets. 15 years ago
Eric Leblond 89558ab9a4 RFC: modify error treatment in PacketCopyData
Hello Victor
This patch modifies error treatment following our discussion on IRC.
It tries to follow the error treatment guideline I've been able to
read in the different files.
I will merge this patch in the original commit if the error treatment
seems ok for you.

BR,
Eric
15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
15 years ago
William Metcalf 5580f3d9c2 PacketQueue postp added to TmEcodes for ipfw and pf_ring to silence compiler warnings 16 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 16 years ago
William Metcalf 54da99fe53 compilation fixes for PF_RING and IPFW after removal of mutex_pending 16 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 16 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 16 years ago
Victor Julien 070ed778b8 Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added. 16 years ago
Victor Julien eeb98c6900 Move SCSetThreadName to proper functions. 16 years ago
Gerardo Iglesias Galvan 9f35a24a1f Set threads name. Fix bug #83 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Jan Jezek fe6a72befc Code is now compilable on the Win32 platform 16 years ago
Victor Julien 2cb2989ad8 Apply configurable max pending packets to nfq and ipfw 16 years ago
Victor Julien 9f3f9e9ba1 Fix ipfw verdict. 16 years ago
Victor Julien b1531f7244 Manually merge Pablo's IPFW action patch. 16 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 16 years ago