1 /* 2 ** $Id$ 3 ** 4 ** perf-base.h 5 ** 6 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 7 ** Copyright (C) 2002-2013 Sourcefire, Inc. 8 ** Dan Roelker (droelker@sourcefire.com) 9 ** Marc Norton (mnorton@sourcefire.com) 10 ** Chris Green (stream4 instrumentation) 11 ** 12 ** 13 ** This program is free software; you can redistribute it and/or modify 14 ** it under the terms of the GNU General Public License Version 2 as 15 ** published by the Free Software Foundation. You may not use, modify or 16 ** distribute this program under any other version of the GNU General 17 ** Public License. 18 ** 19 ** This program is distributed in the hope that it will be useful, 20 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 21 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 ** GNU General Public License for more details. 23 ** 24 ** You should have received a copy of the GNU General Public License 25 ** along with this program; if not, write to the Free Software 26 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 27 ** 28 ** 9.1.04 : Added SFBASE iReset (MAN) 29 ** This is set by perfmonitor 'accrure' and 'reset' commands 30 */ 31 #ifndef _PERFBASE_H 32 #define _PERFBASE_H 33 34 #ifdef HAVE_CONFIG_H 35 # include "config.h" 36 #endif 37 38 #include "sfprocpidstats.h" 39 #include "sf_types.h" 40 #include "snort_debug.h" 41 #include "decode.h" 42 43 #ifdef NORMALIZER 44 #include "spp_normalize.h" 45 #endif 46 47 #include <time.h> 48 #include <stdio.h> 49 50 typedef struct _PKTSTATS 51 { 52 uint64_t pkts_recv; 53 uint64_t pkts_drop; 54 55 } PKTSTATS; 56 57 typedef enum { 58 PERF_COUNT_IP4_TRIM, 59 PERF_COUNT_IP4_TOS, 60 PERF_COUNT_IP4_DF, 61 PERF_COUNT_IP4_RF, 62 PERF_COUNT_IP4_TTL, 63 PERF_COUNT_IP4_OPTS, 64 PERF_COUNT_ICMP4_ECHO, 65 PERF_COUNT_IP6_TTL, 66 PERF_COUNT_IP6_OPTS, 67 PERF_COUNT_ICMP6_ECHO, 68 PERF_COUNT_TCP_SYN_OPT, 69 PERF_COUNT_TCP_OPT, 70 PERF_COUNT_TCP_PAD, 71 PERF_COUNT_TCP_RSV, 72 PERF_COUNT_TCP_NS, 73 PERF_COUNT_TCP_URP, 74 PERF_COUNT_TCP_ECN_PKT, 75 PERF_COUNT_TCP_ECN_SSN, 76 PERF_COUNT_TCP_TS_ECR, 77 PERF_COUNT_TCP_TS_NOP, 78 PERF_COUNT_TCP_IPS_DATA, 79 PERF_COUNT_TCP_BLOCK, 80 PERF_COUNT_TCP_REQ_URG, 81 PERF_COUNT_TCP_REQ_PAY, 82 PERF_COUNT_TCP_REQ_URP, 83 PERF_COUNT_TCP_TRIM_SYN, 84 PERF_COUNT_TCP_TRIM_RST, 85 PERF_COUNT_TCP_TRIM_WIN, 86 PERF_COUNT_TCP_TRIM_MSS, 87 PERF_COUNT_MAX 88 } PerfCounts; 89 90 typedef struct _SFBASE 91 { 92 uint64_t total_wire_packets; 93 uint64_t total_ipfragmented_packets; 94 uint64_t total_ipreassembled_packets; 95 uint64_t total_packets; /* Really, total packets of 96 * unfragmented/stream rebuilt 97 */ 98 uint64_t total_blocked_packets; 99 uint64_t total_injected_packets; // due to normalize_ip4: trim blocks 100 101 uint64_t total_rebuilt_packets; 102 uint64_t total_wire_bytes; 103 uint64_t total_ipfragmented_bytes; 104 uint64_t total_ipreassembled_bytes; 105 uint64_t total_bytes; /* Total non-stream rebuilt (but 106 * includes IP reassembled) bytes 107 */ 108 uint64_t total_rebuilt_bytes; 109 uint64_t total_blocked_bytes; 110 111 PKTSTATS pkt_stats; 112 113 double usertime_sec; 114 double systemtime_sec; 115 double realtime_sec; 116 117 time_t time; 118 119 uint64_t iAlerts; 120 uint64_t iSyns; /* SYNS != Connections */ 121 uint64_t iSynAcks; /* better estimator */ 122 uint64_t iTotalSessions; 123 uint64_t iNewSessions; 124 uint64_t iDeletedSessions; 125 uint64_t iMaxSessions; 126 127 uint64_t iStreamFlushes; /* # of fake packet is flushed */ 128 uint64_t iStreamFaults; /* # of times we run out of memory */ 129 uint64_t iStreamTimeouts; /* # of timeouts we get in this quanta */ 130 131 uint64_t iFragCreates; /* # of times we call Frag3NewTracker() */ 132 uint64_t iFragCompletes; /* # of times we call FragIsComplete() */ 133 uint64_t iFragInserts; /* # of fraginserts */ 134 uint64_t iFragDeletes; /* # of times we call Frag3RemoveTracker() */ 135 uint64_t iFragAutoFrees; /* # of times we auto free a FragTracker */ 136 uint64_t iFragFlushes; /* # of times we call Frag3Rebuild() */ 137 uint64_t iMaxFrags; 138 uint64_t iCurrentFrags; 139 uint64_t iFragTimeouts; /* # of times we've reached timeout */ 140 uint64_t iFragFaults; /* # of times we've run out of memory */ 141 142 #ifdef NORMALIZER 143 uint64_t iPegs[PERF_COUNT_MAX][NORM_MODE_MAX]; 144 #endif 145 146 uint64_t iTotalUDPSessions; 147 uint64_t iNewUDPSessions; 148 uint64_t iDeletedUDPSessions; 149 uint64_t iMaxUDPSessions; 150 151 uint64_t iMaxSessionsInterval; 152 uint64_t iMidStreamSessions; 153 uint64_t iClosedSessions; 154 uint64_t iPrunedSessions; 155 uint64_t iDroppedAsyncSessions; 156 uint64_t iSessionsInitializing; 157 uint64_t iSessionsEstablished; 158 uint64_t iSessionsClosing; 159 160 uint64_t iAttributeHosts; 161 uint64_t iAttributeReloads; 162 163 uint64_t total_mpls_packets; 164 uint64_t total_mpls_bytes; 165 uint64_t total_blocked_mpls_packets; 166 uint64_t total_blocked_mpls_bytes; 167 168 /**TCP packets ignored due to port/service filtering.*/ 169 uint64_t total_tcp_filtered_packets; 170 /**UDP packets ignored due to port/service filtering.*/ 171 uint64_t total_udp_filtered_packets; 172 173 uint64_t frag3_mem_in_use; 174 uint64_t stream5_mem_in_use; 175 uint64_t total_iAlerts; 176 177 #ifdef LINUX_SMP 178 SFPROCPIDSTATS sfProcPidStats; 179 #endif 180 } SFBASE; 181 182 typedef struct _SYSTIMES { 183 184 double usertime; 185 double systemtime; 186 double totaltime; 187 double realtime; 188 189 } SYSTIMES; 190 191 typedef struct _SFBASE_STATS { 192 193 uint64_t total_packets; 194 uint64_t total_sessions; 195 uint64_t max_sessions; 196 SYSTIMES kpackets_per_sec; 197 SYSTIMES kpackets_wire_per_sec; 198 SYSTIMES kpackets_ipfrag_per_sec; 199 SYSTIMES kpackets_ipreass_per_sec; 200 SYSTIMES kpackets_rebuilt_per_sec; 201 SYSTIMES usecs_per_packet; 202 SYSTIMES wire_mbits_per_sec; 203 SYSTIMES ipfrag_mbits_per_sec; 204 SYSTIMES ipreass_mbits_per_sec; 205 SYSTIMES rebuilt_mbits_per_sec; 206 SYSTIMES mbits_per_sec; 207 int avg_bytes_per_wire_packet; 208 int avg_bytes_per_ipfrag_packet; 209 int avg_bytes_per_ipreass_packet; 210 int avg_bytes_per_packet; 211 int avg_bytes_per_rebuilt_packet; 212 double idle_cpu_time; 213 double user_cpu_time; 214 double system_cpu_time; 215 PKTSTATS pkt_stats; 216 double pkt_drop_percent; 217 double alerts_per_second; 218 double syns_per_second; 219 double synacks_per_second; 220 double deleted_sessions_per_second; 221 double new_sessions_per_second; 222 223 double stream_flushes_per_second; 224 uint64_t stream_faults; 225 uint64_t stream_timeouts; 226 227 double frag_creates_per_second; 228 double frag_completes_per_second; 229 double frag_inserts_per_second; 230 double frag_deletes_per_second; 231 double frag_autofrees_per_second; 232 double frag_flushes_per_second; 233 uint64_t frag_timeouts; 234 uint64_t frag_faults; 235 uint64_t current_frags; 236 uint64_t max_frags; 237 238 double patmatch_percent; 239 time_t time; 240 241 #ifdef NORMALIZER 242 uint64_t pegs[PERF_COUNT_MAX][NORM_MODE_MAX]; 243 #endif 244 245 #ifdef LINUX_SMP 246 SFPROCPIDSTATS *sfProcPidStats; 247 #endif 248 249 uint64_t total_blocked_packets; 250 uint64_t total_blocked_bytes; 251 uint64_t total_injected_packets; 252 253 uint64_t total_udp_sessions; 254 uint64_t max_udp_sessions; 255 double deleted_udp_sessions_per_second; 256 double new_udp_sessions_per_second; 257 258 uint64_t max_tcp_sessions_interval; 259 uint64_t curr_tcp_sessions_initializing; 260 uint64_t curr_tcp_sessions_established; 261 uint64_t curr_tcp_sessions_closing; 262 double tcp_sessions_midstream_per_second; 263 double tcp_sessions_closed_per_second; 264 double tcp_sessions_timedout_per_second; 265 double tcp_sessions_pruned_per_second; 266 double tcp_sessions_dropped_async_per_second; 267 268 uint64_t current_attribute_hosts; 269 uint64_t attribute_table_reloads; 270 uint64_t total_mpls_packets; 271 uint64_t total_mpls_bytes; 272 uint64_t total_blocked_mpls_packets; 273 uint64_t total_blocked_mpls_bytes; 274 SYSTIMES kpackets_per_sec_mpls; 275 SYSTIMES mpls_mbits_per_sec; 276 int avg_bytes_per_mpls_packet; 277 278 /**TCP packets ignored due to port/service filtering.*/ 279 uint64_t total_tcp_filtered_packets; 280 /**UDP packets ignored due to port/service filtering.*/ 281 uint64_t total_udp_filtered_packets; 282 283 uint64_t frag3_mem_in_use; 284 uint64_t stream5_mem_in_use; 285 double total_alerts_per_second; 286 } SFBASE_STATS; 287 288 int InitBaseStats(SFBASE *sfBase); 289 void UpdateBaseStats(SFBASE *, Packet *, bool); 290 void ProcessBaseStats(SFBASE *, FILE *, int, int); 291 int AddStreamSession(SFBASE *sfBase, uint32_t flags); 292 #define SESSION_CLOSED_NORMALLY 0x01 293 #define SESSION_CLOSED_TIMEDOUT 0x02 294 #define SESSION_CLOSED_PRUNED 0x04 295 #define SESSION_CLOSED_ASYNC 0x08 296 int CloseStreamSession(SFBASE *sfBase, char flags); 297 int RemoveStreamSession(SFBASE *sfBase); 298 int AddUDPSession(SFBASE *sfBase); 299 int RemoveUDPSession(SFBASE *sfBase); 300 301 void UpdateWireStats(SFBASE *sfBase, int len, int dropped, int injected); 302 void UpdateMPLSStats(SFBASE *sfBase, int len, int dropped); 303 void UpdateIPFragStats(SFBASE *sfBase, int len); 304 void UpdateIPReassStats(SFBASE *sfBase, int len); 305 void UpdateStreamReassStats(SFBASE *sfBase, int len); 306 void UpdateFilteredPacketStats(SFBASE *sfBase, IpProto proto); 307 308 void LogBasePerfHeader(FILE*); 309 #endif 310 311 312