1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 
19 // stream_module.h author Russ Combs <rucombs@cisco.com>
20 
21 #ifndef STREAM_MODULE_H
22 #define STREAM_MODULE_H
23 
24 #include "main/analyzer.h"
25 #include "main/snort_config.h"
26 #include "flow/flow_config.h"
27 #include "flow/flow_control.h"
28 #include "framework/module.h"
29 
30 namespace snort
31 {
32 class Trace;
33 struct SnortConfig;
34 }
35 
36 extern THREAD_LOCAL snort::ProfileStats s5PerfStats;
37 extern THREAD_LOCAL class FlowControl* flow_con;
38 extern THREAD_LOCAL const snort::Trace* stream_trace;
39 
40 #ifdef DEBUG_MSGS
41 enum
42 {
43     TRACE_BASE = 0,
44     TRACE_FLOW
45 };
46 #endif
47 
48 //-------------------------------------------------------------------------
49 // stream module
50 //-------------------------------------------------------------------------
51 
52 #define MOD_NAME "stream"
53 #define MOD_HELP "common flow tracking"
54 
55 struct BaseStats
56 {
57      PegCount flows;
58      PegCount prunes;
59      PegCount timeout_prunes;
60      PegCount excess_prunes;
61      PegCount uni_prunes;
62      PegCount preemptive_prunes;
63      PegCount memcap_prunes;
64      PegCount ha_prunes;
65      PegCount stale_prunes;
66      PegCount expected_flows;
67      PegCount expected_realized;
68      PegCount expected_pruned;
69      PegCount expected_overflows;
70      PegCount reload_tuning_idle;
71      PegCount reload_tuning_packets;
72      PegCount reload_total_adds;
73      PegCount reload_total_deletes;
74      PegCount reload_freelist_flow_deletes;
75      PegCount reload_allowed_flow_deletes;
76      PegCount reload_blocked_flow_deletes;
77      PegCount reload_offloaded_flow_deletes;
78 };
79 
80 extern const PegInfo base_pegs[];
81 
82 extern THREAD_LOCAL BaseStats stream_base_stats;
83 
84 struct StreamModuleConfig
85 {
86     FlowCacheConfig flow_cache_cfg;
87 #ifdef REG_TEST
88     unsigned footprint = 0;
89 #endif
90     uint32_t held_packet_timeout = 1000;  // in milliseconds
91 
92     void show() const;
93 };
94 
95 class StreamReloadResourceManager : public snort::ReloadResourceTuner
96 {
97 public:
98     StreamReloadResourceManager() = default;
99 
100     bool tinit() override;
101     bool tune_packet_context() override;
102     bool tune_idle_context() override;
103 
104     bool initialize(const StreamModuleConfig&);
105 
106 private:
107     bool tune_resources(unsigned work_limit);
108 
109 private:
110     StreamModuleConfig config;
111 };
112 
113 class HPQReloadTuner : public snort::ReloadResourceTuner
114 {
115 public:
HPQReloadTuner(uint32_t packet_timeout)116     explicit HPQReloadTuner(uint32_t packet_timeout) : held_packet_timeout(packet_timeout) { }
117     ~HPQReloadTuner() override = default;
118 
119     bool tinit() override;
120     bool tune_packet_context() override;
121     bool tune_idle_context() override;
122 
123 private:
124     uint32_t held_packet_timeout;
125 };
126 
127 class StreamUnloadReloadResourceManager : public snort::ReloadResourceTuner
128 {
129 public:
130     StreamUnloadReloadResourceManager() = default;
131 
132     bool tinit() override;
133     bool tune_packet_context() override;
134     bool tune_idle_context() override;
135 
136 private:
137     bool tune_resources(unsigned work_limit);
138 };
139 
140 class StreamModule : public snort::Module
141 {
142 public:
143     StreamModule();
144 
145     bool begin(const char*, int, snort::SnortConfig*) override;
146     bool set(const char*, snort::Value&, snort::SnortConfig*) override;
147     bool end(const char*, int, snort::SnortConfig*) override;
148 
149     const PegInfo* get_pegs() const override;
150     PegCount* get_counts() const override;
151     snort::ProfileStats* get_profile() const override;
152     const StreamModuleConfig* get_data();
153 
154     unsigned get_gid() const override;
155     const snort::RuleMap* get_rules() const override;
156 
157     void prep_counts() override;
158     void sum_stats(bool) override;
159     void show_stats() override;
160     void reset_stats() override;
161 
counts_need_prep()162     bool counts_need_prep() const override
163     { return true; }
164 
get_usage()165     Usage get_usage() const override
166     { return GLOBAL; }
167 
168     void set_trace(const snort::Trace*) const override;
169     const snort::TraceOption* get_trace_options() const override;
170 
171 private:
172     StreamModuleConfig config;
173 };
174 
175 extern void base_prep();
176 extern void base_sum();
177 extern void base_stats();
178 extern void base_reset(bool reset_all=true);
179 
180 #endif
181