aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0861d3a2a3'
${ noResults }
suricata/src/util-time.c

283 lines
8.9 KiB
C
Raw Normal View History Unescape Escape

Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER This allows replacing pthread mutexes with other types of mutex.
12 years ago
/* Copyright (C) 2007-2013 Open Information Security Foundation
Import of GPLv2 Header 050410
15 years ago
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
* \author Ken Steele <suricata@tilera.com>
Import of GPLv2 Header 050410
15 years ago
*
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
* Time keeping for offline (non-live) packet handling (pcap files).
* And time string generation for alerts.
Import of GPLv2 Header 050410
15 years ago
*/
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Rename to Suricata.
16 years ago
#include "suricata-common.h"
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
#include "detect.h"
#include "threads.h"
First batch of fixes for new debug and logging API usage.
16 years ago
#include "util-debug.h"
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
adapted counters to use util-time.[ch]
16 years ago
static struct timeval current_time = { 0, 0 };
Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER This allows replacing pthread mutexes with other types of mutex.
12 years ago
//static SCMutex current_time_mutex = SCMUTEX_INITIALIZER;
Switch time api from mutex to spinlock.
15 years ago
static SCSpinlock current_time_spinlock;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
static char live = TRUE;
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
void TimeInit(void)
{
Switch time api from mutex to spinlock.
15 years ago
SCSpinInit(&current_time_spinlock, 0);
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
/* Initialize Time Zone settings. */
tzset();
Switch time api from mutex to spinlock.
15 years ago
}
Formatting change for function call. Put open brace { for function on a new line to match coding standard. Changed: int foo(int x) { } to: int foo(int x) { }
12 years ago
void TimeDeinit(void)
{
Switch time api from mutex to spinlock.
15 years ago
SCSpinDestroy(&current_time_spinlock);
}
adapted counters to use util-time.[ch]
16 years ago
void TimeModeSetLive(void)
{
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
live = TRUE;
More logging API usage changes.
16 years ago
SCLogDebug("live time mode enabled");
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
adapted counters to use util-time.[ch]
16 years ago
void TimeModeSetOffline (void)
{
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
live = FALSE;
More logging API usage changes.
16 years ago
SCLogDebug("offline time mode enabled");
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
adapted counters to use util-time.[ch]
16 years ago
void TimeSet(struct timeval *tv)
{
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (live == TRUE)
return;
if (tv == NULL)
return;
Switch time api from mutex to spinlock.
15 years ago
SCSpinLock(&current_time_spinlock);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
current_time.tv_sec = tv->tv_sec;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
current_time.tv_usec = tv->tv_usec;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("time set to %" PRIuMAX " sec, %" PRIuMAX " usec",
adapted counters to use util-time.[ch]
16 years ago
(uintmax_t)current_time.tv_sec, (uintmax_t)current_time.tv_usec);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Switch time api from mutex to spinlock.
15 years ago
SCSpinUnlock(&current_time_spinlock);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Time handling: improve time handling in unittests - make sure before each unittest is run the time is reset - add functions to set the time to current time and increment the time - convert alert-unified* Rotate tests to use them - convert time based counters to use them - use GetTime instead of gettimeofday for creating the unified* filenames
16 years ago
/** \brief set the time to "gettimeofday" meant for testing */
Formatting change for function call. Put open brace { for function on a new line to match coding standard. Changed: int foo(int x) { } to: int foo(int x) { }
12 years ago
void TimeSetToCurrentTime(void)
{
Time handling: improve time handling in unittests - make sure before each unittest is run the time is reset - add functions to set the time to current time and increment the time - convert alert-unified* Rotate tests to use them - convert time based counters to use them - use GetTime instead of gettimeofday for creating the unified* filenames
16 years ago
struct timeval tv;
memset(&tv, 0x00, sizeof(tv));
gettimeofday(&tv, NULL);
TimeSet(&tv);
}
adapted counters to use util-time.[ch]
16 years ago
void TimeGet(struct timeval *tv)
{
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (tv == NULL)
return;
if (live == TRUE) {
gettimeofday(tv, NULL);
} else {
Switch time api from mutex to spinlock.
15 years ago
SCSpinLock(&current_time_spinlock);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
tv->tv_sec = current_time.tv_sec;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
tv->tv_usec = current_time.tv_usec;
Switch time api from mutex to spinlock.
15 years ago
SCSpinUnlock(&current_time_spinlock);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
More logging API usage changes.
16 years ago
SCLogDebug("time we got is %" PRIuMAX " sec, %" PRIuMAX " usec",
adapted counters to use util-time.[ch]
16 years ago
(uintmax_t)tv->tv_sec, (uintmax_t)tv->tv_usec);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Time handling: improve time handling in unittests - make sure before each unittest is run the time is reset - add functions to set the time to current time and increment the time - convert alert-unified* Rotate tests to use them - convert time based counters to use them - use GetTime instead of gettimeofday for creating the unified* filenames
16 years ago
/** \brief increment the time in the engine
* \param tv_sec seconds to increment the time with */
Formatting change for function call. Put open brace { for function on a new line to match coding standard. Changed: int foo(int x) { } to: int foo(int x) { }
12 years ago
void TimeSetIncrementTime(uint32_t tv_sec)
{
Time handling: improve time handling in unittests - make sure before each unittest is run the time is reset - add functions to set the time to current time and increment the time - convert alert-unified* Rotate tests to use them - convert time based counters to use them - use GetTime instead of gettimeofday for creating the unified* filenames
16 years ago
struct timeval tv;
memset(&tv, 0x00, sizeof(tv));
TimeGet(&tv);
tv.tv_sec += tv_sec;
TimeSet(&tv);
}
On Open BSD systems don't cache time. Open BSD doesn't support __thread, which is used for time caching, so don't do time chaching for BSD systems.
12 years ago
/*
* Time Caching code
*/
#if defined(__OpenBSD__)
/* OpenBSD does not support __thread, so don't use time caching on BSD
*/
struct tm *SCLocalTime(time_t timep, struct tm *result)
{
return localtime_r(&timep, result);
}
void CreateTimeString (const struct timeval *ts, char *str, size_t size)
{
time_t time = ts->tv_sec;
struct tm local_tm;
struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
snprintf(str, size, "%02d/%02d/%02d-%02d:%02d:%02d.%06u",
t->tm_mon + 1, t->tm_mday, t->tm_year + 1900, t->tm_hour,
t->tm_min, t->tm_sec, (uint32_t) ts->tv_usec);
}
#else
/* On systems supporting __thread, use Per-thread values for caching
* in CreateTimeString */
Minor optimization in time caching code. Reduced the size of the cached string buffer from 128 to 32, which is still larger than the largest possible time string, which is 26 characters. Added a check for the user passing in an output buffer that is smaller than the cached string. Previously, the code would have copied past the end of the users buffer.
12 years ago
/* The maximum possible length of the time string.
* "%02d/%02d/%02d-%02d:%02d:%02d.%06u"
* Or "01/01/2013-15:42:21.123456", which is 26, so round up to 32. */
#define MAX_LOCAL_TIME_STRING 32
On Open BSD systems don't cache time. Open BSD doesn't support __thread, which is used for time caching, so don't do time chaching for BSD systems.
12 years ago
static __thread int mru_time_slot; /* Most recently used cached value */
static __thread time_t last_local_time[2];
static __thread short int cached_local_time_len[2];
static __thread char cached_local_time[2][MAX_LOCAL_TIME_STRING];
/* Per-thread values for caching SCLocalTime() These cached values are
* independent from the CreateTimeString cached values. */
static __thread int mru_tm_slot; /* Most recently used local tm */
static __thread time_t cached_minute_start[2];
static __thread struct tm cached_local_tm[2];
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
/** \brief Convert time_t into Year, month, day, hour and minutes.
* \param timep Time in seconds since defined date.
* \param result The structure into which the broken down time it put.
*
* To convert a time in seconds into year, month, day, hours, minutes
* and seconds, call localtime_r(), which uses the current time zone
* to compute these values. Note, glibc's localtime_r() aquires a lock
* each time it is called, which limits parallelism. To call
* localtime_r() less often, the values returned are cached for the
* current and previous minute and then seconds are adjusted to
* compute the returned result. This is valid as long as the
* difference between the start of the current minute and the current
* time is less than 60 seconds. Once the minute value changes, all
* the other values could change.
*
* Two values are cached to prevent thrashing when changing from one
* minute to the next. The two cached minutes are independent and are
* not required to be M and M+1. If more than two minutes are
* requested, the least-recently-used cached value is updated more
* often, the results are still correct, but performance will be closer
* to previous performance.
*/
OpenBSD: introduce SCLocalTime function. This function is a wrapper to localtime_r. It is needed to avoid a compilation warning on OpenBSD. I'm forced to type the function to a non pointer first parameter. If not we will have to use two differents functions in OpenBSD where tv->tv_sec is a long (different from time_t).
13 years ago
struct tm *SCLocalTime(time_t timep, struct tm *result)
{
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
/* Only get a new local time when the time crosses into a new
* minute. */
int mru = mru_tm_slot;
int lru = 1 - mru;
int mru_seconds = timep - cached_minute_start[mru];
int lru_seconds = timep - cached_minute_start[lru];
int new_seconds;
if (mru_seconds >= 0 && mru_seconds <= 59) {
/* Use most-recently cached time, adjusting the seconds. */
new_seconds = mru_seconds;
} else if (lru_seconds >= 0 && lru_seconds <= 59) {
/* Use least-recently cached time, update to most recently used. */
new_seconds = lru_seconds;
mru = lru;
mru_tm_slot = mru;
} else {
/* Update least-recent cached time. */
if (localtime_r(&timep, &cached_local_tm[lru]) == NULL)
return NULL;
/* Subtract seconds to get back to the start of the minute. */
new_seconds = cached_local_tm[lru].tm_sec;
cached_minute_start[lru] = timep - new_seconds;
mru = lru;
mru_tm_slot = mru;
}
memcpy(result, &cached_local_tm[mru], sizeof(struct tm));
result->tm_sec = new_seconds;
return result;
}
/* Update the cached time string in cache index N, for the current minute. */
static int UpdateCachedTime(int n, time_t time)
{
struct tm local_tm;
struct tm *t = (struct tm *)SCLocalTime(time, &local_tm);
int cached_len = snprintf(cached_local_time[n], MAX_LOCAL_TIME_STRING,
"%02d/%02d/%02d-%02d:%02d:",
t->tm_mon + 1, t->tm_mday, t->tm_year + 1900,
t->tm_hour, t->tm_min);
cached_local_time_len[n] = cached_len;
/* Store the time of the beginning of the minute. */
last_local_time[n] = time - t->tm_sec;
mru_time_slot = n;
return t->tm_sec;
OpenBSD: introduce SCLocalTime function. This function is a wrapper to localtime_r. It is needed to avoid a compilation warning on OpenBSD. I'm forced to type the function to a non pointer first parameter. If not we will have to use two differents functions in OpenBSD where tv->tv_sec is a long (different from time_t).
13 years ago
}
Merge multiple copies of CreateTimeString() to one copy. There were 8 identical copies of CreateTimeString() in 8 files. Most used SCLocalTime, to replace localtime_r(), but some did not. Created one copy in util-time.c.
12 years ago
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
/** \brief Return a formatted string for the provided time.
*
* Cache the Month/Day/Year - Hours:Min part of the time string for
* the current minute. Copy that result into the the return string and
* then only print the seconds for each call.
*/
Merge multiple copies of CreateTimeString() to one copy. There were 8 identical copies of CreateTimeString() in 8 files. Most used SCLocalTime, to replace localtime_r(), but some did not. Created one copy in util-time.c.
12 years ago
void CreateTimeString (const struct timeval *ts, char *str, size_t size)
{
time_t time = ts->tv_sec;
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
int seconds;
/* Only get a new local time when the time crosses into a new
* minute */
int mru = mru_time_slot;
int lru = 1 - mru;
int mru_seconds = time - last_local_time[mru];
int lru_seconds = time - last_local_time[lru];
if (mru_seconds >= 0 && mru_seconds <= 59) {
/* Use most-recently cached time. */
seconds = mru_seconds;
} else if (lru_seconds >= 0 && lru_seconds <= 59) {
/* Use least-recently cached time. Change this slot to Most-recent */
seconds = lru_seconds;
mru_time_slot = lru;
} else {
/* Update least-recent cached time. Lock accessing local time
* function because it keeps any internal non-spin lock. */
seconds = UpdateCachedTime(lru, time);
}
Merge multiple copies of CreateTimeString() to one copy. There were 8 identical copies of CreateTimeString() in 8 files. Most used SCLocalTime, to replace localtime_r(), but some did not. Created one copy in util-time.c.
12 years ago
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
/* Copy the string up to the current minute then print the seconds
into the return string buffer. */
char *cached_str = cached_local_time[mru_time_slot];
int cached_len = cached_local_time_len[mru_time_slot];
Minor optimization in time caching code. Reduced the size of the cached string buffer from 128 to 32, which is still larger than the largest possible time string, which is 26 characters. Added a check for the user passing in an output buffer that is smaller than the cached string. Previously, the code would have copied past the end of the users buffer.
12 years ago
if (cached_len >= size)
cached_len = size;
Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.
12 years ago
memcpy(str, cached_str, cached_len);
snprintf(str + cached_len, size - cached_len,
"%02d.%06u",
seconds, (uint32_t) ts->tv_usec);
Merge multiple copies of CreateTimeString() to one copy. There were 8 identical copies of CreateTimeString() in 8 files. Most used SCLocalTime, to replace localtime_r(), but some did not. Created one copy in util-time.c.
12 years ago
}
On Open BSD systems don't cache time. Open BSD doesn't support __thread, which is used for time caching, so don't do time chaching for BSD systems.
12 years ago
#endif /* defined(__OpenBSD__) */