aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleanup thresholding code.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 15 years ago
parent 6e8f572724
commit 8514132851
6 changed files with 327 additions and 105 deletions
Show Stats Download Patch File Download Diff File

3
src/detect-detection-filter.c
Unescape Escape View File

@ -499,6 +499,8 @@ static int DetectDetectionFilterTestSig2(void) {
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p.ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts = PacketAlertCheck(&p, 10);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
@ -507,6 +509,7 @@ static int DetectDetectionFilterTestSig2(void) {
alerts += PacketAlertCheck(&p, 10);
TimeSetIncrementTime(200);
TimeGet(&p.ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 10);

241
src/detect-engine-threshold.c
Unescape Escape View File

@ -73,7 +73,6 @@ int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
/* if have none just alert, otherwise handle thresholding */
if (td == NULL) {
//PacketAlertAppend(det_ctx, s, p);
/* Already inserted so get out */
ret = 1;
} else {
@ -97,19 +96,19 @@ int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
*/
DetectThresholdData *SigGetThresholdType(Signature *sig, Packet *p)
{
SigMatch *sm = sig->match;
SigMatch *sm = sig->match_tail;
DetectThresholdData *tsh = NULL;
if(p == NULL)
if (p == NULL)
return NULL;
while (sm != NULL) {
if (sm->type == DETECT_THRESHOLD || sm->type == DETECT_DETECTION_FILTER) {
if (sm->type == DETECT_THRESHOLD || sm->type == DETECT_DETECTION_FILTER) {
tsh = (DetectThresholdData *)sm->ctx;
return tsh;
}
sm = sm->next;
sm = sm->prev;
}
return NULL;
@ -163,42 +162,40 @@ DetectThresholdEntry *ThresholdHashSearch(DetectEngineCtx *de_ctx, DetectThresho
* Must need to check it
**/
void ThresholdTimeoutRemove(DetectEngineCtx *de_ctx)
static inline void ThresholdTimeoutRemove(DetectEngineCtx *de_ctx, struct timeval *tv)
{
struct timeval tv;
DetectThresholdEntry *tsh = NULL;
HashListTableBucket *next = NULL;
memset(&tv, 0x00, sizeof(tv));
TimeGet(&tv);
SCMutexLock(&de_ctx->ths_ctx.threshold_table_lock);
next = HashListTableGetListHead(de_ctx->ths_ctx.threshold_hash_table_src);
HashListTableBucket *next = HashListTableGetListHead(de_ctx->ths_ctx.threshold_hash_table_src);
while (next != NULL) {
tsh = HashListTableGetListData(next);
DetectThresholdEntry *tsh = HashListTableGetListData(next);
BUG_ON(tsh == NULL);
if ((tv->tv_sec - tsh->tv_sec1) <= tsh->seconds)
continue;
if (tsh && ((tv.tv_sec - tsh->tv_sec1) > tsh->seconds)) {
if (tsh->ipv == 4) {
switch(tsh->ipv) {
case 4:
if (tsh->type == TRACK_SRC) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdEntry));
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src,
tsh, sizeof(DetectThresholdEntry));
} else if (tsh->type == TRACK_DST) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdEntry));
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst,
tsh, sizeof(DetectThresholdEntry));
}
} else if (tsh->ipv == 6) {
break;
case 6:
if (tsh->type == TRACK_SRC) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdEntry));
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6,
tsh, sizeof(DetectThresholdEntry));
} else if (tsh->type == TRACK_DST) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdEntry));
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6,
tsh, sizeof(DetectThresholdEntry));
}
}
break;
}
next = HashListTableGetListNext(next);
}
SCMutexUnlock(&de_ctx->ths_ctx.threshold_table_lock);
return;
}
@ -216,20 +213,24 @@ void ThresholdHashAdd(DetectEngineCtx *de_ctx, DetectThresholdEntry *tsh_ptr, Pa
int ret = 0;
if (tsh_ptr->ipv == 4) {
SCLogDebug("ipv4");
if (tsh_ptr->track == TRACK_DST) {
SCLogDebug("dst");
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_dst, tsh_ptr, sizeof(DetectThresholdEntry));
} else if (tsh_ptr->track == TRACK_SRC) {
SCLogDebug("src");
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_src, tsh_ptr, sizeof(DetectThresholdEntry));
}
} else if (tsh_ptr->ipv == 6) {
if (tsh_ptr->track == TRACK_DST)
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh_ptr, sizeof(DetectThresholdEntry));
else if (tsh_ptr->track == TRACK_SRC)
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh_ptr, sizeof(DetectThresholdEntry));
switch(tsh_ptr->ipv) {
case 4:
if (tsh_ptr->track == TRACK_DST) {
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_dst,
tsh_ptr, sizeof(DetectThresholdEntry));
} else if (tsh_ptr->track == TRACK_SRC) {
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_src,
tsh_ptr, sizeof(DetectThresholdEntry));
}
break;
case 6:
if (tsh_ptr->track == TRACK_DST)
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6,
tsh_ptr, sizeof(DetectThresholdEntry));
else if (tsh_ptr->track == TRACK_SRC)
ret = HashListTableAdd(de_ctx->ths_ctx.threshold_hash_table_src_ipv6,
tsh_ptr, sizeof(DetectThresholdEntry));
break;
}
if(ret == -1) {
@ -238,7 +239,34 @@ void ThresholdHashAdd(DetectEngineCtx *de_ctx, DetectThresholdEntry *tsh_ptr, Pa
}
SCReturn;
return;
}
static inline DetectThresholdEntry *DetectThresholdEntryAlloc(DetectThresholdData *td, Packet *p, Signature *s) {
SCEnter();
DetectThresholdEntry *ste = SCMalloc(sizeof(DetectThresholdEntry));
if (ste == NULL) {
SCReturnPtr(NULL, "DetectThresholdEntry");
}
if (PKT_IS_IPV4(p))
ste->ipv = 4;
else if (PKT_IS_IPV6(p))
ste->ipv = 6;
ste->sid = s->id;
ste->gid = s->gid;
if (td->track == TRACK_DST) {
COPY_ADDRESS(&p->dst, &ste->addr);
} else if (td->track == TRACK_SRC) {
COPY_ADDRESS(&p->src, &ste->addr);
}
ste->track = td->track;
ste->seconds = td->seconds;
SCReturnPtr(ste, "DetectThresholdEntry");
}
/**
@ -251,11 +279,6 @@ void ThresholdHashAdd(DetectEngineCtx *de_ctx, DetectThresholdEntry *tsh_ptr, Pa
*
* \retval 1 alert on this event
* \retval 0 do not alert on this event
*
* \todo we currently malloc a DetectThresholdEntry for lookups. This is
* causing unnecessary overhead. We do need to alloc a DetectThresholdEntry
* when we it add it to the hash though, so the change is slightly less
* trivial.
*/
int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
DetectThresholdData *td, Packet *p, Signature *s)
@ -263,41 +286,30 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
SCEnter();
int ret = 0;
struct timeval ts;
DetectThresholdEntry *lookup_tsh = NULL;
DetectThresholdEntry *ste = NULL;
DetectThresholdEntry ste;
if (td == NULL) {
SCReturnInt(0);
}
/* setup the Entry we use to search our hash with */
ste = SCMalloc(sizeof(DetectThresholdEntry));
if (ste == NULL)
SCReturnInt(0);
memset(ste, 0x00, sizeof(ste));
if (PKT_IS_IPV4(p))
ste->ipv = 4;
ste.ipv = 4;
else if (PKT_IS_IPV6(p))
ste->ipv = 6;
ste.ipv = 6;
ste->sid = s->id;
ste->gid = s->gid;
ste.sid = s->id;
ste.gid = s->gid;
if (td->track == TRACK_DST) {
COPY_ADDRESS(&p->dst, &ste->addr);
COPY_ADDRESS(&p->dst, &ste.addr);
} else if (td->track == TRACK_SRC) {
COPY_ADDRESS(&p->src, &ste->addr);
COPY_ADDRESS(&p->src, &ste.addr);
}
ste->track = td->track;
ste->seconds = td->seconds;
SCLogDebug("ste %p", ste);
memset(&ts, 0x00, sizeof(ts));
TimeGet(&ts);
ste.track = td->track;
ste.seconds = td->seconds;
SCMutexLock(&de_ctx->ths_ctx.threshold_table_lock);
switch(td->type) {
@ -305,29 +317,33 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
{
SCLogDebug("limit");
lookup_tsh = ThresholdHashSearch(de_ctx, ste, p);
lookup_tsh = ThresholdHashSearch(de_ctx, &ste, p);
SCLogDebug("lookup_tsh %p", lookup_tsh);
if (lookup_tsh != NULL) {
if ((ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
if ((p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
if (lookup_tsh->current_count < td->count) {
ret = 1;
}
lookup_tsh->current_count++;
} else {
lookup_tsh->tv_sec1 = ts.tv_sec;
lookup_tsh->tv_sec1 = p->ts.tv_sec;
lookup_tsh->current_count = 1;
ret = 1;
}
} else {
ste->tv_sec1 = ts.tv_sec;
ste->current_count = 1;
DetectThresholdEntry *e = DetectThresholdEntryAlloc(td, p, s);
if (e == NULL) {
break;
}
e->tv_sec1 = p->ts.tv_sec;
e->current_count = 1;
ret = 1;
ThresholdHashAdd(de_ctx, ste, p);
ste = NULL;
ThresholdHashAdd(de_ctx, e, p);
}
break;
}
@ -335,9 +351,9 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
{
SCLogDebug("threshold");
lookup_tsh = ThresholdHashSearch(de_ctx, ste, p);
lookup_tsh = ThresholdHashSearch(de_ctx, &ste, p);
if (lookup_tsh != NULL) {
if ((ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
if ((p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count >= td->count) {
@ -345,19 +361,22 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
lookup_tsh->current_count = 0;
}
} else {
lookup_tsh->tv_sec1 = ts.tv_sec;
lookup_tsh->tv_sec1 = p->ts.tv_sec;
lookup_tsh->current_count = 1;
}
} else {
ste->current_count = 1;
ste->tv_sec1 = ts.tv_sec;
if (td->count == 1) {
ret = 1;
ste->current_count = 0;
} else {
ThresholdHashAdd(de_ctx,ste,p);
ste = NULL;
DetectThresholdEntry *e = DetectThresholdEntryAlloc(td, p, s);
if (e == NULL) {
break;
}
e->current_count = 1;
e->tv_sec1 = p->ts.tv_sec;
ThresholdHashAdd(de_ctx, e, p);
}
}
break;
@ -366,23 +385,27 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
{
SCLogDebug("both");
lookup_tsh = ThresholdHashSearch(de_ctx, ste, p);
lookup_tsh = ThresholdHashSearch(de_ctx, &ste, p);
if (lookup_tsh != NULL) {
if ((ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
if ((p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count == td->count) {
ret = 1;
}
} else {
lookup_tsh->tv_sec1 = ts.tv_sec;
lookup_tsh->tv_sec1 = p->ts.tv_sec;
lookup_tsh->current_count = 1;
}
} else {
ste->current_count = 1;
ste->tv_sec1 = ts.tv_sec;
DetectThresholdEntry *e = DetectThresholdEntryAlloc(td, p, s);
if (e == NULL) {
break;
}
e->current_count = 1;
e->tv_sec1 = p->ts.tv_sec;
ThresholdHashAdd(de_ctx,ste,p);
ste = NULL;
ThresholdHashAdd(de_ctx, e, p);
/* for the first match we return 1 to
* indicate we should alert */
@ -397,36 +420,40 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
{
SCLogDebug("detection_filter");
lookup_tsh = ThresholdHashSearch(de_ctx,ste,p);
lookup_tsh = ThresholdHashSearch(de_ctx, &ste, p);
if (lookup_tsh != NULL) {
if ((ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
if ((p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count >= td->count) {
ret = 1;
}
} else {
lookup_tsh->tv_sec1 = ts.tv_sec;
lookup_tsh->tv_sec1 = p->ts.tv_sec;
lookup_tsh->current_count = 1;
}
} else {
ste->current_count = 1;
ste->tv_sec1 = ts.tv_sec;
if (td->count == 1) {
ret = 1;
}
ThresholdHashAdd(de_ctx, ste, p);
ste = NULL;
DetectThresholdEntry *e = DetectThresholdEntryAlloc(td, p, s);
if (e == NULL) {
break;
}
e->current_count = 1;
e->tv_sec1 = p->ts.tv_sec;
ThresholdHashAdd(de_ctx, e, p);
}
break;
}
}
SCMutexUnlock(&de_ctx->ths_ctx.threshold_table_lock);
if (ste != NULL)
SCFree(ste);
/* handle timing out entries */
ThresholdTimeoutRemove(de_ctx, &p->ts);
ThresholdTimeoutRemove(de_ctx);
SCMutexUnlock(&de_ctx->ths_ctx.threshold_table_lock);
SCReturnInt(ret);
}
@ -454,7 +481,9 @@ char ThresholdCompareFunc(void *data1, uint16_t len1, void *data2,uint16_t len2)
DetectThresholdEntry *a = (DetectThresholdEntry *)data1;
DetectThresholdEntry *b = (DetectThresholdEntry *)data2;
if ((a->sid == b->sid) && (a->gid == b->gid) && (CMP_ADDR(&a->addr,&b->addr))) {
if ((a->sid == b->sid) && (a->gid == b->gid) &&
(CMP_ADDR(&a->addr,&b->addr)))
{
SCReturnInt(1);
}
@ -480,7 +509,10 @@ uint32_t ThresholdHashFunc(HashListTable *ht, void *data, uint16_t datalen)
if (dt->ipv == 4)
hash = (dt->sid + dt->gid + dt->addr.addr_data32[0]);
else if (dt->ipv == 6)
hash = (dt->sid + dt->gid + dt->addr.addr_data32[0] + dt->addr.addr_data32[1] + dt->addr.addr_data32[2] + dt->addr.addr_data32[3]);
hash = (dt->sid + dt->gid + dt->addr.addr_data32[0] +
dt->addr.addr_data32[1] +
dt->addr.addr_data32[2] +
dt->addr.addr_data32[3]);
else {
SCLogDebug("no dt->ipv");
}
@ -550,3 +582,4 @@ void ThresholdContextDestroy(DetectEngineCtx *de_ctx)
HashListTableFree(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6);
HashListTableFree(de_ctx->ths_ctx.threshold_hash_table_src_ipv6);
}

1
src/detect-engine-threshold.h
Unescape Escape View File

@ -38,7 +38,6 @@ void ThresholdFreeFunc(void *data);
char ThresholdCompareFunc(void *data1, uint16_t len1, void *data2,uint16_t len2);
uint32_t ThresholdHashFunc(HashListTable *ht, void *data, uint16_t datalen);
void ThresholdHashInit(DetectEngineCtx *de_ctx);
void ThresholdTimeoutRemove(DetectEngineCtx *de_ctx);
void ThresholdContextDestroy(DetectEngineCtx *de_ctx);
#endif /* __DETECT_ENGINE_THRESHOLD_H__ */

100
src/detect-threshold.c
Unescape Escape View File

@ -41,6 +41,10 @@
#include "util-byte.h"
#include "util-debug.h"
#ifdef UNITTESTS
#include "util-cpu.h"
#endif
#define PARSE_REGEX "^\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*"
static pcre *parse_regex;
@ -604,6 +608,8 @@ static int DetectThresholdTestSig3(void) {
ste->track = td->track;
TimeGet(&p.ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
@ -615,6 +621,7 @@ static int DetectThresholdTestSig3(void) {
}
TimeSetIncrementTime(200);
TimeGet(&p.ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
@ -691,6 +698,7 @@ static int DetectThresholdTestSig4(void) {
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p.ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts = PacketAlertCheck(&p, 10);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
@ -699,6 +707,7 @@ static int DetectThresholdTestSig4(void) {
alerts += PacketAlertCheck(&p, 10);
TimeSetIncrementTime(200);
TimeGet(&p.ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 10);
@ -811,6 +820,96 @@ cleanup:
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
static int DetectThresholdTestSig6Ticks(void) {
Packet p;
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
int result = 0;
int alerts = 0;
IPV4Hdr ip4h;
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
memset(&ip4h, 0, sizeof(ip4h));
p.src.family = AF_INET;
p.dst.family = AF_INET;
p.proto = IPPROTO_TCP;
p.ip4h = &ip4h;
p.ip4h->ip_src.s_addr = 0x01010101;
p.ip4h->ip_dst.s_addr = 0x02020202;
p.sp = 1024;
p.dp = 80;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit sid 1\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
if (s == NULL) {
goto end;
}
s = s->next = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit sid 1000\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1000;)");
if (s == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
uint64_t ticks_start = 0;
uint64_t ticks_end = 0;
ticks_start = UtilCpuGetTicks();
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts = PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
alerts += PacketAlertCheck(&p, 1);
alerts += PacketAlertCheck(&p, 1000);
ticks_end = UtilCpuGetTicks();
printf("test run %"PRIu64"\n", (ticks_end - ticks_start));
if(alerts == 10)
result = 1;
else
goto cleanup;
cleanup:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
@ -828,5 +927,6 @@ void ThresholdRegisterTests(void) {
UtRegisterTest("DetectThresholdTestSig3", DetectThresholdTestSig3, 1);
UtRegisterTest("DetectThresholdTestSig4", DetectThresholdTestSig4, 1);
UtRegisterTest("DetectThresholdTestSig5", DetectThresholdTestSig5, 1);
UtRegisterTest("DetectThresholdTestSig6Ticks", DetectThresholdTestSig6Ticks, 1);
#endif /* UNITTESTS */
}

1
src/flow-bit.c
Unescape Escape View File

@ -432,6 +432,7 @@ end:
GenericVarFree(f.flowvar);
return ret;
}
#endif /* UNITTESTS */
void FlowBitRegisterTests(void) {

86
src/util-profiling.c
Unescape Escape View File

@ -367,6 +367,91 @@ ProfilingTest01(void)
return 1;
}
static int
ProfilingGenericTicksTest01(void) {
#define TEST_RUNS 1024
uint64_t ticks_start = 0;
uint64_t ticks_end = 0;
void *ptr[TEST_RUNS];
int i;
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
ptr[i] = malloc(1024);
}
ticks_end = UtilCpuGetTicks();
printf("malloc(1024) %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
free(ptr[i]);
}
ticks_end = UtilCpuGetTicks();
printf("free(1024) %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
SCMutex m[TEST_RUNS];
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexInit(&m[i], NULL);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexInit() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexLock(&m[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexLock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexUnlock(&m[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexUnlock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexDestroy(&m[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexDestroy() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
SCSpinlock s[TEST_RUNS];
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinInit(&s[i], 0);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinInit() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinLock(&s[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinLock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinUnlock(&s[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinUnlock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinDestroy(&s[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinDestroy() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
return 1;
}
#endif /* UNITTESTS */
void
@ -374,6 +459,7 @@ SCProfilingRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("ProfilingTest01", ProfilingTest01, 1);
UtRegisterTest("ProfilingGenericTicksTest01", ProfilingGenericTicksTest01, 1);
#endif /* UNITTESTS */
}

Write Preview
Loading…
Cancel
Save