aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,271 Commits
7 Branches
161 Tags
206 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5bbd8fe910'
${ noResults }
Commit Graph

49 Commits (5bbd8fe910a4921218b96a29ac39f90ead0d9cd5)

Author SHA1 Message Date
Victor Julien 820b0ded82 Add per packet profiling. 
Per packet profiling uses tick based accounting. It has 2 outputs, a summary
and a csv file that contains per packet stats.

Stats per packet include:
 1) total ticks spent
 2) ticks spent per individual thread module
 3) "threading overhead" which is simply calculated by subtracting (2) of (1).

A number of changes were made to integrate the new code in a clean way:
a number of generic enums are now placed in tm-threads-common.h so we can
include them from any part of the engine.

Code depends on --enable-profiling just like the rule profiling code.

New yaml parameters:

profiling:
  # packet profiling
  packets:

    # Profiling can be disabled here, but it will still have a
    # performance impact if compiled in.
    enabled: yes
    filename: packet_stats.log
    append: yes

    # per packet csv output
    csv:

      # Output can be disabled here, but it will still have a
      # performance impact if compiled in.
      enabled: no
      filename: packet_stats.csv

Example output of summary stats:

IP ver   Proto   cnt        min      max          avg
------   -----   ------     ------   ----------   -------
 IPv4       6     19436      11448      5404365     32993
 IPv4     256         4      11511        49968     30575

Per Thread module stats:

Thread Module              IP ver   Proto   cnt        min      max          avg
------------------------   ------   -----   ------     ------   ----------   -------
TMM_DECODEPCAPFILE          IPv4       6     19434       1242        47889      1770
TMM_DETECT                  IPv4       6     19436       1107       137241      1504
TMM_ALERTFASTLOG            IPv4       6     19436         90         1323       155
TMM_ALERTUNIFIED2ALERT      IPv4       6     19436        108         1359       138
TMM_ALERTDEBUGLOG           IPv4       6     19436         90         1134       154
TMM_LOGHTTPLOG              IPv4       6     19436        414      5392089      7944
TMM_STREAMTCP               IPv4       6     19434        828      1299159     19438

The proto 256 is a counter for handling of pseudo/tunnel packets.

Example output of csv:

pcap_cnt,ipver,ipproto,total,TMM_DECODENFQ,TMM_VERDICTNFQ,TMM_RECEIVENFQ,TMM_RECEIVEPCAP,TMM_RECEIVEPCAPFILE,TMM_DECODEPCAP,TMM_DECODEPCAPFILE,TMM_RECEIVEPFRING,TMM_DECODEPFRING,TMM_DETECT,TMM_ALERTFASTLOG,TMM_ALERTFASTLOG4,TMM_ALERTFASTLOG6,TMM_ALERTUNIFIEDLOG,TMM_ALERTUNIFIEDALERT,TMM_ALERTUNIFIED2ALERT,TMM_ALERTPRELUDE,TMM_ALERTDEBUGLOG,TMM_ALERTSYSLOG,TMM_LOGDROPLOG,TMM_ALERTSYSLOG4,TMM_ALERTSYSLOG6,TMM_RESPONDREJECT,TMM_LOGHTTPLOG,TMM_LOGHTTPLOG4,TMM_LOGHTTPLOG6,TMM_PCAPLOG,TMM_STREAMTCP,TMM_DECODEIPFW,TMM_VERDICTIPFW,TMM_RECEIVEIPFW,TMM_RECEIVEERFFILE,TMM_DECODEERFFILE,TMM_RECEIVEERFDAG,TMM_DECODEERFDAG,threading
1,4,6,172008,0,0,0,0,0,0,47889,0,0,48582,1323,0,0,0,0,1359,0,1134,0,0,0,0,0,8028,0,0,0,49356,0,0,0,0,0,0,0,14337

First line of the file contains labels.

2 example gnuplot scripts added to plot the data.
 14 years ago
Eric Leblond 6b9d1012ff Transform inet_ntop call into PrintInet one. 14 years ago
Victor Julien 4025567a5a Fix a number of unittests not properly initializing a packet causing issues on some archs. 14 years ago
Victor Julien e1d4e16645 Simplify packet decoding macro's. 14 years ago
Victor Julien 54cd3552e1 Remove tunnel_proto field from Packet structure. 14 years ago
Victor Julien 6aa551c558 Small optimizations to IPV4 and TCP header parsing. 14 years ago
Victor Julien 6d766f91ef Fix compiler warnings in defrag unittests. 15 years ago
Anoop Saldanha 5c880b04c9 fix ipv4 defrag + fix recursion level in defrag pseudo packet 15 years ago
Eric Leblond 8be92fdd99 SCTP support: add parsing of sctp 
This patch adds support of SCTP in all part of the code in charge
of decoding packets.
 15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests. 
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access 
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
 15 years ago
Victor Julien 718fecb6fc Better handle low memory conditions. 15 years ago
Victor Julien 4c3e17d4ab Fix thresholding issues. 15 years ago
Victor Julien e741bd0202 Cleanup packet recycling code. Fix issues in the packet tunnel/pseudo code. 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Pablo Rincon 943b4742a8 Moving inline functions to the .h files, so gcc can inline them correctly 15 years ago
Jason Ish 6b562f7aa6 Issue 82 - fragment counters. - number of fragments - number reassembled - number of timeouts 16 years ago
William Metcalf 8a64321340 raw pcap support additionl ipv4/6 validation 16 years ago
Jason Ish 6547725b39 consolidate more common code between ipv4 and ipv6. 16 years ago
Victor Julien b7bac14040 Fixup code to compile with -Wall -Werror -Wextra -Wno-unused-parameter compiler options. 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago
Anoop Saldanha ceb7e495ae refactoring perf stats code 16 years ago
Jason Ish e0b9e85230 Break out checksum fixup code to make the license separation more clear. 16 years ago
Breno Silva c43319c337 Regular expression for UnitTests 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Victor Julien 968d8df12b More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function. 16 years ago
Victor Julien 91bc83e5c6 More logging API usage changes. 16 years ago
Victor Julien 3a28171fbd Another round of logging api usage updates. 16 years ago
Anoop Saldanha 22c0ec2bc5 Added support for the csum-<protocol> rules keyword to the detection engine. Keywords added are ipv4-csum, tcpv4-csum, tcpv6-csum, udpv4-csum, udpv6-csum, icmpv4-csum and icmpv6-csum 16 years ago
Anoop Saldanha 41dd0f8e62 checksum calculation functions for ipv4, tcp, udpv4, icmpv4 16 years ago
Victor Julien 855dc62e30 Git merge artifact. 16 years ago
Brian Rectanus 63d970eb0b Fix compiler warning and add better ipv4 options debugging output. 16 years ago
Victor Julien e7f8a02484 Improve GRE counting. Actually use the GRE decoder. Register the GRE counter. 16 years ago
Victor Julien f5fe190b45 Fix a ipv4 compiler warning. Improve TCP opt decoding error handling logic. 16 years ago
Brian Rectanus 74cb73fc1d Decode IPv4 options. 16 years ago
Victor Julien 57f71f7e4b Pass the DecodeThreadVars to all Decoder functions properly. Improve the error handling. 16 years ago
Anoop Saldanha 244f5d547a new registration functions for the stats api, with local thread storage for counter ids 16 years ago
Victor Julien 4ec31e0445 Fix short IPv4 packets not getting detected in the decoder. Set decode event on short ipv6 packets. 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
Anoop Saldanha d0e70309c0 Implements counters for the decode module 16 years ago
Anoop Saldanha fc8bb6c934 perf_task_bugs_fixex_v1 16 years ago
Anoop Saldanha a5fb240a4a Changes added for the Performance Counter API 16 years ago
Victor Julien 516ca7ead5 Fix IPv4 and IPv6 decoders not being able to deal with ethernet packets with trailing bytes. 16 years ago
Breno Silva dec11038c6 PPP Support 16 years ago
Victor Julien 51a9e36e10 Remove vips references. Rename to eidps. 16 years ago
Victor Julien edf8650a7e Tunnel update. 16 years ago
Victor Julien 8cda70668c Tunnel fixes. 16 years ago
Victor Julien 28d9415e37 New approach to tunnel decoding. 16 years ago
William Metcalf 7006085195 udp decoding added icmp unreachables added to reject 16 years ago
Victor Julien bab4b62376 Initial add of the files. 16 years ago