Skip to content

Commit

Permalink
stream/reassemble: add exception policy counters
Browse files Browse the repository at this point in the history 
Add stats counters for exception policies applied in case of memcap hit
during stream reassembly.

Task OISF#5816
  • Loading branch information
@jufajardini
jufajardini committed Apr 16, 2023
1 parent 9291b4f commit ff14f37
Show file tree
Hide file tree
Showing 4 changed files with 80 additions and 2 deletions.
26 changes: 26 additions & 0 deletions etc/schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5214,6 +5214,32 @@
"pseudo_failed": {
"type": "integer"
},
"reassembly_exception_policy": {
"type": "object",
"anyOf": [
{
"$ref": "#/$defs/drop_flow"
},
{
"$ref": "#/$defs/drop_packet"
},
{
"$ref": "#/$defs/pass_flow"
},
{
"$ref": "#/$defs/pass_packet"
},
{
"$ref": "#/$defs/bypass"
},
{
"$ref": "#/$defs/ignore"
},
{
"$ref": "#/$defs/reject"
}
]
},
"reassembly_gap": {
"type": "integer"
},
Expand Down
32 changes: 31 additions & 1 deletion src/stream-tcp-reassemble.c
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2007-2022 Open Information Security Foundation
/* Copyright (C) 2007-2023 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
Expand Down Expand Up @@ -1968,6 +1968,34 @@ static int StreamTcpReassembleHandleSegmentUpdateACK (ThreadVars *tv,
SCReturnInt(0);
}

static void StreamTcpReassembleExceptionPolicyStatsIncr(
ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, enum ExceptionPolicy policy)
{
switch (policy) {
case EXCEPTION_POLICY_NOT_SET:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_ignore);
break;
case EXCEPTION_POLICY_REJECT:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_reject);
break;
case EXCEPTION_POLICY_BYPASS_FLOW:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_bypass);
break;
case EXCEPTION_POLICY_DROP_FLOW:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_drop_flow);
break;
case EXCEPTION_POLICY_DROP_PACKET:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_drop_packet);
break;
case EXCEPTION_POLICY_PASS_PACKET:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_pass_packet);
break;
case EXCEPTION_POLICY_PASS_FLOW:
StatsIncr(tv, ra_ctx->counter_tcp_reas_eps_pass_flow);
break;
}
}

int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
TcpSession *ssn, TcpStream *stream, Packet *p)
{
Expand Down Expand Up @@ -2033,6 +2061,8 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
/* failure can only be because of memcap hit, so see if this should lead to a drop */
ExceptionPolicyApply(
p, stream_config.reassembly_memcap_policy, PKT_DROP_REASON_STREAM_MEMCAP);
StreamTcpReassembleExceptionPolicyStatsIncr(
tv, ra_ctx, stream_config.reassembly_memcap_policy);
SCReturnInt(-1);
}

Expand Down
10 changes: 9 additions & 1 deletion src/stream-tcp-reassemble.h
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
/* Copyright (C) 2007-2023 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
Expand Down Expand Up @@ -63,6 +63,14 @@ typedef struct TcpReassemblyThreadCtx_ {

/** TCP segments which are not being reassembled due to memcap was reached */
uint16_t counter_tcp_segment_memcap;
/** times exception policy for stream reassembly memcap was applied **/
uint16_t counter_tcp_reas_eps_ignore;
uint16_t counter_tcp_reas_eps_reject;
uint16_t counter_tcp_reas_eps_bypass;
uint16_t counter_tcp_reas_eps_pass_flow;
uint16_t counter_tcp_reas_eps_pass_packet;
uint16_t counter_tcp_reas_eps_drop_flow;
uint16_t counter_tcp_reas_eps_drop_packet;

uint16_t counter_tcp_segment_from_cache;
uint16_t counter_tcp_segment_from_pool;
Expand Down
14 changes: 14 additions & 0 deletions src/stream-tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5795,6 +5795,20 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
SCReturnInt(TM_ECODE_FAILED);

stt->ra_ctx->counter_tcp_segment_memcap = StatsRegisterCounter("tcp.segment_memcap_drop", tv);
stt->ra_ctx->counter_tcp_reas_eps_ignore =
StatsRegisterCounter("tcp.reassembly_exception_policy.ignore", tv);
stt->ra_ctx->counter_tcp_reas_eps_reject =
StatsRegisterCounter("tcp.reassembly_exception_policy.reject", tv);
stt->ra_ctx->counter_tcp_reas_eps_bypass =
StatsRegisterCounter("tcp.reassembly_exception_policy.bypass", tv);
stt->ra_ctx->counter_tcp_reas_eps_pass_flow =
StatsRegisterCounter("tcp.reassembly_exception_policy.pass_flow", tv);
stt->ra_ctx->counter_tcp_reas_eps_pass_packet =
StatsRegisterCounter("tcp.reassembly_exception_policy.pass_packet", tv);
stt->ra_ctx->counter_tcp_reas_eps_drop_flow =
StatsRegisterCounter("tcp.reassembly_exception_policy.drop_flow", tv);
stt->ra_ctx->counter_tcp_reas_eps_drop_packet =
StatsRegisterCounter("tcp.reassembly_exception_policy.drop_packet", tv);
stt->ra_ctx->counter_tcp_segment_from_cache =
StatsRegisterCounter("tcp.segment_from_cache", tv);
stt->ra_ctx->counter_tcp_segment_from_pool = StatsRegisterCounter("tcp.segment_from_pool", tv);
Expand Down

0 comments on commit ff14f37

Please sign in to comment.