Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPS stats/v2 #9284

Closed
wants to merge 5 commits into from
Closed

IPS stats/v2 #9284

wants to merge 5 commits into from

Conversation

victorjulien
Copy link
Member

@victorjulien victorjulien commented Jul 25, 2023
edited
Loading 

{
  "accepted": 301661,
  "blocked": 219,
  "rejected": 0,
  "replaced": 0,
  "drop_reason": {
    "decode_error": 0,
    "defrag_error": 0,
    "defrag_memcap": 0,
    "flow_memcap": 0,
    "flow_drop": 143,
    "applayer_error": 0,
    "applayer_memcap": 0,
    "rules": 3,
    "threshold_detection_filter": 0,
    "stream_error": 68,
    "stream_memcap": 0,
    "stream_midstream": 5,
    "nfq_error": 0,
    "tunnel_packet_drop": 0
  }
}

https://redmine.openinfosecfoundation.org/issues/4756
https://redmine.openinfosecfoundation.org/issues/6230

@victorjulien
stats: simplify ips capture stats logic
54eade7 
Since many implementations use the ReleasePacket callback to issue
their verdict, no thread ctx is available. To work around this
just register the stats in a `thread_local` variable instead.
@victorjulien
eve/schema: add ips capture stats
100b0a8
@victorjulien
stats: register ips capture stats for each packet thread
485eca5 
ReleasePacket based verdicts can happen in several threads,
depending on the runmode details.

Only register and update if in IPS mode.
@victorjulien
stats: update ips capture counters centrally
ad0bdb8 
This adds support to all capture methods for these counters.

Ticket: OISF#4756.
@victorjulien
stats: add drop reason counters
7e580ed 
{
  "accepted": 296185,
  "blocked": 162,
  "rejected": 0,
  "replaced": 0,
  "drop_reason": {
    "decode_error": 0,
    "defrag_error": 0,
    "defrag_memcap": 0,
    "flow_memcap": 0,
    "flow_drop": 94,
    "applayer_error": 0,
    "applayer_memcap": 0,
    "rules": 3,
    "threshold_detection_filter": 0,
    "stream_error": 63,
    "stream_memcap": 0,
    "stream_midstream": 2,
    "nfq_error": 0,
    "tunnel_packet_drop": 0
  }
}

Ticket: OISF#6230.
@victorjulien victorjulien requested a review from a team as a code owner July 25, 2023 06:25
@codecov
Copy link

codecov bot commented Jul 25, 2023

Codecov Report

Merging #9284 (7e580ed) into master (1b08c56) will decrease coverage by 0.04%.
The diff coverage is 96.36%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9284      +/-   ##
==========================================
- Coverage   82.43%   82.40%   -0.04%     
==========================================
  Files         968      968              
  Lines      273953   274004      +51     
==========================================
- Hits       225840   225793      -47     
- Misses      48113    48211      +98
Flag Coverage Δ
fuzzcorpus 64.62% <9.09%> (-0.10%) ⬇️
suricata-verify 60.82% <96.36%> (-0.01%) ⬇️
unittests 62.92% <0.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien mentioned this pull request Jul 25, 2023
Closed
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 15381

@victorjulien
Copy link
Member Author

replaced by #9285

@victorjulien victorjulien deleted the ips-stats/v2 branch August 12, 2023 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@victorjulien @suricata-qa