📄 perf-base.c
字号:
return 0;}int GetMbitsPerSecond(SFBASE *sfBase, SFBASE_STATS *sfBaseStats, SYSTIMES *Systimes){ /* ** These Mbits stats are for the Snort Maximum Performance stats ** that can't reliably be gotten from Linux SMP kernels. So ** we don't do them. */ if(sfBase->iFlags & MAX_PERF_STATS) { sfBaseStats->mbits_per_sec.usertime = ((double) (sfBase->total_bytes<<3) * 1.0e-6) / Systimes->usertime; sfBaseStats->mbits_per_sec.systemtime = ((double) (sfBase->total_bytes<<3) * 1.0e-6) / Systimes->systemtime; sfBaseStats->mbits_per_sec.totaltime = ((double) (sfBase->total_bytes<<3) * 1.0e-6) / Systimes->totaltime; } sfBaseStats->mbits_per_sec.realtime = ((double)(sfBase->total_bytes<<3) * 1.0e-6) / Systimes->realtime; sfBaseStats->wire_mbits_per_sec.realtime = ((double)(sfBase->total_wire_bytes<<3) * 1.0e-6) / Systimes->realtime; sfBaseStats->rebuilt_mbits_per_sec.realtime = ((double)(sfBase->total_rebuilt_bytes<<3) * 1.0e-6) / Systimes->realtime; sfBaseStats->ipfrag_mbits_per_sec.realtime = ((double)(sfBase->total_ipfragmented_bytes<<3) * 1.0e-6) / Systimes->realtime; sfBaseStats->ipreass_mbits_per_sec.realtime = ((double)(sfBase->total_ipreassembled_bytes<<3) * 1.0e-6) / Systimes->realtime; return 0;}int GetCPUTime(SFBASE *sfBase, SFBASE_STATS *sfBaseStats, SYSTIMES *Systimes){#ifndef LINUX_SMP unsigned char needToNormalize = 0; sfBaseStats->user_cpu_time = (Systimes->usertime / Systimes->realtime) * 100; sfBaseStats->system_cpu_time = (Systimes->systemtime / Systimes->realtime) * 100; sfBaseStats->idle_cpu_time = ((Systimes->realtime - Systimes->totaltime) / Systimes->realtime) * 100; /* percentages can be < 0 because of a small variance between * when the snapshot is taken of the CPU times and snapshot of * the real time. So these are just a safe-guard to normalize * the data so we see positive values. */ if (sfBaseStats->user_cpu_time < 0) { sfBaseStats->user_cpu_time = 0; needToNormalize = 1; } if (sfBaseStats->system_cpu_time < 0) { sfBaseStats->system_cpu_time = 0; needToNormalize = 1; } if (sfBaseStats->idle_cpu_time < 0) { sfBaseStats->idle_cpu_time = 0; needToNormalize = 1; } if (needToNormalize) { double totalPercent = sfBaseStats->user_cpu_time + sfBaseStats->system_cpu_time + sfBaseStats->idle_cpu_time; sfBaseStats->user_cpu_time = (sfBaseStats->user_cpu_time / totalPercent) * 100; sfBaseStats->system_cpu_time = ( sfBaseStats->system_cpu_time / totalPercent) * 100; sfBaseStats->idle_cpu_time = ( sfBaseStats->idle_cpu_time / totalPercent) * 100; }#endif return 0;}/*** NAME** CalculateBasePerfStats**** DESCRIPTION** This is the main function that calculates the stats. Stats ** that we caculate are:** *uSecs per Packet** *Packets per Second** *Mbits per Second** *Average bytes per Packet** *CPU Time** *Dropped Packets** These statistics are processed and then stored in the** SFBASE_STATS structure. This allows output functions to** be easily formed and inserted.** NOTE: We can break up these statistics into functions for easier** reading.**** FORMAL INPUTS** SFBASE * - ptr to performance struct** SFBASE_STATS * - ptr to struct to fill in performance stats**** FORMAL OUTPUTS** int - 0 is successful*/int CalculateBasePerfStats(SFBASE *sfBase, SFBASE_STATS *sfBaseStats){ SYSTIMES Systimes; time_t clock;#ifdef LINUX_SMP /* ** We also give sfBaseStats access to the CPU usage ** contained in sfProcPidStats. This way we don't need ** to complicate sfBaseStats further. */ sfBaseStats->sfProcPidStats = &(sfBase->sfProcPidStats);#endif if(GetProcessingTime(&Systimes, sfBase)) return -1; sfBaseStats->total_blocked_packets = sfBase->total_blocked_packets; /* ** Avg. bytes per Packet */ if (sfBase->total_packets > 0) sfBaseStats->avg_bytes_per_packet = (int)((double)(sfBase->total_bytes) / (double)(sfBase->total_packets)); else sfBaseStats->avg_bytes_per_packet = 0; if (sfBase->total_wire_packets > 0) sfBaseStats->avg_bytes_per_wire_packet = (int)((double)(sfBase->total_wire_bytes) / (double)(sfBase->total_wire_packets)); else sfBaseStats->avg_bytes_per_wire_packet = 0; if (sfBase->total_ipfragmented_packets > 0) sfBaseStats->avg_bytes_per_ipfrag_packet = (int)((double)(sfBase->total_ipfragmented_bytes) / (double)(sfBase->total_ipfragmented_packets)); else sfBaseStats->avg_bytes_per_ipfrag_packet = 0; if (sfBase->total_ipreassembled_packets > 0) sfBaseStats->avg_bytes_per_ipreass_packet = (int)((double)(sfBase->total_ipreassembled_bytes) / (double)(sfBase->total_ipreassembled_packets)); else sfBaseStats->avg_bytes_per_ipreass_packet = 0; if (sfBase->total_rebuilt_packets > 0) sfBaseStats->avg_bytes_per_rebuilt_packet = (int)((double)(sfBase->total_rebuilt_bytes) / (double)(sfBase->total_rebuilt_packets)); else sfBaseStats->avg_bytes_per_rebuilt_packet = 0; /* ** CPU time */ GetCPUTime(sfBase, sfBaseStats, &Systimes); /* ** Get Dropped Packets */ GetPktDropStats(sfBase, sfBaseStats); /* ** Total packets */ sfBaseStats->total_packets = sfBase->total_wire_packets; /* * Pattern Matching Performance in Real and User time */ sfBaseStats->patmatch_percent = 100.0 * mpseGetPatByteCount() / sfBase->total_wire_bytes; mpseResetByteCount(); if(sfBase->iFlags & MAX_PERF_STATS) { /* ** uSeconds per Packet ** user, system, total time */ GetuSecondsPerPacket(sfBase, sfBaseStats, &Systimes); } /* ** Mbits per sec ** user, system, total time */ GetMbitsPerSecond(sfBase, sfBaseStats, &Systimes); /* ** EventsPerSecond ** We get the information from the global variable ** PacketCount. */ GetEventsPerSecond(sfBase, sfBaseStats, &Systimes); /* ** Packets per seconds ** user, system, total time */ GetPacketsPerSecond(sfBase, sfBaseStats, &Systimes); /* ** Attribute Table counters ** */ sfBaseStats->current_attribute_hosts = sfBase->iAttributeHosts; sfBaseStats->attribute_table_reloads = sfBase->iAttributeReloads; /* ** Set the date string for print out */ time(&clock); sfBaseStats->time = clock; return 0;}/*** NAME** GetPktDropStats**** DESCRIPTION** Gets the packet drop statisitics from OS.** NOTE: Currently only pcap-based sniffing is supported. Should** add native OS calls.**** FORMAL INPUT** SFBASE * - ptr to struct** SFBASE_STATS * - ptr to struct to fill in with perf stats**** FORMAL OUTPUT** int - 0 is successful*/int GetPktDropStats(SFBASE *sfBase, SFBASE_STATS *sfBaseStats){ /* ** Network Interfaces. Right now we only check ** the first interface */ extern pcap_t *pd; if((!pd)#ifdef WIN32 || (pv.readmode_flag)#endif ) { if (sfBase->iReset == 1) { sfBaseStats->pkt_stats.pkts_recv = sfBase->total_wire_packets; } else { sfBaseStats->pkt_stats.pkts_recv += sfBase->total_wire_packets; } sfBaseStats->pkt_stats.pkts_drop = 0; sfBaseStats->pkt_drop_percent = 0.0; return 0; } if (UpdatePcapPktStats() == -1) { if (sfBase->iReset == 1) { sfBaseStats->pkt_stats.pkts_recv = sfBase->total_wire_packets; } else { sfBaseStats->pkt_stats.pkts_recv += sfBase->total_wire_packets; } sfBaseStats->pkt_stats.pkts_drop = 0; sfBaseStats->pkt_drop_percent = 0.0; } else { UINT64 recv, drop; recv = GetPcapPktStatsRecv(); drop = GetPcapPktStatsDrop(); if( sfBase->iReset == 1 ) { sfBaseStats->pkt_stats.pkts_recv = recv - sfBase->pkt_stats.pkts_recv; sfBaseStats->pkt_stats.pkts_drop = drop - sfBase->pkt_stats.pkts_drop; } else { sfBaseStats->pkt_stats.pkts_recv = recv; sfBaseStats->pkt_stats.pkts_drop = drop; } sfBaseStats->pkt_drop_percent = ((double)sfBaseStats->pkt_stats.pkts_drop / (double)sfBaseStats->pkt_stats.pkts_recv) * 100; /* ** Reset sfBase stats for next go round. */ sfBase->pkt_stats.pkts_recv = recv; sfBase->pkt_stats.pkts_drop = drop; } return 0;}/* * * Log Base Per Stats to File for Use by the MC * * unixtime(in secs since epoch) * %pkts dropped * mbits/sec (wire) * alerts/sec * K-Packets/Sec (wire) * Avg Bytes/Pkt (wire) * %bytes pattern matched * syns/sec * synacks/sec * new-sessions/sec (tcp stream cache) * del-sessions/sec (tcp stream cache) * total-sessions open (tcp stream cache) * max-sessions, lifetime (tcp stream cache) * streamflushes/sec * streamfaults/sec * streamtimeouts * fragcreates/sec * fragcompletes/sec⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -