Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stats: Do not expand dots of tm_name #10316

Closed
wants to merge 3 commits into from
Closed

stats: Do not expand dots of tm_name #10316

wants to merge 3 commits into from

Conversation

awelzel
Copy link
Contributor

@awelzel awelzel commented Feb 5, 2024

Make sure these boxes are signed before submitting your Pull Request -- thank you.

Link to redmine 6732 ticket:

Describe changes:

When an interface with dots is used, per worker stats are nested by the dot-separated-components of the interface due to the usage of OutputStats2Json().

Prevent this by using OutputStats2Json() on a per-thread specific object and setting this object into the threads object using the json_object_set_new() which won't do the dot expansion.

This was tested by creating an interface with dots in the name and checking the stats.

ip link add name a.b.c type dummy

With Suricata 7.0.2, sniffing on the a.b.c interface results in the following worker stats format:

"threads": {
  "W#01-a": {
    "b": {
      "c": {
        "capture": {
          "kernel_packets": 0,

After this fix, the output looks as follows:

"threads": {
  "W#01-a.b.c": {
    "capture": {
      "kernel_packets": 0,

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@awelzel
stats: Do not expand dots of tm_name
b2b6b60 
When an interface with dots is used, per worker stats are nested by the
dot-separated-components of the interface due to the usage of
OutputStats2Json().

Prevent this by using OutputStats2Json() on a per-thread specific object
and setting this object into the threads object using the
json_object_set_new() which won't do the dot expansion.

This was tested by creating an interface with dots in the name
and checking the stats.

    ip link add name a.b.c type dummy

With Suricata 7.0.2, sniffing on the a.b.c interface results in the
following worker stats format:

    "threads": {
      "W#01-a": {
        "b": {
          "c": {
            "capture": {
              "kernel_packets": 0,

After this fix, the output looks as follows:

    "threads": {
      "W#01-a.b.c": {
        "capture": {
          "kernel_packets": 0,

Ticket: OISF#6732
awelzel
awelzel commented Feb 5, 2024
View reviewed changes
src/output-json-stats.c Outdated
/* for each counter */
for (u = offset; u < (offset + st->nstats); u++) {
if (st->tstats[u].name == NULL)
continue;

// Seems this holds, but assert in debug builds.
assert(strcmp(st->tstats[u].tm_name, st->tstats[u].tm_name) == 0);
Copy link
Contributor Author

@awelzel awelzel Feb 5, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ewh, this was meant to be - let me know whether to open v2 with that and any more suggestions or it can be fixed during the merge. Thanks.

Suggested change
assert(strcmp(st->tstats[u].tm_name, st->tstats[u].tm_name) == 0);
assert(strcmp(st->tstats[offset].tm_name, st->tstats[u].tm_name) == 0);

@awelzel awelzel marked this pull request as draft February 5, 2024 17:57
@awelzel
fixup! stats: Do not expand dots of tm_name
0d2e687 
Use DEBUG_VALIDATE_BUG_ON instead of plain assert()
@codecov Codecov
Copy link

codecov bot commented Feb 5, 2024

Codecov Report

Attention: 9 lines in your changes are missing coverage. Please review.

Comparison is base (244a35d) 73.31% compared to head (0d2e687) 82.34%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           master   #10316       +/-   ##
===========================================
+ Coverage   73.31%   82.34%    +9.02%     
===========================================
  Files         895      978       +83     
  Lines      148215   272035   +123820     
===========================================
+ Hits       108666   224010   +115344     
- Misses      39549    48025     +8476
Flag Coverage Δ
fuzzcorpus 63.59% <0.00%> (+0.11%) ⬆️
suricata-verify 61.50% <0.00%> (-0.03%) ⬇️
unittests 62.84% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

@awelzel awelzel marked this pull request as ready for review February 6, 2024 09:52
@awelzel awelzel mentioned this pull request Feb 8, 2024
Closed
3 tasks
@awelzel
Copy link
Contributor Author

awelzel commented Feb 8, 2024

Replaced by #10338

@awelzel awelzel closed this Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
1 participant
@awelzel