Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/355/20240319/v1 #10667

Merged
merged 1 commit into from
Mar 20, 2024
Merged

next/355/20240319/v1 #10667

merged 1 commit into from
Mar 20, 2024

Conversation

victorjulien
Copy link
Member

@jlucovsky @victorjulien
profiling/rules: Improve dynamic rule handling
bf5cfd6 
Issue: 6861

Without this commit, disabling rule profiling via suricatasc's command
'ruleset-profile-stop' may crash because profiling_rules_entered becomes
negative.

This can happen because
- There can be multiple rules evaluated for a single packet
- Each rule is profiled individually.
- Starting profiling is gated by a configuration setting and rule
  profiling being active
- Ending profiling is gated by the same configuration setting and
  whether the packet was marked as profiling.

The crash can occur when a rule is being profiled and rule profiling
is then disabled after one at least one rule was profiled for the packet
(which marks the packet as being profiled).

In this scenario, the value of profiling_rules_entered was
not incremented so the BUG_ON in the end profiling macro trips
because it is 0.

The changes to fix the problem are:
- In the profiling end macro, gate the actions taken there by the same
  configuration setting and use the profiling_rues_entered (instead of
  the per-packet profiling flag). Since the start and end macros are
  tightly coupled, this will permit profiling to "finish" if started.
- Modify SCProfileRuleStart to only check the sampling values if the
  packet hasn't been marked for profiling already. This change makes all
  rules for a packet (once selected) to be profiled (without this change
  sampling is applied to each *rule* that applies to the packet.
@codecov Codecov
Copy link

codecov bot commented Mar 19, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.72%. Comparing base (c4b8fb7) to head (bf5cfd6).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10667      +/-   ##
==========================================
- Coverage   82.73%   82.72%   -0.01%     
==========================================
  Files         926      926              
  Lines      247633   247633              
==========================================
- Hits       204874   204865       -9     
- Misses      42759    42768       +9
Flag Coverage Δ
fuzzcorpus 64.22% <ø> (ø)
suricata-verify 61.98% <ø> (ø)
unittests 62.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.tcp.pseudo 2810 19562 696.16%

Pipeline 19630

@victorjulien victorjulien merged commit bf5cfd6 into OISF:master Mar 20, 2024
45 checks passed
@victorjulien victorjulien mentioned this pull request Mar 20, 2024
Closed
@victorjulien victorjulien deleted the next/355/20240319/v1 branch March 20, 2024 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@victorjulien @suricata-qa @jasonish @jlucovsky