Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors

perf-base.c

Go to the documentation of this file.
00001 /*
00002 ** $Id$
00003 **
00004 ** perf-base.c
00005 **
00006 ** Copyright (C) 2002 Sourcefire,Inc
00007 ** Dan Roelker <droelker@sourcefire.com>
00008 ** Marc Norton <mnorton@sourcefire.com>
00009 **
00010 ** This program is free software; you can redistribute it and/or modify
00011 ** it under the terms of the GNU General Public License as published by
00012 ** the Free Software Foundation; either version 2 of the License, or
00013 ** (at your option) any later version.
00014 **
00015 ** This program is distributed in the hope that it will be useful,
00016 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00017 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00018 ** GNU General Public License for more details.
00019 **
00020 ** You should have received a copy of the GNU General Public License
00021 ** along with this program; if not, write to the Free Software
00022 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00023 **
00024 **  DESCRIPTION
00025 **    The following subroutines are concerned with getting
00026 **    basic stats on packet bytes and times that an app
00027 **    takes in processing packets.  The times measured are
00028 **    kernel and user time for the process.   Real-time
00029 **    (wall clock) is also measured to show when processing
00030 **    has reached capacity and to measure the true processing 
00031 **    that the app is currently doing.
00032 **
00033 **  NOTES
00034 **    4.8.02  : Initial Code (DJR,MAN)
00035 **    4.22.02 : Added Comments (DJR)
00036 **    7.10.02 : Added sfprocpidstats code for SMP linux (DJR)
00037 **    8.8.02  : Added stream4 instrumentation (cmg)
00038 **    9.1.04  : Removed NO_PKTS, ACCUMULATE/RESET #defines, now we use SFBASE->iReset
00039 **              and the permonitor command has 'reset' and 'accrue' commands instead.(MAN)
00040 */
00041 
00042 #include <time.h>
00043 #ifndef WIN32
00044 #include <sys/time.h>
00045 #include <sys/resource.h>
00046 #endif
00047 #include <stdlib.h>
00048 #include <stdio.h>
00049 #include <sys/types.h>
00050 
00051 #include "snort.h"
00052 #include "util.h"
00053 #include "mpse.h"
00054 
00055 #ifndef UINT32_MAX
00056 #define UINT32_MAX         (4294967295U)
00057 #endif
00058 
00059 int GetPktDropStats(SFBASE *sfBase, SFBASE_STATS *sfBaseStats);
00060 int DisplayBasePerfStatsConsole(SFBASE_STATS *sfBaseStats, int iFlags);
00061 int CalculateBasePerfStats(SFBASE *sfPerf, SFBASE_STATS *sfBaseStats);
00062 int LogBasePerfStats(SFBASE_STATS *sfBaseStats,  FILE * fh );
00063 
00064 /*
00065 **  NAME
00066 **    InitBaseStats
00067 **  DESCRIPTION
00068 **    Initializes structs and variables for the next performance
00069 **    sample.
00070 **
00071 **  FORMAL INPUTS
00072 **    SFBASE * -- pointer to structure to initialize
00073 ** 
00074 **  FORMAL OUTPUTS
00075 **    int -- 0 is successful
00076 */ 
00077 int InitBaseStats(SFBASE *sfBase)
00078 {
00079     int rusageRet = -1;
00080     int todRet = -1;
00081     struct timeval tvTime;
00082 
00083 #ifndef WIN32
00084 #ifndef LINUX_SMP
00085     struct rusage  rusage;
00086 #endif
00087     
00088 #ifdef LINUX_SMP
00089     static int first_time = 0;
00090 
00091     if(!first_time)
00092     {
00093         sfInitProcPidStats(&(sfBase->sfProcPidStats));
00094         first_time = 1;
00095     }
00096     todRet = gettimeofday(&tvTime, NULL);
00097 #else
00098     
00099     rusageRet = getrusage(RUSAGE_SELF, &rusage);
00100     todRet = gettimeofday(&tvTime, NULL);
00101 
00102     if (rusageRet >= 0)
00103     {
00104         sfBase->usertime_sec   = (double)rusage.ru_utime.tv_sec +
00105                                  ((double)rusage.ru_utime.tv_usec * 1.0e-6);
00106         sfBase->systemtime_sec = (double)rusage.ru_stime.tv_sec +
00107                                  ((double)rusage.ru_stime.tv_usec * 1.0e-6);
00108     }
00109     else
00110     {
00111         sfBase->usertime_sec = 0;
00112         sfBase->systemtime_sec = 0;
00113     }
00114 
00115 #endif  /* !LINUX_SMP */
00116 #else
00117     sfBase->usertime_sec = 0;
00118     sfBase->systemtime_sec = 0;
00119     todRet = gettimeofday(&tvTime, NULL);
00120 #endif  /* !WIN32 */
00121 
00122     if(todRet >= 0)
00123     {
00124         sfBase->realtime_sec = (double)tvTime.tv_sec +
00125                                ((double)tvTime.tv_usec * 1.0e-6);
00126     }
00127     else
00128     {
00129         sfBase->realtime_sec = 0;
00130     }
00131 
00132     sfBase->total_wire_packets = 0;
00133     sfBase->total_ipfragmented_packets = 0;
00134     sfBase->total_ipreassembled_packets = 0;
00135     sfBase->total_packets = 0;
00136     sfBase->total_rebuilt_packets = 0;
00137     sfBase->total_wire_bytes = 0;
00138     sfBase->total_ipfragmented_bytes = 0;
00139     sfBase->total_ipreassembled_bytes = 0;
00140     sfBase->total_bytes = 0;
00141     sfBase->total_rebuilt_bytes = 0;
00142 
00143     sfBase->iNewSessions = 0;
00144     sfBase->iDeletedSessions = 0;
00145 
00146     sfBase->iStreamFlushes = 0;
00147     sfBase->iStreamFaults = 0;
00148     sfBase->iStreamTimeouts = 0;
00149     
00150     sfBase->iFragCreates = 0;
00151     sfBase->iFragCompletes = 0;
00152     sfBase->iFragInserts = 0;
00153     sfBase->iFragDeletes = 0;
00154     sfBase->iFragAutoFrees = 0;
00155     sfBase->iFragFlushes = 0;
00156     sfBase->iFragTimeouts = 0;
00157     sfBase->iFragFaults = 0;
00158     
00159     return 0;
00160 }
00161 
00162 /*
00163 **  NAME
00164 **    UpdateBaseStats
00165 **
00166 **  DESCRIPTION
00167 **    Simple update of stats.
00168 **
00169 **  FORMAL INPUTS
00170 **    SFBASE * - structure to update
00171 **    int      - length of packet payload in bytes
00172 **
00173 **  FORMAL OUTPUTS
00174 **    int - 0 is successful
00175 **
00176 **  Add in Ethernet Overhead - assume a standerd Ethernet service
00177 **
00178 **   Ethernet Frame
00179 **   ---------------
00180 **           | <-----------   PCAP Packet  --------> |
00181 **   Preamble  Dest Mac  Src Mac   Type      Payload   CRC        IFG
00182 ** | 8 bytes | 6 Bytes | 6 Bytes | 2-Bytes | 46-1500 | 4 Bytes |  12      |
00183 **
00184 ** Len = PCAP Packet + 4 bytes for CRC
00185 ** Overhead = 20 bytes
00186 ** Min on the wire == 84 bytes
00187 ** Min Size of PCAP packet = 60 bytes (84 - 20 overhead - 4 CRC)
00188 **
00189 ** Len is the amount of user data being sent.  This will be less then
00190 ** actual wire-speed, because of the interframe gap (96 bits) and preamble
00191 ** (8 bytes).
00192 **
00193 ** A 60 byte minimum packet uses 672 bits (60 bytes + 4 CRC), this limits a
00194 ** 1000 Mbit network to 1.488 Million packets with a bandwidth of 760
00195 ** Mbits.  The lost 240 Mbits is due to interframe gap (96 bits) and preamble
00196 ** (8 bytes).
00197 **
00198 ** Even if the actual data is only 40 bytes per packet (ie, an empty
00199 ** TCP ACK), wire data is still 64 bytes per packet, even though actual
00200 ** packet size is 40 bytes.  Bandwith drops to 480 Mbits.  
00201 **
00202 ** This explains why when a network goes over 50% capactiy you are closer to
00203 ** the edge than you realize, depending on the traffic profile.  At 75% you 
00204 ** are at the limit of your network, if you can get there.
00205 **
00206 ** iRebuiltPkt determines whether the packet is rebuilt or not.  We keep
00207 ** separate statistics between wire pkts and rebuilt pkts.
00208 **
00209 */
00210 int UpdateBaseStats(SFBASE *sfBase, int len, int iRebuiltPkt)
00211 {
00212     /* If rebuilt, count info for TCP rebuilt packet */
00213     if(iRebuiltPkt)
00214     {
00215         sfBase->total_rebuilt_bytes += len;
00216         sfBase->total_rebuilt_packets++;
00217     }
00218     else
00219     {
00220         len += 4; /* for the CRC */
00221     }
00222 
00223     /* Includes wire, IP reassembled & TCP rebuilt packets
00224      * that make it to the application layer.
00225      */
00226     sfBase->total_packets++;
00227 
00228     sfBase->total_bytes += len;
00229 
00230     return 0;
00231 }
00232 
00233 /*
00234 **  NAME
00235 **    UpdateWireStats
00236 **
00237 **  DESCRIPTION
00238 **    Simple update of stats for "on the wire".
00239 **
00240 **  FORMAL INPUTS
00241 **    SFBASE * - structure to update
00242 **    int      - length of packet payload in bytes
00243 **
00244 **  FORMAL OUTPUTS
00245 **    none
00246 */
00247 void UpdateWireStats(SFBASE *sfBase, int len)
00248 {
00249     sfBase->total_wire_packets++;
00250 
00251     len += 4; /* for the CRC */
00252     sfBase->total_wire_bytes += len;
00253 }
00254 
00255 /*
00256 **  NAME
00257 **    UpdateIPFragStats
00258 **
00259 **  DESCRIPTION
00260 **    Simple update of stats for IP fragmented packets
00261 **
00262 **  FORMAL INPUTS
00263 **    SFBASE * - structure to update
00264 **    int      - length of packet payload in bytes
00265 **
00266 **  FORMAL OUTPUTS
00267 **    none
00268 */
00269 void UpdateIPFragStats(SFBASE *sfBase, int len)
00270 {
00271     sfBase->total_ipfragmented_packets++;
00272 
00273     len += 4; /* for the CRC */
00274     sfBase->total_wire_bytes += len;
00275     sfBase->total_ipfragmented_bytes += len;
00276 }
00277 
00278 /*
00279 **  NAME
00280 **    UpdateIPReassStats
00281 **
00282 **  DESCRIPTION
00283 **    Simple update of stats for IP reassembled packets
00284 **
00285 **  FORMAL INPUTS
00286 **    SFBASE * - structure to update
00287 **    int      - length of packet payload in bytes
00288 **
00289 **  FORMAL OUTPUTS
00290 **    none
00291 */
00292 void UpdateIPReassStats(SFBASE *sfBase, int len)
00293 {
00294     sfBase->total_ipreassembled_packets++;
00295 
00296     len += 4; /* for the CRC */
00297     sfBase->total_wire_bytes += len;
00298     sfBase->total_ipreassembled_bytes += len;
00299 }
00300 
00301 /*
00302 **  NAME
00303 **    AddStreamSession
00304 **
00305 **  DESCRIPTION
00306 **    Add a session count
00307 **
00308 **  FORMAL INPUTS
00309 **    SFBASE * - ptr to update.
00310 **
00311 **  FORMAL OUTPUTS
00312 **    int - 0 is successful
00313 */
00314 
00315 int AddStreamSession(SFBASE *sfBase)
00316 {    
00317     sfBase->iTotalSessions++;
00318     sfBase->iNewSessions++;
00319 
00320     if(sfBase->iTotalSessions > sfBase->iMaxSessions)
00321         sfBase->iMaxSessions = sfBase->iTotalSessions;
00322 
00323     return 0;
00324 }
00325 
00326 /*
00327 **  NAME
00328 **    RemoveStreamSession
00329 **
00330 **  DESCRIPTION
00331 **    Add a session count
00332 **
00333 **  FORMAL INPUTS
00334 **    SFBASE * - ptr to update.
00335 **
00336 **  FORMAL OUTPUTS
00337 **    int - 0 is successful
00338 */
00339 
00340 int RemoveStreamSession(SFBASE *sfBase)
00341 {
00342     sfBase->iTotalSessions--;
00343     sfBase->iDeletedSessions++;
00344     return 0;
00345 }
00346 
00347     
00348 
00349 /*
00350 **  NAME
00351 **    ProcessBaseStats
00352 **
00353 **  DESCRIPTION
00354 **    Main function to process Base Stats.
00355 **
00356 **  FORMAL INPUTS
00357 **    SFBASE * - ptr to update.
00358 **
00359 **  FORMAL OUTPUTS
00360 **    int - 0 is successful
00361 */
00362 int ProcessBaseStats(SFBASE *sfBase, int console, int file, FILE * fh)
00363 {
00364     SFBASE_STATS sfBaseStats;
00365 
00366     if( console || file )
00367     {
00368         if(CalculateBasePerfStats(sfBase, &sfBaseStats))
00369             return -1;
00370     }
00371 
00372 
00373     if( console )
00374         DisplayBasePerfStatsConsole(&sfBaseStats, sfBase->iFlags);
00375     
00376     if( file )
00377         LogBasePerfStats(&sfBaseStats, fh );
00378 
00379     return 0;
00380 }
00381 
00382 int GetProcessingTime(SYSTIMES *Systimes, SFBASE *sfBase)
00383 {
00384     int rusageRet = -1;
00385     int todRet = -1;
00386     struct timeval tvTime;
00387 #ifdef LINUX_SMP
00388 
00389     if(sfProcessProcPidStats(&(sfBase->sfProcPidStats)))
00390         return -1;
00391     todRet = gettimeofday(&tvTime, NULL);
00392 #else
00393     struct rusage  rusage;
00394 #ifndef WIN32
00395     rusageRet = getrusage(RUSAGE_SELF, &rusage);
00396 #endif  /* !WIN32 */
00397     todRet = gettimeofday(&tvTime, NULL);
00398 
00399     if (rusageRet < 0)
00400     {
00401         rusage.ru_utime.tv_sec = 0;
00402         rusage.ru_utime.tv_usec = 0;
00403         rusage.ru_stime.tv_sec = 0;
00404         rusage.ru_stime.tv_usec = 0;
00405     }
00406     Systimes->usertime   = ((double)rusage.ru_utime.tv_sec +
00407                            ((double)rusage.ru_utime.tv_usec * 1.0e-6)) -
00408                            sfBase->usertime_sec;
00409     Systimes->systemtime = ((double)rusage.ru_stime.tv_sec +
00410                            ((double)rusage.ru_stime.tv_usec * 1.0e-6)) -
00411                            sfBase->systemtime_sec;
00412     Systimes->totaltime  = Systimes->usertime + Systimes->systemtime;
00413 #endif  /* LINUX_SMP */
00414 
00415     if (todRet < 0)
00416     {
00417         return todRet;
00418     }
00419 
00420     Systimes->realtime =  ((double)tvTime.tv_sec + 
00421                           ((double)tvTime.tv_usec * 1.0e-6)) -
00422                           sfBase->realtime_sec;
00423     return 0;
00424 }
00425 
00426 int GetEventsPerSecond(SFBASE *sfBase, SFBASE_STATS *sfBaseStats, 
00427                        SYSTIMES *Systimes)
00428 {
00429     sfBaseStats->alerts_per_second = 
00430         (double)(pc.alert_pkts - sfBase->iAlerts) / Systimes->realtime;
00431 
00432     sfBase->iAlerts = pc.alert_pkts;
00433 
00434     sfBaseStats->total_sessions = sfBase->iTotalSessions;
00435     sfBaseStats->max_sessions = sfBase->iMaxSessions;
00436 
00437     sfBaseStats->syns_per_second = 
00438         (double)(sfBase->iSyns) / Systimes->realtime;
00439 
00440     sfBaseStats->synacks_per_second = 
00441         (double)(sfBase->iSynAcks) / Systimes->realtime;
00442 
00443     sfBaseStats->deleted_sessions_per_second = 
00444         (double)(sfBase->iDeletedSessions) / Systimes->realtime;
00445 
00446     sfBaseStats->new_sessions_per_second = 
00447         (double)(sfBase->iNewSessions) / Systimes->realtime;
00448 
00449 
00450     sfBaseStats->stream_flushes_per_second = 
00451         (double)sfBase->iStreamFlushes / Systimes->realtime;
00452 
00453     sfBaseStats->stream_faults = sfBase->iStreamFaults;
00454     sfBaseStats->stream_timeouts = sfBase->iStreamTimeouts;
00455     
00456     sfBaseStats->frag_creates_per_second = 
00457         (double)sfBase->iFragCreates / Systimes->realtime;
00458     
00459     sfBaseStats->frag_completes_per_second = 
00460         (double)sfBase->iFragCompletes / Systimes->realtime;
00461     
00462     sfBaseStats->frag_inserts_per_second = 
00463         (double)sfBase->iFragInserts / Systimes->realtime;
00464     
00465     sfBaseStats->frag_deletes_per_second = 
00466         (double)sfBase->iFragDeletes / Systimes->realtime;
00467     
00468     sfBaseStats->frag_autofrees_per_second = 
00469         (double)sfBase->iFragAutoFrees / Systimes->realtime;
00470     
00471     sfBaseStats->frag_flushes_per_second = 
00472         (double)sfBase->iFragFlushes / Systimes->realtime;
00473 
00474     sfBaseStats->max_frags = sfBase->iMaxFrags;
00475     sfBaseStats->current_frags = sfBase->iCurrentFrags;
00476     sfBaseStats->frag_timeouts = sfBase->iFragTimeouts;
00477     sfBaseStats->frag_faults = sfBase->iFragFaults;
00478     
00479     sfBase->iSyns = 0;
00480     sfBase->iSynAcks = 0;
00481     sfBase->iNewSessions = 0;
00482     sfBase->iDeletedSessions = 0;
00483 
00484     sfBase->iStreamFlushes = 0;
00485     sfBase->iStreamFaults = 0;
00486     sfBase->iStreamTimeouts = 0;
00487     
00488     sfBase->iFragCreates = 0;
00489     sfBase->iFragCompletes = 0;
00490     sfBase->iFragInserts = 0;
00491     sfBase->iFragDeletes = 0;
00492     sfBase->iFragAutoFrees = 0;
00493     sfBase->iFragFlushes = 0;
00494     sfBase->iFragTimeouts = 0;
00495     sfBase->iFragFaults = 0;
00496 
00497     
00498     return 0;
00499 }
00500     
00501 int GetPacketsPerSecond(SFBASE *sfBase, SFBASE_STATS *sfBaseStats,
00502                         SYSTIMES *Systimes)
00503 {
00504     sfBaseStats->kpackets_per_sec.realtime   = 
00505         (double)((double)sfBase->total_packets / 1000) / Systimes->realtime;
00506 
00507     if(sfBase->iFlags & MAX_PERF_STATS)
00508     {
00509         sfBaseStats->kpackets_per_sec.usertime   = 
00510             (double)((double)sfBase->total_packets / 1000) / 
00511             Systimes->usertime;
00512         sfBaseStats->kpackets_per_sec.systemtime = 
00513             (double)((double)sfBase->total_packets / 1000) / 
00514             Systimes->systemtime;
00515         sfBaseStats->kpackets_per_sec.totaltime  = 
00516             (double)((double)sfBase->total_packets / 1000) / 
00517             Systimes->totaltime;
00518     }
00519 
00520     sfBaseStats->kpackets_wire_per_sec.realtime   = 
00521         (double)((double)sfBase->total_wire_packets / 1000) / Systimes->realtime;
00522 
00523     if(sfBase->iFlags & MAX_PERF_STATS)
00524     {
00525         sfBaseStats->kpackets_wire_per_sec.usertime   = 
00526             (double)((double)sfBase->total_wire_packets / 1000) / 
00527             Systimes->usertime;
00528         sfBaseStats->kpackets_wire_per_sec.systemtime = 
00529             (double)((double)sfBase->total_wire_packets / 1000) / 
00530             Systimes->systemtime;
00531         sfBaseStats->kpackets_wire_per_sec.totaltime  = 
00532             (double)((double)sfBase->total_wire_packets / 1000) / 
00533             Systimes->totaltime;
00534     }
00535 
00536     sfBaseStats->kpackets_ipfrag_per_sec.realtime   = 
00537         (double)((double)sfBase->total_ipfragmented_packets / 1000) / Systimes->realtime;
00538 
00539     if(sfBase->iFlags & MAX_PERF_STATS)
00540     {
00541         sfBaseStats->kpackets_ipfrag_per_sec.usertime   = 
00542             (double)((double)sfBase->total_ipfragmented_packets / 1000) / 
00543             Systimes->usertime;
00544         sfBaseStats->kpackets_ipfrag_per_sec.systemtime = 
00545             (double)((double)sfBase->total_ipfragmented_packets / 1000) / 
00546             Systimes->systemtime;
00547         sfBaseStats->kpackets_ipfrag_per_sec.totaltime  = 
00548             (double)((double)sfBase->total_ipfragmented_packets / 1000) / 
00549             Systimes->totaltime;
00550     }
00551 
00552     sfBaseStats->kpackets_ipreass_per_sec.realtime   = 
00553         (double)((double)sfBase->total_ipreassembled_packets / 1000) / Systimes->realtime;
00554 
00555     if(sfBase->iFlags & MAX_PERF_STATS)
00556     {
00557         sfBaseStats->kpackets_ipreass_per_sec.usertime   = 
00558             (double)((double)sfBase->total_ipreassembled_packets / 1000) / 
00559             Systimes->usertime;
00560         sfBaseStats->kpackets_ipreass_per_sec.systemtime = 
00561             (double)((double)sfBase->total_ipreassembled_packets / 1000) / 
00562             Systimes->systemtime;
00563         sfBaseStats->kpackets_ipreass_per_sec.totaltime  = 
00564             (double)((double)sfBase->total_ipreassembled_packets / 1000) / 
00565             Systimes->totaltime;
00566     }
00567 
00568     sfBaseStats->kpackets_rebuilt_per_sec.realtime   = 
00569         (double)((double)sfBase->total_rebuilt_packets / 1000) / Systimes->realtime;
00570 
00571     if(sfBase->iFlags & MAX_PERF_STATS)
00572     {
00573         sfBaseStats->kpackets_rebuilt_per_sec.usertime   = 
00574             (double)((double)sfBase->total_rebuilt_packets / 1000) / 
00575             Systimes->usertime;
00576         sfBaseStats->kpackets_rebuilt_per_sec.systemtime = 
00577             (double)((double)sfBase->total_rebuilt_packets / 1000) / 
00578             Systimes->systemtime;
00579         sfBaseStats->kpackets_rebuilt_per_sec.totaltime  = 
00580             (double)((double)sfBase->total_rebuilt_packets / 1000) / 
00581             Systimes->totaltime;
00582     }
00583 
00584     
00585     return 0;
00586 }
00587 
00588 int GetuSecondsPerPacket(SFBASE *sfBase, SFBASE_STATS *sfBaseStats, 
00589                          SYSTIMES *Systimes)
00590 {
00591     sfBaseStats->usecs_per_packet.usertime   = (Systimes->usertime * 1.0e6) /
00592                                                (double)sfBase->total_packets;
00593     sfBaseStats->usecs_per_packet.systemtime = (Systimes->systemtime * 1.0e6) /
00594                                                (double)sfBase->total_packets;
00595     sfBaseStats->usecs_per_packet.totaltime  = (Systimes->totaltime * 1.0e6) /
00596                                                (double)sfBase->total_packets;
00597     sfBaseStats->usecs_per_packet.realtime   = (Systimes->realtime * 1.0e6) /
00598                                                (double)sfBase->total_packets;
00599 
00600     return 0;
00601 }
00602 
00603 int GetMbitsPerSecond(SFBASE *sfBase, SFBASE_STATS *sfBaseStats, 
00604                       SYSTIMES *Systimes)
00605 {
00606     /*
00607     **  These Mbits stats are for the Snort Maximum Performance stats
00608     **  that can't reliably be gotten from Linux SMP kernels.  So
00609     **  we don't do them.
00610     */
00611     if(sfBase->iFlags & MAX_PERF_STATS)
00612     {
00613         sfBaseStats->mbits_per_sec.usertime   = ((double)
00614                                                 (sfBase->total_bytes<<3) *
00615                                                 1.0e-6) /
00616                                                 Systimes->usertime;
00617         sfBaseStats->mbits_per_sec.systemtime = ((double)
00618                                                 (sfBase->total_bytes<<3) *
00619                                                 1.0e-6) /
00620                                                 Systimes->systemtime;
00621         sfBaseStats->mbits_per_sec.totaltime  = ((double)
00622                                                 (sfBase->total_bytes<<3) *
00623                                                 1.0e-6) /
00624                                                 Systimes->totaltime;
00625     }
00626 
00627     sfBaseStats->mbits_per_sec.realtime   = ((double)(sfBase->total_bytes<<3) *
00628                                              1.0e-6) /
00629                                             Systimes->realtime;
00630     sfBaseStats->wire_mbits_per_sec.realtime   = 
00631                                     ((double)(sfBase->total_wire_bytes<<3) *
00632                                     1.0e-6) /
00633                                     Systimes->realtime;
00634     sfBaseStats->rebuilt_mbits_per_sec.realtime   = 
00635                                     ((double)(sfBase->total_rebuilt_bytes<<3) *
00636                                     1.0e-6) /
00637                                     Systimes->realtime;
00638 
00639     sfBaseStats->ipfrag_mbits_per_sec.realtime   = 
00640                                     ((double)(sfBase->total_ipfragmented_bytes<<3) *
00641                                     1.0e-6) /
00642                                     Systimes->realtime;
00643 
00644     sfBaseStats->ipreass_mbits_per_sec.realtime   = 
00645                                     ((double)(sfBase->total_ipreassembled_bytes<<3) *
00646                                     1.0e-6) /
00647                                     Systimes->realtime;
00648 
00649     return 0;
00650 }
00651 
00652 int GetCPUTime(SFBASE *sfBase, SFBASE_STATS *sfBaseStats, SYSTIMES *Systimes)
00653 {
00654 #ifndef LINUX_SMP
00655     unsigned char needToNormalize = 0;
00656     sfBaseStats->user_cpu_time   = (Systimes->usertime   / 
00657                                    Systimes->realtime) * 100;
00658     sfBaseStats->system_cpu_time = (Systimes->systemtime / 
00659                                    Systimes->realtime) * 100;
00660     sfBaseStats->idle_cpu_time   = ((Systimes->realtime -
00661                                      Systimes->totaltime) /
00662                                      Systimes->realtime) * 100;
00663 
00664     /* percentages can be < 0 because of a small variance between
00665      * when the snapshot is taken of the CPU times and snapshot of
00666      * the real time.  So these are just a safe-guard to normalize
00667      * the data so we see positive values.
00668      */
00669     if (sfBaseStats->user_cpu_time < 0)
00670     {
00671         sfBaseStats->user_cpu_time = 0;
00672         needToNormalize = 1;
00673     }
00674     if (sfBaseStats->system_cpu_time < 0)
00675     {
00676         sfBaseStats->system_cpu_time = 0;
00677         needToNormalize = 1;
00678     }
00679     if (sfBaseStats->idle_cpu_time < 0)
00680     {
00681         sfBaseStats->idle_cpu_time = 0;
00682         needToNormalize = 1;
00683     }
00684 
00685     if (needToNormalize)
00686     {
00687         double totalPercent = sfBaseStats->user_cpu_time +
00688                               sfBaseStats->system_cpu_time +
00689                               sfBaseStats->idle_cpu_time;
00690 
00691 
00692         sfBaseStats->user_cpu_time = (sfBaseStats->user_cpu_time /
00693                                       totalPercent) * 100;
00694         sfBaseStats->system_cpu_time = ( sfBaseStats->system_cpu_time /
00695                                       totalPercent) * 100;
00696         sfBaseStats->idle_cpu_time = ( sfBaseStats->idle_cpu_time /
00697                                       totalPercent) * 100;
00698 
00699     }
00700 #endif
00701     return 0;
00702 }
00703 
00704 
00705 /*
00706 **  NAME
00707 **    CalculateBasePerfStats
00708 **
00709 **  DESCRIPTION
00710 **    This is the main function that calculates the stats. Stats 
00711 **    that we caculate are:
00712 **      *uSecs per Packet
00713 **      *Packets per Second
00714 **      *Mbits per Second
00715 **      *Average bytes per Packet
00716 **      *CPU Time
00717 **      *Dropped Packets
00718 **    These statistics are processed and then stored in the
00719 **    SFBASE_STATS structure.  This allows output functions to
00720 **    be easily formed and inserted.
00721 **    NOTE: We can break up these statistics into functions for easier
00722 **    reading.
00723 **
00724 **  FORMAL INPUTS
00725 **    SFBASE *       - ptr to performance struct
00726 **    SFBASE_STATS * - ptr to struct to fill in performance stats
00727 **
00728 **  FORMAL OUTPUTS
00729 **    int - 0 is successful
00730 */
00731 int CalculateBasePerfStats(SFBASE *sfBase, SFBASE_STATS *sfBaseStats)
00732 {
00733     SYSTIMES       Systimes;
00734     time_t   clock;
00735 
00736 #ifdef LINUX_SMP
00737     
00738     /*
00739     **  We also give sfBaseStats access to the CPU usage
00740     **  contained in sfProcPidStats.  This way we don't need
00741     **  to complicate sfBaseStats further.
00742     */
00743     sfBaseStats->sfProcPidStats = &(sfBase->sfProcPidStats);
00744 
00745 #endif 
00746     if(GetProcessingTime(&Systimes, sfBase))
00747         return -1;
00748 
00749     /*
00750     **  Avg. bytes per Packet
00751     */
00752     if (sfBase->total_packets > 0)
00753         sfBaseStats->avg_bytes_per_packet =
00754                 (int)((double)(sfBase->total_bytes) /
00755                 (double)(sfBase->total_packets));
00756     else
00757         sfBaseStats->avg_bytes_per_packet = 0;
00758 
00759     if (sfBase->total_wire_packets > 0)
00760         sfBaseStats->avg_bytes_per_wire_packet =
00761                 (int)((double)(sfBase->total_wire_bytes) /
00762                 (double)(sfBase->total_wire_packets));
00763     else
00764         sfBaseStats->avg_bytes_per_wire_packet = 0;
00765 
00766     if (sfBase->total_ipfragmented_packets > 0)
00767         sfBaseStats->avg_bytes_per_ipfrag_packet =
00768                 (int)((double)(sfBase->total_ipfragmented_bytes) /
00769                 (double)(sfBase->total_ipfragmented_packets));
00770     else
00771         sfBaseStats->avg_bytes_per_ipfrag_packet = 0;
00772 
00773     if (sfBase->total_ipreassembled_packets > 0)
00774         sfBaseStats->avg_bytes_per_ipreass_packet =
00775                 (int)((double)(sfBase->total_ipreassembled_bytes) /
00776                 (double)(sfBase->total_ipreassembled_packets));
00777     else
00778         sfBaseStats->avg_bytes_per_ipreass_packet = 0;
00779 
00780     if (sfBase->total_rebuilt_packets > 0)
00781         sfBaseStats->avg_bytes_per_rebuilt_packet =
00782                 (int)((double)(sfBase->total_rebuilt_bytes) /
00783                 (double)(sfBase->total_rebuilt_packets));
00784     else
00785         sfBaseStats->avg_bytes_per_rebuilt_packet = 0;
00786 
00787     /*
00788     **  CPU time
00789     */
00790     GetCPUTime(sfBase, sfBaseStats, &Systimes);
00791 
00792     /*
00793     **  Get Dropped Packets
00794     */
00795     GetPktDropStats(sfBase, sfBaseStats);
00796 
00797     /*
00798     **  Total packets
00799     */
00800     sfBaseStats->total_packets = sfBase->total_wire_packets;
00801 
00802     /*
00803     *   Pattern Matching Performance in Real and User time
00804     */
00805     sfBaseStats->patmatch_percent = 100.0 * mpseGetPatByteCount() /
00806                                     sfBase->total_wire_bytes;
00807 
00808     mpseResetByteCount();
00809 
00810     if(sfBase->iFlags & MAX_PERF_STATS)
00811     {
00812         /*
00813         **  uSeconds per Packet
00814         **  user, system, total time
00815         */
00816         GetuSecondsPerPacket(sfBase, sfBaseStats, &Systimes);
00817     }
00818 
00819     /*
00820     **  Mbits per sec
00821     **  user, system, total time
00822     */
00823     GetMbitsPerSecond(sfBase, sfBaseStats, &Systimes);
00824 
00825     /*
00826     **  EventsPerSecond
00827     **  We get the information from the global variable
00828     **  PacketCount.
00829     */
00830     GetEventsPerSecond(sfBase, sfBaseStats, &Systimes);
00831 
00832     /*
00833     **  Packets per seconds
00834     **  user, system, total time
00835     */
00836     GetPacketsPerSecond(sfBase, sfBaseStats, &Systimes);
00837 
00838     /*
00839     **  Set the date string for print out
00840     */
00841     time(&clock);
00842     sfBaseStats->time = clock;
00843 
00844     return 0;
00845 }
00846 
00847 /*
00848 **  NAME
00849 **    GetPktDropStats
00850 **
00851 **  DESCRIPTION
00852 **    Gets the packet drop statisitics from OS.
00853 **    NOTE:  Currently only pcap-based sniffing is supported.  Should
00854 **    add native OS calls.
00855 **
00856 **  FORMAL INPUT
00857 **    SFBASE *       - ptr to struct
00858 **    SFBASE_STATS * - ptr to struct to fill in with perf stats
00859 **
00860 **  FORMAL OUTPUT
00861 **    int - 0 is successful
00862 */
00863 int GetPktDropStats(SFBASE *sfBase, SFBASE_STATS *sfBaseStats)
00864 {
00865     /*
00866     **  Network Interfaces.  Right now we only check
00867     **  the first interface
00868     */
00869     extern pcap_t *pd;
00870     struct pcap_stat pcapStats;
00871     
00872     if((!pd)
00873 #ifdef WIN32
00874         || (pv.readmode_flag)
00875 #endif
00876         )
00877     {
00878         sfBaseStats->pkt_stats.pkts_recv = sfBaseStats->total_packets;
00879         sfBaseStats->pkt_stats.pkts_drop = 0;
00880         sfBaseStats->pkt_drop_percent    = 0.0;
00881         return 0;
00882     }
00883     
00884     if(pcap_stats(pd, &pcapStats) < 0)
00885     {
00886         sfBaseStats->pkt_stats.pkts_recv = sfBaseStats->total_packets;
00887         sfBaseStats->pkt_stats.pkts_drop = 0;
00888         sfBaseStats->pkt_drop_percent    = 0.0;
00889     }
00890     else
00891     {
00892         if( sfBase->iReset == 0 )
00893         {
00894             if (pcapStats.ps_recv < (u_int32_t)sfBase->pkt_stats.pkts_recv)
00895             {
00896                 /* Rollover of the pcap stat value */
00897                 sfBaseStats->pkt_stats.pkts_recv = pcapStats.ps_recv +
00898                     (UINT32_MAX - (u_int32_t)sfBase->pkt_stats.pkts_recv);
00899             }
00900             else
00901             {
00902                 sfBaseStats->pkt_stats.pkts_recv = pcapStats.ps_recv -
00903                     (u_int32_t)sfBase->pkt_stats.pkts_recv;
00904             }
00905             if (pcapStats.ps_drop < (u_int32_t)sfBase->pkt_stats.pkts_drop)
00906             {
00907                 /* Rollover of the pcap stat value */
00908                 sfBaseStats->pkt_stats.pkts_drop = pcapStats.ps_drop +
00909                     (UINT32_MAX - (u_int32_t)sfBase->pkt_stats.pkts_drop);
00910             }
00911             else
00912             {
00913                 sfBaseStats->pkt_stats.pkts_drop = pcapStats.ps_drop -
00914                     (u_int32_t)sfBase->pkt_stats.pkts_drop;
00915             }
00916         }
00917         else
00918         {
00919             sfBaseStats->pkt_stats.pkts_recv = pcapStats.ps_recv;
00920             sfBaseStats->pkt_stats.pkts_drop = pcapStats.ps_drop;
00921         }
00922         
00923         sfBaseStats->pkt_drop_percent =
00924             ((double)sfBaseStats->pkt_stats.pkts_drop /
00925              (double)sfBaseStats->pkt_stats.pkts_recv) * 100;
00926         
00927         /*
00928         **  Reset sfBase stats for next go round.
00929         */
00930         sfBase->pkt_stats.pkts_recv = pcapStats.ps_recv;
00931         sfBase->pkt_stats.pkts_drop = pcapStats.ps_drop;
00932     }
00933     
00934     return 0;
00935 }
00936 
00937 /*
00938  *   
00939  *   Log Base Per Stats to File for Use by the MC 
00940  *
00941  * unixtime(in secs since epoch)
00942  * %pkts dropped
00943  * mbits/sec (wire)
00944  * alerts/sec
00945  * K-Packets/Sec (wire)
00946  * Avg Bytes/Pkt  (wire)
00947  * %bytes pattern matched 
00948  * syns/sec
00949  * synacks/sec
00950  * new-sessions/sec (stream cache)
00951  * del-sessions/sec (stream cache)
00952  * total-sessions open (stream cache)
00953  * max-sessions (stream cache)
00954  * streamflushes/sec
00955  * streamfaults/sec
00956  * streamtimeouts
00957  * fragcreates/sec
00958  * fragcompletes/sec
00959  * fraginserts/sec
00960  * fragdeletes/sec
00961  * fragflushes/sec
00962  * current-frags open (frag cache)
00963  * max-frags (frag cache)
00964  * fragtimeouts
00965  * fragfaults
00966  * num cpus (following triple is repeated for each CPU)
00967  * %user-cpu usage
00968  * %sys-cpu usage
00969  * %idle-cpu usage
00970  * mbits/sec (wire)
00971  * mbits/sec (ip fragmented)
00972  * mbits/sec (ip reassembled)
00973  * mbits/sec (stream rebuilt)
00974  * mbits/sec (app layer)
00975  * Avg Bytes/Pkt  (wire)
00976  * Avg Bytes/Pkt  (ip fragmented)
00977  * Avg Bytes/Pkt  (ip reassembled)
00978  * Avg Bytes/Pkt  (stream rebuilt)
00979  * Avg Bytes/Pkt  (app layer)
00980  * K-Packets/Sec (wire)
00981  * K-Packets/Sec (ip fragmented)
00982  * K-Packets/Sec (ip reassembled)
00983  * K-Packets/Sec (stream rebuilt)
00984  * K-Packets/Sec (app layer)
00985  *
00986  */
00987 int LogBasePerfStats(SFBASE_STATS *sfBaseStats,  FILE * fh )
00988 {
00989     double sys=0.0,usr=0.0,idle=0.0;
00990 
00991 #ifdef LINUX_SMP
00992     int iCtr;
00993 #endif 
00994     if( ! fh ) return 0;
00995  
00996     fprintf(fh,"%lu,%.3f,%.1f,%.1f,%.1f,%d,%.2f,",
00997                 (unsigned long)sfBaseStats->time,
00998                 sfBaseStats->pkt_drop_percent,
00999                 sfBaseStats->wire_mbits_per_sec.realtime,
01000                 sfBaseStats->alerts_per_second,
01001                 sfBaseStats->kpackets_per_sec.realtime,
01002                 sfBaseStats->avg_bytes_per_packet,
01003                 sfBaseStats->patmatch_percent);
01004        
01005     /* Session estimation statistics */
01006 
01007     fprintf(fh,
01008 #ifdef WIN32
01009                 "%.1f,%.1f,%.1f,%.1f,%I64i,%I64i,",
01010 #else
01011                 "%.1f,%.1f,%.1f,%.1f,%llu,%llu,",
01012 #endif       
01013                 sfBaseStats->syns_per_second,
01014                 sfBaseStats->synacks_per_second,
01015                 sfBaseStats->new_sessions_per_second,
01016                 sfBaseStats->deleted_sessions_per_second,
01017                 sfBaseStats->total_sessions,
01018                 sfBaseStats->max_sessions);
01019 
01020 
01021     fprintf(fh,
01022 #ifdef WIN32
01023                 "%.1f,%I64i,%I64i,",
01024 #else
01025                 "%.1f,%llu,%llu,",
01026 #endif       
01027                 sfBaseStats->stream_flushes_per_second,
01028                 sfBaseStats->stream_faults,
01029                 sfBaseStats->stream_timeouts);
01030 
01031     fprintf(fh,
01032 #ifdef WIN32
01033                 "%.1f,%.1f,%.1f,%.1f,%.1f,%.1f,%I64i,%I64i,%I64i,%I64i,",
01034 #else
01035                 "%.1f,%.1f,%.1f,%.1f,%.1f,%.1f,%llu,%llu,%llu,%llu,",
01036 #endif       
01037                 sfBaseStats->frag_creates_per_second,
01038                 sfBaseStats->frag_completes_per_second,
01039                 sfBaseStats->frag_inserts_per_second,
01040                 sfBaseStats->frag_deletes_per_second,
01041                 sfBaseStats->frag_autofrees_per_second,
01042                 sfBaseStats->frag_flushes_per_second,
01043                 sfBaseStats->current_frags,
01044                 sfBaseStats->max_frags,
01045                 sfBaseStats->frag_timeouts,
01046                 sfBaseStats->frag_faults);
01047    
01048     /* CPU STATS - at the end of output record */ 
01049 #ifdef LINUX_SMP
01050     /* First the number of CPUs */
01051     fprintf(fh, "%d,", sfBaseStats->sfProcPidStats->iCPUs); 
01052 
01053     /* Next, stats for each CPU (a triple) */
01054     for(iCtr = 0; iCtr < sfBaseStats->sfProcPidStats->iCPUs; iCtr++)
01055     {
01056         usr= sfBaseStats->sfProcPidStats->SysCPUs[iCtr].user;
01057         sys= sfBaseStats->sfProcPidStats->SysCPUs[iCtr].sys;
01058         idle= sfBaseStats->sfProcPidStats->SysCPUs[iCtr].idle;
01059     
01060         fprintf(fh,"%.1f,%.1f,%.1f,",usr,sys,idle);
01061     }
01062 
01063 #else
01064 
01065     usr=sfBaseStats->user_cpu_time;
01066     sys=sfBaseStats->system_cpu_time;
01067     idle=sfBaseStats->idle_cpu_time;
01068   
01069     /* 1 CPU hardcoded */ 
01070     fprintf(fh,"1,%.1f,%.1f,%.1f,",usr,sys,idle);
01071 
01072 #endif
01073 
01074     /* Status for MBits/s, Bytes/Pkt, KPkts/s for each of
01075      * wire, IP Fragmented, IP Reassembled, Stream Reassembled,
01076      * App Layer (data that reaches protocol decoders). */
01077     fprintf(fh,"%.2f,%.2f,%.2f,%.2f,%.2f,",
01078             sfBaseStats->wire_mbits_per_sec.realtime,
01079             sfBaseStats->ipfrag_mbits_per_sec.realtime,
01080             sfBaseStats->ipreass_mbits_per_sec.realtime,
01081             sfBaseStats->rebuilt_mbits_per_sec.realtime,
01082             sfBaseStats->mbits_per_sec.realtime);
01083             
01084     fprintf(fh,"%d,%d,%d,%d,%d,",
01085         sfBaseStats->avg_bytes_per_wire_packet,
01086         sfBaseStats->avg_bytes_per_ipfrag_packet,
01087         sfBaseStats->avg_bytes_per_ipreass_packet,
01088         sfBaseStats->avg_bytes_per_rebuilt_packet,
01089         sfBaseStats->avg_bytes_per_packet);
01090         
01091     fprintf(fh,"%.2f,%.2f,%.2f,%.2f,%.2f,",
01092         sfBaseStats->kpackets_wire_per_sec.realtime,
01093         sfBaseStats->kpackets_ipfrag_per_sec.realtime,
01094         sfBaseStats->kpackets_ipreass_per_sec.realtime,
01095         sfBaseStats->kpackets_rebuilt_per_sec.realtime,
01096         sfBaseStats->kpackets_per_sec.realtime);
01097     
01098     fprintf(fh,"%llu,",sfBaseStats->pkt_stats.pkts_recv);
01099     fprintf(fh,"%llu", sfBaseStats->pkt_stats.pkts_drop);
01100 
01101 
01102     fprintf(fh,"\n");
01103  
01104     fflush(fh);
01105 
01106 #ifdef LINUX   
01107    //LogScheduler();
01108 #endif
01109    
01110     return 0;
01111 }
01112 
01113 
01114 /*
01115 **  NAME 
01116 **    DisplayBasePerfStats
01117 ** 
01118 **  DESCRIPTION
01119 **    Output Function.  We can easily code multiple output buffers
01120 **    because all that is received is a SFBASE_STATS struct which
01121 **    holds all the information to output.  This current output
01122 **    function just prints to stdout.
01123 **
01124 **  FORMAL INPUTS
01125 **    SFBASE_STATS * - struct with perf information
01126 **    int            - flags for output
01127 **
01128 **  FORMAL OUTPUTS
01129 **    int - 0 is successful
01130 */
01131 int DisplayBasePerfStatsConsole(SFBASE_STATS *sfBaseStats, int iFlags)
01132 {
01133 #ifdef LINUX_SMP
01134     int iCtr;
01135 #endif
01136 
01137     LogMessage("\n\nSnort Realtime Performance  : %s--------------------------\n", 
01138                ctime(&sfBaseStats->time));
01139 
01140     LogMessage("Pkts Recv:   %llu\n",   sfBaseStats->pkt_stats.pkts_recv);
01141     LogMessage("Pkts Drop:   %llu\n",   sfBaseStats->pkt_stats.pkts_drop);
01142     LogMessage("%% Dropped:   %.2f%%\n\n",sfBaseStats->pkt_drop_percent);
01143 
01144     LogMessage("Mbits/Sec:   %.2f (wire)\n", 
01145             sfBaseStats->wire_mbits_per_sec.realtime);
01146     LogMessage("Mbits/Sec:   %.2f (ip fragmented)\n",    
01147             sfBaseStats->ipfrag_mbits_per_sec.realtime);
01148     LogMessage("Mbits/Sec:   %.2f (ip reassembled)\n",    
01149             sfBaseStats->ipreass_mbits_per_sec.realtime);
01150     LogMessage("Mbits/Sec:   %.2f (tcp rebuilt)\n", 
01151             sfBaseStats->rebuilt_mbits_per_sec.realtime);
01152     LogMessage("Mbits/Sec:   %.2f (app layer)\n\n",    
01153             sfBaseStats->mbits_per_sec.realtime);
01154 
01155     LogMessage("Bytes/Pkt:   %d (wire)\n",
01156         sfBaseStats->avg_bytes_per_wire_packet);
01157     LogMessage("Bytes/Pkt:   %d (ip fragmented)\n",
01158         sfBaseStats->avg_bytes_per_ipfrag_packet);
01159     LogMessage("Bytes/Pkt:   %d (ip reassembled)\n",
01160         sfBaseStats->avg_bytes_per_ipreass_packet);
01161     LogMessage("Bytes/Pkt:   %d (tcp rebuilt)\n",
01162         sfBaseStats->avg_bytes_per_rebuilt_packet);
01163     LogMessage("Bytes/Pkt:   %d (app layer)\n\n",
01164         sfBaseStats->avg_bytes_per_packet);
01165 
01166     LogMessage("KPkts/Sec:   %.2f (wire)\n",
01167         sfBaseStats->kpackets_wire_per_sec.realtime);
01168     LogMessage("KPkts/Sec:   %.2f (ip fragmented)\n",
01169         sfBaseStats->kpackets_ipfrag_per_sec.realtime);
01170     LogMessage("KPkts/Sec:   %.2f (ip reassembled)\n",
01171         sfBaseStats->kpackets_ipreass_per_sec.realtime);
01172     LogMessage("KPkts/Sec:   %.2f (tcp rebuilt)\n",
01173         sfBaseStats->kpackets_rebuilt_per_sec.realtime);
01174     LogMessage("KPkts/Sec:   %.2f (app layer)\n\n",
01175         sfBaseStats->kpackets_per_sec.realtime);
01176 
01177     LogMessage("PatMatch:    %.2f%%\n\n",  sfBaseStats->patmatch_percent);
01178 
01179     /*
01180     **  The following ifdefs are for CPU stats dealing with multiple
01181     **  CPUs in Linux.  Snort will show user, system and idle time for
01182     **  each CPU.  The methods of calculating this are different though,
01183     **  since getrusage is broken for multiple CPUs in Linux.  We get the
01184     **  CPU stats instead from the proc filesystem on Linux.
01185     */
01186 #ifdef LINUX_SMP
01187 
01188     for(iCtr = 0; iCtr < sfBaseStats->sfProcPidStats->iCPUs; iCtr++)
01189     {
01190     LogMessage("CPU%d Usage:  %.2f%% (user)  %.2f%% (sys)  %.2f%% (idle)\n", 
01191                 iCtr,
01192                 sfBaseStats->sfProcPidStats->SysCPUs[iCtr].user,
01193                 sfBaseStats->sfProcPidStats->SysCPUs[iCtr].sys,
01194                 sfBaseStats->sfProcPidStats->SysCPUs[iCtr].idle);
01195     }
01196     printf("\n");
01197 
01198 #else
01199 
01200     LogMessage("CPU Usage:   %.2f%% (user)  %.2f%% (sys)  %.2f%% (idle)\n\n", 
01201                 sfBaseStats->user_cpu_time,
01202                 sfBaseStats->system_cpu_time,
01203                 sfBaseStats->idle_cpu_time);
01204 
01205 #endif
01206 
01207     /*
01208     **  Shows the number of snort alerts per second.
01209     */
01210     LogMessage("Alerts/Sec             :  %.1f\n",   sfBaseStats->alerts_per_second);
01211 
01212     /* Session estimation statistics */
01213     LogMessage("Syns/Sec               :  %.1f\n", sfBaseStats->syns_per_second);
01214     LogMessage("Syn-Acks/Sec           :  %.1f\n", sfBaseStats->synacks_per_second);
01215     LogMessage("New Cached Sessions/Sec:  %.1f\n", sfBaseStats->new_sessions_per_second);
01216     LogMessage("Cached Sessions Del/Sec:  %.1f\n", sfBaseStats->deleted_sessions_per_second);    
01217     LogMessage("Current Cached Sessions:  %llu\n", sfBaseStats->total_sessions);
01218     LogMessage("Max Cached Sessions    :  %llu\n", sfBaseStats->max_sessions);
01219 
01220     /* more instrumentation for stream4/frag2 */
01221     LogMessage("Stream Flushes/Sec     :  %.1f\n", sfBaseStats->stream_flushes_per_second);
01222     LogMessage("Stream Cache Faults/Sec:  %llu\n", sfBaseStats->stream_faults);
01223     LogMessage("Stream Cache Timeouts  :  %llu\n", sfBaseStats->stream_timeouts);
01224 
01225     LogMessage("Frag Creates()s/Sec    :  %.1f\n", sfBaseStats->frag_creates_per_second);
01226     LogMessage("Frag Completes()s/Sec  :  %.1f\n", sfBaseStats->frag_completes_per_second);
01227     LogMessage("Frag Inserts()s/Sec    :  %.1f\n", sfBaseStats->frag_inserts_per_second);
01228     LogMessage("Frag Deletes/Sec       :  %.1f\n", sfBaseStats->frag_deletes_per_second);
01229     LogMessage("Frag AutoFrees/Sec     :  %.1f\n", sfBaseStats->frag_autofrees_per_second);
01230     LogMessage("Frag Flushes/Sec       :  %.1f\n", sfBaseStats->frag_flushes_per_second);
01231     LogMessage("Current Cached Frags   :  %llu\n", sfBaseStats->current_frags);
01232     LogMessage("Max Cached Frags       :  %llu\n", sfBaseStats->max_frags);
01233     LogMessage("Frag Timeouts          :  %llu\n", sfBaseStats->frag_timeouts);
01234     LogMessage("Frag Faults            :  %llu\n\n", sfBaseStats->frag_faults);
01235 
01236     /*
01237     **  Snort Maximum Performance Statistics
01238     **  These statistics calculate the maximum performance that 
01239     **  snort could attain by using the getrusage numbers.  We've
01240     **  seen in testing that these numbers come close to the actual
01241     **  throughput for Mbits/Sec and Pkt/Sec.  But note that these
01242     **  are not hard numbers and rigorous testing is necessary to
01243     **  establish snort performance on any hardware setting.
01244     */
01245     if(iFlags & MAX_PERF_STATS)
01246     {
01247     
01248         LogMessage("Snort Maximum Performance\n");
01249         LogMessage("-------------------------\n\n");
01250     
01251         LogMessage("Mbits/Second\n");
01252         LogMessage("----------------\n");
01253         LogMessage("Snort:       %.2f\n",sfBaseStats->mbits_per_sec.usertime);
01254         LogMessage("Sniffing:    %.2f\n",sfBaseStats->mbits_per_sec.systemtime);
01255         LogMessage("Combined:    %.2f\n\n",sfBaseStats->mbits_per_sec.totaltime);
01256     
01257 
01258         LogMessage("uSeconds/Pkt\n");
01259         LogMessage("----------------\n");
01260         LogMessage("Snort:       %.2f\n",sfBaseStats->usecs_per_packet.usertime);
01261         LogMessage("Sniffing:    %.2f\n",sfBaseStats->usecs_per_packet.systemtime);
01262         LogMessage("Combined:    %.2f\n\n",sfBaseStats->usecs_per_packet.totaltime);
01263 
01264         LogMessage("KPkts/Second\n");
01265         LogMessage("------------------\n");
01266         LogMessage("Snort:       %.2f\n",sfBaseStats->kpackets_per_sec.usertime);
01267         LogMessage("Sniffing:    %.2f\n",sfBaseStats->kpackets_per_sec.systemtime);
01268         LogMessage("Combined:    %.2f\n\n",sfBaseStats->kpackets_per_sec.totaltime);
01269     }
01270 
01271     return 0;
01272 }
01273
Generated on Sun May 14 14:51:15 2006 by  doxygen 1.4.2