Do not lookup ignore_checksums_nets for every packet

This could lead to a noticeable (single-percent) performance improvement. Most of the functionality for this is in the packet analyzers that now cache ignore_chesksums_nets. Based on a patch by Arne Welzel (Corelight).
2025-10-11 19:18:19 +00:00 · 2021-08-06 10:32:53 +01:00 · 2021-08-06 10:32:53 +01:00 · 8192ad581d
commit 8192ad581d
parent d24cecf268
13 changed files with 101 additions and 7 deletions
--- a/src/packet_analysis/protocol/ip/IP.cc
+++ b/src/packet_analysis/protocol/ip/IP.cc
@ -1,6 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.

 #include "zeek/packet_analysis/protocol/ip/IP.h"
+#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
 #include "zeek/NetVar.h"
 #include "zeek/IP.h"
 #include "zeek/Discard.h"
@ -128,7 +129,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		 return false;

 	if ( ! packet->l2_checksummed && ! detail::ignore_checksums && ip4 &&
-	     ! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
+	     ! IPBasedAnalyzer::GetIgnoreChecksumsNets()->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
 	     detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
 		{
 		Weird("bad_IP_checksum", packet);
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
@ -282,3 +282,18 @@ void IPBasedAnalyzer::DumpPortDebug()
 		DBG_LOG(DBG_ANALYZER, "    %d/%s: %s", mapping.first, transport_proto_string(transport), s.c_str());
 		}
 	}
+
+TableValPtr IPBasedAnalyzer::ignore_checksums_nets_table = nullptr;
+
+void IPBasedAnalyzer::SetIgnoreChecksumsNets(TableValPtr t)
+	{
+	IPBasedAnalyzer::ignore_checksums_nets_table = t;
+	}
+
+TableValPtr IPBasedAnalyzer::GetIgnoreChecksumsNets()
+	{
+	if ( ! IPBasedAnalyzer::ignore_checksums_nets_table )
+		IPBasedAnalyzer::ignore_checksums_nets_table = zeek::id::find_val<TableVal>("ignore_checksums_nets");
+	return IPBasedAnalyzer::ignore_checksums_nets_table;
+	}
+
--- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
+++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
@ -7,6 +7,7 @@

 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/analyzer/Tag.h"
+#include "zeek/ID.h"

 namespace zeek::analyzer::pia { class PIA; }

@ -61,6 +62,25 @@ public:
 	 */
 	void DumpPortDebug();

+	/**
+	 * Updates the internal pointer to the script-level variable `ignore_checksums_nets`.
+	 * This is used to prevent repeated (costly) lookup of the script-level variable
+	 * by IP-based analyzers.
+	 *
+	 * @param t New value of ignore_checksums_nets
+	 */
+	static void SetIgnoreChecksumsNets(TableValPtr t);
+
+
+  /**
+	 * Gets the interpal pointer to the script-level variable `ignore_checksums_nets`.
+	 * This is used to prevent repeated (costly) lookup of the script-level variable
+	 * by IP-based analyzers.
+	 *
+	 * @return Current value of `ignore_checksums_nets`.
+	 */
+	static TableValPtr GetIgnoreChecksumsNets();
+
 protected:

 	/**
@ -178,6 +198,7 @@ private:

 	TransportProto transport;
 	uint32_t server_port_mask;
+	static TableValPtr ignore_checksums_nets_table;
 };

 }