{ "stream.3whs_async_wrong_seq", STREAM_3WHS_ASYNC_WRONG_SEQ, },
{ "stream.3whs_right_seq_wrong_ack_evasion", STREAM_3WHS_RIGHT_SEQ_WRONG_ACK_EVASION, },
{ "stream.3whs_synack_in_wrong_direction", STREAM_3WHS_SYNACK_IN_WRONG_DIRECTION, },
- { "stream.3whs_synack_resend_with_different_ack", STREAM_3WHS_SYNACK_RESEND_WITH_DIFFERENT_ACK, },
+ { "stream.3whs_synack_resend_with_diff_ack", STREAM_3WHS_SYNACK_RESEND_WITH_DIFFERENT_ACK, },
{ "stream.3whs_synack_resend_with_diff_seq", STREAM_3WHS_SYNACK_RESEND_WITH_DIFF_SEQ, },
{ "stream.3whs_synack_toserver_on_syn_recv", STREAM_3WHS_SYNACK_TOSERVER_ON_SYN_RECV, },
{ "stream.3whs_synack_with_wrong_ack", STREAM_3WHS_SYNACK_WITH_WRONG_ACK, },
{ "stream.est_packet_out_of_window", STREAM_EST_PACKET_OUT_OF_WINDOW, },
{ "stream.est_pkt_before_last_ack", STREAM_EST_PKT_BEFORE_LAST_ACK, },
{ "stream.est_synack_resend", STREAM_EST_SYNACK_RESEND, },
- { "stream.est_synack_resend_with_different_ack", STREAM_EST_SYNACK_RESEND_WITH_DIFFERENT_ACK, },
+ { "stream.est_synack_resend_with_diff_ack", STREAM_EST_SYNACK_RESEND_WITH_DIFFERENT_ACK, },
{ "stream.est_synack_resend_with_diff_seq", STREAM_EST_SYNACK_RESEND_WITH_DIFF_SEQ, },
{ "stream.est_synack_toserver", STREAM_EST_SYNACK_TOSERVER, },
{ "stream.est_syn_resend", STREAM_EST_SYN_RESEND, },
{ "stream.rst_but_no_session", STREAM_RST_BUT_NO_SESSION, },
{ "stream.timewait_ack_wrong_seq", STREAM_TIMEWAIT_ACK_WRONG_SEQ, },
{ "stream.timewait_invalid_ack", STREAM_TIMEWAIT_INVALID_ACK, },
+ { "stream.shutdown_syn_resend", STREAM_SHUTDOWN_SYN_RESEND, },
{ "stream.pkt_invalid_timestamp", STREAM_PKT_INVALID_TIMESTAMP, },
{ "stream.pkt_invalid_ack", STREAM_PKT_INVALID_ACK, },
{ "stream.pkt_broken_ack", STREAM_PKT_BROKEN_ACK, },
{ "stream.rst_invalid_ack", STREAM_RST_INVALID_ACK, },
- { "stream.shutdown_syn_resend", STREAM_SHUTDOWN_SYN_RESEND, },
{ "stream.pkt_retransmission", STREAM_PKT_RETRANSMISSION, },
{ "stream.pkt_bad_window_update", STREAM_PKT_BAD_WINDOW_UPDATE, },
/* Cisco Fabric Path/DCE events. */
DCE_PKT_TOO_SMALL,
- /* END OF DECODE EVENTS ON SINGLE PACKET */
- DECODE_EVENT_PACKET_MAX,
-
/* STREAM EVENTS */
STREAM_3WHS_ACK_IN_WRONG_DIR,
STREAM_3WHS_ASYNC_WRONG_SEQ,
STREAM_RST_INVALID_ACK,
STREAM_PKT_RETRANSMISSION,
STREAM_PKT_BAD_WINDOW_UPDATE,
+
STREAM_SUSPECTED_RST_INJECT,
STREAM_REASSEMBLY_SEGMENT_BEFORE_BASE_SEQ,
STREAM_REASSEMBLY_NO_SEGMENT,
-
STREAM_REASSEMBLY_SEQ_GAP,
-
STREAM_REASSEMBLY_OVERLAP_DIFFERENT_DATA,
/* should always be last! */
const char *event_name;
uint8_t code;
};
-extern const struct DecodeEvents_ DEvents[DECODE_EVENT_MAX];
+/* +1 for the end of table marker */
+extern const struct DecodeEvents_ DEvents[DECODE_EVENT_MAX + 1];
#endif /* __DECODE_EVENTS_H__ */
* functions when decoding has been succesful.
*
*/
-
void PacketDecodeFinalize(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
{
-
if (p->flags & PKT_IS_INVALID) {
StatsIncr(tv, dtv->counter_invalid);
- int i = 0;
- for (i = 0; i < p->events.cnt; i++) {
- if (EVENT_IS_DECODER_PACKET_ERROR(p->events.events[i])) {
- StatsIncr(tv, dtv->counter_invalid_events[p->events.events[i]]);
- }
- }
+ }
+}
+
+void PacketUpdateEngineEventCounters(ThreadVars *tv,
+ DecodeThreadVars *dtv, Packet *p)
+{
+ for (uint8_t i = 0; i < p->events.cnt; i++) {
+ StatsIncr(tv, dtv->counter_engine_events[p->events.events[i]]);
}
}
dtv->counter_defrag_max_hit =
StatsRegisterCounter("defrag.max_frag_hits", tv);
- int i = 0;
- for (i = 0; i < DECODE_EVENT_PACKET_MAX; i++) {
+ for (int i = 0; i < DECODE_EVENT_MAX; i++) {
BUG_ON(i != (int)DEvents[i].code);
- dtv->counter_invalid_events[i] = StatsRegisterCounter(
+ dtv->counter_engine_events[i] = StatsRegisterCounter(
DEvents[i].event_name, tv);
}
uint16_t counter_flow_icmp4;
uint16_t counter_flow_icmp6;
- uint16_t counter_invalid_events[DECODE_EVENT_PACKET_MAX];
+ uint16_t counter_engine_events[DECODE_EVENT_MAX];
+
/* thread data for flow logging api: only used at forced
* flow recycle during lookups */
void *output_flow_thread_data;
Packet *PacketGetFromQueueOrAlloc(void);
Packet *PacketGetFromAlloc(void);
void PacketDecodeFinalize(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p);
+void PacketUpdateEngineEventCounters(ThreadVars *tv,
+ DecodeThreadVars *dtv, Packet *p);
void PacketFree(Packet *p);
void PacketFreeOrRelease(Packet *p);
int PacketCallocExtPkt(Packet *p, int datalen);
{
char srawstr[64] = "stream.";
+ if (strcmp(rawstr, "est_synack_resend_with_different_ack") == 0) {
+ rawstr = "est_synack_resend_with_diff_ack";
+ } else if (strcmp(rawstr, "3whs_synack_resend_with_different_ack") == 0) {
+ rawstr = "3whs_synack_resend_with_diff_ack";
+ }
+
/* stream:$EVENT alias command develop as decode-event:stream.$EVENT */
strlcat(srawstr, rawstr, sizeof(srawstr));
FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
}
+ PacketUpdateEngineEventCounters(tv, fw->dtv, p);
+
/* handle Detect */
DEBUG_ASSERT_FLOW_LOCKED(p->flow);
SCLogDebug("packet %"PRIu64" calling Detect", p->pcap_cnt);
projects / people / ms / suricata.git / commitdiff
