#include "packet_tracer/packet_tracer.h"
#include "profiler/profiler.h"
#include "pub_sub/finalize_packet_event.h"
+#include "pub_sub/other_message_event.h"
#include "side_channel/side_channel.h"
#include "stream/stream.h"
#include "time/packet_time.h"
void Analyzer::process_daq_msg(DAQ_Msg_h msg, bool retry)
{
+ DAQ_Verdict verdict = DAQ_VERDICT_PASS;
switch (daq_msg_get_type(msg))
{
case DAQ_MSG_TYPE_PACKET:
process_daq_sof_eof_msg(msg);
break;
default:
+ {
+ OtherMessageEvent event(msg, verdict);
+ aux_counts.other_messages++;
+ // the verdict can be updated by event handler
+ DataBus::publish(OTHER_MESSAGE_EVENT, event);
+ }
break;
}
{
Profile profile(daqPerfStats);
- daq_instance->finalize_message(msg, DAQ_VERDICT_PASS);
+ daq_instance->finalize_message(msg, verdict);
}
}
PegCount retries_dropped;
PegCount retries_processed;
PegCount retries_discarded;
+ PegCount other_messages;
};
const PegInfo daq_names[] =
{ CountType::SUM, "retries_dropped", "messages dropped when overrunning the retry queue" },
{ CountType::SUM, "retries_processed", "messages processed from the retry queue" },
{ CountType::SUM, "retries_discarded", "messages discarded when purging the retry queue" },
+ { CountType::SUM, "other_messages", "messages received from DAQ with unrecognized message type" },
{ CountType::END, nullptr, nullptr }
};
stats.retries_dropped = aux_counts.retries_dropped;
stats.retries_processed = aux_counts.retries_processed;
stats.retries_discarded = aux_counts.retries_discarded;
+ stats.other_messages = aux_counts.other_messages;
memset(&aux_counts, 0, sizeof(AuxCount));
expect_events.h
finalize_packet_event.h
http_events.h
+ other_message_event.h
sip_events.h
)
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2019-2019 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// other_message_event.h author Steven Baigal <sbaigal@cisco.com>
+
+#ifndef OTHER_MESSAGE_EVENT_H
+#define OTHER_MESSAGE_EVENT_H
+
+#include <daq_common.h>
+
+#include "framework/data_bus.h"
+
+#define OTHER_MESSAGE_EVENT "daq.other.message"
+
+namespace snort
+{
+
+class SO_PUBLIC OtherMessageEvent : public snort::DataEvent
+{
+public:
+ OtherMessageEvent(DAQ_Msg_h msg, DAQ_Verdict& v) :
+ daq_msg(msg), verdict(v)
+ {
+ }
+
+ DAQ_Msg_h get_daq_msg()
+ { return daq_msg; }
+
+ DAQ_Verdict& get_verdict()
+ { return verdict; }
+
+private:
+ DAQ_Msg_h daq_msg;
+ DAQ_Verdict& verdict;
+};
+
+}
+
+#endif
PegCount retries_dropped;
PegCount retries_processed;
PegCount retries_discarded;
+ PegCount other_messages;
};
extern ProcessCount proc_stats;
projects / thirdparty / snort3.git / commitdiff
