stats: add drop reason counters

author Victor Julien <vjulien@oisf.net>

Tue, 25 Jul 2023 05:51:02 +0000 (07:51 +0200)

committer Victor Julien <vjulien@oisf.net>

Tue, 25 Jul 2023 13:09:45 +0000 (15:09 +0200)
author Victor Julien <vjulien@oisf.net>
Tue, 25 Jul 2023 05:51:02 +0000 (07:51 +0200)
committer Victor Julien <vjulien@oisf.net>
Tue, 25 Jul 2023 13:09:45 +0000 (15:09 +0200)
diff --git a/etc/schema.json b/etc/schema.json

index b5238373493ba8960280f975d1f9bbda333eb60f..f9ea5c9f380825a06b5fd1bc09421c6efa1878e2 100644 (file)
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -4027,6 +4027,54 @@
                          },
                          "replaced": {
                              "type": "integer"
+                        },
+                        "drop_reason": {
+                            "type": "object",
+                            "properties": {
+                                "decode_error": {
+                                    "type": "integer"
+                                },
+                                "defrag_error": {
+                                    "type": "integer"
+                                },
+                                "defrag_memcap": {
+                                    "type": "integer"
+                                },
+                                "flow_memcap": {
+                                    "type": "integer"
+                                },
+                                "flow_drop": {
+                                    "type": "integer"
+                                },
+                                "applayer_error": {
+                                    "type": "integer"
+                                },
+                                "applayer_memcap": {
+                                    "type": "integer"
+                                },
+                                "rules": {
+                                    "type": "integer"
+                                },
+                                "threshold_detection_filter": {
+                                    "type": "integer"
+                                },
+                                "stream_error": {
+                                    "type": "integer"
+                                },
+                                "stream_memcap": {
+                                    "type": "integer"
+                                },
+                                "stream_midstream": {
+                                    "type": "integer"
+                                },
+                                "nfq_error": {
+                                    "type": "integer"
+                                },
+                                "tunnel_packet_drop": {
+                                    "type": "integer"
+                                }
+                            },
+                            "additionalProperties": false
                          }
                      },
                      "additionalProperties": false
diff --git a/src/decode.c b/src/decode.c

index 90d755ba78c5215358dbd67851c3acca2e01790e..b49b29838cab7b9666b24a0595da3f002e7d13ee 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -817,6 +817,45 @@ const char *PacketDropReasonToString(enum PacketDropReason r)
          case PKT_DROP_REASON_INNER_PACKET:
              return "tunnel packet drop";
          case PKT_DROP_REASON_NOT_SET:
+        case PKT_DROP_REASON_MAX:
+            return NULL;
+    }
+    return NULL;
+}
+
+static const char *PacketDropReasonToJsonString(enum PacketDropReason r)
+{
+    switch (r) {
+        case PKT_DROP_REASON_DECODE_ERROR:
+            return "ips.drop_reason.decode_error";
+        case PKT_DROP_REASON_DEFRAG_ERROR:
+            return "ips.drop_reason.defrag_error";
+        case PKT_DROP_REASON_DEFRAG_MEMCAP:
+            return "ips.drop_reason.defrag_memcap";
+        case PKT_DROP_REASON_FLOW_MEMCAP:
+            return "ips.drop_reason.flow_memcap";
+        case PKT_DROP_REASON_FLOW_DROP:
+            return "ips.drop_reason.flow_drop";
+        case PKT_DROP_REASON_STREAM_ERROR:
+            return "ips.drop_reason.stream_error";
+        case PKT_DROP_REASON_STREAM_MEMCAP:
+            return "ips.drop_reason.stream_memcap";
+        case PKT_DROP_REASON_STREAM_MIDSTREAM:
+            return "ips.drop_reason.stream_midstream";
+        case PKT_DROP_REASON_APPLAYER_ERROR:
+            return "ips.drop_reason.applayer_error";
+        case PKT_DROP_REASON_APPLAYER_MEMCAP:
+            return "ips.drop_reason.applayer_memcap";
+        case PKT_DROP_REASON_RULES:
+            return "ips.drop_reason.rules";
+        case PKT_DROP_REASON_RULES_THRESHOLD:
+            return "ips.drop_reason.threshold_detection_filter";
+        case PKT_DROP_REASON_NFQ_ERROR:
+            return "ips.drop_reason.nfq_error";
+        case PKT_DROP_REASON_INNER_PACKET:
+            return "ips.drop_reason.tunnel_packet_drop";
+        case PKT_DROP_REASON_NOT_SET:
+        case PKT_DROP_REASON_MAX:
              return NULL;
      }
      return NULL;
@@ -827,11 +866,12 @@ typedef struct CaptureStats_ {
      uint16_t counter_ips_blocked;
      uint16_t counter_ips_rejected;
      uint16_t counter_ips_replaced;
+
+    uint16_t counter_drop_reason[PKT_DROP_REASON_MAX];
  } CaptureStats;
  
  thread_local CaptureStats t_capture_stats;
  
-/* TODO drop reason stats! */
  void CaptureStatsUpdate(ThreadVars *tv, const Packet *p)
  {
      if (!EngineModeIsIPS() || PKT_IS_PSEUDOPKT(p))
@@ -847,6 +887,9 @@ void CaptureStatsUpdate(ThreadVars *tv, const Packet *p)
      } else {
          StatsIncr(tv, s->counter_ips_accepted);
      }
+    if (p->drop_reason != PKT_DROP_REASON_NOT_SET) {
+        StatsIncr(tv, s->counter_drop_reason[p->drop_reason]);
+    }
  }
  
  void CaptureStatsSetup(ThreadVars *tv)
@@ -857,6 +900,11 @@ void CaptureStatsSetup(ThreadVars *tv)
          s->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv);
          s->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv);
          s->counter_ips_replaced = StatsRegisterCounter("ips.replaced", tv);
+        for (int i = PKT_DROP_REASON_NOT_SET; i < PKT_DROP_REASON_MAX; i++) {
+            const char *name = PacketDropReasonToJsonString(i);
+            if (name != NULL)
+                s->counter_drop_reason[i] = StatsRegisterCounter(name, tv);
+        }
      }
  }
  
diff --git a/src/decode.h b/src/decode.h

index b50324c98d1b70b3c76ebb2294a64c082ab354d8..fe42924bb6282147985f6f7051a39610873efe6c 100644 (file)
--- a/src/decode.h
+++ b/src/decode.h
@@ -403,6 +403,7 @@ enum PacketDropReason {
      PKT_DROP_REASON_STREAM_MIDSTREAM,
      PKT_DROP_REASON_NFQ_ERROR,    /**< no nfq verdict, must be error */
      PKT_DROP_REASON_INNER_PACKET, /**< drop issued by inner (tunnel) packet */
+    PKT_DROP_REASON_MAX,
  };
  
  /* forward declaration since Packet struct definition requires this */
author	Victor Julien <vjulien@oisf.net>
	Tue, 25 Jul 2023 05:51:02 +0000 (07:51 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 25 Jul 2023 13:09:45 +0000 (15:09 +0200)
etc/schema.json		patch \| blob \| blame \| history
src/decode.c		patch \| blob \| blame \| history
src/decode.h		patch \| blob \| blame \| history