stats: decoder/stream events as stats

diff --git a/src/counters.c b/src/counters.c
index 007b093d99c3f471e90f2187b4248f9a3aa17b99..f6283ee71decf6943c7ac26ab1ccac38f573ef3e 100644 (file)
--- a/src/counters.c
+++ b/src/counters.c
@@ -98,6 +98,11 @@ static uint32_t stats_tts = STATS_MGMTT_TTS;
 /** is the stats counter enabled? */
 static char stats_enabled = TRUE;
 
+/**< add decoder events as stats? enabled by default */
+bool stats_decoder_events = true;
+/**< add stream events as stats? disabled by default */
+bool stats_stream_events = false;
+
 static int StatsOutput(ThreadVars *tv);
 static int StatsThreadRegister(const char *thread_name, StatsPublicThreadContext *);
 void StatsReleaseCounters(StatsCounter *head);
@@ -237,6 +242,16 @@ static void StatsInitCtx(void)
         const char *interval = ConfNodeLookupChildValue(stats, "interval");
         if (interval != NULL)
             stats_tts = (uint32_t) atoi(interval);
+
+        int b;
+        int ret = ConfGetChildValueBool(stats, "decoder-events", &b);
+        if (ret) {
+            stats_decoder_events = (b == 1);
+        }
+        ret = ConfGetChildValueBool(stats, "stream-events", &b);
+        if (ret) {
+            stats_stream_events = (b == 1);
+        }
     }
 
     if (!OutputStatsLoggersRegistered()) {

diff --git a/src/decode-events.h b/src/decode-events.h
index 59d125a377da99e8457bd77545a4e47b98e9c44e..40cfa73f19fa49e0ed29bfe2443f5c28fb0fcc1f 100644 (file)
--- a/src/decode-events.h
+++ b/src/decode-events.h
@@ -190,6 +190,9 @@ enum {
     /* Cisco Fabric Path/DCE events. */
     DCE_PKT_TOO_SMALL,
 
+    /* END OF DECODE EVENTS ON SINGLE PACKET */
+    DECODE_EVENT_PACKET_MAX = DCE_PKT_TOO_SMALL,
+
     /* STREAM EVENTS */
     STREAM_3WHS_ACK_IN_WRONG_DIR,
     STREAM_3WHS_ASYNC_WRONG_SEQ,

diff --git a/src/decode.c b/src/decode.c
index c583d03fc0636d6d55054b51c9228e8bfb963a6f..8af438ad7c580ce6975ad2698c40ea34d0d2370b 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -67,6 +67,9 @@
 #include "output.h"
 #include "output-flow.h"
 
+extern bool stats_decoder_events;
+extern bool stats_stream_events;
+
 int DecodeTunnel(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
         uint8_t *pkt, uint32_t len, PacketQueue *pq, enum DecodeTunnelProto proto)
 {
@@ -117,7 +120,13 @@ void PacketUpdateEngineEventCounters(ThreadVars *tv,
         DecodeThreadVars *dtv, Packet *p)
 {
     for (uint8_t i = 0; i < p->events.cnt; i++) {
-        StatsIncr(tv, dtv->counter_engine_events[p->events.events[i]]);
+        const uint8_t e = p->events.events[i];
+
+        if (e <= DECODE_EVENT_PACKET_MAX && !stats_decoder_events)
+            continue;
+        if (e > DECODE_EVENT_PACKET_MAX && !stats_stream_events)
+            continue;
+        StatsIncr(tv, dtv->counter_engine_events[e]);
     }
 }
 
@@ -453,6 +462,12 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
 
     for (int i = 0; i < DECODE_EVENT_MAX; i++) {
         BUG_ON(i != (int)DEvents[i].code);
+
+        if (i <= DECODE_EVENT_PACKET_MAX && !stats_decoder_events)
+            continue;
+        if (i > DECODE_EVENT_PACKET_MAX && !stats_stream_events)
+            continue;
+
         dtv->counter_engine_events[i] = StatsRegisterCounter(
                 DEvents[i].event_name, tv);
     }

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 99023c67b57eaefe4e1dc7e99cb592481374bfbc..920690b70961576954f70b4a116cf31a5e9c4d70 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -60,6 +60,10 @@ stats:
   # The interval field (in seconds) controls at what interval
   # the loggers are invoked.
   interval: 8
+  # Add decode events as stats.
+  #decoder-events: true
+  # Add stream events as stats.
+  #stream-events: false
 
 # Configure the type of alert (and other) logging you would like.
 outputs: