nfq: add ips stats

diff --git a/src/source-nfq.c b/src/source-nfq.c
index b8b38bc3e621de7789781e2ca6a47f4e95d6a0df..f2bfd7f0cbd706d681ee24d264b6def78b0d5406 100644 (file)
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -131,6 +131,10 @@ typedef struct NFQThreadVars_
     char *data; /** Per function and thread data */
     int datalen; /** Length of per function and thread data */
 
+    uint16_t counter_ips_accepted;
+    uint16_t counter_ips_blocked;
+    uint16_t counter_ips_rejected;
+
 } NFQThreadVars;
 /* shared vars for all for nfq queues and threads */
 static NFQGlobalVars nfq_g;
@@ -755,9 +759,13 @@ TmEcode ReceiveNFQThreadDeinit(ThreadVars *t, void *data)
 
 TmEcode VerdictNFQThreadInit(ThreadVars *tv, void *initdata, void **data)
 {
+    NFQThreadVars *ntv = (NFQThreadVars *) initdata;
 
-    *data = (void *)initdata;
+    ntv->counter_ips_accepted = StatsRegisterCounter("ips.accepted", tv);
+    ntv->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv);
+    ntv->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv);
 
+    *data = (void *)ntv;
     return TM_ECODE_OK;
 }
 
@@ -1169,6 +1177,16 @@ TmEcode NFQSetVerdict(Packet *p)
  */
 TmEcode VerdictNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
 {
+    NFQThreadVars *ntv = (NFQThreadVars *)data;
+    /* update counters */
+    if (unlikely(PACKET_TEST_ACTION(p, (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)))) {
+        StatsIncr(tv, ntv->counter_ips_rejected);
+    } else if (unlikely(PACKET_TEST_ACTION(p, ACTION_DROP))) {
+        StatsIncr(tv, ntv->counter_ips_blocked);
+    } else {
+        StatsIncr(tv, ntv->counter_ips_accepted);
+    }
+
     int ret;
     /* if this is a tunnel packet we check if we are ready to verdict
      * already. */