nfq: set drop reason on verdict error

diff --git a/src/decode.c b/src/decode.c
index 303349625bacf0d6a5fdac595413f199d9a07340..d4424b15bdff1d1f91888e0c0338552e0994dbd8 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -803,6 +803,8 @@ const char *PacketDropReasonToString(enum PacketDropReason r)
             return "rules";
         case PKT_DROP_REASON_RULES_THRESHOLD:
             return "threshold detection_filter";
+        case PKT_DROP_REASON_NFQ_ERROR:
+            return "nfq error";
         case PKT_DROP_REASON_NOT_SET:
         default:
             return NULL;

diff --git a/src/decode.h b/src/decode.h
index f4324717e81d1300ea49358deb5c2863e11654e8..888f634f26da2809dc8a265b2350a04c5c6192a8 100644 (file)
--- a/src/decode.h
+++ b/src/decode.h
@@ -410,6 +410,7 @@ enum PacketDropReason {
     PKT_DROP_REASON_STREAM_ERROR,
     PKT_DROP_REASON_STREAM_MEMCAP,
     PKT_DROP_REASON_STREAM_MIDSTREAM,
+    PKT_DROP_REASON_NFQ_ERROR, /**< no nfq verdict, must be error */
 };
 
 /* forward declaration since Packet struct definition requires this */

diff --git a/src/source-nfq.c b/src/source-nfq.c
index a3d02fa3f3d0cb8753f7d98e77c47a4ff7c07718..9172eef150675214d2dede661eed9fb9272fc1f9 100644 (file)
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -476,7 +476,7 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data)
 static void NFQReleasePacket(Packet *p)
 {
     if (unlikely(!p->nfq_v.verdicted)) {
-        PacketUpdateAction(p, ACTION_DROP);
+        PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_NFQ_ERROR);
         NFQSetVerdict(p);
     }
     PacketFreeOrRelease(p);