defrag: add some events relative to defragmentation

diff --git a/src/decode-events.h b/src/decode-events.h
index 32aeee95ce5318d5ef989b4bec4f90043e793d0c..0c7983d501f3781b4e0ceb69ed2a775b0265fbc6 100644 (file)
--- a/src/decode-events.h
+++ b/src/decode-events.h
@@ -191,6 +191,11 @@ enum {
     IPV4_FRAG_OVERLAP,
     IPV6_FRAG_PKT_TOO_LARGE,
     IPV6_FRAG_OVERLAP,
+    IPV4_FRAG_TOO_LARGE,
+    IPV6_FRAG_TOO_LARGE,
+    /* Fragment ignored due to internal error */
+    IPV4_FRAG_IGNORED,
+    IPV6_FRAG_IGNORED,
 
     /* IPv4 in IPv6 events */
     IPV4_IN_IPV6_PKT_TOO_SMALL,

diff --git a/src/defrag.c b/src/defrag.c
index f619638fa2f4d5f1d829f5ee1d42d141094f738a..24952596d7fa940cfb6cdf461c8809018bba88cc 100644 (file)
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -932,6 +932,11 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
 
 insert:
     if (data_len - ltrim <= 0) {
+        if (af == AF_INET) {
+            ENGINE_SET_EVENT(p, IPV4_FRAG_TOO_LARGE);
+        } else {
+            ENGINE_SET_EVENT(p, IPV6_FRAG_TOO_LARGE);
+        }
         goto done;
     }
 
@@ -940,6 +945,11 @@ insert:
     Frag *new = PoolGet(dc->frag_pool);
     SCMutexUnlock(&dc->frag_pool_lock);
     if (new == NULL) {
+        if (af == AF_INET) {
+            ENGINE_SET_EVENT(p, IPV4_FRAG_IGNORED);
+        } else {
+            ENGINE_SET_EVENT(p, IPV6_FRAG_IGNORED);
+        }
         goto done;
     }
     new->pkt = SCMalloc(GET_PKT_LEN(p));
@@ -947,6 +957,11 @@ insert:
         SCMutexLock(&dc->frag_pool_lock);
         PoolReturn(dc->frag_pool, new);
         SCMutexUnlock(&dc->frag_pool_lock);
+        if (af == AF_INET) {
+            ENGINE_SET_EVENT(p, IPV4_FRAG_IGNORED);
+        } else {
+            ENGINE_SET_EVENT(p, IPV6_FRAG_IGNORED);
+        }
         goto done;
     }
     memcpy(new->pkt, GET_PKT_DATA(p) + ltrim, GET_PKT_LEN(p) - ltrim);