decode/stat: Add decode counters for unknown/arp

author Jeff Lucovsky <jlucovsky@oisf.net>

Fri, 16 Dec 2022 14:11:05 +0000 (09:11 -0500)

committer Victor Julien <vjulien@oisf.net>

Sat, 28 Jan 2023 07:54:55 +0000 (08:54 +0100)
author Jeff Lucovsky <jlucovsky@oisf.net>
Fri, 16 Dec 2022 14:11:05 +0000 (09:11 -0500)
committer Victor Julien <vjulien@oisf.net>
Sat, 28 Jan 2023 07:54:55 +0000 (08:54 +0100)
diff --git a/etc/schema.json b/etc/schema.json

index 15bf6261fbadc07a574a8ec2d86d4999be2a9b7c..2334c4870843531ee32bab0760b3da2abac4db21 100644 (file)
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -4147,6 +4147,12 @@
                          "ethernet": {
                              "type": "integer"
                          },
+                        "arp": {
+                            "type": "integer"
+                        },
+                        "unknown_ethertype": {
+                            "type": "integer"
+                        },
                          "geneve": {
                              "type": "integer"
                          },
diff --git a/src/decode.c b/src/decode.c

index c64af550ef0cfc2d8de0559119477a3ef3354b6d..b3da7a1ed1a5698142024f12cca3676bbfa91318 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -532,6 +532,8 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
      dtv->counter_ipv4 = StatsRegisterCounter("decoder.ipv4", tv);
      dtv->counter_ipv6 = StatsRegisterCounter("decoder.ipv6", tv);
      dtv->counter_eth = StatsRegisterCounter("decoder.ethernet", tv);
+    dtv->counter_arp = StatsRegisterCounter("decoder.arp", tv);
+    dtv->counter_ethertype_unknown = StatsRegisterCounter("decoder.unknown_ethertype", tv);
      dtv->counter_chdlc = StatsRegisterCounter("decoder.chdlc", tv);
      dtv->counter_raw = StatsRegisterCounter("decoder.raw", tv);
      dtv->counter_null = StatsRegisterCounter("decoder.null", tv);
diff --git a/src/decode.h b/src/decode.h

index dfa8af0f015d48000ad913a7c62f4d5593ecc384..39d9bf1355d00cfd483a861b92f3a14fa390fcdd 100644 (file)
--- a/src/decode.h
+++ b/src/decode.h
@@ -683,6 +683,8 @@ typedef struct DecodeThreadVars_
      uint16_t counter_udp;
      uint16_t counter_icmpv4;
      uint16_t counter_icmpv6;
+    uint16_t counter_arp;
+    uint16_t counter_ethertype_unknown;
  
      uint16_t counter_sll;
      uint16_t counter_raw;
@@ -1189,6 +1191,7 @@ static inline bool DecodeNetworkLayer(ThreadVars *tv, DecodeThreadVars *dtv,
              DecodeIEEE8021ah(tv, dtv, p, data, len);
              break;
          case ETHERNET_TYPE_ARP:
+            StatsIncr(tv, dtv->counter_arp);
              break;
          case ETHERNET_TYPE_MPLS_UNICAST:
          case ETHERNET_TYPE_MPLS_MULTICAST:
@@ -1209,6 +1212,7 @@ static inline bool DecodeNetworkLayer(ThreadVars *tv, DecodeThreadVars *dtv,
              break;
          default:
              SCLogDebug("unknown ether type: %" PRIx16 "", proto);
+            StatsIncr(tv, dtv->counter_ethertype_unknown);
              return false;
      }
      return true;
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Fri, 16 Dec 2022 14:11:05 +0000 (09:11 -0500)
committer	Victor Julien <vjulien@oisf.net>
	Sat, 28 Jan 2023 07:54:55 +0000 (08:54 +0100)
etc/schema.json		patch \| blob \| blame \| history
src/decode.c		patch \| blob \| blame \| history
src/decode.h		patch \| blob \| blame \| history