From: Victor Julien Date: Tue, 25 Jul 2023 05:51:02 +0000 (+0200) Subject: stats: add drop reason counters X-Git-Tag: suricata-7.0.1~88 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f9767a9cb97d489c52154f9d9d4374b23f381b4;p=thirdparty%2Fsuricata.git stats: add drop reason counters { "accepted": 296185, "blocked": 162, "rejected": 0, "replaced": 0, "drop_reason": { "decode_error": 0, "defrag_error": 0, "defrag_memcap": 0, "flow_memcap": 0, "flow_drop": 94, "applayer_error": 0, "applayer_memcap": 0, "rules": 3, "threshold_detection_filter": 0, "stream_error": 63, "stream_memcap": 0, "stream_midstream": 2, "nfq_error": 0, "tunnel_packet_drop": 0 } } Ticket: #6230. --- diff --git a/etc/schema.json b/etc/schema.json index b523837349..f9ea5c9f38 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -4027,6 +4027,54 @@ }, "replaced": { "type": "integer" + }, + "drop_reason": { + "type": "object", + "properties": { + "decode_error": { + "type": "integer" + }, + "defrag_error": { + "type": "integer" + }, + "defrag_memcap": { + "type": "integer" + }, + "flow_memcap": { + "type": "integer" + }, + "flow_drop": { + "type": "integer" + }, + "applayer_error": { + "type": "integer" + }, + "applayer_memcap": { + "type": "integer" + }, + "rules": { + "type": "integer" + }, + "threshold_detection_filter": { + "type": "integer" + }, + "stream_error": { + "type": "integer" + }, + "stream_memcap": { + "type": "integer" + }, + "stream_midstream": { + "type": "integer" + }, + "nfq_error": { + "type": "integer" + }, + "tunnel_packet_drop": { + "type": "integer" + } + }, + "additionalProperties": false } }, "additionalProperties": false diff --git a/src/decode.c b/src/decode.c index 90d755ba78..b49b29838c 100644 --- a/src/decode.c +++ b/src/decode.c @@ -817,6 +817,45 @@ const char *PacketDropReasonToString(enum PacketDropReason r) case PKT_DROP_REASON_INNER_PACKET: return "tunnel packet drop"; case PKT_DROP_REASON_NOT_SET: + case PKT_DROP_REASON_MAX: + return NULL; + } + return NULL; +} + +static const char *PacketDropReasonToJsonString(enum PacketDropReason r) +{ + switch (r) { + case PKT_DROP_REASON_DECODE_ERROR: + return "ips.drop_reason.decode_error"; + case PKT_DROP_REASON_DEFRAG_ERROR: + return "ips.drop_reason.defrag_error"; + case PKT_DROP_REASON_DEFRAG_MEMCAP: + return "ips.drop_reason.defrag_memcap"; + case PKT_DROP_REASON_FLOW_MEMCAP: + return "ips.drop_reason.flow_memcap"; + case PKT_DROP_REASON_FLOW_DROP: + return "ips.drop_reason.flow_drop"; + case PKT_DROP_REASON_STREAM_ERROR: + return "ips.drop_reason.stream_error"; + case PKT_DROP_REASON_STREAM_MEMCAP: + return "ips.drop_reason.stream_memcap"; + case PKT_DROP_REASON_STREAM_MIDSTREAM: + return "ips.drop_reason.stream_midstream"; + case PKT_DROP_REASON_APPLAYER_ERROR: + return "ips.drop_reason.applayer_error"; + case PKT_DROP_REASON_APPLAYER_MEMCAP: + return "ips.drop_reason.applayer_memcap"; + case PKT_DROP_REASON_RULES: + return "ips.drop_reason.rules"; + case PKT_DROP_REASON_RULES_THRESHOLD: + return "ips.drop_reason.threshold_detection_filter"; + case PKT_DROP_REASON_NFQ_ERROR: + return "ips.drop_reason.nfq_error"; + case PKT_DROP_REASON_INNER_PACKET: + return "ips.drop_reason.tunnel_packet_drop"; + case PKT_DROP_REASON_NOT_SET: + case PKT_DROP_REASON_MAX: return NULL; } return NULL; @@ -827,11 +866,12 @@ typedef struct CaptureStats_ { uint16_t counter_ips_blocked; uint16_t counter_ips_rejected; uint16_t counter_ips_replaced; + + uint16_t counter_drop_reason[PKT_DROP_REASON_MAX]; } CaptureStats; thread_local CaptureStats t_capture_stats; -/* TODO drop reason stats! */ void CaptureStatsUpdate(ThreadVars *tv, const Packet *p) { if (!EngineModeIsIPS() || PKT_IS_PSEUDOPKT(p)) @@ -847,6 +887,9 @@ void CaptureStatsUpdate(ThreadVars *tv, const Packet *p) } else { StatsIncr(tv, s->counter_ips_accepted); } + if (p->drop_reason != PKT_DROP_REASON_NOT_SET) { + StatsIncr(tv, s->counter_drop_reason[p->drop_reason]); + } } void CaptureStatsSetup(ThreadVars *tv) @@ -857,6 +900,11 @@ void CaptureStatsSetup(ThreadVars *tv) s->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv); s->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv); s->counter_ips_replaced = StatsRegisterCounter("ips.replaced", tv); + for (int i = PKT_DROP_REASON_NOT_SET; i < PKT_DROP_REASON_MAX; i++) { + const char *name = PacketDropReasonToJsonString(i); + if (name != NULL) + s->counter_drop_reason[i] = StatsRegisterCounter(name, tv); + } } } diff --git a/src/decode.h b/src/decode.h index b50324c98d..fe42924bb6 100644 --- a/src/decode.h +++ b/src/decode.h @@ -403,6 +403,7 @@ enum PacketDropReason { PKT_DROP_REASON_STREAM_MIDSTREAM, PKT_DROP_REASON_NFQ_ERROR, /**< no nfq verdict, must be error */ PKT_DROP_REASON_INNER_PACKET, /**< drop issued by inner (tunnel) packet */ + PKT_DROP_REASON_MAX, }; /* forward declaration since Packet struct definition requires this */