From: Eric Leblond <eric@regit.org>
Date: Tue, 11 Jun 2019 20:21:45 +0000 (+0200)
Subject: bypass: add counter for local captured bypass
X-Git-Tag: suricata-5.0.0-rc1~286
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e5439bc1577670e654499a04e6a225cb6aeb292;p=thirdparty%2Fsuricata.git

bypass: add counter for local captured bypass

Packets from captured bypassed flows that are received by Suricata
before the capture method start to bypass them can represent an
important part due to various buffer and insertion delay.

This patch adds a two counters to know the number of packets and
bytes in this case.
---

diff --git a/src/flow-worker.c b/src/flow-worker.c
index 33ec726b95..d6b421e9d0 100644
--- a/src/flow-worker.c
+++ b/src/flow-worker.c
@@ -61,6 +61,8 @@ typedef struct FlowWorkerThreadData_ {
 
     uint16_t local_bypass_pkts;
     uint16_t local_bypass_bytes;
+    uint16_t both_bypass_pkts;
+    uint16_t both_bypass_bytes;
 
     PacketQueue pq;
 
@@ -77,6 +79,8 @@ static inline TmEcode FlowUpdate(ThreadVars *tv, FlowWorkerThreadData *fw, Packe
     int state = SC_ATOMIC_GET(p->flow->flow_state);
     switch (state) {
         case FLOW_STATE_CAPTURE_BYPASSED:
+            StatsAddUI64(tv, fw->both_bypass_pkts, 1);
+            StatsAddUI64(tv, fw->both_bypass_bytes, GET_PKT_LEN(p));
             return TM_ECODE_DONE;
         case FLOW_STATE_LOCAL_BYPASSED:
             StatsAddUI64(tv, fw->local_bypass_pkts, 1);
@@ -100,6 +104,8 @@ static TmEcode FlowWorkerThreadInit(ThreadVars *tv, const void *initdata, void *
 
     fw->local_bypass_pkts = StatsRegisterCounter("flow_bypassed.local_pkts", tv);
     fw->local_bypass_bytes = StatsRegisterCounter("flow_bypassed.local_bytes", tv);
+    fw->both_bypass_pkts = StatsRegisterCounter("flow_bypassed.local_capture_pkts", tv);
+    fw->both_bypass_bytes = StatsRegisterCounter("flow_bypassed.local_capture_bytes", tv);
 
     fw->dtv = DecodeThreadVarsAlloc(tv);
     if (fw->dtv == NULL) {