From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Tue, 22 Aug 2023 14:17:24 +0000 (-0400)
Subject: stats: Track stream reassembly drops
X-Git-Tag: suricata-7.0.2~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=904f0ddeeeb1bdb4a686f991cf090a47dd84249e;p=thirdparty%2Fsuricata.git

stats: Track stream reassembly drops

Issue: 6235
---

diff --git a/etc/schema.json b/etc/schema.json
index efd17092f6..28182cb95d 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -40,7 +40,8 @@
             "type": "integer"
         },
         "host": {
-            "$comment": "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
+            "$comment":
+                    "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
             "description": "the sensor-name, if configured",
             "type": "string"
         },
@@ -4095,6 +4096,9 @@
                                 "stream_midstream": {
                                     "type": "integer"
                                 },
+                                "stream_reassembly": {
+                                    "type": "integer"
+                                },
                                 "nfq_error": {
                                     "type": "integer"
                                 },
diff --git a/src/decode.c b/src/decode.c
index b49b29838c..5cdeeead6b 100644
--- a/src/decode.c
+++ b/src/decode.c
@@ -804,6 +804,8 @@ const char *PacketDropReasonToString(enum PacketDropReason r)
             return "stream memcap";
         case PKT_DROP_REASON_STREAM_MIDSTREAM:
             return "stream midstream";
+        case PKT_DROP_REASON_STREAM_REASSEMBLY:
+            return "stream reassembly";
         case PKT_DROP_REASON_APPLAYER_ERROR:
             return "applayer error";
         case PKT_DROP_REASON_APPLAYER_MEMCAP:
@@ -842,6 +844,8 @@ static const char *PacketDropReasonToJsonString(enum PacketDropReason r)
             return "ips.drop_reason.stream_memcap";
         case PKT_DROP_REASON_STREAM_MIDSTREAM:
             return "ips.drop_reason.stream_midstream";
+        case PKT_DROP_REASON_STREAM_REASSEMBLY:
+            return "ips.drop_reason.stream_reassembly";
         case PKT_DROP_REASON_APPLAYER_ERROR:
             return "ips.drop_reason.applayer_error";
         case PKT_DROP_REASON_APPLAYER_MEMCAP:
diff --git a/src/decode.h b/src/decode.h
index fe42924bb6..dedfbb09ef 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -401,6 +401,7 @@ enum PacketDropReason {
     PKT_DROP_REASON_STREAM_ERROR,
     PKT_DROP_REASON_STREAM_MEMCAP,
     PKT_DROP_REASON_STREAM_MIDSTREAM,
+    PKT_DROP_REASON_STREAM_REASSEMBLY,
     PKT_DROP_REASON_NFQ_ERROR,    /**< no nfq verdict, must be error */
     PKT_DROP_REASON_INNER_PACKET, /**< drop issued by inner (tunnel) packet */
     PKT_DROP_REASON_MAX,
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 135b22485c..737b222d53 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -2017,7 +2017,7 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
             SCLogDebug("StreamTcpReassembleHandleSegmentHandleData error");
             /* failure can only be because of memcap hit, so see if this should lead to a drop */
             ExceptionPolicyApply(
-                    p, stream_config.reassembly_memcap_policy, PKT_DROP_REASON_STREAM_MEMCAP);
+                    p, stream_config.reassembly_memcap_policy, PKT_DROP_REASON_STREAM_REASSEMBLY);
             SCReturnInt(-1);
         }