From: Victor Julien Date: Thu, 13 Oct 2022 17:32:37 +0000 (+0200) Subject: nfq: set drop reason on verdict error X-Git-Tag: suricata-7.0.0-beta1~72 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba3e0b3155e58420e81c8c0edb6205a57b90c0ef;p=thirdparty%2Fsuricata.git nfq: set drop reason on verdict error --- diff --git a/src/decode.c b/src/decode.c index 303349625b..d4424b15bd 100644 --- a/src/decode.c +++ b/src/decode.c @@ -803,6 +803,8 @@ const char *PacketDropReasonToString(enum PacketDropReason r) return "rules"; case PKT_DROP_REASON_RULES_THRESHOLD: return "threshold detection_filter"; + case PKT_DROP_REASON_NFQ_ERROR: + return "nfq error"; case PKT_DROP_REASON_NOT_SET: default: return NULL; diff --git a/src/decode.h b/src/decode.h index f4324717e8..888f634f26 100644 --- a/src/decode.h +++ b/src/decode.h @@ -410,6 +410,7 @@ enum PacketDropReason { PKT_DROP_REASON_STREAM_ERROR, PKT_DROP_REASON_STREAM_MEMCAP, PKT_DROP_REASON_STREAM_MIDSTREAM, + PKT_DROP_REASON_NFQ_ERROR, /**< no nfq verdict, must be error */ }; /* forward declaration since Packet struct definition requires this */ diff --git a/src/source-nfq.c b/src/source-nfq.c index a3d02fa3f3..9172eef150 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -476,7 +476,7 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) static void NFQReleasePacket(Packet *p) { if (unlikely(!p->nfq_v.verdicted)) { - PacketUpdateAction(p, ACTION_DROP); + PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_NFQ_ERROR); NFQSetVerdict(p); } PacketFreeOrRelease(p);