From f9cf87a003d273ec175590e2ffec053d2672af95 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Tue, 20 Feb 2024 12:50:40 +0100
Subject: [PATCH] schema: Add stats.capture and in_iface properties

New suricata-verify test listens on loopback interface, resulting
in the capture and in_iface fields in the stats and event objects.
---
 etc/schema.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/etc/schema.json b/etc/schema.json
index 981610b250..4924f5982b 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -51,6 +51,9 @@
         "icmp_type": {
             "type": "integer"
         },
+        "in_iface": {
+            "type": "string"
+        },
         "log_level": {
             "type": "string"
         },
@@ -3715,6 +3718,20 @@
                     "description": "Suricata engine's uptime",
                     "type": "integer"
                 },
+                "capture": {
+                    "type": "object",
+                    "properties": {
+                        "kernel_packets": {
+                            "type": "integer"
+                        },
+                        "kernel_drops": {
+                            "type": "integer"
+                        },
+                        "kernel_ifdrops": {
+                            "type": "integer"
+                        }
+                    }
+                },
                 "memcap_pressure": {
                     "description": "Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http",
                     "type": "integer"
-- 
2.47.2