From: Victor Julien <victor@inliniac.net>
Date: Wed, 27 May 2015 15:53:23 +0000 (+0200)
Subject: nfq: add ips stats
X-Git-Tag: suricata-3.0RC1~315
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=813930f0271ef2e8716fef9eab01dd616301bc8a;p=thirdparty%2Fsuricata.git

nfq: add ips stats
---

diff --git a/src/source-nfq.c b/src/source-nfq.c
index b8b38bc3e6..f2bfd7f0cb 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -131,6 +131,10 @@ typedef struct NFQThreadVars_
     char *data; /** Per function and thread data */
     int datalen; /** Length of per function and thread data */
 
+    uint16_t counter_ips_accepted;
+    uint16_t counter_ips_blocked;
+    uint16_t counter_ips_rejected;
+
 } NFQThreadVars;
 /* shared vars for all for nfq queues and threads */
 static NFQGlobalVars nfq_g;
@@ -755,9 +759,13 @@ TmEcode ReceiveNFQThreadDeinit(ThreadVars *t, void *data)
 
 TmEcode VerdictNFQThreadInit(ThreadVars *tv, void *initdata, void **data)
 {
+    NFQThreadVars *ntv = (NFQThreadVars *) initdata;
 
-    *data = (void *)initdata;
+    ntv->counter_ips_accepted = StatsRegisterCounter("ips.accepted", tv);
+    ntv->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv);
+    ntv->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv);
 
+    *data = (void *)ntv;
     return TM_ECODE_OK;
 }
 
@@ -1169,6 +1177,16 @@ TmEcode NFQSetVerdict(Packet *p)
  */
 TmEcode VerdictNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
 {
+    NFQThreadVars *ntv = (NFQThreadVars *)data;
+    /* update counters */
+    if (unlikely(PACKET_TEST_ACTION(p, (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)))) {
+        StatsIncr(tv, ntv->counter_ips_rejected);
+    } else if (unlikely(PACKET_TEST_ACTION(p, ACTION_DROP))) {
+        StatsIncr(tv, ntv->counter_ips_blocked);
+    } else {
+        StatsIncr(tv, ntv->counter_ips_accepted);
+    }
+
     int ret;
     /* if this is a tunnel packet we check if we are ready to verdict
      * already. */