From: Eric Leblond Date: Thu, 26 Jul 2012 19:27:29 +0000 (+0200) Subject: defrag: add some events relative to defragmentation X-Git-Tag: suricata-1.4beta1~86 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fd32159464164499a034a88a401198a87f68aaee;p=thirdparty%2Fsuricata.git defrag: add some events relative to defragmentation --- diff --git a/src/decode-events.h b/src/decode-events.h index 32aeee95ce..0c7983d501 100644 --- a/src/decode-events.h +++ b/src/decode-events.h @@ -191,6 +191,11 @@ enum { IPV4_FRAG_OVERLAP, IPV6_FRAG_PKT_TOO_LARGE, IPV6_FRAG_OVERLAP, + IPV4_FRAG_TOO_LARGE, + IPV6_FRAG_TOO_LARGE, + /* Fragment ignored due to internal error */ + IPV4_FRAG_IGNORED, + IPV6_FRAG_IGNORED, /* IPv4 in IPv6 events */ IPV4_IN_IPV6_PKT_TOO_SMALL, diff --git a/src/defrag.c b/src/defrag.c index f619638fa2..24952596d7 100644 --- a/src/defrag.c +++ b/src/defrag.c @@ -932,6 +932,11 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc, insert: if (data_len - ltrim <= 0) { + if (af == AF_INET) { + ENGINE_SET_EVENT(p, IPV4_FRAG_TOO_LARGE); + } else { + ENGINE_SET_EVENT(p, IPV6_FRAG_TOO_LARGE); + } goto done; } @@ -940,6 +945,11 @@ insert: Frag *new = PoolGet(dc->frag_pool); SCMutexUnlock(&dc->frag_pool_lock); if (new == NULL) { + if (af == AF_INET) { + ENGINE_SET_EVENT(p, IPV4_FRAG_IGNORED); + } else { + ENGINE_SET_EVENT(p, IPV6_FRAG_IGNORED); + } goto done; } new->pkt = SCMalloc(GET_PKT_LEN(p)); @@ -947,6 +957,11 @@ insert: SCMutexLock(&dc->frag_pool_lock); PoolReturn(dc->frag_pool, new); SCMutexUnlock(&dc->frag_pool_lock); + if (af == AF_INET) { + ENGINE_SET_EVENT(p, IPV4_FRAG_IGNORED); + } else { + ENGINE_SET_EVENT(p, IPV6_FRAG_IGNORED); + } goto done; } memcpy(new->pkt, GET_PKT_DATA(p) + ltrim, GET_PKT_LEN(p) - ltrim);