stats: add drop reason counters

{ "accepted": 296185, "blocked": 162, "rejected": 0, "replaced": 0, "drop_reason": { "decode_error": 0, "defrag_error": 0, "defrag_memcap": 0, "flow_memcap": 0, "flow_drop": 94, "applayer_error": 0, "applayer_memcap": 0, "rules": 3, "threshold_detection_filter": 0, "stream_error": 63, "stream_memcap": 0, "stream_midstream": 2, "nfq_error": 0, "tunnel_packet_drop": 0 } } Ticket: #6230.
OISF · Jul 25, 2023 · 7e580ed · 7e580ed
1 parent ad0bdb8
commit 7e580ed
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 1 deletion.
diff --git a/etc/schema.json b/etc/schema.json
@@ -4027,6 +4027,54 @@
                         },
                         "replaced": {
                             "type": "integer"
+                        },
+                        "drop_reason": {
+                            "type": "object",
+                            "properties": {
+                                "decode_error": {
+                                    "type": "integer"
+                                },
+                                "defrag_error": {
+                                    "type": "integer"
+                                },
+                                "defrag_memcap": {
+                                    "type": "integer"
+                                },
+                                "flow_memcap": {
+                                    "type": "integer"
+                                },
+                                "flow_drop": {
+                                    "type": "integer"
+                                },
+                                "applayer_error": {
+                                    "type": "integer"
+                                },
+                                "applayer_memcap": {
+                                    "type": "integer"
+                                },
+                                "rules": {
+                                    "type": "integer"
+                                },
+                                "threshold_detection_filter": {
+                                    "type": "integer"
+                                },
+                                "stream_error": {
+                                    "type": "integer"
+                                },
+                                "stream_memcap": {
+                                    "type": "integer"
+                                },
+                                "stream_midstream": {
+                                    "type": "integer"
+                                },
+                                "nfq_error": {
+                                    "type": "integer"
+                                },
+                                "tunnel_packet_drop": {
+                                    "type": "integer"
+                                }
+                            },
+                            "additionalProperties": false
                         }
                     },
                     "additionalProperties": false

diff --git a/src/decode.c b/src/decode.c
@@ -817,6 +817,45 @@ const char *PacketDropReasonToString(enum PacketDropReason r)
         case PKT_DROP_REASON_INNER_PACKET:
             return "tunnel packet drop";
         case PKT_DROP_REASON_NOT_SET:
+        case PKT_DROP_REASON_MAX:
+            return NULL;
+    }
+    return NULL;
+}
+
+static const char *PacketDropReasonToJsonString(enum PacketDropReason r)
+{
+    switch (r) {
+        case PKT_DROP_REASON_DECODE_ERROR:
+            return "ips.drop_reason.decode_error";
+        case PKT_DROP_REASON_DEFRAG_ERROR:
+            return "ips.drop_reason.defrag_error";
+        case PKT_DROP_REASON_DEFRAG_MEMCAP:
+            return "ips.drop_reason.defrag_memcap";
+        case PKT_DROP_REASON_FLOW_MEMCAP:
+            return "ips.drop_reason.flow_memcap";
+        case PKT_DROP_REASON_FLOW_DROP:
+            return "ips.drop_reason.flow_drop";
+        case PKT_DROP_REASON_STREAM_ERROR:
+            return "ips.drop_reason.stream_error";
+        case PKT_DROP_REASON_STREAM_MEMCAP:
+            return "ips.drop_reason.stream_memcap";
+        case PKT_DROP_REASON_STREAM_MIDSTREAM:
+            return "ips.drop_reason.stream_midstream";
+        case PKT_DROP_REASON_APPLAYER_ERROR:
+            return "ips.drop_reason.applayer_error";
+        case PKT_DROP_REASON_APPLAYER_MEMCAP:
+            return "ips.drop_reason.applayer_memcap";
+        case PKT_DROP_REASON_RULES:
+            return "ips.drop_reason.rules";
+        case PKT_DROP_REASON_RULES_THRESHOLD:
+            return "ips.drop_reason.threshold_detection_filter";
+        case PKT_DROP_REASON_NFQ_ERROR:
+            return "ips.drop_reason.nfq_error";
+        case PKT_DROP_REASON_INNER_PACKET:
+            return "ips.drop_reason.tunnel_packet_drop";
+        case PKT_DROP_REASON_NOT_SET:
+        case PKT_DROP_REASON_MAX:
             return NULL;
     }
     return NULL;
@@ -827,11 +866,12 @@ typedef struct CaptureStats_ {
     uint16_t counter_ips_blocked;
     uint16_t counter_ips_rejected;
     uint16_t counter_ips_replaced;
+
+    uint16_t counter_drop_reason[PKT_DROP_REASON_MAX];
 } CaptureStats;
 
 thread_local CaptureStats t_capture_stats;
 
-/* TODO drop reason stats! */
 void CaptureStatsUpdate(ThreadVars *tv, const Packet *p)
 {
     if (!EngineModeIsIPS() || PKT_IS_PSEUDOPKT(p))
@@ -847,6 +887,9 @@ void CaptureStatsUpdate(ThreadVars *tv, const Packet *p)
     } else {
         StatsIncr(tv, s->counter_ips_accepted);
     }
+    if (p->drop_reason != PKT_DROP_REASON_NOT_SET) {
+        StatsIncr(tv, s->counter_drop_reason[p->drop_reason]);
+    }
 }
 
 void CaptureStatsSetup(ThreadVars *tv)
@@ -857,6 +900,11 @@ void CaptureStatsSetup(ThreadVars *tv)
         s->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv);
         s->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv);
         s->counter_ips_replaced = StatsRegisterCounter("ips.replaced", tv);
+        for (int i = PKT_DROP_REASON_NOT_SET; i < PKT_DROP_REASON_MAX; i++) {
+            const char *name = PacketDropReasonToJsonString(i);
+            if (name != NULL)
+                s->counter_drop_reason[i] = StatsRegisterCounter(name, tv);
+        }
     }
 }
 

diff --git a/src/decode.h b/src/decode.h
@@ -403,6 +403,7 @@ enum PacketDropReason {
     PKT_DROP_REASON_STREAM_MIDSTREAM,
     PKT_DROP_REASON_NFQ_ERROR,    /**< no nfq verdict, must be error */
     PKT_DROP_REASON_INNER_PACKET, /**< drop issued by inner (tunnel) packet */
+    PKT_DROP_REASON_MAX,
 };
 
 /* forward declaration since Packet struct definition requires this */