|
|
|
|
@ -131,6 +131,10 @@ typedef struct NFQThreadVars_
|
|
|
|
|
char *data; /** Per function and thread data */
|
|
|
|
|
int datalen; /** Length of per function and thread data */
|
|
|
|
|
|
|
|
|
|
uint16_t counter_ips_accepted;
|
|
|
|
|
uint16_t counter_ips_blocked;
|
|
|
|
|
uint16_t counter_ips_rejected;
|
|
|
|
|
|
|
|
|
|
} NFQThreadVars;
|
|
|
|
|
/* shared vars for all for nfq queues and threads */
|
|
|
|
|
static NFQGlobalVars nfq_g;
|
|
|
|
|
@ -755,9 +759,13 @@ TmEcode ReceiveNFQThreadDeinit(ThreadVars *t, void *data)
|
|
|
|
|
|
|
|
|
|
TmEcode VerdictNFQThreadInit(ThreadVars *tv, void *initdata, void **data)
|
|
|
|
|
{
|
|
|
|
|
NFQThreadVars *ntv = (NFQThreadVars *) initdata;
|
|
|
|
|
|
|
|
|
|
*data = (void *)initdata;
|
|
|
|
|
ntv->counter_ips_accepted = StatsRegisterCounter("ips.accepted", tv);
|
|
|
|
|
ntv->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv);
|
|
|
|
|
ntv->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv);
|
|
|
|
|
|
|
|
|
|
*data = (void *)ntv;
|
|
|
|
|
return TM_ECODE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -1169,6 +1177,16 @@ TmEcode NFQSetVerdict(Packet *p)
|
|
|
|
|
*/
|
|
|
|
|
TmEcode VerdictNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
|
|
|
|
|
{
|
|
|
|
|
NFQThreadVars *ntv = (NFQThreadVars *)data;
|
|
|
|
|
/* update counters */
|
|
|
|
|
if (unlikely(PACKET_TEST_ACTION(p, (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)))) {
|
|
|
|
|
StatsIncr(tv, ntv->counter_ips_rejected);
|
|
|
|
|
} else if (unlikely(PACKET_TEST_ACTION(p, ACTION_DROP))) {
|
|
|
|
|
StatsIncr(tv, ntv->counter_ips_blocked);
|
|
|
|
|
} else {
|
|
|
|
|
StatsIncr(tv, ntv->counter_ips_accepted);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int ret;
|
|
|
|
|
/* if this is a tunnel packet we check if we are ready to verdict
|
|
|
|
|
* already. */
|
|
|
|
|
|
Victor Julien
11 years ago