af-packet: fix live device counter usage

Live device counter was in fact the number of packets seen by suricata and not the total number of packet reported by kernel. This patch fixes this by using counter provided by kernel instead. The counter is Clear On Read, so by adding the value fetch at each call and earch sockets we get the number of packets and drops for the interface.
12 years ago · 1869688fb8
parent afbb2eb32b
commit 1869688fb8
1 changed files with 1 additions and 1 deletions
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@ -493,6 +493,7 @@ static inline void AFPDumpCounters(AFPThreadVars *ptv)
        SCPerfCounterAddUI64(ptv->capture_kernel_packets, ptv->tv->sc_perf_pca, kstats.tp_packets);
        SCPerfCounterAddUI64(ptv->capture_kernel_drops, ptv->tv->sc_perf_pca, kstats.tp_drops);
        (void) SC_ATOMIC_ADD(ptv->livedev->drop, kstats.tp_drops);
+        (void) SC_ATOMIC_ADD(ptv->livedev->pkts, kstats.tp_packets);
    }
 #endif
 }
@ -561,7 +562,6 @@ int AFPRead(AFPThreadVars *ptv)

    ptv->pkts++;
    ptv->bytes += caplen + offset;
-    (void) SC_ATOMIC_ADD(ptv->livedev->pkts, 1);
    p->livedev = ptv->livedev;

    /* add forged header */