stats: add drop reason counters

{
  "accepted": 296185,
  "blocked": 162,
  "rejected": 0,
  "replaced": 0,
  "drop_reason": {
    "decode_error": 0,
    "defrag_error": 0,
    "defrag_memcap": 0,
    "flow_memcap": 0,
    "flow_drop": 94,
    "applayer_error": 0,
    "applayer_memcap": 0,
    "rules": 3,
    "threshold_detection_filter": 0,
    "stream_error": 63,
    "stream_memcap": 0,
    "stream_midstream": 2,
    "nfq_error": 0,
    "tunnel_packet_drop": 0
  }
}

Ticket: #6230.

etc/schema.json

@@ -4027,6 +4027,54 @@
                         },
                         "replaced": {
                             "type": "integer"
+                        },
+                        "drop_reason": {
+                            "type": "object",
+                            "properties": {
+                                "decode_error": {
+                                    "type": "integer"
+                                },
+                                "defrag_error": {
+                                    "type": "integer"
+                                },
+                                "defrag_memcap": {
+                                    "type": "integer"
+                                },
+                                "flow_memcap": {
+                                    "type": "integer"
+                                },
+                                "flow_drop": {
+                                    "type": "integer"
+                                },
+                                "applayer_error": {
+                                    "type": "integer"
+                                },
+                                "applayer_memcap": {
+                                    "type": "integer"
+                                },
+                                "rules": {
+                                    "type": "integer"
+                                },
+                                "threshold_detection_filter": {
+                                    "type": "integer"
+                                },
+                                "stream_error": {
+                                    "type": "integer"
+                                },
+                                "stream_memcap": {
+                                    "type": "integer"
+                                },
+                                "stream_midstream": {
+                                    "type": "integer"
+                                },
+                                "nfq_error": {
+                                    "type": "integer"
+                                },
+                                "tunnel_packet_drop": {
+                                    "type": "integer"
+                                }
+                            },
+                            "additionalProperties": false
                         }
                     },
                     "additionalProperties": false

src/decode.c

@@ -817,6 +817,45 @@ const char *PacketDropReasonToString(enum PacketDropReason r)
         case PKT_DROP_REASON_INNER_PACKET:
             return "tunnel packet drop";
         case PKT_DROP_REASON_NOT_SET:
+        case PKT_DROP_REASON_MAX:
+            return NULL;
+    }
+    return NULL;
+}
+
+static const char *PacketDropReasonToJsonString(enum PacketDropReason r)
+{
+    switch (r) {
+        case PKT_DROP_REASON_DECODE_ERROR:
+            return "ips.drop_reason.decode_error";
+        case PKT_DROP_REASON_DEFRAG_ERROR:
+            return "ips.drop_reason.defrag_error";
+        case PKT_DROP_REASON_DEFRAG_MEMCAP:
+            return "ips.drop_reason.defrag_memcap";
+        case PKT_DROP_REASON_FLOW_MEMCAP:
+            return "ips.drop_reason.flow_memcap";
+        case PKT_DROP_REASON_FLOW_DROP:
+            return "ips.drop_reason.flow_drop";
+        case PKT_DROP_REASON_STREAM_ERROR:
+            return "ips.drop_reason.stream_error";
+        case PKT_DROP_REASON_STREAM_MEMCAP:
+            return "ips.drop_reason.stream_memcap";
+        case PKT_DROP_REASON_STREAM_MIDSTREAM:
+            return "ips.drop_reason.stream_midstream";
+        case PKT_DROP_REASON_APPLAYER_ERROR:
+            return "ips.drop_reason.applayer_error";
+        case PKT_DROP_REASON_APPLAYER_MEMCAP:
+            return "ips.drop_reason.applayer_memcap";
+        case PKT_DROP_REASON_RULES:
+            return "ips.drop_reason.rules";
+        case PKT_DROP_REASON_RULES_THRESHOLD:
+            return "ips.drop_reason.threshold_detection_filter";
+        case PKT_DROP_REASON_NFQ_ERROR:
+            return "ips.drop_reason.nfq_error";
+        case PKT_DROP_REASON_INNER_PACKET:
+            return "ips.drop_reason.tunnel_packet_drop";
+        case PKT_DROP_REASON_NOT_SET:
+        case PKT_DROP_REASON_MAX:
             return NULL;
     }
     return NULL;
@@ -827,11 +866,12 @@ typedef struct CaptureStats_ {
     uint16_t counter_ips_blocked;
     uint16_t counter_ips_rejected;
     uint16_t counter_ips_replaced;
+
+    uint16_t counter_drop_reason[PKT_DROP_REASON_MAX];
 } CaptureStats;
 
 thread_local CaptureStats t_capture_stats;
 
-/* TODO drop reason stats! */
 void CaptureStatsUpdate(ThreadVars *tv, const Packet *p)
 {
     if (!EngineModeIsIPS() || PKT_IS_PSEUDOPKT(p))
@@ -847,6 +887,9 @@ void CaptureStatsUpdate(ThreadVars *tv, const Packet *p)
     } else {
         StatsIncr(tv, s->counter_ips_accepted);
     }
+    if (p->drop_reason != PKT_DROP_REASON_NOT_SET) {
+        StatsIncr(tv, s->counter_drop_reason[p->drop_reason]);
+    }
 }
 
 void CaptureStatsSetup(ThreadVars *tv)
@@ -857,6 +900,11 @@ void CaptureStatsSetup(ThreadVars *tv)
         s->counter_ips_blocked = StatsRegisterCounter("ips.blocked", tv);
         s->counter_ips_rejected = StatsRegisterCounter("ips.rejected", tv);
         s->counter_ips_replaced = StatsRegisterCounter("ips.replaced", tv);
+        for (int i = PKT_DROP_REASON_NOT_SET; i < PKT_DROP_REASON_MAX; i++) {
+            const char *name = PacketDropReasonToJsonString(i);
+            if (name != NULL)
+                s->counter_drop_reason[i] = StatsRegisterCounter(name, tv);
+        }
     }
 }
 

src/decode.h

@@ -403,6 +403,7 @@ enum PacketDropReason {
     PKT_DROP_REASON_STREAM_MIDSTREAM,
     PKT_DROP_REASON_NFQ_ERROR,    /**< no nfq verdict, must be error */
     PKT_DROP_REASON_INNER_PACKET, /**< drop issued by inner (tunnel) packet */
+    PKT_DROP_REASON_MAX,
 };
 
 /* forward declaration since Packet struct definition requires this */