nfq: set drop reason on verdict error

3 years ago · ba3e0b3155
parent a7333a3ea5
commit ba3e0b3155
3 changed files with 4 additions and 1 deletions
--- a/src/decode.c
+++ b/src/decode.c
@ -803,6 +803,8 @@ const char *PacketDropReasonToString(enum PacketDropReason r)
            return "rules";
        case PKT_DROP_REASON_RULES_THRESHOLD:
            return "threshold detection_filter";
+        case PKT_DROP_REASON_NFQ_ERROR:
+            return "nfq error";
        case PKT_DROP_REASON_NOT_SET:
        default:
            return NULL;
--- a/src/decode.h
+++ b/src/decode.h
@ -410,6 +410,7 @@ enum PacketDropReason {
    PKT_DROP_REASON_STREAM_ERROR,
    PKT_DROP_REASON_STREAM_MEMCAP,
    PKT_DROP_REASON_STREAM_MIDSTREAM,
+    PKT_DROP_REASON_NFQ_ERROR, /**< no nfq verdict, must be error */
 };

 /* forward declaration since Packet struct definition requires this */
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@ -476,7 +476,7 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data)
 static void NFQReleasePacket(Packet *p)
 {
    if (unlikely(!p->nfq_v.verdicted)) {
-        PacketUpdateAction(p, ACTION_DROP);
+        PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_NFQ_ERROR);
        NFQSetVerdict(p);
    }
    PacketFreeOrRelease(p);