void DecodeUpdatePacketCounters(ThreadVars *tv,
const DecodeThreadVars *dtv, const Packet *p)
{
StatsIncr(tv, dtv->counter_pkts);
//StatsIncr(tv, dtv->counter_pkts_per_sec);
StatsAddUI64(tv, dtv->counter_bytes, GET_PKT_LEN(p));
StatsAddUI64(tv, dtv->counter_avg_pkt_size, GET_PKT_LEN(p));
StatsSetUI64(tv, dtv->counter_max_pkt_size, GET_PKT_LEN(p));
}
/**
* \brief Process a chunk of records read from a DAG interface.
*
* This function takes a pointer to buffer read from the DAG interface
* and processes it individual records.
*/
static inline TmEcode
ProcessErfDagRecords(ErfDagThreadVars *ewtn, uint8_t *top, uint32_t *pkts_read)
{
SCEnter();
int err = 0;
dag_record_t *dr = NULL;
char *prec = NULL;
int rlen;
char hdr_type = 0;
int processed = 0;
*pkts_read = 0;
while (((top - ewtn->btm) >= dag_record_size) &&
((processed + dag_record_size) < BYTES_PER_LOOP)) {
/* Make sure we have at least one packet in the packet pool,
* to prevent us from alloc'ing packets at line rate. */
PacketPoolWait();
prec = (char *)ewtn->btm;
dr = (dag_record_t*)prec;
rlen = ntohs(dr->rlen);
hdr_type = dr->type;
/* If we don't have enough data to finish processing this ERF
* record return and maybe next time we will.
*/
if ((top - ewtn->btm) < rlen)
SCReturnInt(TM_ECODE_OK);
ewtn->btm += rlen;
processed += rlen;
/* Only support ethernet at this time. */
switch (hdr_type & 0x7f) {
case TYPE_PAD:
/* Skip. */
continue;
case TYPE_DSM_COLOR_ETH:
case TYPE_COLOR_ETH:
case TYPE_COLOR_HASH_ETH:
/* In these types the color value overwrites the lctr
* (drop count). */
break;
case TYPE_ETH:
if (dr->lctr) {
StatsAddUI64(ewtn->tv, ewtn->drops, ntohs(dr->lctr));
}
break;
default:
SCLogError(SC_ERR_UNIMPLEMENTED,
"Processing of DAG record type: %d not implemented.", dr->type);
SCReturnInt(TM_ECODE_FAILED);
}
err = ProcessErfDagRecord(ewtn, prec);
if (err != TM_ECODE_OK) {
SCReturnInt(TM_ECODE_FAILED);
}
(*pkts_read)++;
}
SCReturnInt(TM_ECODE_OK);
}