/** * \brief Log the dropped packets when engine is running in inline mode * * \param tv Pointer the current thread variables * \param p Pointer the packet which is being logged * \param data Pointer to the droplog struct * \param pq Pointer the packet queue * \param postpq Pointer the packet queue where this packet will be sent * * \return return TM_EODE_OK on success */ TmEcode LogDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) { /* Check if we are in inline mode or not, if not then no need to log */ extern uint8_t engine_mode; if (!IS_ENGINE_MODE_IPS(engine_mode)) { SCLogDebug("engine is not running in inline mode, so returning"); return TM_ECODE_OK; } if ((p->flow != NULL) && (p->flow->flags & FLOW_ACTION_DROP)) { if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) { p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED; return LogDropLogNetFilter(tv, p, data, pq, NULL); } else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) { p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED; return LogDropLogNetFilter(tv, p, data, pq, NULL); } } else { return LogDropLogNetFilter(tv, p, data, pq, postpq); } return TM_ECODE_OK; }
/** * \brief Log the dropped packets when engine is running in inline mode * * \param tv Pointer the current thread variables * \param data Pointer to the droplog struct * \param p Pointer the packet which is being logged * * \retval 0 on succes */ static int LogDropLogger(ThreadVars *tv, void *thread_data, const Packet *p) { int r = LogDropLogNetFilter(tv, p, thread_data); if (r < 0) return -1; if (p->flow) { if (p->flow->flags & FLOW_ACTION_DROP) { if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED; else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED; } } return 0; }