/**
* \brief Log the dropped packets when engine is running in inline mode
*
* \param tv Pointer the current thread variables
* \param p Pointer the packet which is being logged
* \param data Pointer to the droplog struct
* \param pq Pointer the packet queue
* \param postpq Pointer the packet queue where this packet will be sent
*
* \return return TM_EODE_OK on success
*/
TmEcode LogDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
PacketQueue *postpq)
{
/* Check if we are in inline mode or not, if not then no need to log */
extern uint8_t engine_mode;
if (!IS_ENGINE_MODE_IPS(engine_mode)) {
SCLogDebug("engine is not running in inline mode, so returning");
return TM_ECODE_OK;
}
if ((p->flow != NULL) && (p->flow->flags & FLOW_ACTION_DROP)) {
if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) {
p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED;
return LogDropLogNetFilter(tv, p, data, pq, NULL);
} else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) {
p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED;
return LogDropLogNetFilter(tv, p, data, pq, NULL);
}
} else {
return LogDropLogNetFilter(tv, p, data, pq, postpq);
}
return TM_ECODE_OK;
}
/**
* \brief Log the dropped packets when engine is running in inline mode
*
* \param tv Pointer the current thread variables
* \param data Pointer to the droplog struct
* \param p Pointer the packet which is being logged
*
* \retval 0 on succes
*/
static int LogDropLogger(ThreadVars *tv, void *thread_data, const Packet *p)
{
int r = LogDropLogNetFilter(tv, p, thread_data);
if (r < 0)
return -1;
if (p->flow) {
if (p->flow->flags & FLOW_ACTION_DROP) {
if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED))
p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED;
else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED))
p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED;
}
}
return 0;
}
