Suricata

There is no inheritance of failure between Decode functions and these functions are chained: DecodePcap->DecodeEthernet->DecodeVlan->DecodeIpv4 to mention a simple example chain.
So, to detect a decoding failure, it seems we need to update all the functions. An alternative could be to check the value of header pointers (like ip4h or tcph). If they are null there is an issue with the packet. But this suppose we are able to easily get a picture of what should be non-NULL...

A last alternative I see would be to only update the higher protocol level (TCP, UDP, SCTP) so the impact of the patch is minimal.

I think we should just add the increment of this counter to each decoder (maybe we can macro it?). Higher level only won't help as the higher level won't be invoked if ipv4 iplen > caplen.

The following branch contains a series proposal for this bug and #752: https://github.com/regit/suricata/commits/bug751

I'm not really happy with it so any idea welcome.

After reading this "Update auto checksum API" patch again, I'm not happy with it. If having a counter for invalid_pkts is a good idea, it is not interesting for to use it for packet checksum. So I think we need an other approach. Here's the PR with rebased patches: https://github.com/inliniac/suricata/pull/393