Add counters for SYN, SYN/ACK and RST TCP packets. Issue #251.

14 years ago · ada4066238
parent 298289f43f
commit ada4066238
2 changed files with 25 additions and 0 deletions
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -3597,6 +3597,16 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
    TcpSession *ssn = (TcpSession *)p->flow->protoctx;
    /* update counters */
    if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
        SCPerfCounterIncr(stt->counter_tcp_synack, tv->sc_perf_pca);
    } else if (p->tcph->th_flags & (TH_SYN)) {
        SCPerfCounterIncr(stt->counter_tcp_syn, tv->sc_perf_pca);
    }
    if (p->tcph->th_flags & (TH_RST)) {
        SCPerfCounterIncr(stt->counter_tcp_rst, tv->sc_perf_pca);
    }
    /* If we are on IPS mode, and got a drop action triggered from
     * the IP only module, or from a reassembled msg and/or from an
     * applayer detection, then drop the rest of the packets of the
@ -3904,6 +3914,15 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
    stt->counter_tcp_memuse = SCPerfTVRegisterCounter("tcp.memuse", tv,
                                                        SC_PERF_TYPE_Q_NORMAL,
                                                        "NULL");
    stt->counter_tcp_syn = SCPerfTVRegisterCounter("tcp.syn", tv,
                                                        SC_PERF_TYPE_UINT64,
                                                        "NULL");
    stt->counter_tcp_synack = SCPerfTVRegisterCounter("tcp.synack", tv,
                                                        SC_PERF_TYPE_UINT64,
                                                        "NULL");
    stt->counter_tcp_rst = SCPerfTVRegisterCounter("tcp.rst", tv,
                                                        SC_PERF_TYPE_UINT64,
                                                        "NULL");
    /* init reassembly ctx */
    stt->ra_ctx = StreamTcpReassembleInitThreadCtx();
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@ -86,6 +86,12 @@ typedef struct StreamTcpThread_ {
    uint16_t counter_tcp_reused_ssn;
    /** sessions reused */
    uint16_t counter_tcp_memuse;
    /** syn pkts */
    uint16_t counter_tcp_syn;
    /** syn/ack pkts */
    uint16_t counter_tcp_synack;
    /** rst pkts */
    uint16_t counter_tcp_rst;
    /** tcp reassembly thread data */
    TcpReassemblyThreadCtx *ra_ctx;