counters: make tcp stats independent of flow, ssn

Counters depended on availability of flow and tcp session, meaning that 2 memcaps could affect the counters. Bug: #5017. (cherry picked from commit 36f6e05155)
3 years ago · b46d54178a
parent e275a1e28e
commit b46d54178a
5 changed files with 17 additions and 19 deletions
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@ -259,6 +259,15 @@ int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
        return TM_ECODE_FAILED;
    }

+    /* update counters */
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
+        StatsIncr(tv, dtv->counter_tcp_synack);
+    } else if (p->tcph->th_flags & (TH_SYN)) {
+        StatsIncr(tv, dtv->counter_tcp_syn);
+    }
+    if (p->tcph->th_flags & (TH_RST)) {
+        StatsIncr(tv, dtv->counter_tcp_rst);
+    }
 #ifdef DEBUG
    SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s",
        GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_HLEN(p), len,
--- a/src/decode.c
+++ b/src/decode.c
@ -537,6 +537,11 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
    dtv->counter_null = StatsRegisterCounter("decoder.null", tv);
    dtv->counter_sll = StatsRegisterCounter("decoder.sll", tv);
    dtv->counter_tcp = StatsRegisterCounter("decoder.tcp", tv);
+
+    dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
+    dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
+    dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
+
    dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv);
    dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv);
    dtv->counter_icmpv4 = StatsRegisterCounter("decoder.icmpv4", tv);
--- a/src/decode.h
+++ b/src/decode.h
@ -677,6 +677,9 @@ typedef struct DecodeThreadVars_
    uint16_t counter_ipv4;
    uint16_t counter_ipv6;
    uint16_t counter_tcp;
+    uint16_t counter_tcp_syn;
+    uint16_t counter_tcp_synack;
+    uint16_t counter_tcp_rst;
    uint16_t counter_udp;
    uint16_t counter_icmpv4;
    uint16_t counter_icmpv6;
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -5085,16 +5085,6 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
        }
    }

-    /* update counters */
-    if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
-        StatsIncr(tv, stt->counter_tcp_synack);
-    } else if (p->tcph->th_flags & (TH_SYN)) {
-        StatsIncr(tv, stt->counter_tcp_syn);
-    }
-    if (p->tcph->th_flags & (TH_RST)) {
-        StatsIncr(tv, stt->counter_tcp_rst);
-    }
-
    /* broken TCP http://ask.wireshark.org/questions/3183/acknowledgment-number-broken-tcp-the-acknowledge-field-is-nonzero-while-the-ack-flag-is-not-set */
    if (!(p->tcph->th_flags & TH_ACK) && TCP_GET_ACK(p) != 0) {
        StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
@ -5531,9 +5521,6 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
    stt->counter_tcp_pseudo = StatsRegisterCounter("tcp.pseudo", tv);
    stt->counter_tcp_pseudo_failed = StatsRegisterCounter("tcp.pseudo_failed", tv);
    stt->counter_tcp_invalid_checksum = StatsRegisterCounter("tcp.invalid_checksum", tv);
-    stt->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
-    stt->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
-    stt->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
    stt->counter_tcp_midstream_pickups = StatsRegisterCounter("tcp.midstream_pickups", tv);
    stt->counter_tcp_wrong_thread = StatsRegisterCounter("tcp.pkt_on_wrong_thread", tv);

--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@ -93,12 +93,6 @@ typedef struct StreamTcpThread_ {
    uint16_t counter_tcp_invalid_checksum;
    /** sessions reused */
    uint16_t counter_tcp_reused_ssn;
-    /** syn pkts */
-    uint16_t counter_tcp_syn;
-    /** syn/ack pkts */
-    uint16_t counter_tcp_synack;
-    /** rst pkts */
-    uint16_t counter_tcp_rst;
    /** midstream pickups */
    uint16_t counter_tcp_midstream_pickups;
    /** wrong thread */