From b46d54178a11ae78c14251670b0d690dd4235345 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Tue, 25 Apr 2023 10:09:27 +0200
Subject: [PATCH] counters: make tcp stats independent of flow, ssn

Counters depended on availability of flow and tcp session, meaning
that 2 memcaps could affect the counters.

Bug: #5017.
(cherry picked from commit 36f6e0515592812259fb327d529740a030dba98e)
---
 src/decode-tcp.c |  9 +++++++++
 src/decode.c     |  5 +++++
 src/decode.h     |  3 +++
 src/stream-tcp.c | 13 -------------
 src/stream-tcp.h |  6 ------
 5 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/src/decode-tcp.c b/src/decode-tcp.c
index 84d7595cff..fee390fbb4 100644
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@@ -259,6 +259,15 @@ int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
         return TM_ECODE_FAILED;
     }
 
+    /* update counters */
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
+        StatsIncr(tv, dtv->counter_tcp_synack);
+    } else if (p->tcph->th_flags & (TH_SYN)) {
+        StatsIncr(tv, dtv->counter_tcp_syn);
+    }
+    if (p->tcph->th_flags & (TH_RST)) {
+        StatsIncr(tv, dtv->counter_tcp_rst);
+    }
 #ifdef DEBUG
     SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s",
         GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_HLEN(p), len,
diff --git a/src/decode.c b/src/decode.c
index 243dce422c..574f91451a 100644
--- a/src/decode.c
+++ b/src/decode.c
@@ -537,6 +537,11 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
     dtv->counter_null = StatsRegisterCounter("decoder.null", tv);
     dtv->counter_sll = StatsRegisterCounter("decoder.sll", tv);
     dtv->counter_tcp = StatsRegisterCounter("decoder.tcp", tv);
+
+    dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
+    dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
+    dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
+
     dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv);
     dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv);
     dtv->counter_icmpv4 = StatsRegisterCounter("decoder.icmpv4", tv);
diff --git a/src/decode.h b/src/decode.h
index ded7248578..3c160c220a 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -677,6 +677,9 @@ typedef struct DecodeThreadVars_
     uint16_t counter_ipv4;
     uint16_t counter_ipv6;
     uint16_t counter_tcp;
+    uint16_t counter_tcp_syn;
+    uint16_t counter_tcp_synack;
+    uint16_t counter_tcp_rst;
     uint16_t counter_udp;
     uint16_t counter_icmpv4;
     uint16_t counter_icmpv6;
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index c17e42a07a..dc6d8f1e20 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5085,16 +5085,6 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
         }
     }
 
-    /* update counters */
-    if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
-        StatsIncr(tv, stt->counter_tcp_synack);
-    } else if (p->tcph->th_flags & (TH_SYN)) {
-        StatsIncr(tv, stt->counter_tcp_syn);
-    }
-    if (p->tcph->th_flags & (TH_RST)) {
-        StatsIncr(tv, stt->counter_tcp_rst);
-    }
-
     /* broken TCP http://ask.wireshark.org/questions/3183/acknowledgment-number-broken-tcp-the-acknowledge-field-is-nonzero-while-the-ack-flag-is-not-set */
     if (!(p->tcph->th_flags & TH_ACK) && TCP_GET_ACK(p) != 0) {
         StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
@@ -5531,9 +5521,6 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
     stt->counter_tcp_pseudo = StatsRegisterCounter("tcp.pseudo", tv);
     stt->counter_tcp_pseudo_failed = StatsRegisterCounter("tcp.pseudo_failed", tv);
     stt->counter_tcp_invalid_checksum = StatsRegisterCounter("tcp.invalid_checksum", tv);
-    stt->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
-    stt->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
-    stt->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
     stt->counter_tcp_midstream_pickups = StatsRegisterCounter("tcp.midstream_pickups", tv);
     stt->counter_tcp_wrong_thread = StatsRegisterCounter("tcp.pkt_on_wrong_thread", tv);
 
diff --git a/src/stream-tcp.h b/src/stream-tcp.h
index 6bea83bb06..d071d95ec3 100644
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@@ -93,12 +93,6 @@ typedef struct StreamTcpThread_ {
     uint16_t counter_tcp_invalid_checksum;
     /** sessions reused */
     uint16_t counter_tcp_reused_ssn;
-    /** syn pkts */
-    uint16_t counter_tcp_syn;
-    /** syn/ack pkts */
-    uint16_t counter_tcp_synack;
-    /** rst pkts */
-    uint16_t counter_tcp_rst;
     /** midstream pickups */
     uint16_t counter_tcp_midstream_pickups;
     /** wrong thread */