]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37e694b)
stream: add counter for acks for unseen data
authorVictor Julien <vjulien@oisf.net>
Thu, 23 Feb 2023 09:29:06 +0000 (10:29 +0100)
committerVictor Julien <vjulien@oisf.net>
Fri, 24 Feb 2023 09:45:38 +0000 (10:45 +0100)
This is another indicator for packet loss or strange captures.

etc/schema.json patch | blob | blame | history
src/stream-tcp.c patch | blob | blame | history
src/stream-tcp.h patch | blob | blame | history

diff --git a/etc/schema.json b/etc/schema.json
index 0a85f60cee3f4463a6dbefdb853761d767ab9d95..6d319c48f6ce301f54bfdbb0fea1df8b833e8f3d 100644 (file)
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -5177,6 +5177,9 @@
                 "tcp": {
                     "type": "object",
                     "properties": {
+                        "ack_unseen_data": {
+                            "type": "integer"
+                        },
                         "active_sessions": {
                             "type": "integer"
                         },
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index c694007000544ca09fa6025f8d90e44740ce6fb2..cb6c815f4a6755e2012173118b2da3ace3df0feb 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -2631,6 +2631,7 @@ static int HandleEstablishedPacketToServer(
             if ((ssn->flags & STREAMTCP_FLAG_ASYNC) == 0 &&
                     SEQ_GT(ssn->server.last_ack, ssn->server.next_seq)) {
                 STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_ACK_UNSEEN_DATA);
+                StatsIncr(tv, stt->counter_tcp_ack_unseen_data);
             }
         }
 
@@ -2767,6 +2768,7 @@ static int HandleEstablishedPacketToClient(
             if ((ssn->flags & STREAMTCP_FLAG_ASYNC) == 0 &&
                     SEQ_GT(ssn->client.last_ack, ssn->client.next_seq)) {
                 STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_ACK_UNSEEN_DATA);
+                StatsIncr(tv, stt->counter_tcp_ack_unseen_data);
             }
         }
 
@@ -5690,6 +5692,7 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
     stt->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
     stt->counter_tcp_midstream_pickups = StatsRegisterCounter("tcp.midstream_pickups", tv);
     stt->counter_tcp_wrong_thread = StatsRegisterCounter("tcp.pkt_on_wrong_thread", tv);
+    stt->counter_tcp_ack_unseen_data = StatsRegisterCounter("tcp.ack_unseen_data", tv);
 
     /* init reassembly ctx */
     stt->ra_ctx = StreamTcpReassembleInitThreadCtx(tv);
diff --git a/src/stream-tcp.h b/src/stream-tcp.h
index 33538bf102c49cf48dc2eb07b0de7bca335c0db8..daee00bcea7ba71d8cd727bf0da55c1fd97c2bf5 100644 (file)
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@@ -105,6 +105,8 @@ typedef struct StreamTcpThread_ {
     uint16_t counter_tcp_midstream_pickups;
     /** wrong thread */
     uint16_t counter_tcp_wrong_thread;
+    /** ack for unseed data */
+    uint16_t counter_tcp_ack_unseen_data;
 
     /** tcp reassembly thread data */
     TcpReassemblyThreadCtx *ra_ctx;
Mirror of https://github.com/OISF/suricata.git