If TCP urgent handling is set to the OOB processing, the number of OOB
bytes is tracked for SEQ offset calculations. If this offset is
non-zero, add the field to the flow record.
Ticket: #7411.
(cherry picked from commit
779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8)
"tc_max_regions": {
"type": "integer"
},
+ "tc_urgent_oob_data": {
+ "description": "Number of Out-of-Band bytes sent by server using TCP urgent packets",
+ "type": "integer"
+ },
"tcp_flags": {
"type": "string"
},
"ts_max_regions": {
"type": "integer"
},
+ "ts_urgent_oob_data": {
+ "description": "Number of Out-of-Band bytes sent by client using TCP urgent packets",
+ "type": "integer"
+ },
"urg": {
"type": "boolean"
}
jb_set_uint(jb, "ts_max_regions", ssn->client.sb.max_regions);
jb_set_uint(jb, "tc_max_regions", ssn->server.sb.max_regions);
+
+ if (ssn->urg_offset_ts)
+ jb_set_uint(jb, "ts_urgent_oob_data", ssn->urg_offset_ts);
+ if (ssn->urg_offset_tc)
+ jb_set_uint(jb, "tc_urgent_oob_data", ssn->urg_offset_tc);
}
/* Close tcp. */
projects / thirdparty / suricata.git / commitdiff
