decode/tcp: count urg flag

(cherry picked from commit ac02a71479c06d06a92683274987f7f898fb2c1c)

diff --git a/etc/schema.json b/etc/schema.json
index ae529a649e821ee651bc051dd2dc9d52aa677740..ede9f6653fb4ff6497a32ff1d0d1fa0645158d49 100644 (file)
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -5312,6 +5312,10 @@
                         },
                         "synack": {
                             "type": "integer"
+                        },
+                        "urg": {
+                            "description": "Number of TCP packets with the urgent flag set",
+                            "type": "integer"
                         }
                     },
                     "additionalProperties": false

diff --git a/src/decode-tcp.c b/src/decode-tcp.c
index 49bb882d58fc0650008df0ec37a9d748539a73f5..69aa7fb1a52e004551d5e1f0e1afc06a7b1616f2 100644 (file)
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@@ -265,6 +265,9 @@ int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
     if (p->tcph->th_flags & (TH_RST)) {
         StatsIncr(tv, dtv->counter_tcp_rst);
     }
+    if (p->tcph->th_flags & (TH_URG)) {
+        StatsIncr(tv, dtv->counter_tcp_urg);
+    }
 #ifdef DEBUG
     SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s",
         GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_HLEN(p), len,

diff --git a/src/decode.c b/src/decode.c
index 13c65413502d0754bfe3ce7f5493e4845da1d92b..9de0ee7d2aaeb5caff71b8a84b9d7d4a757c0cef 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -541,6 +541,7 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
     dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
     dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
     dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
+    dtv->counter_tcp_urg = StatsRegisterCounter("tcp.urg", tv);
 
     dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv);
     dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv);

diff --git a/src/decode.h b/src/decode.h
index 103e42c6fc1d129bd849f07dc513f6854f007346..d604d7f69b46f3d1d33b6128d93b0b11bf4b0630 100644 (file)
--- a/src/decode.h
+++ b/src/decode.h
@@ -688,6 +688,7 @@ typedef struct DecodeThreadVars_
     uint16_t counter_tcp_syn;
     uint16_t counter_tcp_synack;
     uint16_t counter_tcp_rst;
+    uint16_t counter_tcp_urg;
     uint16_t counter_udp;
     uint16_t counter_icmpv4;
     uint16_t counter_icmpv6;