From: Victor Julien <vjulien@oisf.net>
Date: Tue, 25 Apr 2023 08:09:27 +0000 (+0200)
Subject: counters: make tcp stats independent of flow, ssn
X-Git-Tag: suricata-7.0.0-rc2~160
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36f6e0515592812259fb327d529740a030dba98e;p=thirdparty%2Fsuricata.git

counters: make tcp stats independent of flow, ssn

Counters depended on availability of flow and tcp session, meaning
that 2 memcaps could affect the counters.

Bug: #5017.
---

diff --git a/src/decode-tcp.c b/src/decode-tcp.c
index a94c93d3c2..49bb882d58 100644
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@@ -256,6 +256,15 @@ int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
         return TM_ECODE_FAILED;
     }
 
+    /* update counters */
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
+        StatsIncr(tv, dtv->counter_tcp_synack);
+    } else if (p->tcph->th_flags & (TH_SYN)) {
+        StatsIncr(tv, dtv->counter_tcp_syn);
+    }
+    if (p->tcph->th_flags & (TH_RST)) {
+        StatsIncr(tv, dtv->counter_tcp_rst);
+    }
 #ifdef DEBUG
     SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s",
         GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_HLEN(p), len,
diff --git a/src/decode.c b/src/decode.c
index f524cad478..6a064cfd41 100644
--- a/src/decode.c
+++ b/src/decode.c
@@ -539,6 +539,11 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
     dtv->counter_null = StatsRegisterCounter("decoder.null", tv);
     dtv->counter_sll = StatsRegisterCounter("decoder.sll", tv);
     dtv->counter_tcp = StatsRegisterCounter("decoder.tcp", tv);
+
+    dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
+    dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
+    dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
+
     dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv);
     dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv);
     dtv->counter_esp = StatsRegisterCounter("decoder.esp", tv);
diff --git a/src/decode.h b/src/decode.h
index ca7e85f81c..2646e08241 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -681,6 +681,9 @@ typedef struct DecodeThreadVars_
     uint16_t counter_ipv4;
     uint16_t counter_ipv6;
     uint16_t counter_tcp;
+    uint16_t counter_tcp_syn;
+    uint16_t counter_tcp_synack;
+    uint16_t counter_tcp_rst;
     uint16_t counter_udp;
     uint16_t counter_icmpv4;
     uint16_t counter_icmpv6;
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 3092324423..5c355ee723 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5346,16 +5346,6 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
         }
     }
 
-    /* update counters */
-    if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
-        StatsIncr(tv, stt->counter_tcp_synack);
-    } else if (p->tcph->th_flags & (TH_SYN)) {
-        StatsIncr(tv, stt->counter_tcp_syn);
-    }
-    if (p->tcph->th_flags & (TH_RST)) {
-        StatsIncr(tv, stt->counter_tcp_rst);
-    }
-
     /* broken TCP http://ask.wireshark.org/questions/3183/acknowledgment-number-broken-tcp-the-acknowledge-field-is-nonzero-while-the-ack-flag-is-not-set */
     if (!(p->tcph->th_flags & TH_ACK) && TCP_GET_ACK(p) != 0) {
         StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
@@ -5787,9 +5777,6 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
     stt->counter_tcp_pseudo = StatsRegisterCounter("tcp.pseudo", tv);
     stt->counter_tcp_pseudo_failed = StatsRegisterCounter("tcp.pseudo_failed", tv);
     stt->counter_tcp_invalid_checksum = StatsRegisterCounter("tcp.invalid_checksum", tv);
-    stt->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
-    stt->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
-    stt->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
     stt->counter_tcp_midstream_pickups = StatsRegisterCounter("tcp.midstream_pickups", tv);
     stt->counter_tcp_wrong_thread = StatsRegisterCounter("tcp.pkt_on_wrong_thread", tv);
     stt->counter_tcp_ack_unseen_data = StatsRegisterCounter("tcp.ack_unseen_data", tv);
diff --git a/src/stream-tcp.h b/src/stream-tcp.h
index 6cea41dabd..6082ffa75a 100644
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@@ -93,12 +93,6 @@ typedef struct StreamTcpThread_ {
     uint16_t counter_tcp_invalid_checksum;
     /** sessions reused */
     uint16_t counter_tcp_reused_ssn;
-    /** syn pkts */
-    uint16_t counter_tcp_syn;
-    /** syn/ack pkts */
-    uint16_t counter_tcp_synack;
-    /** rst pkts */
-    uint16_t counter_tcp_rst;
     /** midstream pickups */
     uint16_t counter_tcp_midstream_pickups;
     /** wrong thread */