From: Victor Julien <vjulien@oisf.net>
Date: Thu, 23 Feb 2023 09:29:06 +0000 (+0100)
Subject: stream: add counter for acks for unseen data
X-Git-Tag: suricata-7.0.0-rc2~551
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e6154a26f52ceaa8429135e5c69d1c2dcf95e15;p=thirdparty%2Fsuricata.git

stream: add counter for acks for unseen data

This is another indicator for packet loss or strange captures.
---

diff --git a/etc/schema.json b/etc/schema.json
index 0a85f60cee..6d319c48f6 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -5177,6 +5177,9 @@
                 "tcp": {
                     "type": "object",
                     "properties": {
+                        "ack_unseen_data": {
+                            "type": "integer"
+                        },
                         "active_sessions": {
                             "type": "integer"
                         },
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index c694007000..cb6c815f4a 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -2631,6 +2631,7 @@ static int HandleEstablishedPacketToServer(
             if ((ssn->flags & STREAMTCP_FLAG_ASYNC) == 0 &&
                     SEQ_GT(ssn->server.last_ack, ssn->server.next_seq)) {
                 STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_ACK_UNSEEN_DATA);
+                StatsIncr(tv, stt->counter_tcp_ack_unseen_data);
             }
         }
 
@@ -2767,6 +2768,7 @@ static int HandleEstablishedPacketToClient(
             if ((ssn->flags & STREAMTCP_FLAG_ASYNC) == 0 &&
                     SEQ_GT(ssn->client.last_ack, ssn->client.next_seq)) {
                 STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_ACK_UNSEEN_DATA);
+                StatsIncr(tv, stt->counter_tcp_ack_unseen_data);
             }
         }
 
@@ -5690,6 +5692,7 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
     stt->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
     stt->counter_tcp_midstream_pickups = StatsRegisterCounter("tcp.midstream_pickups", tv);
     stt->counter_tcp_wrong_thread = StatsRegisterCounter("tcp.pkt_on_wrong_thread", tv);
+    stt->counter_tcp_ack_unseen_data = StatsRegisterCounter("tcp.ack_unseen_data", tv);
 
     /* init reassembly ctx */
     stt->ra_ctx = StreamTcpReassembleInitThreadCtx(tv);
diff --git a/src/stream-tcp.h b/src/stream-tcp.h
index 33538bf102..daee00bcea 100644
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@@ -105,6 +105,8 @@ typedef struct StreamTcpThread_ {
     uint16_t counter_tcp_midstream_pickups;
     /** wrong thread */
     uint16_t counter_tcp_wrong_thread;
+    /** ack for unseed data */
+    uint16_t counter_tcp_ack_unseen_data;
 
     /** tcp reassembly thread data */
     TcpReassemblyThreadCtx *ra_ctx;