From: Michael Matirko (mmatirko) Date: Fri, 15 Mar 2024 16:22:19 +0000 (+0000) Subject: Pull request #4243: stream: count retransmits when we disable content rules X-Git-Tag: 3.1.83.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5b3f751ed268d56ac10506fe43922dbdaaac2ce;p=thirdparty%2Fsnort3.git Pull request #4243: stream: count retransmits when we disable content rules Merge in SNORT/snort3 from ~MMATIRKO/snort3:rexmit to master Squashed commit of the following: commit 338821c3170cf12362c666cc0eb98f9291de268c Author: Michael Matirko Date: Wed Mar 13 15:28:23 2024 -0400 stream: count retransmits when we disable content rules --- diff --git a/src/stream/tcp/segment_overlap_editor.cc b/src/stream/tcp/segment_overlap_editor.cc index 9896a0d95..d6377a5af 100644 --- a/src/stream/tcp/segment_overlap_editor.cc +++ b/src/stream/tcp/segment_overlap_editor.cc @@ -154,6 +154,8 @@ void SegmentOverlapEditor::eval_right(TcpReassemblerState& trs) trs.sos.tsd->set_retransmit_flag(); snort::DetectionEngine::disable_content(trs.sos.tsd->get_pkt()); trs.sos.keep_segment = false; + tcpStats.full_retransmits++; + } else { @@ -173,7 +175,11 @@ void SegmentOverlapEditor::eval_right(TcpReassemblerState& trs) if ( is_segment_retransmit(trs, &full_retransmit) ) { if ( full_retransmit ) + { + tcpStats.full_retransmits++; break; + } + continue; } diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index 49ece67d9..dea8b90dd 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -117,6 +117,7 @@ const PegInfo tcp_pegs[] = { CountType::SUM, "zero_len_tcp_opt", "number of zero length tcp options" }, { CountType::SUM, "zero_win_probes", "number of tcp zero window probes" }, { CountType::SUM, "proxy_mode_flows", "number of flows set to proxy normalization policy" }, + { CountType::SUM, "full_retransmits", "number of fully retransmitted segments" }, { CountType::END, nullptr, nullptr } }; diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h index 3188ffc39..242c09fb4 100644 --- a/src/stream/tcp/tcp_module.h +++ b/src/stream/tcp/tcp_module.h @@ -117,6 +117,7 @@ struct TcpStats PegCount zero_len_tcp_opt; PegCount zero_win_probes; PegCount proxy_mode_flows; + PegCount full_retransmits; }; extern THREAD_LOCAL struct TcpStats tcpStats;