From: Victor Julien <vjulien@oisf.net>
Date: Mon, 27 Feb 2023 14:42:15 +0000 (+0100)
Subject: eve/stream: log tcp reuse flag in packets
X-Git-Tag: suricata-7.0.0-rc2~548
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee76b27535975cd289e7be8e8a70a2992c221281;p=thirdparty%2Fsuricata.git

eve/stream: log tcp reuse flag in packets
---

diff --git a/src/flow-hash.c b/src/flow-hash.c
index d90c32889c..a4424a3bc6 100644
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@@ -720,6 +720,8 @@ static Flow *TcpReuseReplace(ThreadVars *tv, FlowLookupStruct *fls, FlowBucket *
 
     f->thread_id[0] = thread_id[0];
     f->thread_id[1] = thread_id[1];
+
+    STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_TCP_PORT_REUSE);
     return f;
 }
 
diff --git a/src/output-eve-stream.c b/src/output-eve-stream.c
index 2aa6dfe5c2..15735bf819 100644
--- a/src/output-eve-stream.c
+++ b/src/output-eve-stream.c
@@ -348,6 +348,8 @@ static int EveStreamLogger(ThreadVars *tv, void *thread_data, const Packet *p)
             jb_append_string(js, "dsack");
         if (p->tcpvars.stream_pkt_flags & STREAM_PKT_FLAG_ACK_UNSEEN_DATA)
             jb_append_string(js, "ack_unseen_data");
+        if (p->tcpvars.stream_pkt_flags & STREAM_PKT_FLAG_TCP_PORT_REUSE)
+            jb_append_string(js, "tcp_port_reuse");
         jb_close(js);
     }
     jb_close(js);
diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h
index e006596ac1..ec3366ce00 100644
--- a/src/stream-tcp-private.h
+++ b/src/stream-tcp-private.h
@@ -309,6 +309,7 @@ typedef struct TcpSession_ {
 #define STREAM_PKT_FLAG_DUP_ACK                 BIT_U16(7)
 #define STREAM_PKT_FLAG_DSACK                   BIT_U16(8)
 #define STREAM_PKT_FLAG_ACK_UNSEEN_DATA         BIT_U16(9)
+#define STREAM_PKT_FLAG_TCP_PORT_REUSE          BIT_U16(10)
 
 #define STREAM_PKT_FLAG_SET(p, f) (p)->tcpvars.stream_pkt_flags |= (f)