From: Victor Julien <victor@inliniac.net>
Date: Fri, 2 May 2014 07:45:01 +0000 (+0200)
Subject: tcp: track TCP packet flags per session
X-Git-Tag: suricata-2.1beta1~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fddeca8aae7242ed6066959b3b1afcd829fa1690;p=thirdparty%2Fsuricata.git

tcp: track TCP packet flags per session

For logging out in flow logging.
---

diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h
index e8635c8750..358a4af90c 100644
--- a/src/stream-tcp-private.h
+++ b/src/stream-tcp-private.h
@@ -210,6 +210,8 @@ typedef struct TcpSession_ {
     uint8_t state;
     uint8_t queue_len;                      /**< length of queue list below */
     int8_t data_first_seen_dir;
+    /** track all the tcp flags we've seen */
+    uint8_t tcp_packet_flags;
     /* coccinelle: TcpSession:flags:STREAMTCP_FLAG */
     uint16_t flags;
     TcpStream server;
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 5034156989..c81db46121 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -654,6 +654,7 @@ TcpSession *StreamTcpNewSession (Packet *p, int id)
 
         ssn->state = TCP_NONE;
         ssn->flags = stream_config.ssn_init_flags;
+        ssn->tcp_packet_flags = p->tcph ? p->tcph->th_flags : 0;
     }
 
     return ssn;
@@ -4197,6 +4198,11 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
 
     TcpSession *ssn = (TcpSession *)p->flow->protoctx;
 
+    /* track TCP flags */
+    if (ssn != NULL) {
+        ssn->tcp_packet_flags |= p->tcph->th_flags;
+    }
+
     /* update counters */
     if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
         SCPerfCounterIncr(stt->counter_tcp_synack, tv->sc_perf_pca);