From d6cede34cc07439a809a81a971b15c7488e2db06 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 10 Oct 2024 14:56:21 +0200
Subject: [PATCH] decode/tcp: count urg flag

(cherry picked from commit ac02a71479c06d06a92683274987f7f898fb2c1c)
---
 etc/schema.json  | 4 ++++
 src/decode-tcp.c | 3 +++
 src/decode.c     | 1 +
 src/decode.h     | 1 +
 4 files changed, 9 insertions(+)

diff --git a/etc/schema.json b/etc/schema.json
index ae529a649e..ede9f6653f 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -5312,6 +5312,10 @@
                         },
                         "synack": {
                             "type": "integer"
+                        },
+                        "urg": {
+                            "description": "Number of TCP packets with the urgent flag set",
+                            "type": "integer"
                         }
                     },
                     "additionalProperties": false
diff --git a/src/decode-tcp.c b/src/decode-tcp.c
index 49bb882d58..69aa7fb1a5 100644
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@@ -265,6 +265,9 @@ int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
     if (p->tcph->th_flags & (TH_RST)) {
         StatsIncr(tv, dtv->counter_tcp_rst);
     }
+    if (p->tcph->th_flags & (TH_URG)) {
+        StatsIncr(tv, dtv->counter_tcp_urg);
+    }
 #ifdef DEBUG
     SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s",
         GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_HLEN(p), len,
diff --git a/src/decode.c b/src/decode.c
index 13c6541350..9de0ee7d2a 100644
--- a/src/decode.c
+++ b/src/decode.c
@@ -541,6 +541,7 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
     dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
     dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
     dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
+    dtv->counter_tcp_urg = StatsRegisterCounter("tcp.urg", tv);
 
     dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv);
     dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv);
diff --git a/src/decode.h b/src/decode.h
index 103e42c6fc..d604d7f69b 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -688,6 +688,7 @@ typedef struct DecodeThreadVars_
     uint16_t counter_tcp_syn;
     uint16_t counter_tcp_synack;
     uint16_t counter_tcp_rst;
+    uint16_t counter_tcp_urg;
     uint16_t counter_udp;
     uint16_t counter_icmpv4;
     uint16_t counter_icmpv6;
-- 
2.47.2