tcp: track TCP packet flags per session

For logging out in flow logging.

diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h
index e8635c875074eb098338d7ff5681edd03b6f05c4..358a4af90cce33fedf8ae550772a1282e9ffb1cf 100644 (file)
--- a/src/stream-tcp-private.h
+++ b/src/stream-tcp-private.h
@@ -210,6 +210,8 @@ typedef struct TcpSession_ {
     uint8_t state;
     uint8_t queue_len;                      /**< length of queue list below */
     int8_t data_first_seen_dir;
+    /** track all the tcp flags we've seen */
+    uint8_t tcp_packet_flags;
     /* coccinelle: TcpSession:flags:STREAMTCP_FLAG */
     uint16_t flags;
     TcpStream server;

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 503415698964209b30cf1ff17c799f72eaacc7fd..c81db461219a6f1352d7f272c4e05ece7c5edbf1 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -654,6 +654,7 @@ TcpSession *StreamTcpNewSession (Packet *p, int id)
 
         ssn->state = TCP_NONE;
         ssn->flags = stream_config.ssn_init_flags;
+        ssn->tcp_packet_flags = p->tcph ? p->tcph->th_flags : 0;
     }
 
     return ssn;
@@ -4197,6 +4198,11 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
 
     TcpSession *ssn = (TcpSession *)p->flow->protoctx;
 
+    /* track TCP flags */
+    if (ssn != NULL) {
+        ssn->tcp_packet_flags |= p->tcph->th_flags;
+    }
+
     /* update counters */
     if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
         SCPerfCounterIncr(stt->counter_tcp_synack, tv->sc_perf_pca);