decode/tcp: count urg flag

10 months ago · ac02a71479
parent d1b0d00478
commit ac02a71479
4 changed files with 9 additions and 0 deletions
--- a/etc/schema.json
+++ b/etc/schema.json
@ -6546,6 +6546,10 @@
                        },
                        "synack": {
                            "type": "integer"
+                        },
+                        "urg": {
+                            "description": "Number of TCP packets with the urgent flag set",
+                            "type": "integer"
                        }
                    },
                    "additionalProperties": false
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@ -257,6 +257,9 @@ static int DecodeTCPPacket(
    if (tcph->th_flags & (TH_RST)) {
        StatsIncr(tv, dtv->counter_tcp_rst);
    }
+    if (tcph->th_flags & (TH_URG)) {
+        StatsIncr(tv, dtv->counter_tcp_urg);
+    }

 #ifdef DEBUG
    SCLogDebug("TCP sp: %u -> dp: %u - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s", p->sp,
--- a/src/decode.c
+++ b/src/decode.c
@ -619,6 +619,7 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
    dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv);
    dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv);
    dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv);
+    dtv->counter_tcp_urg = StatsRegisterCounter("tcp.urg", tv);

    dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv);
    dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv);
--- a/src/decode.h
+++ b/src/decode.h
@ -950,6 +950,7 @@ typedef struct DecodeThreadVars_
    uint16_t counter_tcp_syn;
    uint16_t counter_tcp_synack;
    uint16_t counter_tcp_rst;
+    uint16_t counter_tcp_urg;
    uint16_t counter_udp;
    uint16_t counter_icmpv4;
    uint16_t counter_icmpv6;