diff --git a/etc/schema.json b/etc/schema.json index 18710cda45..17cf802c6b 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -6546,6 +6546,10 @@ }, "synack": { "type": "integer" + }, + "urg": { + "description": "Number of TCP packets with the urgent flag set", + "type": "integer" } }, "additionalProperties": false diff --git a/src/decode-tcp.c b/src/decode-tcp.c index dd03f794d9..193303615a 100644 --- a/src/decode-tcp.c +++ b/src/decode-tcp.c @@ -257,6 +257,9 @@ static int DecodeTCPPacket( if (tcph->th_flags & (TH_RST)) { StatsIncr(tv, dtv->counter_tcp_rst); } + if (tcph->th_flags & (TH_URG)) { + StatsIncr(tv, dtv->counter_tcp_urg); + } #ifdef DEBUG SCLogDebug("TCP sp: %u -> dp: %u - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s", p->sp, diff --git a/src/decode.c b/src/decode.c index 0ed546def2..9fe5d183fd 100644 --- a/src/decode.c +++ b/src/decode.c @@ -619,6 +619,7 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv) dtv->counter_tcp_syn = StatsRegisterCounter("tcp.syn", tv); dtv->counter_tcp_synack = StatsRegisterCounter("tcp.synack", tv); dtv->counter_tcp_rst = StatsRegisterCounter("tcp.rst", tv); + dtv->counter_tcp_urg = StatsRegisterCounter("tcp.urg", tv); dtv->counter_udp = StatsRegisterCounter("decoder.udp", tv); dtv->counter_sctp = StatsRegisterCounter("decoder.sctp", tv); diff --git a/src/decode.h b/src/decode.h index f7ef222336..f8f4a18af0 100644 --- a/src/decode.h +++ b/src/decode.h @@ -950,6 +950,7 @@ typedef struct DecodeThreadVars_ uint16_t counter_tcp_syn; uint16_t counter_tcp_synack; uint16_t counter_tcp_rst; + uint16_t counter_tcp_urg; uint16_t counter_udp; uint16_t counter_icmpv4; uint16_t counter_icmpv6;