diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 909ad15414..2ffb1e5a4e 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -3597,6 +3597,16 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn = (TcpSession *)p->flow->protoctx; + /* update counters */ + if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) { + SCPerfCounterIncr(stt->counter_tcp_synack, tv->sc_perf_pca); + } else if (p->tcph->th_flags & (TH_SYN)) { + SCPerfCounterIncr(stt->counter_tcp_syn, tv->sc_perf_pca); + } + if (p->tcph->th_flags & (TH_RST)) { + SCPerfCounterIncr(stt->counter_tcp_rst, tv->sc_perf_pca); + } + /* If we are on IPS mode, and got a drop action triggered from * the IP only module, or from a reassembled msg and/or from an * applayer detection, then drop the rest of the packets of the @@ -3904,6 +3914,15 @@ TmEcode StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data) stt->counter_tcp_memuse = SCPerfTVRegisterCounter("tcp.memuse", tv, SC_PERF_TYPE_Q_NORMAL, "NULL"); + stt->counter_tcp_syn = SCPerfTVRegisterCounter("tcp.syn", tv, + SC_PERF_TYPE_UINT64, + "NULL"); + stt->counter_tcp_synack = SCPerfTVRegisterCounter("tcp.synack", tv, + SC_PERF_TYPE_UINT64, + "NULL"); + stt->counter_tcp_rst = SCPerfTVRegisterCounter("tcp.rst", tv, + SC_PERF_TYPE_UINT64, + "NULL"); /* init reassembly ctx */ stt->ra_ctx = StreamTcpReassembleInitThreadCtx(); diff --git a/src/stream-tcp.h b/src/stream-tcp.h index 7460d298ff..811fdcc862 100644 --- a/src/stream-tcp.h +++ b/src/stream-tcp.h @@ -86,6 +86,12 @@ typedef struct StreamTcpThread_ { uint16_t counter_tcp_reused_ssn; /** sessions reused */ uint16_t counter_tcp_memuse; + /** syn pkts */ + uint16_t counter_tcp_syn; + /** syn/ack pkts */ + uint16_t counter_tcp_synack; + /** rst pkts */ + uint16_t counter_tcp_rst; /** tcp reassembly thread data */ TcpReassemblyThreadCtx *ra_ctx;