aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

flow: move flow/packet updates into util func

Browse Source 
Move the code responsible for updating the flow and packet after
a new packet has come in to a util func "FlowHandlePacketUpdate"
pull/1342/head
Victor Julien 11 years ago
parent db9f12ee51
commit 34e1de6970
2 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File

40
src/flow.c
Unescape Escape View File

@ -226,22 +226,16 @@ static inline int FlowUpdateSeenFlag(const Packet *p)
return 1;
}
/** \brief Entry point for packet flow handling
/** \brief Update Packet and Flow
*
* This is called for every packet.
* Updates packet and flow based on the new packet.
*
* \param tv threadvars
* \param dtv decode thread vars (for flow output api thread data)
* \param p packet to handle flow for
* \param f locked flow
* \param p packet
*/
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
void FlowHandlePacketUpdate(Flow *f, Packet *p)
{
/* Get this packet's flow from the hash. FlowHandlePacket() will setup
* a new flow if nescesary. If we get NULL, we're out of flow memory.
* The returned flow is locked. */
Flow *f = FlowGetFlowFromHash(tv, dtv, p);
if (f == NULL)
return;
SCLogDebug("packet %"PRIu64" -- flow %p", p->pcap_cnt, f);
/* Point the Packet at the Flow */
FlowReference(&p->flow, f);
@ -263,7 +257,7 @@ void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
p->flowflags |= FLOW_PKT_TOCLIENT;
}
if ((f->flags & FLOW_TO_DST_SEEN) && (f->flags & FLOW_TO_SRC_SEEN)) {
if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -281,6 +275,26 @@ void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
SCLogDebug("setting FLOW_NOPAYLOAD_INSPECTION flag on flow %p", f);
DecodeSetNoPayloadInspectionFlag(p);
}
}
/** \brief Entry point for packet flow handling
*
* This is called for every packet.
*
* \param tv threadvars
* \param dtv decode thread vars (for flow output api thread data)
* \param p packet to handle flow for
*/
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
{
/* Get this packet's flow from the hash. FlowHandlePacket() will setup
* a new flow if nescesary. If we get NULL, we're out of flow memory.
* The returned flow is locked. */
Flow *f = FlowGetFlowFromHash(tv, dtv, p);
if (f == NULL)
return;
FlowHandlePacketUpdate(f, p);
FLOWLOCK_UNLOCK(f);

2
src/flow.h
Unescape Escape View File

@ -575,7 +575,7 @@ int FlowClearMemory(Flow *,uint8_t );
AppProto FlowGetAppProtocol(Flow *f);
void *FlowGetAppState(Flow *f);
void FlowHandlePacketUpdate(Flow *f, Packet *p);
#endif /* __FLOW_H__ */

Write Preview
Loading…
Cancel
Save