diff --git a/src/flow-util.c b/src/flow-util.c index eadce4769b..161d1feed5 100644 --- a/src/flow-util.c +++ b/src/flow-util.c @@ -137,12 +137,12 @@ void FlowInit(Flow *f, const Packet *p) if (PKT_IS_IPV4(p)) { FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, &f->src); FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, &f->dst); - FLOW_SET_IPV4_TTL_FROM_PACKET(p, f); + f->min_ttl_toserver = f->max_ttl_toserver = IPV4_GET_IPTTL((p)); f->flags |= FLOW_IPV4; } else if (PKT_IS_IPV6(p)) { FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, &f->src); FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, &f->dst); - FLOW_SET_IPV6_HLIM_FROM_PACKET(p, f); + f->min_ttl_toserver = f->max_ttl_toserver = IPV6_GET_HLIM((p)); f->flags |= FLOW_IPV6; } #ifdef DEBUG diff --git a/src/flow.c b/src/flow.c index 0d13b2ab52..4764aeb4fb 100644 --- a/src/flow.c +++ b/src/flow.c @@ -269,23 +269,19 @@ static inline int FlowUpdateSeenFlag(const Packet *p) static inline void FlowUpdateTTL(Flow *f, Packet *p, uint8_t ttl) { if (FlowGetPacketDirection(f, p) == TOSERVER) { - if (ttl < f->min_ttl_toserver) { + if (f->min_ttl_toserver == 0) { f->min_ttl_toserver = ttl; - } else if (f->min_ttl_toserver == 0) { - f->min_ttl_toserver = ttl; - } - if (ttl > f->max_ttl_toserver) { - f->max_ttl_toserver = ttl; + } else { + f->min_ttl_toserver = MIN(f->min_ttl_toserver, ttl); } + f->max_ttl_toserver = MAX(f->max_ttl_toserver, ttl); } else { - if (ttl < f->min_ttl_toclient) { + if (f->min_ttl_toclient == 0) { f->min_ttl_toclient = ttl; - } else if (f->min_ttl_toclient == 0) { - f->min_ttl_toclient = ttl; - } - if (ttl > f->max_ttl_toclient) { - f->max_ttl_toclient = ttl; + } else { + f->min_ttl_toclient = MIN(f->min_ttl_toclient, ttl); } + f->max_ttl_toclient = MAX(f->max_ttl_toclient, ttl); } } @@ -371,11 +367,9 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p) /* update flow's ttl fields if needed */ if (PKT_IS_IPV4(p)) { - uint8_t ttl = IPV4_GET_IPTTL(p); - FlowUpdateTTL(f, p, ttl); + FlowUpdateTTL(f, p, IPV4_GET_IPTTL(p)); } else if (PKT_IS_IPV6(p)) { - uint8_t ttl = IPV6_GET_HLIM(p); - FlowUpdateTTL(f, p, ttl); + FlowUpdateTTL(f, p, IPV6_GET_HLIM(p)); } } diff --git a/src/flow.h b/src/flow.h index aed1072606..f969c7a5ea 100644 --- a/src/flow.h +++ b/src/flow.h @@ -183,16 +183,6 @@ typedef struct AppLayerParserState_ AppLayerParserState; (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \ } while (0) -#define FLOW_SET_IPV4_TTL_FROM_PACKET(p, f) do { \ - (f)->min_ttl_toserver = IPV4_GET_IPTTL((p)); \ - (f)->max_ttl_toserver = IPV4_GET_IPTTL((p)); \ - } while (0) - -#define FLOW_SET_IPV6_HLIM_FROM_PACKET(p, f) do { \ - (f)->min_ttl_toserver = IPV6_GET_HLIM((p)); \ - (f)->max_ttl_toserver = IPV6_GET_HLIM((p)); \ - } while (0) - /* pkt flow flags */ #define FLOW_PKT_TOSERVER 0x01 #define FLOW_PKT_TOCLIENT 0x02 @@ -340,11 +330,11 @@ typedef struct Flow_ }; uint8_t proto; uint8_t recursion_level; + uint16_t vlan_id[2]; uint8_t min_ttl_toserver; uint8_t max_ttl_toserver; uint8_t min_ttl_toclient; uint8_t max_ttl_toclient; - uint16_t vlan_id[2]; /** flow hash - the flow hash before hash table size mod. */ uint32_t flow_hash; diff --git a/src/output-json-netflow.c b/src/output-json-netflow.c index 40024a197d..b47a3dd8f6 100644 --- a/src/output-json-netflow.c +++ b/src/output-json-netflow.c @@ -267,7 +267,7 @@ static void JsonNetFlowLogJSONToClient(JsonNetFlowLogThread *aft, json_t *js, Fl json_integer(age)); /* To client is zero if we did not see any packet */ - if (f->max_ttl_toclient) { + if (f->tosrcpktcnt) { json_object_set_new(hjs, "min_ttl", json_integer(f->min_ttl_toclient)); json_object_set_new(hjs, "max_ttl", json_integer(f->max_ttl_toclient)); }