aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

protodetect: rename direction to flags

Browse Source 
And use whole flags in AppLayerProtoDetectPPGetProto
pull/5886/head
Philippe Antoine 5 years ago committed by Victor Julien
parent 7264f58f2c
commit c6aadf0dfa
5 changed files with 60 additions and 89 deletions
Show Stats Download Patch File Download Diff File

2
rust/src/applayer.rs
Unescape Escape View File

@ -261,7 +261,7 @@ pub type ParseFn = extern "C" fn (flow: *const Flow,
input_len: u32, input_len: u32,
data: *const c_void, data: *const c_void,
flags: u8) -> AppLayerResult; flags: u8) -> AppLayerResult;
pub type ProbeFn = extern "C" fn (flow: *const Flow,direction: u8,input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto; pub type ProbeFn = extern "C" fn (flow: *const Flow, flags: u8, input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto;
pub type StateAllocFn = extern "C" fn (*mut c_void, AppProto) -> *mut c_void; pub type StateAllocFn = extern "C" fn (*mut c_void, AppProto) -> *mut c_void;
pub type StateFreeFn = extern "C" fn (*mut c_void); pub type StateFreeFn = extern "C" fn (*mut c_void);
pub type StateTxFreeFn = extern "C" fn (*mut c_void, u64); pub type StateTxFreeFn = extern "C" fn (*mut c_void, u64);

124
src/app-layer-detect-proto.c
Unescape Escape View File

@ -185,12 +185,9 @@ static void AppLayerProtoDetectPEGetIpprotos(AppProto alproto,
* \brief Handle SPM search for Signature * \brief Handle SPM search for Signature
* \param buflen full size of the input buffer * \param buflen full size of the input buffer
* \param searchlen pattern matching portion of buffer */ * \param searchlen pattern matching portion of buffer */
static AppProto AppLayerProtoDetectPMMatchSignature( static AppProto AppLayerProtoDetectPMMatchSignature(const AppLayerProtoDetectPMSignature *s,
const AppLayerProtoDetectPMSignature *s, AppLayerProtoDetectThreadCtx *tctx, Flow *f, uint8_t flags, const uint8_t *buf,
AppLayerProtoDetectThreadCtx *tctx, uint16_t buflen, uint16_t searchlen, bool *rflow)
Flow *f, uint8_t direction,
const uint8_t *buf, uint16_t buflen, uint16_t searchlen,
bool *rflow)
{ {
SCEnter(); SCEnter();
@ -216,11 +213,12 @@ static AppProto AppLayerProtoDetectPMMatchSignature(
SCReturnUInt(ALPROTO_UNKNOWN); SCReturnUInt(ALPROTO_UNKNOWN);
} }
uint8_t direction = (flags & (STREAM_TOSERVER | STREAM_TOCLIENT));
SCLogDebug("matching, s->direction %s, our dir %s", SCLogDebug("matching, s->direction %s, our dir %s",
(s->direction & STREAM_TOSERVER) ? "toserver" : "toclient", (s->direction & STREAM_TOSERVER) ? "toserver" : "toclient",
(direction & STREAM_TOSERVER) ? "toserver" : "toclient"); (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
if (s->PPFunc == NULL) { if (s->PPFunc == NULL) {
if ((direction & (STREAM_TOSERVER|STREAM_TOCLIENT)) == s->direction) { if (direction == s->direction) {
SCLogDebug("direction is correct"); SCLogDebug("direction is correct");
} else { } else {
SCLogDebug("direction is wrong, rflow = true"); SCLogDebug("direction is wrong, rflow = true");
@ -235,7 +233,7 @@ static AppProto AppLayerProtoDetectPMMatchSignature(
} }
uint8_t rdir = 0; uint8_t rdir = 0;
AppProto r = s->PPFunc(f, direction, buf, buflen, &rdir); AppProto r = s->PPFunc(f, flags, buf, buflen, &rdir);
if (r == s->alproto) { if (r == s->alproto) {
SCLogDebug("found %s/%u, rdir %02x reverse_flow? %s", SCLogDebug("found %s/%u, rdir %02x reverse_flow? %s",
AppProtoToString(r), r, rdir, AppProtoToString(r), r, rdir,
@ -260,12 +258,9 @@ static AppProto AppLayerProtoDetectPMMatchSignature(
* \retval 0 no matches * \retval 0 no matches
* \retval -1 no matches, mpm depth reached * \retval -1 no matches, mpm depth reached
*/ */
static inline int PMGetProtoInspect( static inline int PMGetProtoInspect(AppLayerProtoDetectThreadCtx *tctx,
AppLayerProtoDetectThreadCtx *tctx, AppLayerProtoDetectPMCtx *pm_ctx, MpmThreadCtx *mpm_tctx, Flow *f, const uint8_t *buf,
AppLayerProtoDetectPMCtx *pm_ctx, uint16_t buflen, uint8_t flags, AppProto *pm_results, bool *rflow)
MpmThreadCtx *mpm_tctx,
Flow *f, const uint8_t *buf, uint16_t buflen,
uint8_t direction, AppProto *pm_results, bool *rflow)
{ {
int pm_matches = 0; int pm_matches = 0;
@ -292,8 +287,8 @@ static inline int PMGetProtoInspect(
for (uint32_t cnt = 0; cnt < tctx->pmq.rule_id_array_cnt; cnt++) { for (uint32_t cnt = 0; cnt < tctx->pmq.rule_id_array_cnt; cnt++) {
const AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.rule_id_array[cnt]]; const AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.rule_id_array[cnt]];
while (s != NULL) { while (s != NULL) {
AppProto proto = AppLayerProtoDetectPMMatchSignature(s, AppProto proto = AppLayerProtoDetectPMMatchSignature(
tctx, f, direction, buf, buflen, searchlen, rflow); s, tctx, f, flags, buf, buflen, searchlen, rflow);
/* store each unique proto once */ /* store each unique proto once */
if (AppProtoIsValid(proto) && if (AppProtoIsValid(proto) &&
@ -316,10 +311,8 @@ static inline int PMGetProtoInspect(
* \brief Run Pattern Sigs against buffer * \brief Run Pattern Sigs against buffer
* \param direction direction for the patterns * \param direction direction for the patterns
* \param pm_results[out] AppProto array of size ALPROTO_MAX */ * \param pm_results[out] AppProto array of size ALPROTO_MAX */
static AppProto AppLayerProtoDetectPMGetProto( static AppProto AppLayerProtoDetectPMGetProto(AppLayerProtoDetectThreadCtx *tctx, Flow *f,
AppLayerProtoDetectThreadCtx *tctx, const uint8_t *buf, uint16_t buflen, uint8_t flags, AppProto *pm_results, bool *rflow)
Flow *f, const uint8_t *buf, uint16_t buflen,
uint8_t direction, AppProto *pm_results, bool *rflow)
{ {
SCEnter(); SCEnter();
@ -334,7 +327,7 @@ static AppProto AppLayerProtoDetectPMGetProto(
SCReturnUInt(1); SCReturnUInt(1);
} }
if (direction & STREAM_TOSERVER) { if (flags & STREAM_TOSERVER) {
pm_ctx = &alpd_ctx.ctx_ipp[f->protomap].ctx_pm[0]; pm_ctx = &alpd_ctx.ctx_ipp[f->protomap].ctx_pm[0];
mpm_tctx = &tctx->mpm_tctx[f->protomap][0]; mpm_tctx = &tctx->mpm_tctx[f->protomap][0];
} else { } else {
@ -342,15 +335,11 @@ static AppProto AppLayerProtoDetectPMGetProto(
mpm_tctx = &tctx->mpm_tctx[f->protomap][1]; mpm_tctx = &tctx->mpm_tctx[f->protomap][1];
} }
if (likely(pm_ctx->mpm_ctx.pattern_cnt > 0)) { if (likely(pm_ctx->mpm_ctx.pattern_cnt > 0)) {
m = PMGetProtoInspect(tctx, m = PMGetProtoInspect(tctx, pm_ctx, mpm_tctx, f, buf, buflen, flags, pm_results, rflow);
pm_ctx, mpm_tctx,
f, buf, buflen, direction,
pm_results, rflow);
} }
/* pattern found, yay */ /* pattern found, yay */
if (m > 0) { if (m > 0) {
FLOW_SET_PM_DONE(f, direction); FLOW_SET_PM_DONE(f, flags);
SCReturnUInt((uint16_t)m); SCReturnUInt((uint16_t)m);
/* handle non-found in non-midstream case */ /* handle non-found in non-midstream case */
@ -358,7 +347,7 @@ static AppProto AppLayerProtoDetectPMGetProto(
/* we can give up if mpm gave no results and its search depth /* we can give up if mpm gave no results and its search depth
* was reached. */ * was reached. */
if (m < 0) { if (m < 0) {
FLOW_SET_PM_DONE(f, direction); FLOW_SET_PM_DONE(f, flags);
SCReturnUInt(0); SCReturnUInt(0);
} else if (m == 0) { } else if (m == 0) {
SCReturnUInt(0); SCReturnUInt(0);
@ -367,7 +356,7 @@ static AppProto AppLayerProtoDetectPMGetProto(
/* handle non-found in midstream case */ /* handle non-found in midstream case */
} else if (m <= 0) { } else if (m <= 0) {
if (direction & STREAM_TOSERVER) { if (flags & STREAM_TOSERVER) {
pm_ctx = &alpd_ctx.ctx_ipp[f->protomap].ctx_pm[1]; pm_ctx = &alpd_ctx.ctx_ipp[f->protomap].ctx_pm[1];
mpm_tctx = &tctx->mpm_tctx[f->protomap][1]; mpm_tctx = &tctx->mpm_tctx[f->protomap][1];
} else { } else {
@ -379,19 +368,17 @@ static AppProto AppLayerProtoDetectPMGetProto(
int om = -1; int om = -1;
if (likely(pm_ctx->mpm_ctx.pattern_cnt > 0)) { if (likely(pm_ctx->mpm_ctx.pattern_cnt > 0)) {
om = PMGetProtoInspect(tctx, om = PMGetProtoInspect(
pm_ctx, mpm_tctx, tctx, pm_ctx, mpm_tctx, f, buf, buflen, flags, pm_results, rflow);
f, buf, buflen, direction,
pm_results, rflow);
} }
/* found! */ /* found! */
if (om > 0) { if (om > 0) {
FLOW_SET_PM_DONE(f, direction); FLOW_SET_PM_DONE(f, flags);
SCReturnUInt((uint16_t)om); SCReturnUInt((uint16_t)om);
/* both sides failed */ /* both sides failed */
} else if (om < 0 && m && m < 0) { } else if (om < 0 && m && m < 0) {
FLOW_SET_PM_DONE(f, direction); FLOW_SET_PM_DONE(f, flags);
SCReturnUInt(0); SCReturnUInt(0);
/* one side still uncertain */ /* one side still uncertain */
@ -465,25 +452,20 @@ static AppLayerProtoDetectProbingParserPort *AppLayerProtoDetectGetProbingParser
* \brief Call the probing expectation to see if there is some for this flow. * \brief Call the probing expectation to see if there is some for this flow.
* *
*/ */
static AppProto AppLayerProtoDetectPEGetProto(Flow *f, uint8_t ipproto, static AppProto AppLayerProtoDetectPEGetProto(Flow *f, uint8_t ipproto, uint8_t flags)
uint8_t direction)
{ {
AppProto alproto = ALPROTO_UNKNOWN; AppProto alproto = ALPROTO_UNKNOWN;
SCLogDebug("expectation check for %p (dir %d)", f, direction); SCLogDebug("expectation check for %p (dir %d)", f, flags);
FLOW_SET_PE_DONE(f, direction); FLOW_SET_PE_DONE(f, flags);
alproto = AppLayerExpectationHandle(f, direction); alproto = AppLayerExpectationHandle(f, flags);
return alproto; return alproto;
} }
static inline AppProto PPGetProto( static inline AppProto PPGetProto(const AppLayerProtoDetectProbingParserElement *pe, Flow *f,
const AppLayerProtoDetectProbingParserElement *pe, uint8_t flags, const uint8_t *buf, uint32_t buflen, uint32_t *alproto_masks, uint8_t *rdir)
Flow *f, uint8_t direction,
const uint8_t *buf, uint32_t buflen,
uint32_t *alproto_masks, uint8_t *rdir
)
{ {
while (pe != NULL) { while (pe != NULL) {
if ((buflen < pe->min_depth) || if ((buflen < pe->min_depth) ||
@ -493,10 +475,10 @@ static inline AppProto PPGetProto(
} }
AppProto alproto = ALPROTO_UNKNOWN; AppProto alproto = ALPROTO_UNKNOWN;
if (direction & STREAM_TOSERVER && pe->ProbingParserTs != NULL) { if (flags & STREAM_TOSERVER && pe->ProbingParserTs != NULL) {
alproto = pe->ProbingParserTs(f, direction, buf, buflen, rdir); alproto = pe->ProbingParserTs(f, flags, buf, buflen, rdir);
} else if (pe->ProbingParserTc != NULL) { } else if (pe->ProbingParserTc != NULL) {
alproto = pe->ProbingParserTc(f, direction, buf, buflen, rdir); alproto = pe->ProbingParserTc(f, flags, buf, buflen, rdir);
} }
if (AppProtoIsValid(alproto)) { if (AppProtoIsValid(alproto)) {
SCReturnUInt(alproto); SCReturnUInt(alproto);
@ -518,10 +500,8 @@ static inline AppProto PPGetProto(
* lead to a PP, we try the sp. * lead to a PP, we try the sp.
* *
*/ */
static AppProto AppLayerProtoDetectPPGetProto(Flow *f, static AppProto AppLayerProtoDetectPPGetProto(Flow *f, const uint8_t *buf, uint32_t buflen,
const uint8_t *buf, uint32_t buflen, uint8_t ipproto, const uint8_t flags, bool *reverse_flow)
uint8_t ipproto, const uint8_t idir,
bool *reverse_flow)
{ {
const AppLayerProtoDetectProbingParserPort *pp_port_dp = NULL; const AppLayerProtoDetectProbingParserPort *pp_port_dp = NULL;
const AppLayerProtoDetectProbingParserPort *pp_port_sp = NULL; const AppLayerProtoDetectProbingParserPort *pp_port_sp = NULL;
@ -531,6 +511,7 @@ static AppProto AppLayerProtoDetectPPGetProto(Flow *f,
AppProto alproto = ALPROTO_UNKNOWN; AppProto alproto = ALPROTO_UNKNOWN;
uint32_t *alproto_masks; uint32_t *alproto_masks;
uint32_t mask = 0; uint32_t mask = 0;
uint8_t idir = (flags & (STREAM_TOSERVER | STREAM_TOCLIENT));
uint8_t dir = idir; uint8_t dir = idir;
uint16_t dp = f->protodetect_dp ? f->protodetect_dp : FLOW_GET_DP(f); uint16_t dp = f->protodetect_dp ? f->protodetect_dp : FLOW_GET_DP(f);
uint16_t sp = FLOW_GET_SP(f); uint16_t sp = FLOW_GET_SP(f);
@ -603,13 +584,13 @@ again_midstream:
/* run the parser(s): always call with original direction */ /* run the parser(s): always call with original direction */
uint8_t rdir = 0; uint8_t rdir = 0;
alproto = PPGetProto(pe0, f, idir, buf, buflen, alproto_masks, &rdir); alproto = PPGetProto(pe0, f, flags, buf, buflen, alproto_masks, &rdir);
if (AppProtoIsValid(alproto)) if (AppProtoIsValid(alproto))
goto end; goto end;
alproto = PPGetProto(pe1, f, idir, buf, buflen, alproto_masks, &rdir); alproto = PPGetProto(pe1, f, flags, buf, buflen, alproto_masks, &rdir);
if (AppProtoIsValid(alproto)) if (AppProtoIsValid(alproto))
goto end; goto end;
alproto = PPGetProto(pe2, f, idir, buf, buflen, alproto_masks, &rdir); alproto = PPGetProto(pe2, f, flags, buf, buflen, alproto_masks, &rdir);
if (AppProtoIsValid(alproto)) if (AppProtoIsValid(alproto))
goto end; goto end;
@ -1536,32 +1517,28 @@ static int AppLayerProtoDetectPMRegisterPattern(uint8_t ipproto, AppProto alprot
/***** Protocol Retrieval *****/ /***** Protocol Retrieval *****/
AppProto AppLayerProtoDetectGetProto(AppLayerProtoDetectThreadCtx *tctx, AppProto AppLayerProtoDetectGetProto(AppLayerProtoDetectThreadCtx *tctx, Flow *f,
Flow *f, const uint8_t *buf, uint32_t buflen, uint8_t ipproto, uint8_t flags, bool *reverse_flow)
const uint8_t *buf, uint32_t buflen,
uint8_t ipproto, uint8_t direction,
bool *reverse_flow)
{ {
SCEnter(); SCEnter();
SCLogDebug("buflen %u for %s direction", buflen, SCLogDebug("buflen %u for %s direction", buflen,
(direction & STREAM_TOSERVER) ? "toserver" : "toclient"); (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
AppProto alproto = ALPROTO_UNKNOWN; AppProto alproto = ALPROTO_UNKNOWN;
AppProto pm_alproto = ALPROTO_UNKNOWN; AppProto pm_alproto = ALPROTO_UNKNOWN;
if (!FLOW_IS_PM_DONE(f, direction)) { if (!FLOW_IS_PM_DONE(f, flags)) {
AppProto pm_results[ALPROTO_MAX]; AppProto pm_results[ALPROTO_MAX];
uint16_t pm_matches = AppLayerProtoDetectPMGetProto(tctx, f, uint16_t pm_matches = AppLayerProtoDetectPMGetProto(
buf, buflen, direction, pm_results, reverse_flow); tctx, f, buf, buflen, flags, pm_results, reverse_flow);
if (pm_matches > 0) { if (pm_matches > 0) {
DEBUG_VALIDATE_BUG_ON(pm_matches > 1); DEBUG_VALIDATE_BUG_ON(pm_matches > 1);
alproto = pm_results[0]; alproto = pm_results[0];
// rerun probing parser for other direction if it is unknown // rerun probing parser for other direction if it is unknown
uint8_t reverse_dir = (direction & STREAM_TOSERVER) ? STREAM_TOCLIENT : STREAM_TOSERVER; uint8_t reverse_dir = (flags & STREAM_TOSERVER) ? STREAM_TOCLIENT : STREAM_TOSERVER;
if (FLOW_IS_PP_DONE(f, reverse_dir)) { if (FLOW_IS_PP_DONE(f, reverse_dir)) {
AppProto rev_alproto = AppProto rev_alproto = (flags & STREAM_TOSERVER) ? f->alproto_tc : f->alproto_ts;
(direction & STREAM_TOSERVER) ? f->alproto_tc : f->alproto_ts;
if (rev_alproto == ALPROTO_UNKNOWN) { if (rev_alproto == ALPROTO_UNKNOWN) {
FLOW_RESET_PP_DONE(f, reverse_dir); FLOW_RESET_PP_DONE(f, reverse_dir);
} }
@ -1578,10 +1555,9 @@ AppProto AppLayerProtoDetectGetProto(AppLayerProtoDetectThreadCtx *tctx,
} }
} }
if (!FLOW_IS_PP_DONE(f, direction)) { if (!FLOW_IS_PP_DONE(f, flags)) {
bool rflow = false; bool rflow = false;
alproto = AppLayerProtoDetectPPGetProto(f, buf, buflen, ipproto, alproto = AppLayerProtoDetectPPGetProto(f, buf, buflen, ipproto, flags, &rflow);
direction & (STREAM_TOSERVER|STREAM_TOCLIENT), &rflow);
if (AppProtoIsValid(alproto)) { if (AppProtoIsValid(alproto)) {
if (rflow) { if (rflow) {
*reverse_flow = true; *reverse_flow = true;
@ -1591,8 +1567,8 @@ AppProto AppLayerProtoDetectGetProto(AppLayerProtoDetectThreadCtx *tctx,
} }
/* Look if flow can be found in expectation list */ /* Look if flow can be found in expectation list */
if (!FLOW_IS_PE_DONE(f, direction)) { if (!FLOW_IS_PE_DONE(f, flags)) {
alproto = AppLayerProtoDetectPEGetProto(f, ipproto, direction); alproto = AppLayerProtoDetectPEGetProto(f, ipproto, flags);
} }
end: end:

14
src/app-layer-detect-proto.h
Unescape Escape View File

@ -27,9 +27,8 @@
typedef struct AppLayerProtoDetectThreadCtx_ AppLayerProtoDetectThreadCtx; typedef struct AppLayerProtoDetectThreadCtx_ AppLayerProtoDetectThreadCtx;
typedef AppProto (*ProbingParserFPtr)(Flow *f, uint8_t dir, typedef AppProto (*ProbingParserFPtr)(
const uint8_t *input, uint32_t input_len, Flow *f, uint8_t flags, const uint8_t *input, uint32_t input_len, uint8_t *rdir);
uint8_t *rdir);
/***** Protocol Retrieval *****/ /***** Protocol Retrieval *****/
@ -41,16 +40,13 @@ typedef AppProto (*ProbingParserFPtr)(Flow *f, uint8_t dir,
* \param buf The buffer to be inspected. * \param buf The buffer to be inspected.
* \param buflen The length of the above buffer. * \param buflen The length of the above buffer.
* \param ipproto The ip protocol. * \param ipproto The ip protocol.
* \param direction The direction bitfield - STREAM_TOSERVER/STREAM_TOCLIENT. * \param flags The direction bitfield - STREAM_TOSERVER/STREAM_TOCLIENT.
* \param[out] reverse_flow true if flow is detected to be reversed * \param[out] reverse_flow true if flow is detected to be reversed
* *
* \retval The app layer protocol. * \retval The app layer protocol.
*/ */
AppProto AppLayerProtoDetectGetProto(AppLayerProtoDetectThreadCtx *tctx, AppProto AppLayerProtoDetectGetProto(AppLayerProtoDetectThreadCtx *tctx, Flow *f,
Flow *f, const uint8_t *buf, uint32_t buflen, uint8_t ipproto, uint8_t flags, bool *reverse_flow);
const uint8_t *buf, uint32_t buflen,
uint8_t ipproto, uint8_t direction,
bool *reverse_flow);
/***** State Preparation *****/ /***** State Preparation *****/

5
src/app-layer-expectation.c
Unescape Escape View File

@ -299,7 +299,7 @@ int AppLayerExpectationGetDataId(void)
* \return an AppProto value if found * \return an AppProto value if found
* \return ALPROTO_UNKNOWN if not found * \return ALPROTO_UNKNOWN if not found
*/ */
AppProto AppLayerExpectationHandle(Flow *f, int direction) AppProto AppLayerExpectationHandle(Flow *f, uint8_t flags)
{ {
AppProto alproto = ALPROTO_UNKNOWN; AppProto alproto = ALPROTO_UNKNOWN;
IPPair *ipp = NULL; IPPair *ipp = NULL;
@ -319,8 +319,7 @@ AppProto AppLayerExpectationHandle(Flow *f, int direction)
time_t ctime = f->lastts.tv_sec; time_t ctime = f->lastts.tv_sec;
CIRCLEQ_FOREACH_SAFE(exp, &exp_list->list, entries, lexp) { CIRCLEQ_FOREACH_SAFE(exp, &exp_list->list, entries, lexp) {
if ((exp->direction & direction) && if ((exp->direction & flags) && ((exp->sp == 0) || (exp->sp == f->sp)) &&
((exp->sp == 0) || (exp->sp == f->sp)) &&
((exp->dp == 0) || (exp->dp == f->dp))) { ((exp->dp == 0) || (exp->dp == f->dp))) {
alproto = exp->alproto; alproto = exp->alproto;
f->alproto_ts = alproto; f->alproto_ts = alproto;

2
src/app-layer-expectation.h
Unescape Escape View File

@ -27,7 +27,7 @@
void AppLayerExpectationSetup(void); void AppLayerExpectationSetup(void);
int AppLayerExpectationCreate(Flow *f, int direction, Port src, Port dst, int AppLayerExpectationCreate(Flow *f, int direction, Port src, Port dst,
AppProto alproto, void *data); AppProto alproto, void *data);
AppProto AppLayerExpectationHandle(Flow *f, int direction); AppProto AppLayerExpectationHandle(Flow *f, uint8_t flags);
int AppLayerExpectationGetDataId(void); int AppLayerExpectationGetDataId(void);
void AppLayerExpectationClean(Flow *f); void AppLayerExpectationClean(Flow *f);

Write Preview
Loading…
Cancel
Save