aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags

Browse Source
remotes/origin/master-1.1.x
Anoop Saldanha 15 years ago committed by Victor Julien
parent 0c94d910e4
commit fe6e41e3ef
5 changed files with 28 additions and 33 deletions
Show Stats Download Patch File Download Diff File

4
src/alert-debuglog.c
Unescape Escape View File

@ -221,7 +221,7 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n", fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n",
p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE", p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE", p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE"); p->flow->flags & FLOW_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n", fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n",
(p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto); (p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p); AlertDebugLogFlowVars(aft, p);
@ -315,7 +315,7 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n", fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n",
p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE", p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE", p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE"); p->flow->flags & FLOW_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n", fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n",
(p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto); (p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p); AlertDebugLogFlowVars(aft, p);

2
src/app-layer-parser.c
Unescape Escape View File

@ -1404,7 +1404,7 @@ static int AppLayerParserTest01 (void)
goto end; goto end;
} }
if (!(f.alflags & FLOW_AL_NO_APPLAYER_INSPECTION)) if (!(f.flags & FLOW_NO_APPLAYER_INSPECTION))
{ {
printf("flag should have been set, but is not: "); printf("flag should have been set, but is not: ");
goto end; goto end;

8
src/app-layer.c
Unescape Escape View File

@ -133,7 +133,7 @@ int AppLayerHandleTCPData(AlpProtoDetectThreadCtx *dp_ctx, Flow *f,
alproto = f->alproto; alproto = f->alproto;
SCLogDebug("data_len %u flags %02X", data_len, flags); SCLogDebug("data_len %u flags %02X", data_len, flags);
if (!(f->alflags & FLOW_AL_NO_APPLAYER_INSPECTION)) { if (!(f->flags & FLOW_NO_APPLAYER_INSPECTION)) {
/* if we don't know the proto yet and we have received a stream /* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection. * initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we * We receive 2 stream init msgs (one for each direction) but we
@ -313,7 +313,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
if (ssn != NULL) { if (ssn != NULL) {
alproto = smsg->flow->alproto; alproto = smsg->flow->alproto;
if (!(smsg->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION)) { if (!(smsg->flow->flags & FLOW_NO_APPLAYER_INSPECTION)) {
/* if we don't know the proto yet and we have received a stream /* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection. * initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we * We receive 2 stream init msgs (one for each direction) but we
@ -488,7 +488,7 @@ int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p)
f->alproto = alproto; f->alproto = alproto;
f->flags |= FLOW_ALPROTO_DETECT_DONE; f->flags |= FLOW_ALPROTO_DETECT_DONE;
r = AppLayerParse(f, alproto, f->alflags, r = AppLayerParse(f, alproto, flags,
p->payload, p->payload_len); p->payload, p->payload_len);
} else { } else {
f->flags |= FLOW_ALPROTO_DETECT_DONE; f->flags |= FLOW_ALPROTO_DETECT_DONE;
@ -505,7 +505,7 @@ int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p)
/* if we don't have a data object here we are not getting it /* if we don't have a data object here we are not getting it
* a start msg should have gotten us one */ * a start msg should have gotten us one */
if (alproto != ALPROTO_UNKNOWN) { if (alproto != ALPROTO_UNKNOWN) {
r = AppLayerParse(f, alproto, f->alflags, r = AppLayerParse(f, alproto, flags,
p->payload, p->payload_len); p->payload, p->payload_len);
} else { } else {
SCLogDebug(" udp session not start, but no l7 data? Weird"); SCLogDebug(" udp session not start, but no l7 data? Weird");

3
src/flow-util.h
Unescape Escape View File

@ -50,7 +50,6 @@
(f)->sgh_toserver = NULL; \ (f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \ (f)->sgh_toclient = NULL; \
(f)->aldata = NULL; \ (f)->aldata = NULL; \
(f)->alflags = 0; \
(f)->alproto = 0; \ (f)->alproto = 0; \
(f)->tag_list = NULL; \ (f)->tag_list = NULL; \
} while (0) } while (0)
@ -84,7 +83,6 @@
SCFree((f)->aldata); \ SCFree((f)->aldata); \
(f)->aldata = NULL; \ (f)->aldata = NULL; \
} \ } \
(f)->alflags = 0; \
(f)->alproto = 0; \ (f)->alproto = 0; \
DetectTagDataListFree((f)->tag_list); \ DetectTagDataListFree((f)->tag_list); \
(f)->tag_list = NULL; \ (f)->tag_list = NULL; \
@ -107,7 +105,6 @@
SCFree((f)->aldata); \ SCFree((f)->aldata); \
(f)->aldata = NULL; \ (f)->aldata = NULL; \
} \ } \
(f)->alflags = 0; \
(f)->alproto = 0; \ (f)->alproto = 0; \
DetectTagDataListFree((f)->tag_list); \ DetectTagDataListFree((f)->tag_list); \
(f)->tag_list = NULL; \ (f)->tag_list = NULL; \

44
src/flow.h
Unescape Escape View File

@ -38,43 +38,44 @@
/* per flow flags */ /* per flow flags */
/** At least on packet from the source address was seen */ /** At least on packet from the source address was seen */
#define FLOW_TO_SRC_SEEN 0x0001 #define FLOW_TO_SRC_SEEN 0x00000001
/** At least on packet from the destination address was seen */ /** At least on packet from the destination address was seen */
#define FLOW_TO_DST_SEEN 0x0002 #define FLOW_TO_DST_SEEN 0x00000002
/** Flow lives in the flow-state-NEW list */ /** Flow lives in the flow-state-NEW list */
#define FLOW_NEW_LIST 0x0004 #define FLOW_NEW_LIST 0x00000004
/** Flow lives in the flow-state-EST (established) list */ /** Flow lives in the flow-state-EST (established) list */
#define FLOW_EST_LIST 0x0008 #define FLOW_EST_LIST 0x00000008
/** Flow lives in the flow-state-CLOSED list */ /** Flow lives in the flow-state-CLOSED list */
#define FLOW_CLOSED_LIST 0x0010 #define FLOW_CLOSED_LIST 0x00000010
/** Flow was inspected against IP-Only sigs in the toserver direction */ /** Flow was inspected against IP-Only sigs in the toserver direction */
#define FLOW_TOSERVER_IPONLY_SET 0x0020 #define FLOW_TOSERVER_IPONLY_SET 0x00000020
/** Flow was inspected against IP-Only sigs in the toclient direction */ /** Flow was inspected against IP-Only sigs in the toclient direction */
#define FLOW_TOCLIENT_IPONLY_SET 0x0040 #define FLOW_TOCLIENT_IPONLY_SET 0x00000040
/** Packet belonging to this flow should not be inspected at all */ /** Packet belonging to this flow should not be inspected at all */
#define FLOW_NOPACKET_INSPECTION 0x0080 #define FLOW_NOPACKET_INSPECTION 0x00000080
/** Packet payloads belonging to this flow should not be inspected */ /** Packet payloads belonging to this flow should not be inspected */
#define FLOW_NOPAYLOAD_INSPECTION 0x0100 #define FLOW_NOPAYLOAD_INSPECTION 0x00000100
/** All packets in this flow should be dropped */ /** All packets in this flow should be dropped */
#define FLOW_ACTION_DROP 0x0200 #define FLOW_ACTION_DROP 0x00000200
/** All packets in this flow should be accepted */ /** All packets in this flow should be accepted */
#define FLOW_ACTION_PASS 0x0400 #define FLOW_ACTION_PASS 0x00000400
/** Sgh for toserver direction set (even if it's NULL) */ /** Sgh for toserver direction set (even if it's NULL) */
#define FLOW_SGH_TOSERVER 0x0800 #define FLOW_SGH_TOSERVER 0x00000800
/** Sgh for toclient direction set (even if it's NULL) */ /** Sgh for toclient direction set (even if it's NULL) */
#define FLOW_SGH_TOCLIENT 0x1000 #define FLOW_SGH_TOCLIENT 0x00001000
/** packet to server direction has been logged in drop file (only in IPS mode) */ /** packet to server direction has been logged in drop file (only in IPS mode) */
#define FLOW_TOSERVER_DROP_LOGGED 0x2000 #define FLOW_TOSERVER_DROP_LOGGED 0x00002000
/** packet to client direction has been logged in drop file (only in IPS mode) */ /** packet to client direction has been logged in drop file (only in IPS mode) */
#define FLOW_TOCLIENT_DROP_LOGGED 0x4000 #define FLOW_TOCLIENT_DROP_LOGGED 0x00004000
/** alproto detect done. Right now we need it only for udp */ /** alproto detect done. Right now we need it only for udp */
#define FLOW_ALPROTO_DETECT_DONE 0x8000 #define FLOW_ALPROTO_DETECT_DONE 0x00008000
#define FLOW_NO_APPLAYER_INSPECTION 0x00010000
/* pkt flow flags */ /* pkt flow flags */
#define FLOW_PKT_TOSERVER 0x01 #define FLOW_PKT_TOSERVER 0x01
@ -151,7 +152,7 @@ typedef struct Flow_
/* end of flow "header" */ /* end of flow "header" */
uint16_t flags; uint32_t flags;
/* ts of flow init and last update */ /* ts of flow init and last update */
struct timeval lastts; struct timeval lastts;
@ -164,8 +165,8 @@ typedef struct Flow_
/** mapping to Flow's protocol specific protocols for timeouts /** mapping to Flow's protocol specific protocols for timeouts
and state and free functions. */ and state and free functions. */
uint8_t protomap; uint8_t protomap;
uint8_t pad0;
uint8_t alflags; /**< application level specific flags */
uint16_t alproto; /**< application level protocol */ uint16_t alproto; /**< application level protocol */
/** how many pkts and stream msgs are using the flow *right now*. This /** how many pkts and stream msgs are using the flow *right now*. This
@ -176,7 +177,7 @@ typedef struct Flow_
*/ */
SC_ATOMIC_DECLARE(unsigned short, use_cnt); SC_ATOMIC_DECLARE(unsigned short, use_cnt);
uint16_t pad0; uint16_t pad1;
void **aldata; /**< application level storage ptrs */ void **aldata; /**< application level storage ptrs */
@ -214,9 +215,6 @@ typedef struct Flow_
} Flow; } Flow;
/** Flow Application Level flags */
#define FLOW_AL_NO_APPLAYER_INSPECTION 0x04 /** \todo move to flow flags later */
enum { enum {
FLOW_STATE_NEW = 0, FLOW_STATE_NEW = 0,
FLOW_STATE_ESTABLISHED, FLOW_STATE_ESTABLISHED,
@ -331,7 +329,7 @@ static inline void FlowSetNoPayloadInspectionFlag(Flow *f) {
* \param f *LOCKED* flow * \param f *LOCKED* flow
*/ */
static inline void FlowSetSessionNoApplayerInspectionFlag(Flow *f) { static inline void FlowSetSessionNoApplayerInspectionFlag(Flow *f) {
f->alflags |= FLOW_AL_NO_APPLAYER_INSPECTION; f->flags |= FLOW_NO_APPLAYER_INSPECTION;
} }

Write Preview
Loading…
Cancel
Save