aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags

Browse Source
remotes/origin/master-1.1.x
Anoop Saldanha 15 years ago committed by Victor Julien
parent 0c94d910e4
commit fe6e41e3ef
5 changed files with 28 additions and 33 deletions
Show Stats Download Patch File Download Diff File

4
src/alert-debuglog.c
Unescape Escape View File

@ -221,7 +221,7 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n",
p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
p->flow->flags & FLOW_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n",
(p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p);
@ -315,7 +315,7 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n",
p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
p->flow->flags & FLOW_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n",
(p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p);

2
src/app-layer-parser.c
Unescape Escape View File

@ -1404,7 +1404,7 @@ static int AppLayerParserTest01 (void)
goto end;
}
if (!(f.alflags & FLOW_AL_NO_APPLAYER_INSPECTION))
if (!(f.flags & FLOW_NO_APPLAYER_INSPECTION))
{
printf("flag should have been set, but is not: ");
goto end;

8
src/app-layer.c
Unescape Escape View File

@ -133,7 +133,7 @@ int AppLayerHandleTCPData(AlpProtoDetectThreadCtx *dp_ctx, Flow *f,
alproto = f->alproto;
SCLogDebug("data_len %u flags %02X", data_len, flags);
if (!(f->alflags & FLOW_AL_NO_APPLAYER_INSPECTION)) {
if (!(f->flags & FLOW_NO_APPLAYER_INSPECTION)) {
/* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we
@ -313,7 +313,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
if (ssn != NULL) {
alproto = smsg->flow->alproto;
if (!(smsg->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION)) {
if (!(smsg->flow->flags & FLOW_NO_APPLAYER_INSPECTION)) {
/* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we
@ -488,7 +488,7 @@ int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p)
f->alproto = alproto;
f->flags |= FLOW_ALPROTO_DETECT_DONE;
r = AppLayerParse(f, alproto, f->alflags,
r = AppLayerParse(f, alproto, flags,
p->payload, p->payload_len);
} else {
f->flags |= FLOW_ALPROTO_DETECT_DONE;
@ -505,7 +505,7 @@ int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p)
/* if we don't have a data object here we are not getting it
* a start msg should have gotten us one */
if (alproto != ALPROTO_UNKNOWN) {
r = AppLayerParse(f, alproto, f->alflags,
r = AppLayerParse(f, alproto, flags,
p->payload, p->payload_len);
} else {
SCLogDebug(" udp session not start, but no l7 data? Weird");

3
src/flow-util.h
Unescape Escape View File

@ -50,7 +50,6 @@
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
(f)->aldata = NULL; \
(f)->alflags = 0; \
(f)->alproto = 0; \
(f)->tag_list = NULL; \
} while (0)
@ -84,7 +83,6 @@
SCFree((f)->aldata); \
(f)->aldata = NULL; \
} \
(f)->alflags = 0; \
(f)->alproto = 0; \
DetectTagDataListFree((f)->tag_list); \
(f)->tag_list = NULL; \
@ -107,7 +105,6 @@
SCFree((f)->aldata); \
(f)->aldata = NULL; \
} \
(f)->alflags = 0; \
(f)->alproto = 0; \
DetectTagDataListFree((f)->tag_list); \
(f)->tag_list = NULL; \

44
src/flow.h
Unescape Escape View File

@ -38,43 +38,44 @@
/* per flow flags */
/** At least on packet from the source address was seen */
#define FLOW_TO_SRC_SEEN 0x0001
#define FLOW_TO_SRC_SEEN 0x00000001
/** At least on packet from the destination address was seen */
#define FLOW_TO_DST_SEEN 0x0002
#define FLOW_TO_DST_SEEN 0x00000002
/** Flow lives in the flow-state-NEW list */
#define FLOW_NEW_LIST 0x0004
#define FLOW_NEW_LIST 0x00000004
/** Flow lives in the flow-state-EST (established) list */
#define FLOW_EST_LIST 0x0008
#define FLOW_EST_LIST 0x00000008
/** Flow lives in the flow-state-CLOSED list */
#define FLOW_CLOSED_LIST 0x0010
#define FLOW_CLOSED_LIST 0x00000010
/** Flow was inspected against IP-Only sigs in the toserver direction */
#define FLOW_TOSERVER_IPONLY_SET 0x0020
#define FLOW_TOSERVER_IPONLY_SET 0x00000020
/** Flow was inspected against IP-Only sigs in the toclient direction */
#define FLOW_TOCLIENT_IPONLY_SET 0x0040
#define FLOW_TOCLIENT_IPONLY_SET 0x00000040
/** Packet belonging to this flow should not be inspected at all */
#define FLOW_NOPACKET_INSPECTION 0x0080
#define FLOW_NOPACKET_INSPECTION 0x00000080
/** Packet payloads belonging to this flow should not be inspected */
#define FLOW_NOPAYLOAD_INSPECTION 0x0100
#define FLOW_NOPAYLOAD_INSPECTION 0x00000100
/** All packets in this flow should be dropped */
#define FLOW_ACTION_DROP 0x0200
#define FLOW_ACTION_DROP 0x00000200
/** All packets in this flow should be accepted */
#define FLOW_ACTION_PASS 0x0400
#define FLOW_ACTION_PASS 0x00000400
/** Sgh for toserver direction set (even if it's NULL) */
#define FLOW_SGH_TOSERVER 0x0800
#define FLOW_SGH_TOSERVER 0x00000800
/** Sgh for toclient direction set (even if it's NULL) */
#define FLOW_SGH_TOCLIENT 0x1000
#define FLOW_SGH_TOCLIENT 0x00001000
/** packet to server direction has been logged in drop file (only in IPS mode) */
#define FLOW_TOSERVER_DROP_LOGGED 0x2000
#define FLOW_TOSERVER_DROP_LOGGED 0x00002000
/** packet to client direction has been logged in drop file (only in IPS mode) */
#define FLOW_TOCLIENT_DROP_LOGGED 0x4000
#define FLOW_TOCLIENT_DROP_LOGGED 0x00004000
/** alproto detect done. Right now we need it only for udp */
#define FLOW_ALPROTO_DETECT_DONE 0x8000
#define FLOW_ALPROTO_DETECT_DONE 0x00008000
#define FLOW_NO_APPLAYER_INSPECTION 0x00010000
/* pkt flow flags */
#define FLOW_PKT_TOSERVER 0x01
@ -151,7 +152,7 @@ typedef struct Flow_
/* end of flow "header" */
uint16_t flags;
uint32_t flags;
/* ts of flow init and last update */
struct timeval lastts;
@ -164,8 +165,8 @@ typedef struct Flow_
/** mapping to Flow's protocol specific protocols for timeouts
and state and free functions. */
uint8_t protomap;
uint8_t pad0;
uint8_t alflags; /**< application level specific flags */
uint16_t alproto; /**< application level protocol */
/** how many pkts and stream msgs are using the flow *right now*. This
@ -176,7 +177,7 @@ typedef struct Flow_
*/
SC_ATOMIC_DECLARE(unsigned short, use_cnt);
uint16_t pad0;
uint16_t pad1;
void **aldata; /**< application level storage ptrs */
@ -214,9 +215,6 @@ typedef struct Flow_
} Flow;
/** Flow Application Level flags */
#define FLOW_AL_NO_APPLAYER_INSPECTION 0x04 /** \todo move to flow flags later */
enum {
FLOW_STATE_NEW = 0,
FLOW_STATE_ESTABLISHED,
@ -331,7 +329,7 @@ static inline void FlowSetNoPayloadInspectionFlag(Flow *f) {
* \param f *LOCKED* flow
*/
static inline void FlowSetSessionNoApplayerInspectionFlag(Flow *f) {
f->alflags |= FLOW_AL_NO_APPLAYER_INSPECTION;
f->flags |= FLOW_NO_APPLAYER_INSPECTION;
}

Write Preview
Loading…
Cancel
Save