mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
a0732d3db2
A flow has 3 states: NEW, ESTABLISHED and CLOSED. For all protocols except TCP, a flow is in state NEW as long as just one side of the conversation has been seen. When both sides have been observed the state is moved to ESTABLISHED. TCP has a different logic, controlled by the stream engine. Here the TCP state is leading. Until now, when parts of the engine needed to know the flow state, it would invoke a per protocol callback 'GetProtoState'. For TCP this would return the state based on the TcpSession. This patch changes this logic. It introduces an atomic variable in the flow 'flow_state'. It defaults to NEW and is set to ESTABLISHED for non- TCP protocols when we've seen both sides of the conversation. For TCP, the state is updated from the TCP engine directly. The goal is to allow for access to the state without holding the Flow's main mutex lock. This will later allow the Flow Manager(s) to evaluate the Flow w/o interupting it. |
11 years ago | |
|---|---|---|
| benches | ||
| contrib | ||
| doc | ||
| lua | 11 years ago | |
| m4 | ||
| qa | 11 years ago | |
| rules | 11 years ago | |
| scripts | 11 years ago | |
| src | 11 years ago | |
| .gitignore | ||
| .travis.yml | 11 years ago | |
| COPYING | ||
| ChangeLog | 11 years ago | |
| LICENSE | ||
| Makefile.am | 11 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | ||
| classification.config | ||
| config.rpath | ||
| configure.ac | 11 years ago | |
| doxygen.cfg | ||
| reference.config | 11 years ago | |
| suricata.yaml.in | 11 years ago | |
| threshold.config | ||