]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31a0783) | patch
app-layer-expectation: expectation system
authorEric Leblond <eric@regit.org>
Tue, 12 Sep 2017 13:11:01 +0000 (14:11 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 19 Dec 2017 20:00:15 +0000 (21:00 +0100)
commit140f8baed99498b734d42254175e141ea8cb784a
tree8ba785bba5277e487a14aeae620b0289ed56020etree
parent31a0783865cd0d4c4c8d4b5020620c534ea2e135commit | diff
app-layer-expectation: expectation system

This patch provides a working expectation system. This will allow
suricata to have a way to identify parallel connections opened by
a protocol such as FTP.

Expectation are a chained list and there is a cleaning by timeout
of the entries.

This patch also defined a counter of expectations that is also
used to check if we need to query IPPairs. This way we only query
the IPPairs store if we have an expectation.
src/Makefile.am diff | blob | blame | history
src/app-layer-detect-proto.c diff | blob | blame | history
src/app-layer-detect-proto.h diff | blob | blame | history
src/app-layer-expectation.c [new file with mode: 0644] blob
src/app-layer-expectation.h [new file with mode: 0644] blob
src/app-layer.c diff | blob | blame | history
src/flow.h diff | blob | blame | history
src/stream-tcp-util.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git