flow: determine packet direction once per packet

diff --git a/src/flow.c b/src/flow.c
index 4b5de495740b3979119a9d54d44ab97ec95ecdc6..db90db96af905c394305f7e082402104d6140e1b 100644 (file)
--- a/src/flow.c
+++ b/src/flow.c
@@ -339,23 +339,24 @@ static inline int FlowUpdateSeenFlag(const Packet *p)
     return 1;
 }
 
-static inline void FlowUpdateTTL(Flow *f, Packet *p, uint8_t ttl)
+static inline void FlowUpdateTtlTS(Flow *f, Packet *p, uint8_t ttl)
 {
-    if (FlowGetPacketDirection(f, p) == TOSERVER) {
-        if (f->min_ttl_toserver == 0) {
-            f->min_ttl_toserver = ttl;
-        } else {
-            f->min_ttl_toserver = MIN(f->min_ttl_toserver, ttl);
-        }
-        f->max_ttl_toserver = MAX(f->max_ttl_toserver, ttl);
+    if (f->min_ttl_toserver == 0) {
+        f->min_ttl_toserver = ttl;
     } else {
-        if (f->min_ttl_toclient == 0) {
-            f->min_ttl_toclient = ttl;
-        } else {
-            f->min_ttl_toclient = MIN(f->min_ttl_toclient, ttl);
-        }
-        f->max_ttl_toclient = MAX(f->max_ttl_toclient, ttl);
+        f->min_ttl_toserver = MIN(f->min_ttl_toserver, ttl);
     }
+    f->max_ttl_toserver = MAX(f->max_ttl_toserver, ttl);
+}
+
+static inline void FlowUpdateTtlTC(Flow *f, Packet *p, uint8_t ttl)
+{
+    if (f->min_ttl_toclient == 0) {
+        f->min_ttl_toclient = ttl;
+    } else {
+        f->min_ttl_toclient = MIN(f->min_ttl_toclient, ttl);
+    }
+    f->max_ttl_toclient = MAX(f->max_ttl_toclient, ttl);
 }
 
 static inline void FlowUpdateEthernet(ThreadVars *tv, DecodeThreadVars *dtv,
@@ -390,6 +391,7 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
 {
     SCLogDebug("packet %"PRIu64" -- flow %p", p->pcap_cnt, f);
 
+    const int pkt_dir = FlowGetPacketDirection(f, p);
 #ifdef CAPTURE_OFFLOAD
     int state = f->flow_state;
 
@@ -420,7 +422,7 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
     }
 #endif
     /* update flags and counters */
-    if (FlowGetPacketDirection(f, p) == TOSERVER) {
+    if (pkt_dir == TOSERVER) {
         f->todstpktcnt++;
         f->todstbytecnt += GET_PKT_LEN(p);
         p->flowflags = FLOW_PKT_TOSERVER;
@@ -436,6 +438,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
             p->flags |= PKT_PROTO_DETECT_TS_DONE;
         }
         FlowUpdateEthernet(tv, dtv, f, p->ethh, true);
+        /* update flow's ttl fields if needed */
+        if (PKT_IS_IPV4(p)) {
+            FlowUpdateTtlTS(f, p, IPV4_GET_IPTTL(p));
+        } else if (PKT_IS_IPV6(p)) {
+            FlowUpdateTtlTS(f, p, IPV6_GET_HLIM(p));
+        }
     } else {
         f->tosrcpktcnt++;
         f->tosrcbytecnt += GET_PKT_LEN(p);
@@ -452,6 +460,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
             p->flags |= PKT_PROTO_DETECT_TC_DONE;
         }
         FlowUpdateEthernet(tv, dtv, f, p->ethh, false);
+        /* update flow's ttl fields if needed */
+        if (PKT_IS_IPV4(p)) {
+            FlowUpdateTtlTC(f, p, IPV4_GET_IPTTL(p));
+        } else if (PKT_IS_IPV6(p)) {
+            FlowUpdateTtlTC(f, p, IPV6_GET_HLIM(p));
+        }
     }
 
     if (f->flow_state == FLOW_STATE_ESTABLISHED) {
@@ -480,13 +494,6 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
         SCLogDebug("setting FLOW_NOPAYLOAD_INSPECTION flag on flow %p", f);
         DecodeSetNoPayloadInspectionFlag(p);
     }
-
-    /* update flow's ttl fields if needed */
-    if (PKT_IS_IPV4(p)) {
-        FlowUpdateTTL(f, p, IPV4_GET_IPTTL(p));
-    } else if (PKT_IS_IPV6(p)) {
-        FlowUpdateTTL(f, p, IPV6_GET_HLIM(p));
-    }
 }
 
 /** \brief Entry point for packet flow handling