int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_proto,
const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort, char direction,
FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction, bool expect_multi,
- bool bidirectional)
+ bool bidirectional, bool expect_persist)
{
/* Just pull the VLAN ID, MPLS ID, and Address Space ID from the
control packet until we have a use case for not doing so. */
if (bidirectional)
flag |= DAQ_EFLOW_BIDIRECTIONAL;
+ if (expect_persist)
+ flag |= DAQ_EFLOW_PERSIST;
+
ctrlPkt->daq_instance->add_expected(ctrlPkt, cliIP, cliPort, srvIP, srvPort,
ip_proto, 1000, flag);
}
int add_flow(const snort::Packet *ctrlPkt, PktType, IpProtocol, const snort::SfIp* cliIP,
uint16_t cliPort, const snort::SfIp* srvIP, uint16_t srvPort, char direction,
snort::FlowData*, SnortProtocolId snort_protocol_id = UNKNOWN_PROTOCOL_ID,
- bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false);
+ bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false,
+ bool expect_persist = false);
bool is_expected(snort::Packet*);
bool check(snort::Packet*, snort::Flow*);
int FlowControl::add_expected( const Packet* ctrlPkt, PktType type, IpProtocol ip_proto,
const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort,
SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi,
- bool bidirectional)
+ bool bidirectional, bool expect_persist)
{
return exp_cache->add_flow( ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort,
- SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi, bidirectional);
+ SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi, bidirectional, expect_persist);
}
bool FlowControl::is_expected(Packet* p)
int add_expected(const snort::Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp *srcIP,
uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, SnortProtocolId snort_protocol_id,
snort::FlowData*, bool swap_app_direction = false, bool expect_multi = false,
- bool bidirectional = false);
+ bool bidirectional = false, bool expect_persist = false);
class ExpectCache* get_exp_cache()
{ return exp_cache; }
int ExpectCache::add_flow(const Packet*, PktType, IpProtocol, const SfIp*, uint16_t,
- const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool, bool, bool)
+ const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool, bool, bool, bool)
{
return 1;
}
PktType, IpProtocol,
const SfIp*, uint16_t,
const SfIp*, uint16_t,
- char, FlowData*, SnortProtocolId, bool, bool, bool)
+ char, FlowData*, SnortProtocolId, bool, bool, bool, bool)
{
return 1;
}
if (flags & DAQ_EFLOW_BIDIRECTIONAL)
d_cef.flags |= DAQ_EFLOW_BIDIRECTIONAL;
+
+ if (flags & DAQ_EFLOW_PERSIST)
+ d_cef.flags |= DAQ_EFLOW_PERSIST;
/*
if (flags & DAQ_DC_FLOAT)
d_cef.flags |= DAQ_EFLOW_FLOAT;
if (flags & DAQ_DC_ALLOW_MULTIPLE)
d_cef.flags |= DAQ_EFLOW_ALLOW_MULTIPLE;
- if (flags & DAQ_DC_PERSIST)
- d_cef.flags |= DAQ_EFLOW_PERSIST;
*/
d_cef.timeout_ms = timeout_ms;
// Opaque data blob for expected flows is currently unused/unimplemented
fd->dce2_tcp_session.sd.config = (void*)&pc;
if (Stream::set_snort_protocol_id_expected(pkt, type,
- proto, src_ip, src_port, dst_ip, dst_port, protocol_id, fd))
+ proto, src_ip, src_port, dst_ip, dst_port, protocol_id, fd, false, false, false, true))
{
delete fd;
return -1;
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi,
- bool bidirectional)
+ bool bidirectional, bool expect_persist)
{
assert(flow_con);
return flow_con->add_expected(
ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, snort_protocol_id, fd,
- swap_app_direction, expect_multi, bidirectional);
+ swap_app_direction, expect_multi, bidirectional, expect_persist);
}
void Stream::set_snort_protocol_id_from_ha(
static int set_snort_protocol_id_expected(
const Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp* srcIP, uint16_t srcPort,
const snort::SfIp* dstIP, uint16_t dstPort, SnortProtocolId, FlowData*,
- bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false);
+ bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false,
+ bool expect_persist = false);
// Get pointer to application data for a flow based on the lookup tuples for cases where
// Snort does not have an active packet that is relevant.
projects / thirdparty / snort3.git / commitdiff
