} TcpSegment;
typedef struct TcpStream_ {
- uint16_t flags; /**< Flag specific to the stream e.g. Timestamp */
+ uint16_t flags:12; /**< Flag specific to the stream e.g. Timestamp */
/* coccinelle: TcpStream:flags:STREAMTCP_STREAM_FLAG_ */
- uint8_t wscale; /**< wscale setting in this direction */
+ uint16_t wscale:4; /**< wscale setting in this direction, 4 bits as max val is 15 */
uint8_t os_policy; /**< target based OS policy used for reassembly and handling packets*/
+ uint8_t tcp_flags; /**< TCP flags seen */
uint32_t isn; /**< initial sequence number */
uint32_t next_seq; /**< next expected sequence number */
#define STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED 0x0100
/** Raw reassembly disabled for new segments */
#define STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED 0x0200
+// vacancy 2x
+/** NOTE: flags field is 12 bits */
+
/*
* Per SEGMENT flags
ssn->state = TCP_NONE;
ssn->flags = stream_config.ssn_init_flags;
ssn->tcp_packet_flags = p->tcph ? p->tcph->th_flags : 0;
+
+ if (PKT_IS_TOSERVER(p)) {
+ ssn->client.tcp_flags = p->tcph ? p->tcph->th_flags : 0;
+ ssn->server.tcp_flags = 0;
+ } else if (PKT_IS_TOCLIENT(p)) {
+ ssn->server.tcp_flags = p->tcph ? p->tcph->th_flags : 0;
+ ssn->client.tcp_flags = 0;
+ }
}
return ssn;
/* track TCP flags */
if (ssn != NULL) {
ssn->tcp_packet_flags |= p->tcph->th_flags;
+ if (PKT_IS_TOSERVER(p))
+ ssn->client.tcp_flags |= p->tcph->th_flags;
+ else if (PKT_IS_TOCLIENT(p))
+ ssn->server.tcp_flags |= p->tcph->th_flags;
}
/* update counters */
projects / thirdparty / suricata.git / commitdiff
