MINOR: net_helper: add an option to ip.fp() to append the TTL to the fingerprint

With mode value 1, the TTL will be appended immediately after the 7 bytes,
making it a 8-byte fingerprint.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 0f865d8d64e5ad94b4b998fec2f887e17d8f6006..8dab2c865f281eebc34a47b2ae6ec49b7fd1429b 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -21143,6 +21143,7 @@ ip.fp([<mode>])
   value, it then corresponds to the sum of the following values, and the
   respective components will be concatenated to the fingerprint, in the order
   below:
+    -   1: the received TTL value is appended to the fingerprint (1 byte)
     -   2: the list of TCP option kinds, as returned by "tcp.options_list",
            made of 0 to 40 extra bytes, is appended to the fingerprint
 

diff --git a/src/net_helper.c b/src/net_helper.c
index 4a187b37504bf21ef8b6066c6797b95b1a039ab8..49a0d5ed45133108996ac1cf51c416ef4cd87f82 100644 (file)
--- a/src/net_helper.c
+++ b/src/net_helper.c
@@ -722,6 +722,9 @@ static int sample_conv_ip_fp(const struct arg *arg_p, struct sample *smp, void *
        /* store the TOS in the FP's first byte */
        trash->area[0] = iptos;
 
+       if (mode & 1) // append TTL
+               trash->area[trash->data++] = ipttl;
+
        /* keep only two bits for TTL: <=32, <=64, <=128, <=255 */
        ipttl = (ipttl > 64) ? ((ipttl > 128) ? 3 : 2) : ((ipttl > 32) ? 1 : 0);