#include "ips_options/ips_flowbits.h"
#include "memory/memory_cap.h"
#include "protocols/packet.h"
+#include "protocols/tcp.h"
#include "sfip/sf_ip.h"
#include "utils/stats.h"
#include "utils/util.h"
}
}
+void Flow::set_client_initiate(Packet* p)
+{
+ if (p->pkth->flags & DAQ_PKT_FLAG_REV_FLOW)
+ flags.client_initiated = p->is_from_server();
+ // If we are tracking on syn, client initiated follows from client
+ else if (p->context->conf->track_on_syn())
+ flags.client_initiated = p->is_from_client();
+ // If not tracking on SYN and the packet is a SYN-ACK, assume the SYN did not create a
+ // session and client initiated follows from server
+ else if (p->is_tcp() and p->ptrs.tcph->is_syn_ack())
+ flags.client_initiated = p->is_from_server();
+ // Otherwise, client initiated follows from client
+ else
+ flags.client_initiated = p->is_from_client();
+}
+
void Flow::set_direction(Packet* p)
{
ip::IpApi* ip_api = &p->ptrs.ip_api;
void call_handlers(Packet* p, bool eof = false);
void markup_packet_flags(Packet*);
+ void set_client_initiate(Packet*);
void set_direction(Packet*);
void set_expire(const Packet*, uint32_t timeout);
bool expired(const Packet*);
++news;
flow->flowstats.start_time = p->pkth->ts;
- // If DAQ specifies reverse flow, client initiated follows from server
- if (p->pkth->flags & DAQ_PKT_FLAG_REV_FLOW)
- flow->flags.client_initiated = p->is_from_server();
- // If we are tracking on syn, client initiated follows from client
- else if (p->context->conf->track_on_syn())
- flow->flags.client_initiated = p->is_from_client();
- // If not tracking on SYN and the packet is a SYN-ACK, assume the SYN did not create a
- // session and client initiated follows from server
- else if (p->is_tcp() && p->ptrs.tcph->is_syn_ack())
- flow->flags.client_initiated = p->is_from_server();
- // Otherwise, client initiated follows from client
- else
- flow->flags.client_initiated = p->is_from_client();
+ flow->set_client_initiate(p);
}
// This requires the packet direction to be set
if( p && no_flow_found && flow && flow->session )
{
flow->session->setup(p);
+ flow->set_direction(p);
+ flow->set_client_initiate(p);
+
+ if (p->is_from_client())
+ {
+ flow->client_intf = p->pkth->ingress_index;
+ flow->server_intf = p->pkth->egress_index;
+ flow->client_group = p->pkth->ingress_group;
+ flow->server_group = p->pkth->egress_group;
+ }
+ else
+ {
+ flow->client_intf = p->pkth->egress_index;
+ flow->server_intf = p->pkth->ingress_index;
+ flow->client_group = p->pkth->egress_group;
+ flow->server_group = p->pkth->ingress_group;
+ }
}
return flow;
void DataBus::publish(const char*, const uint8_t*, unsigned, Flow*) { }
void DataBus::publish(const char*, Packet*, Flow*) { }
const SnortConfig* SnortConfig::get_conf() { return nullptr; }
+void Flow::set_client_initiate(Packet*) { }
void Flow::set_direction(Packet*) { }
void set_inspection_policy(const SnortConfig*, unsigned) { }
void set_ips_policy(const SnortConfig*, unsigned) { }
void DataBus::publish(const char*, Packet*, Flow*) { }
const SnortConfig* SnortConfig::get_conf() { return nullptr; }
void FlowCache::unlink_uni(Flow*) { }
+void Flow::set_client_initiate(Packet*) { }
void Flow::set_direction(Packet*) { }
void set_inspection_policy(const SnortConfig*, unsigned) { }
void set_ips_policy(const SnortConfig*, unsigned) { }
FlowStash::~FlowStash() { }
+void Flow::set_client_initiate(Packet*) { }
+void Flow::set_direction(Packet*) { }
+
SideChannel* SideChannelManager::get_side_channel(SCPort)
{ return &s_side_channel; }
projects / thirdparty / snort3.git / commitdiff
