return 1;
}
+static inline void FlowUpdateTTL(Flow *f, Packet *p, uint8_t ttl)
+{
+ if (FlowGetPacketDirection(f, p) == TOSERVER) {
+ if (ttl < f->min_ttl_toserver) {
+ f->min_ttl_toserver = ttl;
+ } else if (f->min_ttl_toserver == 0) {
+ f->min_ttl_toserver = ttl;
+ }
+ if (ttl > f->max_ttl_toserver) {
+ f->max_ttl_toserver = ttl;
+ }
+ } else {
+ if (ttl < f->min_ttl_toclient) {
+ f->min_ttl_toclient = ttl;
+ } else if (f->min_ttl_toclient == 0) {
+ f->min_ttl_toclient = ttl;
+ }
+ if (ttl > f->max_ttl_toclient) {
+ f->max_ttl_toclient = ttl;
+ }
+ }
+}
+
/** \brief Update Packet and Flow
*
* Updates packet and flow based on the new packet.
/* update flow's ttl fields if needed */
if (PKT_IS_IPV4(p)) {
uint8_t ttl = IPV4_GET_IPTTL(p);
- if (ttl < f->min_ttl) {
- f->min_ttl = ttl;
- } else if (ttl > f->max_ttl) {
- f->max_ttl = ttl;
- }
+ FlowUpdateTTL(f, p, ttl);
} else if (PKT_IS_IPV6(p)) {
uint8_t ttl = IPV6_GET_HLIM(p);
- if (ttl < f->min_ttl) {
- f->min_ttl = ttl;
- } else if (ttl > f->max_ttl) {
- f->max_ttl = ttl;
- }
+ FlowUpdateTTL(f, p, ttl);
}
}
} while (0)
#define FLOW_SET_IPV4_TTL_FROM_PACKET(p, f) do { \
- (f)->min_ttl = IPV4_GET_IPTTL((p)); \
- (f)->max_ttl = IPV4_GET_IPTTL((p)); \
+ (f)->min_ttl_toserver = IPV4_GET_IPTTL((p)); \
+ (f)->max_ttl_toserver = IPV4_GET_IPTTL((p)); \
} while (0)
#define FLOW_SET_IPV6_HLIM_FROM_PACKET(p, f) do { \
- (f)->min_ttl = IPV6_GET_HLIM((p)); \
- (f)->max_ttl = IPV6_GET_HLIM((p)); \
+ (f)->min_ttl_toserver = IPV6_GET_HLIM((p)); \
+ (f)->max_ttl_toserver = IPV6_GET_HLIM((p)); \
} while (0)
/* pkt flow flags */
};
uint8_t proto;
uint8_t recursion_level;
- uint8_t min_ttl;
- uint8_t max_ttl;
+ uint8_t min_ttl_toserver;
+ uint8_t max_ttl_toserver;
+ uint8_t min_ttl_toclient;
+ uint8_t max_ttl_toclient;
uint16_t vlan_id[2];
/** flow hash - the flow hash before hash table size mod. */
json_object_set_new(hjs, "age",
json_integer(age));
- json_object_set_new(hjs, "min_ttl", json_integer(f->min_ttl));
- json_object_set_new(hjs, "max_ttl", json_integer(f->max_ttl));
+ json_object_set_new(hjs, "min_ttl", json_integer(f->min_ttl_toserver));
+ json_object_set_new(hjs, "max_ttl", json_integer(f->max_ttl_toserver));
json_object_set_new(js, "netflow", hjs);
json_object_set_new(hjs, "age",
json_integer(age));
+ /* To client is zero if we did not see any packet */
+ if (f->max_ttl_toclient) {
+ json_object_set_new(hjs, "min_ttl", json_integer(f->min_ttl_toclient));
+ json_object_set_new(hjs, "max_ttl", json_integer(f->max_ttl_toclient));
+ }
+
json_object_set_new(js, "netflow", hjs);
/* TCP */
projects / thirdparty / suricata.git / commitdiff
