static bool parse_flowstats(DAQ_MsgType type, const char* line, HextMsgDesc *desc)
{
#define FLOWSTATS_FORMAT \
- "%" SCNi32 " " /* ingressZone */ \
- "%" SCNi32 " " /* egressZone */ \
+ "%" SCNi16 " " /* ingressGroup */ \
+ "%" SCNi16 " " /* egressGroup */ \
"%" SCNi32 " " /* ingressIntf */ \
"%" SCNi32 " " /* egressIntf */ \
"%s " /* srcAddr */ \
Flow_Stats_t* f = &desc->flowstats;
char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
uint32_t sof_sec, eof_sec;
- int rval = sscanf(line, FLOWSTATS_FORMAT, &f->ingressZone, &f->egressZone, &f->ingressIntf,
+ int rval = sscanf(line, FLOWSTATS_FORMAT, &f->ingressGroup, &f->egressGroup, &f->ingressIntf,
&f->egressIntf, srcaddr, &f->initiatorPort, dstaddr, &f->responderPort, &f->opaque,
&f->initiatorPkts, &f->responderPkts, &f->initiatorPktsDropped, &f->responderPktsDropped,
&f->initiatorBytesDropped, &f->responderBytesDropped, &f->isQoSAppliedOnSrcIntf,
if ( config_key.find("Analyze", 0, sizeof("Analyze")-1) != 0 )
continue;
- int64_t zone = DF_ANY_ZONE;
- string config_zone("");
- line_stream >> config_zone;
- if ( !config_zone.empty() and config_zone != "-1" )
+ int64_t intf = DF_ANY_INTF;
+ string config_intf("");
+ line_stream >> config_intf;
+ if ( !config_intf.empty() and config_intf != "-1" )
{
- if (config_zone == "0")
- zone = 0;
+ if (config_intf == "0")
+ intf = 0;
else
{
- zone = strtol(config_zone.c_str(), nullptr, 0);
- if ( zone < 1 or zone >= DF_ANY_ZONE )
+ intf = strtol(config_intf.c_str(), nullptr, 0);
+ if ( intf < 1 or intf >= DF_ANY_INTF )
{
- WarningMessage("Discovery Filter: Invalid zone at line %u from %s;"
+ WarningMessage("Discovery Filter: Invalid interface at line %u from %s;"
" supported range is -1 (any) to %d\n", line_num,
- conf_path.c_str(), DF_ANY_ZONE-1);
+ conf_path.c_str(), DF_ANY_INTF-1);
continue;
}
}
// host or user discovery will also enable application discovery
if ( config_key == "AnalyzeApplication" )
{
- add_ip(DF_APP, zone, config_value);
+ add_ip(DF_APP, intf, config_value);
}
else if ( config_key == "AnalyzeHost" )
{
- add_ip(DF_APP, zone, config_value);
- add_ip(DF_HOST, zone, config_value);
+ add_ip(DF_APP, intf, config_value);
+ add_ip(DF_HOST, intf, config_value);
}
else if ( config_key == "AnalyzeUser" )
{
- add_ip(DF_APP, zone, config_value);
- add_ip(DF_USER, zone, config_value);
+ add_ip(DF_APP, intf, config_value);
+ add_ip(DF_USER, intf, config_value);
}
else if ( config_key == "AnalyzeHostUser" or config_key == "Analyze" )
{
- add_ip(DF_APP, zone, config_value);
- add_ip(DF_HOST, zone, config_value);
- add_ip(DF_USER, zone, config_value);
+ add_ip(DF_APP, intf, config_value);
+ add_ip(DF_HOST, intf, config_value);
+ add_ip(DF_USER, intf, config_value);
}
}
else if ( config_type == "portexclusion" )
}
- // Merge any-zone rules to zone-based rules
+ // Merge any-interface rules to interface-based rules
for (int type = DF_APP; type < DF_MAX; ++type)
{
- auto any_list = get_list((FilterType)type, DF_ANY_ZONE);
+ auto any_list = get_list((FilterType)type, DF_ANY_INTF);
if (!any_list)
continue;
- for (auto& zone_entry : zone_ip_list[type])
+ for (auto& intf_entry : intf_ip_list[type])
{
- if (zone_entry.second != any_list and
- sfvar_add(zone_entry.second, any_list) != SFIP_SUCCESS)
+ if (intf_entry.second != any_list and
+ sfvar_add(intf_entry.second, any_list) != SFIP_SUCCESS)
WarningMessage("Discovery Filter: Failed to add any network list "
- "to zone network list for type %d", type);
+ "to interface network list for type %d", type);
}
}
bool DiscoveryFilter::is_monitored(const Packet* p, FilterType type, const SfIp* ip)
{
if ( !vartable )
- return true; // when not configured, 'any' ip/port/zone are monitored by default
+ return true; // when not configured, 'any' ip/port/interface are monitored by default
// port exclusion
if ( is_port_excluded(p) )
return false;
- // check zone
- if (zone_ip_list[type].empty())
+ // check interface
+ if (intf_ip_list[type].empty())
return false; // the configuration did not have this type of rule
- auto zone = p->pkth->ingress_group;
- if ( zone == DAQ_PKTHDR_UNKNOWN or zone < 0 )
- zone = DF_ANY_ZONE;
- auto varip = get_list(type, zone, true);
- if (!varip and zone != DF_ANY_ZONE)
- varip = get_list(type, DF_ANY_ZONE, true);
+ auto intf = (int32_t)p->pkth->ingress_index;
+ if ( intf == DAQ_PKTHDR_UNKNOWN or intf < 0 )
+ intf = DF_ANY_INTF;
+ auto varip = get_list(type, intf, true);
+ if (!varip and intf != DF_ANY_INTF)
+ varip = get_list(type, DF_ANY_INTF, true);
if (!p->ptrs.ip_api.get_src() and !ip)
return true; // Don't check for non-IP, non ARP
return false;
}
-void DiscoveryFilter::add_ip(FilterType type, ZoneType zone, string& ip)
+void DiscoveryFilter::add_ip(FilterType type, IntfType intf, string& ip)
{
- auto varip = get_list(type, zone);
+ auto varip = get_list(type, intf);
if ( varip )
sfvt_add_to_var(vartable, varip, ip.c_str());
else
{
string named_ip = to_string((int)type);
named_ip += "_";
- named_ip += to_string(zone);
+ named_ip += to_string(intf);
named_ip += " ";
named_ip += ip;
if ( sfvt_add_str(vartable, named_ip.c_str(), &varip) == SFIP_SUCCESS )
- zone_ip_list[type].emplace(zone, varip);
+ intf_ip_list[type].emplace(intf, varip);
}
}
-sfip_var_t* DiscoveryFilter::get_list(FilterType type, ZoneType zone, bool exclude_empty)
+sfip_var_t* DiscoveryFilter::get_list(FilterType type, IntfType intf, bool exclude_empty)
{
- auto& list = zone_ip_list[type];
- auto entry = list.find(zone);
+ auto& list = intf_ip_list[type];
+ auto entry = list.find(intf);
// If head is empty and the boolean flag is true, treat every IP as excluded. The flag
// is not used during parsing when we are still building, it is used during searching.
string conf("test.txt");
ofstream out_stream(conf.c_str());
out_stream << "config Error\n"; // invalid
- out_stream << "config AnalyzeUser ::/0 0\n"; // any ipv6, zone 0
- out_stream << "config AnalyzeApplication 1.1.1.0/24 -1\n"; // targeted ipv4, any zone
+ out_stream << "config AnalyzeUser ::/0 0\n"; // any ipv6, interface 0
+ out_stream << "config AnalyzeApplication 1.1.1.0/24 -1\n"; // targeted ipv4, any interface
out_stream.close();
Packet p;
SfIp ip;
- ip.set("1.1.1.1"); // zone 0 by default
+ ip.set("1.1.1.1"); // interface 0 by default
p.ptrs.ip_api.set(ip, ip);
DiscoveryFilter df(conf);
// Without flag
- CHECK(df.is_app_monitored(&p, nullptr) == true); // any zone rule for app is added to zone 0
+ CHECK(df.is_app_monitored(&p, nullptr) == true); // any interface rule for app is added to interface 0
CHECK(df.is_host_monitored(&p, nullptr) == false); // no rule for host
- CHECK(df.is_user_monitored(&p, nullptr) == false); // no any zone rule for user
+ CHECK(df.is_user_monitored(&p, nullptr) == false); // no any interface rule for user
// With flag
uint8_t flag = 0;
remove("test_empty_analyze.txt");
}
-TEST_CASE("Discovery Filter Zone", "[is_monitored_zone_vs_ip]")
+TEST_CASE("Discovery Filter Intf", "[is_monitored_intf_vs_ip]")
{
- string conf("test_zone_ip.txt");
+ string conf("test_intf_ip.txt");
ofstream out_stream(conf.c_str());
- out_stream << "config AnalyzeHost 1.1.1.1 -1\n"; // zone any
- out_stream << "config AnalyzeHost 1.1.1.2 0\n"; // zone 0
- out_stream << "config AnalyzeHost 1.1.1.3 2\n"; // zone 2
- out_stream << "config AnalyzeHost 1.1.1.4 -3\n"; // zone out of range
- out_stream << "config AnalyzeHost 1.1.1.5 2147483648\n"; // zone out of range
- out_stream << "config AnalyzeHost 1.1.1.6 kidding\n"; // zone invalid
+ out_stream << "config AnalyzeHost 1.1.1.1 -1\n"; // interface any
+ out_stream << "config AnalyzeHost 1.1.1.2 0\n"; // interface 0
+ out_stream << "config AnalyzeHost 1.1.1.3 2\n"; // interface 2
+ out_stream << "config AnalyzeHost 1.1.1.4 -3\n"; // interface out of range
+ out_stream << "config AnalyzeHost 1.1.1.5 2147483648\n"; // interface out of range
+ out_stream << "config AnalyzeHost 1.1.1.6 kidding\n"; // interface invalid
out_stream.close();
Packet p;
ip7.set("1.1.1.7");
const DAQ_PktHdr_t* saved_hdr = p.pkth;
DAQ_PktHdr_t z_undefined, z1, z2;
- z_undefined.ingress_group = DAQ_PKTHDR_UNKNOWN;
- z1.ingress_group = 1;
- z2.ingress_group = 2;
+ z_undefined.ingress_index = DAQ_PKTHDR_UNKNOWN;
+ z1.ingress_index = 1;
+ z2.ingress_index = 2;
DiscoveryFilter df(conf);
- p.ptrs.ip_api.set(ip1, ip7); // ip from undefined zone matches zone any list
+ p.ptrs.ip_api.set(ip1, ip7); // ip from undefined interface matches interface any list
p.pkth = &z_undefined;
CHECK(df.is_app_monitored(&p, nullptr) == true); // analyze host enables application discovery
CHECK(df.is_host_monitored(&p, nullptr) == true);
CHECK(df.is_user_monitored(&p, nullptr) == false);
- p.pkth = &z2; // the ip is not in zone 2 list, but it is in zone any list
+ p.pkth = &z2; // the ip is not in interface 2 list, but it is in interface any list
CHECK(df.is_host_monitored(&p, nullptr) == true);
- p.ptrs.ip_api.set(ip3, ip7); // the ip matches zone 2 list
+ p.ptrs.ip_api.set(ip3, ip7); // the ip matches interface 2 list
CHECK(df.is_host_monitored(&p, nullptr) == true);
- p.pkth = &z1; // no zone 1 list and the ip is not in zone any list
+ p.pkth = &z1; // no interface 1 list and the ip is not in interface any list
CHECK(df.is_host_monitored(&p, nullptr) == false);
- p.ptrs.ip_api.set(ip1, ip7); // no zone 1 list, but the ip is in zone any list
+ p.ptrs.ip_api.set(ip1, ip7); // no interface 1 list, but the ip is in interface any list
CHECK(df.is_host_monitored(&p, nullptr) == true);
p.pkth = saved_hdr;
- p.ptrs.ip_api.set(ip2, ip7); // the ip matches zone 0 list
+ p.ptrs.ip_api.set(ip2, ip7); // the ip matches interface 0 list
CHECK(df.is_host_monitored(&p, nullptr) == true);
// no match since the configuration for these ip addresses were invalid
p.ptrs.ip_api.set(ip6, ip7);
CHECK(df.is_host_monitored(&p, nullptr) == false);
- remove("test_zone_ip.txt");
+ remove("test_intf_ip.txt");
}
TEST_CASE("Discovery Filter Port Exclusion", "[portexclusion]")
enum FilterType { DF_APP, DF_HOST, DF_USER, DF_MAX };
-typedef int32_t ZoneType; // matching daq header
-#define DF_ANY_ZONE INT32_MAX
+typedef int32_t IntfType; // matching daq header
+#define DF_ANY_INTF INT32_MAX
-// Holds configurations to filter traffic discovery based network address, port, and zone
+// Holds configurations to filter traffic discovery based network address, port, and interface
class DiscoveryFilter
{
public:
bool is_monitored(const snort::Packet* p, FilterType type, uint8_t& flag,
uint8_t checked, uint8_t monitored, const snort::SfIp* ip = nullptr);
bool is_monitored(const snort::Packet* p, FilterType type, const snort::SfIp* ip = nullptr);
- void add_ip(FilterType type, ZoneType zone, std::string& ip);
- sfip_var_t* get_list(FilterType type, ZoneType zone, bool exclude_empty = false);
+ void add_ip(FilterType type, IntfType intf, std::string& ip);
+ sfip_var_t* get_list(FilterType type, IntfType intf, bool exclude_empty = false);
// add ip for port exclusion
void add_ip(Direction dir, uint16_t proto, uint16_t port, const std::string& ip);
bool is_port_excluded(const snort::Packet* p);
- std::unordered_map<ZoneType, sfip_var_t*> zone_ip_list[DF_MAX];
+ std::unordered_map<IntfType, sfip_var_t*> intf_ip_list[DF_MAX];
vartable_t* vartable = nullptr;
// Internal cache for sfip_var_t indexed by protocol x port, for port
int vlan_tag = fs->vlan_tag == 0xfff ? 0 : fs->vlan_tag;
TextLog_Print(hext_log,
- "\n$%s %d %d %d %d %s %d %s %d %u %lu %lu %lu %lu %lu %lu %d %lu %lu %d %d %d\n",
+ "\n$%s %hd %hd %d %d %s %d %s %d %u %lu %lu %lu %lu %lu %lu %d %lu %lu %d %hd %d\n",
cmd,
- fs->ingressZone,
- fs->egressZone,
+ fs->ingressGroup,
+ fs->egressGroup,
fs->ingressIntf,
fs->egressIntf,
shost, ntohs(fs->initiatorPort),
}
else
{
- int32_t zone = (p->pkth->egress_index == DAQ_PKTHDR_UNKNOWN) ?
- p->pkth->ingress_group : p->pkth->egress_group;
- if (zone == DAQ_PKTHDR_FLOOD)
+ int32_t intf = (p->pkth->egress_index == DAQ_PKTHDR_UNKNOWN) ?
+ p->pkth->ingress_index : p->pkth->egress_index;
+ if (intf == DAQ_PKTHDR_FLOOD)
return 0;
sf_ip = p->ptrs.ip_api.get_dst();
}
Snort rules to implement Reputation-based IP blocking. This inspector will
address the performance issue and make the IP reputation management easier.
-This inspector also supports zones through manifest files. You can specify an
-action (BLACK, WHITE, MONITOR) for an IP list with zones. The name of manifest
-file is zone.info. For each line of the manifest file, the format is:
+This inspector also supports interfaces through manifest files. You can specify an
+action (BLACK, WHITE, MONITOR) for an IP list with interfaces. The name of manifest
+file is interface.info. For each line of the manifest file, the format is:
- file_name, list_id, action (black, white, monitor), [zone information]
+ file_name, list_id, action (black, white, monitor), [interface information]
-If zone information is empty, this means all zones are applied
\ No newline at end of file
+If interface information is empty, this means all interfaces are applied
DECISION_MAX
};
-#define MAX_NUM_ZONES UINT32_MAX
+#define MAX_NUM_INTFS INT32_MAX
#define MAX_LIST_ID UINT32_MAX
struct ListFile
std::string file_name;
int file_type;
uint32_t list_id;
- bool all_zones_enabled = false;
- std::set<unsigned int> zones;
+ bool all_intfs_enabled = false;
+ std::set<unsigned int> intfs;
uint8_t list_index;
uint8_t list_type;
};
}
static inline IPdecision get_reputation(ReputationConfig* config, IPrepInfo* rep_info,
- uint32_t* listid, uint32_t ingress_zone, uint32_t egress_zone)
+ uint32_t* listid, uint32_t ingress_intf, uint32_t egress_intf)
{
IPdecision decision = DECISION_NULL;
if (!list_index)
break;
list_index--;
- if (list_info[list_index]->all_zones_enabled ||
- list_info[list_index]->zones.count(ingress_zone) ||
- list_info[list_index]->zones.count(egress_zone))
+ if (list_info[list_index]->all_intfs_enabled ||
+ list_info[list_index]->intfs.count(ingress_intf) ||
+ list_info[list_index]->intfs.count(egress_intf))
{
if (WHITELISTED_UNBLACK == (IPdecision)list_info[list_index]->list_type)
return DECISION_NULL;
}
static bool decision_per_layer(ReputationConfig* config, Packet* p,
- uint32_t ingressZone, uint32_t egressZone, const ip::IpApi& ip_api, IPdecision* decision_final)
+ uint32_t ingress_intf, uint32_t egress_intf, const ip::IpApi& ip_api, IPdecision* decision_final)
{
const SfIp* ip;
IPdecision decision;
result = reputation_lookup(config, ip);
if (result)
{
- decision = get_reputation(config, result, &p->iplist_id, ingressZone, egressZone);
+ decision = get_reputation(config, result, &p->iplist_id, ingress_intf, egress_intf);
if (decision == BLACKLISTED)
*decision_final = BLACKLISTED_SRC;
result = reputation_lookup(config, ip);
if (result)
{
- decision = get_reputation(config, result, &p->iplist_id, ingressZone, egressZone);
+ decision = get_reputation(config, result, &p->iplist_id, ingress_intf, egress_intf);
if (decision == BLACKLISTED)
*decision_final = BLACKLISTED_DST;
static IPdecision reputation_decision(ReputationConfig* config, Packet* p)
{
IPdecision decision_final = DECISION_NULL;
- uint32_t ingress_zone = 0;
- uint32_t egress_zone = 0;
+ uint32_t ingress_intf = 0;
+ uint32_t egress_intf = 0;
if (p->pkth)
{
- ingress_zone = p->pkth->ingress_group;
+ ingress_intf = p->pkth->ingress_index;
if (p->pkth->egress_index < 0)
- egress_zone = ingress_zone;
+ egress_intf = ingress_intf;
else
- egress_zone = p->pkth->egress_group;
+ egress_intf = p->pkth->egress_index;
}
if (config->nested_ip == INNER)
{
- decision_per_layer(config, p, ingress_zone, egress_zone, p->ptrs.ip_api, &decision_final);
+ decision_per_layer(config, p, ingress_intf, egress_intf, p->ptrs.ip_api, &decision_final);
return decision_final;
}
if (config->nested_ip == OUTER)
{
layer::set_outer_ip_api(p, p->ptrs.ip_api, p->ip_proto_next, num_layer);
- decision_per_layer(config, p, ingress_zone, egress_zone, p->ptrs.ip_api, &decision_final);
+ decision_per_layer(config, p, ingress_intf, egress_intf, p->ptrs.ip_api, &decision_final);
}
else if (config->nested_ip == ALL)
{
while (!done and layer::set_outer_ip_api(p, p->ptrs.ip_api, p->ip_proto_next, num_layer))
{
- done = decision_per_layer(config, p, ingress_zone, egress_zone, p->ptrs.ip_api,
+ done = decision_per_layer(config, p, ingress_intf, egress_intf, p->ptrs.ip_api,
&decision_current);
if (decision_current != DECISION_NULL)
{
if (config->blacklist_path.size())
{
ListFile* listItem = new ListFile;
- listItem->all_zones_enabled = true;
+ listItem->all_intfs_enabled = true;
listItem->file_name = config->blacklist_path;
listItem->file_type = BLACK_LIST;
listItem->list_id = 0;
if (config->whitelist_path.size())
{
ListFile* listItem = new ListFile;
- listItem->all_zones_enabled = true;
+ listItem->all_intfs_enabled = true;
listItem->file_name = config->whitelist_path;
listItem->file_type = WHITE_LIST;
listItem->list_id = 0;
}
//The format of manifest is:
-// file_name, list_id, action (black, white, monitor), zone information
-//If no zone information provided, this means all zones are applied.
+// file_name, list_id, action (black, white, monitor), interface information
+//If no interface information provided, this means all interfaces are applied.
static bool process_line_in_manifest(ListFile* list_item, const char* manifest, const char* line,
int line_number, ReputationConfig* config)
char* token;
int token_index = 0;
char* next_ptr = const_cast<char*>(line);
- bool has_zone = false;
+ bool has_intf = false;
- list_item->zones.clear();
+ list_item->intfs.clear();
while ((token = strtok_r(next_ptr, MANIFEST_SEPARATORS, &next_ptr)) != NULL)
{
char* end_str;
- long zone_id;
+ long intf_id;
long list_id;
switch (token_index)
token= ignore_start_space(token);
if ('0' == (*token))
break;
- zone_id = SnortStrtol(token, &end_str, 10);
+ intf_id = SnortStrtol(token, &end_str, 10);
end_str = ignore_start_space(end_str);
if ( *end_str )
{
- ErrorMessage("%s(%d) => Bad value (%s) specified for zone. "
+ ErrorMessage("%s(%d) => Bad value (%s) specified for interface. "
"Please specify an integer between 0 and %u.\n",
- manifest, line_number, token, MAX_NUM_ZONES);
+ manifest, line_number, token, MAX_NUM_INTFS);
return false;
}
- if ((zone_id < 0) || (zone_id > MAX_NUM_ZONES ) || (errno == ERANGE))
+ if ((intf_id < 0) || (intf_id > MAX_NUM_INTFS ) || (errno == ERANGE))
{
- ErrorMessage(" %s(%d) => Value specified (%s) for zone is "
+ ErrorMessage(" %s(%d) => Value specified (%s) for interface is "
"out of bounds. Please specify an integer between 0 and %u.\n",
- manifest, line_number, token, MAX_NUM_ZONES);
+ manifest, line_number, token, MAX_NUM_INTFS);
return false;
}
- list_item->zones.emplace(zone_id);
- has_zone = true;
+ list_item->intfs.emplace(intf_id);
+ has_intf = true;
}
token_index++;
return false;
}
- if (!has_zone)
+ if (!has_intf)
{
- list_item->all_zones_enabled = true;
+ list_item->all_intfs_enabled = true;
}
config->list_files.emplace_back(list_item);
#include "reputation_config.h"
-#define MANIFEST_FILENAME "zone.info"
+#define MANIFEST_FILENAME "interface.info"
void ip_list_init(uint32_t,ReputationConfig *config);
void estimate_num_entries(ReputationConfig* config);
of a session published from stream trackers, these modules (e.g., stream, stream_icmp,
stream_ip, stream_tcp, and stream_udp) should be enabled whenever RNA module is enabled.
-Currently, RNA only supports host discovery with filtering based on IP/port/zone. To enable
+Currently, RNA only supports host discovery with filtering based on IP/port/interface. To enable
this (disabled by default), the config file referred by rna_conf_path can have keywords:
Analyze # discover application, host, user (only host discovery is implemented)
AnalyzeHostUser # discover application, host, user (same as Analyze)
portexclusion # don't discover on this port
Format:
-config keyword [!]ip [zone]
+config keyword [!]ip [interface]
portexclusion dst|src|both tcp|udp port ip
Examples:
-config AnalyzeHost 0.0.0.0/0 -1 # discover any ipv4 on any zone
-config AnalyzeHost ::/0 2 # discover any ipv6 on zone 2
-config AnalyzeHost !1.2.3.4/16 3 # exclude this ipv4 range on zone 3
-config Analyze !cafe:feed::0/64 # exclude this ipv6 range on any zone
+config AnalyzeHost 0.0.0.0/0 -1 # discover any ipv4 on any interface
+config AnalyzeHost ::/0 2 # discover any ipv6 on interface 2
+config AnalyzeHost !1.2.3.4/16 3 # exclude this ipv4 range on interface 3
+config Analyze !cafe:feed::0/64 # exclude this ipv6 range on any interface
portexclusion dst udp 53 8.8.8.8 # exclude this ip for UDP port 53 in destination direction
portexclusion both tcp 4000 ::0/0 # exclude any ipv6 for TCP port 4000 in both direction
uint32_t pkt_action_mask = ACTION_NOTHING;
uint8_t ecn = 0;
int32_t ingress_index = 0;
- int32_t ingress_group = 0;
+ int16_t ingress_group = 0;
int32_t egress_index = 0;
- int32_t egress_group = 0;
+ int16_t egress_group = 0;
uint32_t daq_flags = 0;
uint16_t address_space_id = 0;
bool generate_3whs_alert = true;
projects / thirdparty / snort3.git / commitdiff
