"%" SCNu32 " " /* eof_timestamp.tv_sec */ \
"%" SCNu16 " " /* vlan_tag */ \
"%" SCNu16 " " /* address_space_id */ \
- "%" SCNu8 /* protocol */
-#define FLOWSTATS_ITEMS 21
+ "%" SCNu8 " " /* protocol */ \
+ "%" SCNu8 /* flags */
+#define FLOWSTATS_ITEMS 22
Flow_Stats_t* f = &desc->flowstats;
char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
uint32_t sof_sec, eof_sec;
&f->initiatorPkts, &f->responderPkts, &f->initiatorPktsDropped, &f->responderPktsDropped,
&f->initiatorBytesDropped, &f->responderBytesDropped, &f->isQoSAppliedOnSrcIntf,
&sof_sec, &eof_sec, &f->vlan_tag, &f->address_space_id,
- &f->protocol);
+ &f->protocol, &f->flags);
if (rval != FLOWSTATS_ITEMS)
return false;
const SfIp* dstIP = p->ptrs.ip_api.get_dst();
uint16_t vlanId = (p->proto_bits & PROTO_BIT__VLAN) ? layer::get_vlan_layer(p)->vid() : 0;
uint32_t mplsId = (p->proto_bits & PROTO_BIT__MPLS) ? p->ptrs.mplsHdr.label : 0;
- uint16_t addressSpaceId = p->pkth->address_space_id;
PktType type = p->type();
IpProtocol ip_proto = p->get_ip_proto_next();
bool reversed_key = key.init(p->context->conf, type, ip_proto, dstIP, p->ptrs.dp,
- srcIP, p->ptrs.sp, vlanId, mplsId, addressSpaceId);
+ srcIP, p->ptrs.sp, vlanId, mplsId, *p->pkth);
/*
Lookup order:
control packet until we have a use case for not doing so. */
uint16_t vlanId = (ctrlPkt->proto_bits & PROTO_BIT__VLAN) ? layer::get_vlan_layer(ctrlPkt)->vid() : 0;
uint32_t mplsId = (ctrlPkt->proto_bits & PROTO_BIT__MPLS) ? ctrlPkt->ptrs.mplsHdr.label : 0;
- uint16_t addressSpaceId = ctrlPkt->pkth->address_space_id;
-
FlowKey key;
+
bool reversed_key = key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort,
- srvIP, srvPort, vlanId, mplsId, addressSpaceId);
+ srvIP, srvPort, vlanId, mplsId, *ctrlPkt->pkth);
bool new_node = false;
ExpectNode* node = static_cast<ExpectNode*> ( hash_table->get_user_data(&key) );
const ip::IpApi& ip_api = p->ptrs.ip_api;
uint32_t mplsId;
uint16_t vlanId;
- uint16_t addressSpaceId;
PktType type = p->type();
IpProtocol ip_proto = p->get_ip_proto_next();
else
mplsId = 0;
- addressSpaceId = p->pkth->address_space_id;
-
if ( (p->ptrs.decode_flags & DECODE_FRAG) )
{
key->init(p->context->conf, type, ip_proto, ip_api.get_src(),
- ip_api.get_dst(), ip_api.id(), vlanId, mplsId, addressSpaceId);
+ ip_api.get_dst(), ip_api.id(), vlanId, mplsId, *p->pkth);
}
else if ( type == PktType::ICMP )
{
key->init(p->context->conf, type, ip_proto, ip_api.get_src(), p->ptrs.icmph->type,
- ip_api.get_dst(), 0, vlanId, mplsId, addressSpaceId);
+ ip_api.get_dst(), 0, vlanId, mplsId, *p->pkth);
}
else
{
key->init(p->context->conf, type, ip_proto, ip_api.get_src(), p->ptrs.sp,
- ip_api.get_dst(), p->ptrs.dp, vlanId, mplsId, addressSpaceId);
+ ip_api.get_dst(), p->ptrs.dp, vlanId, mplsId, *p->pkth);
}
}
addressSpaceId = 0;
}
+void FlowKey::init_groups(int16_t ingress_group, int16_t egress_group, bool rev)
+{
+ if (flags.group_used)
+ {
+ if (rev)
+ {
+ group_l = egress_group;
+ group_h = ingress_group;
+ }
+ else
+ {
+ group_l = ingress_group;
+ group_h = egress_group;
+ }
+ }
+ else
+ group_l = group_h = DAQ_PKTHDR_UNKNOWN;
+}
+
void FlowKey::init_mpls(const SnortConfig* sc, uint32_t mplsId)
{
if (sc->mpls_overlapping_ip())
PktType type, IpProtocol ip_proto,
const SfIp *srcIP, uint16_t srcPort,
const SfIp *dstIP, uint16_t dstPort,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId)
+ uint16_t vlanId, uint32_t mplsId,
+ uint16_t addrSpaceId, int16_t ingress_group,
+ int16_t egress_group)
{
bool reversed;
init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId);
- padding = 0;
+
+ if (ingress_group == DAQ_PKTHDR_UNKNOWN or egress_group == DAQ_PKTHDR_UNKNOWN)
+ flags.group_used = 0;
+ else
+ flags.group_used = 1;
+
+ init_groups(ingress_group, egress_group, reversed);
+
+ flags.ubits = 0;
+ return reversed;
+}
+
+bool FlowKey::init(
+ const SnortConfig* sc,
+ PktType type, IpProtocol ip_proto,
+ const SfIp *srcIP, uint16_t srcPort,
+ const SfIp *dstIP, uint16_t dstPort,
+ uint16_t vlanId, uint32_t mplsId,
+ const DAQ_PktHdr_t& pkt_hdr)
+{
+ bool reversed;
+
+ /* Because the key is going to be used for hash lookups,
+ * the key fields will be normalized such that the lower
+ * of the IP addresses is stored in ip_l and the port for
+ * that IP is stored in port_l.
+ */
+
+ if (srcIP->is_ip4() && dstIP->is_ip4())
+ {
+ version = 4;
+ reversed = init4(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId);
+ }
+ else
+ {
+ version = 6;
+ reversed = init6(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId);
+ }
+
+ pkt_type = type;
+ ip_protocol = (uint8_t)ip_proto;
+
+ init_vlan(sc, vlanId);
+ init_address_space(sc, pkt_hdr.address_space_id);
+
+ flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0);
+ init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed);
+
+ flags.ubits = 0;
return reversed;
}
PktType type, IpProtocol ip_proto,
const SfIp *srcIP, const SfIp *dstIP,
uint32_t id, uint16_t vlanId,
- uint32_t mplsId, uint16_t addrSpaceId)
+ uint32_t mplsId, uint16_t addrSpaceId,
+ int16_t ingress_group, int16_t egress_group)
{
// to avoid confusing 2 different datagrams or confusing a datagram
// with a session, we don't order the addresses and we set version
+
uint16_t srcPort = id & 0xFFFF;
uint16_t dstPort = id >> 16;
+ bool reversed;
if (srcIP->is_ip4() && dstIP->is_ip4())
{
version = 4;
- init4(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false);
+ reversed = init4(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false);
ip_protocol = (uint8_t)ip_proto;
}
else
{
version = 6;
- init6(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false);
+ reversed = init6(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false);
ip_protocol = 0;
}
init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId);
- padding = 0;
+
+ if (ingress_group == DAQ_PKTHDR_UNKNOWN or egress_group == DAQ_PKTHDR_UNKNOWN)
+ flags.group_used = 0;
+ else
+ flags.group_used = 1;
+
+ init_groups(ingress_group, egress_group, reversed);
+
+ flags.ubits = 0;
+
+ return false;
+}
+
+bool FlowKey::init(
+ const SnortConfig* sc,
+ PktType type, IpProtocol ip_proto,
+ const SfIp *srcIP, const SfIp *dstIP,
+ uint32_t id, uint16_t vlanId,
+ uint32_t mplsId, const DAQ_PktHdr_t& pkt_hdr)
+{
+ // to avoid confusing 2 different datagrams or confusing a datagram
+ // with a session, we don't order the addresses and we set version
+
+ uint16_t srcPort = id & 0xFFFF;
+ uint16_t dstPort = id >> 16;
+ bool reversed;
+
+ if (srcIP->is_ip4() && dstIP->is_ip4())
+ {
+ version = 4;
+ reversed = init4(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false);
+ ip_protocol = (uint8_t)ip_proto;
+ }
+ else
+ {
+ version = 6;
+ reversed = init6(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false);
+ ip_protocol = 0;
+ }
+
+ pkt_type = type;
+
+ init_vlan(sc, vlanId);
+ init_address_space(sc, pkt_hdr.address_space_id);
+
+ flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0);
+ init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed);
+
+ flags.ubits = 0;
return false;
}
+//-------------------------------------------------------------------------
//-------------------------------------------------------------------------
// hash foo
//-------------------------------------------------------------------------
{
const uint64_t* a = (const uint64_t*)s1;
const uint64_t* b = (const uint64_t*)s2;
+ const uint32_t* c;
+ const uint32_t* d;
+
if (*a - *b)
return false; /* Compares IPv4 lo/hi
Compares IPv6 low[0,1] */
a++;
b++;
if (*a - *b)
- return false; /* Compares vlan,AddressSpace ID,ip_proto,type,version,8 bit pad */
+ return false; /* Compares group lo/hi, addressSpaceId, vlan */
+
+ c = (const uint32_t*)(++a);
+ d = (const uint32_t*)(++b);
+ if (*c - *d)
+ return false; /* ip_proto, type, version, 8 bit pad */
return true;
}
mix(a, b, c);
a += d[9]; // port lo & port hi
- b += d[10]; // vlan tag, address space id
- c += d[11]; // ip_proto, pkt_type, version, and 8 bits of zeroed pad
+ b += d[10]; // group lo & group hi
+ c += d[11]; // addressSpaceId, vlan
+
+ mix(a, b, c);
+
+ a += d[12]; // ip_proto, pkt_type, version, 8 bits of zeroed pad
finalize(a, b, c);
#include <cstdint>
+#include <daq_common.h>
+
#include "framework/decode_data.h"
#include "hash/hash_key_operations.h"
#include "utils/cpp_macros.h"
uint32_t mplsLabel;
uint16_t port_l; /* Low Port - 0 if ICMP */
uint16_t port_h; /* High Port - 0 if ICMP */
- uint16_t vlan_tag;
+ int16_t group_l;
+ int16_t group_h;
uint16_t addressSpaceId;
+ uint16_t vlan_tag;
uint8_t ip_protocol;
PktType pkt_type;
uint8_t version;
- uint8_t padding;
+ struct {
+ uint8_t group_used:1; // Is group being used to build key.
+ uint8_t ubits:7;
+ } flags;
/* The init() functions return true if the key IP/port fields were actively
normalized, reversing the source and destination addresses internally.
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, uint16_t srcPort,
const snort::SfIp *dstIP, uint16_t dstPort,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId);
-
+ uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId,
+ int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
+
bool init(
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, const snort::SfIp *dstIP,
uint32_t id, uint16_t vlanId,
- uint32_t mplsId, uint16_t addrSpaceId);
+ uint32_t mplsId, uint16_t addrSpaceId,
+ int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
+
+ bool init(
+ const SnortConfig*, PktType, IpProtocol,
+ const snort::SfIp *srcIP, uint16_t srcPort,
+ const snort::SfIp *dstIP, uint16_t dstPort,
+ uint16_t vlanId, uint32_t mplsId, const DAQ_PktHdr_t&);
+
+ bool init(
+ const SnortConfig*, PktType, IpProtocol,
+ const snort::SfIp *srcIP, const snort::SfIp *dstIP,
+ uint32_t id, uint16_t vlanId, uint32_t mplsId, const DAQ_PktHdr_t&);
void init_mpls(const SnortConfig*, uint32_t);
void init_vlan(const SnortConfig*, uint16_t);
void init_address_space(const SnortConfig*, uint16_t);
+ void init_groups(int16_t, int16_t, bool);
// If this data structure changes size, compare must be updated!
static bool is_equal(const void* k1, const void* k2, size_t);
PktType, IpProtocol,
const SfIp*, uint16_t,
const SfIp*, uint16_t,
- uint16_t, uint32_t, uint16_t)
+ uint16_t, uint32_t,
+ uint16_t, int16_t, int16_t)
{
return true;
}
+bool FlowKey::init(
+ const SnortConfig*,
+ PktType, IpProtocol,
+ const SfIp*, uint16_t,
+ const SfIp*, uint16_t,
+ uint16_t, uint32_t, const DAQ_PktHdr_t&)
+{
+ return true;
+}
+
+bool FlowKey::init(
+ const SnortConfig*,
+ PktType, IpProtocol,
+ const SfIp*, const SfIp*,
+ uint32_t, uint16_t,
+ uint32_t, uint16_t, int16_t,
+ int16_t)
+{
+ return true;
+}
+
bool FlowKey::init(
const SnortConfig*,
PktType, IpProtocol,
const SfIp*, const SfIp*,
uint32_t, uint16_t,
- uint32_t, uint16_t)
+ uint32_t, const DAQ_PktHdr_t&)
{
return true;
}
9,
10,
11,
+ 0,
+ 0,
+ 0,
12,
- 13,
14,
PktType::TCP,
14,
- 0,
+ 0
};
static struct __attribute__((__packed__)) TestDeleteMessage {
{
HA_DELETE_EVENT,
HA_MESSAGE_VERSION,
- 0x35,
+ 0x39,
KEY_TYPE_IP6
},
s_test_key
{
HA_UPDATE_EVENT,
HA_MESSAGE_VERSION,
- 0x41,
+ 0x45,
KEY_TYPE_IP6
},
s_test_key,
actual_sip->ntop(sipstr, sizeof(sipstr));
actual_dip->ntop(dipstr, sizeof(dipstr));
+ char gr_buf[32] = {0};
+ if (p.is_inter_group_flow())
+ snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", p.pkth->ingress_group,
+ p.pkth->egress_group);
+
if (shell_enabled)
{
PacketTracer::log("\n");
- snprintf(debug_session, sizeof(debug_session), "%s %hu -> %s %hu %hhu AS=%hu ID=%u ",
+ snprintf(debug_session, sizeof(debug_session), "%s %hu -> %s %hu %hhu AS=%hu ID=%u%s ",
sipstr, sport, dipstr, dport, static_cast<uint8_t>(proto),
- p.pkth->address_space_id, get_instance_id());
+ p.pkth->address_space_id, get_instance_id(), gr_buf);
}
else
{
add_eth_header_info(p);
- PacketTracer::log("%s:%hu -> %s:%hu proto %u AS=%hu ID=%u\n",
+ PacketTracer::log("%s:%hu -> %s:%hu proto %u AS=%hu ID=%u%s\n",
sipstr, sport, dipstr, dport, static_cast<uint8_t>(proto),
- p.pkth->address_space_id, get_instance_id());
+ p.pkth->address_space_id, get_instance_id(), gr_buf);
}
add_packet_type_info(p);
}
#include "protocols/protocol_ids.h"
#include "sfip/sf_ip.h"
-// %s %u -> %s %u %u AS=%u ID=%u
-// IPv6 Port -> IPv6 Port Proto AS=ASNum ID=InstanceNum
-#define PT_DEBUG_SESSION_ID_SIZE ((39+1+5+1+2+1+39+1+5+1+3+1+2+1+10+1+2+1+10)+1)
+// %s %u -> %s %u %u AS=%u ID=%u GR=%hd-%hd
+// IPv6 Port -> IPv6 Port Proto AS=ASNum ID=InstanceNum GR=SrcGroupNum-DstGroupNum
+#define PT_DEBUG_SESSION_ID_SIZE ((39+1+5+1+2+1+39+1+5+1+3+1+2+1+10+1+2+1+10+32)+1)
namespace snort
{
bool is_detection_enabled(bool to_server);
+ bool is_inter_group_flow() const
+ { return (pkth->flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0; }
+
bool test_session_flags(uint32_t);
SnortProtocolId get_snort_protocol_id();
FlowData::~FlowData() = default;
int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; }
fd_status_t File_Decomp_StopFree(fd_session_t*) { return File_Decomp_OK; }
-size_t str_to_hash(unsigned char const*, size_t) { return 0; }
+uint32_t str_to_hash(const uint8_t *, size_t) { return 0; }
}
THREAD_LOCAL PegCount HttpModule::peg_counts[PEG_COUNT_MAX] = { };
mdataA->mport, &mdataB->maddress, mdataB->mport,
(p->proto_bits & PROTO_BIT__VLAN) ? layer::get_vlan_layer(p)->vid() : 0,
(p->proto_bits & PROTO_BIT__MPLS) ? p->ptrs.mplsHdr.label : 0,
- p->pkth->address_space_id);
+ *p->pkth);
if (ssn)
{
ssn->set_ignore_direction(SSN_DIR_BOTH);
const SfIp* src;
const SfIp* dst;
ip::IpApi iph;
+ bool reversed = false;
/* Set the Ip API to the embedded IP Header. */
if (!layer::set_api_ip_embed_icmp(p, iph))
skey.pkt_type = p->type();
skey.version = src->is_ip4() ? 4 : 6;
skey.ip_protocol = (uint8_t)p->get_ip_proto_next();
- skey.padding = 0;
if (p->proto_bits & PROTO_BIT__TCP_EMBED_ICMP)
{
{
skey.port_l = dport;
skey.port_h = sport;
+ reversed = true;
}
}
else
COPY4(skey.ip_h, src->get_ip6_ptr());
skey.port_l = dport;
skey.port_h = sport;
+ reversed = true;
}
uint16_t vlan = (p->proto_bits & PROTO_BIT__VLAN) ?
skey.init_vlan(sc, vlan);
skey.init_address_space(sc, 0);
skey.init_mpls(sc, 0);
+ skey.flags.group_used = p->is_inter_group_flow();
+ skey.init_groups(p->pkth->ingress_group, p->pkth->egress_group, reversed);
switch (p->type())
{
PktType type, IpProtocol proto,
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
- uint16_t vlan, uint32_t mplsId, uint16_t addressSpaceId)
+ uint16_t vlan, uint32_t mplsId, uint16_t addressSpaceId,
+ int16_t ingress_group, int16_t egress_group)
{
FlowKey key;
const SnortConfig* sc = SnortConfig::get_conf();
- key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId, addressSpaceId);
+
+ key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId,
+ addressSpaceId, ingress_group, egress_group);
+ return get_flow(&key);
+}
+
+Flow* Stream::get_flow(
+ PktType type, IpProtocol proto,
+ const SfIp* srcIP, uint16_t srcPort,
+ const SfIp* dstIP, uint16_t dstPort,
+ uint16_t vlan, uint32_t mplsId, const DAQ_PktHdr_t& pkth)
+{
+ FlowKey key;
+ const SnortConfig* sc = SnortConfig::get_conf();
+
+ key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId,
+ pkth);
return get_flow(&key);
}
// if the vlan protocol bit is defined, vlan layer guaranteed to exist
(p->proto_bits & PROTO_BIT__VLAN) ? layer::get_vlan_layer(p)->vid() : 0,
(p->proto_bits & PROTO_BIT__MPLS) ? p->ptrs.mplsHdr.label : 0,
- p->pkth->address_space_id);
+ *p->pkth);
}
FlowKey* Stream::get_flow_key(Packet* p)
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
uint16_t vlan, uint32_t mplsId,
- uint16_t addressSpaceID, unsigned flowdata_id)
+ uint16_t addressSpaceID, unsigned flowdata_id,
+ int16_t ingress_group, int16_t egress_group)
{
Flow* flow = get_flow(
- type, proto,
- srcIP, srcPort, dstIP, dstPort,
- vlan, mplsId, addressSpaceID);
+ type, proto, srcIP, srcPort, dstIP, dstPort,
+ vlan, mplsId, addressSpaceID, ingress_group,
+ egress_group);
if (!flow)
return nullptr;
return flow->get_flow_data(flowdata_id);
}
+FlowData* Stream::get_flow_data(
+ PktType type, IpProtocol proto,
+ const SfIp* srcIP, uint16_t srcPort,
+ const SfIp* dstIP, uint16_t dstPort,
+ uint16_t vlan, uint32_t mplsId,
+ unsigned flowdata_id, const DAQ_PktHdr_t& pkth)
+{
+ Flow* flow = get_flow(
+ type, proto, srcIP, srcPort, dstIP, dstPort,
+ vlan, mplsId, pkth);
+
+ if (!flow)
+ return nullptr;
+
+ return flow->get_flow_data(flowdata_id);
+}
+
+//-------------------------------------------------------------------------
//-------------------------------------------------------------------------
// session status
//-------------------------------------------------------------------------
#include <memory>
+#include <daq_common.h>
+
#include "flow/flow.h"
class HostAttributesDescriptor;
static FlowData* get_flow_data(
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId, unsigned flowdata_id);
+ uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId, unsigned flowdata_id,
+ int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
+
+ static FlowData* get_flow_data(
+ PktType type, IpProtocol proto,
+ const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
+ uint16_t vlanId, uint32_t mplsId, unsigned flowdata_id, const DAQ_PktHdr_t&);
// Get pointer to application data for a flow using the FlowKey as the lookup criteria
static FlowData* get_flow_data(const FlowKey*, unsigned flowdata_id);
static Flow* get_flow(
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId);
+ uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId,
+ int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
+
+ static Flow* get_flow(
+ PktType type, IpProtocol proto,
+ const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
+ uint16_t vlanId, uint32_t mplsId, const DAQ_PktHdr_t&);
// Delete the session if it is in the closed session state.
// Handle session block pending state
projects / thirdparty / snort3.git / commitdiff
