flow: add function to say if there is gap

author Eric Leblond <el@stamus-networks.com>

Mon, 20 Jun 2022 19:13:31 +0000 (21:13 +0200)

committer Victor Julien <vjulien@oisf.net>

Mon, 3 Oct 2022 09:03:08 +0000 (11:03 +0200)
author Eric Leblond <el@stamus-networks.com>
Mon, 20 Jun 2022 19:13:31 +0000 (21:13 +0200)
committer Victor Julien <vjulien@oisf.net>
Mon, 3 Oct 2022 09:03:08 +0000 (11:03 +0200)
diff --git a/src/flow.c b/src/flow.c

index 9f4d1450845ff1725cb7bbfeacb837a0c2de7719..3bad4bba3710e0e527920c4eac7d651369b90771 100644 (file)
--- a/src/flow.c
+++ b/src/flow.c
@@ -187,6 +187,23 @@ int FlowHasAlerts(const Flow *f)
      return 0;
  }
  
+bool FlowHasGaps(const Flow *f, uint8_t way)
+{
+    if (f->proto == IPPROTO_TCP) {
+        TcpSession *ssn = (TcpSession *)f->protoctx;
+        if (ssn != NULL) {
+            if (way == STREAM_TOCLIENT) {
+                if (ssn->server.flags & STREAMTCP_STREAM_FLAG_HAS_GAP)
+                    return 1;
+            } else {
+                if (ssn->client.flags & STREAMTCP_STREAM_FLAG_HAS_GAP)
+                    return 1;
+            }
+        }
+    }
+    return 0;
+}
+
  /** \brief Set flag to indicate to change proto for the flow
   *
   * \param f flow
diff --git a/src/flow.h b/src/flow.h

index a4ecf78358d1c7ec3a929c96890e186387ff6c52..a238ff0b99abe52671d4261d3f142b94538f677e 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -568,6 +568,7 @@ void FlowShutdown(void);
  void FlowSetIPOnlyFlag(Flow *, int);
  void FlowSetHasAlertsFlag(Flow *);
  int FlowHasAlerts(const Flow *);
+bool FlowHasGaps(const Flow *, uint8_t way);
  void FlowSetChangeProtoFlag(Flow *);
  void FlowUnsetChangeProtoFlag(Flow *);
  int FlowChangeProto(Flow *);
author	Eric Leblond <el@stamus-networks.com>
	Mon, 20 Jun 2022 19:13:31 +0000 (21:13 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Mon, 3 Oct 2022 09:03:08 +0000 (11:03 +0200)
src/flow.c		patch \| blob \| blame \| history
src/flow.h		patch \| blob \| blame \| history