} AppLayerParserCtx;
struct AppLayerParserState_ {
+ /* coccinelle: AppLayerParserState:flags:APP_LAYER_PARSER_ */
uint8_t flags;
/* Indicates the current transaction that is being inspected.
flags & STREAM_TOSERVER ? 1 : 0);
}
}
+ /* Set the bypass flag for both the stream in this TcpSession */
+ if (pstate->flags & APP_LAYER_PARSER_BYPASS_READY) {
+ /* Used only if it's TCP */
+ TcpSession *ssn = f->protoctx;
+ if (ssn != NULL) {
+ StreamTcpSetSessionBypassFlag(ssn);
+ }
+ }
}
}
#include "stream-tcp-private.h"
/* Flags for AppLayerParserState. */
-#define APP_LAYER_PARSER_EOF 0x01
-#define APP_LAYER_PARSER_NO_INSPECTION 0x02
-#define APP_LAYER_PARSER_NO_REASSEMBLY 0x04
-#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD 0x08
+#define APP_LAYER_PARSER_EOF BIT_U8(0)
+#define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1)
+#define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2)
+#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3)
+#define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4)
/* Flags for AppLayerParserProtoCtx. */
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U64(0)
(ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED)) {
AppLayerParserStateSetFlag(pstate,
APP_LAYER_PARSER_NO_INSPECTION);
- if (ssl_config.no_reassemble == 1)
- AppLayerParserStateSetFlag(pstate,
- APP_LAYER_PARSER_NO_REASSEMBLY);
+ if (ssl_config.no_reassemble == 1) {
+ AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
+ AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
+ }
SCLogDebug("SSLv2 No reassembly & inspection has been set");
}
}
if (ssl_config.no_reassemble == 1) {
AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
+ AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
}
break;
#define STREAMTCP_FLAG_3WHS_CONFIRMED 0x1000
/** App Layer tracking/reassembly is disabled */
#define STREAMTCP_FLAG_APP_LAYER_DISABLED 0x2000
+/** Stream can be bypass */
+#define STREAMTCP_FLAG_BYPASS 0x4000
/*
* Per STREAM flags
void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t);
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *, char );
+void StreamTcpSetSessionBypassFlag (TcpSession *);
void StreamTcpSetDisableRawReassemblyFlag (TcpSession *ssn, char direction);
void StreamTcpSetOSPolicy(TcpStream *, Packet *);
p->flags |= PKT_STREAM_NOPCAPLOG;
}
- if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) &&
- (ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY))
- {
+ if (ssn->flags & STREAMTCP_FLAG_BYPASS) {
/* we can call bypass callback, if enabled */
if (StreamTcpBypassEnabled()) {
PacketBypassCallback(p);
(ssn->client.flags |= STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED);
}
+/** \brief enable bypass
+ *
+ * \param ssn TCP Session to set the flag in
+ * \param direction direction to set the flag in: 0 toserver, 1 toclient
+ */
+void StreamTcpSetSessionBypassFlag (TcpSession *ssn)
+{
+ ssn->flags |= STREAMTCP_FLAG_BYPASS;
+}
+
#define PSEUDO_PKT_SET_IPV4HDR(nipv4h,ipv4h) do { \
IPV4_SET_RAW_VER(nipv4h, IPV4_GET_RAW_VER(ipv4h)); \
IPV4_SET_RAW_HLEN(nipv4h, IPV4_GET_RAW_HLEN(ipv4h)); \
projects / thirdparty / suricata.git / commitdiff
