From: Eric Leblond <el@stamus-networks.com>
Date: Mon, 23 Jan 2023 19:05:08 +0000 (+0100)
Subject: ntp: add TX orientation
X-Git-Tag: suricata-7.0.0-rc2~465
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44482a68b0e614ac52064134639c7bcc9afaad83;p=thirdparty%2Fsuricata.git

ntp: add TX orientation

Set no inspection in the opposite side of the transaction.

Ticket: #5799
---

diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs
index 6e6f775903..db8c989798 100644
--- a/rust/src/ntp/ntp.rs
+++ b/rust/src/ntp/ntp.rs
@@ -20,7 +20,7 @@
 extern crate ntp_parser;
 use self::ntp_parser::*;
 use crate::core;
-use crate::core::{AppProto,Flow,ALPROTO_UNKNOWN,ALPROTO_FAILED};
+use crate::core::{AppProto,Flow,ALPROTO_UNKNOWN,ALPROTO_FAILED,Direction};
 use crate::applayer::{self, *};
 use std;
 use std::ffi::CString;
@@ -95,7 +95,7 @@ impl NTPState {
                     NtpPacket::V4(pkt) => (pkt.mode, pkt.ref_id),
                 };
                 if mode == NtpMode::SymmetricActive || mode == NtpMode::Client {
-                    let mut tx = self.new_tx();
+                    let mut tx = self.new_tx(_direction);
                     // use the reference id as identifier
                     tx.xid = ref_id;
                     self.transactions.push(tx);
@@ -121,9 +121,15 @@ impl NTPState {
         self.transactions.clear();
     }
 
-    fn new_tx(&mut self) -> NTPTransaction {
+    fn new_tx(&mut self, _direction: u8) -> NTPTransaction {
         self.tx_id += 1;
-        NTPTransaction::new(self.tx_id)
+        let mut tx = NTPTransaction::new(self.tx_id);
+        if _direction == 0 {
+            tx.tx_data.set_inspect_direction(Direction::ToServer);
+        } else {
+            tx.tx_data.set_inspect_direction(Direction::ToClient);
+        }
+        tx
     }
 
     pub fn get_tx_by_id(&mut self, tx_id: u64) -> Option<&NTPTransaction> {