if (PKT_IS_IPV4(p)) {
FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, &f->src);
FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, &f->dst);
+ FLOW_SET_IPV4_TTL_FROM_PACKET(p, f);
f->flags |= FLOW_IPV4;
} else if (PKT_IS_IPV6(p)) {
FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, &f->src);
FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, &f->dst);
+ FLOW_SET_IPV6_HLIM_FROM_PACKET(p, f);
f->flags |= FLOW_IPV6;
}
#ifdef DEBUG
SCLogDebug("setting FLOW_NOPAYLOAD_INSPECTION flag on flow %p", f);
DecodeSetNoPayloadInspectionFlag(p);
}
+
+
+ /* update flow's ttl fields if needed */
+ if (PKT_IS_IPV4(p)) {
+ uint8_t ttl = IPV4_GET_IPTTL(p);
+ if (ttl < f->min_ttl) {
+ f->min_ttl = ttl;
+ } else if (ttl > f->max_ttl) {
+ f->max_ttl = ttl;
+ }
+ } else if (PKT_IS_IPV6(p)) {
+ uint8_t ttl = IPV6_GET_HLIM(p);
+ if (ttl < f->min_ttl) {
+ f->min_ttl = ttl;
+ } else if (ttl > f->max_ttl) {
+ f->max_ttl = ttl;
+ }
+ }
}
/** \brief Entry point for packet flow handling
(a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0)
+#define FLOW_SET_IPV4_TTL_FROM_PACKET(p, f) do { \
+ (f)->min_ttl = IPV4_GET_IPTTL((p)); \
+ (f)->max_ttl = IPV4_GET_IPTTL((p)); \
+ } while (0)
+
+#define FLOW_SET_IPV6_HLIM_FROM_PACKET(p, f) do { \
+ (f)->min_ttl = IPV6_GET_HLIM((p)); \
+ (f)->max_ttl = IPV6_GET_HLIM((p)); \
+ } while (0)
+
/* pkt flow flags */
#define FLOW_PKT_TOSERVER 0x01
#define FLOW_PKT_TOCLIENT 0x02
};
uint8_t proto;
uint8_t recursion_level;
+ uint8_t min_ttl;
+ uint8_t max_ttl;
uint16_t vlan_id[2];
/** flow hash - the flow hash before hash table size mod. */
json_object_set_new(hjs, "age",
json_integer(age));
+ json_object_set_new(hjs, "min_ttl", json_integer(f->min_ttl));
+ json_object_set_new(hjs, "max_ttl", json_integer(f->max_ttl));
+
json_object_set_new(js, "netflow", hjs);
/* TCP */
projects / thirdparty / suricata.git / commitdiff
