]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bc2c7f4)
detect-flow: use dedicated flags
authorVictor Julien <victor@inliniac.net>
Tue, 17 Feb 2015 11:08:20 +0000 (12:08 +0100)
committerVictor Julien <victor@inliniac.net>
Wed, 18 Feb 2015 08:18:08 +0000 (09:18 +0100)
The flow keyword used flag names that were shared with the
Packet::flowflags field. Some of the flags were'nt used by the packet
though. This lead to waste of some 'flag space'.

This patch defines dedicated flags for the flow keyword and removes
the otherwise unused flags from the FLOW_PKT_* space.

src/detect-engine-analyzer.c patch | blob | blame | history
src/detect-flow.c patch | blob | blame | history
src/detect-flow.h patch | blob | blame | history
src/flow.h patch | blob | blame | history

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 3ac8d0802b384c72b84de6ed9008aed5204e7c3c..0faf08ec91a5944f708266cafea9e9cb743fa737 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -668,7 +668,8 @@ void EngineAnalysisRules(Signature *s, char *line)
                 }
                 DetectFlowData *fd = (DetectFlowData *)sm->ctx;
                 if (fd != NULL) {
-                    if (fd->flags & FLOW_PKT_NOSTREAM) rule_flow_nostream = 1;
+                    if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM)
+                        rule_flow_nostream = 1;
                 }
             }
             else if (sm->type == DETECT_FLOWBITS) {
diff --git a/src/detect-flow.c b/src/detect-flow.c
index a7edaed721ca11b609609e479e35d94cafe485b5..9c2db944c305d8b335af34f041b907dc4fb38951 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -121,30 +121,28 @@ int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, S
 
     if (p->flowflags & FLOW_PKT_ESTABLISHED) {
         SCLogDebug("FLOW_PKT_ESTABLISHED");
-    } else if (p->flowflags & FLOW_PKT_STATELESS) {
-        SCLogDebug("FLOW_PKT_STATELESS");
     }
 
     uint8_t cnt = 0;
     const DetectFlowData *fd = (const DetectFlowData *)ctx;
 
-    if ((fd->flags & FLOW_PKT_TOSERVER) && (p->flowflags & FLOW_PKT_TOSERVER)) {
+    if ((fd->flags & DETECT_FLOW_FLAG_TOSERVER) && (p->flowflags & FLOW_PKT_TOSERVER)) {
         cnt++;
-    } else if ((fd->flags & FLOW_PKT_TOCLIENT) && (p->flowflags & FLOW_PKT_TOCLIENT)) {
+    } else if ((fd->flags & DETECT_FLOW_FLAG_TOCLIENT) && (p->flowflags & FLOW_PKT_TOCLIENT)) {
         cnt++;
     }
 
-    if ((fd->flags & FLOW_PKT_ESTABLISHED) && (p->flowflags & FLOW_PKT_ESTABLISHED)) {
+    if ((fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) && (p->flowflags & FLOW_PKT_ESTABLISHED)) {
         cnt++;
-    } else if (fd->flags & FLOW_PKT_STATELESS) {
+    } else if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
         cnt++;
     }
 
     if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH) {
-        if (fd->flags & FLOW_PKT_ONLYSTREAM)
+        if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM)
             cnt++;
     } else {
-        if (fd->flags & FLOW_PKT_NOSTREAM)
+        if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM)
             cnt++;
     }
 
@@ -214,59 +212,59 @@ DetectFlowData *DetectFlowParse (char *flowstr)
         if (args[i]) {
             /* inspect our options and set the flags */
             if (strcasecmp(args[i], "established") == 0) {
-                if (fd->flags & FLOW_PKT_ESTABLISHED) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_ESTABLISHED flag is already set");
+                if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_ESTABLISHED flag is already set");
                     goto error;
-                } else if (fd->flags & FLOW_PKT_STATELESS) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_STATELESS already set");
+                } else if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_STATELESS already set");
                     goto error;
                 }
-                fd->flags |= FLOW_PKT_ESTABLISHED;
+                fd->flags |= DETECT_FLOW_FLAG_ESTABLISHED;
             } else if (strcasecmp(args[i], "stateless") == 0) {
-                if (fd->flags & FLOW_PKT_STATELESS) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_STATELESS flag is already set");
+                if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_STATELESS flag is already set");
                     goto error;
-                } else if (fd->flags & FLOW_PKT_ESTABLISHED) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_STATELESS, FLOW_PKT_ESTABLISHED already set");
+                } else if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_STATELESS, DETECT_FLOW_FLAG_ESTABLISHED already set");
                     goto error;
                 }
-                fd->flags |= FLOW_PKT_STATELESS;
+                fd->flags |= DETECT_FLOW_FLAG_STATELESS;
             } else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) {
-                if (fd->flags & FLOW_PKT_TOCLIENT) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_TOCLIENT flag is already set");
+                if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_TOCLIENT flag is already set");
                     goto error;
-                } else if (fd->flags & FLOW_PKT_TOSERVER) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_client, FLOW_PKT_TOSERVER already set");
+                } else if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_client, DETECT_FLOW_FLAG_TOSERVER already set");
                     goto error;
                 }
-                fd->flags |= FLOW_PKT_TOCLIENT;
+                fd->flags |= DETECT_FLOW_FLAG_TOCLIENT;
             } else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){
-                if (fd->flags & FLOW_PKT_TOSERVER) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_TOSERVER flag is already set");
+                if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_TOSERVER flag is already set");
                     goto error;
-                } else if (fd->flags & FLOW_PKT_TOCLIENT) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_server, FLOW_PKT_TO_CLIENT flag already set");
+                } else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_server, DETECT_FLOW_FLAG_TO_CLIENT flag already set");
                     goto error;
                 }
-                fd->flags |= FLOW_PKT_TOSERVER;
+                fd->flags |= DETECT_FLOW_FLAG_TOSERVER;
             } else if (strcasecmp(args[i], "only_stream") == 0) {
-                if (fd->flags & FLOW_PKT_ONLYSTREAM) {
+                if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
                     SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag is already set");
                     goto error;
-                } else if (fd->flags & FLOW_PKT_NOSTREAM) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag, FLOW_PKT_NOSTREAM already set");
+                } else if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set");
                     goto error;
                 }
-                fd->flags |= FLOW_PKT_ONLYSTREAM;
+                fd->flags |= DETECT_FLOW_FLAG_ONLYSTREAM;
             } else if (strcasecmp(args[i], "no_stream") == 0) {
-                if (fd->flags & FLOW_PKT_NOSTREAM) {
+                if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
                     SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag is already set");
                     goto error;
-                } else if (fd->flags & FLOW_PKT_ONLYSTREAM) {
-                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag, FLOW_PKT_ONLYSTREAM already set");
+                } else if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
+                    SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set");
                     goto error;
                 }
-                fd->flags |= FLOW_PKT_NOSTREAM;
+                fd->flags |= DETECT_FLOW_FLAG_NOSTREAM;
             } else {
                 SCLogError(SC_ERR_INVALID_VALUE, "invalid flow option \"%s\"", args[i]);
                 goto error;
@@ -322,18 +320,18 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
 
     /* set the signature direction flags */
-    if (fd->flags & FLOW_PKT_TOSERVER) {
+    if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
         s->flags |= SIG_FLAG_TOSERVER;
-    } else if (fd->flags & FLOW_PKT_TOCLIENT) {
+    } else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
         s->flags |= SIG_FLAG_TOCLIENT;
     } else {
         s->flags |= SIG_FLAG_TOSERVER;
         s->flags |= SIG_FLAG_TOCLIENT;
     }
-    if (fd->flags & FLOW_PKT_ONLYSTREAM) {
+    if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
         s->flags |= SIG_FLAG_REQUIRE_STREAM;
     }
-    if (fd->flags & FLOW_PKT_NOSTREAM) {
+    if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
         s->flags |= SIG_FLAG_REQUIRE_PACKET;
     } else {
         s->init_flags |= SIG_FLAG_INIT_FLOW;
@@ -389,10 +387,10 @@ int DetectFlowTestParse02 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("established");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_ESTABLISHED && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_ESTABLISHED && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -409,10 +407,10 @@ int DetectFlowTestParse03 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("stateless");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_STATELESS && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -429,10 +427,10 @@ int DetectFlowTestParse04 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("to_client");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOCLIENT && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOCLIENT, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOCLIENT, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -449,10 +447,10 @@ int DetectFlowTestParse05 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("to_server");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOSERVER && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOSERVER, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOSERVER, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -469,10 +467,10 @@ int DetectFlowTestParse06 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("from_server");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOCLIENT && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOCLIENT, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOCLIENT, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -489,10 +487,10 @@ int DetectFlowTestParse07 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("from_client");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOSERVER && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOSERVER, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOSERVER, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -509,10 +507,10 @@ int DetectFlowTestParse08 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("established,to_client");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_ESTABLISHED && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2) {
+        if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2) {
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -529,10 +527,10 @@ int DetectFlowTestParse09 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("to_client,stateless");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_STATELESS && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2) {
+        if (fd->flags & DETECT_FLOW_FLAG_STATELESS && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2) {
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -549,10 +547,10 @@ int DetectFlowTestParse10 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("from_server,stateless");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_STATELESS  && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2){
+        if (fd->flags & DETECT_FLOW_FLAG_STATELESS  && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2){
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -569,10 +567,10 @@ int DetectFlowTestParse11 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse(" from_server , stateless ");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_STATELESS  && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2){
+        if (fd->flags & DETECT_FLOW_FLAG_STATELESS  && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2){
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -606,10 +604,10 @@ int DetectFlowTestParseNocase02 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("ESTABLISHED");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_ESTABLISHED && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_ESTABLISHED && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -626,10 +624,10 @@ int DetectFlowTestParseNocase03 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("STATELESS");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_STATELESS && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -646,10 +644,10 @@ int DetectFlowTestParseNocase04 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("TO_CLIENT");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOCLIENT && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOCLIENT, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOCLIENT, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -666,10 +664,10 @@ int DetectFlowTestParseNocase05 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("TO_SERVER");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOSERVER && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOSERVER, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOSERVER, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -686,10 +684,10 @@ int DetectFlowTestParseNocase06 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("FROM_SERVER");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOCLIENT && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOCLIENT, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOCLIENT, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -706,10 +704,10 @@ int DetectFlowTestParseNocase07 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("FROM_CLIENT");
     if (fd != NULL) {
-        if (fd->flags == FLOW_PKT_TOSERVER && fd->match_cnt == 1) {
+        if (fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_TOSERVER, 1, fd->flags, fd->match_cnt);
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_TOSERVER, 1, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -726,10 +724,10 @@ int DetectFlowTestParseNocase08 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("ESTABLISHED,TO_CLIENT");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_ESTABLISHED && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2) {
+        if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2) {
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -746,10 +744,10 @@ int DetectFlowTestParseNocase09 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("TO_CLIENT,STATELESS");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_STATELESS && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2) {
+        if (fd->flags & DETECT_FLOW_FLAG_STATELESS && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2) {
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -766,10 +764,10 @@ int DetectFlowTestParseNocase10 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("FROM_SERVER,STATELESS");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_STATELESS  && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2){
+        if (fd->flags & DETECT_FLOW_FLAG_STATELESS  && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2){
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -786,10 +784,10 @@ int DetectFlowTestParseNocase11 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse(" FROM_SERVER , STATELESS ");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_STATELESS  && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2){
+        if (fd->flags & DETECT_FLOW_FLAG_STATELESS  && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2){
             result = 1;
         } else {
-            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
+            printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_STATELESS + DETECT_FLOW_FLAG_TOCLIENT, 2, fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
     }
@@ -909,10 +907,10 @@ int DetectFlowTestParse18 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("from_server,established,only_stream");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_ESTABLISHED && fd->flags & FLOW_PKT_TOCLIENT && fd->flags & FLOW_PKT_ONLYSTREAM && fd->match_cnt == 3) {
+        if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM && fd->match_cnt == 3) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED + FLOW_PKT_TOCLIENT + FLOW_PKT_ONLYSTREAM, 3,
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED + DETECT_FLOW_FLAG_TOCLIENT + DETECT_FLOW_FLAG_ONLYSTREAM, 3,
                     fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
@@ -930,10 +928,10 @@ int DetectFlowTestParseNocase18 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("FROM_SERVER,ESTABLISHED,ONLY_STREAM");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_ESTABLISHED && fd->flags & FLOW_PKT_TOCLIENT && fd->flags & FLOW_PKT_ONLYSTREAM && fd->match_cnt == 3) {
+        if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM && fd->match_cnt == 3) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED + FLOW_PKT_TOCLIENT + FLOW_PKT_ONLYSTREAM, 3,
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED + DETECT_FLOW_FLAG_TOCLIENT + DETECT_FLOW_FLAG_ONLYSTREAM, 3,
                     fd->flags, fd->match_cnt);
         }
         DetectFlowFree(fd);
@@ -969,10 +967,10 @@ int DetectFlowTestParse20 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("from_server,established,no_stream");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_ESTABLISHED && fd->flags & FLOW_PKT_TOCLIENT && fd->flags & FLOW_PKT_NOSTREAM && fd->match_cnt == 3) {
+        if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->flags & DETECT_FLOW_FLAG_NOSTREAM && fd->match_cnt == 3) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED + FLOW_PKT_TOCLIENT + FLOW_PKT_NOSTREAM, 3,
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED + DETECT_FLOW_FLAG_TOCLIENT + DETECT_FLOW_FLAG_NOSTREAM, 3,
                     fd->flags, fd->match_cnt);
         }
 
@@ -991,10 +989,10 @@ int DetectFlowTestParseNocase20 (void)
     DetectFlowData *fd = NULL;
     fd = DetectFlowParse("FROM_SERVER,ESTABLISHED,NO_STREAM");
     if (fd != NULL) {
-        if (fd->flags & FLOW_PKT_ESTABLISHED && fd->flags & FLOW_PKT_TOCLIENT && fd->flags & FLOW_PKT_NOSTREAM && fd->match_cnt == 3) {
+        if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->flags & DETECT_FLOW_FLAG_NOSTREAM && fd->match_cnt == 3) {
             result = 1;
         } else {
-            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_ESTABLISHED + FLOW_PKT_TOCLIENT + FLOW_PKT_NOSTREAM, 3,
+            printf("expected 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", DETECT_FLOW_FLAG_ESTABLISHED + DETECT_FLOW_FLAG_TOCLIENT + DETECT_FLOW_FLAG_NOSTREAM, 3,
                     fd->flags, fd->match_cnt);
         }
 
diff --git a/src/detect-flow.h b/src/detect-flow.h
index 37e1f970995bc47d2697f53e81fa5e73a2eafeb3..b3774c292f684b52b5b88069d7585e00ed692558 100644 (file)
--- a/src/detect-flow.h
+++ b/src/detect-flow.h
@@ -24,6 +24,13 @@
 #ifndef __DETECT_FLOW_H__
 #define __DETECT_FLOW_H__
 
+#define DETECT_FLOW_FLAG_TOSERVER       0x01
+#define DETECT_FLOW_FLAG_TOCLIENT       0x02
+#define DETECT_FLOW_FLAG_ESTABLISHED    0x04
+#define DETECT_FLOW_FLAG_STATELESS      0x08
+#define DETECT_FLOW_FLAG_ONLYSTREAM     0x10
+#define DETECT_FLOW_FLAG_NOSTREAM       0x20
+
 typedef struct DetectFlowData_ {
     uint8_t flags;     /* flags to match */
     uint8_t match_cnt; /* number of matches we need */
diff --git a/src/flow.h b/src/flow.h
index fc1ea3d8ef4a294e0d7ebdfe9a83658e1e999357..bf38fa5543066235fe207854405ecb6fc277b257 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -170,13 +170,8 @@ typedef struct AppLayerParserState_ AppLayerParserState;
 #define FLOW_PKT_TOSERVER               0x01
 #define FLOW_PKT_TOCLIENT               0x02
 #define FLOW_PKT_ESTABLISHED            0x04
-#define FLOW_PKT_STATELESS              0x08
-#define FLOW_PKT_TOSERVER_IPONLY_SET    0x10
-#define FLOW_PKT_TOCLIENT_IPONLY_SET    0x20
-/** \todo only used by flow keyword internally. */
-#define FLOW_PKT_NOSTREAM               0x40
-/** \todo only used by flow keyword internally. */
-#define FLOW_PKT_ONLYSTREAM             0x80
+#define FLOW_PKT_TOSERVER_IPONLY_SET    0x08
+#define FLOW_PKT_TOCLIENT_IPONLY_SET    0x10
 
 #define FLOW_END_FLAG_STATE_NEW         0x01
 #define FLOW_END_FLAG_STATE_ESTABLISHED 0x02
Mirror of https://github.com/OISF/suricata.git