flow-timeout: Use yaml config value for CAPTURE_BYPASSED flow

author Amir Boussejra <amir.boussejra@gatewatcher.com>

Tue, 28 Oct 2025 12:49:43 +0000 (13:49 +0100)

committer Victor Julien <vjulien@oisf.net>

Thu, 30 Oct 2025 16:16:33 +0000 (16:16 +0000)
author Amir Boussejra <amir.boussejra@gatewatcher.com>
Tue, 28 Oct 2025 12:49:43 +0000 (13:49 +0100)
committer Victor Julien <vjulien@oisf.net>
Thu, 30 Oct 2025 16:16:33 +0000 (16:16 +0000)
diff --git a/src/flow-private.h b/src/flow-private.h

index ebd4e11961b4124eafc4a5a461ba66b4240ba836..a7a4a011b5e0ada031f76ed52bc7d4d59b26f75e 100644 (file)
--- a/src/flow-private.h
+++ b/src/flow-private.h
@@ -62,8 +62,6 @@
  #define FLOW_IPPROTO_ICMP_EMERG_NEW_TIMEOUT 10
  #define FLOW_IPPROTO_ICMP_EMERG_EST_TIMEOUT 100
  
-#define FLOW_BYPASSED_TIMEOUT   100
-
  enum {
      FLOW_PROTO_TCP = 0,
      FLOW_PROTO_UDP,
@@ -119,7 +117,7 @@ static inline uint32_t FlowGetFlowTimeoutDirect(
              break;
  #ifdef CAPTURE_OFFLOAD
          case FLOW_STATE_CAPTURE_BYPASSED:
-            timeout = FLOW_BYPASSED_TIMEOUT;
+            timeout = flow_timeouts[protomap].bypassed_timeout;
              break;
  #endif
          case FLOW_STATE_LOCAL_BYPASSED:
@@ -169,7 +167,7 @@ static inline uint32_t FlowGetTimeoutPolicy(const Flow *f)
              break;
  #ifdef CAPTURE_OFFLOAD
          case FLOW_STATE_CAPTURE_BYPASSED:
-            timeout = FLOW_BYPASSED_TIMEOUT;
+            timeout = flow_timeouts[f->protomap].bypassed_timeout;
              break;
  #endif
          case FLOW_STATE_LOCAL_BYPASSED:
diff --git a/src/flow.c b/src/flow.c

index 70777a1ecdd617d712742072dc3b51e69b1106e0..154cda66f6b17f25833be4672c893cf7943e6656 100644 (file)
--- a/src/flow.c
+++ b/src/flow.c
@@ -414,8 +414,10 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
          }
  #ifdef CAPTURE_OFFLOAD
      } else {
+        FlowProtoTimeoutPtr flow_timeouts = SC_ATOMIC_GET(flow_timeouts);
          /* still seeing packet, we downgrade to local bypass */
-        if (SCTIME_SECS(p->ts) - SCTIME_SECS(f->lastts) > FLOW_BYPASSED_TIMEOUT / 2) {
+        if (SCTIME_SECS(p->ts) - SCTIME_SECS(f->lastts) >
+                flow_timeouts[f->protomap].bypassed_timeout / 2) {
              SCLogDebug("Downgrading flow to local bypass");
              f->lastts = p->ts;
              FlowUpdateState(f, FLOW_STATE_LOCAL_BYPASSED);
author	Amir Boussejra <amir.boussejra@gatewatcher.com>
	Tue, 28 Oct 2025 12:49:43 +0000 (13:49 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Thu, 30 Oct 2025 16:16:33 +0000 (16:16 +0000)
src/flow-private.h		patch \| blob \| blame \| history
src/flow.c		patch \| blob \| blame \| history