From: Eric Leblond Date: Mon, 23 Jan 2023 19:05:39 +0000 (+0100) Subject: quic: add TX orientation X-Git-Tag: suricata-7.0.0-rc2~464 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=19174de4f394e286fad7160de5a3a43d1b067ef4;p=thirdparty%2Fsuricata.git quic: add TX orientation Set no inspection in the opposite side of the transaction. Ticket: #5799 --- diff --git a/rust/src/quic/quic.rs b/rust/src/quic/quic.rs index 6b680a67c0..d4ba7ed7d5 100644 --- a/rust/src/quic/quic.rs +++ b/rust/src/quic/quic.rs @@ -22,7 +22,7 @@ use super::{ parser::{quic_pkt_num, QuicData, QuicHeader, QuicType}, }; use crate::applayer::{self, *}; -use crate::core::{AppProto, Flow, ALPROTO_FAILED, ALPROTO_UNKNOWN, IPPROTO_UDP}; +use crate::core::{AppProto, Flow, ALPROTO_FAILED, ALPROTO_UNKNOWN, IPPROTO_UDP, Direction}; use std::collections::VecDeque; use std::ffi::CString; use tls_parser::TlsExtensionType; @@ -58,7 +58,7 @@ impl QuicTransaction { extv: Vec, ja3: Option, client: bool, ) -> Self { let cyu = Cyu::generate(&header, &data.frames); - QuicTransaction { + let mut ntx = QuicTransaction { tx_id: 0, header, cyu, @@ -68,7 +68,13 @@ impl QuicTransaction { ja3, client, tx_data: AppLayerTxData::new(), + }; + if client { + ntx.tx_data.set_inspect_direction(Direction::ToServer); + } else { + ntx.tx_data.set_inspect_direction(Direction::ToClient); } + return ntx; } fn new_empty(client: bool, header: QuicHeader) -> Self { @@ -135,6 +141,11 @@ impl QuicState { let mut tx = QuicTransaction::new(header, data, sni, ua, extb, ja3, client); self.max_tx_id += 1; tx.tx_id = self.max_tx_id; + if client { + tx.tx_data.set_inspect_direction(Direction::ToServer); + } else { + tx.tx_data.set_inspect_direction(Direction::ToClient); + } self.transactions.push_back(tx); }