flow: add util func to remove packet from flow

Unsets the p::flowflags that were previously set.
11 years ago · 2fb9611223
parent cf58ecb084
commit 2fb9611223
3 changed files with 40 additions and 0 deletions
--- a/src/decode.h
+++ b/src/decode.h
@ -872,6 +872,10 @@ void AddressDebugPrint(Address *);
        (p)->flags |= PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

+#define DecodeUnsetNoPayloadInspectionFlag(p) do { \
+        (p)->flags &= ~PKT_NOPAYLOAD_INSPECTION;  \
+    } while (0)
+
 /** \brief Set the No packet inspection Flag for the packet.
 *
 * \param p Packet to set the flag in
@ -879,6 +883,9 @@ void AddressDebugPrint(Address *);
 #define DecodeSetNoPacketInspectionFlag(p) do { \
        (p)->flags |= PKT_NOPACKET_INSPECTION;  \
    } while (0)
+#define DecodeUnsetNoPacketInspectionFlag(p) do { \
+        (p)->flags &= ~PKT_NOPACKET_INSPECTION;  \
+    } while (0)


 #define ENGINE_SET_EVENT(p, e) do { \
--- a/src/flow.c
+++ b/src/flow.c
@ -226,6 +226,37 @@ static inline int FlowUpdateSeenFlag(const Packet *p)
    return 1;
 }

+/**
+ *
+ *  Remove packet from flow. This assumes this happens *before* the packet
+ *  is added to the stream engine and other higher state.
+ *
+ *  \todo we can't restore the lastts
+ */
+void FlowHandlePacketUpdateRemove(Flow *f, Packet *p)
+{
+    if (p->flowflags & FLOW_PKT_TOSERVER) {
+        f->todstpktcnt--;
+        f->todstbytecnt -= GET_PKT_LEN(p);
+        p->flowflags &= ~FLOW_PKT_TOSERVER;
+    } else {
+        f->tosrcpktcnt--;
+        f->tosrcbytecnt -= GET_PKT_LEN(p);
+        p->flowflags &= ~FLOW_PKT_TOCLIENT;
+    }
+    p->flowflags &= ~FLOW_PKT_ESTABLISHED;
+
+    /*set the detection bypass flags*/
+    if (f->flags & FLOW_NOPACKET_INSPECTION) {
+        SCLogDebug("unsetting FLOW_NOPACKET_INSPECTION flag on flow %p", f);
+        DecodeUnsetNoPacketInspectionFlag(p);
+    }
+    if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
+        SCLogDebug("unsetting FLOW_NOPAYLOAD_INSPECTION flag on flow %p", f);
+        DecodeUnsetNoPayloadInspectionFlag(p);
+    }
+}
+
 /** \brief Update Packet and Flow
 *
 *  Updates packet and flow based on the new packet.
--- a/src/flow.h
+++ b/src/flow.h
@ -575,6 +575,8 @@ int FlowClearMemory(Flow *,uint8_t );
 AppProto FlowGetAppProtocol(Flow *f);
 void *FlowGetAppState(Flow *f);

+
+void FlowHandlePacketUpdateRemove(Flow *f, Packet *p);
 void FlowHandlePacketUpdate(Flow *f, Packet *p);

 #endif /* __FLOW_H__ */