|
|
|
|
@ -43,53 +43,51 @@ typedef struct AppLayerParserState_ AppLayerParserState;
|
|
|
|
|
/* per flow flags */
|
|
|
|
|
|
|
|
|
|
/** At least on packet from the source address was seen */
|
|
|
|
|
#define FLOW_TO_SRC_SEEN 0x00000001
|
|
|
|
|
#define FLOW_TO_SRC_SEEN BIT_U32(0)
|
|
|
|
|
/** At least on packet from the destination address was seen */
|
|
|
|
|
#define FLOW_TO_DST_SEEN 0x00000002
|
|
|
|
|
#define FLOW_TO_DST_SEEN BIT_U32(1)
|
|
|
|
|
/** Don't return this from the flow hash. It has been replaced. */
|
|
|
|
|
#define FLOW_TCP_REUSED 0x00000004
|
|
|
|
|
#define FLOW_TCP_REUSED BIT_U32(2)
|
|
|
|
|
|
|
|
|
|
/** Flow was inspected against IP-Only sigs in the toserver direction */
|
|
|
|
|
#define FLOW_TOSERVER_IPONLY_SET 0x00000020
|
|
|
|
|
#define FLOW_TOSERVER_IPONLY_SET BIT_U32(3)
|
|
|
|
|
/** Flow was inspected against IP-Only sigs in the toclient direction */
|
|
|
|
|
#define FLOW_TOCLIENT_IPONLY_SET 0x00000040
|
|
|
|
|
#define FLOW_TOCLIENT_IPONLY_SET BIT_U32(4)
|
|
|
|
|
|
|
|
|
|
/** Packet belonging to this flow should not be inspected at all */
|
|
|
|
|
#define FLOW_NOPACKET_INSPECTION 0x00000080
|
|
|
|
|
#define FLOW_NOPACKET_INSPECTION BIT_U32(5)
|
|
|
|
|
/** Packet payloads belonging to this flow should not be inspected */
|
|
|
|
|
#define FLOW_NOPAYLOAD_INSPECTION 0x00000100
|
|
|
|
|
#define FLOW_NOPAYLOAD_INSPECTION BIT_U32(6)
|
|
|
|
|
|
|
|
|
|
/** All packets in this flow should be dropped */
|
|
|
|
|
#define FLOW_ACTION_DROP 0x00000200
|
|
|
|
|
#define FLOW_ACTION_DROP BIT_U32(7)
|
|
|
|
|
|
|
|
|
|
/** Sgh for toserver direction set (even if it's NULL) */
|
|
|
|
|
#define FLOW_SGH_TOSERVER 0x00000400
|
|
|
|
|
#define FLOW_SGH_TOSERVER BIT_U32(8)
|
|
|
|
|
/** Sgh for toclient direction set (even if it's NULL) */
|
|
|
|
|
#define FLOW_SGH_TOCLIENT 0x00000800
|
|
|
|
|
#define FLOW_SGH_TOCLIENT BIT_U32(9)
|
|
|
|
|
|
|
|
|
|
/** packet to server direction has been logged in drop file (only in IPS mode) */
|
|
|
|
|
#define FLOW_TOSERVER_DROP_LOGGED 0x00001000
|
|
|
|
|
#define FLOW_TOSERVER_DROP_LOGGED BIT_U32(10)
|
|
|
|
|
/** packet to client direction has been logged in drop file (only in IPS mode) */
|
|
|
|
|
#define FLOW_TOCLIENT_DROP_LOGGED 0x00002000
|
|
|
|
|
#define FLOW_TOCLIENT_DROP_LOGGED BIT_U32(11)
|
|
|
|
|
/** alproto detect done. Right now we need it only for udp */
|
|
|
|
|
#define FLOW_ALPROTO_DETECT_DONE 0x00004000
|
|
|
|
|
|
|
|
|
|
// vacany 1x
|
|
|
|
|
#define FLOW_ALPROTO_DETECT_DONE BIT_U32(12)
|
|
|
|
|
|
|
|
|
|
/** Pattern matcher alproto detection done */
|
|
|
|
|
#define FLOW_TS_PM_ALPROTO_DETECT_DONE 0x00008000
|
|
|
|
|
#define FLOW_TS_PM_ALPROTO_DETECT_DONE BIT_U32(13)
|
|
|
|
|
/** Probing parser alproto detection done */
|
|
|
|
|
#define FLOW_TS_PP_ALPROTO_DETECT_DONE 0x00010000
|
|
|
|
|
#define FLOW_TS_PP_ALPROTO_DETECT_DONE BIT_U32(14)
|
|
|
|
|
/** Pattern matcher alproto detection done */
|
|
|
|
|
#define FLOW_TC_PM_ALPROTO_DETECT_DONE 0x00020000
|
|
|
|
|
#define FLOW_TC_PM_ALPROTO_DETECT_DONE BIT_U32(15)
|
|
|
|
|
/** Probing parser alproto detection done */
|
|
|
|
|
#define FLOW_TC_PP_ALPROTO_DETECT_DONE 0x00040000
|
|
|
|
|
#define FLOW_TIMEOUT_REASSEMBLY_DONE 0x00080000
|
|
|
|
|
#define FLOW_TC_PP_ALPROTO_DETECT_DONE BIT_U32(16)
|
|
|
|
|
#define FLOW_TIMEOUT_REASSEMBLY_DONE BIT_U32(17)
|
|
|
|
|
|
|
|
|
|
/** flow is ipv4 */
|
|
|
|
|
#define FLOW_IPV4 0x00400000
|
|
|
|
|
#define FLOW_IPV4 BIT_U32(18)
|
|
|
|
|
/** flow is ipv6 */
|
|
|
|
|
#define FLOW_IPV6 0x00800000
|
|
|
|
|
#define FLOW_IPV6 BIT_U32(19)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* File flags */
|
|
|
|
|
|
Victor Julien
9 years ago