flow: add bypassed states

This patch adds two new states to the flow:
* local bypass: for suricata only bypass, packets belonging to
a flow in this state will be discard fast
* capture bypass: capture method is handling the bypass and suricata
will discard packets that are currently queued

A bypassed state to flow that will be set on flow when a bypass
decision is taken. In the case of capture bypass this will allow
to remove faster the flow entry from the flow table instead of
waiting for the "established" timeout.

src/flow-manager.c

@@ -67,6 +67,8 @@
 
 #include "output-flow.h"
 
+#define FLOW_BYPASSED_TIMEOUT   6
+
 /* Run mode selected at suricata.c */
 extern int run_mode;
 
@@ -203,11 +205,15 @@ static inline uint32_t FlowGetFlowTimeout(const Flow *f, enum FlowState state)
             timeout = flow_timeouts[f->protomap].new_timeout;
             break;
         case FLOW_STATE_ESTABLISHED:
+        case FLOW_STATE_LOCAL_BYPASSED:
             timeout = flow_timeouts[f->protomap].est_timeout;
             break;
         case FLOW_STATE_CLOSED:
             timeout = flow_timeouts[f->protomap].closed_timeout;
             break;
+        case FLOW_STATE_CAPTURE_BYPASSED:
+            timeout = FLOW_BYPASSED_TIMEOUT;
+            break;
     }
     return timeout;
 }

src/flow.h

@@ -425,6 +425,8 @@ enum FlowState {
     FLOW_STATE_NEW = 0,
     FLOW_STATE_ESTABLISHED,
     FLOW_STATE_CLOSED,
+    FLOW_STATE_LOCAL_BYPASSED,
+    FLOW_STATE_CAPTURE_BYPASSED,
 };
 
 typedef struct FlowProtoTimeout_ {