aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

flow/tcp: consider pkts established based on 3whs

Browse Source
pull/5230/head
Victor Julien 6 years ago
parent 7309c97eda
commit f65bf4c7ea
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File

9
src/flow.c
Unescape Escape View File

@ -475,14 +475,17 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
p->flowflags |= FLOW_PKT_ESTABLISHED;
} else if (f->proto == IPPROTO_TCP) {
TcpSession *ssn = (TcpSession *)f->protoctx;
if (ssn != NULL && ssn->state >= TCP_ESTABLISHED) {
p->flowflags |= FLOW_PKT_ESTABLISHED;
}
} else if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) ==
(FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
p->flowflags |= FLOW_PKT_ESTABLISHED;
if (f->proto != IPPROTO_TCP) {
FlowUpdateState(f, FLOW_STATE_ESTABLISHED);
}
FlowUpdateState(f, FLOW_STATE_ESTABLISHED);
}
/*set the detection bypass flags*/

Write Preview
Loading…
Cancel
Save