Skip to content

Commit

Permalink
flow/pkts: allow matching on either direction
Browse files Browse the repository at this point in the history 
For flow.bytes and flow.pkts keywords, allow matching in either
direction.

Feature 5646
  • Loading branch information
@inashivb
inashivb committed Oct 7, 2024
1 parent ac9c5d2 commit e68868b
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions src/detect-flow-pkts.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@

#define DETECT_FLOW_TO_SERVER 1
#define DETECT_FLOW_TO_CLIENT 2
#define DETECT_FLOW_TO_EITHER 3

typedef struct DetectFlow_ {
DetectU32Data *pkt_data;
Expand All @@ -44,6 +45,13 @@ static int DetectFlowPktsMatch(
return DetectU32Match(p->flow->todstpktcnt, df->pkt_data);
} else if (df->dir == DETECT_FLOW_TO_CLIENT) {
return DetectU32Match(p->flow->tosrcpktcnt, df->pkt_data);
} else if (df->dir == DETECT_FLOW_TO_EITHER) {
if (DetectU32Match(p->flow->tosrcpktcnt, df->pkt_data)) {
return 1;
}
if (DetectU32Match(p->flow->todstpktcnt, df->pkt_data)) {
return 1;
}
}
return 0;
}
Expand Down Expand Up @@ -83,6 +91,8 @@ static int DetectFlowPktsSetup(DetectEngineCtx *de_ctx, Signature *s, const char
df->dir = DETECT_FLOW_TO_SERVER;
} else if (strcmp(token, "toclient") == 0) {
df->dir = DETECT_FLOW_TO_CLIENT;
} else if (strcmp(token, "either") == 0) {
df->dir = DETECT_FLOW_TO_EITHER;
}

if (dir_set) {
Expand Down Expand Up @@ -160,6 +170,13 @@ static int DetectFlowBytesMatch(
return DetectU64Match(p->flow->todstbytecnt, df->byte_data);
} else if (df->dir == DETECT_FLOW_TO_CLIENT) {
return DetectU64Match(p->flow->tosrcbytecnt, df->byte_data);
} else if (df->dir == DETECT_FLOW_TO_EITHER) {
if (DetectU64Match(p->flow->tosrcbytecnt, df->byte_data)) {
return 1;
}
if (DetectU64Match(p->flow->todstbytecnt, df->byte_data)) {
return 1;
}
}
return 0;
}
Expand Down Expand Up @@ -199,6 +216,8 @@ static int DetectFlowBytesSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
df->dir = DETECT_FLOW_TO_SERVER;
} else if (strcmp(token, "toclient") == 0) {
df->dir = DETECT_FLOW_TO_CLIENT;
} else if (strcmp(token, "either") == 0) {
df->dir = DETECT_FLOW_TO_EITHER;
}

if (dir_set) {
Expand Down

0 comments on commit e68868b

Please sign in to comment.