From ad9446d799e0104382b86c1d1b8b24206786031e Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Thu, 30 Nov 2023 16:58:47 +0100 Subject: [PATCH] Session/TCP/UDP: Reserve HIST_UNKNOWN_PKT mask This is meant to be used for a new 'X' code in the history in scenarios when packets are knowingly not processed or an unexpected unknown situation is recognized. Usually, these situations are currently reported via weirds or analyzer violations, but being able to include it in the history field allows them to be more visible. Will be used for exceeding tunnel depths first. --- src/analyzer/protocol/tcp/TCP_Endpoint.h | 1 + src/packet_analysis/protocol/udp/UDP.cc | 1 + src/session/Session.h | 4 +++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index 993c4b826b..df8acffdff 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -203,6 +203,7 @@ public: #define HIST_CORRUPT_PKT 0x80 #define HIST_RXMIT 0x100 #define HIST_WIN0 0x200 + // #define HIST_UNKNOWN_PKT 0x400 (do not use - used in Session.h) bool CheckHistory(uint32_t mask, char code); void AddHistory(char code); diff --git a/src/packet_analysis/protocol/udp/UDP.cc b/src/packet_analysis/protocol/udp/UDP.cc index ae609e1dd3..5796d0969e 100644 --- a/src/packet_analysis/protocol/udp/UDP.cc +++ b/src/packet_analysis/protocol/udp/UDP.cc @@ -18,6 +18,7 @@ constexpr uint32_t HIST_ORIG_DATA_PKT = 0x1; constexpr uint32_t HIST_RESP_DATA_PKT = 0x2; constexpr uint32_t HIST_ORIG_CORRUPT_PKT = 0x4; constexpr uint32_t HIST_RESP_CORRUPT_PKT = 0x8; +// constexpr uint32_t HIST_UNKNOWN_PKT = 0x400; (do not use - used in Session.h) UDPAnalyzer::UDPAnalyzer() : IPBasedAnalyzer("UDP", TRANSPORT_UDP, UDP_PORT_MASK, false) {} diff --git a/src/session/Session.h b/src/session/Session.h index 589c39af71..467dd9c9af 100644 --- a/src/session/Session.h +++ b/src/session/Session.h @@ -24,7 +24,9 @@ class Analyzer; namespace session { namespace detail { class Timer; -} + +constexpr uint32_t HIST_UNKNOWN_PKT = 0x400; // Initially for exceeded_tunnel_max_depth. +} // namespace detail class Session; using timer_func = void (Session::*)(double t);