Support #1407
Updated by Victor Julien almost 8 years ago
New source in Suri v2.0.7: <pre> /** * \brief determine the direction of the packet compared to the flow * \retval 0 to_server * \retval 1 to_client */ int FlowGetPacketDirection(Flow *f, const Packet *p) { if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP || p->proto == IPPROTO_SCTP) { if (!(CMP_PORT(p->sp,p->dp))) { /* update flags and counters */ if (CMP_PORT(f->sp,p->sp)) { return TOSERVER; } else { return TOCLIENT; } } else { if (CMP_ADDR(&f->src,&p->src)) { return TOSERVER; } else { return TOCLIENT; } } } else if (p->proto == IPPROTO_ICMP || p->proto == IPPROTO_ICMPV6) { if (CMP_ADDR(&f->src,&p->src)) { return TOSERVER; } else { return TOCLIENT; } } /* default to toserver */ return TOSERVER; } </pre> I do not understand why must compare source port and destination port of new packet? Others, to determine the direction of a new packet, in TCP case, first packet has SYN flag. So, the packet has SYN flag that will be correct direction of flow. In my opinion, should check SYN flag of new packets for determining its direction.