[Snort-devel] ip and port in stream data structure

Adayadil Thomas adayadil.thomas at ...2499...
Thu Jun 9 07:57:11 EDT 2005


In the stream data structure, there is ip and port, which does not
seem to be used
at all in the code. Also it seems to be redundant info. Please comment. Anyone ?

typedef struct _Stream
    u_int32_t ip;          /* IP addr */
    u_int16_t port;        /* port number */
    u_int8_t  state;       /* stream state */
    u_int32_t isn;         /* initial sequence number */
    u_int32_t base_seq;    /* base seq num for this packet set */
    u_int32_t last_ack;    /* last segment ack'd */
    u_int16_t win_size;    /* window size */
    u_int32_t next_seq;    /* next sequence we expect to see -- used
on reassemble */
    u_int32_t pkts_sent;   /* track the number of packets in this stream */
    u_int32_t bytes_sent;  /* track the number of bytes in this stream */
    u_int32_t bytes_tracked; /* track the total number of bytes on this side */
    u_int8_t  state_queue;    /* queued state transition */
    u_int8_t  expected_flags; /* tcp flag needed to accept transition */
    u_int32_t trans_seq;      /* sequence number of transition packet */
    u_int8_t  stq_chk_seq;    /* flag to see if we need to check the seq
                                 num of the state transition packet */
    ubi_trRoot data;

    u_int32_t last_trunc_time; /* last time this session was
truncated. (stream4inline) */
} Stream;

More information about the Snort-devel mailing list