#include <stream-tcp-private.h>
Data Fields | |
| uint16_t | flags:12 |
| uint16_t | wscale:4 |
| uint8_t | os_policy |
| uint8_t | tcp_flags |
| uint32_t | isn |
| uint32_t | next_seq |
| uint32_t | last_ack |
| uint32_t | next_win |
| uint32_t | window |
| uint32_t | last_ts |
| uint32_t | last_pkt_ts |
| uint32_t | base_seq |
| uint32_t | app_progress_rel |
| uint32_t | raw_progress_rel |
| uint32_t | log_progress_rel |
| uint32_t | min_inspect_depth |
| uint32_t | data_required |
| StreamingBuffer | sb |
| struct TCPSEG | seg_tree |
| uint32_t | segs_right_edge |
| uint32_t | sack_size |
| struct TCPSACK | sack_tree |
Detailed Description
Definition at line 106 of file stream-tcp-private.h.
Field Documentation
◆ app_progress_rel
| uint32_t TcpStream_::app_progress_rel |
app-layer progress relative to STREAM_BASE_OFFSET
Definition at line 127 of file stream-tcp-private.h.
Referenced by StreamTcpUpdateAppLayerProgress().
◆ base_seq
| uint32_t TcpStream_::base_seq |
seq where we are left with reassembly. Matches STREAM_BASE_OFFSET below.
Definition at line 124 of file stream-tcp-private.h.
Referenced by StreamDataRightEdge(), StreamNeedsReassembly(), StreamReassembleRawHasDataReady(), StreamTcpInlineSegmentCompare(), and StreamTcpUTSetupStream().
◆ data_required
| uint32_t TcpStream_::data_required |
data required from STREAM_APP_PROGRESS before calling app-layer again
Definition at line 133 of file stream-tcp-private.h.
◆ flags
| uint16_t TcpStream_::flags |
Flag specific to the stream e.g. Timestamp
Definition at line 107 of file stream-tcp-private.h.
Referenced by EveAddFlowTcpStreamFlags(), FlowGetDisruptionFlags(), StreamNeedsReassembly(), StreamReassembleLog(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), StreamTcpDetectLogFlush(), StreamTcpPruneSession(), StreamTcpReassembleAppLayer(), StreamTcpReassembleDepthReached(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpReassembleTriggerRawReassembly(), StreamTcpSetDisableRawReassemblyFlag(), and StreamTcpSetSessionNoReassemblyFlag().
◆ isn
| uint32_t TcpStream_::isn |
initial sequence number
Definition at line 113 of file stream-tcp-private.h.
Referenced by StreamTcpUTSetupStream(), and UTHAddSessionToFlow().
◆ last_ack
| uint32_t TcpStream_::last_ack |
last ack'd sequence number in this stream
Definition at line 115 of file stream-tcp-private.h.
Referenced by StreamTcpSackPruneList(), StreamTcpSegmentForEach(), and UTHAddStreamToFlow().
◆ last_pkt_ts
| uint32_t TcpStream_::last_pkt_ts |
Time of last seen packet for this stream (needed for PAWS update) This will be used to validate the last_ts, when connection has been idle for longer time.(RFC 1323)
Definition at line 120 of file stream-tcp-private.h.
◆ last_ts
| uint32_t TcpStream_::last_ts |
Time stamp (TSVAL) of the last seen packet for this stream
Definition at line 119 of file stream-tcp-private.h.
◆ log_progress_rel
| uint32_t TcpStream_::log_progress_rel |
streaming logger progress relative to STREAM_BASE_OFFSET
Definition at line 129 of file stream-tcp-private.h.
◆ min_inspect_depth
| uint32_t TcpStream_::min_inspect_depth |
min inspect size set by the app layer, to make sure enough data remains available for inspection together with app layer buffers
Definition at line 131 of file stream-tcp-private.h.
Referenced by StreamTcpReassemblySetMinInspectDepth().
◆ next_seq
| uint32_t TcpStream_::next_seq |
next expected sequence number
Definition at line 114 of file stream-tcp-private.h.
◆ next_win
| uint32_t TcpStream_::next_win |
next max seq within window
Definition at line 116 of file stream-tcp-private.h.
◆ os_policy
| uint8_t TcpStream_::os_policy |
target based OS policy used for reassembly and handling packets
Definition at line 110 of file stream-tcp-private.h.
Referenced by StreamTcpReassembleHandleSegmentHandleData().
◆ raw_progress_rel
| uint32_t TcpStream_::raw_progress_rel |
raw reassembly progress relative to STREAM_BASE_OFFSET
Definition at line 128 of file stream-tcp-private.h.
Referenced by StreamReassembleRawUpdateProgress().
◆ sack_size
| uint32_t TcpStream_::sack_size |
combined size of the SACK ranges currently in our tree. Updated at INSERT/REMOVE time.
Definition at line 139 of file stream-tcp-private.h.
Referenced by StreamTcpSackFreeList(), and StreamTcpSackPruneList().
◆ sack_tree
| struct TCPSACK TcpStream_::sack_tree |
red back tree of TCP SACK records.
Definition at line 139 of file stream-tcp-private.h.
Referenced by StreamTcpSackFreeList(), and StreamTcpSackPruneList().
◆ sb
| StreamingBuffer TcpStream_::sb |
Definition at line 135 of file stream-tcp-private.h.
Referenced by StreamDataAvailableForProtoDetect(), StreamTcpInlineSegmentCompare(), StreamTcpPruneSession(), StreamTcpSegmentForEach(), StreamTcpSegmentForSession(), StreamTcpStreamCleanup(), StreamTcpUTSetupSession(), StreamTcpUTSetupStream(), UTHAddSessionToFlow(), UTHAddStreamToFlow(), UTHCheckDataAtPosition(), and UTHCheckGapAtPosition().
◆ seg_tree
| struct TCPSEG TcpStream_::seg_tree |
red black tree of TCP segments. Data is stored in TcpStream::sb
Definition at line 135 of file stream-tcp-private.h.
Referenced by StreamReassembleRawHasDataReady(), StreamTcpReassembleAppLayer(), StreamTcpReturnStreamSegments(), StreamTcpSegmentForEach(), and StreamTcpSegmentForSession().
◆ segs_right_edge
| uint32_t TcpStream_::segs_right_edge |
Definition at line 137 of file stream-tcp-private.h.
Referenced by StreamDataRightEdge(), StreamNeedsReassembly(), and StreamReassembleRawHasDataReady().
◆ tcp_flags
| uint8_t TcpStream_::tcp_flags |
TCP flags seen
Definition at line 111 of file stream-tcp-private.h.
◆ window
| uint32_t TcpStream_::window |
current window setting, after wscale is applied
Definition at line 117 of file stream-tcp-private.h.
◆ wscale
| uint16_t TcpStream_::wscale |
wscale setting in this direction, 4 bits as max val is 15
Definition at line 109 of file stream-tcp-private.h.
The documentation for this struct was generated from the following file:
