forked from snort3/snort3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdev_notes.txt
24 lines (20 loc) · 1.31 KB
/
dev_notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
This directory contains the implementation of UDP session tracking and
processing functions. When the network protocol for a flow is determined
to be UDP the base Stream preprocessor will delegate handling of the
packets on that flow to this module.
The StreamUdp class is implemented as a subclass of Inspector and provides
functions for loading stream UDP configuration and packet evaluation. The
packet eval method is not used as the base Stream Inspector delegates
packets directly to the UDP session packet processing method.
The module udp_ha.cc (and udp_ha.h) implements the per-protocol hooks into
the stream logic for HA. UdpHAManager is a static class that interfaces
to a per-packet thread instance of the class UdpHA. UdpHA is sub-class
of ProtocolHA, declared in the stream/base area. Thus each protocol
within 'stream' can have specific HA logic and interfaces.
UdpHAManager::process_deletion() is called when an UDP stream is being
destroyed and indicates to the stream & flow HA logic that a flow
deletion HA message needs to be emitted for the flow in question.
Udp streams are closed due to timeout or pruning actions which lead
to the invocation of process_deletion().
UdpHA::create_session() is called from the stream & flow HA logic and
handles the creation of new flow upon receiving an HA update message.