One-way connection status gets lost outside of NetSessions::DoNextPacket()

Description

NetSessions:oNextPacket() builds up a ConnID instance for the given packet, and eventually uses this instance to produce a hash key for the relevant flows dictionary. ConnID supports tracking whether a connection is one-way, via its is_one_way member. We currently only use this in the case of certain ICMPv4/6 flows, see e.g. analyzer::icmp::ICMP4_counterpart().

If the flow lookup leads to a new Connection instance, we copy all of the ConnID properties ... except is_one_way. This bit gets lost once we exit NetSessions:oNextPacket().

We should also copy this one-wayness bit into the connection (and potentially expose it to the script layer) since otherwise any code that needs to know whether Bro is treating a flow as a one-way entity needs to repeat the analysis coded into NetSessions:oNextPacket().

I'm happy to do a pull request if you guys agree...

Environment

None

Assignee

Unassigned

Reporter

Christian Kreibich

Labels

External issue ID

None

Components

Affects versions

Priority

Normal
Configure