From 06b6f85c1f8f154925ef4e7aa0e1acd567c1c786 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Tue, 23 Mar 2021 23:45:22 +0100
Subject: [PATCH] json/flow: log if flow had gap in TCP

---
 src/output-json-flow.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 0aa74ba86f..f817bc1fb2 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -309,6 +309,12 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
             const char *tcp_state = StreamTcpStateAsString(ssn->state);
             if (tcp_state != NULL)
                 jb_set_string(jb, "state", tcp_state);
+            if (FlowHasGaps(f, STREAM_TOCLIENT)) {
+                JB_SET_TRUE(jb, "tc_gap");
+            }
+            if (FlowHasGaps(f, STREAM_TOSERVER)) {
+                JB_SET_TRUE(jb, "ts_gap");
+            }
         }
 
         /* Close tcp. */