aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

time: Replace struct timeval with scalar value

Browse Source 
Issue: 5718

This commit switches the majority of time handling to a new type --
SCTime_t -- which is a 64 bit container for time:
- 44 bits -- seconds
- 20 bits -- useconds
pull/8430/head
Jeff Lucovsky 3 years ago committed by Victor Julien
parent 7702ad410e
commit 31793aface
87 changed files with 527 additions and 640 deletions
Show Stats Download Patch File Download Diff File

6
src/alert-debuglog.c
Unescape Escape View File

@ -162,7 +162,7 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da
MemBufferReset(aft->buffer);
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
MemBufferWriteString(aft->buffer, "+================\n"
"TIME: %s\n", timebuf);
@ -206,7 +206,7 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da
if (p->flow != NULL) {
int applayer = 0;
applayer = StreamTcpAppLayerIsDisabled(p->flow);
CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf));
CreateTimeString(p->flow->startts, timebuf, sizeof(timebuf));
MemBufferWriteString(aft->buffer, "FLOW Start TS: %s\n", timebuf);
MemBufferWriteString(aft->buffer, "FLOW PKTS TODST: %"PRIu32"\n"
"FLOW PKTS TOSRC: %"PRIu32"\n"
@ -324,7 +324,7 @@ static TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, const Packet *p, void *
MemBufferReset(aft->buffer);
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
MemBufferWriteString(aft->buffer,
"+================\n"

2
src/alert-fastlog.c
Unescape Escape View File

@ -106,7 +106,7 @@ int AlertFastLogger(ThreadVars *tv, void *data, const Packet *p)
char timebuf[64];
int decoder_event = 0;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
if (PKT_IS_IPV4(p)) {

6
src/app-layer-expectation.c
Unescape Escape View File

@ -71,7 +71,7 @@ SC_ATOMIC_DECLARE(uint32_t, expectation_count);
#define EXPECTATION_MAX_LEVEL 10
typedef struct Expectation_ {
struct timeval ts;
SCTime_t ts;
Port sp;
Port dp;
AppProto alproto;
@ -317,8 +317,6 @@ AppProto AppLayerExpectationHandle(Flow *f, uint8_t flags)
if (exp_list == NULL)
goto out;
time_t ctime = f->lastts.tv_sec;
CIRCLEQ_FOREACH_SAFE(exp, &exp_list->list, entries, lexp) {
if ((exp->direction & flags) && ((exp->sp == 0) || (exp->sp == f->sp)) &&
((exp->dp == 0) || (exp->dp == f->dp))) {
@ -346,7 +344,7 @@ AppProto AppLayerExpectationHandle(Flow *f, uint8_t flags)
continue;
}
/* Cleaning remove old entries */
if (ctime > exp->ts.tv_sec + EXPECTATION_TIMEOUT) {
if (SCTIME_SECS(f->lastts) > SCTIME_SECS(exp->ts) + EXPECTATION_TIMEOUT) {
exp_list = AppLayerExpectationRemove(ipp, exp_list, exp);
if (exp_list == NULL)
goto out;

10
src/app-layer-htp-range.c
Unescape Escape View File

@ -127,10 +127,10 @@ static void ContainerUrlRangeFree(void *s)
}
}
static inline bool ContainerValueRangeTimeout(HttpRangeContainerFile *cu, struct timeval *ts)
static inline bool ContainerValueRangeTimeout(HttpRangeContainerFile *cu, const SCTime_t ts)
{
// we only timeout if we have no flow referencing us
if ((uint32_t)ts->tv_sec > cu->expire || cu->error) {
if ((uint32_t)SCTIME_SECS(ts) > cu->expire || cu->error) {
if (SC_ATOMIC_GET(cu->hdata->use_cnt) == 0) {
DEBUG_VALIDATE_BUG_ON(cu->files == NULL);
return true;
@ -185,7 +185,7 @@ void HttpRangeContainersDestroy(void)
THashShutdown(ContainerUrlRangeList.ht);
}
uint32_t HttpRangeContainersTimeoutHash(struct timeval *ts)
uint32_t HttpRangeContainersTimeoutHash(const SCTime_t ts)
{
SCLogDebug("timeout: starting");
uint32_t cnt = 0;
@ -237,7 +237,7 @@ uint32_t HttpRangeContainersTimeoutHash(struct timeval *ts)
*/
static void *HttpRangeContainerUrlGet(const uint8_t *key, uint32_t keylen, const Flow *f)
{
const struct timeval *ts = &f->lastts;
const SCTime_t ts = f->lastts;
HttpRangeContainerFile lookup;
memset(&lookup, 0, sizeof(lookup));
// cast so as not to have const in the structure
@ -246,7 +246,7 @@ static void *HttpRangeContainerUrlGet(const uint8_t *key, uint32_t keylen, const
struct THashDataGetResult res = THashGetFromHash(ContainerUrlRangeList.ht, &lookup);
if (res.data) {
// nothing more to do if (res.is_new)
ContainerUrlRangeUpdate(res.data->data, ts->tv_sec + ContainerUrlRangeList.timeout);
ContainerUrlRangeUpdate(res.data->data, SCTIME_SECS(ts) + ContainerUrlRangeList.timeout);
HttpRangeContainerFile *c = res.data->data;
c->hdata = res.data;
SCLogDebug("c %p", c);

2
src/app-layer-htp-range.h
Unescape Escape View File

@ -25,7 +25,7 @@
void HttpRangeContainersInit(void);
void HttpRangeContainersDestroy(void);
uint32_t HttpRangeContainersTimeoutHash(struct timeval *ts);
uint32_t HttpRangeContainersTimeoutHash(const SCTime_t ts);
// linked list of ranges : buffer with offset
typedef struct HttpRangeContainerBuffer {

7
src/app-layer-htp.c
Unescape Escape View File

@ -839,7 +839,8 @@ static int Setup(Flow *f, HtpState *hstate)
SCLogDebug("New hstate->connp %p", hstate->connp);
htp_connp_open(hstate->connp, NULL, f->sp, NULL, f->dp, &f->startts);
struct timeval tv = { SCTIME_SECS(f->startts), SCTIME_USECS(f->startts) };
htp_connp_open(hstate->connp, NULL, f->sp, NULL, f->dp, &tv);
StreamTcpReassemblySetMinInspectDepth(f->protoctx, STREAM_TOSERVER,
htp_cfg_rec->request.inspect_min_size);
@ -882,7 +883,7 @@ static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, AppLayerPar
const uint8_t *input = StreamSliceGetData(&stream_slice);
uint32_t input_len = StreamSliceGetDataLen(&stream_slice);
htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
htp_time_t ts = { SCTIME_SECS(f->startts), SCTIME_USECS(f->startts) };
/* pass the new data to the htp parser */
if (input_len > 0) {
const int r = htp_connp_req_data(hstate->connp, &ts, input, input_len);
@ -949,7 +950,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa
DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL);
hstate->slice = &stream_slice;
htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
htp_time_t ts = { SCTIME_SECS(f->startts), SCTIME_USECS(f->startts) };
htp_tx_t *tx = NULL;
size_t consumed = 0;
if (input_len > 0) {

6
src/decode.c
Unescape Escape View File

@ -329,8 +329,7 @@ Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *pare
p->recursion_level = parent->recursion_level + 1;
DEBUG_VALIDATE_BUG_ON(parent->nb_decoded_layers >= decoder_max_layers);
p->nb_decoded_layers = parent->nb_decoded_layers + 1;
p->ts.tv_sec = parent->ts.tv_sec;
p->ts.tv_usec = parent->ts.tv_usec;
p->ts = parent->ts;
p->datalink = DLT_RAW;
p->tenant_id = parent->tenant_id;
p->livedev = parent->livedev;
@ -408,8 +407,7 @@ Packet *PacketDefragPktSetup(Packet *parent, const uint8_t *pkt, uint32_t len, u
PacketCopyData(p, pkt, len);
}
p->recursion_level = parent->recursion_level; /* NOT incremented */
p->ts.tv_sec = parent->ts.tv_sec;
p->ts.tv_usec = parent->ts.tv_usec;
p->ts = parent->ts;
p->datalink = DLT_RAW;
p->tenant_id = parent->tenant_id;
/* tell new packet it's part of a tunnel */

2
src/decode.h
Unescape Escape View File

@ -468,7 +468,7 @@ typedef struct Packet_
* hash size still */
uint32_t flow_hash;
struct timeval ts;
SCTime_t ts;
union {
/* nfq stuff */

9
src/defrag-timeout.c
Unescape Escape View File

@ -36,7 +36,7 @@
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
static int DefragTrackerTimedOut(DefragTracker *dt, struct timeval *ts)
static int DefragTrackerTimedOut(DefragTracker *dt, SCTime_t ts)
{
/** never prune a trackers that is used by a packet
* we are currently processing in one of the threads */
@ -45,7 +45,7 @@ static int DefragTrackerTimedOut(DefragTracker *dt, struct timeval *ts)
}
/* retain if remove is not set and not timed out */
if (!dt->remove && timercmp(&dt->timeout, ts, >))
if (!dt->remove && SCTIME_CMP_GT(dt->timeout, ts))
return 0;
return 1;
@ -62,7 +62,8 @@ static int DefragTrackerTimedOut(DefragTracker *dt, struct timeval *ts)
*
* \retval cnt timed out tracker
*/
static uint32_t DefragTrackerHashRowTimeout(DefragTrackerHashRow *hb, DefragTracker *dt, struct timeval *ts)
static uint32_t DefragTrackerHashRowTimeout(
DefragTrackerHashRow *hb, DefragTracker *dt, SCTime_t ts)
{
uint32_t cnt = 0;
@ -117,7 +118,7 @@ static uint32_t DefragTrackerHashRowTimeout(DefragTrackerHashRow *hb, DefragTrac
*
* \retval cnt number of timed out tracker
*/
uint32_t DefragTimeoutHash(struct timeval *ts)
uint32_t DefragTimeoutHash(SCTime_t ts)
{
uint32_t idx = 0;
uint32_t cnt = 0;

2
src/defrag-timeout.h
Unescape Escape View File

@ -24,7 +24,7 @@
#ifndef __DEFRAG_TIMEOUT_H__
#define __DEFRAG_TIMEOUT_H__
uint32_t DefragTimeoutHash(struct timeval *ts);
uint32_t DefragTimeoutHash(SCTime_t ts);
uint32_t DefragGetSpareCount(void);
uint32_t DefragGetActiveCount(void);

12
src/defrag.c
Unescape Escape View File

@ -628,7 +628,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
}
/* Update timeout. */
tracker->timeout = TimevalWithSeconds(&p->ts, tracker->host_timeout);
tracker->timeout = SCTIME_SECS(p->ts) + tracker->host_timeout;
Frag *prev = NULL, *next = NULL;
bool overlap = false;
@ -1104,7 +1104,9 @@ static Packet *BuildTestPacket(uint8_t proto, uint16_t id, uint16_t off, int mf,
PacketInit(p);
gettimeofday(&p->ts, NULL);
struct timeval tval;
gettimeofday(&tval, NULL);
p->ts = SCTIME_FROM_TIMEVAL(&tval);
//p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
ip4h.ip_verhl = 4 << 4;
ip4h.ip_verhl |= hlen >> 2;
@ -1174,7 +1176,9 @@ static Packet *IPV6BuildTestPacket(uint8_t proto, uint32_t id, uint16_t off,
PacketInit(p);
gettimeofday(&p->ts, NULL);
struct timeval tval;
gettimeofday(&tval, NULL);
p->ts = SCTIME_FROM_TIMEVAL(&tval);
ip6h.s_ip6_nxt = 44;
ip6h.s_ip6_hlim = 2;
@ -2104,7 +2108,7 @@ static int DefragTimeoutTest(void)
Packet *p = BuildTestPacket(IPPROTO_ICMP, 99, 0, 1, 'A' + i, 16);
FAIL_IF_NULL(p);
p->ts.tv_sec += (defrag_context->timeout + 1);
p->ts += SCTIME_FROM_SECS(defrag_context->timeout + 1);
Packet *tp = Defrag(NULL, NULL, p);
FAIL_IF_NOT_NULL(tp);

2
src/defrag.h
Unescape Escape View File

@ -106,7 +106,7 @@ typedef struct DefragTracker_ {
Address src_addr; /**< Source address for this tracker. */
Address dst_addr; /**< Destination address for this tracker. */
struct timeval timeout; /**< When this tracker will timeout. */
SCTime_t timeout; /**< When this tracker will timeout. */
uint32_t host_timeout; /**< Host timeout, statically assigned from the yaml */
/** use cnt, reference counter */

16
src/detect-detection-filter.c
Unescape Escape View File

@ -435,13 +435,9 @@ static int DetectDetectionFilterTestSig2(void)
{
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset(&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
Packet *p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -460,7 +456,7 @@ static int DetectDetectionFilterTestSig2(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
@ -470,7 +466,7 @@ static int DetectDetectionFilterTestSig2(void)
FAIL_IF(PacketAlertCheck(p, 10));
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
@ -497,13 +493,9 @@ static int DetectDetectionFilterTestSig3(void)
{
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset(&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
Packet *p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -521,7 +513,7 @@ static int DetectDetectionFilterTestSig3(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
@ -539,7 +531,7 @@ static int DetectDetectionFilterTestSig3(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));

15
src/detect-engine-tag.c
Unescape Escape View File

@ -263,7 +263,7 @@ static void TagHandlePacketFlow(Flow *f, Packet *p)
while (iter != NULL) {
/* update counters */
iter->last_ts = p->ts.tv_sec;
iter->last_ts = SCTIME_SECS(p->ts);
switch (iter->metric) {
case DETECT_TAG_METRIC_PACKET:
iter->packets++;
@ -385,7 +385,7 @@ static void TagHandlePacketHost(Host *host, Packet *p)
prev = NULL;
while (iter != NULL) {
/* update counters */
iter->last_ts = p->ts.tv_sec;
iter->last_ts = SCTIME_SECS(p->ts);
switch (iter->metric) {
case DETECT_TAG_METRIC_PACKET:
iter->packets++;
@ -542,7 +542,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx,
* \retval 1 no tags or tags removed -- host is free to go (from tag perspective)
* \retval 0 still active tags
*/
int TagTimeoutCheck(Host *host, struct timeval *tv)
int TagTimeoutCheck(Host *host, SCTime_t ts)
{
DetectTagDataEntry *tde = NULL;
DetectTagDataEntry *tmp = NULL;
@ -555,9 +555,8 @@ int TagTimeoutCheck(Host *host, struct timeval *tv)
prev = NULL;
while (tmp != NULL) {
struct timeval last_ts = { .tv_sec = tmp->last_ts, 0 };
struct timeval timeout_at = TimevalWithSeconds(&last_ts, TAG_MAX_LAST_TIME_SEEN);
if (!TimevalEarlier(&timeout_at, tv)) {
SCTime_t timeout_at = SCTIME_FROM_SECS(tmp->last_ts + TAG_MAX_LAST_TIME_SEEN);
if (timeout_at >= ts) {
prev = tmp;
tmp = tmp->next;
retval = 0;
@ -759,7 +758,7 @@ static int DetectTagTestPacket02 (void)
int i = 0;
for (; i < num_packets; i++) {
SCLogDebug("packet %d", i);
TimeGet(&p[i]->ts);
p[i]->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
FAIL_IF(UTHCheckPacketMatchResults(p[i], sid, (uint32_t *)&results[i][0], numsigs) == 0);
@ -1097,7 +1096,7 @@ static int DetectTagTestPacket05 (void)
p[i]->flow->protoctx = &ssn;
SCLogDebug("packet %d", i);
TimeGet(&p[i]->ts);
p[i]->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
FAIL_IF(UTHCheckPacketMatchResults(p[i], sid, (uint32_t *)&results[i][0], numsigs) == 0);

4
src/detect-engine-tag.h
Unescape Escape View File

@ -31,7 +31,7 @@
#include "detect.h"
#include "detect-tag.h"
/* This limit should be overwriten/predefined at the config file
/* This limit should be overwritten/predefined at the config file
* to limit the options to prevent possible DOS situations. We should also
* create a limit for bytes and a limit for number of packets */
#define TAG_MAX_LAST_TIME_SEEN 600
@ -53,7 +53,7 @@ void TagInitCtx(void);
void TagDestroyCtx(void);
void TagRestartCtx(void);
int TagTimeoutCheck(Host *, struct timeval *);
int TagTimeoutCheck(Host *, SCTime_t);
int TagHostHasTag(Host *host);

49
src/detect-engine-threshold.c
Unescape Escape View File

@ -156,7 +156,7 @@ const DetectThresholdData *SigGetThresholdTypeIter(
*
*/
static DetectThresholdEntry* ThresholdTimeoutCheck(DetectThresholdEntry *head, struct timeval *tv)
static DetectThresholdEntry *ThresholdTimeoutCheck(DetectThresholdEntry *head, SCTime_t ts)
{
DetectThresholdEntry *tmp = head;
DetectThresholdEntry *prev = NULL;
@ -166,8 +166,8 @@ static DetectThresholdEntry* ThresholdTimeoutCheck(DetectThresholdEntry *head, s
/* check if the 'check' timestamp is not before the creation ts.
* This can happen due to the async nature of the host timeout
* code that also calls this code from a management thread. */
struct timeval entry = TimevalWithSeconds(&tmp->tv1, (time_t)tmp->seconds);
if (TimevalEarlier(tv, &entry)) {
SCTime_t entry = tmp->tv1 + SCTIME_FROM_SECS((time_t)tmp->seconds);
if (ts <= entry) {
prev = tmp;
tmp = tmp->next;
continue;
@ -189,21 +189,20 @@ static DetectThresholdEntry* ThresholdTimeoutCheck(DetectThresholdEntry *head, s
return new_head;
}
int ThresholdHostTimeoutCheck(Host *host, struct timeval *tv)
int ThresholdHostTimeoutCheck(Host *host, SCTime_t ts)
{
DetectThresholdEntry* head = HostGetStorageById(host, host_threshold_id);
DetectThresholdEntry* new_head = ThresholdTimeoutCheck(head, tv);
DetectThresholdEntry *new_head = ThresholdTimeoutCheck(head, ts);
if (new_head != head) {
HostSetStorageById(host, host_threshold_id, new_head);
}
return new_head == NULL;
}
int ThresholdIPPairTimeoutCheck(IPPair *pair, struct timeval *tv)
int ThresholdIPPairTimeoutCheck(IPPair *pair, SCTime_t ts)
{
DetectThresholdEntry* head = IPPairGetStorageById(pair, ippair_threshold_id);
DetectThresholdEntry* new_head = ThresholdTimeoutCheck(head, tv);
DetectThresholdEntry *new_head = ThresholdTimeoutCheck(head, ts);
if (new_head != head) {
IPPairSetStorageById(pair, ippair_threshold_id, new_head);
}
@ -325,18 +324,18 @@ static inline void RateFilterSetAction(Packet *p, PacketAlert *pa, uint8_t new_a
* \retval int 1 if threshold reached for this entry
*
*/
static int IsThresholdReached(DetectThresholdEntry* lookup_tsh, const DetectThresholdData *td, struct timeval packet_time)
static int IsThresholdReached(
DetectThresholdEntry *lookup_tsh, const DetectThresholdData *td, SCTime_t packet_time)
{
int ret = 0;
/* Check if we have a timeout enabled, if so,
* we still matching (and enabling the new_action) */
if (lookup_tsh->tv_timeout != 0) {
if ((packet_time.tv_sec - lookup_tsh->tv_timeout) > td->timeout) {
if ((SCTIME_SECS(packet_time) - lookup_tsh->tv_timeout) > td->timeout) {
/* Ok, we are done, timeout reached */
lookup_tsh->tv_timeout = 0;
}
else {
} else {
/* Already matching */
ret = 1;
} /* else - if ((packet_time - lookup_tsh->tv_timeout) > td->timeout) */
@ -344,13 +343,13 @@ static int IsThresholdReached(DetectThresholdEntry* lookup_tsh, const DetectThre
}
else {
/* Update the matching state with the timeout interval */
struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
if (TimevalEarlier(&packet_time, &entry)) {
SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
if (packet_time <= entry) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count > td->count) {
/* Then we must enable the new action by setting a
* timeout */
lookup_tsh->tv_timeout = packet_time.tv_sec;
lookup_tsh->tv_timeout = SCTIME_SECS(packet_time);
ret = 1;
}
} else {
@ -362,7 +361,7 @@ static int IsThresholdReached(DetectThresholdEntry* lookup_tsh, const DetectThre
return ret;
}
static void AddEntryToHostStorage(Host *h, DetectThresholdEntry *e, struct timeval packet_time)
static void AddEntryToHostStorage(Host *h, DetectThresholdEntry *e, SCTime_t packet_time)
{
if (h && e) {
e->current_count = 1;
@ -373,7 +372,7 @@ static void AddEntryToHostStorage(Host *h, DetectThresholdEntry *e, struct timev
}
}
static void AddEntryToIPPairStorage(IPPair *pair, DetectThresholdEntry *e, struct timeval packet_time)
static void AddEntryToIPPairStorage(IPPair *pair, DetectThresholdEntry *e, SCTime_t packet_time)
{
if (pair && e) {
e->current_count = 1;
@ -404,8 +403,8 @@ static int ThresholdHandlePacket(Packet *p, DetectThresholdEntry *lookup_tsh,
SCLogDebug("limit");
if (lookup_tsh != NULL) {
struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
if (TimevalEarlier(&p->ts, &entry)) {
SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
if (p->ts <= entry) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count <= td->count) {
@ -431,8 +430,8 @@ static int ThresholdHandlePacket(Packet *p, DetectThresholdEntry *lookup_tsh,
SCLogDebug("threshold");
if (lookup_tsh != NULL) {
struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
if (TimevalEarlier(&p->ts, &entry)) {
SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
if (p->ts <= entry) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count >= td->count) {
@ -457,8 +456,8 @@ static int ThresholdHandlePacket(Packet *p, DetectThresholdEntry *lookup_tsh,
SCLogDebug("both");
if (lookup_tsh != NULL) {
struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
if (TimevalEarlier(&p->ts, &entry)) {
SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
if (p->ts <= entry) {
/* within time limit */
lookup_tsh->current_count++;
@ -495,8 +494,8 @@ static int ThresholdHandlePacket(Packet *p, DetectThresholdEntry *lookup_tsh,
SCLogDebug("detection_filter");
if (lookup_tsh != NULL) {
struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
if (TimevalEarlier(&p->ts, &entry)) {
SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
if (p->ts <= entry) {
/* within timeout */
lookup_tsh->current_count++;
if (lookup_tsh->current_count > td->count) {

4
src/detect-engine-threshold.h
Unescape Escape View File

@ -47,8 +47,8 @@ void ThresholdHashInit(DetectEngineCtx *);
void ThresholdHashAllocate(DetectEngineCtx *);
void ThresholdContextDestroy(DetectEngineCtx *);
int ThresholdHostTimeoutCheck(Host *, struct timeval *);
int ThresholdIPPairTimeoutCheck(IPPair *, struct timeval *);
int ThresholdHostTimeoutCheck(Host *, SCTime_t);
int ThresholdIPPairTimeoutCheck(IPPair *, SCTime_t);
void ThresholdListFree(void *ptr);
#endif /* __DETECT_ENGINE_THRESHOLD_H__ */

2
src/detect-flow-age.c
Unescape Escape View File

@ -29,7 +29,7 @@ static int DetectFlowAgeMatch(
if (p->flow == NULL) {
return 0;
}
uint32_t age = p->flow->lastts.tv_sec - p->flow->startts.tv_sec;
uint32_t age = SCTIME_SECS(p->flow->lastts) - SCTIME_SECS(p->flow->startts);
const DetectU32Data *du32 = (const DetectU32Data *)ctx;
return DetectU32Match(age, du32);

16
src/detect-hostbits.c
Unescape Escape View File

@ -105,7 +105,7 @@ static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd)
else
HostLock(p->host_src);
HostBitToggle(p->host_src,fd->idx,p->ts.tv_sec + fd->expire);
HostBitToggle(p->host_src, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_src);
break;
case DETECT_XBITS_TRACK_IPDST:
@ -117,7 +117,7 @@ static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd)
else
HostLock(p->host_dst);
HostBitToggle(p->host_dst,fd->idx,p->ts.tv_sec + fd->expire);
HostBitToggle(p->host_dst, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_dst);
break;
}
@ -165,7 +165,7 @@ static int DetectHostbitMatchSet (Packet *p, const DetectXbitsData *fd)
} else
HostLock(p->host_src);
HostBitSet(p->host_src,fd->idx,p->ts.tv_sec + fd->expire);
HostBitSet(p->host_src, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_src);
break;
case DETECT_XBITS_TRACK_IPDST:
@ -176,7 +176,7 @@ static int DetectHostbitMatchSet (Packet *p, const DetectXbitsData *fd)
} else
HostLock(p->host_dst);
HostBitSet(p->host_dst,fd->idx, p->ts.tv_sec + fd->expire);
HostBitSet(p->host_dst, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_dst);
break;
}
@ -195,7 +195,7 @@ static int DetectHostbitMatchIsset (Packet *p, const DetectXbitsData *fd)
} else
HostLock(p->host_src);
r = HostBitIsset(p->host_src,fd->idx, p->ts.tv_sec);
r = HostBitIsset(p->host_src, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_src);
return r;
case DETECT_XBITS_TRACK_IPDST:
@ -206,7 +206,7 @@ static int DetectHostbitMatchIsset (Packet *p, const DetectXbitsData *fd)
} else
HostLock(p->host_dst);
r = HostBitIsset(p->host_dst,fd->idx, p->ts.tv_sec);
r = HostBitIsset(p->host_dst, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_dst);
return r;
}
@ -225,7 +225,7 @@ static int DetectHostbitMatchIsnotset (Packet *p, const DetectXbitsData *fd)
} else
HostLock(p->host_src);
r = HostBitIsnotset(p->host_src,fd->idx, p->ts.tv_sec);
r = HostBitIsnotset(p->host_src, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_src);
return r;
case DETECT_XBITS_TRACK_IPDST:
@ -236,7 +236,7 @@ static int DetectHostbitMatchIsnotset (Packet *p, const DetectXbitsData *fd)
} else
HostLock(p->host_dst);
r = HostBitIsnotset(p->host_dst,fd->idx, p->ts.tv_sec);
r = HostBitIsnotset(p->host_dst, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_dst);
return r;
}

4
src/detect-tag.c
Unescape Escape View File

@ -106,7 +106,7 @@ static int DetectTagMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
tde.sid = s->id;
tde.gid = s->gid;
tde.last_ts = tde.first_ts = p->ts.tv_sec;
tde.last_ts = tde.first_ts = SCTIME_SECS(p->ts);
tde.metric = td->metric;
tde.count = td->count;
if (td->direction == DETECT_TAG_DIR_SRC)
@ -123,7 +123,7 @@ static int DetectTagMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
/* If it already exists it will be updated */
tde.sid = s->id;
tde.gid = s->gid;
tde.last_ts = tde.first_ts = p->ts.tv_sec;
tde.last_ts = tde.first_ts = SCTIME_SECS(p->ts);
tde.metric = td->metric;
tde.count = td->count;

71
src/detect-threshold.c
Unescape Escape View File

@ -673,14 +673,10 @@ static int DetectThresholdTestSig3(void)
DetectEngineThreadCtx *det_ctx;
int result = 0;
int alerts = 0;
struct timeval ts;
DetectThresholdEntry *lookup_tsh = NULL;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -700,7 +696,7 @@ static int DetectThresholdTestSig3(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
@ -720,7 +716,7 @@ static int DetectThresholdTestSig3(void)
HostRelease(host);
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
@ -778,13 +774,9 @@ static int DetectThresholdTestSig4(void)
DetectEngineThreadCtx *det_ctx;
int result = 0;
int alerts = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -804,7 +796,7 @@ static int DetectThresholdTestSig4(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
@ -813,7 +805,7 @@ static int DetectThresholdTestSig4(void)
alerts += PacketAlertCheck(p, 10);
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1022,13 +1014,9 @@ static int DetectThresholdTestSig7(void)
int result = 0;
int alerts = 0;
int drops = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -1048,7 +1036,7 @@ static int DetectThresholdTestSig7(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
@ -1065,7 +1053,7 @@ static int DetectThresholdTestSig7(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1116,13 +1104,9 @@ static int DetectThresholdTestSig8(void)
int result = 0;
int alerts = 0;
int drops = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -1142,7 +1126,7 @@ static int DetectThresholdTestSig8(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
@ -1159,7 +1143,7 @@ static int DetectThresholdTestSig8(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1210,13 +1194,9 @@ static int DetectThresholdTestSig9(void)
int result = 0;
int alerts = 0;
int drops = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -1236,7 +1216,7 @@ static int DetectThresholdTestSig9(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
@ -1253,7 +1233,7 @@ static int DetectThresholdTestSig9(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1304,13 +1284,9 @@ static int DetectThresholdTestSig10(void)
int result = 0;
int alerts = 0;
int drops = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -1330,7 +1306,7 @@ static int DetectThresholdTestSig10(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
@ -1347,7 +1323,7 @@ static int DetectThresholdTestSig10(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1398,13 +1374,9 @@ static int DetectThresholdTestSig11(void)
int result = 0;
int alerts = 0;
int drops = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -1424,7 +1396,7 @@ static int DetectThresholdTestSig11(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
@ -1441,7 +1413,7 @@ static int DetectThresholdTestSig11(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1492,13 +1464,9 @@ static int DetectThresholdTestSig12(void)
int result = 0;
int alerts = 0;
int drops = 0;
struct timeval ts;
HostInitConfig(HOST_QUIET);
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
@ -1518,7 +1486,7 @@ static int DetectThresholdTestSig12(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
@ -1535,7 +1503,7 @@ static int DetectThresholdTestSig12(void)
p->action = 0;
TimeSetIncrementTime(200);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
@ -1621,7 +1589,7 @@ static int DetectThresholdTestSig13(void)
FAIL_IF(alerts != 2);
TimeSetIncrementTime(70);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
@ -1704,9 +1672,8 @@ static int DetectThresholdTestSig14(void)
FAIL_IF(alerts1 != 2);
FAIL_IF(alerts2 != 2);
TimeSetIncrementTime(70);
TimeGet(&p1->ts);
TimeGet(&p2->ts);
p1->ts = TimeGet();
p2->ts = TimeGet();
/* Now they should both alert again after previous alerts expire */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);

2
src/detect-threshold.h
Unescape Escape View File

@ -72,7 +72,7 @@ typedef struct DetectThresholdEntry_ {
uint32_t current_count; /**< Var for count control */
int track; /**< Track type: by_src, by_src */
struct timeval tv1; /**< Var for time control */
SCTime_t tv1; /**< Var for time control */
struct DetectThresholdEntry_ *next;
} DetectThresholdEntry;

6
src/detect-tls-cert-validity.c
Unescape Escape View File

@ -186,11 +186,9 @@ static int DetectTlsValidityMatch (DetectEngineThreadCtx *det_ctx,
else if ((dd->mode & DETECT_TLS_VALIDITY_RA) &&
cert_epoch >= dd->epoch && cert_epoch <= dd->epoch2)
ret = 1;
else if ((dd->mode & DETECT_TLS_VALIDITY_EX) &&
f->lastts.tv_sec > cert_epoch)
else if ((dd->mode & DETECT_TLS_VALIDITY_EX) && (time_t)SCTIME_SECS(f->lastts) > cert_epoch)
ret = 1;
else if ((dd->mode & DETECT_TLS_VALIDITY_VA) &&
f->lastts.tv_sec <= cert_epoch)
else if ((dd->mode & DETECT_TLS_VALIDITY_VA) && (time_t)SCTIME_SECS(f->lastts) <= cert_epoch)
ret = 1;
SCReturnInt(ret);

8
src/detect-xbits.c
Unescape Escape View File

@ -88,7 +88,7 @@ static int DetectIPPairbitMatchToggle (Packet *p, const DetectXbitsData *fd)
if (pair == NULL)
return 0;
IPPairBitToggle(pair,fd->idx,p->ts.tv_sec + fd->expire);
IPPairBitToggle(pair, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
IPPairRelease(pair);
return 1;
}
@ -111,7 +111,7 @@ static int DetectIPPairbitMatchSet (Packet *p, const DetectXbitsData *fd)
if (pair == NULL)
return 0;
IPPairBitSet(pair, fd->idx, p->ts.tv_sec + fd->expire);
IPPairBitSet(pair, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
IPPairRelease(pair);
return 1;
}
@ -123,7 +123,7 @@ static int DetectIPPairbitMatchIsset (Packet *p, const DetectXbitsData *fd)
if (pair == NULL)
return 0;
r = IPPairBitIsset(pair,fd->idx,p->ts.tv_sec);
r = IPPairBitIsset(pair, fd->idx, SCTIME_SECS(p->ts));
IPPairRelease(pair);
return r;
}
@ -135,7 +135,7 @@ static int DetectIPPairbitMatchIsnotset (Packet *p, const DetectXbitsData *fd)
if (pair == NULL)
return 1;
r = IPPairBitIsnotset(pair,fd->idx,p->ts.tv_sec);
r = IPPairBitIsnotset(pair, fd->idx, SCTIME_SECS(p->ts));
IPPairRelease(pair);
return r;
}

27
src/flow-hash.c
Unescape Escape View File

@ -58,7 +58,7 @@ FlowBucket *flow_hash;
SC_ATOMIC_EXTERN(unsigned int, flow_prune_idx);
SC_ATOMIC_EXTERN(unsigned int, flow_flags);
static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const struct timeval *ts);
static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const SCTime_t ts);
/** \brief compare two raw ipv6 addrs
*
@ -510,13 +510,13 @@ static inline Flow *FlowSpareSync(ThreadVars *tv, FlowLookupStruct *fls,
Flow *f = NULL;
bool spare_sync = false;
if (emerg) {
if ((uint32_t)p->ts.tv_sec > fls->emerg_spare_sync_stamp) {
if ((uint32_t)SCTIME_SECS(p->ts) > fls->emerg_spare_sync_stamp) {
fls->spare_queue = FlowSpareGetFromPool(); /* local empty, (re)populate and try again */
spare_sync = true;
f = FlowQueuePrivateGetFromTop(&fls->spare_queue);
if (f == NULL) {
/* wait till next full sec before retrying */
fls->emerg_spare_sync_stamp = (uint32_t)p->ts.tv_sec;
fls->emerg_spare_sync_stamp = (uint32_t)SCTIME_SECS(p->ts);
}
}
} else {
@ -587,7 +587,7 @@ static Flow *FlowGetNew(ThreadVars *tv, FlowLookupStruct *fls, Packet *p)
FlowWakeupFlowManagerThread();
}
f = FlowGetUsedFlow(tv, fls->dtv, &p->ts);
f = FlowGetUsedFlow(tv, fls->dtv, p->ts);
if (f == NULL) {
NoFlowHandleIPS(p);
return NULL;
@ -781,8 +781,8 @@ Flow *FlowGetFlowFromHash(ThreadVars *tv, FlowLookupStruct *fls, Packet *p, Flow
f = fb->head;
do {
Flow *next_f = NULL;
const bool timedout =
(fb_nextts < (uint32_t)p->ts.tv_sec && FlowIsTimedOut(f, (uint32_t)p->ts.tv_sec, emerg));
const bool timedout = (fb_nextts < (uint32_t)SCTIME_SECS(p->ts) &&
FlowIsTimedOut(f, (uint32_t)SCTIME_SECS(p->ts), emerg));
if (timedout) {
FLOWLOCK_WRLOCK(f);
if (likely(f->use_cnt == 0)) {
@ -962,8 +962,7 @@ Flow *FlowGetFromFlowKey(FlowKey *key, struct timespec *ttime, const uint32_t ha
f->protomap = FlowGetProtoMapping(f->proto);
/* set timestamp to now */
f->startts.tv_sec = ttime->tv_sec;
f->startts.tv_usec = ttime->tv_nsec * 1000;
f->startts = SCTIME_FROM_TIMESPEC(ttime);
f->lastts = f->startts;
FlowBucket *fb = &flow_hash[hash % flow_config.hash_size];
@ -1054,26 +1053,26 @@ static inline uint32_t GetUsedAtomicUpdate(const uint32_t val)
/** \internal
* \brief check if flow has just seen an update.
*/
static inline bool StillAlive(const Flow *f, const struct timeval *ts)
static inline bool StillAlive(const Flow *f, const SCTime_t ts)
{
switch (f->flow_state) {
case FLOW_STATE_NEW:
if (ts->tv_sec - f->lastts.tv_sec <= 1) {
if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) <= 1) {
return true;
}
break;
case FLOW_STATE_ESTABLISHED:
if (ts->tv_sec - f->lastts.tv_sec <= 5) {
if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) <= 5) {
return true;
}
break;
case FLOW_STATE_CLOSED:
if (ts->tv_sec - f->lastts.tv_sec <= 3) {
if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) <= 3) {
return true;
}
break;
default:
if (ts->tv_sec - f->lastts.tv_sec < 30) {
if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) < 30) {
return true;
}
break;
@ -1106,7 +1105,7 @@ static inline bool StillAlive(const Flow *f, const struct timeval *ts)
*
* \retval f flow or NULL
*/
static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const struct timeval *ts)
static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const SCTime_t ts)
{
uint32_t idx = GetUsedAtomicUpdate(FLOW_GET_NEW_TRIES) % flow_config.hash_size;
uint32_t tried = 0;

66
src/flow-manager.c
Unescape Escape View File

@ -193,7 +193,7 @@ again:
* \retval 0 not timed out
* \retval 1 timed out
*/
static int FlowManagerFlowTimeout(Flow *f, struct timeval *ts, int32_t *next_ts, const bool emerg)
static int FlowManagerFlowTimeout(Flow *f, SCTime_t ts, int32_t *next_ts, const bool emerg)
{
int32_t flow_times_out_at = f->timeout_at;
if (emerg) {
@ -204,7 +204,7 @@ static int FlowManagerFlowTimeout(Flow *f, struct timeval *ts, int32_t *next_ts,
*next_ts = flow_times_out_at;
/* do the timeout check */
if (flow_times_out_at >= ts->tv_sec) {
if (flow_times_out_at >= (time_t)SCTIME_SECS(ts)) {
return 0;
}
@ -221,8 +221,7 @@ static int FlowManagerFlowTimeout(Flow *f, struct timeval *ts, int32_t *next_ts,
* \retval 0 not timeout
* \retval 1 timeout (or not capture bypassed)
*/
static inline int FlowBypassedTimeout(Flow *f, struct timeval *ts,
FlowTimeoutCounters *counters)
static inline int FlowBypassedTimeout(Flow *f, SCTime_t ts, FlowTimeoutCounters *counters)
{
#ifdef CAPTURE_OFFLOAD
if (f->flow_state != FLOW_STATE_CAPTURE_BYPASSED) {
@ -236,7 +235,7 @@ static inline int FlowBypassedTimeout(Flow *f, struct timeval *ts,
uint64_t bytes_tosrc = fc->tosrcbytecnt;
uint64_t pkts_todst = fc->todstpktcnt;
uint64_t bytes_todst = fc->todstbytecnt;
bool update = fc->BypassUpdate(f, fc->bypass_data, ts->tv_sec);
bool update = fc->BypassUpdate(f, fc->bypass_data, SCTIME_SECS(ts));
if (update) {
SCLogDebug("Updated flow: %"PRId64"", FlowGetId(f));
pkts_tosrc = fc->tosrcpktcnt - pkts_tosrc;
@ -319,8 +318,7 @@ static uint32_t ProcessAsideQueue(FlowManagerTimeoutThread *td, FlowTimeoutCount
* \param emergency bool indicating emergency mode
* \param counters ptr to FlowTimeoutCounters structure
*/
static void FlowManagerHashRowTimeout(FlowManagerTimeoutThread *td,
Flow *f, struct timeval *ts,
static void FlowManagerHashRowTimeout(FlowManagerTimeoutThread *td, Flow *f, SCTime_t ts,
int emergency, FlowTimeoutCounters *counters, int32_t *next_ts)
{
uint32_t checked = 0;
@ -377,8 +375,8 @@ static void FlowManagerHashRowTimeout(FlowManagerTimeoutThread *td,
counters->rows_maxlen = checked;
}
static void FlowManagerHashRowClearEvictedList(FlowManagerTimeoutThread *td,
Flow *f, struct timeval *ts, FlowTimeoutCounters *counters)
static void FlowManagerHashRowClearEvictedList(
FlowManagerTimeoutThread *td, Flow *f, SCTime_t ts, FlowTimeoutCounters *counters)
{
do {
FLOWLOCK_WRLOCK(f);
@ -405,10 +403,8 @@ static void FlowManagerHashRowClearEvictedList(FlowManagerTimeoutThread *td,
*
* \retval cnt number of timed out flow
*/
static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td,
struct timeval *ts,
const uint32_t hash_min, const uint32_t hash_max,
FlowTimeoutCounters *counters)
static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td, SCTime_t ts, const uint32_t hash_min,
const uint32_t hash_max, FlowTimeoutCounters *counters)
{
uint32_t cnt = 0;
const int emergency = ((SC_ATOMIC_GET(flow_flags) & FLOW_EMERGENCY));
@ -424,19 +420,23 @@ static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td,
#define TYPE uint32_t
#endif
time_t ts_secs = SCTIME_SECS(ts);
for (uint32_t idx = hash_min; idx < hash_max; idx+=BITS) {
TYPE check_bits = 0;
const uint32_t check = MIN(BITS, (hash_max - idx));
for (uint32_t i = 0; i < check; i++) {
FlowBucket *fb = &flow_hash[idx+i];
check_bits |= (TYPE)(SC_ATOMIC_LOAD_EXPLICIT(fb->next_ts, SC_ATOMIC_MEMORY_ORDER_RELAXED) <= (int32_t)ts->tv_sec) << (TYPE)i;
check_bits |= (TYPE)(SC_ATOMIC_LOAD_EXPLICIT(fb->next_ts,
SC_ATOMIC_MEMORY_ORDER_RELAXED) <= (int32_t)ts_secs)
<< (TYPE)i;
}
if (check_bits == 0)
continue;
for (uint32_t i = 0; i < check; i++) {
FlowBucket *fb = &flow_hash[idx+i];
if ((check_bits & ((TYPE)1 << (TYPE)i)) != 0 && SC_ATOMIC_GET(fb->next_ts) <= (int32_t)ts->tv_sec) {
if ((check_bits & ((TYPE)1 << (TYPE)i)) != 0 &&
SC_ATOMIC_GET(fb->next_ts) <= (int32_t)ts_secs) {
FBLOCK_LOCK(fb);
Flow *evicted = NULL;
if (fb->evicted != NULL || fb->head != NULL) {
@ -489,7 +489,7 @@ static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td,
/** \internal
* \brief handle timeout for a slice of hash rows
* If we wrap around we call FlowTimeoutHash twice */
static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, struct timeval *ts,
static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, SCTime_t ts,
const uint32_t hash_min, const uint32_t hash_max, FlowTimeoutCounters *counters,
const uint32_t rows, uint32_t *pos)
{
@ -781,8 +781,7 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
bool emerg = false;
bool prev_emerg = false;
uint32_t other_last_sec = 0; /**< last sec stamp when defrag etc ran */
struct timeval ts;
memset(&ts, 0, sizeof(ts));
SCTime_t ts;
/* don't start our activities until time is setup */
while (!TimeModeIsReady()) {
@ -813,10 +812,9 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
emerg = true;
}
/* Get the time */
memset(&ts, 0, sizeof(ts));
TimeGet(&ts);
SCLogDebug("ts %" PRIdMAX "", (intmax_t)ts.tv_sec);
uint64_t ts_ms = ts.tv_sec * 1000 + ts.tv_usec / 1000;
ts = TimeGet();
SCLogDebug("ts %" PRIdMAX "", (intmax_t)SCTIME_SECS(ts));
uint64_t ts_ms = SCTIME_MSECS(ts);
const bool emerge_p = (emerg && !prev_emerg);
if (emerge_p) {
next_run_ms = 0;
@ -839,7 +837,7 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
if (emerg) {
/* in emergency mode, do a full pass of the hash table */
FlowTimeoutHash(&ftd->timeout, &ts, ftd->min, ftd->max, &counters);
FlowTimeoutHash(&ftd->timeout, ts, ftd->min, ftd->max, &counters);
StatsIncr(th_v, ftd->cnt.flow_mgr_full_pass);
} else {
SCLogDebug("hash %u:%u slice starting at %u with %u rows", ftd->min, ftd->max, pos,
@ -847,7 +845,7 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
const uint32_t ppos = pos;
FlowTimeoutHashInChunks(
&ftd->timeout, &ts, ftd->min, ftd->max, &counters, rows_per_wu, &pos);
&ftd->timeout, ts, ftd->min, ftd->max, &counters, rows_per_wu, &pos);
if (ppos > pos) {
StatsIncr(th_v, ftd->cnt.flow_mgr_full_pass);
}
@ -883,7 +881,7 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
" FLOW_EMERGENCY bit (ts.tv_sec: %" PRIuMAX ", "
"ts.tv_usec:%" PRIuMAX ") flow_spare_q status(): %" PRIu32
"%% flows at the queue",
(uintmax_t)ts.tv_sec, (uintmax_t)ts.tv_usec,
(uintmax_t)SCTIME_SECS(ts), (uintmax_t)SCTIME_USECS(ts),
spare_pool_len * 100 / flow_config.prealloc);
StatsIncr(th_v, ftd->cnt.flow_emerg_mode_over);
@ -904,13 +902,13 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
next_run_ms = ts_ms + sleep_per_wu;
}
if (other_last_sec == 0 || other_last_sec < (uint32_t)ts.tv_sec) {
if (other_last_sec == 0 || other_last_sec < (uint32_t)SCTIME_SECS(ts)) {
if (ftd->instance == 0) {
DefragTimeoutHash(&ts);
HostTimeoutHash(&ts);
IPPairTimeoutHash(&ts);
HttpRangeContainersTimeoutHash(&ts);
other_last_sec = (uint32_t)ts.tv_sec;
DefragTimeoutHash(ts);
HostTimeoutHash(ts);
IPPairTimeoutHash(ts);
HttpRangeContainersTimeoutHash(ts);
other_last_sec = (uint32_t)SCTIME_SECS(ts);
}
}
@ -1061,8 +1059,6 @@ static TmEcode FlowRecycler(ThreadVars *th_v, void *thread_data)
BUG_ON(ftd == NULL);
const bool time_is_live = TimeModeIsLive();
uint64_t recycled_cnt = 0;
struct timeval ts;
memset(&ts, 0, sizeof(ts));
TmThreadsSetFlag(th_v, THV_RUNNING);
@ -1082,9 +1078,7 @@ static TmEcode FlowRecycler(ThreadVars *th_v, void *thread_data)
const int bail = (TmThreadsCheckFlag(th_v, THV_KILL));
/* Get the time */
memset(&ts, 0, sizeof(ts));
TimeGet(&ts);
SCLogDebug("ts %" PRIdMAX "", (intmax_t)ts.tv_sec);
SCLogDebug("ts %" PRIdMAX "", (intmax_t)SCTIME_SECS(TimeGet()));
Flow *f;
while ((f = FlowQueuePrivateGetFromTop(&list)) != NULL) {

2
src/flow-timeout.c
Unescape Escape View File

@ -248,7 +248,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
}
memset(&p->ts, 0, sizeof(struct timeval));
TimeGet(&p->ts);
p->ts = TimeGet();
if (direction == 0) {
if (f->alparser && !STREAM_HAS_SEEN_DATA(&ssn->client)) {

4
src/flow-util.c
Unescape Escape View File

@ -193,11 +193,11 @@ void FlowInit(Flow *f, const Packet *p)
/* nothing to do for this IP proto. */
SCLogDebug("no special setup for IP proto %u", p->proto);
}
COPY_TIMESTAMP(&p->ts, &f->startts);
f->startts = p->ts;
f->protomap = FlowGetProtoMapping(f->proto);
f->timeout_policy = FlowGetTimeoutPolicy(f);
const uint32_t timeout_at = (uint32_t)f->startts.tv_sec + f->timeout_policy;
const uint32_t timeout_at = (uint32_t)SCTIME_SECS(f->startts) + f->timeout_policy;
f->timeout_at = timeout_at;
if (MacSetFlowStorageEnabled()) {

6
src/flow-util.h
Unescape Escape View File

@ -56,8 +56,7 @@
(f)->flags = 0; \
(f)->file_flags = 0; \
(f)->protodetect_dp = 0; \
(f)->lastts.tv_sec = 0; \
(f)->lastts.tv_usec = 0; \
(f)->lastts = 0; \
FLOWLOCK_INIT((f)); \
(f)->protoctx = NULL; \
(f)->flow_end_flags = 0; \
@ -103,8 +102,7 @@
(f)->flags = 0; \
(f)->file_flags = 0; \
(f)->protodetect_dp = 0; \
(f)->lastts.tv_sec = 0; \
(f)->lastts.tv_usec = 0; \
(f)->lastts = 0; \
(f)->protoctx = NULL; \
(f)->flow_end_flags = 0; \
(f)->alparser = NULL; \

2
src/flow-worker.c
Unescape Escape View File

@ -511,7 +511,7 @@ static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data)
/* update time */
if (!(PKT_IS_PSEUDOPKT(p))) {
TimeSetByThread(tv->id, &p->ts);
TimeSetByThread(tv->id, p->ts);
}
/* handle Flow */

16
src/flow.c
Unescape Escape View File

@ -418,9 +418,9 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
if (state != FLOW_STATE_CAPTURE_BYPASSED) {
#endif
/* update the last seen timestamp of this flow */
if (timercmp(&p->ts, &f->lastts, >)) {
COPY_TIMESTAMP(&p->ts, &f->lastts);
const uint32_t timeout_at = (uint32_t)f->lastts.tv_sec + f->timeout_policy;
if (SCTIME_CMP_GT(p->ts, f->lastts)) {
f->lastts = p->ts;
const uint32_t timeout_at = (uint32_t)SCTIME_SECS(f->lastts) + f->timeout_policy;
if (timeout_at != f->timeout_at) {
f->timeout_at = timeout_at;
}
@ -428,9 +428,9 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
#ifdef CAPTURE_OFFLOAD
} else {
/* still seeing packet, we downgrade to local bypass */
if (p->ts.tv_sec - f->lastts.tv_sec > FLOW_BYPASSED_TIMEOUT / 2) {
if (SCTIME_SECS(p->ts) - SCTIME_SECS(f->lastts) > FLOW_BYPASSED_TIMEOUT / 2) {
SCLogDebug("Downgrading flow to local bypass");
COPY_TIMESTAMP(&p->ts, &f->lastts);
f->lastts = p->ts;
FlowUpdateState(f, FLOW_STATE_LOCAL_BYPASSED);
} else {
/* In IPS mode the packet could come from the other interface so it would
@ -1182,7 +1182,7 @@ void FlowUpdateState(Flow *f, const enum FlowState s)
const uint32_t timeout_policy = FlowGetTimeoutPolicy(f);
if (timeout_policy != f->timeout_policy) {
f->timeout_policy = timeout_policy;
const uint32_t timeout_at = (uint32_t)f->lastts.tv_sec + timeout_policy;
const uint32_t timeout_at = (uint32_t)SCTIME_SECS(f->lastts) + timeout_policy;
if (timeout_at != f->timeout_at)
f->timeout_at = timeout_at;
}
@ -1207,8 +1207,8 @@ void FlowUpdateState(Flow *f, const enum FlowState s)
*/
void FlowGetLastTimeAsParts(Flow *flow, uint64_t *secs, uint64_t *usecs)
{
*secs = (uint64_t)flow->lastts.tv_sec;
*usecs = (uint64_t)flow->lastts.tv_usec;
*secs = (uint64_t)SCTIME_SECS(flow->lastts);
*usecs = (uint64_t)SCTIME_USECS(flow->lastts);
}
/**

9
src/flow.h
Unescape Escape View File

@ -28,6 +28,7 @@
typedef struct FlowStorageId FlowStorageId;
#include "decode.h"
#include "util-time.h"
#include "util-exception-policy.h"
#include "util-var.h"
#include "util-optimize.h"
@ -414,7 +415,7 @@ typedef struct Flow_
/* time stamp of last update (last packet). Set/updated under the
* flow and flow hash row locks, safe to read under either the
* flow lock or flow hash row lock. */
struct timeval lastts;
SCTime_t lastts;
/* end of flow "header" */
@ -500,7 +501,7 @@ typedef struct Flow_
struct FlowBucket_ *fb;
struct timeval startts;
SCTime_t startts;
uint32_t todstpktcnt;
uint32_t tosrcpktcnt;
@ -701,8 +702,8 @@ static inline void FlowDeReference(Flow **d)
*/
static inline int64_t FlowGetId(const Flow *f)
{
int64_t id = (uint64_t)(f->startts.tv_sec & 0x0000FFFF) << 48 |
(uint64_t)(f->startts.tv_usec & 0x0000FFFF) << 32 | (int64_t)f->flow_hash;
int64_t id = (uint64_t)(SCTIME_SECS(f->startts) & 0x0000FFFF) << 48 |
(uint64_t)(f->startts & 0x0000FFFF) << 32 | (int64_t)f->flow_hash;
/* reduce to 51 bits as Javascript and even JSON often seem to
* max out there. */
id &= 0x7ffffffffffffLL;

4
src/host-bit.c
Unescape Escape View File

@ -64,13 +64,13 @@ int HostHasHostBits(Host *host)
/** \retval 1 host timed out wrt xbits
* \retval 0 host still has active (non-expired) xbits */
int HostBitsTimedoutCheck(Host *h, struct timeval *ts)
int HostBitsTimedoutCheck(Host *h, SCTime_t ts)
{
GenericVar *gv = HostGetStorageById(h, host_bit_id);
for ( ; gv != NULL; gv = gv->next) {
if (gv->type == DETECT_XBITS) {
XBit *xb = (XBit *)gv;
if (xb->expire > (uint32_t)ts->tv_sec)
if (xb->expire > (uint32_t)SCTIME_SECS(ts))
return 0;
}
}

2
src/host-bit.h
Unescape Escape View File

@ -31,7 +31,7 @@ void HostBitInitCtx(void);
void HostBitRegisterTests(void);
int HostHasHostBits(Host *host);
int HostBitsTimedoutCheck(Host *h, struct timeval *ts);
int HostBitsTimedoutCheck(Host *h, SCTime_t ts);
void HostBitSet(Host *, uint32_t, uint32_t);
void HostBitUnset(Host *, uint32_t);

6
src/host-timeout.c
Unescape Escape View File

@ -51,7 +51,7 @@ uint32_t HostGetActiveCount(void)
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
static int HostHostTimedOut(Host *h, struct timeval *ts)
static int HostHostTimedOut(Host *h, SCTime_t ts)
{
int tags = 0;
int thresholds = 0;
@ -98,7 +98,7 @@ static int HostHostTimedOut(Host *h, struct timeval *ts)
*
* \retval cnt timed out hosts
*/
static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, struct timeval *ts)
static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, SCTime_t ts)
{
uint32_t cnt = 0;
@ -153,7 +153,7 @@ static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, struct timeval *ts)
*
* \retval cnt number of timed out host
*/
uint32_t HostTimeoutHash(struct timeval *ts)
uint32_t HostTimeoutHash(SCTime_t ts)
{
uint32_t idx = 0;
uint32_t cnt = 0;

2
src/host-timeout.h
Unescape Escape View File

@ -24,7 +24,7 @@
#ifndef __HOST_TIMEOUT_H__
#define __HOST_TIMEOUT_H__
uint32_t HostTimeoutHash(struct timeval *ts);
uint32_t HostTimeoutHash(SCTime_t ts);
uint32_t HostGetSpareCount(void);
uint32_t HostGetActiveCount(void);

4
src/ippair-bit.c
Unescape Escape View File

@ -64,13 +64,13 @@ int IPPairHasBits(IPPair *ippair)
/** \retval 1 ippair timed out wrt xbits
* \retval 0 ippair still has active (non-expired) xbits */
int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts)
int IPPairBitsTimedoutCheck(IPPair *h, SCTime_t ts)
{
GenericVar *gv = IPPairGetStorageById(h, g_ippair_bit_storage_id);
for ( ; gv != NULL; gv = gv->next) {
if (gv->type == DETECT_XBITS) {
XBit *xb = (XBit *)gv;
if (xb->expire > (uint32_t)ts->tv_sec)
if (xb->expire > (uint32_t)SCTIME_SECS(ts))
return 0;
}
}

2
src/ippair-bit.h
Unescape Escape View File

@ -30,7 +30,7 @@ void IPPairBitInitCtx(void);
void IPPairBitRegisterTests(void);
int IPPairHasBits(IPPair *host);
int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts);
int IPPairBitsTimedoutCheck(IPPair *h, SCTime_t ts);
void IPPairBitSet(IPPair *, uint32_t, uint32_t);
void IPPairBitUnset(IPPair *, uint32_t);

6
src/ippair-timeout.c
Unescape Escape View File

@ -46,7 +46,7 @@ uint32_t IPPairGetActiveCount(void)
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
static int IPPairTimedOut(IPPair *h, struct timeval *ts)
static int IPPairTimedOut(IPPair *h, SCTime_t ts)
{
int vars = 0;
int thresholds = 0;
@ -84,7 +84,7 @@ static int IPPairTimedOut(IPPair *h, struct timeval *ts)
*
* \retval cnt timed out ippairs
*/
static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, struct timeval *ts)
static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, SCTime_t ts)
{
uint32_t cnt = 0;
@ -139,7 +139,7 @@ static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, struct timeva
*
* \retval cnt number of timed out ippair
*/
uint32_t IPPairTimeoutHash(struct timeval *ts)
uint32_t IPPairTimeoutHash(SCTime_t ts)
{
uint32_t idx = 0;
uint32_t cnt = 0;

2
src/ippair-timeout.h
Unescape Escape View File

@ -24,7 +24,7 @@
#ifndef __IPPAIR_TIMEOUT_H__
#define __IPPAIR_TIMEOUT_H__
uint32_t IPPairTimeoutHash(struct timeval *ts);
uint32_t IPPairTimeoutHash(SCTime_t ts);
uint32_t IPPairGetSpareCount(void);
uint32_t IPPairGetActiveCount(void);

10
src/log-cf-common.c
Unescape Escape View File

@ -208,9 +208,10 @@ void LogCustomFormatAddNode(LogCustomFormat *cf, LogCustomFormatNode *node)
* \param const struct timeveal *ts - the timetstamp
*
*/
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts) {
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts)
{
time_t time = ts->tv_sec;
time_t time = SCTIME_SECS(ts);
struct tm local_tm;
struct tm *timestamp = SCLocalTime(time, &local_tm);
char buf[128] = {0};
@ -242,15 +243,14 @@ static int LogCustomFormatTest01(void)
tm.tm_wday = 1;
tm.tm_yday = 13;
tm.tm_isdst = 0;
time_t secs = mktime(&tm);
struct timeval ts = {secs, 0};
SCTime_t ts = SCTIME_FROM_SECS(mktime(&tm));
MemBuffer *buffer = MemBufferCreateNew(62);
if (!buffer) {
return 0;
}
LogCustomFormatWriteTimestamp(buffer, "", &ts);
LogCustomFormatWriteTimestamp(buffer, "", ts);
/*
* {buffer = "01/13/14-04:30:00", size = 62, offset = 17}
*/

2
src/log-cf-common.h
Unescape Escape View File

@ -84,7 +84,7 @@ void LogCustomFormatFree(LogCustomFormat *cf);
void LogCustomFormatAddNode(LogCustomFormat *cf, LogCustomFormatNode *node);
int LogCustomFormatParse(LogCustomFormat *cf, const char *format);
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts);
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts);
void LogCustomFormatRegister(void);
#endif /* __LOG_CF_COMMON_H__ */

20
src/log-httplog.c
Unescape Escape View File

@ -126,8 +126,8 @@ static uint32_t GetCookieValue(uint8_t *rawcookies, uint32_t rawcookies_len, cha
}
/* Custom format logging */
static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const struct timeval *ts,
char *srcip, Port sp, char *dstip, Port dp)
static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const SCTime_t ts, char *srcip,
Port sp, char *dstip, Port dp)
{
LogHttpFileCtx *httplog_ctx = aft->httplog_ctx;
uint32_t i;
@ -155,14 +155,14 @@ static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const struct t
break;
case LOG_CF_TIMESTAMP:
/* TIMESTAMP */
LogCustomFormatWriteTimestamp(aft->buffer, node->data, ts);
break;
LogCustomFormatWriteTimestamp(aft->buffer, node->data, ts);
break;
case LOG_CF_TIMESTAMP_U:
/* TIMESTAMP USECONDS */
snprintf(buf, sizeof(buf), "%06u", (unsigned int) ts->tv_usec);
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)buf, MIN(strlen(buf),6));
break;
snprintf(buf, sizeof(buf), "%06u", (unsigned int)SCTIME_USECS(ts));
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)buf, MIN(strlen(buf), 6));
break;
case LOG_CF_CLIENT_IP:
/* CLIENT IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
@ -385,7 +385,7 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, void *data, const Packet *p,
char timebuf[64];
/* check if we have HTTP state or not */
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
Port sp, dp;
@ -427,7 +427,7 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, void *data, const Packet *p,
MemBufferReset(aft->buffer);
if (hlog->flags & LOG_HTTP_CUSTOM) {
LogHttpLogCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
LogHttpLogCustom(aft, tx, p->ts, srcip, sp, dstip, dp);
} else {
/* time */
MemBufferWriteString(aft->buffer, "%s ", timebuf);

58
src/log-pcap.c
Unescape Escape View File

@ -594,8 +594,8 @@ static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
PcapLogLock(pl);
pl->pkt_cnt++;
pl->h->ts.tv_sec = p->ts.tv_sec;
pl->h->ts.tv_usec = p->ts.tv_usec;
pl->h->ts.tv_sec = SCTIME_SECS(p->ts);
pl->h->ts.tv_usec = SCTIME_USECS(p->ts);
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
rp = p->root;
pl->h->caplen = GET_PKT_LEN(rp);
@ -618,7 +618,7 @@ static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
if (pl->mode == LOGMODE_SGUIL) {
struct tm local_tm;
struct tm *tms = SCLocalTime(p->ts.tv_sec, &local_tm);
struct tm *tms = SCLocalTime(SCTIME_SECS(p->ts), &local_tm);
if (tms->tm_mday != pl->prev_day) {
rotate = 1;
pl->prev_day = tms->tm_mday;
@ -681,8 +681,8 @@ static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
}
/* PcapLogDumpSegment has writtens over the PcapLogData variables so need to update */
pl->h->ts.tv_sec = p->ts.tv_sec;
pl->h->ts.tv_usec = p->ts.tv_usec;
pl->h->ts.tv_sec = SCTIME_SECS(p->ts);
pl->h->ts.tv_usec = SCTIME_USECS(p->ts);
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
rp = p->root;
pl->h->caplen = GET_PKT_LEN(rp);
@ -1074,11 +1074,9 @@ static TmEcode PcapLogDataInit(ThreadVars *t, const void *initdata, void **data)
td->pcap_log->file_cnt = 1;
}
struct timeval ts;
memset(&ts, 0x00, sizeof(struct timeval));
TimeGet(&ts);
SCTime_t ts = TimeGet();
struct tm local_tm;
struct tm *tms = SCLocalTime(ts.tv_sec, &local_tm);
struct tm *tms = SCLocalTime(SCTIME_SECS(ts), &local_tm);
td->pcap_log->prev_day = tms->tm_mday;
PcapLogUnlock(td->pcap_log);
@ -1712,9 +1710,7 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
}
/** get the time so we can have a filename with seconds since epoch */
struct timeval ts;
memset(&ts, 0x00, sizeof(struct timeval));
TimeGet(&ts);
SCTime_t ts = TimeGet();
/* Place to store the name of our PCAP file */
PcapFileName *pf = SCMalloc(sizeof(PcapFileName));
@ -1725,7 +1721,7 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
if (pl->mode == LOGMODE_SGUIL) {
struct tm local_tm;
struct tm *tms = SCLocalTime(ts.tv_sec, &local_tm);
struct tm *tms = SCLocalTime(SCTIME_SECS(ts), &local_tm);
char dirname[32], dirfull[PATH_MAX] = "";
@ -1750,12 +1746,11 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
int written;
if (pl->timestamp_format == TS_FORMAT_SEC) {
written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s",
dirfull, pl->prefix, (uint32_t)ts.tv_sec, pl->suffix);
written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s", dirfull, pl->prefix,
(uint32_t)SCTIME_SECS(ts), pl->suffix);
} else {
written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 ".%" PRIu32 "%s",
dirfull, pl->prefix, (uint32_t)ts.tv_sec,
(uint32_t)ts.tv_usec, pl->suffix);
written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 ".%" PRIu32 "%s", dirfull,
pl->prefix, (uint32_t)SCTIME_SECS(ts), (uint32_t)SCTIME_USECS(ts), pl->suffix);
}
if (written == PATH_MAX) {
SCLogError("log-pcap path overflow");
@ -1765,12 +1760,11 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
int ret;
/* create the filename to use */
if (pl->timestamp_format == TS_FORMAT_SEC) {
ret = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s", pl->dir,
pl->prefix, (uint32_t)ts.tv_sec, pl->suffix);
ret = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s", pl->dir, pl->prefix,
(uint32_t)SCTIME_SECS(ts), pl->suffix);
} else {
ret = snprintf(filename, PATH_MAX,
"%s/%s.%" PRIu32 ".%" PRIu32 "%s", pl->dir, pl->prefix,
(uint32_t)ts.tv_sec, (uint32_t)ts.tv_usec, pl->suffix);
ret = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 ".%" PRIu32 "%s", pl->dir,
pl->prefix, (uint32_t)SCTIME_SECS(ts), (uint32_t)SCTIME_USECS(ts), pl->suffix);
}
if (ret < 0 || (size_t)ret >= PATH_MAX) {
SCLogError("failed to construct path");
@ -1807,10 +1801,10 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
case 't':
/* create the filename to use */
if (pl->timestamp_format == TS_FORMAT_SEC) {
snprintf(str, sizeof(str), "%"PRIu32, (uint32_t)ts.tv_sec);
snprintf(str, sizeof(str), "%" PRIu32, (uint32_t)SCTIME_SECS(ts));
} else {
snprintf(str, sizeof(str), "%"PRIu32".%"PRIu32,
(uint32_t)ts.tv_sec, (uint32_t)ts.tv_usec);
snprintf(str, sizeof(str), "%" PRIu32 ".%" PRIu32,
(uint32_t)SCTIME_SECS(ts), (uint32_t)SCTIME_USECS(ts));
}
}
strlcat(filename, str, PATH_MAX);
@ -1825,14 +1819,12 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
int ret;
/* create the filename to use */
if (pl->timestamp_format == TS_FORMAT_SEC) {
ret = snprintf(filename, PATH_MAX, "%s/%s.%u.%" PRIu32 "%s",
pl->dir, pl->prefix, pl->thread_number,
(uint32_t)ts.tv_sec, pl->suffix);
ret = snprintf(filename, PATH_MAX, "%s/%s.%u.%" PRIu32 "%s", pl->dir, pl->prefix,
pl->thread_number, (uint32_t)SCTIME_SECS(ts), pl->suffix);
} else {
ret = snprintf(filename, PATH_MAX,
"%s/%s.%u.%" PRIu32 ".%" PRIu32 "%s", pl->dir,
pl->prefix, pl->thread_number, (uint32_t)ts.tv_sec,
(uint32_t)ts.tv_usec, pl->suffix);
ret = snprintf(filename, PATH_MAX, "%s/%s.%u.%" PRIu32 ".%" PRIu32 "%s", pl->dir,
pl->prefix, pl->thread_number, (uint32_t)SCTIME_SECS(ts),
(uint32_t)SCTIME_USECS(ts), pl->suffix);
}
if (ret < 0 || (size_t)ret >= PATH_MAX) {
SCLogError("failed to construct path");

39
src/log-tlslog.c
Unescape Escape View File

@ -293,10 +293,8 @@ static void LogTlsLogVersion(MemBuffer *buffer, uint16_t version)
static void LogTlsLogDate(MemBuffer *buffer, const char *title, time_t *date)
{
char timebuf[64] = {0};
struct timeval tv;
tv.tv_sec = *date;
tv.tv_usec = 0;
CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
const SCTime_t ts = SCTIME_FROM_SECS(*date);
CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
MemBufferWriteString(buffer, "%s='%s'", title, timebuf);
}
@ -306,9 +304,8 @@ static void LogTlsLogString(MemBuffer *buffer, const char *title,
MemBufferWriteString(buffer, "%s='%s'", title, value);
}
static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state,
const struct timeval *ts, char *srcip, Port sp,
char *dstip, Port dp)
static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
char *srcip, Port sp, char *dstip, Port dp)
{
char timebuf[64];
CreateTimeString(ts, timebuf, sizeof(timebuf));
@ -338,9 +335,8 @@ static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state,
}
}
static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state,
const struct timeval *ts, char *srcip, Port sp,
char *dstip, Port dp)
static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
char *srcip, Port sp, char *dstip, Port dp)
{
if (ssl_state->server_connp.cert0_fingerprint != NULL) {
LOG_CF_WRITE_SPACE_SEPARATOR(aft->buffer);
@ -373,9 +369,8 @@ static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state,
}
/* Custom format logging */
static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state,
const struct timeval *ts, char *srcip, Port sp,
char *dstip, Port dp)
static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
char *srcip, Port sp, char *dstip, Port dp)
{
LogTlsFileCtx *tlslog_ctx = aft->tlslog_ctx;
uint32_t i;
@ -398,12 +393,10 @@ static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state,
break;
case LOG_CF_TIMESTAMP_U:
/* TIMESTAMP USECONDS */
snprintf(buf, sizeof(buf), "%06u", (unsigned int) ts->tv_usec);
PrintRawUriBuf((char *)aft->buffer->buffer,
&aft->buffer->offset,
aft->buffer->size, (uint8_t *)buf,
MIN(strlen(buf),6));
break;
snprintf(buf, sizeof(buf), "%06u", (unsigned int)SCTIME_USECS(ts));
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)buf, MIN(strlen(buf), 6));
break;
case LOG_CF_CLIENT_IP:
/* CLIENT IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer,
@ -513,12 +506,12 @@ static int LogTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,
MemBufferReset(aft->buffer);
if (hlog->flags & LOG_TLS_CUSTOM) {
LogTlsLogCustom(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
LogTlsLogCustom(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
} else if (hlog->flags & LOG_TLS_EXTENDED) {
LogTlsLogBasic(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
LogTlsLogExtended(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
LogTlsLogBasic(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
LogTlsLogExtended(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
} else {
LogTlsLogBasic(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
LogTlsLogBasic(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
}
MemBufferWriteString(aft->buffer, "\n");

10
src/log-tlsstore.c
Unescape Escape View File

@ -64,11 +64,9 @@ static int CreateFileName(const Packet *p, SSLState *state, char *filename, size
/* Use format : packet time + incremental ID
* When running on same pcap it will overwrite
* On a live device, we will not be able to overwrite */
if (snprintf(path, sizeof(path), "%s/%ld.%ld-%d.pem",
tls_logfile_base_dir,
(long int)p->ts.tv_sec,
(long int)p->ts.tv_usec,
file_id) == sizeof(path))
if (snprintf(path, sizeof(path), "%s/%ld.%ld-%d.pem", tls_logfile_base_dir,
(long int)SCTIME_SECS(p->ts), (long int)SCTIME_USECS(p->ts),
file_id) == sizeof(path))
return 0;
strlcpy(filename, path, filename_size);
@ -160,7 +158,7 @@ static void LogTlsLogPem(LogTlsStoreLogThread *aft, const Packet *p, SSLState *s
char srcip[PRINT_BUF_LEN], dstip[PRINT_BUF_LEN];
char timebuf[64];
Port sp, dp;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
if (!TLSGetIPInformations(p, srcip, PRINT_BUF_LEN, &sp, dstip, PRINT_BUF_LEN, &dp, ipproto))
goto end_fwrite_fpmeta;
if (fprintf(fpmeta, "TIME: %s\n", timebuf) < 0)

7
src/output-filestore.c
Unescape Escape View File

@ -161,10 +161,9 @@ static void OutputFilestoreFinalizeFiles(ThreadVars *tv, const OutputFilestoreLo
if (ctx->fileinfo) {
char js_metadata_filename[PATH_MAX];
if (snprintf(js_metadata_filename, sizeof(js_metadata_filename),
"%s.%"PRIuMAX".%u.json", final_filename,
(uintmax_t)p->ts.tv_sec, ff->file_store_id)
== (int)sizeof(js_metadata_filename)) {
if (snprintf(js_metadata_filename, sizeof(js_metadata_filename), "%s.%" PRIuMAX ".%u.json",
final_filename, (uintmax_t)SCTIME_SECS(p->ts),
ff->file_store_id) == (int)sizeof(js_metadata_filename)) {
WARN_ONCE(WOT_SNPRINTF, "Failed to write file info record. Output filename truncated.");
} else {
JsonBuilder *js_fileinfo =

2
src/output-json-alert.c
Unescape Escape View File

@ -854,7 +854,7 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
if (p->alerts.cnt == 0)
return TM_ECODE_OK;
CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateIsoTimeString(p->ts, timebuf, sizeof(timebuf));
for (int i = 0; i < p->alerts.cnt; i++) {
const PacketAlert *pa = &p->alerts.alerts[i];

12
src/output-json-flow.c
Unescape Escape View File

@ -62,11 +62,9 @@ static JsonBuilder *CreateEveHeaderFromFlow(const Flow *f)
return NULL;
}
struct timeval tv;
memset(&tv, 0x00, sizeof(tv));
TimeGet(&tv);
SCTime_t ts = TimeGet();
CreateIsoTimeString(&tv, timebuf, sizeof(timebuf));
CreateIsoTimeString(ts, timebuf, sizeof(timebuf));
if ((f->flags & FLOW_DIR_REVERSED) == 0) {
if (FLOW_IS_IPV4(f)) {
@ -209,7 +207,7 @@ void EveAddFlow(Flow *f, JsonBuilder *js)
}
char timebuf1[64];
CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
CreateIsoTimeString(f->startts, timebuf1, sizeof(timebuf1));
jb_set_string(js, "start", timebuf1);
}
@ -221,10 +219,10 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
EveAddFlow(f, jb);
char timebuf2[64];
CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
CreateIsoTimeString(f->lastts, timebuf2, sizeof(timebuf2));
jb_set_string(jb, "end", timebuf2);
int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
int32_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
jb_set_uint(jb, "age", age);
if (f->flow_end_flags & FLOW_END_FLAG_EMERGENCY)

18
src/output-json-netflow.c
Unescape Escape View File

@ -59,11 +59,9 @@ static JsonBuilder *CreateEveHeaderFromNetFlow(const Flow *f, int dir)
if (unlikely(js == NULL))
return NULL;
struct timeval tv;
memset(&tv, 0x00, sizeof(tv));
TimeGet(&tv);
SCTime_t ts = TimeGet();
CreateIsoTimeString(&tv, timebuf, sizeof(timebuf));
CreateIsoTimeString(ts, timebuf, sizeof(timebuf));
/* reverse header direction if the flow started out wrong */
dir ^= ((f->flags & FLOW_DIR_REVERSED) != 0);
@ -186,13 +184,13 @@ static void NetFlowLogEveToServer(JsonBuilder *js, Flow *f)
char timebuf1[64], timebuf2[64];
CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
CreateIsoTimeString(f->startts, timebuf1, sizeof(timebuf1));
CreateIsoTimeString(f->lastts, timebuf2, sizeof(timebuf2));
jb_set_string(js, "start", timebuf1);
jb_set_string(js, "end", timebuf2);
int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
int32_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
jb_set_uint(js, "age", age);
jb_set_uint(js, "min_ttl", f->min_ttl_toserver);
@ -230,13 +228,13 @@ static void NetFlowLogEveToClient(JsonBuilder *js, Flow *f)
char timebuf1[64], timebuf2[64];
CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
CreateIsoTimeString(f->startts, timebuf1, sizeof(timebuf1));
CreateIsoTimeString(f->lastts, timebuf2, sizeof(timebuf2));
jb_set_string(js, "start", timebuf1);
jb_set_string(js, "end", timebuf2);
int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
int32_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
jb_set_uint(js, "age", age);
/* To client is zero if we did not see any packet */

7
src/output-json-stats.c
Unescape Escape View File

@ -76,7 +76,6 @@ typedef struct JsonStatsLogThread_ {
static json_t *EngineStats2Json(const DetectEngineCtx *de_ctx,
const OutputEngineInfo output)
{
struct timeval last_reload;
char timebuf[64];
const SigFileLoaderStat *sig_stat = NULL;
@ -86,8 +85,8 @@ static json_t *EngineStats2Json(const DetectEngineCtx *de_ctx,
}
if (output == OUTPUT_ENGINE_LAST_RELOAD || output == OUTPUT_ENGINE_ALL) {
last_reload = de_ctx->last_reload;
CreateIsoTimeString(&last_reload, timebuf, sizeof(timebuf));
SCTime_t last_reload = SCTIME_FROM_TIMEVAL(&de_ctx->last_reload);
CreateIsoTimeString(last_reload, timebuf, sizeof(timebuf));
json_object_set_new(jdata, "last_reload", json_string(timebuf));
}
@ -301,7 +300,7 @@ static int JsonStatsLogger(ThreadVars *tv, void *thread_data, const StatsTable *
if (unlikely(js == NULL))
return 0;
char timebuf[64];
CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
json_object_set_new(js, "timestamp", json_string(timebuf));
json_object_set_new(js, "event_type", json_string("stats"));

24
src/output-json-tls.c
Unescape Escape View File

@ -169,10 +169,8 @@ static void JsonTlsLogNotBefore(JsonBuilder *js, SSLState *ssl_state)
{
if (ssl_state->server_connp.cert0_not_before != 0) {
char timebuf[64];
struct timeval tv;
tv.tv_sec = ssl_state->server_connp.cert0_not_before;
tv.tv_usec = 0;
CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
SCTime_t ts = SCTIME_FROM_SECS(ssl_state->server_connp.cert0_not_before);
CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notbefore", timebuf);
}
}
@ -181,10 +179,8 @@ static void JsonTlsLogNotAfter(JsonBuilder *js, SSLState *ssl_state)
{
if (ssl_state->server_connp.cert0_not_after != 0) {
char timebuf[64];
struct timeval tv;
tv.tv_sec = ssl_state->server_connp.cert0_not_after;
tv.tv_usec = 0;
CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
SCTime_t ts = SCTIME_FROM_SECS(ssl_state->server_connp.cert0_not_after);
CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notafter", timebuf);
}
}
@ -305,18 +301,14 @@ static void JsonTlsLogClientCert(
}
if (connp->cert0_not_before != 0) {
char timebuf[64];
struct timeval tv;
tv.tv_sec = connp->cert0_not_before;
tv.tv_usec = 0;
CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
SCTime_t ts = SCTIME_FROM_SECS(connp->cert0_not_before);
CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notbefore", timebuf);
}
if (connp->cert0_not_after != 0) {
char timebuf[64];
struct timeval tv;
tv.tv_sec = connp->cert0_not_after;
tv.tv_usec = 0;
CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
SCTime_t ts = SCTIME_FROM_SECS(connp->cert0_not_after);
CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notafter", timebuf);
}

2
src/output-json.c
Unescape Escape View File

@ -804,7 +804,7 @@ JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
return NULL;
}
CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateIsoTimeString(p->ts, timebuf, sizeof(timebuf));
jb_set_string(js, "timestamp", timebuf);

4
src/output-lua.c
Unescape Escape View File

@ -173,7 +173,7 @@ static int LuaPacketLoggerAlerts(ThreadVars *tv, void *thread_data, const Packet
LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data;
char timebuf[64];
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
if (!(PKT_IS_IPV4(p)) && !(PKT_IS_IPV6(p))) {
/* decoder event */
@ -243,7 +243,7 @@ static int LuaPacketLogger(ThreadVars *tv, void *thread_data, const Packet *p)
goto not_supported;
}
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
/* loop through alerts stored in the packet */
SCMutexLock(&td->lua_ctx->m);

3
src/packet.c
Unescape Escape View File

@ -102,8 +102,7 @@ void PacketReinit(Packet *p)
p->vlan_id[0] = 0;
p->vlan_id[1] = 0;
p->vlan_idx = 0;
p->ts.tv_sec = 0;
p->ts.tv_usec = 0;
p->ts = 0;
p->datalink = 0;
p->drop_reason = 0;
#define PACKET_RESET_ACTION(p) (p)->action = 0

15
src/runmode-unix-socket.c
Unescape Escape View File

@ -1285,11 +1285,10 @@ TmEcode UnixSocketHostbitAdd(json_t *cmd, json_t* answer, void *data_usused)
SCLogInfo("add-hostbit: ip %s hostbit %s expire %us", ipaddress, hostbit, expire);
struct timeval current_time;
TimeGet(&current_time);
SCTime_t current_time = TimeGet();
Host *host = HostGetHostFromHash(&a);
if (host) {
HostBitSet(host, idx, current_time.tv_sec + expire);
HostBitSet(host, idx, SCTIME_SECS(current_time) + expire);
HostUnlock(host);
json_object_set_new(answer, "message", json_string("hostbit added"));
@ -1415,9 +1414,7 @@ TmEcode UnixSocketHostbitList(json_t *cmd, json_t* answer, void *data_unused)
SCLogInfo("list-hostbit: %s", ipaddress);
struct timeval ts;
memset(&ts, 0, sizeof(ts));
TimeGet(&ts);
SCTime_t ts = TimeGet();
struct Bit {
uint32_t id;
@ -1457,8 +1454,8 @@ TmEcode UnixSocketHostbitList(json_t *cmd, json_t* answer, void *data_unused)
if (bitobject == NULL)
continue;
uint32_t expire = 0;
if ((uint32_t)ts.tv_sec < bits[i].expire)
expire = bits[i].expire - (uint32_t)ts.tv_sec;
if ((uint32_t)SCTIME_SECS(ts) < bits[i].expire)
expire = bits[i].expire - (uint32_t)SCTIME_SECS(ts);
const char *name = VarNameStoreLookupById(bits[i].id, VAR_TYPE_HOST_BIT);
if (name == NULL)
@ -1654,7 +1651,7 @@ TmEcode UnixSocketGetFlowStatsById(json_t *cmd, json_t *answer, void *data)
uint32_t todstpktcnt = f->todstpktcnt;
uint64_t tosrcbytecnt = f->tosrcbytecnt;
uint64_t todstbytecnt = f->todstbytecnt;
uint64_t age = f->lastts.tv_sec - f->startts.tv_sec;
uint64_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
FLOWLOCK_UNLOCK(f);
json_t *flow_info = json_object();

8
src/source-af-packet.c
Unescape Escape View File

@ -796,8 +796,8 @@ static void AFPReadFromRingSetupPacket(
p->afp_v.peer = (p->afp_v.copy_mode == AFP_COPY_MODE_NONE) ? NULL : ptv->mpeer->peer;
/* Timestamp */
p->ts.tv_sec = h.h2->tp_sec;
p->ts.tv_usec = h.h2->tp_nsec / 1000;
p->ts = SCTIME_FROM_SECS(h.h2->tp_sec);
p->ts += SCTIME_FROM_USECS(h.h2->tp_nsec / 1000);
SCLogDebug("pktlen: %" PRIu32 " (pkt %p, pkt data %p)", GET_PKT_LEN(p), p, GET_PKT_DATA(p));
/* We only check for checksum disable */
@ -958,8 +958,8 @@ static inline int AFPParsePacketV3(AFPThreadVars *ptv, struct tpacket_block_desc
p->afp_v.peer = (p->afp_v.copy_mode == AFP_COPY_MODE_NONE) ? NULL : ptv->mpeer->peer;
/* Timestamp */
p->ts.tv_sec = ppd->tp_sec;
p->ts.tv_usec = ppd->tp_nsec/1000;
p->ts = SCTIME_FROM_SECS(ppd->tp_sec);
p->ts += SCTIME_FROM_USECS(ppd->tp_nsec / 1000);
SCLogDebug("pktlen: %" PRIu32 " (pkt %p, pkt data %p)",
GET_PKT_LEN(p), p, GET_PKT_DATA(p));

2
src/source-af-xdp.c
Unescape Escape View File

@ -775,7 +775,7 @@ static TmEcode ReceiveAFXDPLoop(ThreadVars *tv, void *data, void *slot)
p->ReleasePacket = AFXDPReleasePacket;
p->flags |= PKT_IGNORE_CHECKSUM;
p->ts = ts;
p->ts = SCTIME_FROM_TIMEVAL(&ts);
uint64_t addr = xsk_ring_cons__rx_desc(&ptv->xsk.rx, idx_rx)->addr;
uint32_t len = xsk_ring_cons__rx_desc(&ptv->xsk.rx, idx_rx++)->len;

8
src/source-dpdk.c
Unescape Escape View File

@ -178,9 +178,11 @@ void DPDKSetTimevalOfMachineStart(void)
* @param machine_start_tv - timestamp when the machine was started
* @param real_tv
*/
static void DPDKSetTimevalReal(struct timeval *machine_start_tv, struct timeval *real_tv)
static SCTime_t DPDKSetTimevalReal(struct timeval *machine_start_tv)
{
CyclesAddToTimeval(rte_get_tsc_cycles(), machine_start_tv, real_tv);
struct timeval real_tv;
CyclesAddToTimeval(rte_get_tsc_cycles(), machine_start_tv, &real_tv);
return SCTIME_FROM_TIMEVAL(&real_tv);
}
/* get number of seconds from the reset of TSC counter (typically from the machine start) */
@ -377,7 +379,7 @@ static TmEcode ReceiveDPDKLoop(ThreadVars *tv, void *data, void *slot)
p->flags |= PKT_IGNORE_CHECKSUM;
}
DPDKSetTimevalReal(&machine_start_time, &p->ts);
p->ts = DPDKSetTimevalReal(&machine_start_time);
p->dpdk_v.mbuf = ptv->received_mbufs[i];
p->ReleasePacket = DPDKReleasePacket;
p->dpdk_v.copy_mode = ptv->copy_mode;

11
src/source-erf-dag.c
Unescape Escape View File

@ -510,14 +510,15 @@ ProcessErfDagRecord(ErfDagThreadVars *ewtn, char *prec)
/* Convert ERF time to timeval - from libpcap. */
uint64_t ts = dr->ts;
p->ts.tv_sec = ts >> 32;
p->ts = SCTIME_FROM_SECS(ts >> 32);
ts = (ts & 0xffffffffULL) * 1000000;
ts += 0x80000000; /* rounding */
p->ts.tv_usec = ts >> 32;
if (p->ts.tv_usec >= 1000000) {
p->ts.tv_usec -= 1000000;
p->ts.tv_sec++;
uint64_t usecs = ts >> 32;
if (usecs >= 1000000) {
usecs -= 1000000;
p->ts += SCTIME_FROM_SECS(1);
}
p->ts += SCTIME_FROM_USECS(usecs);
StatsIncr(ewtn->tv, ewtn->packets);
ewtn->bytes += wlen;

12
src/source-erf-file.c
Unescape Escape View File

@ -197,14 +197,16 @@ static inline TmEcode ReadErfRecord(ThreadVars *tv, Packet *p, void *data)
/* Convert ERF time to timeval - from libpcap. */
uint64_t ts = dr.ts;
p->ts.tv_sec = ts >> 32;
p->ts = SCTIME_FROM_SECS(ts >> 32);
ts = (ts & 0xffffffffULL) * 1000000;
ts += 0x80000000; /* rounding */
p->ts.tv_usec = ts >> 32;
if (p->ts.tv_usec >= 1000000) {
p->ts.tv_usec -= 1000000;
p->ts.tv_sec++;
uint64_t usecs = (ts >> 32);
if (usecs >= 1000000) {
usecs -= 1000000;
p->ts += SCTIME_FROM_SECS(1);
usecs++;
}
p->ts += SCTIME_FROM_USECS(usecs);
etv->pkts++;
etv->bytes += wlen;

3
src/source-ipfw.c
Unescape Escape View File

@ -289,8 +289,7 @@ TmEcode ReceiveIPFWLoop(ThreadVars *tv, void *data, void *slot)
SCLogDebug("Received Packet Len: %d", pktlen);
p->ts.tv_sec = IPFWts.tv_sec;
p->ts.tv_usec = IPFWts.tv_usec;
p->ts = SCTIME_FROM_TIMEVAL(&IPFWts);
ptv->pkts++;
ptv->bytes += pktlen;

19
src/source-napatech.c
Unescape Escape View File

@ -949,21 +949,24 @@ TmEcode NapatechPacketLoop(ThreadVars *tv, void *data, void *slot)
*/
switch (NT_NET_GET_PKT_TIMESTAMP_TYPE(packet_buffer)) {
case NT_TIMESTAMP_TYPE_NATIVE_UNIX:
p->ts.tv_sec = pkt_ts / 100000000;
p->ts.tv_usec = ((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0);
p->ts = SCTIME_FROM_SECS(pkt_ts / 100000000);
p->ts += SCTIME_FROM_USECS(
((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0));
break;
case NT_TIMESTAMP_TYPE_PCAP:
p->ts.tv_sec = pkt_ts >> 32;
p->ts.tv_usec = pkt_ts & 0xFFFFFFFF;
p->ts = SCTIME_FROM_SECS(pkt_ts >> 32);
p->ts += SCTIME_FROM_USECS(pkt_ts & 0xFFFFFFFF);
break;
case NT_TIMESTAMP_TYPE_PCAP_NANOTIME:
p->ts.tv_sec = pkt_ts >> 32;
p->ts.tv_usec = ((pkt_ts & 0xFFFFFFFF) / 1000) + ((pkt_ts % 1000) > 500 ? 1 : 0);
p->ts = SCTIME_FROM_SECS(pkt_ts >> 32);
p->ts += SCTIME_FROM_USECS(
((pkt_ts & 0xFFFFFFFF) / 1000) + ((pkt_ts % 1000) > 500 ? 1 : 0));
break;
case NT_TIMESTAMP_TYPE_NATIVE_NDIS:
/* number of seconds between 1/1/1601 and 1/1/1970 */
p->ts.tv_sec = (pkt_ts / 100000000) - 11644473600;
p->ts.tv_usec = ((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0);
p->ts = SCTIME_FROM_SECS((pkt_ts / 100000000) - 11644473600);
p->ts += SCTIME_FROM_USECS(
((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0));
break;
default:
SCLogError("Packet from Napatech Stream: %u does not have a supported timestamp "

2
src/source-netmap.c
Unescape Escape View File

@ -666,7 +666,7 @@ static void NetmapProcessPacket(NetmapThreadVars *ntv, const struct nm_pkthdr *p
PKT_SET_SRC(p, PKT_SRC_WIRE);
p->livedev = ntv->livedev;
p->datalink = LINKTYPE_ETHERNET;
p->ts = ph->ts;
p->ts = SCTIME_FROM_TIMEVAL(&ph->ts);
ntv->pkts++;
ntv->bytes += ph->len;

10
src/source-nfq.c
Unescape Escape View File

@ -461,11 +461,13 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data)
SET_PKT_LEN(p, 0);
}
ret = nfq_get_timestamp(tb, &p->ts);
if (ret != 0 || p->ts.tv_sec == 0) {
memset (&p->ts, 0, sizeof(struct timeval));
gettimeofday(&p->ts, NULL);
struct timeval tv;
ret = nfq_get_timestamp(tb, &tv);
if (ret != 0 || tv.tv_sec == 0) {
memset(&tv, 0, sizeof(tv));
gettimeofday(&tv, NULL);
}
p->ts = SCTIME_FROM_TIMEVAL(&tv);
p->datalink = DLT_RAW;
return 0;

7
src/source-pcap-file-helper.c
Unescape Escape View File

@ -77,9 +77,8 @@ void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt)
PACKET_PROFILING_TMM_START(p, TMM_RECEIVEPCAPFILE);
PKT_SET_SRC(p, PKT_SRC_WIRE);
p->ts.tv_sec = h->ts.tv_sec;
p->ts.tv_usec = h->ts.tv_usec % 1000000;
SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
SCLogDebug("p->ts.tv_sec %" PRIuMAX "", (uintmax_t)SCTIME_SECS(p->ts));
p->datalink = ptv->datalink;
p->pcap_cnt = ++pcap_g.cnt;
@ -130,7 +129,7 @@ TmEcode PcapFileDispatch(PcapFileFileVars *ptv)
/* initialize all the thread's initial timestamp */
if (likely(ptv->first_pkt_hdr != NULL)) {
TmThreadsInitThreadsTimestamp(&ptv->first_pkt_ts);
TmThreadsInitThreadsTimestamp(SCTIME_FROM_TIMEVAL(&ptv->first_pkt_ts));
PcapFileCallbackLoop((char *)ptv, ptv->first_pkt_hdr,
(u_char *)ptv->first_pkt_data);
ptv->first_pkt_hdr = NULL;

12
src/source-pcap.c
Unescape Escape View File

@ -239,16 +239,14 @@ static void PcapCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt)
PcapThreadVars *ptv = (PcapThreadVars *)user;
Packet *p = PacketGetFromQueueOrAlloc();
struct timeval current_time;
if (unlikely(p == NULL)) {
SCReturn;
}
PKT_SET_SRC(p, PKT_SRC_WIRE);
p->ts.tv_sec = h->ts.tv_sec;
p->ts.tv_usec = h->ts.tv_usec;
SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
SCLogDebug("p->ts.tv_sec %" PRIuMAX "", SCTIME_SECS((uintmax_t)p->ts));
p->datalink = ptv->datalink;
ptv->pkts++;
@ -283,10 +281,10 @@ static void PcapCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt)
}
/* Trigger one dump of stats every second */
TimeGet(&current_time);
if (current_time.tv_sec != ptv->last_stats_dump) {
SCTime_t current_time = TimeGet();
if ((time_t)SCTIME_SECS(current_time) != ptv->last_stats_dump) {
PcapDumpCounters(ptv);
ptv->last_stats_dump = current_time.tv_sec;
ptv->last_stats_dump = SCTIME_SECS(current_time);
}
SCReturn;

7
src/source-pfring.c
Unescape Escape View File

@ -234,8 +234,7 @@ static inline void PfringProcessPacket(void *user, struct pfring_pkthdr *h, Pack
gettimeofday((struct timeval *)&h->ts, NULL);
}
p->ts.tv_sec = h->ts.tv_sec;
p->ts.tv_usec = h->ts.tv_usec;
p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
/* PF_RING all packets are marked as a link type of ethernet
* so that is what we do here. */
@ -423,9 +422,9 @@ TmEcode ReceivePfringLoop(ThreadVars *tv, void *data, void *slot)
}
/* Trigger one dump of stats every second */
if (p->ts.tv_sec != last_dump) {
if (SCTIME_SECS(p->ts) != last_dump) {
PfringDumpCounters(ptv);
last_dump = p->ts.tv_sec;
last_dump = SCTIME_SECS(p->ts);
}
} else if (unlikely(r == 0)) {
if (suricata_ctl_flags & SURICATA_STOP) {

22
src/source-windivert.c
Unescape Escape View File

@ -209,13 +209,10 @@ static const char *WinDivertGetErrorString(DWORD error_code)
*/
static void WinDivertInitQPCValues(WinDivertThreadVars *wd_tv)
{
struct timeval now;
TimeGet(&now);
SCTime_t now = TimeGet();
(void)QueryPerformanceCounter((LARGE_INTEGER *)&wd_tv->qpc_start_count);
wd_tv->qpc_start_time =
(uint64_t)now.tv_sec * (1000 * 1000) + (uint64_t)now.tv_usec;
wd_tv->qpc_start_time = (uint64_t)SCTIME_SECS(now) * (1000 * 1000) + (uint64_t)SCTIME_SECS(now);
(void)QueryPerformanceFrequency((LARGE_INTEGER *)&wd_tv->qpc_freq_usec);
/* \bug: clock drift? */
@ -223,21 +220,20 @@ static void WinDivertInitQPCValues(WinDivertThreadVars *wd_tv)
}
/**
* \brief gets a timeval from a WinDivert timestamp
* \brief WinDivert timestamp to a SCTime_t
*/
static struct timeval WinDivertTimestampToTimeval(WinDivertThreadVars *wd_tv,
INT64 timestamp_count)
static SCTime_t WinDivertTimestampToTimeStamp(WinDivertThreadVars *wd_tv, INT64 timestamp_count)
{
struct timeval ts;
struct timeval tv;
int64_t qpc_delta = (int64_t)timestamp_count - wd_tv->qpc_start_count;
int64_t unix_usec =
wd_tv->qpc_start_time + (qpc_delta / wd_tv->qpc_freq_usec);
ts.tv_sec = (long)(unix_usec / (1000 * 1000));
ts.tv_usec = (long)(unix_usec - (int64_t)ts.tv_sec * (1000 * 1000));
tv.tv_sec = (long)(unix_usec / (1000 * 1000));
tv.tv_usec = (long)(unix_usec - (int64_t)tv.tv_sec * (1000 * 1000));
return ts;
return SCTIME_FROM_TIMEVAL(&tv);
}
/**
@ -479,7 +475,7 @@ static TmEcode WinDivertRecvHelper(ThreadVars *tv, WinDivertThreadVars *wd_tv)
}
SCLogDebug("Packet received, length %" PRId32 "", GET_PKT_LEN(p));
p->ts = WinDivertTimestampToTimeval(wd_tv, p->windivert_v.addr.Timestamp);
p->ts = WinDivertTimestampToTimeStamp(wd_tv, p->windivert_v.addr.Timestamp);
p->windivert_v.thread_num = wd_tv->thread_num;
#ifdef COUNTERS

4
src/stream-tcp-list.c
Unescape Escape View File

@ -566,8 +566,8 @@ static int DoHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, const Packet *pp)
{
if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > pp->payload_len) {
seg->pcap_hdr_storage->ts.tv_sec = rp->ts.tv_sec;
seg->pcap_hdr_storage->ts.tv_usec = rp->ts.tv_usec;
seg->pcap_hdr_storage->ts.tv_sec = SCTIME_SECS(rp->ts);
seg->pcap_hdr_storage->ts.tv_usec = SCTIME_USECS(rp->ts);
seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - pp->payload_len;
/*
* pkt_hdr members are initially allocated 64 bytes of memory. Thus,

57
src/stream-tcp.c
Unescape Escape View File

@ -1027,7 +1027,7 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p,
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
ssn->server.last_pkt_ts = p->ts.tv_sec;
ssn->server.last_pkt_ts = SCTIME_SECS(p->ts);
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
if (ssn->client.last_ts == 0)
@ -1080,7 +1080,7 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p,
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
ssn->client.last_pkt_ts = p->ts.tv_sec;
ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
ssn->client.flags |= STREAMTCP_STREAM_FLAG_TIMESTAMP;
}
@ -1187,7 +1187,7 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p,
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
ssn->client.last_pkt_ts = p->ts.tv_sec;
ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
if (ssn->client.last_ts == 0)
@ -1221,7 +1221,7 @@ static inline void StreamTcp3whsSynAckToStateQueue(Packet *p, TcpStateQueue *q)
q->win = TCP_GET_WINDOW(p);
q->seq = TCP_GET_SEQ(p);
q->ack = TCP_GET_ACK(p);
q->pkt_ts = p->ts.tv_sec;
q->pkt_ts = SCTIME_SECS(p->ts);
if (TCP_GET_SACKOK(p) == 1)
q->flags |= STREAMTCP_QUEUE_FLAG_SACK;
@ -1546,7 +1546,7 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
"ssn->server.last_ts %" PRIu32"", ssn,
ssn->client.last_ts, ssn->server.last_ts);
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
ssn->client.last_pkt_ts = p->ts.tv_sec;
ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
} else {
@ -1658,7 +1658,7 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
ssn->server.last_pkt_ts = p->ts.tv_sec;
ssn->server.last_pkt_ts = SCTIME_SECS(p->ts);
ssn->server.flags |= STREAMTCP_STREAM_FLAG_TIMESTAMP;
}
@ -1699,7 +1699,7 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
// Check whether packets have been received in the correct order (only ever update)
if (ssn->client.last_ts < ts_val) {
ssn->client.last_ts = ts_val;
ssn->client.last_pkt_ts = p->ts.tv_sec;
ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
}
SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %" PRIu64, ssn,
@ -1763,7 +1763,7 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
{
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
ssn->client.flags &= ~STREAMTCP_STREAM_FLAG_TIMESTAMP;
ssn->client.last_pkt_ts = p->ts.tv_sec;
ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
} else {
ssn->client.last_ts = 0;
ssn->client.flags &= ~STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
@ -5784,12 +5784,13 @@ static int StreamTcpValidateTimestamp (TcpSession *ssn, Packet *p)
result = (int32_t) (ts - last_ts);
}
SCLogDebug("result %"PRIi32", p->ts.tv_sec %"PRIuMAX"", result, (uintmax_t)p->ts.tv_sec);
SCLogDebug("result %" PRIi32 ", p->ts(secs) %" PRIuMAX "", result,
(uintmax_t)SCTIME_SECS(p->ts));
if (last_pkt_ts == 0 &&
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM))
{
last_pkt_ts = p->ts.tv_sec;
last_pkt_ts = SCTIME_SECS(p->ts);
}
if (result < 0) {
@ -5799,12 +5800,10 @@ static int StreamTcpValidateTimestamp (TcpSession *ssn, Packet *p)
/* candidate for rejection */
ret = 0;
} else if ((sender_stream->last_ts != 0) &&
(((uint32_t) p->ts.tv_sec) >
last_pkt_ts + PAWS_24DAYS))
{
(((uint32_t)SCTIME_SECS(p->ts)) > last_pkt_ts + PAWS_24DAYS)) {
SCLogDebug("packet is not valid last_pkt_ts "
"%" PRIu32 " p->ts.tv_sec %" PRIu32 "",
last_pkt_ts, (uint32_t) p->ts.tv_sec);
"%" PRIu32 " p->ts(sec) %" PRIu32 "",
last_pkt_ts, (uint32_t)SCTIME_SECS(p->ts));
/* candidate for rejection */
ret = 0;
}
@ -5814,8 +5813,7 @@ static int StreamTcpValidateTimestamp (TcpSession *ssn, Packet *p)
* current stream timestamp is not so old. if so then we need to
* accept the packet and update the stream->last_ts (RFC 1323)*/
if ((SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p))) &&
(((uint32_t) p->ts.tv_sec > (last_pkt_ts + PAWS_24DAYS))))
{
(((uint32_t)SCTIME_SECS(p->ts) > (last_pkt_ts + PAWS_24DAYS)))) {
SCLogDebug("timestamp considered valid anyway");
} else {
goto invalid;
@ -5928,12 +5926,13 @@ static int StreamTcpHandleTimestamp (TcpSession *ssn, Packet *p)
result = (int32_t) (ts - sender_stream->last_ts);
}
SCLogDebug("result %"PRIi32", p->ts.tv_sec %"PRIuMAX"", result, (uintmax_t)p->ts.tv_sec);
SCLogDebug("result %" PRIi32 ", p->ts(sec) %" PRIuMAX "", result,
(uintmax_t)SCTIME_SECS(p->ts));
if (sender_stream->last_pkt_ts == 0 &&
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM))
{
sender_stream->last_pkt_ts = p->ts.tv_sec;
sender_stream->last_pkt_ts = SCTIME_SECS(p->ts);
}
if (result < 0) {
@ -5943,12 +5942,11 @@ static int StreamTcpHandleTimestamp (TcpSession *ssn, Packet *p)
/* candidate for rejection */
ret = 0;
} else if ((sender_stream->last_ts != 0) &&
(((uint32_t) p->ts.tv_sec) >
sender_stream->last_pkt_ts + PAWS_24DAYS))
{
(((uint32_t)SCTIME_SECS(p->ts)) >
sender_stream->last_pkt_ts + PAWS_24DAYS)) {
SCLogDebug("packet is not valid sender_stream->last_pkt_ts "
"%" PRIu32 " p->ts.tv_sec %" PRIu32 "",
sender_stream->last_pkt_ts, (uint32_t) p->ts.tv_sec);
"%" PRIu32 " p->ts(sec) %" PRIu32 "",
sender_stream->last_pkt_ts, (uint32_t)SCTIME_SECS(p->ts));
/* candidate for rejection */
ret = 0;
}
@ -5959,17 +5957,17 @@ static int StreamTcpHandleTimestamp (TcpSession *ssn, Packet *p)
if (SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p)))
sender_stream->last_ts = ts;
sender_stream->last_pkt_ts = p->ts.tv_sec;
sender_stream->last_pkt_ts = SCTIME_SECS(p->ts);
} else if (ret == 0) {
/* if the timestamp of packet is not valid then, check if the
* current stream timestamp is not so old. if so then we need to
* accept the packet and update the stream->last_ts (RFC 1323)*/
if ((SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p))) &&
(((uint32_t) p->ts.tv_sec > (sender_stream->last_pkt_ts + PAWS_24DAYS))))
{
(((uint32_t)SCTIME_SECS(p->ts) >
(sender_stream->last_pkt_ts + PAWS_24DAYS)))) {
sender_stream->last_ts = ts;
sender_stream->last_pkt_ts = p->ts.tv_sec;
sender_stream->last_pkt_ts = SCTIME_SECS(p->ts);
SCLogDebug("timestamp considered valid anyway");
} else {
@ -6185,8 +6183,7 @@ Packet *StreamTcpPseudoSetup(Packet *parent, uint8_t *pkt, uint32_t len)
PacketCopyData(p, pkt, len);
p->recursion_level = parent->recursion_level + 1;
p->ts.tv_sec = parent->ts.tv_sec;
p->ts.tv_usec = parent->ts.tv_usec;
p->ts = parent->ts;
FlowReference(&p->flow, parent->flow);
/* set tunnel flags */

1
src/suricata-common.h
Unescape Escape View File

@ -497,6 +497,7 @@ typedef void lua_State;
#include "tm-threads-common.h"
#include "util-optimize.h"
#include "util-time.h"
#include "util-mem.h"
#include "util-memcmp.h"
#include "util-atomic.h"

4
src/tests/detect-tls-cert-validity.c
Unescape Escape View File

@ -960,7 +960,7 @@ static int ExpiredTestDetect01(void)
p3->flowflags |= FLOW_PKT_ESTABLISHED;
p3->pcap_cnt = 3;
f.lastts.tv_sec = 1474978656; /* 2016-09-27 */
f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
StreamTcpInitConfig(true);
@ -1268,7 +1268,7 @@ static int ValidTestDetect01(void)
p3->flowflags |= FLOW_PKT_ESTABLISHED;
p3->pcap_cnt = 3;
f.lastts.tv_sec = 1474978656; /* 2016-09-27 */
f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
StreamTcpInitConfig(true);

6
src/tests/fuzz/fuzz_predefpcap_aware.c
Unescape Escape View File

@ -120,8 +120,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
goto bail;
}
p->ts.tv_sec = header.ts.tv_sec;
p->ts.tv_usec = header.ts.tv_usec % 1000000;
p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
while (r > 0) {
if (PacketCopyData(p, pkt, header.caplen) == 0) {
@ -147,8 +146,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
goto bail;
}
PacketRecycle(p);
p->ts.tv_sec = header.ts.tv_sec;
p->ts.tv_usec = header.ts.tv_usec % 1000000;
p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
pcap_cnt++;
p->pcap_cnt = pcap_cnt;

6
src/tests/fuzz/fuzz_sigpcap.c
Unescape Escape View File

@ -163,8 +163,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if (r <= 0 || header->ts.tv_sec >= INT_MAX - 3600 || header->ts.tv_usec < 0) {
goto bail;
}
p->ts.tv_sec = header->ts.tv_sec;
p->ts.tv_usec = header->ts.tv_usec % 1000000;
p->ts = SCTIME_FROM_TIMEVAL(&header->ts);
p->datalink = pcap_datalink(pkts);
p->pkt_src = PKT_SRC_WIRE;
while (r > 0) {
@ -191,8 +190,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
goto bail;
}
PacketRecycle(p);
p->ts.tv_sec = header->ts.tv_sec;
p->ts.tv_usec = header->ts.tv_usec % 1000000;
p->ts = SCTIME_FROM_TIMEVAL(&header->ts);
p->datalink = pcap_datalink(pkts);
p->pkt_src = PKT_SRC_WIRE;
pcap_cnt++;

6
src/tests/fuzz/fuzz_sigpcap_aware.c
Unescape Escape View File

@ -161,8 +161,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
goto bail;
}
p->pkt_src = PKT_SRC_WIRE;
p->ts.tv_sec = header.ts.tv_sec;
p->ts.tv_usec = header.ts.tv_usec % 1000000;
p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
while (r > 0) {
if (PacketCopyData(p, pkt, header.caplen) == 0) {
@ -189,8 +188,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
}
PacketRecycle(p);
p->pkt_src = PKT_SRC_WIRE;
p->ts.tv_sec = header.ts.tv_sec;
p->ts.tv_usec = header.ts.tv_usec % 1000000;
p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
pcap_cnt++;
p->pcap_cnt = pcap_cnt;

29
src/tm-threads.c
Unescape Escape View File

@ -2052,7 +2052,7 @@ typedef struct Thread_ {
int type;
int in_use; /**< bool to indicate this is in use */
struct timeval pktts; /**< current packet time of this thread
SCTime_t pktts; /**< current packet time of this thread
* (offline mode) */
uint32_t sys_sec_stamp; /**< timestamp in seconds of the real system
* time when the pktts was last updated. */
@ -2167,7 +2167,7 @@ end:
SCMutexUnlock(&thread_store_lock);
}
void TmThreadsSetThreadTimestamp(const int id, const struct timeval *ts)
void TmThreadsSetThreadTimestamp(const int id, const SCTime_t ts)
{
SCMutexLock(&thread_store_lock);
if (unlikely(id <= 0 || id > (int)thread_store.threads_size)) {
@ -2177,7 +2177,7 @@ void TmThreadsSetThreadTimestamp(const int id, const struct timeval *ts)
int idx = id - 1;
Thread *t = &thread_store.threads[idx];
t->pktts = *ts;
t->pktts = ts;
struct timeval systs;
gettimeofday(&systs, NULL);
t->sys_sec_stamp = (uint32_t)systs.tv_sec;
@ -2201,7 +2201,7 @@ bool TmThreadsTimeSubsysIsReady(void)
return ready;
}
void TmThreadsInitThreadsTimestamp(const struct timeval *ts)
void TmThreadsInitThreadsTimestamp(const SCTime_t ts)
{
struct timeval systs;
gettimeofday(&systs, NULL);
@ -2210,7 +2210,7 @@ void TmThreadsInitThreadsTimestamp(const struct timeval *ts)
Thread *t = &thread_store.threads[s];
if (!t->in_use)
break;
t->pktts = *ts;
t->pktts = ts;
t->sys_sec_stamp = (uint32_t)systs.tv_sec;
}
SCMutexUnlock(&thread_store_lock);
@ -2218,10 +2218,9 @@ void TmThreadsInitThreadsTimestamp(const struct timeval *ts)
void TmThreadsGetMinimalTimestamp(struct timeval *ts)
{
struct timeval local, nullts;
memset(&local, 0, sizeof(local));
memset(&nullts, 0, sizeof(nullts));
int set = 0;
struct timeval local = { 0 };
static struct timeval nullts;
bool set = false;
size_t s;
struct timeval systs;
gettimeofday(&systs, NULL);
@ -2231,17 +2230,19 @@ void TmThreadsGetMinimalTimestamp(struct timeval *ts)
Thread *t = &thread_store.threads[s];
if (t->in_use == 0)
break;
if (!(timercmp(&t->pktts, &nullts, ==))) {
struct timeval pkttv = { .tv_sec = SCTIME_SECS(t->pktts),
.tv_usec = SCTIME_USECS(t->pktts) };
if (!(timercmp(&pkttv, &nullts, ==))) {
/* ignore sleeping threads */
if (t->sys_sec_stamp + 1 < (uint32_t)systs.tv_sec)
continue;
if (!set) {
local = t->pktts;
set = 1;
SCTIME_TO_TIMEVAL(&local, t->pktts);
set = true;
} else {
if (timercmp(&t->pktts, &local, <)) {
local = t->pktts;
if (SCTIME_CMP_LT(t->pktts, SCTIME_FROM_TIMEVAL(&local))) {
SCTIME_TO_TIMEVAL(&local, t->pktts);
}
}
}

4
src/tm-threads.h
Unescape Escape View File

@ -255,8 +255,8 @@ int TmThreadsRegisterThread(ThreadVars *tv, const int type);
void TmThreadsUnregisterThread(const int id);
void TmThreadsInjectFlowById(Flow *f, const int id);
void TmThreadsInitThreadsTimestamp(const struct timeval *ts);
void TmThreadsSetThreadTimestamp(const int id, const struct timeval *ts);
void TmThreadsInitThreadsTimestamp(const SCTime_t ts);
void TmThreadsSetThreadTimestamp(const int id, const SCTime_t ts);
void TmThreadsGetMinimalTimestamp(struct timeval *ts);
uint16_t TmThreadsGetWorkerThreadMax(void);
bool TmThreadsTimeSubsysIsReady(void);

28
src/util-debug.c
Unescape Escape View File

@ -199,9 +199,9 @@ static inline void SCLogPrintToSyslog(int syslog_log_level, const char *msg)
/**
*/
static int SCLogMessageJSON(struct timeval *tval, char *buffer, size_t buffer_size,
SCLogLevel log_level, const char *file, unsigned line, const char *function,
const char *module, const char *message)
static int SCLogMessageJSON(SCTime_t tval, char *buffer, size_t buffer_size, SCLogLevel log_level,
const char *file, unsigned line, const char *function, const char *module,
const char *message)
{
JsonBuilder *js = jb_new_object();
if (unlikely(js == NULL))
@ -341,10 +341,9 @@ static const char *SCTransformModule(const char *module_name, int *dn_len)
*
* \retval 0 on success; else a negative value on error
*/
static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPType type,
char *buffer, size_t buffer_size, const char *log_format, const SCLogLevel log_level,
const char *file, const unsigned int line, const char *function, const char *module,
const char *message)
static SCError SCLogMessageGetBuffer(SCTime_t tval, int color, SCLogOPType type, char *buffer,
size_t buffer_size, const char *log_format, const SCLogLevel log_level, const char *file,
const unsigned int line, const char *function, const char *module, const char *message)
{
if (type == SC_LOG_OP_TYPE_JSON)
return SCLogMessageJSON(
@ -393,7 +392,7 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp
case SC_LOG_FMT_TIME:
temp_fmt[0] = '\0';
tms = SCLocalTime(tval->tv_sec, &local_tm);
tms = SCLocalTime(SCTIME_SECS(tval), &local_tm);
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
"%s%s%04d-%02d-%02d %02d:%02d:%02d%s", substr, green, tms->tm_year + 1900,
@ -410,7 +409,7 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp
case SC_LOG_FMT_TIME_LEGACY:
temp_fmt[0] = '\0';
tms = SCLocalTime(tval->tv_sec, &local_tm);
tms = SCLocalTime(SCTIME_SECS(tval), &local_tm);
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
"%s%s%d/%d/%04d -- %02d:%02d:%02d%s",
@ -667,8 +666,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne
}
/* get ts here so we log the same ts to each output */
struct timeval tval;
gettimeofday(&tval, NULL);
SCTime_t ts = TimeGet();
op_iface_ctx = sc_log_config->op_ifaces;
while (op_iface_ctx != NULL) {
@ -679,8 +677,8 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne
switch (op_iface_ctx->iface) {
case SC_LOG_OP_IFACE_CONSOLE:
if (SCLogMessageGetBuffer(&tval, op_iface_ctx->use_color, op_iface_ctx->type,
buffer, sizeof(buffer),
if (SCLogMessageGetBuffer(ts, op_iface_ctx->use_color, op_iface_ctx->type, buffer,
sizeof(buffer),
op_iface_ctx->log_format ? op_iface_ctx->log_format
: sc_log_config->log_format,
log_level, file, line, function, module, message) == 0) {
@ -688,7 +686,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne
}
break;
case SC_LOG_OP_IFACE_FILE:
if (SCLogMessageGetBuffer(&tval, 0, op_iface_ctx->type, buffer, sizeof(buffer),
if (SCLogMessageGetBuffer(ts, 0, op_iface_ctx->type, buffer, sizeof(buffer),
op_iface_ctx->log_format ? op_iface_ctx->log_format
: sc_log_config->log_format,
log_level, file, line, function, module, message) == 0) {
@ -709,7 +707,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne
}
break;
case SC_LOG_OP_IFACE_SYSLOG:
if (SCLogMessageGetBuffer(&tval, 0, op_iface_ctx->type, buffer, sizeof(buffer),
if (SCLogMessageGetBuffer(ts, 0, op_iface_ctx->type, buffer, sizeof(buffer),
op_iface_ctx->log_format ? op_iface_ctx->log_format
: sc_log_config->log_format,
log_level, file, line, function, module, message) == 0) {

2
src/util-ebpf.c
Unescape Escape View File

@ -662,7 +662,7 @@ bool EBPFBypassUpdate(Flow *f, void *data, time_t tsec)
EBPFDeleteKey(eb->mapfd, eb->key[1]);
SCLogDebug("Done delete entry: %u", FLOW_IS_IPV6(f));
} else {
f->lastts.tv_sec = tsec;
f->lastts = SCTIME_FROM_SECS(tsec);
return true;
}
return false;

28
src/util-lua-common.c
Unescape Escape View File

@ -170,10 +170,10 @@ static int LuaCallbackPacketPayload(lua_State *luastate)
*
* Places: seconds (number), microseconds (number)
*/
static int LuaCallbackTimestampPushToStack(lua_State *luastate, const struct timeval *ts)
static int LuaCallbackTimestampPushToStack(lua_State *luastate, const SCTime_t ts)
{
lua_pushnumber(luastate, (double)ts->tv_sec);
lua_pushnumber(luastate, (double)ts->tv_usec);
lua_pushnumber(luastate, (double)SCTIME_SECS(ts));
lua_pushnumber(luastate, (double)SCTIME_USECS(ts));
return 2;
}
@ -188,7 +188,7 @@ static int LuaCallbackTimestampPushToStack(lua_State *luastate, const struct tim
static int LuaCallbackTimeStringPushToStackFromPacket(lua_State *luastate, const Packet *p)
{
char timebuf[64];
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
CreateTimeString(p->ts, timebuf, sizeof(timebuf));
lua_pushstring (luastate, timebuf);
return 1;
}
@ -203,7 +203,7 @@ static int LuaCallbackPacketTimestamp(lua_State *luastate)
if (p == NULL)
return LuaCallbackError(luastate, "internal error: no packet");
return LuaCallbackTimestampPushToStack(luastate, &p->ts);
return LuaCallbackTimestampPushToStack(luastate, p->ts);
}
/** \internal
@ -229,14 +229,13 @@ static int LuaCallbackPacketTimeString(lua_State *luastate)
* Places: seconds (number), seconds (number), microseconds (number),
* microseconds (number)
*/
static int LuaCallbackFlowTimestampsPushToStack(lua_State *luastate,
const struct timeval *startts,
const struct timeval *lastts)
static int LuaCallbackFlowTimestampsPushToStack(
lua_State *luastate, const SCTime_t startts, const SCTime_t lastts)
{
lua_pushnumber(luastate, (double)startts->tv_sec);
lua_pushnumber(luastate, (double)lastts->tv_sec);
lua_pushnumber(luastate, (double)startts->tv_usec);
lua_pushnumber(luastate, (double)lastts->tv_usec);
lua_pushnumber(luastate, (double)SCTIME_SECS(startts));
lua_pushnumber(luastate, (double)SCTIME_SECS(lastts));
lua_pushnumber(luastate, (double)SCTIME_USECS(startts));
lua_pushnumber(luastate, (double)SCTIME_USECS(lastts));
return 4;
}
@ -251,8 +250,7 @@ static int LuaCallbackFlowTimestamps(lua_State *luastate)
return LuaCallbackError(luastate, "internal error: no flow");
}
return LuaCallbackFlowTimestampsPushToStack(luastate, &flow->startts,
&flow->lastts);
return LuaCallbackFlowTimestampsPushToStack(luastate, flow->startts, flow->lastts);
}
/** \internal
@ -266,7 +264,7 @@ static int LuaCallbackFlowTimestamps(lua_State *luastate)
static int LuaCallbackTimeStringPushToStackFromFlow(lua_State *luastate, const Flow *flow)
{
char timebuf[64];
CreateTimeString(&flow->startts, timebuf, sizeof(timebuf));
CreateTimeString(flow->startts, timebuf, sizeof(timebuf));
lua_pushstring (luastate, timebuf);
return 1;
}

2
src/util-profiling-rulegroups.c
Unescape Escape View File

@ -108,7 +108,7 @@ static void DoDumpJSON(SCProfileSghDetectCtx *rules_ctx, FILE *fp, const char *n
}
gettimeofday(&tval, NULL);
CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
json_object_set_new(js, "timestamp", json_string(timebuf));
for (i = 0; i < rules_ctx->cnt; i++) {

2
src/util-profiling-rules.c
Unescape Escape View File

@ -299,7 +299,7 @@ static void DumpJson(FILE *fp, SCProfileSummary *summary,
}
gettimeofday(&tval, NULL);
CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
json_object_set_new(js, "timestamp", json_string(timebuf));
json_object_set_new(js, "sort", json_string(sort_desc));

78
src/util-threshold-config.c
Unescape Escape View File

@ -1635,10 +1635,6 @@ static int SCThresholdConfTest09(void)
HostInitConfig(HOST_QUIET);
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
Packet *p = UTHBuildPacket((uint8_t*)"lalala", 6, IPPROTO_TCP);
FAIL_IF_NULL(p);
@ -1660,7 +1656,7 @@ static int SCThresholdConfTest09(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
@ -1675,7 +1671,7 @@ static int SCThresholdConfTest09(void)
FAIL_IF(p->alerts.cnt != 1 || PacketTestAction(p, ACTION_DROP));
TimeSetIncrementTime(2);
TimeGet(&p->ts);
p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
@ -1683,7 +1679,7 @@ static int SCThresholdConfTest09(void)
FAIL_IF(p->alerts.cnt != 1 || !(PacketTestAction(p, ACTION_DROP)));
TimeSetIncrementTime(3);
TimeGet(&p->ts);
p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
@ -1691,7 +1687,7 @@ static int SCThresholdConfTest09(void)
FAIL_IF(p->alerts.cnt != 1 || !(PacketTestAction(p, ACTION_DROP)));
TimeSetIncrementTime(10);
TimeGet(&p->ts);
p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
@ -1720,10 +1716,6 @@ static int SCThresholdConfTest10(void)
{
HostInitConfig(HOST_QUIET);
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
/* Create two different packets falling to the same rule, and
* because count:3, we should drop on match #4.
*/
@ -1753,7 +1745,7 @@ static int SCThresholdConfTest10(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p1->ts);
p1->ts = TimeGet();
p2->ts = p1->ts;
/* All should be alerted, none dropped */
@ -1777,7 +1769,7 @@ static int SCThresholdConfTest10(void)
p2->action = 0;
TimeSetIncrementTime(2);
TimeGet(&p1->ts);
p1->ts = TimeGet();
/* Still dropped because timeout not expired */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
@ -1786,7 +1778,7 @@ static int SCThresholdConfTest10(void)
p1->action = 0;
TimeSetIncrementTime(10);
TimeGet(&p1->ts);
p1->ts = TimeGet();
/* Not dropped because timeout expired */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
@ -1814,10 +1806,6 @@ static int SCThresholdConfTest11(void)
{
HostInitConfig(HOST_QUIET);
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
Packet *p = UTHBuildPacket((uint8_t*)"lalala", 6, IPPROTO_TCP);
FAIL_IF_NULL(p);
@ -1847,7 +1835,7 @@ static int SCThresholdConfTest11(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
int alerts10 = 0;
int alerts11 = 0;
@ -1875,14 +1863,14 @@ static int SCThresholdConfTest11(void)
alerts12 += PacketAlertCheck(p, 12);
TimeSetIncrementTime(100);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
alerts11 += PacketAlertCheck(p, 11);
TimeSetIncrementTime(10);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
@ -1923,10 +1911,6 @@ static int SCThresholdConfTest12(void)
{
HostInitConfig(HOST_QUIET);
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
Packet *p = UTHBuildPacket((uint8_t*)"lalala", 6, IPPROTO_TCP);
FAIL_IF_NULL(p);
@ -1956,7 +1940,7 @@ static int SCThresholdConfTest12(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p->ts);
p->ts = TimeGet();
int alerts10 = 0;
int alerts11 = 0;
@ -1984,14 +1968,14 @@ static int SCThresholdConfTest12(void)
alerts12 += PacketAlertCheck(p, 12);
TimeSetIncrementTime(100);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
alerts11 += PacketAlertCheck(p, 11);
TimeSetIncrementTime(10);
TimeGet(&p->ts);
p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
@ -2090,10 +2074,6 @@ static int SCThresholdConfTest14(void)
ThreadVars th_v;
memset(&th_v, 0, sizeof(th_v));
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
FAIL_IF_NOT_NULL(g_ut_threshold_fp);
g_ut_threshold_fp = SCThresholdConfGenerateValidDummyFD11();
FAIL_IF_NULL(g_ut_threshold_fp);
@ -2142,10 +2122,6 @@ static int SCThresholdConfTest15(void)
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
Signature *sig = DetectEngineAppendSig(de_ctx,
"drop tcp any any -> any any (msg:\"suppress test\"; content:\"lalala\"; gid:1; sid:10000;)");
FAIL_IF_NULL(sig);
@ -2194,10 +2170,6 @@ static int SCThresholdConfTest16(void)
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
Signature *sig = DetectEngineAppendSig(de_ctx,
"drop tcp any any -> any any (msg:\"suppress test\"; gid:1; sid:1000;)");
FAIL_IF_NULL(sig);
@ -2245,10 +2217,6 @@ static int SCThresholdConfTest17(void)
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
struct timeval ts;
memset (&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
Signature *sig = DetectEngineAppendSig(de_ctx,
"drop tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:10000;)");
FAIL_IF_NULL(sig);
@ -2517,10 +2485,6 @@ static int SCThresholdConfTest22(void)
IPPairInitConfig(IPPAIR_QUIET);
struct timeval ts;
memset(&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
/* This packet will cause rate_filter */
Packet *p1 = UTHBuildPacketSrcDst((uint8_t*)"lalala", 6, IPPROTO_TCP, "172.26.0.1", "172.26.0.10");
FAIL_IF_NULL(p1);
@ -2551,7 +2515,7 @@ static int SCThresholdConfTest22(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p1->ts);
p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* All should be alerted, none dropped */
@ -2570,7 +2534,7 @@ static int SCThresholdConfTest22(void)
p1->action = p2->action = p3->action = 0;
TimeSetIncrementTime(2);
TimeGet(&p1->ts);
p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* p1 still shouldn't be dropped after 2nd alert */
@ -2581,7 +2545,7 @@ static int SCThresholdConfTest22(void)
p1->action = 0;
TimeSetIncrementTime(2);
TimeGet(&p1->ts);
p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* All should be alerted, only p1 must be dropped due to rate_filter*/
@ -2600,7 +2564,7 @@ static int SCThresholdConfTest22(void)
p1->action = p2->action = p3->action = 0;
TimeSetIncrementTime(7);
TimeGet(&p1->ts);
p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* All should be alerted, none dropped (because timeout expired) */
@ -2658,10 +2622,6 @@ static int SCThresholdConfTest23(void)
IPPairInitConfig(IPPAIR_QUIET);
struct timeval ts;
memset(&ts, 0, sizeof(struct timeval));
TimeGet(&ts);
/* Create two packets between same addresses in opposite direction */
Packet *p1 = UTHBuildPacketSrcDst((uint8_t*)"lalala", 6, IPPROTO_TCP, "172.26.0.1", "172.26.0.10");
FAIL_IF_NULL(p1);
@ -2687,14 +2647,14 @@ static int SCThresholdConfTest23(void)
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
TimeGet(&p1->ts);
p1->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
/* First packet should be alerted, not dropped */
FAIL_IF(PacketTestAction(p1, ACTION_DROP));
FAIL_IF(PacketAlertCheck(p1, 10) != 1);
TimeSetIncrementTime(2);
TimeGet(&p2->ts);
p2->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
/* Second packet should be dropped because it considered as "the same pair"

77
src/util-time.c
Unescape Escape View File

@ -113,7 +113,7 @@ bool TimeModeIsLive(void)
return live_time_tracking;
}
void TimeSetByThread(const int thread_id, const struct timeval *tv)
void TimeSetByThread(const int thread_id, SCTime_t tv)
{
if (live_time_tracking)
return;
@ -122,17 +122,13 @@ void TimeSetByThread(const int thread_id, const struct timeval *tv)
}
#ifdef UNITTESTS
void TimeSet(struct timeval *tv)
void TimeSet(SCTime_t ts)
{
if (live_time_tracking)
return;
if (tv == NULL)
return;
SCSpinLock(&current_time_spinlock);
current_time.tv_sec = tv->tv_sec;
current_time.tv_usec = tv->tv_usec;
SCTIME_TO_TIMEVAL(&current_time, ts);
SCLogDebug("time set to %" PRIuMAX " sec, %" PRIuMAX " usec",
(uintmax_t)current_time.tv_sec, (uintmax_t)current_time.tv_usec);
@ -148,34 +144,34 @@ void TimeSetToCurrentTime(void)
gettimeofday(&tv, NULL);
TimeSet(&tv);
SCTime_t ts = SCTIME_FROM_TIMEVAL(&tv);
TimeSet(ts);
}
#endif
void TimeGet(struct timeval *tv)
SCTime_t TimeGet()
{
if (tv == NULL)
return;
struct timeval tv = { 0 };
if (live_time_tracking) {
gettimeofday(tv, NULL);
gettimeofday(&tv, NULL);
} else {
#ifdef UNITTESTS
if (unlikely(RunmodeIsUnittests())) {
SCSpinLock(&current_time_spinlock);
tv->tv_sec = current_time.tv_sec;
tv->tv_usec = current_time.tv_usec;
tv.tv_sec = current_time.tv_sec;
tv.tv_usec = current_time.tv_usec;
SCSpinUnlock(&current_time_spinlock);
} else {
#endif
TmThreadsGetMinimalTimestamp(tv);
TmThreadsGetMinimalTimestamp(&tv);
#ifdef UNITTESTS
}
#endif
}
SCLogDebug("time we got is %" PRIuMAX " sec, %" PRIuMAX " usec",
(uintmax_t)tv->tv_sec, (uintmax_t)tv->tv_usec);
SCLogDebug("time we got is %" PRIuMAX " sec, %" PRIuMAX " usec", (uintmax_t)tv.tv_sec,
(uintmax_t)tv.tv_usec);
return SCTIME_FROM_TIMEVAL(&tv);
}
#ifdef UNITTESTS
@ -183,13 +179,11 @@ void TimeGet(struct timeval *tv)
* \param tv_sec seconds to increment the time with */
void TimeSetIncrementTime(uint32_t tv_sec)
{
struct timeval tv;
memset(&tv, 0x00, sizeof(tv));
TimeGet(&tv);
SCTime_t ts = TimeGet();
tv.tv_sec += tv_sec;
ts += SCTIME_FROM_SECS(tv_sec);
TimeSet(&tv);
TimeSet(ts);
}
#endif
@ -198,7 +192,7 @@ void TimeSetIncrementTime(uint32_t tv_sec)
* \brief wrapper around strftime on Windows to provide output
* compatible with posix %z
*/
static inline void WinStrftime(const struct timeval *ts, const struct tm *t, char *str, size_t size)
static inline void WinStrftime(const SCTime_t ts, const struct tm *t, char *str, size_t size)
{
char time_fmt[64] = { 0 };
char tz[6] = { 0 };
@ -207,14 +201,14 @@ static inline void WinStrftime(const struct timeval *ts, const struct tm *t, cha
const int m = (abs(_timezone) % 3600) / 60;
snprintf(tz, sizeof(tz), "%c%02d%02d", tzdiff < 0 ? '-' : '+', h, m);
strftime(time_fmt, sizeof(time_fmt), "%Y-%m-%dT%H:%M:%S.%%06u", t);
snprintf(str, size, time_fmt, ts->tv_usec);
snprintf(str, size, time_fmt, SCTIME_USECS(ts));
strlcat(str, tz, size); // append our timezone
}
#endif
void CreateIsoTimeString (const struct timeval *ts, char *str, size_t size)
void CreateIsoTimeString(const SCTime_t ts, char *str, size_t size)
{
time_t time = ts->tv_sec;
time_t time = SCTIME_SECS(ts);
struct tm local_tm;
memset(&local_tm, 0, sizeof(local_tm));
struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
@ -224,7 +218,7 @@ void CreateIsoTimeString (const struct timeval *ts, char *str, size_t size)
WinStrftime(ts, t, str, size);
#else
char time_fmt[64] = { 0 };
int64_t usec = ts->tv_usec;
int64_t usec = SCTIME_USECS(ts);
strftime(time_fmt, sizeof(time_fmt), "%Y-%m-%dT%H:%M:%S.%%06" PRIi64 "%z", t);
snprintf(str, size, time_fmt, usec);
#endif
@ -233,9 +227,9 @@ void CreateIsoTimeString (const struct timeval *ts, char *str, size_t size)
}
}
void CreateUtcIsoTimeString (const struct timeval *ts, char *str, size_t size)
void CreateUtcIsoTimeString(const SCTime_t ts, char *str, size_t size)
{
time_t time = ts->tv_sec;
time_t time = SCTIME_SECS(ts);
struct tm local_tm;
memset(&local_tm, 0, sizeof(local_tm));
struct tm *t = (struct tm*)SCUtcTime(time, &local_tm);
@ -243,7 +237,7 @@ void CreateUtcIsoTimeString (const struct timeval *ts, char *str, size_t size)
if (likely(t != NULL)) {
char time_fmt[64] = { 0 };
strftime(time_fmt, sizeof(time_fmt), "%Y-%m-%dT%H:%M:%S", t);
snprintf(str, size, time_fmt, ts->tv_usec);
snprintf(str, size, time_fmt, SCTIME_USECS(ts));
} else {
snprintf(str, size, "ts-error");
}
@ -275,16 +269,15 @@ struct tm *SCLocalTime(time_t timep, struct tm *result)
return localtime_r(&timep, result);
}
void CreateTimeString (const struct timeval *ts, char *str, size_t size)
void CreateTimeString(const SCTime_t ts, char *str, size_t size)
{
time_t time = ts->tv_sec;
time_t time = SCTIME_SECS(ts);
struct tm local_tm;
struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
if (likely(t != NULL)) {
snprintf(str, size, "%02d/%02d/%02d-%02d:%02d:%02d.%06u",
t->tm_mon + 1, t->tm_mday, t->tm_year + 1900, t->tm_hour,
t->tm_min, t->tm_sec, (uint32_t) ts->tv_usec);
snprintf(str, size, "%02d/%02d/%02d-%02d:%02d:%02d.%06u", t->tm_mon + 1, t->tm_mday,
t->tm_year + 1900, t->tm_hour, t->tm_min, t->tm_sec, (uint32_t)SCTIME_USECS(ts));
} else {
snprintf(str, size, "ts-error");
}
@ -393,12 +386,12 @@ static int UpdateCachedTime(int n, time_t time)
/** \brief Return a formatted string for the provided time.
*
* Cache the Month/Day/Year - Hours:Min part of the time string for
* the current minute. Copy that result into the the return string and
* the current minute. Copy that result into the return string and
* then only print the seconds for each call.
*/
void CreateTimeString (const struct timeval *ts, char *str, size_t size)
void CreateTimeString(const SCTime_t ts, char *str, size_t size)
{
time_t time = ts->tv_sec;
time_t time = SCTIME_SECS(ts);
int seconds;
/* Only get a new local time when the time crosses into a new
@ -431,9 +424,7 @@ void CreateTimeString (const struct timeval *ts, char *str, size_t size)
if (cached_len >= (int)size)
cached_len = size;
memcpy(str, cached_str, cached_len);
snprintf(str + cached_len, size - cached_len,
"%02d.%06u",
seconds, (uint32_t) ts->tv_usec);
snprintf(str + cached_len, size - cached_len, "%02d.%06u", seconds, (uint32_t)SCTIME_USECS(ts));
}
#endif /* defined(__OpenBSD__) */
@ -652,5 +643,5 @@ uint64_t SCTimespecAsEpochMillis(const struct timespec* ts)
uint64_t TimeDifferenceMicros(struct timeval t0, struct timeval t1)
{
return (uint64_t)(t1.tv_sec - t0.tv_sec) * 1000000 + (t1.tv_usec - t1.tv_usec);
return (uint64_t)(t1.tv_sec - t0.tv_sec) * 1000000L + (t1.tv_usec - t1.tv_usec);
}

48
src/util-time.h
Unescape Escape View File

@ -24,13 +24,47 @@
#ifndef __UTIL_TIME_H__
#define __UTIL_TIME_H__
typedef uint64_t SCTime_t;
/*
* The SCTime_t member is broken up as
* seconds: 44
* useconds: 20
*
* Over 500000 years can be represented in 44 bits of seconds:
* 2^44/(365*24*60*60)
* 557855.560
* 1048576 microseconds can be represented in 20 bits:
* 2^20
* 1048576
*/
#define USECS_BITS 20
#define USEC_BITMASK 0xfffff
#define SCTIME_USECS(t) (SCTime_t)((t)&USEC_BITMASK)
#define SCTIME_SECS(t) (SCTime_t)((time_t)((t) >> USECS_BITS))
#define SCTIME_MSECS(t) (SCTime_t)(SCTIME_SECS(t) * 1000 + SCTIME_USECS(t) / 1000)
#define SCTIME_FROM_SECS(secs) (SCTime_t)((((SCTime_t)(secs)) << USECS_BITS))
#define SCTIME_FROM_USECS(usecs) (SCTime_t) SCTIME_USECS((usecs))
#define SCTIME_FROM_TIMEVAL(tv) \
(SCTime_t)((SCTIME_FROM_SECS((tv)->tv_sec) + SCTIME_FROM_USECS((tv)->tv_usec)))
#define SCTIME_FROM_TIMESPEC(ts) \
(SCTime_t)((SCTIME_FROM_SECS((ts)->tv_sec) + SCTIME_FROM_USECS((ts)->tv_nsec * 1000)))
#define SCTIME_TO_TIMEVAL(tv, t) \
(tv)->tv_sec = SCTIME_SECS((t)); \
(tv)->tv_usec = SCTIME_USECS((t));
#define SCTIME_CMP(a, b, CMP) \
((SCTIME_SECS(a) == SCTIME_SECS(b)) ? (SCTIME_USECS(a) CMP SCTIME_USECS(b)) \
: (SCTIME_SECS(a) CMP SCTIME_SECS(b)))
#define SCTIME_CMP_GT(a, b) SCTIME_CMP((a), (b), >)
#define SCTIME_CMP_LT(a, b) SCTIME_CMP((a), (b), <)
void TimeInit(void);
void TimeDeinit(void);
void TimeSetByThread(const int thread_id, const struct timeval *tv);
void TimeGet(struct timeval *);
void TimeSetByThread(const int thread_id, SCTime_t tv);
SCTime_t TimeGet(void);
/** \brief intialize a 'struct timespec' from a 'struct timeval'. */
/** \brief initialize a 'struct timespec' from a 'struct timeval'. */
#define FROM_TIMEVAL(timev) { .tv_sec = (timev).tv_sec, .tv_nsec = (timev).tv_usec * 1000 }
static inline struct timeval TimevalWithSeconds(const struct timeval *ts, const time_t sec_add)
@ -69,7 +103,7 @@ static inline bool TimevalEarlier(struct timeval *first, struct timeval *second)
#endif
#ifdef UNITTESTS
void TimeSet(struct timeval *);
void TimeSet(SCTime_t);
void TimeSetToCurrentTime(void);
void TimeSetIncrementTime(uint32_t);
#endif
@ -80,9 +114,9 @@ void TimeModeSetOffline (void);
bool TimeModeIsLive(void);
struct tm *SCLocalTime(time_t timep, struct tm *result);
void CreateTimeString(const struct timeval *ts, char *str, size_t size);
void CreateIsoTimeString(const struct timeval *ts, char *str, size_t size);
void CreateUtcIsoTimeString(const struct timeval *ts, char *str, size_t size);
void CreateTimeString(const SCTime_t ts, char *str, size_t size);
void CreateIsoTimeString(const SCTime_t ts, char *str, size_t size);
void CreateUtcIsoTimeString(const SCTime_t ts, char *str, size_t size);
void CreateFormattedTimeString(const struct tm *t, const char * fmt, char *str, size_t size);
time_t SCMkTimeUtc(struct tm *tp);
int SCStringPatternToTime(char *string, const char **patterns,

6
src/util-unittest-helper.c
Unescape Escape View File

@ -165,7 +165,7 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
if (unlikely(p == NULL))
return NULL;
TimeGet(&p->ts);
p->ts = TimeGet();
p->src.family = AF_INET6;
p->dst.family = AF_INET6;
@ -251,9 +251,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
if (unlikely(p == NULL))
return NULL;
struct timeval tv;
TimeGet(&tv);
COPY_TIMESTAMP(&tv, &p->ts);
p->ts = TimeGet();
p->src.family = AF_INET;
p->dst.family = AF_INET;

Write Preview
Loading…
Cancel
Save