From 672f6523a71b199778986adffddf5e7b1005aacb Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 2 May 2014 09:54:16 +0200
Subject: [PATCH] flow-log: log TCP flags seen

Log TCP flags seen during the life time of a flow/session.
---
 src/output-json-flow.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 7416c5f2ef..b4464d8d6c 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -46,6 +46,8 @@
 #include "util-time.h"
 #include "output-json.h"
 
+#include "stream-tcp-private.h"
+
 #ifdef HAVE_LIBJANSSON
 #include <jansson.h>
 
@@ -194,6 +196,25 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
 #endif
 
     json_object_set_new(js, "flow", hjs);
+
+
+    /* TCP */
+    if (f->proto == IPPROTO_TCP) {
+        json_t *tjs = json_object();
+        if (tjs == NULL) {
+            return;
+        }
+
+        TcpSession *ssn = f->protoctx;
+
+        char hexflags[3] = "00";
+        if (ssn)
+            snprintf(hexflags, sizeof(hexflags), "%02x",
+                    ssn->tcp_packet_flags);
+        json_object_set_new(tjs, "tcp_flags", json_string(hexflags));
+
+        json_object_set_new(js, "tcp", tjs);
+    }
 }
 
 static int JsonFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)