flow: track lastts in struct timeval

Track full timestamp for lastts in flows to be able to log it.
12 years ago · 7acea2c66d
parent c66a29b67d
commit 7acea2c66d
6 changed files with 17 additions and 19 deletions
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@ -715,7 +715,7 @@ static int HTPHandleRequestData(Flow *f, void *htp_state,
        SCLogDebug("using existing htp handle at %p", hstate->connp);
    }

-    htp_time_t ts = { f->lastts_sec, 0 };
+    htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
    /* pass the new data to the htp parser */
    r = htp_connp_req_data(hstate->connp, &ts, input, input_len);

@ -792,7 +792,7 @@ static int HTPHandleResponseData(Flow *f, void *htp_state,
     * reactivate it if necessary) */
    hstate->flags &=~ HTP_FLAG_NEW_BODY_SET;

-    htp_time_t ts = { f->lastts_sec, 0 };
+    htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
    r = htp_connp_res_data(hstate->connp, &ts, input, input_len);
    switch(r) {
        case HTP_STREAM_ERROR:
--- a/src/flow-manager.c
+++ b/src/flow-manager.c
@ -204,7 +204,7 @@ static int FlowManagerFlowTimeout(Flow *f, int state, struct timeval *ts, int em
    uint32_t timeout = FlowGetFlowTimeout(f, state, emergency);

    /* do the timeout check */
-    if ((int32_t)(f->lastts_sec + timeout) >= ts->tv_sec) {
+    if ((int32_t)(f->lastts.tv_sec + timeout) >= ts->tv_sec) {
        return 0;
    }

@ -816,7 +816,7 @@ static int FlowMgrTest01 (void) {
    f.flags |= FLOW_TIMEOUT_REASSEMBLY_DONE;

    TimeGet(&ts);
-    f.lastts_sec = ts.tv_sec - 5000;
+    f.lastts.tv_sec = ts.tv_sec - 5000;
    f.protoctx = &ssn;
    f.fb = &fb;

@ -875,7 +875,7 @@ static int FlowMgrTest02 (void) {
    ssn.client = client;
    ssn.server = client;
    ssn.state = TCP_ESTABLISHED;
-    f.lastts_sec = ts.tv_sec - 5000;
+    f.lastts.tv_sec = ts.tv_sec - 5000;
    f.protoctx = &ssn;
    f.fb = &fb;
    f.proto = IPPROTO_TCP;
@ -920,7 +920,7 @@ static int FlowMgrTest03 (void) {

    TimeGet(&ts);
    ssn.state = TCP_SYN_SENT;
-    f.lastts_sec = ts.tv_sec - 300;
+    f.lastts.tv_sec = ts.tv_sec - 300;
    f.protoctx = &ssn;
    f.fb = &fb;
    f.proto = IPPROTO_TCP;
@ -979,7 +979,7 @@ static int FlowMgrTest04 (void) {
    ssn.client = client;
    ssn.server = client;
    ssn.state = TCP_ESTABLISHED;
-    f.lastts_sec = ts.tv_sec - 5000;
+    f.lastts.tv_sec = ts.tv_sec - 5000;
    f.protoctx = &ssn;
    f.fb = &fb;
    f.proto = IPPROTO_TCP;
--- a/src/flow-util.h
+++ b/src/flow-util.h
@ -48,7 +48,8 @@
        (f)->probing_parser_toserver_alproto_masks = 0; \
        (f)->probing_parser_toclient_alproto_masks = 0; \
        (f)->flags = 0; \
-        (f)->lastts_sec = 0; \
+        (f)->lastts.tv_sec = 0; \
+        (f)->lastts.tv_usec = 0; \
        FLOWLOCK_INIT((f)); \
        (f)->protoctx = NULL; \
        (f)->alproto = 0; \
@ -87,7 +88,8 @@
        (f)->probing_parser_toserver_alproto_masks = 0; \
        (f)->probing_parser_toclient_alproto_masks = 0; \
        (f)->flags = 0; \
-        (f)->lastts_sec = 0; \
+        (f)->lastts.tv_sec = 0; \
+        (f)->lastts.tv_usec = 0; \
        (f)->protoctx = NULL; \
        (f)->alparser = NULL; \
        (f)->alstate = NULL; \
--- a/src/flow.c
+++ b/src/flow.c
@ -247,7 +247,7 @@ void FlowHandlePacket(ThreadVars *tv, Packet *p)
    FlowReference(&p->flow, f);

    /* update the last seen timestamp of this flow */
-    f->lastts_sec = p->ts.tv_sec;
+    COPY_TIMESTAMP(&p->ts,&f->lastts);

    /* update flags and counters */
    if (FlowGetPacketDirection(f, p) == TOSERVER) {
--- a/src/flow.h
+++ b/src/flow.h
@ -317,8 +317,8 @@ typedef struct Flow_

    uint32_t flags;

-    /* ts of flow init and last update */
-    int32_t lastts_sec;
+    /* time stamp of last update (last packet) */
+    struct timeval lastts;

 #ifdef FLOWLOCK_RWLOCK
    SCRWLock r;
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@ -201,18 +201,14 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)

 #endif
    char timebuf1[64], timebuf2[64];
-    struct timeval tv;
-    memset(&tv, 0x00, sizeof(tv));
-
-    tv.tv_sec = f->lastts_sec;

-    CreateIsoTimeString(&tv, timebuf1, sizeof(timebuf1));
-    CreateIsoTimeString(&f->startts, timebuf2, sizeof(timebuf2));
+    CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
+    CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));

    json_object_set_new(hjs, "start", json_string(timebuf1));
    json_object_set_new(hjs, "end", json_string(timebuf2));

-    int32_t age = f->lastts_sec - f->startts.tv_sec;
+    int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
    json_object_set_new(hjs, "age",
            json_integer(age));