From 7acea2c66d4933847021b188e994915a762c4556 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 6 May 2014 12:15:39 +0200
Subject: [PATCH] flow: track lastts in struct timeval

Track full timestamp for lastts in flows to be able to log it.
---
 src/app-layer-htp.c    |  4 ++--
 src/flow-manager.c     | 10 +++++-----
 src/flow-util.h        |  6 ++++--
 src/flow.c             |  2 +-
 src/flow.h             |  4 ++--
 src/output-json-flow.c | 10 +++-------
 6 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index c91cfbd0eb..2f5ed1ea6f 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -715,7 +715,7 @@ static int HTPHandleRequestData(Flow *f, void *htp_state,
         SCLogDebug("using existing htp handle at %p", hstate->connp);
     }
 
-    htp_time_t ts = { f->lastts_sec, 0 };
+    htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
     /* pass the new data to the htp parser */
     r = htp_connp_req_data(hstate->connp, &ts, input, input_len);
 
@@ -792,7 +792,7 @@ static int HTPHandleResponseData(Flow *f, void *htp_state,
      * reactivate it if necessary) */
     hstate->flags &=~ HTP_FLAG_NEW_BODY_SET;
 
-    htp_time_t ts = { f->lastts_sec, 0 };
+    htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
     r = htp_connp_res_data(hstate->connp, &ts, input, input_len);
     switch(r) {
         case HTP_STREAM_ERROR:
diff --git a/src/flow-manager.c b/src/flow-manager.c
index c1ac729554..b3daeb0e2e 100644
--- a/src/flow-manager.c
+++ b/src/flow-manager.c
@@ -204,7 +204,7 @@ static int FlowManagerFlowTimeout(Flow *f, int state, struct timeval *ts, int em
     uint32_t timeout = FlowGetFlowTimeout(f, state, emergency);
 
     /* do the timeout check */
-    if ((int32_t)(f->lastts_sec + timeout) >= ts->tv_sec) {
+    if ((int32_t)(f->lastts.tv_sec + timeout) >= ts->tv_sec) {
         return 0;
     }
 
@@ -816,7 +816,7 @@ static int FlowMgrTest01 (void) {
     f.flags |= FLOW_TIMEOUT_REASSEMBLY_DONE;
 
     TimeGet(&ts);
-    f.lastts_sec = ts.tv_sec - 5000;
+    f.lastts.tv_sec = ts.tv_sec - 5000;
     f.protoctx = &ssn;
     f.fb = &fb;
 
@@ -875,7 +875,7 @@ static int FlowMgrTest02 (void) {
     ssn.client = client;
     ssn.server = client;
     ssn.state = TCP_ESTABLISHED;
-    f.lastts_sec = ts.tv_sec - 5000;
+    f.lastts.tv_sec = ts.tv_sec - 5000;
     f.protoctx = &ssn;
     f.fb = &fb;
     f.proto = IPPROTO_TCP;
@@ -920,7 +920,7 @@ static int FlowMgrTest03 (void) {
 
     TimeGet(&ts);
     ssn.state = TCP_SYN_SENT;
-    f.lastts_sec = ts.tv_sec - 300;
+    f.lastts.tv_sec = ts.tv_sec - 300;
     f.protoctx = &ssn;
     f.fb = &fb;
     f.proto = IPPROTO_TCP;
@@ -979,7 +979,7 @@ static int FlowMgrTest04 (void) {
     ssn.client = client;
     ssn.server = client;
     ssn.state = TCP_ESTABLISHED;
-    f.lastts_sec = ts.tv_sec - 5000;
+    f.lastts.tv_sec = ts.tv_sec - 5000;
     f.protoctx = &ssn;
     f.fb = &fb;
     f.proto = IPPROTO_TCP;
diff --git a/src/flow-util.h b/src/flow-util.h
index cdffba38ca..df1e588542 100644
--- a/src/flow-util.h
+++ b/src/flow-util.h
@@ -48,7 +48,8 @@
         (f)->probing_parser_toserver_alproto_masks = 0; \
         (f)->probing_parser_toclient_alproto_masks = 0; \
         (f)->flags = 0; \
-        (f)->lastts_sec = 0; \
+        (f)->lastts.tv_sec = 0; \
+        (f)->lastts.tv_usec = 0; \
         FLOWLOCK_INIT((f)); \
         (f)->protoctx = NULL; \
         (f)->alproto = 0; \
@@ -87,7 +88,8 @@
         (f)->probing_parser_toserver_alproto_masks = 0; \
         (f)->probing_parser_toclient_alproto_masks = 0; \
         (f)->flags = 0; \
-        (f)->lastts_sec = 0; \
+        (f)->lastts.tv_sec = 0; \
+        (f)->lastts.tv_usec = 0; \
         (f)->protoctx = NULL; \
         (f)->alparser = NULL; \
         (f)->alstate = NULL; \
diff --git a/src/flow.c b/src/flow.c
index bcdad8285a..75963d8155 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -247,7 +247,7 @@ void FlowHandlePacket(ThreadVars *tv, Packet *p)
     FlowReference(&p->flow, f);
 
     /* update the last seen timestamp of this flow */
-    f->lastts_sec = p->ts.tv_sec;
+    COPY_TIMESTAMP(&p->ts,&f->lastts);
 
     /* update flags and counters */
     if (FlowGetPacketDirection(f, p) == TOSERVER) {
diff --git a/src/flow.h b/src/flow.h
index ada1f993e0..a51aa369f3 100644
--- a/src/flow.h
+++ b/src/flow.h
@@ -317,8 +317,8 @@ typedef struct Flow_
 
     uint32_t flags;
 
-    /* ts of flow init and last update */
-    int32_t lastts_sec;
+    /* time stamp of last update (last packet) */
+    struct timeval lastts;
 
 #ifdef FLOWLOCK_RWLOCK
     SCRWLock r;
diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index db3ba7a785..5ae39ae8cc 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -201,18 +201,14 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
 
 #endif
     char timebuf1[64], timebuf2[64];
-    struct timeval tv;
-    memset(&tv, 0x00, sizeof(tv));
-
-    tv.tv_sec = f->lastts_sec;
 
-    CreateIsoTimeString(&tv, timebuf1, sizeof(timebuf1));
-    CreateIsoTimeString(&f->startts, timebuf2, sizeof(timebuf2));
+    CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
+    CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
 
     json_object_set_new(hjs, "start", json_string(timebuf1));
     json_object_set_new(hjs, "end", json_string(timebuf2));
 
-    int32_t age = f->lastts_sec - f->startts.tv_sec;
+    int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
     json_object_set_new(hjs, "age",
             json_integer(age));