aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

flow: track lastts in struct timeval

Browse Source 
Track full timestamp for lastts in flows to be able to log it.
pull/1058/head
Victor Julien 12 years ago
parent c66a29b67d
commit 7acea2c66d
6 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File

4
src/app-layer-htp.c
Unescape Escape View File

@ -715,7 +715,7 @@ static int HTPHandleRequestData(Flow *f, void *htp_state,
SCLogDebug("using existing htp handle at %p", hstate->connp); SCLogDebug("using existing htp handle at %p", hstate->connp);
} }
htp_time_t ts = { f->lastts_sec, 0 }; htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
/* pass the new data to the htp parser */ /* pass the new data to the htp parser */
r = htp_connp_req_data(hstate->connp, &ts, input, input_len); r = htp_connp_req_data(hstate->connp, &ts, input, input_len);
@ -792,7 +792,7 @@ static int HTPHandleResponseData(Flow *f, void *htp_state,
* reactivate it if necessary) */ * reactivate it if necessary) */
hstate->flags &=~ HTP_FLAG_NEW_BODY_SET; hstate->flags &=~ HTP_FLAG_NEW_BODY_SET;
htp_time_t ts = { f->lastts_sec, 0 }; htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
r = htp_connp_res_data(hstate->connp, &ts, input, input_len); r = htp_connp_res_data(hstate->connp, &ts, input, input_len);
switch(r) { switch(r) {
case HTP_STREAM_ERROR: case HTP_STREAM_ERROR:

10
src/flow-manager.c
Unescape Escape View File

@ -204,7 +204,7 @@ static int FlowManagerFlowTimeout(Flow *f, int state, struct timeval *ts, int em
uint32_t timeout = FlowGetFlowTimeout(f, state, emergency); uint32_t timeout = FlowGetFlowTimeout(f, state, emergency);
/* do the timeout check */ /* do the timeout check */
if ((int32_t)(f->lastts_sec + timeout) >= ts->tv_sec) { if ((int32_t)(f->lastts.tv_sec + timeout) >= ts->tv_sec) {
return 0; return 0;
} }
@ -816,7 +816,7 @@ static int FlowMgrTest01 (void) {
f.flags |= FLOW_TIMEOUT_REASSEMBLY_DONE; f.flags |= FLOW_TIMEOUT_REASSEMBLY_DONE;
TimeGet(&ts); TimeGet(&ts);
f.lastts_sec = ts.tv_sec - 5000; f.lastts.tv_sec = ts.tv_sec - 5000;
f.protoctx = &ssn; f.protoctx = &ssn;
f.fb = &fb; f.fb = &fb;
@ -875,7 +875,7 @@ static int FlowMgrTest02 (void) {
ssn.client = client; ssn.client = client;
ssn.server = client; ssn.server = client;
ssn.state = TCP_ESTABLISHED; ssn.state = TCP_ESTABLISHED;
f.lastts_sec = ts.tv_sec - 5000; f.lastts.tv_sec = ts.tv_sec - 5000;
f.protoctx = &ssn; f.protoctx = &ssn;
f.fb = &fb; f.fb = &fb;
f.proto = IPPROTO_TCP; f.proto = IPPROTO_TCP;
@ -920,7 +920,7 @@ static int FlowMgrTest03 (void) {
TimeGet(&ts); TimeGet(&ts);
ssn.state = TCP_SYN_SENT; ssn.state = TCP_SYN_SENT;
f.lastts_sec = ts.tv_sec - 300; f.lastts.tv_sec = ts.tv_sec - 300;
f.protoctx = &ssn; f.protoctx = &ssn;
f.fb = &fb; f.fb = &fb;
f.proto = IPPROTO_TCP; f.proto = IPPROTO_TCP;
@ -979,7 +979,7 @@ static int FlowMgrTest04 (void) {
ssn.client = client; ssn.client = client;
ssn.server = client; ssn.server = client;
ssn.state = TCP_ESTABLISHED; ssn.state = TCP_ESTABLISHED;
f.lastts_sec = ts.tv_sec - 5000; f.lastts.tv_sec = ts.tv_sec - 5000;
f.protoctx = &ssn; f.protoctx = &ssn;
f.fb = &fb; f.fb = &fb;
f.proto = IPPROTO_TCP; f.proto = IPPROTO_TCP;

6
src/flow-util.h
Unescape Escape View File

@ -48,7 +48,8 @@
(f)->probing_parser_toserver_alproto_masks = 0; \ (f)->probing_parser_toserver_alproto_masks = 0; \
(f)->probing_parser_toclient_alproto_masks = 0; \ (f)->probing_parser_toclient_alproto_masks = 0; \
(f)->flags = 0; \ (f)->flags = 0; \
(f)->lastts_sec = 0; \ (f)->lastts.tv_sec = 0; \
(f)->lastts.tv_usec = 0; \
FLOWLOCK_INIT((f)); \ FLOWLOCK_INIT((f)); \
(f)->protoctx = NULL; \ (f)->protoctx = NULL; \
(f)->alproto = 0; \ (f)->alproto = 0; \
@ -87,7 +88,8 @@
(f)->probing_parser_toserver_alproto_masks = 0; \ (f)->probing_parser_toserver_alproto_masks = 0; \
(f)->probing_parser_toclient_alproto_masks = 0; \ (f)->probing_parser_toclient_alproto_masks = 0; \
(f)->flags = 0; \ (f)->flags = 0; \
(f)->lastts_sec = 0; \ (f)->lastts.tv_sec = 0; \
(f)->lastts.tv_usec = 0; \
(f)->protoctx = NULL; \ (f)->protoctx = NULL; \
(f)->alparser = NULL; \ (f)->alparser = NULL; \
(f)->alstate = NULL; \ (f)->alstate = NULL; \

2
src/flow.c
Unescape Escape View File

@ -247,7 +247,7 @@ void FlowHandlePacket(ThreadVars *tv, Packet *p)
FlowReference(&p->flow, f); FlowReference(&p->flow, f);
/* update the last seen timestamp of this flow */ /* update the last seen timestamp of this flow */
f->lastts_sec = p->ts.tv_sec; COPY_TIMESTAMP(&p->ts,&f->lastts);
/* update flags and counters */ /* update flags and counters */
if (FlowGetPacketDirection(f, p) == TOSERVER) { if (FlowGetPacketDirection(f, p) == TOSERVER) {

4
src/flow.h
Unescape Escape View File

@ -317,8 +317,8 @@ typedef struct Flow_
uint32_t flags; uint32_t flags;
/* ts of flow init and last update */ /* time stamp of last update (last packet) */
int32_t lastts_sec; struct timeval lastts;
#ifdef FLOWLOCK_RWLOCK #ifdef FLOWLOCK_RWLOCK
SCRWLock r; SCRWLock r;

10
src/output-json-flow.c
Unescape Escape View File

@ -201,18 +201,14 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
#endif #endif
char timebuf1[64], timebuf2[64]; char timebuf1[64], timebuf2[64];
struct timeval tv;
memset(&tv, 0x00, sizeof(tv));
tv.tv_sec = f->lastts_sec;
CreateIsoTimeString(&tv, timebuf1, sizeof(timebuf1)); CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
CreateIsoTimeString(&f->startts, timebuf2, sizeof(timebuf2)); CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
json_object_set_new(hjs, "start", json_string(timebuf1)); json_object_set_new(hjs, "start", json_string(timebuf1));
json_object_set_new(hjs, "end", json_string(timebuf2)); json_object_set_new(hjs, "end", json_string(timebuf2));
int32_t age = f->lastts_sec - f->startts.tv_sec; int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
json_object_set_new(hjs, "age", json_object_set_new(hjs, "age",
json_integer(age)); json_integer(age));

Write Preview
Loading…
Cancel
Save