eve/flow: log flow state directly

No need to first turn it into a flags field.

src/flow.h

@@ -240,14 +240,10 @@ typedef struct AppLayerParserState_ AppLayerParserState;
  *  logging, etc. */
 #define FLOW_PKT_LAST_PSEUDO            0x80
 
-#define FLOW_END_FLAG_STATE_NEW         0x01
+#define FLOW_END_FLAG_EMERGENCY 0x01
-#define FLOW_END_FLAG_STATE_ESTABLISHED 0x02
+#define FLOW_END_FLAG_TIMEOUT   0x02
-#define FLOW_END_FLAG_STATE_CLOSED      0x04
+#define FLOW_END_FLAG_FORCED    0x04
-#define FLOW_END_FLAG_EMERGENCY         0x08
+#define FLOW_END_FLAG_SHUTDOWN  0x08
-#define FLOW_END_FLAG_TIMEOUT           0x10
-#define FLOW_END_FLAG_FORCED            0x20
-#define FLOW_END_FLAG_SHUTDOWN          0x40
-#define FLOW_END_FLAG_STATE_BYPASSED    0x80
 
 /** Mutex or RWLocks for the flow. */
 //#define FLOWLOCK_RWLOCK
@@ -670,23 +666,6 @@ static inline int64_t FlowGetId(const Flow *f)
     return id;
 }
 
-static inline void FlowSetEndFlags(Flow *f)
-{
-    const int state = f->flow_state;
-    if (state == FLOW_STATE_NEW)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_NEW;
-    else if (state == FLOW_STATE_ESTABLISHED)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_ESTABLISHED;
-    else if (state == FLOW_STATE_CLOSED)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED;
-    else if (state == FLOW_STATE_LOCAL_BYPASSED)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED;
-#ifdef CAPTURE_OFFLOAD
-    else if (state == FLOW_STATE_CAPTURE_BYPASSED)
-        f->flow_end_flags = FLOW_END_FLAG_STATE_BYPASSED;
-#endif
-}
-
 static inline bool FlowIsBypassed(const Flow *f)
 {
     if (

src/output-flow.c

@@ -91,8 +91,6 @@ TmEcode OutputFlowLog(ThreadVars *tv, void *thread_data, Flow *f)
     if (list == NULL)
         return TM_ECODE_OK;
 
-    FlowSetEndFlags(f);
-
     OutputFlowLoggerThreadData *op_thread_data = (OutputFlowLoggerThreadData *)thread_data;
     OutputFlowLogger *logger = list;
     OutputLoggerThreadStore *store = op_thread_data->store;

src/output-json-flow.c

@@ -230,32 +230,32 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
 
     if (f->flow_end_flags & FLOW_END_FLAG_EMERGENCY)
         JB_SET_TRUE(jb, "emergency");
-    const char *state = NULL;
+
-    if (f->flow_end_flags & FLOW_END_FLAG_STATE_NEW)
+    const int flow_state = f->flow_state;
-        state = "new";
+    switch (flow_state) {
-    else if (f->flow_end_flags & FLOW_END_FLAG_STATE_ESTABLISHED)
+        case FLOW_STATE_NEW:
-        state = "established";
+            JB_SET_STRING(jb, "state", "new");
-    else if (f->flow_end_flags & FLOW_END_FLAG_STATE_CLOSED)
+            break;
-        state = "closed";
+        case FLOW_STATE_ESTABLISHED:
-    else if (f->flow_end_flags & FLOW_END_FLAG_STATE_BYPASSED) {
+            JB_SET_STRING(jb, "state", "established");
-        state = "bypassed";
+            break;
-        int flow_state = f->flow_state;
+        case FLOW_STATE_CLOSED:
-        switch (flow_state) {
+            JB_SET_STRING(jb, "state", "closed");
-            case FLOW_STATE_LOCAL_BYPASSED:
+            break;
-                JB_SET_STRING(jb, "bypass", "local");
+        case FLOW_STATE_LOCAL_BYPASSED:
-                break;
+            JB_SET_STRING(jb, "state", "bypassed");
+            JB_SET_STRING(jb, "bypass", "local");
+            break;
 #ifdef CAPTURE_OFFLOAD
-            case FLOW_STATE_CAPTURE_BYPASSED:
+        case FLOW_STATE_CAPTURE_BYPASSED:
-                JB_SET_STRING(jb, "bypass", "capture");
+            JB_SET_STRING(jb, "state", "bypassed");
-                break;
+            JB_SET_STRING(jb, "bypass", "capture");
+            break;
 #endif
-            default:
+        default:
-                SCLogError("Invalid flow state: %d, contact developers", flow_state);
+            SCLogError("Invalid flow state: %d, contact developers", flow_state);
-        }
     }
 
-    jb_set_string(jb, "state", state);
-
     const char *reason = NULL;
     if (f->flow_end_flags & FLOW_END_FLAG_FORCED)
         reason = "forced";