json/flow: log if flow had gap in TCP

author Eric Leblond <el@stamus-networks.com>

Tue, 23 Mar 2021 22:45:22 +0000 (23:45 +0100)

committer Victor Julien <vjulien@oisf.net>

Mon, 3 Oct 2022 09:03:08 +0000 (11:03 +0200)
author Eric Leblond <el@stamus-networks.com>
Tue, 23 Mar 2021 22:45:22 +0000 (23:45 +0100)
committer Victor Julien <vjulien@oisf.net>
Mon, 3 Oct 2022 09:03:08 +0000 (11:03 +0200)
diff --git a/src/output-json-flow.c b/src/output-json-flow.c

index 0aa74ba86f93585dbbbc3c4471dfa3a559bbb0d8..f817bc1fb27950a397ee38a542be4a38bcd4318a 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -309,6 +309,12 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
              const char *tcp_state = StreamTcpStateAsString(ssn->state);
              if (tcp_state != NULL)
                  jb_set_string(jb, "state", tcp_state);
+            if (FlowHasGaps(f, STREAM_TOCLIENT)) {
+                JB_SET_TRUE(jb, "tc_gap");
+            }
+            if (FlowHasGaps(f, STREAM_TOSERVER)) {
+                JB_SET_TRUE(jb, "ts_gap");
+            }
          }
  
          /* Close tcp. */
author	Eric Leblond <el@stamus-networks.com>
	Tue, 23 Mar 2021 22:45:22 +0000 (23:45 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Mon, 3 Oct 2022 09:03:08 +0000 (11:03 +0200)