eve/flow: add in_iface field

Fixes #2057

diff --git a/src/flow.h b/src/flow.h
index aac932bf79c489b3e10ac6c2d243cbbe716aea7b..56216cb4f3d00814e55e40f3f1c51972f38d7dea 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -27,6 +27,7 @@
 #include "decode.h"
 #include "util-var.h"
 #include "util-atomic.h"
+#include "util-device.h"
 #include "detect-tag.h"
 #include "util-optimize.h"
 

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 04e05a1c470fc5c11ac092894d5b365134e963e1..09f2a7ccee868c821aec657f6fb47a0e297122d1 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -118,6 +118,12 @@ static json_t *CreateJSONHeaderFromFlow(const Flow *f, const char *event_type)
     if (sensor_id >= 0)
         json_object_set_new(js, "sensor_id", json_integer(sensor_id));
 #endif
+
+    /* input interface */
+    if (f->livedev) {
+        json_object_set_new(js, "in_iface", json_string(f->livedev->dev));
+    }
+
     if (event_type) {
         json_object_set_new(js, "event_type", json_string(event_type));
     }

diff --git a/src/output-json-netflow.c b/src/output-json-netflow.c
index e00029943f908bd088ed4b6ba5c181dfa25c8e86..570cc11e3c60366de25b97100d109a8900685e48 100644 (file)
--- a/src/output-json-netflow.c
+++ b/src/output-json-netflow.c
@@ -126,6 +126,12 @@ static json_t *CreateJSONHeaderFromFlow(const Flow *f, const char *event_type, i
     if (sensor_id >= 0)
         json_object_set_new(js, "sensor_id", json_integer(sensor_id));
 #endif
+
+    /* input interface */
+    if (f->livedev) {
+        json_object_set_new(js, "in_iface", json_string(f->livedev->dev));
+    }
+
     if (event_type) {
         json_object_set_new(js, "event_type", json_string(event_type));
     }