flow: add parent_id field

This patch adds a parent_id field to the Flow structure that
contain the flow ID of the parent connection for protocol with
dynamic parallel connection opening like FTP.

diff --git a/src/flow-util.h b/src/flow-util.h
index 11109c3c5ac47a401316d5dbfa40c089af2dc697..68475fd6bfe9c13a0e527102e52952406b7eba6a 100644 (file)
--- a/src/flow-util.h
+++ b/src/flow-util.h
@@ -43,6 +43,7 @@
         SC_ATOMIC_INIT((f)->flow_state); \
         SC_ATOMIC_INIT((f)->use_cnt); \
         (f)->tenant_id = 0; \
+        (f)->parent_id = 0; \
         (f)->probing_parser_toserver_alproto_masks = 0; \
         (f)->probing_parser_toclient_alproto_masks = 0; \
         (f)->flags = 0; \
@@ -85,6 +86,7 @@
         SC_ATOMIC_RESET((f)->flow_state); \
         SC_ATOMIC_RESET((f)->use_cnt); \
         (f)->tenant_id = 0; \
+        (f)->parent_id = 0; \
         (f)->probing_parser_toserver_alproto_masks = 0; \
         (f)->probing_parser_toclient_alproto_masks = 0; \
         (f)->flags = 0; \

diff --git a/src/flow.h b/src/flow.h
index a13aa5eb9fd0467c3ef4dd2da3736365db932ffd..f6d080a23e2725efc827c74063337a5af1fca9f5 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -361,6 +361,9 @@ typedef struct Flow_
 
     uint32_t flags;         /**< generic flags */
 
+    /* Parent flow id for protocol like ftp */
+    int64_t parent_id;
+
     uint16_t file_flags;    /**< file tracking/extraction flags */
     /* coccinelle: Flow:file_flags:FLOWFILE_ */
 

diff --git a/src/output-json.c b/src/output-json.c
index 32495d416c252d2d4b4f73566c86effa0e1eaa39..ecd26ee5d69ead9e78ce947870f78e339429c983 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -387,6 +387,9 @@ void CreateJSONFlowId(json_t *js, const Flow *f)
         return;
     int64_t flow_id = FlowGetId(f);
     json_object_set_new(js, "flow_id", json_integer(flow_id));
+    if (f->parent_id) {
+        json_object_set_new(js, "parent_id", json_integer(f->parent_id));
+    }
 }
 
 json_t *CreateJSONHeader(const Packet *p, int direction_sensitive,