MemBufferReset(aft->buffer);
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
MemBufferWriteString(aft->buffer, "+================\n"
"TIME: %s\n", timebuf);
if (p->flow != NULL) {
int applayer = 0;
applayer = StreamTcpAppLayerIsDisabled(p->flow);
- CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->flow->startts, timebuf, sizeof(timebuf));
MemBufferWriteString(aft->buffer, "FLOW Start TS: %s\n", timebuf);
MemBufferWriteString(aft->buffer, "FLOW PKTS TODST: %"PRIu32"\n"
"FLOW PKTS TOSRC: %"PRIu32"\n"
MemBufferReset(aft->buffer);
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
MemBufferWriteString(aft->buffer,
"+================\n"
char timebuf[64];
int decoder_event = 0;
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
if (PKT_IS_IPV4(p)) {
#define EXPECTATION_MAX_LEVEL 10
typedef struct Expectation_ {
- struct timeval ts;
+ SCTime_t ts;
Port sp;
Port dp;
AppProto alproto;
if (exp_list == NULL)
goto out;
- time_t ctime = f->lastts.tv_sec;
-
CIRCLEQ_FOREACH_SAFE(exp, &exp_list->list, entries, lexp) {
if ((exp->direction & flags) && ((exp->sp == 0) || (exp->sp == f->sp)) &&
((exp->dp == 0) || (exp->dp == f->dp))) {
continue;
}
/* Cleaning remove old entries */
- if (ctime > exp->ts.tv_sec + EXPECTATION_TIMEOUT) {
+ if (SCTIME_SECS(f->lastts) > SCTIME_SECS(exp->ts) + EXPECTATION_TIMEOUT) {
exp_list = AppLayerExpectationRemove(ipp, exp_list, exp);
if (exp_list == NULL)
goto out;
}
}
-static inline bool ContainerValueRangeTimeout(HttpRangeContainerFile *cu, struct timeval *ts)
+static inline bool ContainerValueRangeTimeout(HttpRangeContainerFile *cu, const SCTime_t ts)
{
// we only timeout if we have no flow referencing us
- if ((uint32_t)ts->tv_sec > cu->expire || cu->error) {
+ if ((uint32_t)SCTIME_SECS(ts) > cu->expire || cu->error) {
if (SC_ATOMIC_GET(cu->hdata->use_cnt) == 0) {
DEBUG_VALIDATE_BUG_ON(cu->files == NULL);
return true;
THashShutdown(ContainerUrlRangeList.ht);
}
-uint32_t HttpRangeContainersTimeoutHash(struct timeval *ts)
+uint32_t HttpRangeContainersTimeoutHash(const SCTime_t ts)
{
SCLogDebug("timeout: starting");
uint32_t cnt = 0;
*/
static void *HttpRangeContainerUrlGet(const uint8_t *key, uint32_t keylen, const Flow *f)
{
- const struct timeval *ts = &f->lastts;
+ const SCTime_t ts = f->lastts;
HttpRangeContainerFile lookup;
memset(&lookup, 0, sizeof(lookup));
// cast so as not to have const in the structure
struct THashDataGetResult res = THashGetFromHash(ContainerUrlRangeList.ht, &lookup);
if (res.data) {
// nothing more to do if (res.is_new)
- ContainerUrlRangeUpdate(res.data->data, ts->tv_sec + ContainerUrlRangeList.timeout);
+ ContainerUrlRangeUpdate(res.data->data, SCTIME_SECS(ts) + ContainerUrlRangeList.timeout);
HttpRangeContainerFile *c = res.data->data;
c->hdata = res.data;
SCLogDebug("c %p", c);
void HttpRangeContainersInit(void);
void HttpRangeContainersDestroy(void);
-uint32_t HttpRangeContainersTimeoutHash(struct timeval *ts);
+uint32_t HttpRangeContainersTimeoutHash(const SCTime_t ts);
// linked list of ranges : buffer with offset
typedef struct HttpRangeContainerBuffer {
SCLogDebug("New hstate->connp %p", hstate->connp);
- htp_connp_open(hstate->connp, NULL, f->sp, NULL, f->dp, &f->startts);
+ struct timeval tv = { SCTIME_SECS(f->startts), SCTIME_USECS(f->startts) };
+ htp_connp_open(hstate->connp, NULL, f->sp, NULL, f->dp, &tv);
StreamTcpReassemblySetMinInspectDepth(f->protoctx, STREAM_TOSERVER,
htp_cfg_rec->request.inspect_min_size);
const uint8_t *input = StreamSliceGetData(&stream_slice);
uint32_t input_len = StreamSliceGetDataLen(&stream_slice);
- htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
+ htp_time_t ts = { SCTIME_SECS(f->startts), SCTIME_USECS(f->startts) };
/* pass the new data to the htp parser */
if (input_len > 0) {
const int r = htp_connp_req_data(hstate->connp, &ts, input, input_len);
DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL);
hstate->slice = &stream_slice;
- htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec };
+ htp_time_t ts = { SCTIME_SECS(f->startts), SCTIME_USECS(f->startts) };
htp_tx_t *tx = NULL;
size_t consumed = 0;
if (input_len > 0) {
p->recursion_level = parent->recursion_level + 1;
DEBUG_VALIDATE_BUG_ON(parent->nb_decoded_layers >= decoder_max_layers);
p->nb_decoded_layers = parent->nb_decoded_layers + 1;
- p->ts.tv_sec = parent->ts.tv_sec;
- p->ts.tv_usec = parent->ts.tv_usec;
+ p->ts = parent->ts;
p->datalink = DLT_RAW;
p->tenant_id = parent->tenant_id;
p->livedev = parent->livedev;
PacketCopyData(p, pkt, len);
}
p->recursion_level = parent->recursion_level; /* NOT incremented */
- p->ts.tv_sec = parent->ts.tv_sec;
- p->ts.tv_usec = parent->ts.tv_usec;
+ p->ts = parent->ts;
p->datalink = DLT_RAW;
p->tenant_id = parent->tenant_id;
/* tell new packet it's part of a tunnel */
* hash size still */
uint32_t flow_hash;
- struct timeval ts;
+ SCTime_t ts;
union {
/* nfq stuff */
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
-static int DefragTrackerTimedOut(DefragTracker *dt, struct timeval *ts)
+static int DefragTrackerTimedOut(DefragTracker *dt, SCTime_t ts)
{
/** never prune a trackers that is used by a packet
* we are currently processing in one of the threads */
}
/* retain if remove is not set and not timed out */
- if (!dt->remove && timercmp(&dt->timeout, ts, >))
+ if (!dt->remove && SCTIME_CMP_GT(dt->timeout, ts))
return 0;
return 1;
*
* \retval cnt timed out tracker
*/
-static uint32_t DefragTrackerHashRowTimeout(DefragTrackerHashRow *hb, DefragTracker *dt, struct timeval *ts)
+static uint32_t DefragTrackerHashRowTimeout(
+ DefragTrackerHashRow *hb, DefragTracker *dt, SCTime_t ts)
{
uint32_t cnt = 0;
*
* \retval cnt number of timed out tracker
*/
-uint32_t DefragTimeoutHash(struct timeval *ts)
+uint32_t DefragTimeoutHash(SCTime_t ts)
{
uint32_t idx = 0;
uint32_t cnt = 0;
#ifndef __DEFRAG_TIMEOUT_H__
#define __DEFRAG_TIMEOUT_H__
-uint32_t DefragTimeoutHash(struct timeval *ts);
+uint32_t DefragTimeoutHash(SCTime_t ts);
uint32_t DefragGetSpareCount(void);
uint32_t DefragGetActiveCount(void);
}
/* Update timeout. */
- tracker->timeout = TimevalWithSeconds(&p->ts, tracker->host_timeout);
+ tracker->timeout = SCTIME_SECS(p->ts) + tracker->host_timeout;
Frag *prev = NULL, *next = NULL;
bool overlap = false;
PacketInit(p);
- gettimeofday(&p->ts, NULL);
+ struct timeval tval;
+ gettimeofday(&tval, NULL);
+ p->ts = SCTIME_FROM_TIMEVAL(&tval);
//p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
ip4h.ip_verhl = 4 << 4;
ip4h.ip_verhl |= hlen >> 2;
PacketInit(p);
- gettimeofday(&p->ts, NULL);
+ struct timeval tval;
+ gettimeofday(&tval, NULL);
+ p->ts = SCTIME_FROM_TIMEVAL(&tval);
ip6h.s_ip6_nxt = 44;
ip6h.s_ip6_hlim = 2;
Packet *p = BuildTestPacket(IPPROTO_ICMP, 99, 0, 1, 'A' + i, 16);
FAIL_IF_NULL(p);
- p->ts.tv_sec += (defrag_context->timeout + 1);
+ p->ts += SCTIME_FROM_SECS(defrag_context->timeout + 1);
Packet *tp = Defrag(NULL, NULL, p);
FAIL_IF_NOT_NULL(tp);
Address src_addr; /**< Source address for this tracker. */
Address dst_addr; /**< Destination address for this tracker. */
- struct timeval timeout; /**< When this tracker will timeout. */
+ SCTime_t timeout; /**< When this tracker will timeout. */
uint32_t host_timeout; /**< Host timeout, statically assigned from the yaml */
/** use cnt, reference counter */
{
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset(&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
Packet *p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
FAIL_IF(PacketAlertCheck(p, 10));
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
{
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset(&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
Packet *p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 10));
while (iter != NULL) {
/* update counters */
- iter->last_ts = p->ts.tv_sec;
+ iter->last_ts = SCTIME_SECS(p->ts);
switch (iter->metric) {
case DETECT_TAG_METRIC_PACKET:
iter->packets++;
prev = NULL;
while (iter != NULL) {
/* update counters */
- iter->last_ts = p->ts.tv_sec;
+ iter->last_ts = SCTIME_SECS(p->ts);
switch (iter->metric) {
case DETECT_TAG_METRIC_PACKET:
iter->packets++;
* \retval 1 no tags or tags removed -- host is free to go (from tag perspective)
* \retval 0 still active tags
*/
-int TagTimeoutCheck(Host *host, struct timeval *tv)
+int TagTimeoutCheck(Host *host, SCTime_t ts)
{
DetectTagDataEntry *tde = NULL;
DetectTagDataEntry *tmp = NULL;
prev = NULL;
while (tmp != NULL) {
- struct timeval last_ts = { .tv_sec = tmp->last_ts, 0 };
- struct timeval timeout_at = TimevalWithSeconds(&last_ts, TAG_MAX_LAST_TIME_SEEN);
- if (!TimevalEarlier(&timeout_at, tv)) {
+ SCTime_t timeout_at = SCTIME_FROM_SECS(tmp->last_ts + TAG_MAX_LAST_TIME_SEEN);
+ if (timeout_at >= ts) {
prev = tmp;
tmp = tmp->next;
retval = 0;
int i = 0;
for (; i < num_packets; i++) {
SCLogDebug("packet %d", i);
- TimeGet(&p[i]->ts);
+ p[i]->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
FAIL_IF(UTHCheckPacketMatchResults(p[i], sid, (uint32_t *)&results[i][0], numsigs) == 0);
p[i]->flow->protoctx = &ssn;
SCLogDebug("packet %d", i);
- TimeGet(&p[i]->ts);
+ p[i]->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
FAIL_IF(UTHCheckPacketMatchResults(p[i], sid, (uint32_t *)&results[i][0], numsigs) == 0);
#include "detect.h"
#include "detect-tag.h"
-/* This limit should be overwriten/predefined at the config file
+/* This limit should be overwritten/predefined at the config file
* to limit the options to prevent possible DOS situations. We should also
* create a limit for bytes and a limit for number of packets */
#define TAG_MAX_LAST_TIME_SEEN 600
void TagDestroyCtx(void);
void TagRestartCtx(void);
-int TagTimeoutCheck(Host *, struct timeval *);
+int TagTimeoutCheck(Host *, SCTime_t);
int TagHostHasTag(Host *host);
*
*/
-static DetectThresholdEntry* ThresholdTimeoutCheck(DetectThresholdEntry *head, struct timeval *tv)
+static DetectThresholdEntry *ThresholdTimeoutCheck(DetectThresholdEntry *head, SCTime_t ts)
{
DetectThresholdEntry *tmp = head;
DetectThresholdEntry *prev = NULL;
/* check if the 'check' timestamp is not before the creation ts.
* This can happen due to the async nature of the host timeout
* code that also calls this code from a management thread. */
- struct timeval entry = TimevalWithSeconds(&tmp->tv1, (time_t)tmp->seconds);
- if (TimevalEarlier(tv, &entry)) {
+ SCTime_t entry = tmp->tv1 + SCTIME_FROM_SECS((time_t)tmp->seconds);
+ if (ts <= entry) {
prev = tmp;
tmp = tmp->next;
continue;
return new_head;
}
-int ThresholdHostTimeoutCheck(Host *host, struct timeval *tv)
+int ThresholdHostTimeoutCheck(Host *host, SCTime_t ts)
{
DetectThresholdEntry* head = HostGetStorageById(host, host_threshold_id);
- DetectThresholdEntry* new_head = ThresholdTimeoutCheck(head, tv);
+ DetectThresholdEntry *new_head = ThresholdTimeoutCheck(head, ts);
if (new_head != head) {
HostSetStorageById(host, host_threshold_id, new_head);
}
return new_head == NULL;
}
-
-int ThresholdIPPairTimeoutCheck(IPPair *pair, struct timeval *tv)
+int ThresholdIPPairTimeoutCheck(IPPair *pair, SCTime_t ts)
{
DetectThresholdEntry* head = IPPairGetStorageById(pair, ippair_threshold_id);
- DetectThresholdEntry* new_head = ThresholdTimeoutCheck(head, tv);
+ DetectThresholdEntry *new_head = ThresholdTimeoutCheck(head, ts);
if (new_head != head) {
IPPairSetStorageById(pair, ippair_threshold_id, new_head);
}
* \retval int 1 if threshold reached for this entry
*
*/
-static int IsThresholdReached(DetectThresholdEntry* lookup_tsh, const DetectThresholdData *td, struct timeval packet_time)
+static int IsThresholdReached(
+ DetectThresholdEntry *lookup_tsh, const DetectThresholdData *td, SCTime_t packet_time)
{
int ret = 0;
/* Check if we have a timeout enabled, if so,
* we still matching (and enabling the new_action) */
if (lookup_tsh->tv_timeout != 0) {
- if ((packet_time.tv_sec - lookup_tsh->tv_timeout) > td->timeout) {
+ if ((SCTIME_SECS(packet_time) - lookup_tsh->tv_timeout) > td->timeout) {
/* Ok, we are done, timeout reached */
lookup_tsh->tv_timeout = 0;
- }
- else {
+ } else {
/* Already matching */
ret = 1;
} /* else - if ((packet_time - lookup_tsh->tv_timeout) > td->timeout) */
}
else {
/* Update the matching state with the timeout interval */
- struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
- if (TimevalEarlier(&packet_time, &entry)) {
+ SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
+ if (packet_time <= entry) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count > td->count) {
/* Then we must enable the new action by setting a
* timeout */
- lookup_tsh->tv_timeout = packet_time.tv_sec;
+ lookup_tsh->tv_timeout = SCTIME_SECS(packet_time);
ret = 1;
}
} else {
return ret;
}
-static void AddEntryToHostStorage(Host *h, DetectThresholdEntry *e, struct timeval packet_time)
+static void AddEntryToHostStorage(Host *h, DetectThresholdEntry *e, SCTime_t packet_time)
{
if (h && e) {
e->current_count = 1;
}
}
-static void AddEntryToIPPairStorage(IPPair *pair, DetectThresholdEntry *e, struct timeval packet_time)
+static void AddEntryToIPPairStorage(IPPair *pair, DetectThresholdEntry *e, SCTime_t packet_time)
{
if (pair && e) {
e->current_count = 1;
SCLogDebug("limit");
if (lookup_tsh != NULL) {
- struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
- if (TimevalEarlier(&p->ts, &entry)) {
+ SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
+ if (p->ts <= entry) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count <= td->count) {
SCLogDebug("threshold");
if (lookup_tsh != NULL) {
- struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
- if (TimevalEarlier(&p->ts, &entry)) {
+ SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
+ if (p->ts <= entry) {
lookup_tsh->current_count++;
if (lookup_tsh->current_count >= td->count) {
SCLogDebug("both");
if (lookup_tsh != NULL) {
- struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
- if (TimevalEarlier(&p->ts, &entry)) {
+ SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
+ if (p->ts <= entry) {
/* within time limit */
lookup_tsh->current_count++;
SCLogDebug("detection_filter");
if (lookup_tsh != NULL) {
- struct timeval entry = TimevalWithSeconds(&lookup_tsh->tv1, (time_t)td->seconds);
- if (TimevalEarlier(&p->ts, &entry)) {
+ SCTime_t entry = lookup_tsh->tv1 + SCTIME_FROM_SECS(td->seconds);
+ if (p->ts <= entry) {
/* within timeout */
lookup_tsh->current_count++;
if (lookup_tsh->current_count > td->count) {
void ThresholdHashAllocate(DetectEngineCtx *);
void ThresholdContextDestroy(DetectEngineCtx *);
-int ThresholdHostTimeoutCheck(Host *, struct timeval *);
-int ThresholdIPPairTimeoutCheck(IPPair *, struct timeval *);
+int ThresholdHostTimeoutCheck(Host *, SCTime_t);
+int ThresholdIPPairTimeoutCheck(IPPair *, SCTime_t);
void ThresholdListFree(void *ptr);
#endif /* __DETECT_ENGINE_THRESHOLD_H__ */
if (p->flow == NULL) {
return 0;
}
- uint32_t age = p->flow->lastts.tv_sec - p->flow->startts.tv_sec;
+ uint32_t age = SCTIME_SECS(p->flow->lastts) - SCTIME_SECS(p->flow->startts);
const DetectU32Data *du32 = (const DetectU32Data *)ctx;
return DetectU32Match(age, du32);
else
HostLock(p->host_src);
- HostBitToggle(p->host_src,fd->idx,p->ts.tv_sec + fd->expire);
+ HostBitToggle(p->host_src, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_src);
break;
case DETECT_XBITS_TRACK_IPDST:
else
HostLock(p->host_dst);
- HostBitToggle(p->host_dst,fd->idx,p->ts.tv_sec + fd->expire);
+ HostBitToggle(p->host_dst, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_dst);
break;
}
} else
HostLock(p->host_src);
- HostBitSet(p->host_src,fd->idx,p->ts.tv_sec + fd->expire);
+ HostBitSet(p->host_src, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_src);
break;
case DETECT_XBITS_TRACK_IPDST:
} else
HostLock(p->host_dst);
- HostBitSet(p->host_dst,fd->idx, p->ts.tv_sec + fd->expire);
+ HostBitSet(p->host_dst, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
HostUnlock(p->host_dst);
break;
}
} else
HostLock(p->host_src);
- r = HostBitIsset(p->host_src,fd->idx, p->ts.tv_sec);
+ r = HostBitIsset(p->host_src, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_src);
return r;
case DETECT_XBITS_TRACK_IPDST:
} else
HostLock(p->host_dst);
- r = HostBitIsset(p->host_dst,fd->idx, p->ts.tv_sec);
+ r = HostBitIsset(p->host_dst, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_dst);
return r;
}
} else
HostLock(p->host_src);
- r = HostBitIsnotset(p->host_src,fd->idx, p->ts.tv_sec);
+ r = HostBitIsnotset(p->host_src, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_src);
return r;
case DETECT_XBITS_TRACK_IPDST:
} else
HostLock(p->host_dst);
- r = HostBitIsnotset(p->host_dst,fd->idx, p->ts.tv_sec);
+ r = HostBitIsnotset(p->host_dst, fd->idx, SCTIME_SECS(p->ts));
HostUnlock(p->host_dst);
return r;
}
tde.sid = s->id;
tde.gid = s->gid;
- tde.last_ts = tde.first_ts = p->ts.tv_sec;
+ tde.last_ts = tde.first_ts = SCTIME_SECS(p->ts);
tde.metric = td->metric;
tde.count = td->count;
if (td->direction == DETECT_TAG_DIR_SRC)
/* If it already exists it will be updated */
tde.sid = s->id;
tde.gid = s->gid;
- tde.last_ts = tde.first_ts = p->ts.tv_sec;
+ tde.last_ts = tde.first_ts = SCTIME_SECS(p->ts);
tde.metric = td->metric;
tde.count = td->count;
DetectEngineThreadCtx *det_ctx;
int result = 0;
int alerts = 0;
- struct timeval ts;
DetectThresholdEntry *lookup_tsh = NULL;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
HostRelease(host);
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
DetectEngineThreadCtx *det_ctx;
int result = 0;
int alerts = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
int result = 0;
int alerts = 0;
int drops = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
int result = 0;
int alerts = 0;
int drops = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
int result = 0;
int alerts = 0;
int drops = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
int result = 0;
int alerts = 0;
int drops = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
int result = 0;
int alerts = 0;
int drops = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
int result = 0;
int alerts = 0;
int drops = 0;
- struct timeval ts;
HostInitConfig(HOST_QUIET);
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((PacketTestAction(p, ACTION_DROP)) ? 1 : 0);
p->action = 0;
TimeSetIncrementTime(200);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
FAIL_IF(alerts != 2);
TimeSetIncrementTime(70);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
FAIL_IF(alerts1 != 2);
FAIL_IF(alerts2 != 2);
- TimeSetIncrementTime(70);
- TimeGet(&p1->ts);
- TimeGet(&p2->ts);
+ p1->ts = TimeGet();
+ p2->ts = TimeGet();
/* Now they should both alert again after previous alerts expire */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
uint32_t current_count; /**< Var for count control */
int track; /**< Track type: by_src, by_src */
- struct timeval tv1; /**< Var for time control */
+ SCTime_t tv1; /**< Var for time control */
struct DetectThresholdEntry_ *next;
} DetectThresholdEntry;
else if ((dd->mode & DETECT_TLS_VALIDITY_RA) &&
cert_epoch >= dd->epoch && cert_epoch <= dd->epoch2)
ret = 1;
- else if ((dd->mode & DETECT_TLS_VALIDITY_EX) &&
- f->lastts.tv_sec > cert_epoch)
+ else if ((dd->mode & DETECT_TLS_VALIDITY_EX) && (time_t)SCTIME_SECS(f->lastts) > cert_epoch)
ret = 1;
- else if ((dd->mode & DETECT_TLS_VALIDITY_VA) &&
- f->lastts.tv_sec <= cert_epoch)
+ else if ((dd->mode & DETECT_TLS_VALIDITY_VA) && (time_t)SCTIME_SECS(f->lastts) <= cert_epoch)
ret = 1;
SCReturnInt(ret);
if (pair == NULL)
return 0;
- IPPairBitToggle(pair,fd->idx,p->ts.tv_sec + fd->expire);
+ IPPairBitToggle(pair, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
IPPairRelease(pair);
return 1;
}
if (pair == NULL)
return 0;
- IPPairBitSet(pair, fd->idx, p->ts.tv_sec + fd->expire);
+ IPPairBitSet(pair, fd->idx, SCTIME_SECS(p->ts) + fd->expire);
IPPairRelease(pair);
return 1;
}
if (pair == NULL)
return 0;
- r = IPPairBitIsset(pair,fd->idx,p->ts.tv_sec);
+ r = IPPairBitIsset(pair, fd->idx, SCTIME_SECS(p->ts));
IPPairRelease(pair);
return r;
}
if (pair == NULL)
return 1;
- r = IPPairBitIsnotset(pair,fd->idx,p->ts.tv_sec);
+ r = IPPairBitIsnotset(pair, fd->idx, SCTIME_SECS(p->ts));
IPPairRelease(pair);
return r;
}
SC_ATOMIC_EXTERN(unsigned int, flow_prune_idx);
SC_ATOMIC_EXTERN(unsigned int, flow_flags);
-static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const struct timeval *ts);
+static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const SCTime_t ts);
/** \brief compare two raw ipv6 addrs
*
Flow *f = NULL;
bool spare_sync = false;
if (emerg) {
- if ((uint32_t)p->ts.tv_sec > fls->emerg_spare_sync_stamp) {
+ if ((uint32_t)SCTIME_SECS(p->ts) > fls->emerg_spare_sync_stamp) {
fls->spare_queue = FlowSpareGetFromPool(); /* local empty, (re)populate and try again */
spare_sync = true;
f = FlowQueuePrivateGetFromTop(&fls->spare_queue);
if (f == NULL) {
/* wait till next full sec before retrying */
- fls->emerg_spare_sync_stamp = (uint32_t)p->ts.tv_sec;
+ fls->emerg_spare_sync_stamp = (uint32_t)SCTIME_SECS(p->ts);
}
}
} else {
FlowWakeupFlowManagerThread();
}
- f = FlowGetUsedFlow(tv, fls->dtv, &p->ts);
+ f = FlowGetUsedFlow(tv, fls->dtv, p->ts);
if (f == NULL) {
NoFlowHandleIPS(p);
return NULL;
f = fb->head;
do {
Flow *next_f = NULL;
- const bool timedout =
- (fb_nextts < (uint32_t)p->ts.tv_sec && FlowIsTimedOut(f, (uint32_t)p->ts.tv_sec, emerg));
+ const bool timedout = (fb_nextts < (uint32_t)SCTIME_SECS(p->ts) &&
+ FlowIsTimedOut(f, (uint32_t)SCTIME_SECS(p->ts), emerg));
if (timedout) {
FLOWLOCK_WRLOCK(f);
if (likely(f->use_cnt == 0)) {
f->protomap = FlowGetProtoMapping(f->proto);
/* set timestamp to now */
- f->startts.tv_sec = ttime->tv_sec;
- f->startts.tv_usec = ttime->tv_nsec * 1000;
+ f->startts = SCTIME_FROM_TIMESPEC(ttime);
f->lastts = f->startts;
FlowBucket *fb = &flow_hash[hash % flow_config.hash_size];
/** \internal
* \brief check if flow has just seen an update.
*/
-static inline bool StillAlive(const Flow *f, const struct timeval *ts)
+static inline bool StillAlive(const Flow *f, const SCTime_t ts)
{
switch (f->flow_state) {
case FLOW_STATE_NEW:
- if (ts->tv_sec - f->lastts.tv_sec <= 1) {
+ if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) <= 1) {
return true;
}
break;
case FLOW_STATE_ESTABLISHED:
- if (ts->tv_sec - f->lastts.tv_sec <= 5) {
+ if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) <= 5) {
return true;
}
break;
case FLOW_STATE_CLOSED:
- if (ts->tv_sec - f->lastts.tv_sec <= 3) {
+ if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) <= 3) {
return true;
}
break;
default:
- if (ts->tv_sec - f->lastts.tv_sec < 30) {
+ if (SCTIME_SECS(ts) - SCTIME_SECS(f->lastts) < 30) {
return true;
}
break;
*
* \retval f flow or NULL
*/
-static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const struct timeval *ts)
+static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv, const SCTime_t ts)
{
uint32_t idx = GetUsedAtomicUpdate(FLOW_GET_NEW_TRIES) % flow_config.hash_size;
uint32_t tried = 0;
* \retval 0 not timed out
* \retval 1 timed out
*/
-static int FlowManagerFlowTimeout(Flow *f, struct timeval *ts, int32_t *next_ts, const bool emerg)
+static int FlowManagerFlowTimeout(Flow *f, SCTime_t ts, int32_t *next_ts, const bool emerg)
{
int32_t flow_times_out_at = f->timeout_at;
if (emerg) {
*next_ts = flow_times_out_at;
/* do the timeout check */
- if (flow_times_out_at >= ts->tv_sec) {
+ if (flow_times_out_at >= (time_t)SCTIME_SECS(ts)) {
return 0;
}
* \retval 0 not timeout
* \retval 1 timeout (or not capture bypassed)
*/
-static inline int FlowBypassedTimeout(Flow *f, struct timeval *ts,
- FlowTimeoutCounters *counters)
+static inline int FlowBypassedTimeout(Flow *f, SCTime_t ts, FlowTimeoutCounters *counters)
{
#ifdef CAPTURE_OFFLOAD
if (f->flow_state != FLOW_STATE_CAPTURE_BYPASSED) {
uint64_t bytes_tosrc = fc->tosrcbytecnt;
uint64_t pkts_todst = fc->todstpktcnt;
uint64_t bytes_todst = fc->todstbytecnt;
- bool update = fc->BypassUpdate(f, fc->bypass_data, ts->tv_sec);
+ bool update = fc->BypassUpdate(f, fc->bypass_data, SCTIME_SECS(ts));
if (update) {
SCLogDebug("Updated flow: %"PRId64"", FlowGetId(f));
pkts_tosrc = fc->tosrcpktcnt - pkts_tosrc;
* \param emergency bool indicating emergency mode
* \param counters ptr to FlowTimeoutCounters structure
*/
-static void FlowManagerHashRowTimeout(FlowManagerTimeoutThread *td,
- Flow *f, struct timeval *ts,
+static void FlowManagerHashRowTimeout(FlowManagerTimeoutThread *td, Flow *f, SCTime_t ts,
int emergency, FlowTimeoutCounters *counters, int32_t *next_ts)
{
uint32_t checked = 0;
counters->rows_maxlen = checked;
}
-static void FlowManagerHashRowClearEvictedList(FlowManagerTimeoutThread *td,
- Flow *f, struct timeval *ts, FlowTimeoutCounters *counters)
+static void FlowManagerHashRowClearEvictedList(
+ FlowManagerTimeoutThread *td, Flow *f, SCTime_t ts, FlowTimeoutCounters *counters)
{
do {
FLOWLOCK_WRLOCK(f);
*
* \retval cnt number of timed out flow
*/
-static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td,
- struct timeval *ts,
- const uint32_t hash_min, const uint32_t hash_max,
- FlowTimeoutCounters *counters)
+static uint32_t FlowTimeoutHash(FlowManagerTimeoutThread *td, SCTime_t ts, const uint32_t hash_min,
+ const uint32_t hash_max, FlowTimeoutCounters *counters)
{
uint32_t cnt = 0;
const int emergency = ((SC_ATOMIC_GET(flow_flags) & FLOW_EMERGENCY));
#define TYPE uint32_t
#endif
+ time_t ts_secs = SCTIME_SECS(ts);
for (uint32_t idx = hash_min; idx < hash_max; idx+=BITS) {
TYPE check_bits = 0;
const uint32_t check = MIN(BITS, (hash_max - idx));
for (uint32_t i = 0; i < check; i++) {
FlowBucket *fb = &flow_hash[idx+i];
- check_bits |= (TYPE)(SC_ATOMIC_LOAD_EXPLICIT(fb->next_ts, SC_ATOMIC_MEMORY_ORDER_RELAXED) <= (int32_t)ts->tv_sec) << (TYPE)i;
+ check_bits |= (TYPE)(SC_ATOMIC_LOAD_EXPLICIT(fb->next_ts,
+ SC_ATOMIC_MEMORY_ORDER_RELAXED) <= (int32_t)ts_secs)
+ << (TYPE)i;
}
if (check_bits == 0)
continue;
for (uint32_t i = 0; i < check; i++) {
FlowBucket *fb = &flow_hash[idx+i];
- if ((check_bits & ((TYPE)1 << (TYPE)i)) != 0 && SC_ATOMIC_GET(fb->next_ts) <= (int32_t)ts->tv_sec) {
+ if ((check_bits & ((TYPE)1 << (TYPE)i)) != 0 &&
+ SC_ATOMIC_GET(fb->next_ts) <= (int32_t)ts_secs) {
FBLOCK_LOCK(fb);
Flow *evicted = NULL;
if (fb->evicted != NULL || fb->head != NULL) {
/** \internal
* \brief handle timeout for a slice of hash rows
* If we wrap around we call FlowTimeoutHash twice */
-static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, struct timeval *ts,
+static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, SCTime_t ts,
const uint32_t hash_min, const uint32_t hash_max, FlowTimeoutCounters *counters,
const uint32_t rows, uint32_t *pos)
{
bool emerg = false;
bool prev_emerg = false;
uint32_t other_last_sec = 0; /**< last sec stamp when defrag etc ran */
- struct timeval ts;
- memset(&ts, 0, sizeof(ts));
+ SCTime_t ts;
/* don't start our activities until time is setup */
while (!TimeModeIsReady()) {
emerg = true;
}
/* Get the time */
- memset(&ts, 0, sizeof(ts));
- TimeGet(&ts);
- SCLogDebug("ts %" PRIdMAX "", (intmax_t)ts.tv_sec);
- uint64_t ts_ms = ts.tv_sec * 1000 + ts.tv_usec / 1000;
+ ts = TimeGet();
+ SCLogDebug("ts %" PRIdMAX "", (intmax_t)SCTIME_SECS(ts));
+ uint64_t ts_ms = SCTIME_MSECS(ts);
const bool emerge_p = (emerg && !prev_emerg);
if (emerge_p) {
next_run_ms = 0;
if (emerg) {
/* in emergency mode, do a full pass of the hash table */
- FlowTimeoutHash(&ftd->timeout, &ts, ftd->min, ftd->max, &counters);
+ FlowTimeoutHash(&ftd->timeout, ts, ftd->min, ftd->max, &counters);
StatsIncr(th_v, ftd->cnt.flow_mgr_full_pass);
} else {
SCLogDebug("hash %u:%u slice starting at %u with %u rows", ftd->min, ftd->max, pos,
const uint32_t ppos = pos;
FlowTimeoutHashInChunks(
- &ftd->timeout, &ts, ftd->min, ftd->max, &counters, rows_per_wu, &pos);
+ &ftd->timeout, ts, ftd->min, ftd->max, &counters, rows_per_wu, &pos);
if (ppos > pos) {
StatsIncr(th_v, ftd->cnt.flow_mgr_full_pass);
}
" FLOW_EMERGENCY bit (ts.tv_sec: %" PRIuMAX ", "
"ts.tv_usec:%" PRIuMAX ") flow_spare_q status(): %" PRIu32
"%% flows at the queue",
- (uintmax_t)ts.tv_sec, (uintmax_t)ts.tv_usec,
+ (uintmax_t)SCTIME_SECS(ts), (uintmax_t)SCTIME_USECS(ts),
spare_pool_len * 100 / flow_config.prealloc);
StatsIncr(th_v, ftd->cnt.flow_emerg_mode_over);
next_run_ms = ts_ms + sleep_per_wu;
}
- if (other_last_sec == 0 || other_last_sec < (uint32_t)ts.tv_sec) {
+ if (other_last_sec == 0 || other_last_sec < (uint32_t)SCTIME_SECS(ts)) {
if (ftd->instance == 0) {
- DefragTimeoutHash(&ts);
- HostTimeoutHash(&ts);
- IPPairTimeoutHash(&ts);
- HttpRangeContainersTimeoutHash(&ts);
- other_last_sec = (uint32_t)ts.tv_sec;
+ DefragTimeoutHash(ts);
+ HostTimeoutHash(ts);
+ IPPairTimeoutHash(ts);
+ HttpRangeContainersTimeoutHash(ts);
+ other_last_sec = (uint32_t)SCTIME_SECS(ts);
}
}
BUG_ON(ftd == NULL);
const bool time_is_live = TimeModeIsLive();
uint64_t recycled_cnt = 0;
- struct timeval ts;
- memset(&ts, 0, sizeof(ts));
TmThreadsSetFlag(th_v, THV_RUNNING);
const int bail = (TmThreadsCheckFlag(th_v, THV_KILL));
/* Get the time */
- memset(&ts, 0, sizeof(ts));
- TimeGet(&ts);
- SCLogDebug("ts %" PRIdMAX "", (intmax_t)ts.tv_sec);
+ SCLogDebug("ts %" PRIdMAX "", (intmax_t)SCTIME_SECS(TimeGet()));
Flow *f;
while ((f = FlowQueuePrivateGetFromTop(&list)) != NULL) {
}
memset(&p->ts, 0, sizeof(struct timeval));
- TimeGet(&p->ts);
+ p->ts = TimeGet();
if (direction == 0) {
if (f->alparser && !STREAM_HAS_SEEN_DATA(&ssn->client)) {
/* nothing to do for this IP proto. */
SCLogDebug("no special setup for IP proto %u", p->proto);
}
- COPY_TIMESTAMP(&p->ts, &f->startts);
+ f->startts = p->ts;
f->protomap = FlowGetProtoMapping(f->proto);
f->timeout_policy = FlowGetTimeoutPolicy(f);
- const uint32_t timeout_at = (uint32_t)f->startts.tv_sec + f->timeout_policy;
+ const uint32_t timeout_at = (uint32_t)SCTIME_SECS(f->startts) + f->timeout_policy;
f->timeout_at = timeout_at;
if (MacSetFlowStorageEnabled()) {
(f)->flags = 0; \
(f)->file_flags = 0; \
(f)->protodetect_dp = 0; \
- (f)->lastts.tv_sec = 0; \
- (f)->lastts.tv_usec = 0; \
+ (f)->lastts = 0; \
FLOWLOCK_INIT((f)); \
(f)->protoctx = NULL; \
(f)->flow_end_flags = 0; \
(f)->flags = 0; \
(f)->file_flags = 0; \
(f)->protodetect_dp = 0; \
- (f)->lastts.tv_sec = 0; \
- (f)->lastts.tv_usec = 0; \
+ (f)->lastts = 0; \
(f)->protoctx = NULL; \
(f)->flow_end_flags = 0; \
(f)->alparser = NULL; \
/* update time */
if (!(PKT_IS_PSEUDOPKT(p))) {
- TimeSetByThread(tv->id, &p->ts);
+ TimeSetByThread(tv->id, p->ts);
}
/* handle Flow */
if (state != FLOW_STATE_CAPTURE_BYPASSED) {
#endif
/* update the last seen timestamp of this flow */
- if (timercmp(&p->ts, &f->lastts, >)) {
- COPY_TIMESTAMP(&p->ts, &f->lastts);
- const uint32_t timeout_at = (uint32_t)f->lastts.tv_sec + f->timeout_policy;
+ if (SCTIME_CMP_GT(p->ts, f->lastts)) {
+ f->lastts = p->ts;
+ const uint32_t timeout_at = (uint32_t)SCTIME_SECS(f->lastts) + f->timeout_policy;
if (timeout_at != f->timeout_at) {
f->timeout_at = timeout_at;
}
#ifdef CAPTURE_OFFLOAD
} else {
/* still seeing packet, we downgrade to local bypass */
- if (p->ts.tv_sec - f->lastts.tv_sec > FLOW_BYPASSED_TIMEOUT / 2) {
+ if (SCTIME_SECS(p->ts) - SCTIME_SECS(f->lastts) > FLOW_BYPASSED_TIMEOUT / 2) {
SCLogDebug("Downgrading flow to local bypass");
- COPY_TIMESTAMP(&p->ts, &f->lastts);
+ f->lastts = p->ts;
FlowUpdateState(f, FLOW_STATE_LOCAL_BYPASSED);
} else {
/* In IPS mode the packet could come from the other interface so it would
const uint32_t timeout_policy = FlowGetTimeoutPolicy(f);
if (timeout_policy != f->timeout_policy) {
f->timeout_policy = timeout_policy;
- const uint32_t timeout_at = (uint32_t)f->lastts.tv_sec + timeout_policy;
+ const uint32_t timeout_at = (uint32_t)SCTIME_SECS(f->lastts) + timeout_policy;
if (timeout_at != f->timeout_at)
f->timeout_at = timeout_at;
}
*/
void FlowGetLastTimeAsParts(Flow *flow, uint64_t *secs, uint64_t *usecs)
{
- *secs = (uint64_t)flow->lastts.tv_sec;
- *usecs = (uint64_t)flow->lastts.tv_usec;
+ *secs = (uint64_t)SCTIME_SECS(flow->lastts);
+ *usecs = (uint64_t)SCTIME_USECS(flow->lastts);
}
/**
typedef struct FlowStorageId FlowStorageId;
#include "decode.h"
+#include "util-time.h"
#include "util-exception-policy.h"
#include "util-var.h"
#include "util-optimize.h"
/* time stamp of last update (last packet). Set/updated under the
* flow and flow hash row locks, safe to read under either the
* flow lock or flow hash row lock. */
- struct timeval lastts;
+ SCTime_t lastts;
/* end of flow "header" */
struct FlowBucket_ *fb;
- struct timeval startts;
+ SCTime_t startts;
uint32_t todstpktcnt;
uint32_t tosrcpktcnt;
*/
static inline int64_t FlowGetId(const Flow *f)
{
- int64_t id = (uint64_t)(f->startts.tv_sec & 0x0000FFFF) << 48 |
- (uint64_t)(f->startts.tv_usec & 0x0000FFFF) << 32 | (int64_t)f->flow_hash;
+ int64_t id = (uint64_t)(SCTIME_SECS(f->startts) & 0x0000FFFF) << 48 |
+ (uint64_t)(f->startts & 0x0000FFFF) << 32 | (int64_t)f->flow_hash;
/* reduce to 51 bits as Javascript and even JSON often seem to
* max out there. */
id &= 0x7ffffffffffffLL;
/** \retval 1 host timed out wrt xbits
* \retval 0 host still has active (non-expired) xbits */
-int HostBitsTimedoutCheck(Host *h, struct timeval *ts)
+int HostBitsTimedoutCheck(Host *h, SCTime_t ts)
{
GenericVar *gv = HostGetStorageById(h, host_bit_id);
for ( ; gv != NULL; gv = gv->next) {
if (gv->type == DETECT_XBITS) {
XBit *xb = (XBit *)gv;
- if (xb->expire > (uint32_t)ts->tv_sec)
+ if (xb->expire > (uint32_t)SCTIME_SECS(ts))
return 0;
}
}
void HostBitRegisterTests(void);
int HostHasHostBits(Host *host);
-int HostBitsTimedoutCheck(Host *h, struct timeval *ts);
+int HostBitsTimedoutCheck(Host *h, SCTime_t ts);
void HostBitSet(Host *, uint32_t, uint32_t);
void HostBitUnset(Host *, uint32_t);
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
-static int HostHostTimedOut(Host *h, struct timeval *ts)
+static int HostHostTimedOut(Host *h, SCTime_t ts)
{
int tags = 0;
int thresholds = 0;
*
* \retval cnt timed out hosts
*/
-static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, struct timeval *ts)
+static uint32_t HostHashRowTimeout(HostHashRow *hb, Host *h, SCTime_t ts)
{
uint32_t cnt = 0;
*
* \retval cnt number of timed out host
*/
-uint32_t HostTimeoutHash(struct timeval *ts)
+uint32_t HostTimeoutHash(SCTime_t ts)
{
uint32_t idx = 0;
uint32_t cnt = 0;
#ifndef __HOST_TIMEOUT_H__
#define __HOST_TIMEOUT_H__
-uint32_t HostTimeoutHash(struct timeval *ts);
+uint32_t HostTimeoutHash(SCTime_t ts);
uint32_t HostGetSpareCount(void);
uint32_t HostGetActiveCount(void);
/** \retval 1 ippair timed out wrt xbits
* \retval 0 ippair still has active (non-expired) xbits */
-int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts)
+int IPPairBitsTimedoutCheck(IPPair *h, SCTime_t ts)
{
GenericVar *gv = IPPairGetStorageById(h, g_ippair_bit_storage_id);
for ( ; gv != NULL; gv = gv->next) {
if (gv->type == DETECT_XBITS) {
XBit *xb = (XBit *)gv;
- if (xb->expire > (uint32_t)ts->tv_sec)
+ if (xb->expire > (uint32_t)SCTIME_SECS(ts))
return 0;
}
}
void IPPairBitRegisterTests(void);
int IPPairHasBits(IPPair *host);
-int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts);
+int IPPairBitsTimedoutCheck(IPPair *h, SCTime_t ts);
void IPPairBitSet(IPPair *, uint32_t, uint32_t);
void IPPairBitUnset(IPPair *, uint32_t);
* \retval 0 not timed out just yet
* \retval 1 fully timed out, lets kill it
*/
-static int IPPairTimedOut(IPPair *h, struct timeval *ts)
+static int IPPairTimedOut(IPPair *h, SCTime_t ts)
{
int vars = 0;
int thresholds = 0;
*
* \retval cnt timed out ippairs
*/
-static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, struct timeval *ts)
+static uint32_t IPPairHashRowTimeout(IPPairHashRow *hb, IPPair *h, SCTime_t ts)
{
uint32_t cnt = 0;
*
* \retval cnt number of timed out ippair
*/
-uint32_t IPPairTimeoutHash(struct timeval *ts)
+uint32_t IPPairTimeoutHash(SCTime_t ts)
{
uint32_t idx = 0;
uint32_t cnt = 0;
#ifndef __IPPAIR_TIMEOUT_H__
#define __IPPAIR_TIMEOUT_H__
-uint32_t IPPairTimeoutHash(struct timeval *ts);
+uint32_t IPPairTimeoutHash(SCTime_t ts);
uint32_t IPPairGetSpareCount(void);
uint32_t IPPairGetActiveCount(void);
* \param const struct timeveal *ts - the timetstamp
*
*/
-void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts) {
+void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts)
+{
- time_t time = ts->tv_sec;
+ time_t time = SCTIME_SECS(ts);
struct tm local_tm;
struct tm *timestamp = SCLocalTime(time, &local_tm);
char buf[128] = {0};
tm.tm_wday = 1;
tm.tm_yday = 13;
tm.tm_isdst = 0;
- time_t secs = mktime(&tm);
- struct timeval ts = {secs, 0};
+ SCTime_t ts = SCTIME_FROM_SECS(mktime(&tm));
MemBuffer *buffer = MemBufferCreateNew(62);
if (!buffer) {
return 0;
}
- LogCustomFormatWriteTimestamp(buffer, "", &ts);
+ LogCustomFormatWriteTimestamp(buffer, "", ts);
/*
* {buffer = "01/13/14-04:30:00", size = 62, offset = 17}
*/
void LogCustomFormatAddNode(LogCustomFormat *cf, LogCustomFormatNode *node);
int LogCustomFormatParse(LogCustomFormat *cf, const char *format);
-void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts);
+void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts);
void LogCustomFormatRegister(void);
#endif /* __LOG_CF_COMMON_H__ */
}
/* Custom format logging */
-static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const struct timeval *ts,
- char *srcip, Port sp, char *dstip, Port dp)
+static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const SCTime_t ts, char *srcip,
+ Port sp, char *dstip, Port dp)
{
LogHttpFileCtx *httplog_ctx = aft->httplog_ctx;
uint32_t i;
break;
case LOG_CF_TIMESTAMP:
/* TIMESTAMP */
- LogCustomFormatWriteTimestamp(aft->buffer, node->data, ts);
- break;
+ LogCustomFormatWriteTimestamp(aft->buffer, node->data, ts);
+ break;
case LOG_CF_TIMESTAMP_U:
/* TIMESTAMP USECONDS */
- snprintf(buf, sizeof(buf), "%06u", (unsigned int) ts->tv_usec);
- PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
- aft->buffer->size, (uint8_t *)buf, MIN(strlen(buf),6));
- break;
+ snprintf(buf, sizeof(buf), "%06u", (unsigned int)SCTIME_USECS(ts));
+ PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
+ (uint8_t *)buf, MIN(strlen(buf), 6));
+ break;
case LOG_CF_CLIENT_IP:
/* CLIENT IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
char timebuf[64];
/* check if we have HTTP state or not */
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
Port sp, dp;
MemBufferReset(aft->buffer);
if (hlog->flags & LOG_HTTP_CUSTOM) {
- LogHttpLogCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
+ LogHttpLogCustom(aft, tx, p->ts, srcip, sp, dstip, dp);
} else {
/* time */
MemBufferWriteString(aft->buffer, "%s ", timebuf);
PcapLogLock(pl);
pl->pkt_cnt++;
- pl->h->ts.tv_sec = p->ts.tv_sec;
- pl->h->ts.tv_usec = p->ts.tv_usec;
+ pl->h->ts.tv_sec = SCTIME_SECS(p->ts);
+ pl->h->ts.tv_usec = SCTIME_USECS(p->ts);
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
rp = p->root;
pl->h->caplen = GET_PKT_LEN(rp);
if (pl->mode == LOGMODE_SGUIL) {
struct tm local_tm;
- struct tm *tms = SCLocalTime(p->ts.tv_sec, &local_tm);
+ struct tm *tms = SCLocalTime(SCTIME_SECS(p->ts), &local_tm);
if (tms->tm_mday != pl->prev_day) {
rotate = 1;
pl->prev_day = tms->tm_mday;
}
/* PcapLogDumpSegment has writtens over the PcapLogData variables so need to update */
- pl->h->ts.tv_sec = p->ts.tv_sec;
- pl->h->ts.tv_usec = p->ts.tv_usec;
+ pl->h->ts.tv_sec = SCTIME_SECS(p->ts);
+ pl->h->ts.tv_usec = SCTIME_USECS(p->ts);
if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
rp = p->root;
pl->h->caplen = GET_PKT_LEN(rp);
td->pcap_log->file_cnt = 1;
}
- struct timeval ts;
- memset(&ts, 0x00, sizeof(struct timeval));
- TimeGet(&ts);
+ SCTime_t ts = TimeGet();
struct tm local_tm;
- struct tm *tms = SCLocalTime(ts.tv_sec, &local_tm);
+ struct tm *tms = SCLocalTime(SCTIME_SECS(ts), &local_tm);
td->pcap_log->prev_day = tms->tm_mday;
PcapLogUnlock(td->pcap_log);
}
/** get the time so we can have a filename with seconds since epoch */
- struct timeval ts;
- memset(&ts, 0x00, sizeof(struct timeval));
- TimeGet(&ts);
+ SCTime_t ts = TimeGet();
/* Place to store the name of our PCAP file */
PcapFileName *pf = SCMalloc(sizeof(PcapFileName));
if (pl->mode == LOGMODE_SGUIL) {
struct tm local_tm;
- struct tm *tms = SCLocalTime(ts.tv_sec, &local_tm);
+ struct tm *tms = SCLocalTime(SCTIME_SECS(ts), &local_tm);
char dirname[32], dirfull[PATH_MAX] = "";
int written;
if (pl->timestamp_format == TS_FORMAT_SEC) {
- written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s",
- dirfull, pl->prefix, (uint32_t)ts.tv_sec, pl->suffix);
+ written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s", dirfull, pl->prefix,
+ (uint32_t)SCTIME_SECS(ts), pl->suffix);
} else {
- written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 ".%" PRIu32 "%s",
- dirfull, pl->prefix, (uint32_t)ts.tv_sec,
- (uint32_t)ts.tv_usec, pl->suffix);
+ written = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 ".%" PRIu32 "%s", dirfull,
+ pl->prefix, (uint32_t)SCTIME_SECS(ts), (uint32_t)SCTIME_USECS(ts), pl->suffix);
}
if (written == PATH_MAX) {
SCLogError("log-pcap path overflow");
int ret;
/* create the filename to use */
if (pl->timestamp_format == TS_FORMAT_SEC) {
- ret = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s", pl->dir,
- pl->prefix, (uint32_t)ts.tv_sec, pl->suffix);
+ ret = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 "%s", pl->dir, pl->prefix,
+ (uint32_t)SCTIME_SECS(ts), pl->suffix);
} else {
- ret = snprintf(filename, PATH_MAX,
- "%s/%s.%" PRIu32 ".%" PRIu32 "%s", pl->dir, pl->prefix,
- (uint32_t)ts.tv_sec, (uint32_t)ts.tv_usec, pl->suffix);
+ ret = snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32 ".%" PRIu32 "%s", pl->dir,
+ pl->prefix, (uint32_t)SCTIME_SECS(ts), (uint32_t)SCTIME_USECS(ts), pl->suffix);
}
if (ret < 0 || (size_t)ret >= PATH_MAX) {
SCLogError("failed to construct path");
case 't':
/* create the filename to use */
if (pl->timestamp_format == TS_FORMAT_SEC) {
- snprintf(str, sizeof(str), "%"PRIu32, (uint32_t)ts.tv_sec);
+ snprintf(str, sizeof(str), "%" PRIu32, (uint32_t)SCTIME_SECS(ts));
} else {
- snprintf(str, sizeof(str), "%"PRIu32".%"PRIu32,
- (uint32_t)ts.tv_sec, (uint32_t)ts.tv_usec);
+ snprintf(str, sizeof(str), "%" PRIu32 ".%" PRIu32,
+ (uint32_t)SCTIME_SECS(ts), (uint32_t)SCTIME_USECS(ts));
}
}
strlcat(filename, str, PATH_MAX);
int ret;
/* create the filename to use */
if (pl->timestamp_format == TS_FORMAT_SEC) {
- ret = snprintf(filename, PATH_MAX, "%s/%s.%u.%" PRIu32 "%s",
- pl->dir, pl->prefix, pl->thread_number,
- (uint32_t)ts.tv_sec, pl->suffix);
+ ret = snprintf(filename, PATH_MAX, "%s/%s.%u.%" PRIu32 "%s", pl->dir, pl->prefix,
+ pl->thread_number, (uint32_t)SCTIME_SECS(ts), pl->suffix);
} else {
- ret = snprintf(filename, PATH_MAX,
- "%s/%s.%u.%" PRIu32 ".%" PRIu32 "%s", pl->dir,
- pl->prefix, pl->thread_number, (uint32_t)ts.tv_sec,
- (uint32_t)ts.tv_usec, pl->suffix);
+ ret = snprintf(filename, PATH_MAX, "%s/%s.%u.%" PRIu32 ".%" PRIu32 "%s", pl->dir,
+ pl->prefix, pl->thread_number, (uint32_t)SCTIME_SECS(ts),
+ (uint32_t)SCTIME_USECS(ts), pl->suffix);
}
if (ret < 0 || (size_t)ret >= PATH_MAX) {
SCLogError("failed to construct path");
static void LogTlsLogDate(MemBuffer *buffer, const char *title, time_t *date)
{
char timebuf[64] = {0};
- struct timeval tv;
- tv.tv_sec = *date;
- tv.tv_usec = 0;
- CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ const SCTime_t ts = SCTIME_FROM_SECS(*date);
+ CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
MemBufferWriteString(buffer, "%s='%s'", title, timebuf);
}
MemBufferWriteString(buffer, "%s='%s'", title, value);
}
-static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state,
- const struct timeval *ts, char *srcip, Port sp,
- char *dstip, Port dp)
+static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
+ char *srcip, Port sp, char *dstip, Port dp)
{
char timebuf[64];
CreateTimeString(ts, timebuf, sizeof(timebuf));
}
}
-static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state,
- const struct timeval *ts, char *srcip, Port sp,
- char *dstip, Port dp)
+static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
+ char *srcip, Port sp, char *dstip, Port dp)
{
if (ssl_state->server_connp.cert0_fingerprint != NULL) {
LOG_CF_WRITE_SPACE_SEPARATOR(aft->buffer);
}
/* Custom format logging */
-static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state,
- const struct timeval *ts, char *srcip, Port sp,
- char *dstip, Port dp)
+static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
+ char *srcip, Port sp, char *dstip, Port dp)
{
LogTlsFileCtx *tlslog_ctx = aft->tlslog_ctx;
uint32_t i;
break;
case LOG_CF_TIMESTAMP_U:
/* TIMESTAMP USECONDS */
- snprintf(buf, sizeof(buf), "%06u", (unsigned int) ts->tv_usec);
- PrintRawUriBuf((char *)aft->buffer->buffer,
- &aft->buffer->offset,
- aft->buffer->size, (uint8_t *)buf,
- MIN(strlen(buf),6));
- break;
+ snprintf(buf, sizeof(buf), "%06u", (unsigned int)SCTIME_USECS(ts));
+ PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
+ (uint8_t *)buf, MIN(strlen(buf), 6));
+ break;
case LOG_CF_CLIENT_IP:
/* CLIENT IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer,
MemBufferReset(aft->buffer);
if (hlog->flags & LOG_TLS_CUSTOM) {
- LogTlsLogCustom(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
+ LogTlsLogCustom(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
} else if (hlog->flags & LOG_TLS_EXTENDED) {
- LogTlsLogBasic(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
- LogTlsLogExtended(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
+ LogTlsLogBasic(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
+ LogTlsLogExtended(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
} else {
- LogTlsLogBasic(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
+ LogTlsLogBasic(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
}
MemBufferWriteString(aft->buffer, "\n");
/* Use format : packet time + incremental ID
* When running on same pcap it will overwrite
* On a live device, we will not be able to overwrite */
- if (snprintf(path, sizeof(path), "%s/%ld.%ld-%d.pem",
- tls_logfile_base_dir,
- (long int)p->ts.tv_sec,
- (long int)p->ts.tv_usec,
- file_id) == sizeof(path))
+ if (snprintf(path, sizeof(path), "%s/%ld.%ld-%d.pem", tls_logfile_base_dir,
+ (long int)SCTIME_SECS(p->ts), (long int)SCTIME_USECS(p->ts),
+ file_id) == sizeof(path))
return 0;
strlcpy(filename, path, filename_size);
char srcip[PRINT_BUF_LEN], dstip[PRINT_BUF_LEN];
char timebuf[64];
Port sp, dp;
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
if (!TLSGetIPInformations(p, srcip, PRINT_BUF_LEN, &sp, dstip, PRINT_BUF_LEN, &dp, ipproto))
goto end_fwrite_fpmeta;
if (fprintf(fpmeta, "TIME: %s\n", timebuf) < 0)
if (ctx->fileinfo) {
char js_metadata_filename[PATH_MAX];
- if (snprintf(js_metadata_filename, sizeof(js_metadata_filename),
- "%s.%"PRIuMAX".%u.json", final_filename,
- (uintmax_t)p->ts.tv_sec, ff->file_store_id)
- == (int)sizeof(js_metadata_filename)) {
+ if (snprintf(js_metadata_filename, sizeof(js_metadata_filename), "%s.%" PRIuMAX ".%u.json",
+ final_filename, (uintmax_t)SCTIME_SECS(p->ts),
+ ff->file_store_id) == (int)sizeof(js_metadata_filename)) {
WARN_ONCE(WOT_SNPRINTF, "Failed to write file info record. Output filename truncated.");
} else {
JsonBuilder *js_fileinfo =
if (p->alerts.cnt == 0)
return TM_ECODE_OK;
- CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(p->ts, timebuf, sizeof(timebuf));
for (int i = 0; i < p->alerts.cnt; i++) {
const PacketAlert *pa = &p->alerts.alerts[i];
return NULL;
}
- struct timeval tv;
- memset(&tv, 0x00, sizeof(tv));
- TimeGet(&tv);
+ SCTime_t ts = TimeGet();
- CreateIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(ts, timebuf, sizeof(timebuf));
if ((f->flags & FLOW_DIR_REVERSED) == 0) {
if (FLOW_IS_IPV4(f)) {
}
char timebuf1[64];
- CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
+ CreateIsoTimeString(f->startts, timebuf1, sizeof(timebuf1));
jb_set_string(js, "start", timebuf1);
}
EveAddFlow(f, jb);
char timebuf2[64];
- CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
+ CreateIsoTimeString(f->lastts, timebuf2, sizeof(timebuf2));
jb_set_string(jb, "end", timebuf2);
- int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
+ int32_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
jb_set_uint(jb, "age", age);
if (f->flow_end_flags & FLOW_END_FLAG_EMERGENCY)
if (unlikely(js == NULL))
return NULL;
- struct timeval tv;
- memset(&tv, 0x00, sizeof(tv));
- TimeGet(&tv);
+ SCTime_t ts = TimeGet();
- CreateIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(ts, timebuf, sizeof(timebuf));
/* reverse header direction if the flow started out wrong */
dir ^= ((f->flags & FLOW_DIR_REVERSED) != 0);
char timebuf1[64], timebuf2[64];
- CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
- CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
+ CreateIsoTimeString(f->startts, timebuf1, sizeof(timebuf1));
+ CreateIsoTimeString(f->lastts, timebuf2, sizeof(timebuf2));
jb_set_string(js, "start", timebuf1);
jb_set_string(js, "end", timebuf2);
- int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
+ int32_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
jb_set_uint(js, "age", age);
jb_set_uint(js, "min_ttl", f->min_ttl_toserver);
char timebuf1[64], timebuf2[64];
- CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
- CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
+ CreateIsoTimeString(f->startts, timebuf1, sizeof(timebuf1));
+ CreateIsoTimeString(f->lastts, timebuf2, sizeof(timebuf2));
jb_set_string(js, "start", timebuf1);
jb_set_string(js, "end", timebuf2);
- int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
+ int32_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
jb_set_uint(js, "age", age);
/* To client is zero if we did not see any packet */
static json_t *EngineStats2Json(const DetectEngineCtx *de_ctx,
const OutputEngineInfo output)
{
- struct timeval last_reload;
char timebuf[64];
const SigFileLoaderStat *sig_stat = NULL;
}
if (output == OUTPUT_ENGINE_LAST_RELOAD || output == OUTPUT_ENGINE_ALL) {
- last_reload = de_ctx->last_reload;
- CreateIsoTimeString(&last_reload, timebuf, sizeof(timebuf));
+ SCTime_t last_reload = SCTIME_FROM_TIMEVAL(&de_ctx->last_reload);
+ CreateIsoTimeString(last_reload, timebuf, sizeof(timebuf));
json_object_set_new(jdata, "last_reload", json_string(timebuf));
}
if (unlikely(js == NULL))
return 0;
char timebuf[64];
- CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
json_object_set_new(js, "timestamp", json_string(timebuf));
json_object_set_new(js, "event_type", json_string("stats"));
{
if (ssl_state->server_connp.cert0_not_before != 0) {
char timebuf[64];
- struct timeval tv;
- tv.tv_sec = ssl_state->server_connp.cert0_not_before;
- tv.tv_usec = 0;
- CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ SCTime_t ts = SCTIME_FROM_SECS(ssl_state->server_connp.cert0_not_before);
+ CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notbefore", timebuf);
}
}
{
if (ssl_state->server_connp.cert0_not_after != 0) {
char timebuf[64];
- struct timeval tv;
- tv.tv_sec = ssl_state->server_connp.cert0_not_after;
- tv.tv_usec = 0;
- CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ SCTime_t ts = SCTIME_FROM_SECS(ssl_state->server_connp.cert0_not_after);
+ CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notafter", timebuf);
}
}
}
if (connp->cert0_not_before != 0) {
char timebuf[64];
- struct timeval tv;
- tv.tv_sec = connp->cert0_not_before;
- tv.tv_usec = 0;
- CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ SCTime_t ts = SCTIME_FROM_SECS(connp->cert0_not_before);
+ CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notbefore", timebuf);
}
if (connp->cert0_not_after != 0) {
char timebuf[64];
- struct timeval tv;
- tv.tv_sec = connp->cert0_not_after;
- tv.tv_usec = 0;
- CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+ SCTime_t ts = SCTIME_FROM_SECS(connp->cert0_not_after);
+ CreateUtcIsoTimeString(ts, timebuf, sizeof(timebuf));
jb_set_string(js, "notafter", timebuf);
}
return NULL;
}
- CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(p->ts, timebuf, sizeof(timebuf));
jb_set_string(js, "timestamp", timebuf);
LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data;
char timebuf[64];
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
if (!(PKT_IS_IPV4(p)) && !(PKT_IS_IPV6(p))) {
/* decoder event */
goto not_supported;
}
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
/* loop through alerts stored in the packet */
SCMutexLock(&td->lua_ctx->m);
p->vlan_id[0] = 0;
p->vlan_id[1] = 0;
p->vlan_idx = 0;
- p->ts.tv_sec = 0;
- p->ts.tv_usec = 0;
+ p->ts = 0;
p->datalink = 0;
p->drop_reason = 0;
#define PACKET_RESET_ACTION(p) (p)->action = 0
SCLogInfo("add-hostbit: ip %s hostbit %s expire %us", ipaddress, hostbit, expire);
- struct timeval current_time;
- TimeGet(¤t_time);
+ SCTime_t current_time = TimeGet();
Host *host = HostGetHostFromHash(&a);
if (host) {
- HostBitSet(host, idx, current_time.tv_sec + expire);
+ HostBitSet(host, idx, SCTIME_SECS(current_time) + expire);
HostUnlock(host);
json_object_set_new(answer, "message", json_string("hostbit added"));
SCLogInfo("list-hostbit: %s", ipaddress);
- struct timeval ts;
- memset(&ts, 0, sizeof(ts));
- TimeGet(&ts);
+ SCTime_t ts = TimeGet();
struct Bit {
uint32_t id;
if (bitobject == NULL)
continue;
uint32_t expire = 0;
- if ((uint32_t)ts.tv_sec < bits[i].expire)
- expire = bits[i].expire - (uint32_t)ts.tv_sec;
+ if ((uint32_t)SCTIME_SECS(ts) < bits[i].expire)
+ expire = bits[i].expire - (uint32_t)SCTIME_SECS(ts);
const char *name = VarNameStoreLookupById(bits[i].id, VAR_TYPE_HOST_BIT);
if (name == NULL)
uint32_t todstpktcnt = f->todstpktcnt;
uint64_t tosrcbytecnt = f->tosrcbytecnt;
uint64_t todstbytecnt = f->todstbytecnt;
- uint64_t age = f->lastts.tv_sec - f->startts.tv_sec;
+ uint64_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
FLOWLOCK_UNLOCK(f);
json_t *flow_info = json_object();
p->afp_v.peer = (p->afp_v.copy_mode == AFP_COPY_MODE_NONE) ? NULL : ptv->mpeer->peer;
/* Timestamp */
- p->ts.tv_sec = h.h2->tp_sec;
- p->ts.tv_usec = h.h2->tp_nsec / 1000;
+ p->ts = SCTIME_FROM_SECS(h.h2->tp_sec);
+ p->ts += SCTIME_FROM_USECS(h.h2->tp_nsec / 1000);
SCLogDebug("pktlen: %" PRIu32 " (pkt %p, pkt data %p)", GET_PKT_LEN(p), p, GET_PKT_DATA(p));
/* We only check for checksum disable */
p->afp_v.peer = (p->afp_v.copy_mode == AFP_COPY_MODE_NONE) ? NULL : ptv->mpeer->peer;
/* Timestamp */
- p->ts.tv_sec = ppd->tp_sec;
- p->ts.tv_usec = ppd->tp_nsec/1000;
+ p->ts = SCTIME_FROM_SECS(ppd->tp_sec);
+ p->ts += SCTIME_FROM_USECS(ppd->tp_nsec / 1000);
SCLogDebug("pktlen: %" PRIu32 " (pkt %p, pkt data %p)",
GET_PKT_LEN(p), p, GET_PKT_DATA(p));
p->ReleasePacket = AFXDPReleasePacket;
p->flags |= PKT_IGNORE_CHECKSUM;
- p->ts = ts;
+ p->ts = SCTIME_FROM_TIMEVAL(&ts);
uint64_t addr = xsk_ring_cons__rx_desc(&ptv->xsk.rx, idx_rx)->addr;
uint32_t len = xsk_ring_cons__rx_desc(&ptv->xsk.rx, idx_rx++)->len;
* @param machine_start_tv - timestamp when the machine was started
* @param real_tv
*/
-static void DPDKSetTimevalReal(struct timeval *machine_start_tv, struct timeval *real_tv)
+static SCTime_t DPDKSetTimevalReal(struct timeval *machine_start_tv)
{
- CyclesAddToTimeval(rte_get_tsc_cycles(), machine_start_tv, real_tv);
+ struct timeval real_tv;
+ CyclesAddToTimeval(rte_get_tsc_cycles(), machine_start_tv, &real_tv);
+ return SCTIME_FROM_TIMEVAL(&real_tv);
}
/* get number of seconds from the reset of TSC counter (typically from the machine start) */
p->flags |= PKT_IGNORE_CHECKSUM;
}
- DPDKSetTimevalReal(&machine_start_time, &p->ts);
+ p->ts = DPDKSetTimevalReal(&machine_start_time);
p->dpdk_v.mbuf = ptv->received_mbufs[i];
p->ReleasePacket = DPDKReleasePacket;
p->dpdk_v.copy_mode = ptv->copy_mode;
/* Convert ERF time to timeval - from libpcap. */
uint64_t ts = dr->ts;
- p->ts.tv_sec = ts >> 32;
+ p->ts = SCTIME_FROM_SECS(ts >> 32);
ts = (ts & 0xffffffffULL) * 1000000;
ts += 0x80000000; /* rounding */
- p->ts.tv_usec = ts >> 32;
- if (p->ts.tv_usec >= 1000000) {
- p->ts.tv_usec -= 1000000;
- p->ts.tv_sec++;
+ uint64_t usecs = ts >> 32;
+ if (usecs >= 1000000) {
+ usecs -= 1000000;
+ p->ts += SCTIME_FROM_SECS(1);
}
+ p->ts += SCTIME_FROM_USECS(usecs);
StatsIncr(ewtn->tv, ewtn->packets);
ewtn->bytes += wlen;
/* Convert ERF time to timeval - from libpcap. */
uint64_t ts = dr.ts;
- p->ts.tv_sec = ts >> 32;
+ p->ts = SCTIME_FROM_SECS(ts >> 32);
ts = (ts & 0xffffffffULL) * 1000000;
ts += 0x80000000; /* rounding */
- p->ts.tv_usec = ts >> 32;
- if (p->ts.tv_usec >= 1000000) {
- p->ts.tv_usec -= 1000000;
- p->ts.tv_sec++;
+ uint64_t usecs = (ts >> 32);
+ if (usecs >= 1000000) {
+ usecs -= 1000000;
+ p->ts += SCTIME_FROM_SECS(1);
+ usecs++;
}
+ p->ts += SCTIME_FROM_USECS(usecs);
etv->pkts++;
etv->bytes += wlen;
SCLogDebug("Received Packet Len: %d", pktlen);
- p->ts.tv_sec = IPFWts.tv_sec;
- p->ts.tv_usec = IPFWts.tv_usec;
+ p->ts = SCTIME_FROM_TIMEVAL(&IPFWts);
ptv->pkts++;
ptv->bytes += pktlen;
*/
switch (NT_NET_GET_PKT_TIMESTAMP_TYPE(packet_buffer)) {
case NT_TIMESTAMP_TYPE_NATIVE_UNIX:
- p->ts.tv_sec = pkt_ts / 100000000;
- p->ts.tv_usec = ((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0);
+ p->ts = SCTIME_FROM_SECS(pkt_ts / 100000000);
+ p->ts += SCTIME_FROM_USECS(
+ ((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0));
break;
case NT_TIMESTAMP_TYPE_PCAP:
- p->ts.tv_sec = pkt_ts >> 32;
- p->ts.tv_usec = pkt_ts & 0xFFFFFFFF;
+ p->ts = SCTIME_FROM_SECS(pkt_ts >> 32);
+ p->ts += SCTIME_FROM_USECS(pkt_ts & 0xFFFFFFFF);
break;
case NT_TIMESTAMP_TYPE_PCAP_NANOTIME:
- p->ts.tv_sec = pkt_ts >> 32;
- p->ts.tv_usec = ((pkt_ts & 0xFFFFFFFF) / 1000) + ((pkt_ts % 1000) > 500 ? 1 : 0);
+ p->ts = SCTIME_FROM_SECS(pkt_ts >> 32);
+ p->ts += SCTIME_FROM_USECS(
+ ((pkt_ts & 0xFFFFFFFF) / 1000) + ((pkt_ts % 1000) > 500 ? 1 : 0));
break;
case NT_TIMESTAMP_TYPE_NATIVE_NDIS:
/* number of seconds between 1/1/1601 and 1/1/1970 */
- p->ts.tv_sec = (pkt_ts / 100000000) - 11644473600;
- p->ts.tv_usec = ((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0);
+ p->ts = SCTIME_FROM_SECS((pkt_ts / 100000000) - 11644473600);
+ p->ts += SCTIME_FROM_USECS(
+ ((pkt_ts % 100000000) / 100) + ((pkt_ts % 100) > 50 ? 1 : 0));
break;
default:
SCLogError("Packet from Napatech Stream: %u does not have a supported timestamp "
PKT_SET_SRC(p, PKT_SRC_WIRE);
p->livedev = ntv->livedev;
p->datalink = LINKTYPE_ETHERNET;
- p->ts = ph->ts;
+ p->ts = SCTIME_FROM_TIMEVAL(&ph->ts);
ntv->pkts++;
ntv->bytes += ph->len;
SET_PKT_LEN(p, 0);
}
- ret = nfq_get_timestamp(tb, &p->ts);
- if (ret != 0 || p->ts.tv_sec == 0) {
- memset (&p->ts, 0, sizeof(struct timeval));
- gettimeofday(&p->ts, NULL);
+ struct timeval tv;
+ ret = nfq_get_timestamp(tb, &tv);
+ if (ret != 0 || tv.tv_sec == 0) {
+ memset(&tv, 0, sizeof(tv));
+ gettimeofday(&tv, NULL);
}
+ p->ts = SCTIME_FROM_TIMEVAL(&tv);
p->datalink = DLT_RAW;
return 0;
PACKET_PROFILING_TMM_START(p, TMM_RECEIVEPCAPFILE);
PKT_SET_SRC(p, PKT_SRC_WIRE);
- p->ts.tv_sec = h->ts.tv_sec;
- p->ts.tv_usec = h->ts.tv_usec % 1000000;
- SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
+ p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
+ SCLogDebug("p->ts.tv_sec %" PRIuMAX "", (uintmax_t)SCTIME_SECS(p->ts));
p->datalink = ptv->datalink;
p->pcap_cnt = ++pcap_g.cnt;
/* initialize all the thread's initial timestamp */
if (likely(ptv->first_pkt_hdr != NULL)) {
- TmThreadsInitThreadsTimestamp(&ptv->first_pkt_ts);
+ TmThreadsInitThreadsTimestamp(SCTIME_FROM_TIMEVAL(&ptv->first_pkt_ts));
PcapFileCallbackLoop((char *)ptv, ptv->first_pkt_hdr,
(u_char *)ptv->first_pkt_data);
ptv->first_pkt_hdr = NULL;
PcapThreadVars *ptv = (PcapThreadVars *)user;
Packet *p = PacketGetFromQueueOrAlloc();
- struct timeval current_time;
if (unlikely(p == NULL)) {
SCReturn;
}
PKT_SET_SRC(p, PKT_SRC_WIRE);
- p->ts.tv_sec = h->ts.tv_sec;
- p->ts.tv_usec = h->ts.tv_usec;
- SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
+ p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
+ SCLogDebug("p->ts.tv_sec %" PRIuMAX "", SCTIME_SECS((uintmax_t)p->ts));
p->datalink = ptv->datalink;
ptv->pkts++;
}
/* Trigger one dump of stats every second */
- TimeGet(¤t_time);
- if (current_time.tv_sec != ptv->last_stats_dump) {
+ SCTime_t current_time = TimeGet();
+ if ((time_t)SCTIME_SECS(current_time) != ptv->last_stats_dump) {
PcapDumpCounters(ptv);
- ptv->last_stats_dump = current_time.tv_sec;
+ ptv->last_stats_dump = SCTIME_SECS(current_time);
}
SCReturn;
gettimeofday((struct timeval *)&h->ts, NULL);
}
- p->ts.tv_sec = h->ts.tv_sec;
- p->ts.tv_usec = h->ts.tv_usec;
+ p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
/* PF_RING all packets are marked as a link type of ethernet
* so that is what we do here. */
}
/* Trigger one dump of stats every second */
- if (p->ts.tv_sec != last_dump) {
+ if (SCTIME_SECS(p->ts) != last_dump) {
PfringDumpCounters(ptv);
- last_dump = p->ts.tv_sec;
+ last_dump = SCTIME_SECS(p->ts);
}
} else if (unlikely(r == 0)) {
if (suricata_ctl_flags & SURICATA_STOP) {
*/
static void WinDivertInitQPCValues(WinDivertThreadVars *wd_tv)
{
- struct timeval now;
-
- TimeGet(&now);
+ SCTime_t now = TimeGet();
(void)QueryPerformanceCounter((LARGE_INTEGER *)&wd_tv->qpc_start_count);
- wd_tv->qpc_start_time =
- (uint64_t)now.tv_sec * (1000 * 1000) + (uint64_t)now.tv_usec;
+ wd_tv->qpc_start_time = (uint64_t)SCTIME_SECS(now) * (1000 * 1000) + (uint64_t)SCTIME_SECS(now);
(void)QueryPerformanceFrequency((LARGE_INTEGER *)&wd_tv->qpc_freq_usec);
/* \bug: clock drift? */
}
/**
- * \brief gets a timeval from a WinDivert timestamp
+ * \brief WinDivert timestamp to a SCTime_t
*/
-static struct timeval WinDivertTimestampToTimeval(WinDivertThreadVars *wd_tv,
- INT64 timestamp_count)
+static SCTime_t WinDivertTimestampToTimeStamp(WinDivertThreadVars *wd_tv, INT64 timestamp_count)
{
- struct timeval ts;
+ struct timeval tv;
int64_t qpc_delta = (int64_t)timestamp_count - wd_tv->qpc_start_count;
int64_t unix_usec =
wd_tv->qpc_start_time + (qpc_delta / wd_tv->qpc_freq_usec);
- ts.tv_sec = (long)(unix_usec / (1000 * 1000));
- ts.tv_usec = (long)(unix_usec - (int64_t)ts.tv_sec * (1000 * 1000));
+ tv.tv_sec = (long)(unix_usec / (1000 * 1000));
+ tv.tv_usec = (long)(unix_usec - (int64_t)tv.tv_sec * (1000 * 1000));
- return ts;
+ return SCTIME_FROM_TIMEVAL(&tv);
}
/**
}
SCLogDebug("Packet received, length %" PRId32 "", GET_PKT_LEN(p));
- p->ts = WinDivertTimestampToTimeval(wd_tv, p->windivert_v.addr.Timestamp);
+ p->ts = WinDivertTimestampToTimeStamp(wd_tv, p->windivert_v.addr.Timestamp);
p->windivert_v.thread_num = wd_tv->thread_num;
#ifdef COUNTERS
static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, const Packet *pp)
{
if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > pp->payload_len) {
- seg->pcap_hdr_storage->ts.tv_sec = rp->ts.tv_sec;
- seg->pcap_hdr_storage->ts.tv_usec = rp->ts.tv_usec;
+ seg->pcap_hdr_storage->ts.tv_sec = SCTIME_SECS(rp->ts);
+ seg->pcap_hdr_storage->ts.tv_usec = SCTIME_USECS(rp->ts);
seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - pp->payload_len;
/*
* pkt_hdr members are initially allocated 64 bytes of memory. Thus,
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
- ssn->server.last_pkt_ts = p->ts.tv_sec;
+ ssn->server.last_pkt_ts = SCTIME_SECS(p->ts);
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
if (ssn->client.last_ts == 0)
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
- ssn->client.last_pkt_ts = p->ts.tv_sec;
+ ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
ssn->client.flags |= STREAMTCP_STREAM_FLAG_TIMESTAMP;
}
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
- ssn->client.last_pkt_ts = p->ts.tv_sec;
+ ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
if (ssn->client.last_ts == 0)
q->win = TCP_GET_WINDOW(p);
q->seq = TCP_GET_SEQ(p);
q->ack = TCP_GET_ACK(p);
- q->pkt_ts = p->ts.tv_sec;
+ q->pkt_ts = SCTIME_SECS(p->ts);
if (TCP_GET_SACKOK(p) == 1)
q->flags |= STREAMTCP_QUEUE_FLAG_SACK;
"ssn->server.last_ts %" PRIu32"", ssn,
ssn->client.last_ts, ssn->server.last_ts);
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
- ssn->client.last_pkt_ts = p->ts.tv_sec;
+ ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
} else {
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
- ssn->server.last_pkt_ts = p->ts.tv_sec;
+ ssn->server.last_pkt_ts = SCTIME_SECS(p->ts);
ssn->server.flags |= STREAMTCP_STREAM_FLAG_TIMESTAMP;
}
// Check whether packets have been received in the correct order (only ever update)
if (ssn->client.last_ts < ts_val) {
ssn->client.last_ts = ts_val;
- ssn->client.last_pkt_ts = p->ts.tv_sec;
+ ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
}
SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %" PRIu64, ssn,
{
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
ssn->client.flags &= ~STREAMTCP_STREAM_FLAG_TIMESTAMP;
- ssn->client.last_pkt_ts = p->ts.tv_sec;
+ ssn->client.last_pkt_ts = SCTIME_SECS(p->ts);
} else {
ssn->client.last_ts = 0;
ssn->client.flags &= ~STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP;
result = (int32_t) (ts - last_ts);
}
- SCLogDebug("result %"PRIi32", p->ts.tv_sec %"PRIuMAX"", result, (uintmax_t)p->ts.tv_sec);
+ SCLogDebug("result %" PRIi32 ", p->ts(secs) %" PRIuMAX "", result,
+ (uintmax_t)SCTIME_SECS(p->ts));
if (last_pkt_ts == 0 &&
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM))
{
- last_pkt_ts = p->ts.tv_sec;
+ last_pkt_ts = SCTIME_SECS(p->ts);
}
if (result < 0) {
/* candidate for rejection */
ret = 0;
} else if ((sender_stream->last_ts != 0) &&
- (((uint32_t) p->ts.tv_sec) >
- last_pkt_ts + PAWS_24DAYS))
- {
+ (((uint32_t)SCTIME_SECS(p->ts)) > last_pkt_ts + PAWS_24DAYS)) {
SCLogDebug("packet is not valid last_pkt_ts "
- "%" PRIu32 " p->ts.tv_sec %" PRIu32 "",
- last_pkt_ts, (uint32_t) p->ts.tv_sec);
+ "%" PRIu32 " p->ts(sec) %" PRIu32 "",
+ last_pkt_ts, (uint32_t)SCTIME_SECS(p->ts));
/* candidate for rejection */
ret = 0;
}
* current stream timestamp is not so old. if so then we need to
* accept the packet and update the stream->last_ts (RFC 1323)*/
if ((SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p))) &&
- (((uint32_t) p->ts.tv_sec > (last_pkt_ts + PAWS_24DAYS))))
- {
+ (((uint32_t)SCTIME_SECS(p->ts) > (last_pkt_ts + PAWS_24DAYS)))) {
SCLogDebug("timestamp considered valid anyway");
} else {
goto invalid;
result = (int32_t) (ts - sender_stream->last_ts);
}
- SCLogDebug("result %"PRIi32", p->ts.tv_sec %"PRIuMAX"", result, (uintmax_t)p->ts.tv_sec);
+ SCLogDebug("result %" PRIi32 ", p->ts(sec) %" PRIuMAX "", result,
+ (uintmax_t)SCTIME_SECS(p->ts));
if (sender_stream->last_pkt_ts == 0 &&
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM))
{
- sender_stream->last_pkt_ts = p->ts.tv_sec;
+ sender_stream->last_pkt_ts = SCTIME_SECS(p->ts);
}
if (result < 0) {
/* candidate for rejection */
ret = 0;
} else if ((sender_stream->last_ts != 0) &&
- (((uint32_t) p->ts.tv_sec) >
- sender_stream->last_pkt_ts + PAWS_24DAYS))
- {
+ (((uint32_t)SCTIME_SECS(p->ts)) >
+ sender_stream->last_pkt_ts + PAWS_24DAYS)) {
SCLogDebug("packet is not valid sender_stream->last_pkt_ts "
- "%" PRIu32 " p->ts.tv_sec %" PRIu32 "",
- sender_stream->last_pkt_ts, (uint32_t) p->ts.tv_sec);
+ "%" PRIu32 " p->ts(sec) %" PRIu32 "",
+ sender_stream->last_pkt_ts, (uint32_t)SCTIME_SECS(p->ts));
/* candidate for rejection */
ret = 0;
}
if (SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p)))
sender_stream->last_ts = ts;
- sender_stream->last_pkt_ts = p->ts.tv_sec;
+ sender_stream->last_pkt_ts = SCTIME_SECS(p->ts);
} else if (ret == 0) {
/* if the timestamp of packet is not valid then, check if the
* current stream timestamp is not so old. if so then we need to
* accept the packet and update the stream->last_ts (RFC 1323)*/
if ((SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p))) &&
- (((uint32_t) p->ts.tv_sec > (sender_stream->last_pkt_ts + PAWS_24DAYS))))
- {
+ (((uint32_t)SCTIME_SECS(p->ts) >
+ (sender_stream->last_pkt_ts + PAWS_24DAYS)))) {
sender_stream->last_ts = ts;
- sender_stream->last_pkt_ts = p->ts.tv_sec;
+ sender_stream->last_pkt_ts = SCTIME_SECS(p->ts);
SCLogDebug("timestamp considered valid anyway");
} else {
PacketCopyData(p, pkt, len);
p->recursion_level = parent->recursion_level + 1;
- p->ts.tv_sec = parent->ts.tv_sec;
- p->ts.tv_usec = parent->ts.tv_usec;
+ p->ts = parent->ts;
FlowReference(&p->flow, parent->flow);
/* set tunnel flags */
#include "tm-threads-common.h"
#include "util-optimize.h"
+#include "util-time.h"
#include "util-mem.h"
#include "util-memcmp.h"
#include "util-atomic.h"
p3->flowflags |= FLOW_PKT_ESTABLISHED;
p3->pcap_cnt = 3;
- f.lastts.tv_sec = 1474978656; /* 2016-09-27 */
+ f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
StreamTcpInitConfig(true);
p3->flowflags |= FLOW_PKT_ESTABLISHED;
p3->pcap_cnt = 3;
- f.lastts.tv_sec = 1474978656; /* 2016-09-27 */
+ f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
StreamTcpInitConfig(true);
if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
goto bail;
}
- p->ts.tv_sec = header.ts.tv_sec;
- p->ts.tv_usec = header.ts.tv_usec % 1000000;
+ p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
while (r > 0) {
if (PacketCopyData(p, pkt, header.caplen) == 0) {
goto bail;
}
PacketRecycle(p);
- p->ts.tv_sec = header.ts.tv_sec;
- p->ts.tv_usec = header.ts.tv_usec % 1000000;
+ p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
pcap_cnt++;
p->pcap_cnt = pcap_cnt;
if (r <= 0 || header->ts.tv_sec >= INT_MAX - 3600 || header->ts.tv_usec < 0) {
goto bail;
}
- p->ts.tv_sec = header->ts.tv_sec;
- p->ts.tv_usec = header->ts.tv_usec % 1000000;
+ p->ts = SCTIME_FROM_TIMEVAL(&header->ts);
p->datalink = pcap_datalink(pkts);
p->pkt_src = PKT_SRC_WIRE;
while (r > 0) {
goto bail;
}
PacketRecycle(p);
- p->ts.tv_sec = header->ts.tv_sec;
- p->ts.tv_usec = header->ts.tv_usec % 1000000;
+ p->ts = SCTIME_FROM_TIMEVAL(&header->ts);
p->datalink = pcap_datalink(pkts);
p->pkt_src = PKT_SRC_WIRE;
pcap_cnt++;
goto bail;
}
p->pkt_src = PKT_SRC_WIRE;
- p->ts.tv_sec = header.ts.tv_sec;
- p->ts.tv_usec = header.ts.tv_usec % 1000000;
+ p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
while (r > 0) {
if (PacketCopyData(p, pkt, header.caplen) == 0) {
}
PacketRecycle(p);
p->pkt_src = PKT_SRC_WIRE;
- p->ts.tv_sec = header.ts.tv_sec;
- p->ts.tv_usec = header.ts.tv_usec % 1000000;
+ p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
p->datalink = pkts.datalink;
pcap_cnt++;
p->pcap_cnt = pcap_cnt;
int type;
int in_use; /**< bool to indicate this is in use */
- struct timeval pktts; /**< current packet time of this thread
+ SCTime_t pktts; /**< current packet time of this thread
* (offline mode) */
uint32_t sys_sec_stamp; /**< timestamp in seconds of the real system
* time when the pktts was last updated. */
SCMutexUnlock(&thread_store_lock);
}
-void TmThreadsSetThreadTimestamp(const int id, const struct timeval *ts)
+void TmThreadsSetThreadTimestamp(const int id, const SCTime_t ts)
{
SCMutexLock(&thread_store_lock);
if (unlikely(id <= 0 || id > (int)thread_store.threads_size)) {
int idx = id - 1;
Thread *t = &thread_store.threads[idx];
- t->pktts = *ts;
+ t->pktts = ts;
struct timeval systs;
gettimeofday(&systs, NULL);
t->sys_sec_stamp = (uint32_t)systs.tv_sec;
return ready;
}
-void TmThreadsInitThreadsTimestamp(const struct timeval *ts)
+void TmThreadsInitThreadsTimestamp(const SCTime_t ts)
{
struct timeval systs;
gettimeofday(&systs, NULL);
Thread *t = &thread_store.threads[s];
if (!t->in_use)
break;
- t->pktts = *ts;
+ t->pktts = ts;
t->sys_sec_stamp = (uint32_t)systs.tv_sec;
}
SCMutexUnlock(&thread_store_lock);
void TmThreadsGetMinimalTimestamp(struct timeval *ts)
{
- struct timeval local, nullts;
- memset(&local, 0, sizeof(local));
- memset(&nullts, 0, sizeof(nullts));
- int set = 0;
+ struct timeval local = { 0 };
+ static struct timeval nullts;
+ bool set = false;
size_t s;
struct timeval systs;
gettimeofday(&systs, NULL);
Thread *t = &thread_store.threads[s];
if (t->in_use == 0)
break;
- if (!(timercmp(&t->pktts, &nullts, ==))) {
+ struct timeval pkttv = { .tv_sec = SCTIME_SECS(t->pktts),
+ .tv_usec = SCTIME_USECS(t->pktts) };
+ if (!(timercmp(&pkttv, &nullts, ==))) {
/* ignore sleeping threads */
if (t->sys_sec_stamp + 1 < (uint32_t)systs.tv_sec)
continue;
if (!set) {
- local = t->pktts;
- set = 1;
+ SCTIME_TO_TIMEVAL(&local, t->pktts);
+ set = true;
} else {
- if (timercmp(&t->pktts, &local, <)) {
- local = t->pktts;
+ if (SCTIME_CMP_LT(t->pktts, SCTIME_FROM_TIMEVAL(&local))) {
+ SCTIME_TO_TIMEVAL(&local, t->pktts);
}
}
}
void TmThreadsUnregisterThread(const int id);
void TmThreadsInjectFlowById(Flow *f, const int id);
-void TmThreadsInitThreadsTimestamp(const struct timeval *ts);
-void TmThreadsSetThreadTimestamp(const int id, const struct timeval *ts);
+void TmThreadsInitThreadsTimestamp(const SCTime_t ts);
+void TmThreadsSetThreadTimestamp(const int id, const SCTime_t ts);
void TmThreadsGetMinimalTimestamp(struct timeval *ts);
uint16_t TmThreadsGetWorkerThreadMax(void);
bool TmThreadsTimeSubsysIsReady(void);
/**
*/
-static int SCLogMessageJSON(struct timeval *tval, char *buffer, size_t buffer_size,
- SCLogLevel log_level, const char *file, unsigned line, const char *function,
- const char *module, const char *message)
+static int SCLogMessageJSON(SCTime_t tval, char *buffer, size_t buffer_size, SCLogLevel log_level,
+ const char *file, unsigned line, const char *function, const char *module,
+ const char *message)
{
JsonBuilder *js = jb_new_object();
if (unlikely(js == NULL))
*
* \retval 0 on success; else a negative value on error
*/
-static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPType type,
- char *buffer, size_t buffer_size, const char *log_format, const SCLogLevel log_level,
- const char *file, const unsigned int line, const char *function, const char *module,
- const char *message)
+static SCError SCLogMessageGetBuffer(SCTime_t tval, int color, SCLogOPType type, char *buffer,
+ size_t buffer_size, const char *log_format, const SCLogLevel log_level, const char *file,
+ const unsigned int line, const char *function, const char *module, const char *message)
{
if (type == SC_LOG_OP_TYPE_JSON)
return SCLogMessageJSON(
case SC_LOG_FMT_TIME:
temp_fmt[0] = '\0';
- tms = SCLocalTime(tval->tv_sec, &local_tm);
+ tms = SCLocalTime(SCTIME_SECS(tval), &local_tm);
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
"%s%s%04d-%02d-%02d %02d:%02d:%02d%s", substr, green, tms->tm_year + 1900,
case SC_LOG_FMT_TIME_LEGACY:
temp_fmt[0] = '\0';
- tms = SCLocalTime(tval->tv_sec, &local_tm);
+ tms = SCLocalTime(SCTIME_SECS(tval), &local_tm);
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
"%s%s%d/%d/%04d -- %02d:%02d:%02d%s",
}
/* get ts here so we log the same ts to each output */
- struct timeval tval;
- gettimeofday(&tval, NULL);
+ SCTime_t ts = TimeGet();
op_iface_ctx = sc_log_config->op_ifaces;
while (op_iface_ctx != NULL) {
switch (op_iface_ctx->iface) {
case SC_LOG_OP_IFACE_CONSOLE:
- if (SCLogMessageGetBuffer(&tval, op_iface_ctx->use_color, op_iface_ctx->type,
- buffer, sizeof(buffer),
+ if (SCLogMessageGetBuffer(ts, op_iface_ctx->use_color, op_iface_ctx->type, buffer,
+ sizeof(buffer),
op_iface_ctx->log_format ? op_iface_ctx->log_format
: sc_log_config->log_format,
log_level, file, line, function, module, message) == 0) {
}
break;
case SC_LOG_OP_IFACE_FILE:
- if (SCLogMessageGetBuffer(&tval, 0, op_iface_ctx->type, buffer, sizeof(buffer),
+ if (SCLogMessageGetBuffer(ts, 0, op_iface_ctx->type, buffer, sizeof(buffer),
op_iface_ctx->log_format ? op_iface_ctx->log_format
: sc_log_config->log_format,
log_level, file, line, function, module, message) == 0) {
}
break;
case SC_LOG_OP_IFACE_SYSLOG:
- if (SCLogMessageGetBuffer(&tval, 0, op_iface_ctx->type, buffer, sizeof(buffer),
+ if (SCLogMessageGetBuffer(ts, 0, op_iface_ctx->type, buffer, sizeof(buffer),
op_iface_ctx->log_format ? op_iface_ctx->log_format
: sc_log_config->log_format,
log_level, file, line, function, module, message) == 0) {
EBPFDeleteKey(eb->mapfd, eb->key[1]);
SCLogDebug("Done delete entry: %u", FLOW_IS_IPV6(f));
} else {
- f->lastts.tv_sec = tsec;
+ f->lastts = SCTIME_FROM_SECS(tsec);
return true;
}
return false;
*
* Places: seconds (number), microseconds (number)
*/
-static int LuaCallbackTimestampPushToStack(lua_State *luastate, const struct timeval *ts)
+static int LuaCallbackTimestampPushToStack(lua_State *luastate, const SCTime_t ts)
{
- lua_pushnumber(luastate, (double)ts->tv_sec);
- lua_pushnumber(luastate, (double)ts->tv_usec);
+ lua_pushnumber(luastate, (double)SCTIME_SECS(ts));
+ lua_pushnumber(luastate, (double)SCTIME_USECS(ts));
return 2;
}
static int LuaCallbackTimeStringPushToStackFromPacket(lua_State *luastate, const Packet *p)
{
char timebuf[64];
- CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
+ CreateTimeString(p->ts, timebuf, sizeof(timebuf));
lua_pushstring (luastate, timebuf);
return 1;
}
if (p == NULL)
return LuaCallbackError(luastate, "internal error: no packet");
- return LuaCallbackTimestampPushToStack(luastate, &p->ts);
+ return LuaCallbackTimestampPushToStack(luastate, p->ts);
}
/** \internal
* Places: seconds (number), seconds (number), microseconds (number),
* microseconds (number)
*/
-static int LuaCallbackFlowTimestampsPushToStack(lua_State *luastate,
- const struct timeval *startts,
- const struct timeval *lastts)
+static int LuaCallbackFlowTimestampsPushToStack(
+ lua_State *luastate, const SCTime_t startts, const SCTime_t lastts)
{
- lua_pushnumber(luastate, (double)startts->tv_sec);
- lua_pushnumber(luastate, (double)lastts->tv_sec);
- lua_pushnumber(luastate, (double)startts->tv_usec);
- lua_pushnumber(luastate, (double)lastts->tv_usec);
+ lua_pushnumber(luastate, (double)SCTIME_SECS(startts));
+ lua_pushnumber(luastate, (double)SCTIME_SECS(lastts));
+ lua_pushnumber(luastate, (double)SCTIME_USECS(startts));
+ lua_pushnumber(luastate, (double)SCTIME_USECS(lastts));
return 4;
}
return LuaCallbackError(luastate, "internal error: no flow");
}
- return LuaCallbackFlowTimestampsPushToStack(luastate, &flow->startts,
- &flow->lastts);
+ return LuaCallbackFlowTimestampsPushToStack(luastate, flow->startts, flow->lastts);
}
/** \internal
static int LuaCallbackTimeStringPushToStackFromFlow(lua_State *luastate, const Flow *flow)
{
char timebuf[64];
- CreateTimeString(&flow->startts, timebuf, sizeof(timebuf));
+ CreateTimeString(flow->startts, timebuf, sizeof(timebuf));
lua_pushstring (luastate, timebuf);
return 1;
}
}
gettimeofday(&tval, NULL);
- CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
json_object_set_new(js, "timestamp", json_string(timebuf));
for (i = 0; i < rules_ctx->cnt; i++) {
}
gettimeofday(&tval, NULL);
- CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
+ CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
json_object_set_new(js, "timestamp", json_string(timebuf));
json_object_set_new(js, "sort", json_string(sort_desc));
HostInitConfig(HOST_QUIET);
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
Packet *p = UTHBuildPacket((uint8_t*)"lalala", 6, IPPROTO_TCP);
FAIL_IF_NULL(p);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(p->alerts.cnt != 1 || PacketTestAction(p, ACTION_DROP));
TimeSetIncrementTime(2);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
FAIL_IF(p->alerts.cnt != 1 || !(PacketTestAction(p, ACTION_DROP)));
TimeSetIncrementTime(3);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
FAIL_IF(p->alerts.cnt != 1 || !(PacketTestAction(p, ACTION_DROP)));
TimeSetIncrementTime(10);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
p->alerts.cnt = 0;
p->action = 0;
{
HostInitConfig(HOST_QUIET);
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
/* Create two different packets falling to the same rule, and
* because count:3, we should drop on match #4.
*/
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
p2->ts = p1->ts;
/* All should be alerted, none dropped */
p2->action = 0;
TimeSetIncrementTime(2);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
/* Still dropped because timeout not expired */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
p1->action = 0;
TimeSetIncrementTime(10);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
/* Not dropped because timeout expired */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
{
HostInitConfig(HOST_QUIET);
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
Packet *p = UTHBuildPacket((uint8_t*)"lalala", 6, IPPROTO_TCP);
FAIL_IF_NULL(p);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
int alerts10 = 0;
int alerts11 = 0;
alerts12 += PacketAlertCheck(p, 12);
TimeSetIncrementTime(100);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
alerts11 += PacketAlertCheck(p, 11);
TimeSetIncrementTime(10);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
{
HostInitConfig(HOST_QUIET);
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
Packet *p = UTHBuildPacket((uint8_t*)"lalala", 6, IPPROTO_TCP);
FAIL_IF_NULL(p);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
int alerts10 = 0;
int alerts11 = 0;
alerts12 += PacketAlertCheck(p, 12);
TimeSetIncrementTime(100);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
alerts11 += PacketAlertCheck(p, 11);
TimeSetIncrementTime(10);
- TimeGet(&p->ts);
+ p->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts10 += PacketAlertCheck(p, 10);
ThreadVars th_v;
memset(&th_v, 0, sizeof(th_v));
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
FAIL_IF_NOT_NULL(g_ut_threshold_fp);
g_ut_threshold_fp = SCThresholdConfGenerateValidDummyFD11();
FAIL_IF_NULL(g_ut_threshold_fp);
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
Signature *sig = DetectEngineAppendSig(de_ctx,
"drop tcp any any -> any any (msg:\"suppress test\"; content:\"lalala\"; gid:1; sid:10000;)");
FAIL_IF_NULL(sig);
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
Signature *sig = DetectEngineAppendSig(de_ctx,
"drop tcp any any -> any any (msg:\"suppress test\"; gid:1; sid:1000;)");
FAIL_IF_NULL(sig);
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- struct timeval ts;
- memset (&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
Signature *sig = DetectEngineAppendSig(de_ctx,
"drop tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:10000;)");
FAIL_IF_NULL(sig);
IPPairInitConfig(IPPAIR_QUIET);
- struct timeval ts;
- memset(&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
/* This packet will cause rate_filter */
Packet *p1 = UTHBuildPacketSrcDst((uint8_t*)"lalala", 6, IPPROTO_TCP, "172.26.0.1", "172.26.0.10");
FAIL_IF_NULL(p1);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* All should be alerted, none dropped */
p1->action = p2->action = p3->action = 0;
TimeSetIncrementTime(2);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* p1 still shouldn't be dropped after 2nd alert */
p1->action = 0;
TimeSetIncrementTime(2);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* All should be alerted, only p1 must be dropped due to rate_filter*/
p1->action = p2->action = p3->action = 0;
TimeSetIncrementTime(7);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
p2->ts = p3->ts = p1->ts;
/* All should be alerted, none dropped (because timeout expired) */
IPPairInitConfig(IPPAIR_QUIET);
- struct timeval ts;
- memset(&ts, 0, sizeof(struct timeval));
- TimeGet(&ts);
-
/* Create two packets between same addresses in opposite direction */
Packet *p1 = UTHBuildPacketSrcDst((uint8_t*)"lalala", 6, IPPROTO_TCP, "172.26.0.1", "172.26.0.10");
FAIL_IF_NULL(p1);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- TimeGet(&p1->ts);
+ p1->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
/* First packet should be alerted, not dropped */
FAIL_IF(PacketTestAction(p1, ACTION_DROP));
FAIL_IF(PacketAlertCheck(p1, 10) != 1);
TimeSetIncrementTime(2);
- TimeGet(&p2->ts);
+ p2->ts = TimeGet();
SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
/* Second packet should be dropped because it considered as "the same pair"
return live_time_tracking;
}
-void TimeSetByThread(const int thread_id, const struct timeval *tv)
+void TimeSetByThread(const int thread_id, SCTime_t tv)
{
if (live_time_tracking)
return;
}
#ifdef UNITTESTS
-void TimeSet(struct timeval *tv)
+void TimeSet(SCTime_t ts)
{
if (live_time_tracking)
return;
- if (tv == NULL)
- return;
-
SCSpinLock(¤t_time_spinlock);
- current_time.tv_sec = tv->tv_sec;
- current_time.tv_usec = tv->tv_usec;
+ SCTIME_TO_TIMEVAL(¤t_time, ts);
SCLogDebug("time set to %" PRIuMAX " sec, %" PRIuMAX " usec",
(uintmax_t)current_time.tv_sec, (uintmax_t)current_time.tv_usec);
gettimeofday(&tv, NULL);
- TimeSet(&tv);
+ SCTime_t ts = SCTIME_FROM_TIMEVAL(&tv);
+ TimeSet(ts);
}
#endif
-void TimeGet(struct timeval *tv)
+SCTime_t TimeGet()
{
- if (tv == NULL)
- return;
-
+ struct timeval tv = { 0 };
if (live_time_tracking) {
- gettimeofday(tv, NULL);
+ gettimeofday(&tv, NULL);
} else {
#ifdef UNITTESTS
if (unlikely(RunmodeIsUnittests())) {
SCSpinLock(¤t_time_spinlock);
- tv->tv_sec = current_time.tv_sec;
- tv->tv_usec = current_time.tv_usec;
+ tv.tv_sec = current_time.tv_sec;
+ tv.tv_usec = current_time.tv_usec;
SCSpinUnlock(¤t_time_spinlock);
} else {
#endif
- TmThreadsGetMinimalTimestamp(tv);
+ TmThreadsGetMinimalTimestamp(&tv);
#ifdef UNITTESTS
}
#endif
}
- SCLogDebug("time we got is %" PRIuMAX " sec, %" PRIuMAX " usec",
- (uintmax_t)tv->tv_sec, (uintmax_t)tv->tv_usec);
+ SCLogDebug("time we got is %" PRIuMAX " sec, %" PRIuMAX " usec", (uintmax_t)tv.tv_sec,
+ (uintmax_t)tv.tv_usec);
+ return SCTIME_FROM_TIMEVAL(&tv);
}
#ifdef UNITTESTS
* \param tv_sec seconds to increment the time with */
void TimeSetIncrementTime(uint32_t tv_sec)
{
- struct timeval tv;
- memset(&tv, 0x00, sizeof(tv));
- TimeGet(&tv);
+ SCTime_t ts = TimeGet();
- tv.tv_sec += tv_sec;
+ ts += SCTIME_FROM_SECS(tv_sec);
- TimeSet(&tv);
+ TimeSet(ts);
}
#endif
* \brief wrapper around strftime on Windows to provide output
* compatible with posix %z
*/
-static inline void WinStrftime(const struct timeval *ts, const struct tm *t, char *str, size_t size)
+static inline void WinStrftime(const SCTime_t ts, const struct tm *t, char *str, size_t size)
{
char time_fmt[64] = { 0 };
char tz[6] = { 0 };
const int m = (abs(_timezone) % 3600) / 60;
snprintf(tz, sizeof(tz), "%c%02d%02d", tzdiff < 0 ? '-' : '+', h, m);
strftime(time_fmt, sizeof(time_fmt), "%Y-%m-%dT%H:%M:%S.%%06u", t);
- snprintf(str, size, time_fmt, ts->tv_usec);
+ snprintf(str, size, time_fmt, SCTIME_USECS(ts));
strlcat(str, tz, size); // append our timezone
}
#endif
-void CreateIsoTimeString (const struct timeval *ts, char *str, size_t size)
+void CreateIsoTimeString(const SCTime_t ts, char *str, size_t size)
{
- time_t time = ts->tv_sec;
+ time_t time = SCTIME_SECS(ts);
struct tm local_tm;
memset(&local_tm, 0, sizeof(local_tm));
struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
WinStrftime(ts, t, str, size);
#else
char time_fmt[64] = { 0 };
- int64_t usec = ts->tv_usec;
+ int64_t usec = SCTIME_USECS(ts);
strftime(time_fmt, sizeof(time_fmt), "%Y-%m-%dT%H:%M:%S.%%06" PRIi64 "%z", t);
snprintf(str, size, time_fmt, usec);
#endif
}
}
-void CreateUtcIsoTimeString (const struct timeval *ts, char *str, size_t size)
+void CreateUtcIsoTimeString(const SCTime_t ts, char *str, size_t size)
{
- time_t time = ts->tv_sec;
+ time_t time = SCTIME_SECS(ts);
struct tm local_tm;
memset(&local_tm, 0, sizeof(local_tm));
struct tm *t = (struct tm*)SCUtcTime(time, &local_tm);
if (likely(t != NULL)) {
char time_fmt[64] = { 0 };
strftime(time_fmt, sizeof(time_fmt), "%Y-%m-%dT%H:%M:%S", t);
- snprintf(str, size, time_fmt, ts->tv_usec);
+ snprintf(str, size, time_fmt, SCTIME_USECS(ts));
} else {
snprintf(str, size, "ts-error");
}
return localtime_r(&timep, result);
}
-void CreateTimeString (const struct timeval *ts, char *str, size_t size)
+void CreateTimeString(const SCTime_t ts, char *str, size_t size)
{
- time_t time = ts->tv_sec;
+ time_t time = SCTIME_SECS(ts);
struct tm local_tm;
struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
if (likely(t != NULL)) {
- snprintf(str, size, "%02d/%02d/%02d-%02d:%02d:%02d.%06u",
- t->tm_mon + 1, t->tm_mday, t->tm_year + 1900, t->tm_hour,
- t->tm_min, t->tm_sec, (uint32_t) ts->tv_usec);
+ snprintf(str, size, "%02d/%02d/%02d-%02d:%02d:%02d.%06u", t->tm_mon + 1, t->tm_mday,
+ t->tm_year + 1900, t->tm_hour, t->tm_min, t->tm_sec, (uint32_t)SCTIME_USECS(ts));
} else {
snprintf(str, size, "ts-error");
}
/** \brief Return a formatted string for the provided time.
*
* Cache the Month/Day/Year - Hours:Min part of the time string for
- * the current minute. Copy that result into the the return string and
+ * the current minute. Copy that result into the return string and
* then only print the seconds for each call.
*/
-void CreateTimeString (const struct timeval *ts, char *str, size_t size)
+void CreateTimeString(const SCTime_t ts, char *str, size_t size)
{
- time_t time = ts->tv_sec;
+ time_t time = SCTIME_SECS(ts);
int seconds;
/* Only get a new local time when the time crosses into a new
if (cached_len >= (int)size)
cached_len = size;
memcpy(str, cached_str, cached_len);
- snprintf(str + cached_len, size - cached_len,
- "%02d.%06u",
- seconds, (uint32_t) ts->tv_usec);
+ snprintf(str + cached_len, size - cached_len, "%02d.%06u", seconds, (uint32_t)SCTIME_USECS(ts));
}
#endif /* defined(__OpenBSD__) */
uint64_t TimeDifferenceMicros(struct timeval t0, struct timeval t1)
{
- return (uint64_t)(t1.tv_sec - t0.tv_sec) * 1000000 + (t1.tv_usec - t1.tv_usec);
+ return (uint64_t)(t1.tv_sec - t0.tv_sec) * 1000000L + (t1.tv_usec - t1.tv_usec);
}
#ifndef __UTIL_TIME_H__
#define __UTIL_TIME_H__
+typedef uint64_t SCTime_t;
+
+/*
+ * The SCTime_t member is broken up as
+ * seconds: 44
+ * useconds: 20
+ *
+ * Over 500000 years can be represented in 44 bits of seconds:
+ * 2^44/(365*24*60*60)
+ * 557855.560
+ * 1048576 microseconds can be represented in 20 bits:
+ * 2^20
+ * 1048576
+ */
+#define USECS_BITS 20
+#define USEC_BITMASK 0xfffff
+#define SCTIME_USECS(t) (SCTime_t)((t)&USEC_BITMASK)
+#define SCTIME_SECS(t) (SCTime_t)((time_t)((t) >> USECS_BITS))
+#define SCTIME_MSECS(t) (SCTime_t)(SCTIME_SECS(t) * 1000 + SCTIME_USECS(t) / 1000)
+#define SCTIME_FROM_SECS(secs) (SCTime_t)((((SCTime_t)(secs)) << USECS_BITS))
+#define SCTIME_FROM_USECS(usecs) (SCTime_t) SCTIME_USECS((usecs))
+#define SCTIME_FROM_TIMEVAL(tv) \
+ (SCTime_t)((SCTIME_FROM_SECS((tv)->tv_sec) + SCTIME_FROM_USECS((tv)->tv_usec)))
+#define SCTIME_FROM_TIMESPEC(ts) \
+ (SCTime_t)((SCTIME_FROM_SECS((ts)->tv_sec) + SCTIME_FROM_USECS((ts)->tv_nsec * 1000)))
+#define SCTIME_TO_TIMEVAL(tv, t) \
+ (tv)->tv_sec = SCTIME_SECS((t)); \
+ (tv)->tv_usec = SCTIME_USECS((t));
+#define SCTIME_CMP(a, b, CMP) \
+ ((SCTIME_SECS(a) == SCTIME_SECS(b)) ? (SCTIME_USECS(a) CMP SCTIME_USECS(b)) \
+ : (SCTIME_SECS(a) CMP SCTIME_SECS(b)))
+#define SCTIME_CMP_GT(a, b) SCTIME_CMP((a), (b), >)
+#define SCTIME_CMP_LT(a, b) SCTIME_CMP((a), (b), <)
+
void TimeInit(void);
void TimeDeinit(void);
-void TimeSetByThread(const int thread_id, const struct timeval *tv);
-void TimeGet(struct timeval *);
+void TimeSetByThread(const int thread_id, SCTime_t tv);
+SCTime_t TimeGet(void);
-/** \brief intialize a 'struct timespec' from a 'struct timeval'. */
+/** \brief initialize a 'struct timespec' from a 'struct timeval'. */
#define FROM_TIMEVAL(timev) { .tv_sec = (timev).tv_sec, .tv_nsec = (timev).tv_usec * 1000 }
static inline struct timeval TimevalWithSeconds(const struct timeval *ts, const time_t sec_add)
#endif
#ifdef UNITTESTS
-void TimeSet(struct timeval *);
+void TimeSet(SCTime_t);
void TimeSetToCurrentTime(void);
void TimeSetIncrementTime(uint32_t);
#endif
bool TimeModeIsLive(void);
struct tm *SCLocalTime(time_t timep, struct tm *result);
-void CreateTimeString(const struct timeval *ts, char *str, size_t size);
-void CreateIsoTimeString(const struct timeval *ts, char *str, size_t size);
-void CreateUtcIsoTimeString(const struct timeval *ts, char *str, size_t size);
+void CreateTimeString(const SCTime_t ts, char *str, size_t size);
+void CreateIsoTimeString(const SCTime_t ts, char *str, size_t size);
+void CreateUtcIsoTimeString(const SCTime_t ts, char *str, size_t size);
void CreateFormattedTimeString(const struct tm *t, const char * fmt, char *str, size_t size);
time_t SCMkTimeUtc(struct tm *tp);
int SCStringPatternToTime(char *string, const char **patterns,
if (unlikely(p == NULL))
return NULL;
- TimeGet(&p->ts);
+ p->ts = TimeGet();
p->src.family = AF_INET6;
p->dst.family = AF_INET6;
if (unlikely(p == NULL))
return NULL;
- struct timeval tv;
- TimeGet(&tv);
- COPY_TIMESTAMP(&tv, &p->ts);
+ p->ts = TimeGet();
p->src.family = AF_INET;
p->dst.family = AF_INET;
projects / thirdparty / suricata.git / commitdiff
