eve/flow: log flow state directly

No need to first turn it into a flags field.

diff --git a/src/flow.h b/src/flow.h
index bf28d02a581229148145d2d9ea354bb8ea671886..554f9fca4a323ed67a516cf6285083fc13b9d60f 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -240,14 +240,10 @@ typedef struct AppLayerParserState_ AppLayerParserState;
  *  logging, etc. */
 #define FLOW_PKT_LAST_PSEUDO            0x80
 
-#define FLOW_END_FLAG_STATE_NEW         0x01
-#define FLOW_END_FLAG_STATE_ESTABLISHED 0x02
-#define FLOW_END_FLAG_STATE_CLOSED      0x04
-#define FLOW_END_FLAG_EMERGENCY         0x08
-#define FLOW_END_FLAG_TIMEOUT           0x10
-#define FLOW_END_FLAG_FORCED            0x20
-#define FLOW_END_FLAG_SHUTDOWN          0x40
-#define FLOW_END_FLAG_STATE_BYPASSED    0x80
+#define FLOW_END_FLAG_EMERGENCY 0x01
+#define FLOW_END_FLAG_TIMEOUT   0x02
+#define FLOW_END_FLAG_FORCED    0x04
+#define FLOW_END_FLAG_SHUTDOWN  0x08
 
 /** Mutex or RWLocks for the flow. */
 //#define FLOWLOCK_RWLOCK
@@ -670,23 +666,6 @@ static inline int64_t FlowGetId(const Flow *f)
     return id;
 }
 
-static inline void FlowSetEndFlags(Flow *f)
-{
-    const int state = f->flow_state;
-    if (state == FLOW_STATE_NEW)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_NEW;
-    else if (state == FLOW_STATE_ESTABLISHED)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_ESTABLISHED;
-    else if (state == FLOW_STATE_CLOSED)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED;
-    else if (state == FLOW_STATE_LOCAL_BYPASSED)
-        f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED;
-#ifdef CAPTURE_OFFLOAD
-    else if (state == FLOW_STATE_CAPTURE_BYPASSED)
-        f->flow_end_flags = FLOW_END_FLAG_STATE_BYPASSED;
-#endif
-}
-
 static inline bool FlowIsBypassed(const Flow *f)
 {
     if (

diff --git a/src/output-flow.c b/src/output-flow.c
index b6d7bc3cdc56b46e02e0a191eb0fd7b3721e3c2a..d707ebdecbaf33fd3b282b68d51264c7642a9c4f 100644 (file)
--- a/src/output-flow.c
+++ b/src/output-flow.c
@@ -91,8 +91,6 @@ TmEcode OutputFlowLog(ThreadVars *tv, void *thread_data, Flow *f)
     if (list == NULL)
         return TM_ECODE_OK;
 
-    FlowSetEndFlags(f);
-
     OutputFlowLoggerThreadData *op_thread_data = (OutputFlowLoggerThreadData *)thread_data;
     OutputFlowLogger *logger = list;
     OutputLoggerThreadStore *store = op_thread_data->store;

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index e1d500067b31e6e198767aa2c46a0ff158db01f0..14f62aa0040159e64adf27e7ee62b66e4e207aa5 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -230,32 +230,32 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
 
     if (f->flow_end_flags & FLOW_END_FLAG_EMERGENCY)
         JB_SET_TRUE(jb, "emergency");
-    const char *state = NULL;
-    if (f->flow_end_flags & FLOW_END_FLAG_STATE_NEW)
-        state = "new";
-    else if (f->flow_end_flags & FLOW_END_FLAG_STATE_ESTABLISHED)
-        state = "established";
-    else if (f->flow_end_flags & FLOW_END_FLAG_STATE_CLOSED)
-        state = "closed";
-    else if (f->flow_end_flags & FLOW_END_FLAG_STATE_BYPASSED) {
-        state = "bypassed";
-        int flow_state = f->flow_state;
-        switch (flow_state) {
-            case FLOW_STATE_LOCAL_BYPASSED:
-                JB_SET_STRING(jb, "bypass", "local");
-                break;
+
+    const int flow_state = f->flow_state;
+    switch (flow_state) {
+        case FLOW_STATE_NEW:
+            JB_SET_STRING(jb, "state", "new");
+            break;
+        case FLOW_STATE_ESTABLISHED:
+            JB_SET_STRING(jb, "state", "established");
+            break;
+        case FLOW_STATE_CLOSED:
+            JB_SET_STRING(jb, "state", "closed");
+            break;
+        case FLOW_STATE_LOCAL_BYPASSED:
+            JB_SET_STRING(jb, "state", "bypassed");
+            JB_SET_STRING(jb, "bypass", "local");
+            break;
 #ifdef CAPTURE_OFFLOAD
-            case FLOW_STATE_CAPTURE_BYPASSED:
-                JB_SET_STRING(jb, "bypass", "capture");
-                break;
+        case FLOW_STATE_CAPTURE_BYPASSED:
+            JB_SET_STRING(jb, "state", "bypassed");
+            JB_SET_STRING(jb, "bypass", "capture");
+            break;
 #endif
-            default:
-                SCLogError("Invalid flow state: %d, contact developers", flow_state);
-        }
+        default:
+            SCLogError("Invalid flow state: %d, contact developers", flow_state);
     }
 
-    jb_set_string(jb, "state", state);
-
     const char *reason = NULL;
     if (f->flow_end_flags & FLOW_END_FLAG_FORCED)
         reason = "forced";