SCLogDebug("detection_filter");
if (lookup_tsh != NULL) {
- if ((p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
+ long double time_diff = ((p->ts.tv_sec + p->ts.tv_usec/1000000.0) -
+ (lookup_tsh->tv_sec1 + lookup_tsh->tv_usec1/1000000.0));
+
+ if (time_diff < td->seconds) {
/* within timeout */
lookup_tsh->current_count++;
/* expired, reset */
lookup_tsh->tv_sec1 = p->ts.tv_sec;
+ lookup_tsh->tv_usec1 = p->ts.tv_usec;
lookup_tsh->current_count = 1;
}
} else {
e->current_count = 1;
e->tv_sec1 = p->ts.tv_sec;
+ e->tv_usec1 = p->ts.tv_usec;
e->next = h->threshold;
h->threshold = e;
its not "seconds", that define the time interval */
uint32_t seconds; /**< Event seconds */
uint32_t tv_sec1; /**< Var for time control */
+ uint32_t tv_usec1; /**< Var for time control */
uint32_t current_count; /**< Var for count control */
int track; /**< Track type: by_src, by_src */
projects / thirdparty / suricata.git / commitdiff
