eve/flow: log tcp reuse as 'reason'

Ticket: #7482.

diff --git a/src/flow-hash.c b/src/flow-hash.c
index fcd957c72e27282c82d243d8861044872f048ee4..bdcc0dc440061d46a89c0f9322f674e45f7c9e4b 100644 (file)
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@@ -768,6 +768,7 @@ static Flow *TcpReuseReplace(ThreadVars *tv, FlowLookupStruct *fls, FlowBucket *
     old_f->timeout_at = 0;
     /* get some settings that we move over to the new flow */
     FlowThreadId thread_id[2] = { old_f->thread_id[0], old_f->thread_id[1] };
+    old_f->flow_end_flags |= FLOW_END_FLAG_TCPREUSE;
 
     /* flow is unlocked by caller */
 

diff --git a/src/flow.h b/src/flow.h
index 554f9fca4a323ed67a516cf6285083fc13b9d60f..dc3b09afd47f0956c4324747d4d41b0db9ff4c12 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -244,6 +244,7 @@ typedef struct AppLayerParserState_ AppLayerParserState;
 #define FLOW_END_FLAG_TIMEOUT   0x02
 #define FLOW_END_FLAG_FORCED    0x04
 #define FLOW_END_FLAG_SHUTDOWN  0x08
+#define FLOW_END_FLAG_TCPREUSE  0x10
 
 /** Mutex or RWLocks for the flow. */
 //#define FLOWLOCK_RWLOCK

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 015c72f8c7bcdb4b32eaaacb2a31ca8ba9c6ae48..d30866636f170737994105e99ea16d738e9af4cd 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -258,7 +258,9 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
     }
 
     const char *reason = NULL;
-    if (f->flow_end_flags & FLOW_END_FLAG_FORCED)
+    if (f->flow_end_flags & FLOW_END_FLAG_TCPREUSE)
+        reason = "tcp_reuse";
+    else if (f->flow_end_flags & FLOW_END_FLAG_FORCED)
         reason = "forced";
     else if (f->flow_end_flags & FLOW_END_FLAG_SHUTDOWN)
         reason = "shutdown";