eve/stream: log tcp reuse flag in packets

diff --git a/src/flow-hash.c b/src/flow-hash.c
index d90c32889c93b22c71139b47cacac530235315e0..a4424a3bc6e69b37f5c3fbf8cb519b364e0fc189 100644 (file)
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@@ -720,6 +720,8 @@ static Flow *TcpReuseReplace(ThreadVars *tv, FlowLookupStruct *fls, FlowBucket *
 
     f->thread_id[0] = thread_id[0];
     f->thread_id[1] = thread_id[1];
+
+    STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_TCP_PORT_REUSE);
     return f;
 }
 

diff --git a/src/output-eve-stream.c b/src/output-eve-stream.c
index 2aa6dfe5c206af195bf04b97a74d3f1a73f9dea0..15735bf8192409657011402e984fa9a83eb0607f 100644 (file)
--- a/src/output-eve-stream.c
+++ b/src/output-eve-stream.c
@@ -348,6 +348,8 @@ static int EveStreamLogger(ThreadVars *tv, void *thread_data, const Packet *p)
             jb_append_string(js, "dsack");
         if (p->tcpvars.stream_pkt_flags & STREAM_PKT_FLAG_ACK_UNSEEN_DATA)
             jb_append_string(js, "ack_unseen_data");
+        if (p->tcpvars.stream_pkt_flags & STREAM_PKT_FLAG_TCP_PORT_REUSE)
+            jb_append_string(js, "tcp_port_reuse");
         jb_close(js);
     }
     jb_close(js);

diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h
index e006596ac1971aa345a9f9274eb5a2e94059edea..ec3366ce00f8d3870deed4be7cee8e9d6a9fa62c 100644 (file)
--- a/src/stream-tcp-private.h
+++ b/src/stream-tcp-private.h
@@ -309,6 +309,7 @@ typedef struct TcpSession_ {
 #define STREAM_PKT_FLAG_DUP_ACK                 BIT_U16(7)
 #define STREAM_PKT_FLAG_DSACK                   BIT_U16(8)
 #define STREAM_PKT_FLAG_ACK_UNSEEN_DATA         BIT_U16(9)
+#define STREAM_PKT_FLAG_TCP_PORT_REUSE          BIT_U16(10)
 
 #define STREAM_PKT_FLAG_SET(p, f) (p)->tcpvars.stream_pkt_flags |= (f)