flow json log: add 'shutdown' as flow end reason

When engine shuts down all flows in the hash are logged out. They
may not have timed out yet. So they are forced. Log the reason to
be 'shutdown'.

diff --git a/src/flow-manager.c b/src/flow-manager.c
index 2b2f939dae1d43d0c6efca3463c1cb6655a45f28..a42e6590b4f30e7b515297ce0ce2e0b019c81e3a 100644 (file)
--- a/src/flow-manager.c
+++ b/src/flow-manager.c
@@ -435,7 +435,7 @@ static uint32_t FlowManagerHashRowCleanup(Flow *f)
         else if (state == FLOW_STATE_CLOSED)
             f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED;
 
-        f->flow_end_flags |= FLOW_END_FLAG_TIMEOUT;
+        f->flow_end_flags |= FLOW_END_FLAG_SHUTDOWN;
 
         /* no one is referring to this flow, use_cnt 0, removed from hash
          * so we can unlock it and move it to the recycle queue. */

diff --git a/src/flow.h b/src/flow.h
index 194df001eb43db720899f3c31ab8ef2e3611f077..802f61fd2a855f40017deb8476db972db182c6b5 100644 (file)
--- a/src/flow.h
+++ b/src/flow.h
@@ -184,6 +184,7 @@ typedef struct AppLayerParserState_ AppLayerParserState;
 #define FLOW_END_FLAG_EMERGENCY         0x08
 #define FLOW_END_FLAG_TIMEOUT           0x10
 #define FLOW_END_FLAG_FORCED            0x20
+#define FLOW_END_FLAG_SHUTDOWN          0x40
 
 /** Mutex or RWLocks for the flow. */
 //#define FLOWLOCK_RWLOCK

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 100d9979b7e5054e0b42db35fdca65a5abb787b5..760234d4b162b1e456acc0b61ad072c44fe23e3e 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -229,6 +229,8 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
         reason = "timeout";
     else if (f->flow_end_flags & FLOW_END_FLAG_FORCED)
         reason = "forced";
+    else if (f->flow_end_flags & FLOW_END_FLAG_SHUTDOWN)
+        reason = "shutdown";
 
     json_object_set_new(hjs, "reason",
             json_string(reason));