From: Eric Leblond Date: Thu, 25 Mar 2021 23:13:43 +0000 (+0100) Subject: flow: change flow id computation method X-Git-Tag: suricata-7.0.0-beta1~110 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06756314d61af5c4143e311472b9d16f3da2b7db;p=thirdparty%2Fsuricata.git flow: change flow id computation method Previous method was truncating the flow hash value when building the flow_id. It is interesting not to loose the flow hash value as it can be used in other tools or to interact with a flow that is still active. --- diff --git a/src/flow.h b/src/flow.h index a238ff0b99..ac9c314dab 100644 --- a/src/flow.h +++ b/src/flow.h @@ -691,9 +691,8 @@ static inline void FlowDeReference(Flow **d) */ static inline int64_t FlowGetId(const Flow *f) { - int64_t id = (int64_t)f->flow_hash << 31 | - (int64_t)(f->startts.tv_sec & 0x0000FFFF) << 16 | - (int64_t)(f->startts.tv_usec & 0x0000FFFF); + int64_t id = (uint64_t)(f->startts.tv_sec & 0x0000FFFF) << 48 | + (uint64_t)(f->startts.tv_usec & 0x0000FFFF) << 32 | (int64_t)f->flow_hash; /* reduce to 51 bits as Javascript and even JSON often seem to * max out there. */ id &= 0x7ffffffffffffLL;