From: Eric Leblond <el@stamus-networks.com>
Date: Tue, 23 Mar 2021 22:45:22 +0000 (+0100)
Subject: json/flow: log if flow had gap in TCP
X-Git-Tag: suricata-7.0.0-beta1~111
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06b6f85c1f8f154925ef4e7aa0e1acd567c1c786;p=thirdparty%2Fsuricata.git

json/flow: log if flow had gap in TCP
---

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 0aa74ba86f..f817bc1fb2 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -309,6 +309,12 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
             const char *tcp_state = StreamTcpStateAsString(ssn->state);
             if (tcp_state != NULL)
                 jb_set_string(jb, "state", tcp_state);
+            if (FlowHasGaps(f, STREAM_TOCLIENT)) {
+                JB_SET_TRUE(jb, "tc_gap");
+            }
+            if (FlowHasGaps(f, STREAM_TOSERVER)) {
+                JB_SET_TRUE(jb, "ts_gap");
+            }
         }
 
         /* Close tcp. */