From: Victor Julien Date: Sat, 12 Oct 2024 04:58:34 +0000 (+0200) Subject: stream: track pcap log segments timestamp with SCTime_t X-Git-Tag: suricata-8.0.0-beta1~759 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f85addaac62446466b9552a55ee59a42a1bfa0c;p=thirdparty%2Fsuricata.git stream: track pcap log segments timestamp with SCTime_t This is a more compact time format. --- diff --git a/src/log-pcap.c b/src/log-pcap.c index e62a03dd80..a930d98fa3 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -528,8 +528,10 @@ static int PcapLogSegmentCallback( struct PcapLogCallbackContext *pctx = (struct PcapLogCallbackContext *)data; if (seg->pcap_hdr_storage->pktlen) { - pctx->pl->h->ts.tv_sec = seg->pcap_hdr_storage->ts.tv_sec; - pctx->pl->h->ts.tv_usec = seg->pcap_hdr_storage->ts.tv_usec; + struct timeval tv; + SCTIME_TO_TIMEVAL(&tv, seg->pcap_hdr_storage->ts); + pctx->pl->h->ts.tv_sec = tv.tv_sec; + pctx->pl->h->ts.tv_usec = tv.tv_usec; pctx->pl->h->len = seg->pcap_hdr_storage->pktlen + buflen; pctx->pl->h->caplen = seg->pcap_hdr_storage->pktlen + buflen; MemBufferReset(pctx->buf); diff --git a/src/stream-tcp-list.c b/src/stream-tcp-list.c index 25fdd9ca9f..0e6499337a 100644 --- a/src/stream-tcp-list.c +++ b/src/stream-tcp-list.c @@ -569,8 +569,7 @@ static int DoHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, const Packet *pp) { if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > pp->payload_len) { - seg->pcap_hdr_storage->ts.tv_sec = SCTIME_SECS(rp->ts); - seg->pcap_hdr_storage->ts.tv_usec = SCTIME_USECS(rp->ts); + seg->pcap_hdr_storage->ts = rp->ts; seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - pp->payload_len; /* * pkt_hdr members are initially allocated 64 bytes of memory. Thus, @@ -582,8 +581,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c seg->pcap_hdr_storage->alloclen, seg->pcap_hdr_storage->pktlen); if (tmp_pkt_hdr == NULL) { SCLogDebug("Failed to realloc"); - seg->pcap_hdr_storage->ts.tv_sec = 0; - seg->pcap_hdr_storage->ts.tv_usec = 0; + seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER; seg->pcap_hdr_storage->pktlen = 0; return; } else { @@ -594,8 +592,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c memcpy(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_DATA(rp), (size_t)GET_PKT_LEN(rp) - pp->payload_len); } else { - seg->pcap_hdr_storage->ts.tv_sec = 0; - seg->pcap_hdr_storage->ts.tv_usec = 0; + seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER; seg->pcap_hdr_storage->pktlen = 0; } } diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h index 6873a56b91..4c425a8b39 100644 --- a/src/stream-tcp-private.h +++ b/src/stream-tcp-private.h @@ -63,7 +63,7 @@ RB_PROTOTYPE(TCPSACK, StreamTcpSackRecord, rb, TcpSackCompare); * used if the session-dump option is enabled. */ typedef struct TcpSegmentPcapHdrStorage_ { - struct timeval ts; + SCTime_t ts; uint32_t pktlen; uint32_t alloclen; uint8_t *pkt_hdr; diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 9b3fe73eb6..eafedc187c 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -7022,8 +7022,8 @@ int StreamTcpSegmentForSession( } server_node = TCPSEG_RB_NEXT(server_node); } else { - if (TimevalEarlier( - &client_node->pcap_hdr_storage->ts, &server_node->pcap_hdr_storage->ts)) { + if (SCTIME_CMP_LT( + client_node->pcap_hdr_storage->ts, server_node->pcap_hdr_storage->ts)) { StreamingBufferSegmentGetData( &client_stream->sb, &client_node->sbseg, &seg_data, &seg_datalen); ret = CallbackFunc(p, client_node, data, seg_data, seg_datalen);