From: Victor Julien <victor@inliniac.net>
Date: Fri, 2 May 2014 07:54:16 +0000 (+0200)
Subject: flow-log: log TCP flags seen
X-Git-Tag: suricata-2.1beta1~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=672f6523a71b199778986adffddf5e7b1005aacb;p=thirdparty%2Fsuricata.git

flow-log: log TCP flags seen

Log TCP flags seen during the life time of a flow/session.
---

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 7416c5f2ef..b4464d8d6c 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -46,6 +46,8 @@
 #include "util-time.h"
 #include "output-json.h"
 
+#include "stream-tcp-private.h"
+
 #ifdef HAVE_LIBJANSSON
 #include <jansson.h>
 
@@ -194,6 +196,25 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
 #endif
 
     json_object_set_new(js, "flow", hjs);
+
+
+    /* TCP */
+    if (f->proto == IPPROTO_TCP) {
+        json_t *tjs = json_object();
+        if (tjs == NULL) {
+            return;
+        }
+
+        TcpSession *ssn = f->protoctx;
+
+        char hexflags[3] = "00";
+        if (ssn)
+            snprintf(hexflags, sizeof(hexflags), "%02x",
+                    ssn->tcp_packet_flags);
+        json_object_set_new(tjs, "tcp_flags", json_string(hexflags));
+
+        json_object_set_new(js, "tcp", tjs);
+    }
 }
 
 static int JsonFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)