From: Victor Julien Date: Wed, 1 Oct 2014 07:09:15 +0000 (+0200) Subject: flow json log: add 'shutdown' as flow end reason X-Git-Tag: suricata-2.1beta2~93 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1143%2Fhead;p=thirdparty%2Fsuricata.git flow json log: add 'shutdown' as flow end reason When engine shuts down all flows in the hash are logged out. They may not have timed out yet. So they are forced. Log the reason to be 'shutdown'. --- diff --git a/src/flow-manager.c b/src/flow-manager.c index 2b2f939dae..a42e6590b4 100644 --- a/src/flow-manager.c +++ b/src/flow-manager.c @@ -435,7 +435,7 @@ static uint32_t FlowManagerHashRowCleanup(Flow *f) else if (state == FLOW_STATE_CLOSED) f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED; - f->flow_end_flags |= FLOW_END_FLAG_TIMEOUT; + f->flow_end_flags |= FLOW_END_FLAG_SHUTDOWN; /* no one is referring to this flow, use_cnt 0, removed from hash * so we can unlock it and move it to the recycle queue. */ diff --git a/src/flow.h b/src/flow.h index 194df001eb..802f61fd2a 100644 --- a/src/flow.h +++ b/src/flow.h @@ -184,6 +184,7 @@ typedef struct AppLayerParserState_ AppLayerParserState; #define FLOW_END_FLAG_EMERGENCY 0x08 #define FLOW_END_FLAG_TIMEOUT 0x10 #define FLOW_END_FLAG_FORCED 0x20 +#define FLOW_END_FLAG_SHUTDOWN 0x40 /** Mutex or RWLocks for the flow. */ //#define FLOWLOCK_RWLOCK diff --git a/src/output-json-flow.c b/src/output-json-flow.c index 100d9979b7..760234d4b1 100644 --- a/src/output-json-flow.c +++ b/src/output-json-flow.c @@ -229,6 +229,8 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f) reason = "timeout"; else if (f->flow_end_flags & FLOW_END_FLAG_FORCED) reason = "forced"; + else if (f->flow_end_flags & FLOW_END_FLAG_SHUTDOWN) + reason = "shutdown"; json_object_set_new(hjs, "reason", json_string(reason));