flow log: log TCP state

Log the TCP state at timeout.

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index d5f51593e01ea711b761cacccf92ca00c0325a63..869bdc0f18287dcc504e577cb4ccb847d942f6f4 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -236,6 +236,49 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
 
         JsonTcpFlags(ssn ? ssn->tcp_packet_flags : 0, tjs);
 
+        if (ssn) {
+            char *state = NULL;
+            switch (ssn->state) {
+                case TCP_NONE:
+                    state = "none";
+                    break;
+                case TCP_LISTEN:
+                    state = "listen";
+                    break;
+                case TCP_SYN_SENT:
+                    state = "syn_sent";
+                    break;
+                case TCP_SYN_RECV:
+                    state = "syn_recv";
+                    break;
+                case TCP_ESTABLISHED:
+                    state = "established";
+                    break;
+                case TCP_FIN_WAIT1:
+                    state = "fin_wait1";
+                    break;
+                case TCP_FIN_WAIT2:
+                    state = "fin_wait2";
+                    break;
+                case TCP_TIME_WAIT:
+                    state = "time_wait";
+                    break;
+                case TCP_LAST_ACK:
+                    state = "last_ack";
+                    break;
+                case TCP_CLOSE_WAIT:
+                    state = "close_wait";
+                    break;
+                case TCP_CLOSING:
+                    state = "closing";
+                    break;
+                case TCP_CLOSED:
+                    state = "closed";
+                    break;
+            }
+            json_object_set_new(tjs, "state", json_string(state));
+        }
+
         json_object_set_new(js, "tcp", tjs);
     }
 }