From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 May 2014 13:37:10 +0000 (+0200)
Subject: flow-log: log TCP flags per direction
X-Git-Tag: suricata-2.1beta1~50
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=07b7f66f3ccc3ab7627769c872fdbc3bfb179f57;p=thirdparty%2Fsuricata.git

flow-log: log TCP flags per direction

In addition to flags for the entire session, also log out TCP flags
for both directions separately.
---

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 3579bb5e76..685010ef1d 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -221,12 +221,19 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
 
         TcpSession *ssn = f->protoctx;
 
-        char hexflags[3] = "00";
-        if (ssn)
-            snprintf(hexflags, sizeof(hexflags), "%02x",
-                    ssn->tcp_packet_flags);
+        char hexflags[3] = "";
+        snprintf(hexflags, sizeof(hexflags), "%02x",
+                ssn ? ssn->tcp_packet_flags : 0);
         json_object_set_new(tjs, "tcp_flags", json_string(hexflags));
 
+        snprintf(hexflags, sizeof(hexflags), "%02x",
+                ssn ? ssn->client.tcp_flags : 0);
+        json_object_set_new(tjs, "tcp_flags_ts", json_string(hexflags));
+
+        snprintf(hexflags, sizeof(hexflags), "%02x",
+                ssn ? ssn->server.tcp_flags : 0);
+        json_object_set_new(tjs, "tcp_flags_tc", json_string(hexflags));
+
         json_object_set_new(js, "tcp", tjs);
     }
 }