From: Victor Julien <victor@inliniac.net>
Date: Tue, 6 May 2014 09:54:28 +0000 (+0200)
Subject: flow: track bytes per direction
X-Git-Tag: suricata-2.1beta1~60
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c66a29b67d07420d28e08dd2ad6e352793736fde;p=thirdparty%2Fsuricata.git

flow: track bytes per direction

Track bytes in both flow directions for logging purposes.
---

diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c
index bfe9b493a2..944aa7a76d 100644
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@@ -221,7 +221,7 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da
                              "FLOW PKTS TOSRC:   %"PRIu32"\n"
                              "FLOW Total Bytes:  %"PRIu64"\n",
                              p->flow->todstpktcnt, p->flow->tosrcpktcnt,
-                             p->flow->bytecnt);
+                             p->flow->todstbytecnt + p->flow->tosrcbytecnt);
 #endif
         MemBufferWriteString(aft->buffer,
                              "FLOW IPONLY SET:   TOSERVER: %s, TOCLIENT: %s\n"
diff --git a/src/flow-util.h b/src/flow-util.h
index 3ed8c2f6d5..cdffba38ca 100644
--- a/src/flow-util.h
+++ b/src/flow-util.h
@@ -33,7 +33,8 @@
 #define RESET_COUNTERS(f) do { \
         (f)->todstpktcnt = 0; \
         (f)->tosrcpktcnt = 0; \
-        (f)->bytecnt = 0; \
+        (f)->todstbytecnt = 0; \
+        (f)->tosrcbytecnt = 0; \
     } while (0)
 #else
 #define RESET_COUNTERS(f)
diff --git a/src/flow.c b/src/flow.c
index b18697bd1b..bcdad8285a 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -256,6 +256,7 @@ void FlowHandlePacket(ThreadVars *tv, Packet *p)
         }
 #ifdef DEBUG
         f->todstpktcnt++;
+        f->todstbytecnt += GET_PKT_LEN(p);
 #endif
         p->flowflags |= FLOW_PKT_TOSERVER;
     } else {
@@ -264,11 +265,11 @@ void FlowHandlePacket(ThreadVars *tv, Packet *p)
         }
 #ifdef DEBUG
         f->tosrcpktcnt++;
+        f->tosrcbytecnt += GET_PKT_LEN(p);
 #endif
         p->flowflags |= FLOW_PKT_TOCLIENT;
     }
 #ifdef DEBUG
-    f->bytecnt += GET_PKT_LEN(p);
 #endif
 
     if ((f->flags & FLOW_TO_DST_SEEN) && (f->flags & FLOW_TO_SRC_SEEN)) {
diff --git a/src/flow.h b/src/flow.h
index 6ede7c6b2a..ada1f993e0 100644
--- a/src/flow.h
+++ b/src/flow.h
@@ -380,7 +380,8 @@ typedef struct Flow_
 #ifdef DEBUG
     uint32_t todstpktcnt;
     uint32_t tosrcpktcnt;
-    uint64_t bytecnt;
+    uint64_t todstbytecnt;
+    uint64_t tosrcbytecnt;
 #endif
 } Flow;
 
diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 1ebfcfd382..db3ba7a785 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -193,8 +193,10 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
             json_integer(f->todstpktcnt));
     json_object_set_new(hjs, "pkts_toclient",
             json_integer(f->tosrcpktcnt));
-    json_object_set_new(hjs, "bytes",
-            json_integer(f->bytecnt));
+    json_object_set_new(hjs, "bytes_toserver",
+            json_integer(f->todstbytecnt));
+    json_object_set_new(hjs, "bytes_toclient",
+            json_integer(f->tosrcbytecnt));
 
 
 #endif