if (new_tde != NULL) {
new_tde->next = FlowGetStorageById(p->flow, flow_tag_id);
FlowSetStorageById(p->flow, flow_tag_id, new_tde);
- SCLogDebug("adding tag with first_ts %u", new_tde->first_ts);
+ SCLogDebug(
+ "adding tag with first_ts %" PRIu64, (uint64_t)SCTIME_SECS(new_tde->first_ts));
(void) SC_ATOMIC_ADD(num_tags, 1);
}
} else if (tag_cnt == DETECT_TAG_MAX_TAGS) {
while (iter != NULL) {
/* update counters */
- iter->last_ts = SCTIME_SECS(p->ts);
+ iter->last_ts = p->ts;
switch (iter->metric) {
case DETECT_TAG_METRIC_PACKET:
iter->packets++;
case DETECT_TAG_METRIC_SECONDS:
/* last_ts handles this metric, but also a generic time based
* expiration to prevent dead sessions/hosts */
- if (iter->last_ts - iter->first_ts > iter->count) {
- SCLogDebug("flow tag expired: %u - %u = %u > %u",
- iter->last_ts, iter->first_ts,
- (iter->last_ts - iter->first_ts), iter->count);
+ if (SCTIME_SECS(iter->last_ts) - SCTIME_SECS(iter->first_ts) > iter->count) {
+ // cast needed as gcc and clang behave differently
+ SCLogDebug("flow tag expired: %" PRIu64 " - %" PRIu64 " = %" PRIu64 " > %u",
+ (uint64_t)SCTIME_SECS(iter->last_ts),
+ (uint64_t)SCTIME_SECS(iter->first_ts),
+ (uint64_t)(SCTIME_SECS(iter->last_ts) -
+ SCTIME_SECS(iter->first_ts)),
+ iter->count);
/* tag expired */
if (prev != NULL) {
tde = iter;
prev = NULL;
while (iter != NULL) {
/* update counters */
- iter->last_ts = SCTIME_SECS(p->ts);
+ iter->last_ts = p->ts;
switch (iter->metric) {
case DETECT_TAG_METRIC_PACKET:
iter->packets++;
case DETECT_TAG_METRIC_SECONDS:
/* last_ts handles this metric, but also a generic time based
* expiration to prevent dead sessions/hosts */
- if (iter->last_ts - iter->first_ts > iter->count) {
- SCLogDebug("host tag expired: %u - %u = %u > %u",
- iter->last_ts, iter->first_ts,
- (iter->last_ts - iter->first_ts), iter->count);
+ if (SCTIME_SECS(iter->last_ts) - SCTIME_SECS(iter->first_ts) > iter->count) {
+ SCLogDebug("host tag expired: %" PRIu64 " - %" PRIu64 " = %" PRIu64 " > %u",
+ (uint64_t)SCTIME_SECS(iter->last_ts),
+ (uint64_t)SCTIME_SECS(iter->first_ts),
+ (uint64_t)(SCTIME_SECS(iter->last_ts) -
+ SCTIME_SECS(iter->first_ts)),
+ iter->count);
/* tag expired */
if (prev != NULL) {
tde = iter;
prev = NULL;
while (tmp != NULL) {
- SCTime_t timeout_at = SCTIME_FROM_SECS(tmp->last_ts + TAG_MAX_LAST_TIME_SEEN);
+ SCTime_t timeout_at = SCTIME_ADD_SECS(tmp->last_ts, TAG_MAX_LAST_TIME_SEEN);
if (SCTIME_CMP_GTE(timeout_at, ts)) {
prev = tmp;
tmp = tmp->next;
tde.sid = s->id;
tde.gid = s->gid;
- tde.last_ts = tde.first_ts = SCTIME_SECS(p->ts);
+ tde.last_ts = tde.first_ts = p->ts;
tde.metric = td->metric;
tde.count = td->count;
if (td->direction == DETECT_TAG_DIR_SRC)
/* If it already exists it will be updated */
tde.sid = s->id;
tde.gid = s->gid;
- tde.last_ts = tde.first_ts = SCTIME_SECS(p->ts);
+ tde.last_ts = tde.first_ts = p->ts;
tde.metric = td->metric;
tde.count = td->count;
- SCLogDebug("Adding to or updating flow; first_ts %u count %u",
- tde.first_ts, tde.count);
+ SCLogDebug("Adding to or updating flow; first_ts %" PRIu64 " count %u",
+ (uint64_t)SCTIME_SECS(tde.first_ts), tde.count);
TagFlowAdd(p, &tde);
} else {
SCLogDebug("No flow to append the session tag");
projects / thirdparty / suricata.git / commitdiff
