flow-log: log TCP flags per direction

In addition to flags for the entire session, also log out TCP flags for both directions separately.
11 years ago · 07b7f66f3c
parent 3bb0ccba98
commit 07b7f66f3c
1 changed files with 11 additions and 4 deletions
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@ -221,12 +221,19 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)

        TcpSession *ssn = f->protoctx;

-        char hexflags[3] = "00";
-        if (ssn)
-            snprintf(hexflags, sizeof(hexflags), "%02x",
-                    ssn->tcp_packet_flags);
+        char hexflags[3] = "";
+        snprintf(hexflags, sizeof(hexflags), "%02x",
+                ssn ? ssn->tcp_packet_flags : 0);
        json_object_set_new(tjs, "tcp_flags", json_string(hexflags));

+        snprintf(hexflags, sizeof(hexflags), "%02x",
+                ssn ? ssn->client.tcp_flags : 0);
+        json_object_set_new(tjs, "tcp_flags_ts", json_string(hexflags));
+
+        snprintf(hexflags, sizeof(hexflags), "%02x",
+                ssn ? ssn->server.tcp_flags : 0);
+        json_object_set_new(tjs, "tcp_flags_tc", json_string(hexflags));
+
        json_object_set_new(js, "tcp", tjs);
    }
 }