diff --git a/configure.in b/configure.in index 02750f1b28..14f296dd5a 100644 --- a/configure.in +++ b/configure.in @@ -582,6 +582,15 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)]) CFLAGS="${CFLAGS} -DUNITTESTS" fi +# enable native timeval for unified alert output + AC_ARG_ENABLE(unified-native-timeval, + [ --enable-unified-native-timeval Use native timeval for unified outputs], + [ enable_unified_native_timeval=yes + ]) + if test "$enable_unified_native_timeval" = "yes"; then + CFLAGS="${CFLAGS} -DUNIFIED_NATIVE_TIMEVAL" + fi + # enable debug output AC_ARG_ENABLE(debug, [ --enable-debug Enable debug output], diff --git a/src/alert-unified-alert.c b/src/alert-unified-alert.c index 437f18a34b..5107e8710e 100644 --- a/src/alert-unified-alert.c +++ b/src/alert-unified-alert.c @@ -83,8 +83,13 @@ typedef struct AlertUnifiedAlertPacketHeader_ { uint32_t sig_prio; uint32_t pad1; /* Snort's event_id */ uint32_t pad2; /* Snort's event_reference */ +#ifdef UNIFIED_NATIVE_TIMEVAL + struct timeval ref_ts; /* Reference timestamp. */ + struct timeval ts; /* Timestamp. */ +#else struct sc_timeval32 ref_ts; /* Reference timestamp. */ struct sc_timeval32 ts; /* Timestamp. */ +#endif /* UNIFIED_NATIVE_TIMEVAL */ uint32_t src_ip; uint32_t dst_ip; uint16_t sp; diff --git a/src/alert-unified-log.c b/src/alert-unified-log.c index 830fe9179c..a7ef6ed4a6 100644 --- a/src/alert-unified-log.c +++ b/src/alert-unified-log.c @@ -86,13 +86,21 @@ typedef struct AlertUnifiedLogPacketHeader_ { uint32_t sig_prio; uint32_t pad1; /* Snort's event_id */ uint32_t pad2; /* Snort's event_reference */ +#ifdef UNIFIED_NATIVE_TIMEVAL + struct timeval ref_tv; +#else struct sc_timeval32 ref_tv; +#endif /* UNIFIED_NATIVE_TIMEVAL */ /* 32 bit unsigned flags */ uint32_t pktflags; /* Snort's 'SnortPktHeader' structure */ +#ifdef UNIFIED_NATIVE_TIMEVAL + struct timeval tv; +#else struct sc_timeval32 tv; +#endif /* UNIFIED_NATIVE_TIMEVAL */ uint32_t caplen; uint32_t pktlen; } AlertUnifiedLogPacketHeader;