stream: track pcap log segments timestamp with SCTime_t

This is a more compact time format.
10 months ago · 3f85addaac
parent a739d7623b
commit 3f85addaac
4 changed files with 10 additions and 11 deletions
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@ -528,8 +528,10 @@ static int PcapLogSegmentCallback(
    struct PcapLogCallbackContext *pctx = (struct PcapLogCallbackContext *)data;

    if (seg->pcap_hdr_storage->pktlen) {
-        pctx->pl->h->ts.tv_sec = seg->pcap_hdr_storage->ts.tv_sec;
-        pctx->pl->h->ts.tv_usec = seg->pcap_hdr_storage->ts.tv_usec;
+        struct timeval tv;
+        SCTIME_TO_TIMEVAL(&tv, seg->pcap_hdr_storage->ts);
+        pctx->pl->h->ts.tv_sec = tv.tv_sec;
+        pctx->pl->h->ts.tv_usec = tv.tv_usec;
        pctx->pl->h->len = seg->pcap_hdr_storage->pktlen + buflen;
        pctx->pl->h->caplen = seg->pcap_hdr_storage->pktlen + buflen;
        MemBufferReset(pctx->buf);
--- a/src/stream-tcp-list.c
+++ b/src/stream-tcp-list.c
@ -569,8 +569,7 @@ static int DoHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, const Packet *pp)
 {
    if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > pp->payload_len) {
-        seg->pcap_hdr_storage->ts.tv_sec = SCTIME_SECS(rp->ts);
-        seg->pcap_hdr_storage->ts.tv_usec = SCTIME_USECS(rp->ts);
+        seg->pcap_hdr_storage->ts = rp->ts;
        seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - pp->payload_len;
        /*
         * pkt_hdr members are initially allocated 64 bytes of memory. Thus,
@ -582,8 +581,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c
                    seg->pcap_hdr_storage->alloclen, seg->pcap_hdr_storage->pktlen);
            if (tmp_pkt_hdr == NULL) {
                SCLogDebug("Failed to realloc");
-                seg->pcap_hdr_storage->ts.tv_sec = 0;
-                seg->pcap_hdr_storage->ts.tv_usec = 0;
+                seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER;
                seg->pcap_hdr_storage->pktlen = 0;
                return;
            } else {
@ -594,8 +592,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c
        memcpy(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_DATA(rp),
                (size_t)GET_PKT_LEN(rp) - pp->payload_len);
    } else {
-        seg->pcap_hdr_storage->ts.tv_sec = 0;
-        seg->pcap_hdr_storage->ts.tv_usec = 0;
+        seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER;
        seg->pcap_hdr_storage->pktlen = 0;
    }
 }
--- a/src/stream-tcp-private.h
+++ b/src/stream-tcp-private.h
@ -63,7 +63,7 @@ RB_PROTOTYPE(TCPSACK, StreamTcpSackRecord, rb, TcpSackCompare);
 * used if the session-dump option is enabled.
 */
 typedef struct TcpSegmentPcapHdrStorage_ {
-    struct timeval ts;
+    SCTime_t ts;
    uint32_t pktlen;
    uint32_t alloclen;
    uint8_t *pkt_hdr;
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -7022,8 +7022,8 @@ int StreamTcpSegmentForSession(
            }
            server_node = TCPSEG_RB_NEXT(server_node);
        } else {
-            if (TimevalEarlier(
-                        &client_node->pcap_hdr_storage->ts, &server_node->pcap_hdr_storage->ts)) {
+            if (SCTIME_CMP_LT(
+                        client_node->pcap_hdr_storage->ts, server_node->pcap_hdr_storage->ts)) {
                StreamingBufferSegmentGetData(
                        &client_stream->sb, &client_node->sbseg, &seg_data, &seg_datalen);
                ret = CallbackFunc(p, client_node, data, seg_data, seg_datalen);