From 3f85addaac62446466b9552a55ee59a42a1bfa0c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 12 Oct 2024 06:58:34 +0200 Subject: [PATCH] stream: track pcap log segments timestamp with SCTime_t This is a more compact time format. --- src/log-pcap.c | 6 ++++-- src/stream-tcp-list.c | 9 +++------ src/stream-tcp-private.h | 2 +- src/stream-tcp.c | 4 ++-- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/log-pcap.c b/src/log-pcap.c index e62a03dd80..a930d98fa3 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -528,8 +528,10 @@ static int PcapLogSegmentCallback( struct PcapLogCallbackContext *pctx = (struct PcapLogCallbackContext *)data; if (seg->pcap_hdr_storage->pktlen) { - pctx->pl->h->ts.tv_sec = seg->pcap_hdr_storage->ts.tv_sec; - pctx->pl->h->ts.tv_usec = seg->pcap_hdr_storage->ts.tv_usec; + struct timeval tv; + SCTIME_TO_TIMEVAL(&tv, seg->pcap_hdr_storage->ts); + pctx->pl->h->ts.tv_sec = tv.tv_sec; + pctx->pl->h->ts.tv_usec = tv.tv_usec; pctx->pl->h->len = seg->pcap_hdr_storage->pktlen + buflen; pctx->pl->h->caplen = seg->pcap_hdr_storage->pktlen + buflen; MemBufferReset(pctx->buf); diff --git a/src/stream-tcp-list.c b/src/stream-tcp-list.c index 25fdd9ca9f..0e6499337a 100644 --- a/src/stream-tcp-list.c +++ b/src/stream-tcp-list.c @@ -569,8 +569,7 @@ static int DoHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, const Packet *pp) { if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > pp->payload_len) { - seg->pcap_hdr_storage->ts.tv_sec = SCTIME_SECS(rp->ts); - seg->pcap_hdr_storage->ts.tv_usec = SCTIME_USECS(rp->ts); + seg->pcap_hdr_storage->ts = rp->ts; seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - pp->payload_len; /* * pkt_hdr members are initially allocated 64 bytes of memory. Thus, @@ -582,8 +581,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c seg->pcap_hdr_storage->alloclen, seg->pcap_hdr_storage->pktlen); if (tmp_pkt_hdr == NULL) { SCLogDebug("Failed to realloc"); - seg->pcap_hdr_storage->ts.tv_sec = 0; - seg->pcap_hdr_storage->ts.tv_usec = 0; + seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER; seg->pcap_hdr_storage->pktlen = 0; return; } else { @@ -594,8 +592,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c memcpy(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_DATA(rp), (size_t)GET_PKT_LEN(rp) - pp->payload_len); } else { - seg->pcap_hdr_storage->ts.tv_sec = 0; - seg->pcap_hdr_storage->ts.tv_usec = 0; + seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER; seg->pcap_hdr_storage->pktlen = 0; } } diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h index 6873a56b91..4c425a8b39 100644 --- a/src/stream-tcp-private.h +++ b/src/stream-tcp-private.h @@ -63,7 +63,7 @@ RB_PROTOTYPE(TCPSACK, StreamTcpSackRecord, rb, TcpSackCompare); * used if the session-dump option is enabled. */ typedef struct TcpSegmentPcapHdrStorage_ { - struct timeval ts; + SCTime_t ts; uint32_t pktlen; uint32_t alloclen; uint8_t *pkt_hdr; diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 9b3fe73eb6..eafedc187c 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -7022,8 +7022,8 @@ int StreamTcpSegmentForSession( } server_node = TCPSEG_RB_NEXT(server_node); } else { - if (TimevalEarlier( - &client_node->pcap_hdr_storage->ts, &server_node->pcap_hdr_storage->ts)) { + if (SCTIME_CMP_LT( + client_node->pcap_hdr_storage->ts, server_node->pcap_hdr_storage->ts)) { StreamingBufferSegmentGetData( &client_stream->sb, &client_node->sbseg, &seg_data, &seg_datalen); ret = CallbackFunc(p, client_node, data, seg_data, seg_datalen);