stream: track pcap log segments timestamp with SCTime_t

This is a more compact time format.

src/log-pcap.c

@@ -528,8 +528,10 @@ static int PcapLogSegmentCallback(
     struct PcapLogCallbackContext *pctx = (struct PcapLogCallbackContext *)data;
 
     if (seg->pcap_hdr_storage->pktlen) {
-        pctx->pl->h->ts.tv_sec = seg->pcap_hdr_storage->ts.tv_sec;
+        struct timeval tv;
-        pctx->pl->h->ts.tv_usec = seg->pcap_hdr_storage->ts.tv_usec;
+        SCTIME_TO_TIMEVAL(&tv, seg->pcap_hdr_storage->ts);
+        pctx->pl->h->ts.tv_sec = tv.tv_sec;
+        pctx->pl->h->ts.tv_usec = tv.tv_usec;
         pctx->pl->h->len = seg->pcap_hdr_storage->pktlen + buflen;
         pctx->pl->h->caplen = seg->pcap_hdr_storage->pktlen + buflen;
         MemBufferReset(pctx->buf);

src/stream-tcp-list.c

@@ -569,8 +569,7 @@ static int DoHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, const Packet *pp)
 {
     if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > pp->payload_len) {
-        seg->pcap_hdr_storage->ts.tv_sec = SCTIME_SECS(rp->ts);
+        seg->pcap_hdr_storage->ts = rp->ts;
-        seg->pcap_hdr_storage->ts.tv_usec = SCTIME_USECS(rp->ts);
         seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - pp->payload_len;
         /*
          * pkt_hdr members are initially allocated 64 bytes of memory. Thus,
@@ -582,8 +581,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c
                     seg->pcap_hdr_storage->alloclen, seg->pcap_hdr_storage->pktlen);
             if (tmp_pkt_hdr == NULL) {
                 SCLogDebug("Failed to realloc");
-                seg->pcap_hdr_storage->ts.tv_sec = 0;
+                seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER;
-                seg->pcap_hdr_storage->ts.tv_usec = 0;
                 seg->pcap_hdr_storage->pktlen = 0;
                 return;
             } else {
@@ -594,8 +592,7 @@ static void StreamTcpSegmentAddPacketDataDo(TcpSegment *seg, const Packet *rp, c
         memcpy(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_DATA(rp),
                 (size_t)GET_PKT_LEN(rp) - pp->payload_len);
     } else {
-        seg->pcap_hdr_storage->ts.tv_sec = 0;
+        seg->pcap_hdr_storage->ts = SCTIME_INITIALIZER;
-        seg->pcap_hdr_storage->ts.tv_usec = 0;
         seg->pcap_hdr_storage->pktlen = 0;
     }
 }

src/stream-tcp-private.h

@@ -63,7 +63,7 @@ RB_PROTOTYPE(TCPSACK, StreamTcpSackRecord, rb, TcpSackCompare);
  * used if the session-dump option is enabled.
  */
 typedef struct TcpSegmentPcapHdrStorage_ {
-    struct timeval ts;
+    SCTime_t ts;
     uint32_t pktlen;
     uint32_t alloclen;
     uint8_t *pkt_hdr;

src/stream-tcp.c

@@ -7022,8 +7022,8 @@ int StreamTcpSegmentForSession(
             }
             server_node = TCPSEG_RB_NEXT(server_node);
         } else {
-            if (TimevalEarlier(
+            if (SCTIME_CMP_LT(
-                        &client_node->pcap_hdr_storage->ts, &server_node->pcap_hdr_storage->ts)) {
+                        client_node->pcap_hdr_storage->ts, server_node->pcap_hdr_storage->ts)) {
                 StreamingBufferSegmentGetData(
                         &client_stream->sb, &client_node->sbseg, &seg_data, &seg_datalen);
                 ret = CallbackFunc(p, client_node, data, seg_data, seg_datalen);