Bug #453 » 0003-considering-the-tenths-of-a-seconds-in-a-packet-when.patch
| src/detect-engine-threshold.c | ||
|---|---|---|
|
SCLogDebug("detection_filter");
|
||
|
if (lookup_tsh != NULL) {
|
||
|
if ((p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
|
||
|
long double time_diff = ((p->ts.tv_sec + p->ts.tv_usec/1000000.0) -
|
||
|
(lookup_tsh->tv_sec1 + lookup_tsh->tv_usec1/1000000.0));
|
||
|
if (time_diff < td->seconds) {
|
||
|
/* within timeout */
|
||
|
lookup_tsh->current_count++;
|
||
| ... | ... | |
|
/* expired, reset */
|
||
|
lookup_tsh->tv_sec1 = p->ts.tv_sec;
|
||
|
lookup_tsh->tv_usec1 = p->ts.tv_usec;
|
||
|
lookup_tsh->current_count = 1;
|
||
|
}
|
||
|
} else {
|
||
| ... | ... | |
|
e->current_count = 1;
|
||
|
e->tv_sec1 = p->ts.tv_sec;
|
||
|
e->tv_usec1 = p->ts.tv_usec;
|
||
|
e->next = h->threshold;
|
||
|
h->threshold = e;
|
||
| src/detect-threshold.h | ||
|---|---|---|
|
its not "seconds", that define the time interval */
|
||
|
uint32_t seconds; /**< Event seconds */
|
||
|
uint32_t tv_sec1; /**< Var for time control */
|
||
|
uint32_t tv_usec1; /**< Var for time control */
|
||
|
uint32_t current_count; /**< Var for count control */
|
||
|
int track; /**< Track type: by_src, by_src */
|
||