diff --git a/NEWS b/NEWS index c713bcb14a..1204e667f1 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,12 @@ Breaking Changes a small overhead when enabled. There's not enough users of network timestamp metadata to justify the complexity of treating it separate. +- The ``current_event_time()`` builtin function as well as ``Event::Time()`` + and ``EventMgr::CurrentEventTime()`` now return ``-1.0`` if not timestamp + metadata is available for the current event, or if no event is being + dispatched. Previously this would've likely been 0.0, or the previously + dispatched event. + New Functionality ----------------- diff --git a/src/Event.cc b/src/Event.cc index 8164ba3dd8..d8694aebe7 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -96,7 +96,7 @@ zeek::VectorValPtr Event::MetadataValues(const EnumValPtr& id) const { double Event::Time() const { if ( ! meta ) - return 0.0; + return detail::NO_TIMESTAMP; for ( const auto& m : *meta ) if ( m.Id() == static_cast(detail::MetadataType::NetworkTimestamp) ) { @@ -109,7 +109,7 @@ double Event::Time() const { return m.Val()->AsTime(); } - return 0.0; + return detail::NO_TIMESTAMP; } void Event::Describe(ODesc* d) const { diff --git a/src/Event.h b/src/Event.h index 49c78dae6f..82804ca58d 100644 --- a/src/Event.h +++ b/src/Event.h @@ -49,6 +49,8 @@ using EventMetadataVectorPtr = std::unique_ptr; */ EventMetadataVectorPtr MakeEventMetadataVector(double t); +constexpr double NO_TIMESTAMP = -1.0; + } // namespace detail class Event final : public Obj { @@ -170,8 +172,8 @@ public: // the event was intended to be executed. For scheduled events, this is the time the event // was scheduled to. For any other event, this is the time when the event was created. // - // If no event is being processed, returns 0.0. - double CurrentEventTime() const { return current ? current->Time() : 0.0; } + // If no event is being processed or there is no timestamp information, returns -1.0 + double CurrentEventTime() const { return current ? current->Time() : detail::NO_TIMESTAMP; } int Size() const { return num_events_queued - num_events_dispatched; } diff --git a/testing/btest/Baseline/core.event-metadata.current-event-time/output b/testing/btest/Baseline/core.event-metadata.current-event-time/output new file mode 100644 index 0000000000..f4112240a4 --- /dev/null +++ b/testing/btest/Baseline/core.event-metadata.current-event-time/output @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +new_connection add_network_timestamp=T current_event_time=1362692526.869344 network_timestamp=[1362692526.869344] +new_connection add_network_timestamp=F current_event_time=-1.0 network_timestamp=[] diff --git a/testing/btest/core/event-metadata/current-event-time.zeek b/testing/btest/core/event-metadata/current-event-time.zeek new file mode 100644 index 0000000000..dd81321d8d --- /dev/null +++ b/testing/btest/core/event-metadata/current-event-time.zeek @@ -0,0 +1,14 @@ +# @TEST-DOC: Check current_event_time() produces the same as event metadata, or else -1.0 +# +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT EventMetadata::add_network_timestamp=T >> output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT EventMetadata::add_network_timestamp=F >> output 2>&1 +# +# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output + + +event new_connection(c: connection) + { + print fmt("new_connection add_network_timestamp=%s current_event_time=%s network_timestamp=%s", + EventMetadata::add_network_timestamp, current_event_time(), + EventMetadata::current(EventMetadata::NETWORK_TIMESTAMP)); + }