Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Introduce get_packet_lag()

Browse source
This commit is contained in:
Jan Grashoefer 2024-12-09 19:19:29 +01:00
parent 6977c07a25
commit c2b17f9d30
3 changed files with 29 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

20
scripts/base/utils/time.zeek
View file

@ -1,3 +1,4 @@
##! Time-related functions.
## Given an interval, returns a string representing the minutes and seconds
## in the interval (for example, "3m34s").
@ -6,3 +7,22 @@ function duration_to_mins_secs(dur: interval): string
local dur_count = double_to_count(interval_to_double(dur));
return fmt("%dm%ds", dur_count/60, dur_count%60);
}
## Time value representing the 0 timestamp.
const null_ts = double_to_time(0);
## Calculate the packet lag, i.e. the difference between wall clock and the
## timestamp of the currently processed packet. If Zeek is not processing a
## packet, the function returns a 0 interval value.
function get_packet_lag(): interval
{
# We use get_current_packet_ts() instead of network_time() here, because
# network time does not immediately fall back to wall clock if there is
# no packet. Instead, network time remains set to the last seen packet's
# timestamp for ``packet_source_inactivity_timeout``.
local pkt_ts = get_current_packet_ts();
if (pkt_ts == null_ts)
return 0 sec;
return current_time() - pkt_ts;
}

6
scripts/policy/misc/stats.zeek
View file

@ -2,6 +2,7 @@
@load base/frameworks/notice
@load base/frameworks/telemetry
@load base/utils/time
module Stats;
@ -166,8 +167,6 @@ event zeek_init() &priority=5
Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats", $policy=log_policy]);
}
const null_ts = double_to_time(0);
event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats, last_ts: TimerStats, last_fs: FileAnalysisStats, last_ds: DNSStats)
{
local nettime = network_time();
@ -216,8 +215,7 @@ event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: Pr
if ( reading_live_traffic() )
{
local pkt_ts = get_current_packet_ts();
info$pkt_lag = pkt_ts > null_ts ? current_time() - pkt_ts : 0 sec;
info$pkt_lag = get_packet_lag();
info$pkts_dropped = ns$pkts_dropped - last_ns$pkts_dropped;
info$pkts_link = ns$pkts_link - last_ns$pkts_link;