Driver: Add timestamp to traffic stats.

src/common/fortlog.c

@@ -24,7 +24,7 @@
   ((FORT_LOG_PROC_NEW_HEADER_SIZE + (path_len) \
     + (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
 
-#define FORT_LOG_STAT_HEADER_SIZE	sizeof(UINT32)
+#define FORT_LOG_STAT_HEADER_SIZE	(sizeof(UINT32) + sizeof(INT64))
 
 #define FORT_LOG_STAT_TRAF_SIZE(proc_count) \
   (proc_count * 3 * sizeof(UINT32))
@@ -114,19 +114,21 @@ fort_log_proc_new_header_read (const char *p, UINT32 *pid,
 }
 
 static void
-fort_log_stat_traf_header_write (char *p, UINT16 proc_count)
+fort_log_stat_traf_header_write (char *p, INT64 unix_time, UINT16 proc_count)
 {
   UINT32 *up = (UINT32 *) p;
 
   *up++ = FORT_LOG_FLAG_STAT_TRAF | proc_count;
+  *((INT64 *) up) = unix_time;
 }
 
 static void
-fort_log_stat_traf_header_read (const char *p, UINT16 *proc_count)
+fort_log_stat_traf_header_read (const char *p, INT64 *unix_time, UINT16 *proc_count)
 {
   const UINT32 *up = (const UINT32 *) p;
 
-  *proc_count = (UINT16) *up;
+  *proc_count = (UINT16) *up++;
+  *unix_time = *((INT64 *) up);
 }
 
 static void

src/common/version.h

@@ -14,6 +14,6 @@
 #define APP_UPDATES_URL		"https://github.com/tnodir/fort/releases"
 #define APP_UPDATES_API_URL	"https://api.github.com/repos/tnodir/fort/releases/latest"
 
-#define DRIVER_VERSION		17
+#define DRIVER_VERSION		18
 
 #endif // VERSION_H

src/driver/fortdrv.c

@@ -796,6 +796,7 @@ fort_callout_timer (void)
       (stat->proc_active_count < FORT_LOG_STAT_BUFFER_PROC_COUNT)
       ? stat->proc_active_count : FORT_LOG_STAT_BUFFER_PROC_COUNT;
     const UINT32 len = FORT_LOG_STAT_SIZE(proc_count);
+    INT64 unix_time;
     PCHAR out;
     NTSTATUS status;
 
@@ -806,7 +807,19 @@ fort_callout_timer (void)
       break;
     }
 
-    fort_log_stat_traf_header_write(out, proc_count);
+    /* Get current Unix time */
+    {
+      LARGE_INTEGER system_time;
+
+      KeQuerySystemTime(&system_time);
+
+      /* Convert system time to seconds since 1970 */
+      #define SECSPERDAY	86400
+      #define SECS_1601_TO_1970	((369 * 365 + 89) * (INT64) SECSPERDAY)  /* 1601 to 1970 is 369 years plus 89 leap days */
+      unix_time = system_time.QuadPart / 10000000 - SECS_1601_TO_1970;
+    }
+
+    fort_log_stat_traf_header_write(out, unix_time, proc_count);
     out += FORT_LOG_STAT_HEADER_SIZE;
 
     fort_stat_dpc_traf_flush(stat, proc_count, out);

src/ui/fortcommon.cpp

@@ -137,9 +137,10 @@ void FortCommon::logProcNewHeaderRead(const char *input,
 }
 
 void FortCommon::logStatTrafHeaderRead(const char *input,
+                                       qint64 *unixTime,
                                        quint16 *procCount)
 {
-    fort_log_stat_traf_header_read(input, procCount);
+    fort_log_stat_traf_header_read(input, unixTime, procCount);
 }
 
 void FortCommon::logHeartbeatRead(const char *input, quint16 *tick)

src/ui/fortcommon.h

@@ -51,6 +51,7 @@ public:
                                      quint32 *pid, quint32 *pathLen);
 
     static void logStatTrafHeaderRead(const char *input,
+                                      qint64 *unixTime,
                                       quint16 *procCount);
 
     static void logHeartbeatRead(const char *input, quint16 *tick);

src/ui/log/logbuffer.cpp

@@ -149,10 +149,12 @@ void LogBuffer::readEntryStatTraf(LogEntryStatTraf *logEntry)
 
     const char *input = this->input();
 
+    qint64 unixTime;
     quint16 procCount;
-    FortCommon::logStatTrafHeaderRead(input, &procCount);
+    FortCommon::logStatTrafHeaderRead(input, &unixTime, &procCount);
 
     logEntry->setProcCount(procCount);
+    logEntry->setUnixTime(unixTime);
 
     if (procCount) {
         input += FortCommon::logStatHeaderSize();

src/ui/log/logentrystattraf.cpp

@@ -12,6 +12,11 @@ void LogEntryStatTraf::setProcCount(quint16 procCount)
     m_procCount = procCount;
 }
 
+void LogEntryStatTraf::setUnixTime(qint64 unixTime)
+{
+    m_unixTime = unixTime;
+}
+
 void LogEntryStatTraf::setProcTrafBytes(const quint32 *procTrafBytes)
 {
     m_procTrafBytes = procTrafBytes;

src/ui/log/logentrystattraf.h

@@ -14,11 +14,15 @@ public:
     quint16 procCount() const { return m_procCount; }
     void setProcCount(quint16 procCount);
 
+    qint64 unixTime() const { return m_unixTime; }
+    void setUnixTime(qint64 unixTime);
+
     const quint32 *procTrafBytes() const { return m_procTrafBytes; }
     void setProcTrafBytes(const quint32 *procTrafBytes);
 
 private:
     quint16 m_procCount = 0;
+    qint64 m_unixTime = 0;
     const quint32 *m_procTrafBytes = nullptr;
 };
 

src/ui/log/model/appstatmodel.cpp

@@ -87,6 +87,7 @@ void AppStatModel::handleProcNew(const LogEntryProcNew &procNewEntry)
 void AppStatModel::handleStatTraf(const LogEntryStatTraf &statTrafEntry)
 {
     m_statManager->logStatTraf(statTrafEntry.procCount(),
+                               statTrafEntry.unixTime(),
                                statTrafEntry.procTrafBytes());
 }
 

src/ui/stat/statmanager.cpp

@@ -248,13 +248,12 @@ void StatManager::logProcNew(quint32 pid, const QString &appPath)
     m_appIndexes.insert(pid, procIndex);
 }
 
-void StatManager::logStatTraf(quint16 procCount, const quint32 *procTrafBytes)
+void StatManager::logStatTraf(quint16 procCount, qint64 unixTime,
+                              const quint32 *procTrafBytes)
 {
     if (!m_conf || !m_conf->logStat())
         return;
 
-    const qint64 unixTime = DateUtil::getUnixTime();
-
     const qint32 trafHour = DateUtil::getUnixHour(unixTime);
     const bool isNewHour = (trafHour != m_lastTrafHour);
 

src/ui/stat/statmanager.h

@@ -35,7 +35,8 @@ public:
     bool initialize();
 
     void logProcNew(quint32 pid, const QString &appPath);
-    void logStatTraf(quint16 procCount, const quint32 *procTrafBytes);
+    void logStatTraf(quint16 procCount, qint64 unixTime,
+                     const quint32 *procTrafBytes);
 
     void getAppList(QStringList &list, QVector<qint64> &appIds);