Fix stats for interface with dots v4

[awelzel]

Replaces #10363

Changes since v3:

• Move unit tests under src/tests/output-json-test.c

Changes since v2:

• Rebase
• More newlines and moving register function in runmode-unittests.c to the end

Changes since v1:

• Squash the fixups for CI runs.
• Add a unit test calling StatsToJSON() verifying the dot of bond0.30 isn't expanded into a nested object anymore.

Make sure these boxes are signed before submitting your Pull Request -- thank you.

• I have read the contributing guide lines at
  https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
• I have signed the Open Information Security Foundation contribution agreement at
  https://suricata.io/about/contribution-agreement/ (note: this is only required once)
• I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine: 6732

Describe changes:

When an interface with dots is used, per worker stats are nested by the dot-separated-components of the interface due to the usage of OutputStats2Json().

Prevent this by using OutputStats2Json() on a per-thread specific object and setting this object into the threads object using the json_object_set_new() which won't do the dot expansion.

This was tested by creating an interface with dots in the name and checking the stats.

ip link add name a.b.c type dummy

With Suricata 7.0.2, sniffing on the a.b.c interface results in the following worker stats format:

"threads": {
  "W#01-a": {
    "b": {
      "c": {
        "capture": {
          "kernel_packets": 0,

After this fix, the output looks as follows:

"threads": {
  "W#01-a.b.c": {
    "capture": {
      "kernel_packets": 0,

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

[codecov]

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (7e4dba7) 82.32% compared to head (45ea724) 82.53%.
Report is 5 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10393      +/-   ##
==========================================
+ Coverage   82.32%   82.53%   +0.20%     
==========================================
  Files         978      979       +1     
  Lines      272147   272197      +50     
==========================================
+ Hits       224057   224647     +590     
+ Misses      48090    47550     -540     

Flag	Coverage Δ
fuzzcorpus	63.58% <0.00%> (-0.01%)	⬇️
suricata-verify	61.87% <0.00%> (+0.37%)	⬆️
unittests	62.85% <88.09%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

[victorjulien]

Looks like there is some Makefile.am update missing

[awelzel]

Replaced by #10400