diff --git a/src/log-pcap.c b/src/log-pcap.c index 076c44269e..4ff1b4d5c9 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -143,22 +143,19 @@ typedef struct PcapLogThreadData_ { static PcapLogData *g_pcap_data = NULL; static int PcapLogOpenFileCtx(PcapLogData *); -static TmEcode PcapLog(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); +static int PcapLog(ThreadVars *, void *, const Packet *); static TmEcode PcapLogDataInit(ThreadVars *, void *, void **); static TmEcode PcapLogDataDeinit(ThreadVars *, void *); static void PcapLogFileDeInitCtx(OutputCtx *); static OutputCtx *PcapLogInitCtx(ConfNode *); static void PcapLogProfilingDump(PcapLogData *); +static int PcapLogCondition(ThreadVars *, const Packet *); void TmModulePcapLogRegister(void) { - tmm_modules[TMM_PCAPLOG].name = MODULE_NAME; - tmm_modules[TMM_PCAPLOG].ThreadInit = PcapLogDataInit; - tmm_modules[TMM_PCAPLOG].Func = PcapLog; - tmm_modules[TMM_PCAPLOG].ThreadDeinit = PcapLogDataDeinit; - tmm_modules[TMM_PCAPLOG].RegisterTests = NULL; - - OutputRegisterModule(MODULE_NAME, "pcap-log", PcapLogInitCtx); + OutputRegisterPacketModule(LOGGER_PCAP, MODULE_NAME, "pcap-log", + PcapLogInitCtx, PcapLog, PcapLogCondition, PcapLogDataInit, + PcapLogDataDeinit, NULL); SC_ATOMIC_INIT(thread_cnt); return; @@ -171,6 +168,17 @@ void TmModulePcapLogRegister(void) (prof).total += (UtilCpuGetTicks() - pcaplog_profile_ticks); \ (prof).cnt++ +static int PcapLogCondition(ThreadVars *tv, const Packet *p) +{ + if (p->flags & PKT_PSEUDO_STREAM_END) { + return FALSE; + } + if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) { + return FALSE; + } + return TRUE; +} + /** * \brief Function to close pcaplog file * @@ -281,7 +289,7 @@ static int PcapLogRotateFile(ThreadVars *t, PcapLogData *pl) return 0; } -static int PcapLogOpenHandles(PcapLogData *pl, Packet *p) +static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p) { PCAPLOG_PROFILE_START; @@ -345,8 +353,7 @@ static void PcapLogUnlock(PcapLogData *pl) * \retval TM_ECODE_OK on succes * \retval TM_ECODE_FAILED on serious error */ -static TmEcode PcapLog (ThreadVars *t, Packet *p, void *thread_data, PacketQueue *pq, - PacketQueue *postpq) +static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p) { size_t len; int rotate = 0; @@ -572,6 +579,7 @@ static TmEcode PcapLogDataDeinit(ThreadVars *t, void *thread_data) pl->reported = 1; } } + SCFree(td); return TM_ECODE_OK; } @@ -894,7 +902,7 @@ static void PcapLogFileDeInitCtx(OutputCtx *output_ctx) TAILQ_FOREACH(pf, &pl->pcap_file_list, next) { SCLogDebug("PCAP files left at exit: %s\n", pf->filename); } - + SCFree(output_ctx); return; } diff --git a/src/suricata-common.h b/src/suricata-common.h index b837de26ad..fedccf31ce 100644 --- a/src/suricata-common.h +++ b/src/suricata-common.h @@ -369,6 +369,7 @@ typedef enum { LOGGER_STATS, LOGGER_JSON_STATS, LOGGER_PRELUDE, + LOGGER_PCAP, LOGGER_SIZE, } LoggerId; diff --git a/src/tm-modules.c b/src/tm-modules.c index 4a109fd6a2..f0d8b89019 100644 --- a/src/tm-modules.c +++ b/src/tm-modules.c @@ -212,7 +212,6 @@ const char * TmModuleTmmIdToString(TmmId id) CASE_CODE (TMM_RECEIVEPFRING); CASE_CODE (TMM_DECODEPFRING); CASE_CODE (TMM_RESPONDREJECT); - CASE_CODE (TMM_PCAPLOG); CASE_CODE (TMM_DECODEIPFW); CASE_CODE (TMM_VERDICTIPFW); CASE_CODE (TMM_RECEIVEIPFW); diff --git a/src/tm-threads-common.h b/src/tm-threads-common.h index cdb384c55c..a0ca3bcad8 100644 --- a/src/tm-threads-common.h +++ b/src/tm-threads-common.h @@ -42,7 +42,6 @@ typedef enum { TMM_RECEIVEPFRING, TMM_DECODEPFRING, TMM_RESPONDREJECT, - TMM_PCAPLOG, TMM_DECODEIPFW, TMM_VERDICTIPFW, TMM_RECEIVEIPFW, diff --git a/src/util-profiling.c b/src/util-profiling.c index cbbef0c20a..5f6aa20660 100644 --- a/src/util-profiling.c +++ b/src/util-profiling.c @@ -1278,6 +1278,7 @@ const char * PacketProfileLoggertIdToString(LoggerId id) CASE_CODE (LOGGER_STATS); CASE_CODE (LOGGER_JSON_STATS); CASE_CODE (LOGGER_PRELUDE); + CASE_CODE (LOGGER_PCAP); default: return "UNKNOWN"; }