logging: convert pcap log to non-thread module

src/log-pcap.c

@@ -143,22 +143,19 @@ typedef struct PcapLogThreadData_ {
 static PcapLogData *g_pcap_data = NULL;
 
 static int PcapLogOpenFileCtx(PcapLogData *);
-static TmEcode PcapLog(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
+static int PcapLog(ThreadVars *, void *, const Packet *);
 static TmEcode PcapLogDataInit(ThreadVars *, void *, void **);
 static TmEcode PcapLogDataDeinit(ThreadVars *, void *);
 static void PcapLogFileDeInitCtx(OutputCtx *);
 static OutputCtx *PcapLogInitCtx(ConfNode *);
 static void PcapLogProfilingDump(PcapLogData *);
+static int PcapLogCondition(ThreadVars *, const Packet *);
 
 void TmModulePcapLogRegister(void)
 {
-    tmm_modules[TMM_PCAPLOG].name = MODULE_NAME;
-    tmm_modules[TMM_PCAPLOG].ThreadInit = PcapLogDataInit;
-    tmm_modules[TMM_PCAPLOG].Func = PcapLog;
-    tmm_modules[TMM_PCAPLOG].ThreadDeinit = PcapLogDataDeinit;
-    tmm_modules[TMM_PCAPLOG].RegisterTests = NULL;
-
-    OutputRegisterModule(MODULE_NAME, "pcap-log", PcapLogInitCtx);
+    OutputRegisterPacketModule(LOGGER_PCAP, MODULE_NAME, "pcap-log",
+        PcapLogInitCtx, PcapLog, PcapLogCondition, PcapLogDataInit,
+        PcapLogDataDeinit, NULL);
 
     SC_ATOMIC_INIT(thread_cnt);
     return;
@@ -171,6 +168,17 @@ void TmModulePcapLogRegister(void)
     (prof).total += (UtilCpuGetTicks() - pcaplog_profile_ticks); \
     (prof).cnt++
 
+static int PcapLogCondition(ThreadVars *tv, const Packet *p)
+{
+    if (p->flags & PKT_PSEUDO_STREAM_END) {
+        return FALSE;
+    }
+    if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
+        return FALSE;
+    }
+    return TRUE;
+}
+
 /**
  * \brief Function to close pcaplog file
  *
@@ -281,7 +289,7 @@ static int PcapLogRotateFile(ThreadVars *t, PcapLogData *pl)
     return 0;
 }
 
-static int PcapLogOpenHandles(PcapLogData *pl, Packet *p)
+static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
 {
     PCAPLOG_PROFILE_START;
 
@@ -345,8 +353,7 @@ static void PcapLogUnlock(PcapLogData *pl)
  * \retval TM_ECODE_OK on succes
  * \retval TM_ECODE_FAILED on serious error
  */
-static TmEcode PcapLog (ThreadVars *t, Packet *p, void *thread_data, PacketQueue *pq,
-                 PacketQueue *postpq)
+static int PcapLog (ThreadVars *t, void *thread_data, const Packet *p)
 {
     size_t len;
     int rotate = 0;
@@ -572,6 +579,7 @@ static TmEcode PcapLogDataDeinit(ThreadVars *t, void *thread_data)
             pl->reported = 1;
         }
     }
+    SCFree(td);
     return TM_ECODE_OK;
 }
 
@@ -894,7 +902,7 @@ static void PcapLogFileDeInitCtx(OutputCtx *output_ctx)
     TAILQ_FOREACH(pf, &pl->pcap_file_list, next) {
         SCLogDebug("PCAP files left at exit: %s\n", pf->filename);
     }
-
+    SCFree(output_ctx);
     return;
 }
 

src/suricata-common.h

@@ -369,6 +369,7 @@ typedef enum {
     LOGGER_STATS,
     LOGGER_JSON_STATS,
     LOGGER_PRELUDE,
+    LOGGER_PCAP,
     LOGGER_SIZE,
 } LoggerId;
 

src/tm-modules.c

@@ -212,7 +212,6 @@ const char * TmModuleTmmIdToString(TmmId id)
         CASE_CODE (TMM_RECEIVEPFRING);
         CASE_CODE (TMM_DECODEPFRING);
         CASE_CODE (TMM_RESPONDREJECT);
-        CASE_CODE (TMM_PCAPLOG);
         CASE_CODE (TMM_DECODEIPFW);
         CASE_CODE (TMM_VERDICTIPFW);
         CASE_CODE (TMM_RECEIVEIPFW);

src/tm-threads-common.h

@@ -42,7 +42,6 @@ typedef enum {
     TMM_RECEIVEPFRING,
     TMM_DECODEPFRING,
     TMM_RESPONDREJECT,
-    TMM_PCAPLOG,
     TMM_DECODEIPFW,
     TMM_VERDICTIPFW,
     TMM_RECEIVEIPFW,

src/util-profiling.c

@@ -1278,6 +1278,7 @@ const char * PacketProfileLoggertIdToString(LoggerId id)
         CASE_CODE (LOGGER_STATS);
         CASE_CODE (LOGGER_JSON_STATS);
         CASE_CODE (LOGGER_PRELUDE);
+        CASE_CODE (LOGGER_PCAP);
         default:
             return "UNKNOWN";
     }