cmdline: add -k to specify checksum validation

This patch adds a '-k' option to suricata to be able to specify
the checksum validation to use. If '-k all' is used, checksum
validation is forced. If '-k none' is used, no checksum validation
is made.

Message output in case of detection of a pcap file with a probable
cheksum issue has been updated to indicate that '-k' is a solution.

src/source-pcap-file.c

@@ -358,7 +358,8 @@ void ReceivePcapFileThreadExitStats(ThreadVars *tv, void *data) {
         if (chrate < CHECKSUM_INVALID_RATIO)
             SCLogWarning(SC_ERR_INVALID_CHECKSUM,
                          "1/%" PRIu64 "th of packets have an invalid checksum,"
-                         " consider setting pcap-file.checksum-checks variable to no",
+                         " consider setting pcap-file.checksum-checks variable to no"
+                         " or use '-k none' option on command line.",
                          chrate);
         else
             SCLogInfo("1/%" PRIu64 "th of packets have an invalid checksum",

src/suricata.c

@@ -497,6 +497,7 @@ void usage(const char *progname)
 	printf("\t--service-remove                     : remove service\n");
 	printf("\t--service-change-params              : change service startup parameters\n");
 #endif /* OS_WIN32 */
+    printf("\t-k [all|none]                        : force checksum check (all) or disabled it (none)\n");
     printf("\t-V                                   : display Suricata version\n");
     printf("\t-v[v]                                : increase default Suricata verbosity\n");
 #ifdef UNITTESTS
@@ -939,6 +940,8 @@ static void SCInstanceInit(SCInstance *suri)
     suri->daemon = 0;
     suri->offline = 0;
     suri->verbose = 0;
+    /* use -1 as unknown */
+    suri->checksum_validation = -1;
 }
 
 static TmEcode PrintVersion()
@@ -1046,7 +1049,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
     /* getopt_long stores the option index here. */
     int option_index = 0;
 
-    char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:v";
+    char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
 
     while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
         switch (opt) {
@@ -1509,6 +1512,20 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
         case 'v':
             suri->verbose++;
             break;
+        case 'k':
+            if (optarg == NULL) {
+                SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k");
+                return TM_ECODE_FAILED;
+            }
+            if (!strcmp("all", optarg))
+                suri->checksum_validation = 1;
+            else if (!strcmp("none", optarg))
+                suri->checksum_validation = 0;
+            else {
+                SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg);
+                return TM_ECODE_FAILED;
+            }
+            break;
         default:
             usage(argv[0]);
             return TM_ECODE_FAILED;
@@ -1833,6 +1850,15 @@ static int PostConfLoadedSetup(SCInstance *suri)
 
     suri->rule_reload = IsRuleReloadSet(FALSE);
 
+    switch (suri->checksum_validation) {
+        case 0:
+            ConfSet("stream.checksum-validation", "0", 0);
+            break;
+        case 1:
+            ConfSet("stream.checksum-validation", "1", 1);
+            break;
+    }
+
     AppLayerDetectProtoThreadInit();
     AppLayerParsersInitPostProcess();
 

src/suricata.h

@@ -155,6 +155,7 @@ typedef struct SCInstance_ {
     int daemon;
     int offline;
     int verbose;
+    int checksum_validation;
 
     struct timeval start_time;