aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

examples/lib: better command line handling

Browse Source 
Use the more conventional "--" command line handling to separate the
arguments. The first set will be passed to Suricata, and the args
after "--" will be handled by the example. Currently this is a single
PCAP filename, but will be extended to a list of PCAP filenames.

Also hard code logging to the current directory.

Ticket: #7240
pull/12891/head
Jason Ish 1 year ago committed by Victor Julien
parent 421e0a2bf9
commit 5e94be63ce
2 changed files with 42 additions and 12 deletions
Show Stats Download Patch File Download Diff File

11
examples/lib/custom/README.md
Unescape Escape View File

@ -13,6 +13,17 @@ build simply run:
make make
``` ```
## Running
```
./custom -l . -- filename.pcap
```
For this example, any arguments before `--` are passed directly as
Suricata command line arguments. Arguments after the first `--` are
handled by this example program, and currently the only argument is a
PCAP filename to be read.
## Building Out of Tree ## Building Out of Tree
A Makefile.example has also been generated to use as an example on how A Makefile.example has also been generated to use as an example on how

43
examples/lib/custom/main.c
Unescape Escape View File

@ -22,8 +22,10 @@
#include "source-lib.h" #include "source-lib.h"
#include "threadvars.h" #include "threadvars.h"
/* Suricata worker thread in library mode. /**
The functions should be wrapped in an API layer. */ * Suricata worker thread in library mode.
* The functions should be wrapped in an API layer.
*/
static void *SimpleWorker(void *arg) static void *SimpleWorker(void *arg)
{ {
char *pcap_file = (char *)arg; char *pcap_file = (char *)arg;
@ -65,12 +67,25 @@ int main(int argc, char **argv)
SuricataPreInit(argv[0]); SuricataPreInit(argv[0]);
/* Parse command line options. This is optional, you could /* Parse command line options. This is optional, you could
* directly configure Suricata through the Conf API. * directly configure Suricata through the Conf API. */
The last argument is the PCAP file to replay. */ SCParseCommandLine(argc, argv);
SCParseCommandLine(argc - 1, argv);
/* Find our list of pcap files, after the "--". */
while (argc) {
bool end = strncmp(argv[0], "--", 2) == 0;
argv++;
argc--;
if (end) {
break;
}
}
if (argc == 0) {
fprintf(stderr, "ERROR: No PCAP files provided\n");
return 1;
}
/* Set lib runmode. There is currently no way to set it via /* Set lib runmode. There is currently no way to set it via the
the Conf API. */ * Conf API. */
SuricataSetLibRunmode(); SuricataSetLibRunmode();
/* Validate/finalize the runmode. */ /* Validate/finalize the runmode. */
@ -100,19 +115,23 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Force logging to the current directory. */
ConfSetFromString("default-log-dir=.", 1);
SuricataInit(); SuricataInit();
/* Create and start worker on its own thread, passing the PCAP file /* Create and start worker on its own thread, passing the PCAP
as argument. This needs to be done in between SuricataInit and * file as argument. This needs to be done in between SuricataInit
SuricataPostInit. */ * and SuricataPostInit. */
pthread_t worker; pthread_t worker;
if (pthread_create(&worker, NULL, SimpleWorker, argv[argc - 1]) != 0) { if (pthread_create(&worker, NULL, SimpleWorker, argv[argc - 1]) != 0) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* Need to introduce a little sleep to allow the worker thread to /* Need to introduce a little sleep to allow the worker thread to
initialize before SuricataPostInit invokes TmThreadContinueThreads(). * initialize before SuricataPostInit invokes
This should be handle at the API level. */ * TmThreadContinueThreads(). This should be handle at the API
* level. */
usleep(100); usleep(100);
SuricataPostInit(); SuricataPostInit();

Write Preview
Loading…
Cancel
Save