unix runmode: add 'pcap-current' command

This command outputs the currently processed file name or 'None' if no file is currently processed.
13 years ago · 78b5812ae6
parent fc7e6c4a3d
commit 78b5812ae6
2 changed files with 23 additions and 1 deletions
--- a/scripts/suricatasc/suricatasc.in
+++ b/scripts/suricatasc/suricatasc.in
@ -27,7 +27,7 @@ if len(sys.argv) == 2:
 else:
    SOCKET_PATH = "@e_localstatedir@/suricata-command.socket"
 SIZE = 4096
-COMMANDS_REGEX = re.compile("^(?:shutdown|quit|command-list|reload-rules|pcap-file .+|pcap-file-number|pcap-file-list|iface-list|iface-stat .+)$")
+COMMANDS_REGEX = re.compile("^(?:shutdown|quit|command-list|reload-rules|pcap-file .+|pcap-file-number|pcap-file-list|pcap-current|iface-list|iface-stat .+)$")

 socket = socket(AF_UNIX)
 socket.connect(SOCKET_PATH)
--- a/src/runmode-unix-socket.c
+++ b/src/runmode-unix-socket.c
@ -58,6 +58,7 @@ typedef struct PcapCommand_ {
    DetectEngineCtx *de_ctx;
    TAILQ_HEAD(, PcapFiles_) files;
    int running;
+    char *currentfile;
 } PcapCommand;

 const char *RunModeUnixSocketGetDefaultMode(void)
@ -119,6 +120,20 @@ static TmEcode UnixSocketPcapFilesNumber(json_t *cmd, json_t* answer, void *data
    return TM_ECODE_OK;
 }

+static TmEcode UnixSocketPcapCurrent(json_t *cmd, json_t* answer, void *data)
+{
+    PcapCommand *this = (PcapCommand *) data;
+
+    if (this->currentfile) {
+        json_object_set_new(answer, "message", json_string(this->currentfile));
+    } else {
+        json_object_set_new(answer, "message", json_string("None"));
+    }
+    return TM_ECODE_OK;
+}
+
+
+
 static void PcapFilesFree(PcapFiles *cfile)
 {
    if (cfile == NULL)
@ -268,6 +283,10 @@ TmEcode UnixSocketPcapFilesCheck(void *data)
        }
        unix_manager_file_task_failed = 0;
        this->running = 0;
+        if (this->currentfile) {
+            SCFree(this->currentfile);
+        }
+        this->currentfile = NULL;
        TmThreadKillThreadsFamily(TVT_MGMT);
        TmThreadClearThreadsFamily(TVT_MGMT);
        TmThreadDisableThreadsWithTMS(TM_FLAG_RECEIVE_TM | TM_FLAG_DECODE_TM);
@ -301,6 +320,7 @@ TmEcode UnixSocketPcapFilesCheck(void *data)
                return TM_ECODE_FAILED;
            }
        }
+        this->currentfile = SCStrdup(cfile->filename);
        PcapFilesFree(cfile);
        SCPerfInitCounterApi();
        DefragInit();
@ -359,6 +379,7 @@ int RunModeUnixSocketSingle(DetectEngineCtx *de_ctx)
    }
    pcapcmd->de_ctx = de_ctx;
    TAILQ_INIT(&pcapcmd->files);
+    pcapcmd->currentfile = NULL;

    UnixManagerThreadSpawn(de_ctx, 1);

@ -367,6 +388,7 @@ int RunModeUnixSocketSingle(DetectEngineCtx *de_ctx)
    UnixManagerRegisterCommand("pcap-file", UnixSocketAddPcapFile, pcapcmd, UNIX_CMD_TAKE_ARGS);
    UnixManagerRegisterCommand("pcap-file-number", UnixSocketPcapFilesNumber, pcapcmd, 0);
    UnixManagerRegisterCommand("pcap-file-list", UnixSocketPcapFilesList, pcapcmd, 0);
+    UnixManagerRegisterCommand("pcap-current", UnixSocketPcapCurrent, pcapcmd, 0);

    UnixManagerRegisterBackgroundTask(UnixSocketPcapFilesCheck, pcapcmd);
 #endif