aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pcap: read directories recursively

Browse Source 
Describe Changes
- Added ability to recursively read pcap directories
- src/suricata.c: addition of new command line parameter
    --pcap-file-recursive
- src/source-pcap-file.c: parsing of the command line argument
- src/source-pcap-file-directory-helper.h: two thread vars tracking
    directory depth and should recurse
- src/util-error.c / src/util-error.h:
   Added new warning code "SC_WARN_PATH_READ_ERROR"
- Redmine ticket: https://redmine.openinfosecfoundation.org/issues/2363

Ticket: #2363
pull/5265/head
James Dutrisac 5 years ago committed by Victor Julien
parent 5a92d0a704
commit db5b73d9d6
5 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/source-pcap-file-directory-helper.h
Unescape Escape View File

@ -43,6 +43,8 @@ typedef struct PcapFileDirectoryVars_
DIR *directory;
PcapFileFileVars *current_file;
bool should_loop;
bool should_recurse;
uint8_t cur_dir_depth;
time_t delay;
time_t poll_interval;

15
src/source-pcap-file.c
Unescape Escape View File

@ -290,11 +290,24 @@ TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, const void *initdata, void **d
CleanupPcapFileThreadVars(ptv);
SCReturnInt(TM_ECODE_OK);
}
pv->cur_dir_depth = 0;
int should_recurse;
pv->should_recurse = false;
if (ConfGetBool("pcap-file.recursive", &should_recurse) == 1) {
pv->should_recurse = (should_recurse == 1);
}
int should_loop = 0;
pv->should_loop = false;
if (ConfGetBool("pcap-file.continuous", &should_loop) == 1) {
pv->should_loop = should_loop == 1;
pv->should_loop = (should_loop == 1);
}
if (pv->should_recurse == true && pv->should_loop == true) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Error, --pcap-file-continuous and --pcap-file-recursive "
"cannot be used together.");
SCReturnInt(TM_ECODE_FAILED);
}
pv->delay = 30;

8
src/suricata.c
Unescape Escape View File

@ -598,6 +598,7 @@ static void PrintUsage(const char *progname)
printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
printf("\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
#ifdef HAVE_PCAP_SET_BUFF
printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
#endif /* HAVE_SET_PCAP_BUFF */
@ -1195,6 +1196,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
{"pcap", optional_argument, 0, 0},
{"pcap-file-continuous", 0, 0, 0},
{"pcap-file-delete", 0, 0, 0},
{"pcap-file-recursive", 0, 0, 0},
{"simulate-ips", 0, 0 , 0},
{"no-random", 0, &g_disable_randomness, 1},
{"strict-rule-keywords", optional_argument, 0, 0},
@ -1570,6 +1572,12 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
return TM_ECODE_FAILED;
}
}
else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
if (ConfSetFinal("pcap-file.recursive", "true") != 1) {
SCLogError(SC_ERR_CMD_LINE, "ERROR: Failed to set pcap-file.recursive");
return TM_ECODE_FAILED;
}
}
else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
if (optarg == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -d");

1
src/util-error.c
Unescape Escape View File

@ -372,6 +372,7 @@ const char * SCErrorToString(SCError err)
CASE_CODE (SC_WARN_ERSPAN_CONFIG);
CASE_CODE (SC_WARN_HASSH_DISABLED);
CASE_CODE (SC_WARN_FILESTORE_CONFIG);
CASE_CODE (SC_WARN_PATH_READ_ERROR);
CASE_CODE (SC_ERR_MAX);
}

1
src/util-error.h
Unescape Escape View File

@ -362,6 +362,7 @@ typedef enum {
SC_WARN_ERSPAN_CONFIG,
SC_WARN_HASSH_DISABLED,
SC_WARN_FILESTORE_CONFIG,
SC_WARN_PATH_READ_ERROR,
SC_ERR_MAX
} SCError;

Write Preview
Loading…
Cancel
Save