From: Nirmala Venkata Subbaiah -X (nirmvenk - XORIANT CORPORATION at Cisco) <nirmvenk@cisco.com>
Date: Tue, 8 Apr 2025 00:36:52 +0000 (+0000)
Subject: Pull request #4694: packet_capture: rename pcaps and change max_packet_count default... 
X-Git-Tag: 3.7.3.0~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea10f31c621cde2bf0a1bf7763d0e90de5638e40;p=thirdparty%2Fsnort3.git

Pull request #4694: packet_capture: rename pcaps and change max_packet_count default value

Merge in SNORT/snort3 from ~NIRMVENK/snort3:limit_pcap to master

Squashed commit of the following:

commit ff811e9a73ec19d4408d83715ab2a8e32ca445cd
Author: Nirmala Subbaiah <nirmvenk@cisco.com>
Date:   Mon Apr 7 15:58:00 2025 -0400

    packet_capture: fix unit test

commit 52d5c0094cdfa7d0c7d72cad5552936ccfce8553
Author: Nirmala Subbaiah <nirmvenk@cisco.com>
Date:   Mon Apr 7 13:06:46 2025 -0400

    packet_capture: max_packet_count default value modification

commit dc033ddad141a77f519a2ad1d6f34efb17ea6bd1
Author: Nirmala Subbaiah <nirmvenk@cisco.com>
Date:   Mon Apr 7 12:59:18 2025 -0400

    packet_capture: rename pcaps and change default value
---

diff --git a/src/network_inspectors/packet_capture/capture_module.cc b/src/network_inspectors/packet_capture/capture_module.cc
index 46eb102c1..3167ab4f4 100644
--- a/src/network_inspectors/packet_capture/capture_module.cc
+++ b/src/network_inspectors/packet_capture/capture_module.cc
@@ -61,7 +61,7 @@ static const Parameter s_capture[] =
     { "capture_path", Parameter::PT_STRING, nullptr, nullptr,
       "directory path to capture pcaps" },
     
-    { "max_packet_count", Parameter::PT_INT, "0:max32", "1000000",
+    { "max_packet_count", Parameter::PT_INT, "0:max32", "0",
       "cap the number of packets per thread" },
 
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
@@ -84,7 +84,7 @@ static const Parameter capture_params[] =
     { "capture_path", Parameter::PT_STRING, nullptr, nullptr,
       "directory path to capture pcaps" },
     
-    { "max_packet_count", Parameter::PT_INT, "0:max32", "1000000",
+    { "max_packet_count", Parameter::PT_INT, "0:max32", "0",
       "cap the number of packets per thread" },
 
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc
index 0f0326522..5f9fe9928 100644
--- a/src/network_inspectors/packet_capture/packet_capture.cc
+++ b/src/network_inspectors/packet_capture/packet_capture.cc
@@ -127,8 +127,7 @@ static bool open_pcap_dumper()
         auto file_name = std::string(FILE_NAME);
         if ( ThreadConfig::get_instance_max() > 1 )
             file_name.insert(file_name.find(".pcap"), 
-                            ("_" + std::to_string(get_instance_id()) + \
-                             "_" + std::to_string(get_relative_instance_number())));
+                            "_" + std::to_string(get_relative_instance_number()));
         fname = config.capture_path + "/" + file_name;
     }
 
@@ -309,10 +308,7 @@ void PacketCapture::eval(Packet* p)
         }
 
         if (matched_filter)
-        {
             write_packet(p);
-            cap_count_stats.matched++;
-        }
 
         cap_count_stats.checked++;
     }
@@ -329,6 +325,7 @@ void PacketCapture::write_packet(Packet* p)
 
         packet_count++;
     }
+    cap_count_stats.matched++;
     struct pcap_pkthdr pcaphdr;
     pcaphdr.ts = p->pkth->ts;
     pcaphdr.caplen = p->pktlen;
@@ -453,6 +450,7 @@ protected:
     {
         pcap.emplace_back(p);
         write_packet_called = true;
+        cap_count_stats.matched++;
     }
 
     bool capture_init() override