SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
}
+static int ParseCommandLinePcapLive(SCInstance *suri, const char *optarg)
+{
+ memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
+
+ if (optarg == NULL) {
+ SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
+ return TM_ECODE_FAILED;
+ }
+
+ /* warn user if af-packet, netmap or pf-ring are available */
+#if defined HAVE_AF_PACKET || HAVE_PFRING || HAVE_NETMAP
+ int i = 0;
+#ifdef HAVE_AF_PACKET
+ i++;
+#endif
+#ifdef HAVE_PFRING
+ i++;
+#endif
+#ifdef HAVE_NETMAP
+ i++;
+#endif
+ SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
+ "option%s %s available:"
+#ifdef HAVE_AF_PACKET
+ " AF_PACKET (--af-packet=%s)"
+#endif
+#ifdef HAVE_PFRING
+ " PF_RING (--pfring-int=%s)"
+#endif
+#ifdef HAVE_NETMAP
+ " NETMAP (--netmap=%s)"
+#endif
+ ". Use --pcap=%s to suppress this warning",
+ i == 1 ? "" : "s", i == 1 ? "is" : "are"
+
+#ifdef HAVE_AF_PACKET
+ , optarg
+#endif
+#ifdef HAVE_PFRING
+ , optarg
+#endif
+#ifdef HAVE_NETMAP
+ , optarg
+#endif
+ , optarg
+ );
+#endif
+ /* some windows shells require escaping of the \ in \Device. Otherwise
+ * the backslashes are stripped. We put them back here. */
+ if (strlen(optarg) > 9 && strncmp(optarg, "DeviceNPF", 9) == 0) {
+ snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", optarg+9);
+ } else {
+ strlcpy(suri->pcap_dev, optarg, ((strlen(optarg) < sizeof(suri->pcap_dev)) ? (strlen(optarg)+1) : (sizeof(suri->pcap_dev))));
+ PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
+ }
+
+ if (strcmp(suri->pcap_dev, optarg) != 0) {
+ SCLogInfo("translated %s to pcap device %s", optarg, suri->pcap_dev);
+ } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
+ SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", optarg);
+ return TM_ECODE_FAILED;
+ }
+
+ if (suri->run_mode == RUNMODE_UNKNOWN) {
+ suri->run_mode = RUNMODE_PCAP_DEV;
+ LiveRegisterDevice(suri->pcap_dev);
+ } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
+#ifdef OS_WIN32
+ SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
+ "support is not (yet) supported on Windows.");
+ return TM_ECODE_FAILED;
+#else
+ SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
+ "multiple pcap devices to get packets is experimental.");
+ LiveRegisterDevice(suri->pcap_dev);
+#endif
+ } else {
+ SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
+ "has been specified");
+ usage(suri->progname);
+ return TM_ECODE_FAILED;
+ }
+ return TM_ECODE_OK;
+}
+
static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
{
int opt;
suri->run_mode = RUNMODE_PRINT_USAGE;
return TM_ECODE_OK;
case 'i':
- memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
-
- if (optarg == NULL) {
- SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
- return TM_ECODE_FAILED;
- }
-
- /* warn user if af-packet, netmap or pf-ring are available */
-#if defined HAVE_AF_PACKET || HAVE_PFRING || HAVE_NETMAP
- int i = 0;
-#ifdef HAVE_AF_PACKET
- i++;
-#endif
-#ifdef HAVE_PFRING
- i++;
-#endif
-#ifdef HAVE_NETMAP
- i++;
-#endif
- SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
- "option%s %s available:"
-#ifdef HAVE_AF_PACKET
- " AF_PACKET (--af-packet=%s)"
-#endif
-#ifdef HAVE_PFRING
- " PF_RING (--pfring-int=%s)"
-#endif
-#ifdef HAVE_NETMAP
- " NETMAP (--netmap=%s)"
-#endif
- ". Use --pcap=%s to suppress this warning",
- i == 1 ? "" : "s", i == 1 ? "is" : "are"
-
-#ifdef HAVE_AF_PACKET
- , optarg
-#endif
-#ifdef HAVE_PFRING
- , optarg
-#endif
-#ifdef HAVE_NETMAP
- , optarg
-#endif
- , optarg
- );
-#endif
- /* some windows shells require escaping of the \ in \Device. Otherwise
- * the backslashes are stripped. We put them back here. */
- if (strlen(optarg) > 9 && strncmp(optarg, "DeviceNPF", 9) == 0) {
- snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", optarg+9);
- } else {
- strlcpy(suri->pcap_dev, optarg, ((strlen(optarg) < sizeof(suri->pcap_dev)) ? (strlen(optarg)+1) : (sizeof(suri->pcap_dev))));
- PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
- }
-
- if (strcmp(suri->pcap_dev, optarg) != 0) {
- SCLogInfo("translated %s to pcap device %s", optarg, suri->pcap_dev);
- } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
- SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", optarg);
- return TM_ECODE_FAILED;
- }
-
- if (suri->run_mode == RUNMODE_UNKNOWN) {
- suri->run_mode = RUNMODE_PCAP_DEV;
- LiveRegisterDevice(suri->pcap_dev);
- } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
-#ifdef OS_WIN32
- SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
- "support is not (yet) supported on Windows.");
- return TM_ECODE_FAILED;
-#else
- SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
- "multiple pcap devices to get packets is experimental.");
- LiveRegisterDevice(suri->pcap_dev);
-#endif
- } else {
- SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
- "has been specified");
- usage(argv[0]);
+ if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
return TM_ECODE_FAILED;
}
break;
projects / thirdparty / suricata.git / commitdiff
