#include "flow-timeout.h"
#include "stream-tcp.h"
#include "stream-tcp-reassemble.h"
+#include "source-pcap-file-directory-helper.h"
#include "host.h"
#include "defrag.h"
#include "defrag-hash.h"
static int unix_manager_pcap_task_failed = 0;
static int unix_manager_pcap_task_interrupted = 0;
static struct timespec unix_manager_pcap_last_processed;
+static SCCtrlMutex unix_manager_pcap_last_processed_mutex;
/**
* \brief return list of files in the queue
{
PcapCommand *this = (PcapCommand *) data;
- if (this->current_file && this->current_file->filename) {
+ if (this->current_file != NULL && this->current_file->filename != NULL) {
json_object_set_new(answer, "message",
json_string(this->current_file->filename));
} else {
static TmEcode UnixSocketPcapLastProcessed(json_t *cmd, json_t *answer, void *data)
{
- uint64_t epoch_millis = unix_manager_pcap_last_processed.tv_sec * 1000l +
- unix_manager_pcap_last_processed.tv_nsec / 100000l;
+ json_int_t epoch_millis;
+ SCCtrlMutexLock(&unix_manager_pcap_last_processed_mutex);
+ epoch_millis = SCTimespecAsEpochMillis(&unix_manager_pcap_last_processed);
+ SCCtrlMutexUnlock(&unix_manager_pcap_last_processed_mutex);
+
json_object_set_new(answer, "message",
json_integer(epoch_millis));
}
/**
- * \brief Command to add a file to treatment list
+ * \brief Command to add a file to treatment list, forcing continuous mode
*
* \param cmd the content of command Arguments as a json_t object
* \param answer the json_t object that has to be used to answer
}
this->current_file = NULL;
}
+
if (TAILQ_EMPTY(&this->files)) {
// nothing to do
return TM_ECODE_OK;
TmEcode UnixSocketPcapFile(TmEcode tm, struct timespec *last_processed)
{
#ifdef BUILD_UNIX_SOCKET
+ SCCtrlMutexLock(&unix_manager_pcap_last_processed_mutex);
unix_manager_pcap_last_processed.tv_sec = last_processed->tv_sec;
unix_manager_pcap_last_processed.tv_nsec = last_processed->tv_nsec;
+ SCCtrlMutexUnlock(&unix_manager_pcap_last_processed_mutex);
switch (tm) {
case TM_ECODE_DONE:
SCLogInfo("Marking current task as done");
pcapcmd->running = 0;
pcapcmd->current_file = NULL;
+ memset(&unix_manager_pcap_last_processed, 0, sizeof(struct timespec));
+
+ SCCtrlMutexInit(&unix_manager_pcap_last_processed_mutex, NULL);
+
UnixManagerRegisterCommand("pcap-file", UnixSocketAddPcapFile, pcapcmd, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("pcap-file-continuous", UnixSocketAddPcapFileContinuous, pcapcmd, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("pcap-file-number", UnixSocketPcapFilesNumber, pcapcmd, 0);
static TmEcode PcapDirectoryDone(PcapFileDirectoryVars *ptv);
static int PcapDirectoryGetModifiedTime(char const * file, struct timespec * out);
static TmEcode PcapDirectoryInsertFile(PcapFileDirectoryVars *pv,
- PendingFile *file_to_add,
- struct timespec *file_to_add_modified_time);
+ PendingFile *file_to_add);
static TmEcode PcapDirectoryPopulateBuffer(PcapFileDirectoryVars *ptv,
- struct timespec * newer_than,
struct timespec * older_than);
static TmEcode PcapDirectoryDispatchForTimeRange(PcapFileDirectoryVars *pv,
- struct timespec *newer_than,
struct timespec *older_than);
void GetTime(struct timespec *tm)
struct timeval now;
if(gettimeofday(&now, NULL) == 0) {
tm->tv_sec = now.tv_sec;
- tm->tv_nsec = now.tv_usec * 1000;
+ tm->tv_nsec = now.tv_usec * 1000L;
}
}
#endif
#ifdef OS_DARWIN
- *out = buf.st_mtimespec;
+ out->tv_sec = buf.st_mtimespec.tv_sec;
+ out->tv_nsec = buf.st_mtimespec.tv_nsec;
#elif OS_WIN32
- struct timespec ts;
- memset(&ts, 0, sizeof(ts));
- ts.tv_sec = buf.st_mtime;
- *out = ts;
+ out->tv_sec = buf.st_mtime;
#else
- *out = buf.st_mtim;
+ out->tv_sec = buf.st_mtim.tv_sec;
+ out->tv_nsec = buf.st_mtim.tv_nsec;
#endif
return ret;
}
TmEcode PcapDirectoryInsertFile(PcapFileDirectoryVars *pv,
- PendingFile *file_to_add,
- struct timespec *file_to_add_modified_time
+ PendingFile *file_to_add
) {
PendingFile *file_to_compare = NULL;
PendingFile *next_file_to_compare = NULL;
} else {
file_to_compare = TAILQ_FIRST(&pv->directory_content);
while(file_to_compare != NULL) {
- struct timespec modified_time;
- memset(&modified_time, 0, sizeof(struct timespec));
-
- if (PcapDirectoryGetModifiedTime(file_to_compare->filename,
- &modified_time) == TM_ECODE_FAILED) {
- SCReturnInt(TM_ECODE_FAILED);
- }
- if (CompareTimes(file_to_add_modified_time, &modified_time) < 0) {
+ if (CompareTimes(&file_to_add->modified_time, &file_to_compare->modified_time) < 0) {
TAILQ_INSERT_BEFORE(file_to_compare, file_to_add, next);
file_to_compare = NULL;
} else {
}
TmEcode PcapDirectoryPopulateBuffer(PcapFileDirectoryVars *pv,
- struct timespec *newer_than,
struct timespec *older_than
) {
if (unlikely(pv == NULL)) {
memset(&temp_time, 0, sizeof(struct timespec));
if (PcapDirectoryGetModifiedTime(pathbuff, &temp_time) == 0) {
- SCLogDebug("File %s time (%lu > %lu < %lu)", pathbuff,
- newer_than->tv_sec, temp_time.tv_sec, older_than->tv_sec);
+ SCLogDebug("%" PRIuMAX " < %" PRIuMAX "(%s) < %" PRIuMAX ")",
+ (uintmax_t)SCTimespecAsEpochMillis(&pv->shared->last_processed),
+ (uintmax_t)SCTimespecAsEpochMillis(&temp_time),
+ pathbuff,
+ (uintmax_t)SCTimespecAsEpochMillis(older_than));
// Skip files outside of our time range
- if (CompareTimes(&temp_time, newer_than) < 0) {
+ if (CompareTimes(&temp_time, &pv->shared->last_processed) <= 0) {
SCLogDebug("Skipping old file %s", pathbuff);
continue;
}
SCReturnInt(TM_ECODE_FAILED);
}
- SCLogDebug("Found \"%s\"", file_to_add->filename);
+ memset(&file_to_add->modified_time, 0, sizeof(struct timespec));
+ CopyTime(&temp_time, &file_to_add->modified_time);
- if (PcapDirectoryInsertFile(pv, file_to_add, &temp_time) == TM_ECODE_FAILED) {
+ SCLogInfo("Found \"%s\" at %" PRIuMAX, file_to_add->filename,
+ (uintmax_t)SCTimespecAsEpochMillis(&file_to_add->modified_time));
+
+ if (PcapDirectoryInsertFile(pv, file_to_add) == TM_ECODE_FAILED) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to add file");
CleanupPendingFile(file_to_add);
TmEcode PcapDirectoryDispatchForTimeRange(PcapFileDirectoryVars *pv,
- struct timespec *newer_than,
struct timespec *older_than)
{
- if (PcapDirectoryPopulateBuffer(pv, newer_than, older_than) == TM_ECODE_FAILED) {
+ if (PcapDirectoryPopulateBuffer(pv, older_than) == TM_ECODE_FAILED) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to populate directory buffer");
SCReturnInt(TM_ECODE_FAILED);
}
TmEcode status = TM_ECODE_OK;
if (TAILQ_EMPTY(&pv->directory_content)) {
- SCLogInfo("Directory %s has no files to process", pv->filename);
+ SCLogDebug("Directory %s has no files to process", pv->filename);
GetTime(older_than);
older_than->tv_sec = older_than->tv_sec - pv->delay;
rewinddir(pv->directory);
} else {
PendingFile *current_file = NULL;
+ struct timespec last_time_seen;
+ memset(&last_time_seen, 0, sizeof(struct timespec));
+
while (status == TM_ECODE_OK && !TAILQ_EMPTY(&pv->directory_content)) {
current_file = TAILQ_FIRST(&pv->directory_content);
TAILQ_REMOVE(&pv->directory_content, current_file, next);
SCReturnInt(status);
}
- struct timespec temp_time;
- memset(&temp_time, 0, sizeof(struct timespec));
+ SCLogInfo("Processed file %s, processed up to %" PRIuMAX,
+ current_file->filename,
+ (uintmax_t)SCTimespecAsEpochMillis(¤t_file->modified_time));
- if (PcapDirectoryGetModifiedTime(current_file->filename,
- &temp_time) != 0) {
- CopyTime(&temp_time, newer_than);
+ if(CompareTimes(¤t_file->modified_time, &last_time_seen) > 0) {
+ CopyTime(¤t_file->modified_time, &last_time_seen);
}
- SCLogDebug("Processed file %s, processed up to %ld",
- current_file->filename, temp_time.tv_sec);
- CopyTime(&temp_time, &pv->shared->last_processed);
CleanupPendingFile(current_file);
pv->current_file = NULL;
}
}
- *newer_than = *older_than;
+ if(CompareTimes(&last_time_seen, &pv->shared->last_processed) > 0) {
+ SCLogInfo("Updating processed to %" PRIuMAX,
+ (uintmax_t)SCTimespecAsEpochMillis(&last_time_seen));
+ CopyTime(&last_time_seen, &pv->shared->last_processed);
+ status = PcapRunStatus(pv);
+ }
}
GetTime(older_than);
older_than->tv_sec = older_than->tv_sec - pv->delay;
DIR *directory_check = NULL;
- struct timespec newer_than;
- memset(&newer_than, 0, sizeof(struct timespec));
struct timespec older_than;
memset(&older_than, 0, sizeof(struct timespec));
older_than.tv_sec = LONG_MAX;
while (status == TM_ECODE_OK) {
//loop while directory is ok
SCLogInfo("Processing pcaps directory %s, files must be newer than %" PRIuMAX " and older than %" PRIuMAX,
- ptv->filename, (uintmax_t)newer_than.tv_sec, (uintmax_t)older_than.tv_sec);
- status = PcapDirectoryDispatchForTimeRange(ptv, &newer_than, &older_than);
+ ptv->filename, (uintmax_t)SCTimespecAsEpochMillis(&ptv->shared->last_processed),
+ (uintmax_t)SCTimespecAsEpochMillis(&older_than));
+ status = PcapDirectoryDispatchForTimeRange(ptv, &older_than);
if (ptv->should_loop && status == TM_ECODE_OK) {
sleep(poll_seconds);
//update our status based on suricata control flags or unix command socket
projects / thirdparty / suricata.git / commitdiff
