{ "filter", Parameter::PT_STRING, nullptr, nullptr,
"bpf filter to use for packet dump" },
+ { "group", Parameter::PT_INT, "-1:32767", "-1",
+ "group filter to use for the packet dump" },
+
+ { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
+};
+
+static const Parameter capture_params[] =
+{
+ { "filter", Parameter::PT_STRING, nullptr, nullptr,
+ "bpf filter to use for packet dump" },
+
+ { "group", Parameter::PT_INT, "-1:32767", "-1",
+ "group filter to use for the packet dump" },
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Command cap_cmds[] =
{
- { "enable", enable, &s_capture[1], "dump raw packets"},
+ { "enable", enable, capture_params, "dump raw packets"},
{ "disable", disable, nullptr, "stop packet dump"},
{ nullptr, nullptr, nullptr, nullptr }
};
class PacketCaptureDebug : public AnalyzerCommand
{
public:
- PacketCaptureDebug(const char* f);
+ PacketCaptureDebug(const char* f, const int16_t g);
bool execute(Analyzer&, void**) override;
const char* stringify() override { return "PACKET_CAPTURE_DEBUG"; }
private:
bool enable = false;
std::string filter;
+ int16_t group = -1;
};
// -----------------------------------------------------------------------------
// -----------------------------------------------------------------------------
static int enable(lua_State* L)
{
- main_broadcast_command(new PacketCaptureDebug(lua_tostring(L, 1)), true);
+ main_broadcast_command(new PacketCaptureDebug(lua_tostring(L, 1),
+ luaL_optint(L, 2, 0)), true);
return 0;
}
static int disable(lua_State*)
{
- main_broadcast_command(new PacketCaptureDebug(nullptr), true);
+ main_broadcast_command(new PacketCaptureDebug(nullptr, -1), true);
return 0;
}
// non-static functions
// -----------------------------------------------------------------------------
-PacketCaptureDebug::PacketCaptureDebug(const char* f)
+PacketCaptureDebug::PacketCaptureDebug(const char* f, const int16_t g)
{
if (f)
{
filter = f;
+ group = g;
enable = true;
}
}
bool PacketCaptureDebug::execute(Analyzer&, void**)
{
if (enable)
- packet_capture_enable(filter);
+ packet_capture_enable(filter, group);
else
packet_capture_disable();
CaptureModule::CaptureModule() :
Module(CAPTURE_NAME, CAPTURE_HELP, s_capture)
-{ config.enabled = false; }
+{
+ config.enabled = false;
+ config.group = -1;
+}
bool CaptureModule::set(const char*, Value& v, SnortConfig*)
{
else if ( v.is("filter") )
config.filter = v.get_string();
+ else if ( v.is("group") )
+ config.group = v.get_int16();
+
else
return false;
}
// for unit test
-static void _packet_capture_enable(const string& f)
+static void _packet_capture_enable(const string& f, const int16_t g = -1)
{
if ( !config.enabled )
{
config.filter = f;
config.enabled = true;
+ config.group = g;
}
}
static void _packet_capture_disable()
{
config.enabled = false;
+ config.group = -1;
LogMessage("Packet capture disabled\n");
}
// non-static functions
// -----------------------------------------------------------------------------
-void packet_capture_enable(const string& f)
+void packet_capture_enable(const string& f, const int16_t g)
{
- _packet_capture_enable(f);
+ _packet_capture_enable(f, g);
if ( !capture_initialized() )
{
if ( config.enabled )
{
+ if ( (config.group != -1) and
+ !((config.group == p->pkth->ingress_group) or
+ (config.group == p->pkth->egress_group)) )
+ return;
+
if ( !capture_initialized() )
if ( !capture_init() )
return;
p_non_match.pktlen = sizeof(match);
daq_hdr.pktlen = sizeof(match);
+ daq_hdr.ingress_group = -1;
+ daq_hdr.egress_group = -1;
CaptureModule mod;
MockPacketCapture cap(&mod);
projects / thirdparty / snort3.git / commitdiff
