examples/lib: better command line handling

Use the more conventional "--" command line handling to separate the
arguments. The first set will be passed to Suricata, and the args
after "--" will be handled by the example. Currently this is a single
PCAP filename, but will be extended to a list of PCAP filenames.

Also hard code logging to the current directory.

Ticket: #7240

diff --git a/examples/lib/custom/README.md b/examples/lib/custom/README.md
index 2497ee9c25562edb31022ff4dcce5882c7ce9206..49cfe4902bf5be2878b3992a20980b5e601aec7d 100644 (file)
--- a/examples/lib/custom/README.md
+++ b/examples/lib/custom/README.md
@@ -13,6 +13,17 @@ build simply run:
 make
 ```
 
+## Running
+
+```
+./custom -l . -- filename.pcap
+```
+
+For this example, any arguments before `--` are passed directly as
+Suricata command line arguments. Arguments after the first `--` are
+handled by this example program, and currently the only argument is a
+PCAP filename to be read.
+
 ## Building Out of Tree
 
 A Makefile.example has also been generated to use as an example on how

diff --git a/examples/lib/custom/main.c b/examples/lib/custom/main.c
index 7e6900e5f40cd226dd2d68d40f668a3e717a6725..c4da9f6146d6b27f06551efc590ed8f7826074a7 100644 (file)
--- a/examples/lib/custom/main.c
+++ b/examples/lib/custom/main.c
@@ -22,8 +22,10 @@
 #include "source-lib.h"
 #include "threadvars.h"
 
-/* Suricata worker thread in library mode.
-   The functions should be wrapped in an API layer. */
+/**
+ * Suricata worker thread in library mode.
+ * The functions should be wrapped in an API layer.
+ */
 static void *SimpleWorker(void *arg)
 {
     char *pcap_file = (char *)arg;
@@ -65,12 +67,25 @@ int main(int argc, char **argv)
     SuricataPreInit(argv[0]);
 
     /* Parse command line options. This is optional, you could
-     * directly configure Suricata through the Conf API.
-       The last argument is the PCAP file to replay. */
-    SCParseCommandLine(argc - 1, argv);
+     * directly configure Suricata through the Conf API. */
+    SCParseCommandLine(argc, argv);
+
+    /* Find our list of pcap files, after the "--". */
+    while (argc) {
+        bool end = strncmp(argv[0], "--", 2) == 0;
+        argv++;
+        argc--;
+        if (end) {
+            break;
+        }
+    }
+    if (argc == 0) {
+        fprintf(stderr, "ERROR: No PCAP files provided\n");
+        return 1;
+    }
 
-    /* Set lib runmode. There is currently no way to set it via
-       the Conf API. */
+    /* Set lib runmode. There is currently no way to set it via the
+     * Conf API. */
     SuricataSetLibRunmode();
 
     /* Validate/finalize the runmode. */
@@ -100,19 +115,23 @@ int main(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
+    /* Force logging to the current directory. */
+    ConfSetFromString("default-log-dir=.", 1);
+
     SuricataInit();
 
-    /* Create and start worker on its own thread, passing the PCAP file
-       as argument. This needs to be done in between SuricataInit and
-       SuricataPostInit. */
+    /* Create and start worker on its own thread, passing the PCAP
+     * file as argument. This needs to be done in between SuricataInit
+     * and SuricataPostInit. */
     pthread_t worker;
     if (pthread_create(&worker, NULL, SimpleWorker, argv[argc - 1]) != 0) {
         exit(EXIT_FAILURE);
     }
 
     /* Need to introduce a little sleep to allow the worker thread to
-       initialize before SuricataPostInit invokes TmThreadContinueThreads().
-       This should be handle at the API level. */
+     * initialize before SuricataPostInit invokes
+     * TmThreadContinueThreads().  This should be handle at the API
+     * level. */
     usleep(100);
 
     SuricataPostInit();