log/pcap: exit on invalid filename

If the filename has to % sign and if pcap logging is using multi
mode, then the pcap capture will fail. So let's exit if ever this
is the case.

diff --git a/src/log-pcap.c b/src/log-pcap.c
index afee53c0927ac67c74c859fdaad6408e05f4df96..07ac49452c5be2c81ea7572b82d67011c0e89917 100644 (file)
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -1125,6 +1125,13 @@ static int ParseFilename(PcapLogData *pl, const char *filename)
                 }
             }
         }
+
+        if ((tok == 0) && (pl->mode == LOGMODE_MULTI)) {
+            SCLogError(SC_ERR_INVALID_ARGUMENT,
+                    "Invalid filename for multimode. Need at list one %%-sign option");
+            goto error;
+        }
+
         if (s) {
             if (tok >= MAX_TOKS) {
                 SCLogError(SC_ERR_INVALID_ARGUMENT,
@@ -1222,11 +1229,6 @@ static OutputInitResult PcapLogInitCtx(ConfNode *conf)
 
     pl->suffix = "";
 
-    if (filename) {
-        if (ParseFilename(pl, filename) != 0)
-            exit(EXIT_FAILURE);
-    }
-
     pl->size_limit = DEFAULT_LIMIT;
     if (conf != NULL) {
         const char *s_limit = NULL;
@@ -1418,6 +1420,11 @@ static OutputInitResult PcapLogInitCtx(ConfNode *conf)
                 compression_str ? compression_str : "none");
     }
 
+    if (filename) {
+        if (ParseFilename(pl, filename) != 0)
+            exit(EXIT_FAILURE);
+    }
+
     SCLogInfo("using %s logging", pl->mode == LOGMODE_SGUIL ?
               "Sguil compatible" : (pl->mode == LOGMODE_MULTI ? "multi" : "normal"));