log-pcap: only open dumper after successful file open (lz4)

When LZ4 compression is enabled, open the dumper after successful open
of the file. The dump handle is what forms the check if opening the
file needs to be retried.

Ticket: #5022

diff --git a/src/log-pcap.c b/src/log-pcap.c
index 3238f2a076abbf4f97b9d95d4c951539c7f4b3d9..10f3eee3101138d33a8db6dc4fcb86a8a9703afd 100644 (file)
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -429,17 +429,21 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
 #ifdef HAVE_LIBLZ4
         else if (pl->compression.format == PCAP_LOG_COMPRESSION_FORMAT_LZ4) {
             PcapLogCompressionData *comp = &pl->compression;
-            if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle,
-                    comp->pcap_buf_wrapper)) == NULL) {
-                SCLogError("Error opening dump file %s", pcap_geterr(pl->pcap_dead_handle));
-                return TM_ECODE_FAILED;
-            }
+
             comp->file = fopen(pl->filename, "w");
             if (comp->file == NULL) {
                 SCLogError("Error opening file for compressed output: %s", strerror(errno));
                 return TM_ECODE_FAILED;
             }
 
+            if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle, comp->pcap_buf_wrapper)) ==
+                    NULL) {
+                SCLogError("Error opening dump file %s", pcap_geterr(pl->pcap_dead_handle));
+                fclose(comp->file);
+                comp->file = NULL;
+                return TM_ECODE_FAILED;
+            }
+
             uint64_t bytes_written = LZ4F_compressBegin(comp->lz4f_context,
                     comp->buffer, comp->buffer_size, NULL);
             if (LZ4F_isError(bytes_written)) {