if (p->flags & PKT_PSEUDO_STREAM_END) {
return FALSE;
}
- if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
- return FALSE;
- }
/* Log alerted flow */
if (ptd->pcap_log->conditional == LOGMODE_COND_ALERTS) {
if (p->alerts.cnt || (p->flow && FlowHasAlerts(p->flow))) {
return FALSE;
}
}
+
+ if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
+ return FALSE;
+ }
return TRUE;
}
{
PCAPLOG_PROFILE_START;
- SCLogDebug("Setting pcap-log link type to %u", p->datalink);
-
- if (pl->pcap_dead_handle == NULL) {
- if ((pl->pcap_dead_handle = pcap_open_dead(p->datalink,
- PCAP_SNAPLEN)) == NULL) {
- SCLogDebug("Error opening dead pcap handle");
- return TM_ECODE_FAILED;
+ if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
+ Packet *real_p = p->root;
+ SCMutexLock(&real_p->tunnel_mutex);
+ SCLogDebug("Setting pcap-log link type to %u", real_p->datalink);
+ if (pl->pcap_dead_handle == NULL) {
+ if ((pl->pcap_dead_handle = pcap_open_dead(real_p->datalink, PCAP_SNAPLEN)) == NULL) {
+ SCLogDebug("Error opening dead pcap handle");
+ SCMutexUnlock(&real_p->tunnel_mutex);
+ return TM_ECODE_FAILED;
+ }
+ }
+ SCMutexUnlock(&real_p->tunnel_mutex);
+ } else {
+ SCLogDebug("Setting pcap-log link type to %u", p->datalink);
+ if (pl->pcap_dead_handle == NULL) {
+ if ((pl->pcap_dead_handle = pcap_open_dead(p->datalink, PCAP_SNAPLEN)) == NULL) {
+ SCLogDebug("Error opening dead pcap handle");
+ return TM_ECODE_FAILED;
+ }
}
}
size_t len;
int rotate = 0;
int ret = 0;
+ Packet *rp = NULL;
PcapLogThreadData *td = (PcapLogThreadData *)thread_data;
PcapLogData *pl = td->pcap_log;
if ((p->flags & PKT_PSEUDO_STREAM_END) ||
((p->flags & PKT_STREAM_NOPCAPLOG) &&
(pl->use_stream_depth == USE_STREAM_DEPTH_ENABLED)) ||
- (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) ||
(pl->honor_pass_rules && (p->flags & PKT_NOPACKET_INSPECTION)))
{
return TM_ECODE_OK;
pl->pkt_cnt++;
pl->h->ts.tv_sec = p->ts.tv_sec;
pl->h->ts.tv_usec = p->ts.tv_usec;
- pl->h->caplen = GET_PKT_LEN(p);
- pl->h->len = GET_PKT_LEN(p);
- len = sizeof(*pl->h) + GET_PKT_LEN(p);
+ if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
+ rp = p->root;
+ SCMutexLock(&rp->tunnel_mutex);
+ pl->h->caplen = GET_PKT_LEN(rp);
+ pl->h->len = GET_PKT_LEN(rp);
+ len = sizeof(*pl->h) + GET_PKT_LEN(rp);
+ SCMutexUnlock(&rp->tunnel_mutex);
+ } else {
+ pl->h->caplen = GET_PKT_LEN(p);
+ pl->h->len = GET_PKT_LEN(p);
+ len = sizeof(*pl->h) + GET_PKT_LEN(p);
+ }
if (pl->filename == NULL) {
ret = PcapLogOpenFileCtx(pl);
if (PKT_IS_TCP(p)) {
/* dump fake packets for all segments we have on acked by packet */
#ifdef HAVE_LIBLZ4
- PcapLogDumpSegments(td, connp, p);
+ PcapLogDumpSegments(td, comp, p);
#else
PcapLogDumpSegments(td, NULL, p);
#endif
}
}
+ if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
+ rp = p->root;
+ SCMutexLock(&rp->tunnel_mutex);
+#ifdef HAVE_LIBLZ4
+ ret = PcapWrite(pl, comp, GET_PKT_DATA(rp), len);
+#else
+ ret = PcapWrite(pl, NULL, GET_PKT_DATA(rp), len);
+#endif
+ SCMutexUnlock(&rp->tunnel_mutex);
+ } else {
#ifdef HAVE_LIBLZ4
- ret = PcapWrite(pl, comp, GET_PKT_DATA(p), len);
+ ret = PcapWrite(pl, comp, GET_PKT_DATA(p), len);
#else
- ret = PcapWrite(pl, NULL, GET_PKT_DATA(p), len);
+ ret = PcapWrite(pl, NULL, GET_PKT_DATA(p), len);
#endif
+ }
if (ret != TM_ECODE_OK) {
PCAPLOG_PROFILE_END(pl->profile_write);
PcapLogUnlock(pl);
static void StreamTcpSegmentAddPacketData(
TcpSegment *seg, Packet *p, ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx)
{
+ Packet *rp = p;
if (seg->pcap_hdr_storage == NULL || seg->pcap_hdr_storage->pkt_hdr == NULL) {
return;
}
- /* FIXME we need to address pseudo packet */
+ if (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)) {
+ rp = p->root;
+ }
- if (GET_PKT_DATA(p) != NULL && GET_PKT_LEN(p) > p->payload_len) {
- seg->pcap_hdr_storage->ts.tv_sec = p->ts.tv_sec;
- seg->pcap_hdr_storage->ts.tv_usec = p->ts.tv_usec;
- seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(p) - p->payload_len;
+ SCMutexLock(&rp->tunnel_mutex);
+ if (GET_PKT_DATA(rp) != NULL && GET_PKT_LEN(rp) > p->payload_len) {
+ seg->pcap_hdr_storage->ts.tv_sec = rp->ts.tv_sec;
+ seg->pcap_hdr_storage->ts.tv_usec = rp->ts.tv_usec;
+ seg->pcap_hdr_storage->pktlen = GET_PKT_LEN(rp) - p->payload_len;
/*
* pkt_hdr members are initially allocated 64 bytes of memory. Thus,
* need to check that this is sufficient and allocate more memory if
* not.
*/
- if (GET_PKT_LEN(p) - p->payload_len > seg->pcap_hdr_storage->alloclen) {
+ if (GET_PKT_LEN(rp) - p->payload_len > seg->pcap_hdr_storage->alloclen) {
uint8_t *tmp_pkt_hdr =
- SCRealloc(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_LEN(p) - p->payload_len);
+ SCRealloc(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_LEN(rp) - p->payload_len);
if (tmp_pkt_hdr == NULL) {
SCLogDebug("Failed to realloc");
seg->pcap_hdr_storage->ts.tv_sec = 0;
return;
} else {
seg->pcap_hdr_storage->pkt_hdr = tmp_pkt_hdr;
- seg->pcap_hdr_storage->alloclen = GET_PKT_LEN(p) - p->payload_len;
+ seg->pcap_hdr_storage->alloclen = GET_PKT_LEN(rp) - p->payload_len;
}
}
- memcpy(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_DATA(p),
- (size_t)GET_PKT_LEN(p) - p->payload_len);
+ memcpy(seg->pcap_hdr_storage->pkt_hdr, GET_PKT_DATA(rp),
+ (size_t)GET_PKT_LEN(rp) - p->payload_len);
} else {
seg->pcap_hdr_storage->ts.tv_sec = 0;
seg->pcap_hdr_storage->ts.tv_usec = 0;
seg->pcap_hdr_storage->pktlen = 0;
}
+ SCMutexUnlock(&rp->tunnel_mutex);
}
/**
projects / thirdparty / suricata.git / commitdiff
