log-pcap: only open dumper after successful file open (lz4)

When LZ4 compression is enabled, open the dumper after successful open
of the file. The dump handle is what forms the check if opening the
file needs to be retried.

Ticket: #5022

(cherry picked from commit bf589f081287b71849658c6325fc50d209c60d20)

diff --git a/src/log-pcap.c b/src/log-pcap.c
index 28a74843caf9f095d25ca3a7c0c182e33c24f1d9..144f87fb2d7dfee2b6713bd3188252f5e19859eb 100644 (file)
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -404,12 +404,6 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
 #ifdef HAVE_LIBLZ4
         else if (pl->compression.format == PCAP_LOG_COMPRESSION_FORMAT_LZ4) {
             PcapLogCompressionData *comp = &pl->compression;
-            if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle,
-                    comp->pcap_buf_wrapper)) == NULL) {
-                SCLogError(SC_ERR_OPENING_FILE, "Error opening dump file %s",
-                        pcap_geterr(pl->pcap_dead_handle));
-                return TM_ECODE_FAILED;
-            }
             comp->file = fopen(pl->filename, "w");
             if (comp->file == NULL) {
                 SCLogError(SC_ERR_OPENING_FILE,
@@ -418,6 +412,15 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
                 return TM_ECODE_FAILED;
             }
 
+            if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle, comp->pcap_buf_wrapper)) ==
+                    NULL) {
+                SCLogError(SC_ERR_OPENING_FILE, "Error opening dump file %s",
+                        pcap_geterr(pl->pcap_dead_handle));
+                fclose(comp->file);
+                comp->file = NULL;
+                return TM_ECODE_FAILED;
+            }
+
             uint64_t bytes_written = LZ4F_compressBegin(comp->lz4f_context,
                     comp->buffer, comp->buffer_size, NULL);
             if (LZ4F_isError(bytes_written)) {