From: Danny Browning Date: Sat, 13 Jan 2018 15:08:11 +0000 (-0700) Subject: suricatasc: pcap-file-continuous (2412) X-Git-Tag: suricata-4.1.0-beta1~300 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0813f080754378d544b2b2a344952d7a32744f08;p=thirdparty%2Fsuricata.git suricatasc: pcap-file-continuous (2412) https://redmine.openinfosecfoundation.org/issues/2412 Suricatasc is not supporting pcap-file processing in continuous mode. Register a new command pcap-file-continuous in the unix manager to work with suricatasc. Add defaulted arguments for pcap-file to support backwards compatibility. --- diff --git a/scripts/suricatasc/src/suricatasc.py b/scripts/suricatasc/src/suricatasc.py index 0ca6701e02..af7615ee1d 100644 --- a/scripts/suricatasc/src/suricatasc.py +++ b/scripts/suricatasc/src/suricatasc.py @@ -177,13 +177,16 @@ class SuricataSC: if command.split(' ', 2)[0] in self.cmd_list: if "pcap-file " in command: try: - parts = command.split(' '); + parts = command.split(' ') except: raise SuricataCommandException("Arguments to command '%s' is missing" % (command)) cmd, filename, output = parts[0], parts[1], parts[2] tenant = None if len(parts) > 3: tenant = parts[3] + continuous = None + if len(parts) > 4: + continuous = parts[4] if cmd != "pcap-file": raise SuricataCommandException("Invalid command '%s'" % (command)) else: @@ -192,22 +195,23 @@ class SuricataSC: arguments["output-dir"] = output if tenant != None: arguments["tenant"] = int(tenant) + if continuous != None: + arguments["continuous"] = continuous elif "pcap-file-continuous " in command: try: - parts = command.split(' '); + parts = command.split(' ') except: raise SuricataCommandException("Arguments to command '%s' is missing" % (command)) cmd, filename, output = parts[0], parts[1], parts[2] tenant = None if len(parts) > 3: tenant = parts[3] - if cmd != "pcap-file": + if cmd != "pcap-file-continuous": raise SuricataCommandException("Invalid command '%s'" % (command)) else: arguments = {} arguments["filename"] = filename arguments["output-dir"] = output - arguments["continuous"] = True if tenant != None: arguments["tenant"] = int(tenant) elif "iface-stat" in command: diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c index 939e0d3260..528fef574e 100644 --- a/src/runmode-unix-socket.c +++ b/src/runmode-unix-socket.c @@ -290,14 +290,15 @@ static TmEcode UnixListAddFile( * \param cmd the content of command Arguments as a json_t object * \param answer the json_t object that has to be used to answer * \param data pointer to data defining the context here a PcapCommand:: + * \param continuous If this should run in continuous mode */ -static TmEcode UnixSocketAddPcapFile(json_t *cmd, json_t* answer, void *data) +static TmEcode UnixSocketAddPcapFileImpl(json_t *cmd, json_t* answer, void *data, + bool continuous) { PcapCommand *this = (PcapCommand *) data; const char *filename; const char *output_dir; int tenant_id = 0; - bool continuous = false; time_t delay = 30; time_t poll_interval = 5; #ifdef OS_WIN32 @@ -362,11 +363,6 @@ static TmEcode UnixSocketAddPcapFile(json_t *cmd, json_t* answer, void *data) tenant_id = json_number_value(targ); } - json_t *cont_arg = json_object_get(cmd, "continuous"); - if (cont_arg != NULL) { - continuous = json_is_true(cont_arg); - } - json_t *delay_arg = json_object_get(cmd, "delay"); if (delay_arg != NULL) { if (!json_is_integer(delay_arg)) { @@ -406,6 +402,37 @@ static TmEcode UnixSocketAddPcapFile(json_t *cmd, json_t* answer, void *data) return TM_ECODE_OK; } +/** + * \brief Command to add a file to treatment list + * + * \param cmd the content of command Arguments as a json_t object + * \param answer the json_t object that has to be used to answer + * \param data pointer to data defining the context here a PcapCommand:: + */ +static TmEcode UnixSocketAddPcapFile(json_t *cmd, json_t* answer, void *data) +{ + bool continuous = false; + + json_t *cont_arg = json_object_get(cmd, "continuous"); + if (cont_arg != NULL) { + continuous = json_is_true(cont_arg); + } + + return UnixSocketAddPcapFileImpl(cmd, answer, data, continuous); +} + +/** + * \brief Command to add a file to treatment list + * + * \param cmd the content of command Arguments as a json_t object + * \param answer the json_t object that has to be used to answer + * \param data pointer to data defining the context here a PcapCommand:: + */ +static TmEcode UnixSocketAddPcapFileContinuous(json_t *cmd, json_t* answer, void *data) +{ + return UnixSocketAddPcapFileImpl(cmd, answer, data, true); +} + /** * \brief Handle the file queue * @@ -1372,6 +1399,7 @@ static int RunModeUnixSocketMaster(void) pcapcmd->current_file = NULL; UnixManagerRegisterCommand("pcap-file", UnixSocketAddPcapFile, pcapcmd, UNIX_CMD_TAKE_ARGS); + UnixManagerRegisterCommand("pcap-file-continuous", UnixSocketAddPcapFileContinuous, pcapcmd, UNIX_CMD_TAKE_ARGS); UnixManagerRegisterCommand("pcap-file-number", UnixSocketPcapFilesNumber, pcapcmd, 0); UnixManagerRegisterCommand("pcap-file-list", UnixSocketPcapFilesList, pcapcmd, 0); UnixManagerRegisterCommand("pcap-last-processed", UnixSocketPcapLastProcessed, pcapcmd, 0);