From: Victor Julien Date: Sat, 7 Nov 2015 18:03:48 +0000 (+0100) Subject: commandline: move pcap parsing into util func X-Git-Tag: suricata-3.1RC1~254 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fe09a38e0e73ecff5aab4f7509a08b4400b53d0;p=thirdparty%2Fsuricata.git commandline: move pcap parsing into util func --- diff --git a/src/suricata.c b/src/suricata.c index 4f43dddfcc..ecd26f1393 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1109,6 +1109,91 @@ static void SCPrintElapsedTime(SCInstance *suri) SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000); } +static int ParseCommandLinePcapLive(SCInstance *suri, const char *optarg) +{ + memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev)); + + if (optarg == NULL) { + SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i"); + return TM_ECODE_FAILED; + } + + /* warn user if af-packet, netmap or pf-ring are available */ +#if defined HAVE_AF_PACKET || HAVE_PFRING || HAVE_NETMAP + int i = 0; +#ifdef HAVE_AF_PACKET + i++; +#endif +#ifdef HAVE_PFRING + i++; +#endif +#ifdef HAVE_NETMAP + i++; +#endif + SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture " + "option%s %s available:" +#ifdef HAVE_AF_PACKET + " AF_PACKET (--af-packet=%s)" +#endif +#ifdef HAVE_PFRING + " PF_RING (--pfring-int=%s)" +#endif +#ifdef HAVE_NETMAP + " NETMAP (--netmap=%s)" +#endif + ". Use --pcap=%s to suppress this warning", + i == 1 ? "" : "s", i == 1 ? "is" : "are" + +#ifdef HAVE_AF_PACKET + , optarg +#endif +#ifdef HAVE_PFRING + , optarg +#endif +#ifdef HAVE_NETMAP + , optarg +#endif + , optarg + ); +#endif + /* some windows shells require escaping of the \ in \Device. Otherwise + * the backslashes are stripped. We put them back here. */ + if (strlen(optarg) > 9 && strncmp(optarg, "DeviceNPF", 9) == 0) { + snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", optarg+9); + } else { + strlcpy(suri->pcap_dev, optarg, ((strlen(optarg) < sizeof(suri->pcap_dev)) ? (strlen(optarg)+1) : (sizeof(suri->pcap_dev)))); + PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev)); + } + + if (strcmp(suri->pcap_dev, optarg) != 0) { + SCLogInfo("translated %s to pcap device %s", optarg, suri->pcap_dev); + } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) { + SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", optarg); + return TM_ECODE_FAILED; + } + + if (suri->run_mode == RUNMODE_UNKNOWN) { + suri->run_mode = RUNMODE_PCAP_DEV; + LiveRegisterDevice(suri->pcap_dev); + } else if (suri->run_mode == RUNMODE_PCAP_DEV) { +#ifdef OS_WIN32 + SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev " + "support is not (yet) supported on Windows."); + return TM_ECODE_FAILED; +#else + SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using " + "multiple pcap devices to get packets is experimental."); + LiveRegisterDevice(suri->pcap_dev); +#endif + } else { + SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " + "has been specified"); + usage(suri->progname); + return TM_ECODE_FAILED; + } + return TM_ECODE_OK; +} + static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) { int opt; @@ -1669,84 +1754,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) suri->run_mode = RUNMODE_PRINT_USAGE; return TM_ECODE_OK; case 'i': - memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev)); - - if (optarg == NULL) { - SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i"); - return TM_ECODE_FAILED; - } - - /* warn user if af-packet, netmap or pf-ring are available */ -#if defined HAVE_AF_PACKET || HAVE_PFRING || HAVE_NETMAP - int i = 0; -#ifdef HAVE_AF_PACKET - i++; -#endif -#ifdef HAVE_PFRING - i++; -#endif -#ifdef HAVE_NETMAP - i++; -#endif - SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture " - "option%s %s available:" -#ifdef HAVE_AF_PACKET - " AF_PACKET (--af-packet=%s)" -#endif -#ifdef HAVE_PFRING - " PF_RING (--pfring-int=%s)" -#endif -#ifdef HAVE_NETMAP - " NETMAP (--netmap=%s)" -#endif - ". Use --pcap=%s to suppress this warning", - i == 1 ? "" : "s", i == 1 ? "is" : "are" - -#ifdef HAVE_AF_PACKET - , optarg -#endif -#ifdef HAVE_PFRING - , optarg -#endif -#ifdef HAVE_NETMAP - , optarg -#endif - , optarg - ); -#endif - /* some windows shells require escaping of the \ in \Device. Otherwise - * the backslashes are stripped. We put them back here. */ - if (strlen(optarg) > 9 && strncmp(optarg, "DeviceNPF", 9) == 0) { - snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", optarg+9); - } else { - strlcpy(suri->pcap_dev, optarg, ((strlen(optarg) < sizeof(suri->pcap_dev)) ? (strlen(optarg)+1) : (sizeof(suri->pcap_dev)))); - PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev)); - } - - if (strcmp(suri->pcap_dev, optarg) != 0) { - SCLogInfo("translated %s to pcap device %s", optarg, suri->pcap_dev); - } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) { - SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", optarg); - return TM_ECODE_FAILED; - } - - if (suri->run_mode == RUNMODE_UNKNOWN) { - suri->run_mode = RUNMODE_PCAP_DEV; - LiveRegisterDevice(suri->pcap_dev); - } else if (suri->run_mode == RUNMODE_PCAP_DEV) { -#ifdef OS_WIN32 - SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev " - "support is not (yet) supported on Windows."); - return TM_ECODE_FAILED; -#else - SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using " - "multiple pcap devices to get packets is experimental."); - LiveRegisterDevice(suri->pcap_dev); -#endif - } else { - SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " - "has been specified"); - usage(argv[0]); + if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) { return TM_ECODE_FAILED; } break;