From: Victor Julien Date: Fri, 30 Jan 2015 12:20:12 +0000 (+0100) Subject: pcap-file: set tenant-id if available X-Git-Tag: suricata-3.0RC1~220 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bea66156b9b3255032a29dd1f3f5e73bdf506390;p=thirdparty%2Fsuricata.git pcap-file: set tenant-id if available Set the id to each packet's 'pcap_v' structure. --- diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c index 5d60b98713..0b982fd3ab 100644 --- a/src/source-pcap-file.c +++ b/src/source-pcap-file.c @@ -78,6 +78,8 @@ typedef struct PcapFileGlobalVars_ { typedef struct PcapFileThreadVars_ { + uint32_t tenant_id; + /* counters */ uint32_t pkts; uint64_t bytes; @@ -155,6 +157,7 @@ void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt) p->datalink = pcap_g.datalink; p->pcap_cnt = ++pcap_g.cnt; + p->pcap_v.tenant_id = ptv->tenant_id; ptv->pkts++; ptv->bytes += h->caplen; @@ -271,6 +274,16 @@ TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) SCReturnInt(TM_ECODE_FAILED); memset(ptv, 0, sizeof(PcapFileThreadVars)); + intmax_t tenant = 0; + if (ConfGetInt("pcap-file.tenant-id", &tenant) == 1) { + if (tenant > 0 && tenant < UINT_MAX) { + ptv->tenant_id = (uint32_t)tenant; + SCLogInfo("tenant %u", ptv->tenant_id); + } else { + SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant out of range"); + } + } + char errbuf[PCAP_ERRBUF_SIZE] = ""; pcap_g.pcap_handle = pcap_open_offline((char *)initdata, errbuf); if (pcap_g.pcap_handle == NULL) { diff --git a/src/source-pcap.h b/src/source-pcap.h index 335986954d..ac6d331ddb 100644 --- a/src/source-pcap.h +++ b/src/source-pcap.h @@ -39,6 +39,7 @@ char *PcapLiveGetDevice(int); /* per packet Pcap vars */ typedef struct PcapPacketVars_ { + uint32_t tenant_id; } PcapPacketVars; /** needs to be able to contain Windows adapter id's, so