From: Jason Ish Date: Tue, 27 Jun 2023 16:25:24 +0000 (-0600) Subject: log-pcap: only open dumper after successful file open (lz4) X-Git-Tag: suricata-6.0.14~83 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee0c14a9456758f5f52b808e12bd6e1cfcf028c6;p=thirdparty%2Fsuricata.git log-pcap: only open dumper after successful file open (lz4) When LZ4 compression is enabled, open the dumper after successful open of the file. The dump handle is what forms the check if opening the file needs to be retried. Ticket: #5022 (cherry picked from commit bf589f081287b71849658c6325fc50d209c60d20) --- diff --git a/src/log-pcap.c b/src/log-pcap.c index 28a74843ca..144f87fb2d 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -404,12 +404,6 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p) #ifdef HAVE_LIBLZ4 else if (pl->compression.format == PCAP_LOG_COMPRESSION_FORMAT_LZ4) { PcapLogCompressionData *comp = &pl->compression; - if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle, - comp->pcap_buf_wrapper)) == NULL) { - SCLogError(SC_ERR_OPENING_FILE, "Error opening dump file %s", - pcap_geterr(pl->pcap_dead_handle)); - return TM_ECODE_FAILED; - } comp->file = fopen(pl->filename, "w"); if (comp->file == NULL) { SCLogError(SC_ERR_OPENING_FILE, @@ -418,6 +412,15 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p) return TM_ECODE_FAILED; } + if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle, comp->pcap_buf_wrapper)) == + NULL) { + SCLogError(SC_ERR_OPENING_FILE, "Error opening dump file %s", + pcap_geterr(pl->pcap_dead_handle)); + fclose(comp->file); + comp->file = NULL; + return TM_ECODE_FAILED; + } + uint64_t bytes_written = LZ4F_compressBegin(comp->lz4f_context, comp->buffer, comp->buffer_size, NULL); if (LZ4F_isError(bytes_written)) {