From d2a5a55e0a99dee21a2a148647397bc02831ed78 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 27 Jun 2023 10:52:39 -0600
Subject: [PATCH] log-pcap: one time errors on file open

If compression was not enabled, the open error was actually suppressed
by default by only being logged at info level, however with
compression it was logged as an error. As opening is retried as long
as it fails to open, make both log as error but wrap in a flag so the
error is logged once until success.
---
 src/log-pcap.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/log-pcap.c b/src/log-pcap.c
index 10f3eee310..2fe15197b8 100644
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -179,6 +179,8 @@ typedef struct PcapLogData_ {
     char *filename_parts[MAX_TOKS];
     int filename_part_cnt;
     struct timeval last_pcap_dump;
+    int fopen_err;      /**< set to the last fopen error */
+    bool pcap_open_err; /**< true if the last pcap open errored */
 
     PcapLogCompressionData compression;
 } PcapLogData;
@@ -422,8 +424,13 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
         if (pl->compression.format == PCAP_LOG_COMPRESSION_FORMAT_NONE) {
             if ((pl->pcap_dumper = pcap_dump_open(pl->pcap_dead_handle,
                     pl->filename)) == NULL) {
-                SCLogInfo("Error opening dump file %s", pcap_geterr(pl->pcap_dead_handle));
+                if (!pl->pcap_open_err) {
+                    SCLogError("Error opening dump file %s", pcap_geterr(pl->pcap_dead_handle));
+                    pl->pcap_open_err = true;
+                }
                 return TM_ECODE_FAILED;
+            } else {
+                pl->pcap_open_err = false;
             }
         }
 #ifdef HAVE_LIBLZ4
@@ -432,16 +439,26 @@ static int PcapLogOpenHandles(PcapLogData *pl, const Packet *p)
 
             comp->file = fopen(pl->filename, "w");
             if (comp->file == NULL) {
-                SCLogError("Error opening file for compressed output: %s", strerror(errno));
+                if (errno != pl->fopen_err) {
+                    SCLogError("Error opening file for compressed output: %s", strerror(errno));
+                    pl->fopen_err = errno;
+                }
                 return TM_ECODE_FAILED;
+            } else {
+                pl->fopen_err = 0;
             }
 
             if ((pl->pcap_dumper = pcap_dump_fopen(pl->pcap_dead_handle, comp->pcap_buf_wrapper)) ==
                     NULL) {
-                SCLogError("Error opening dump file %s", pcap_geterr(pl->pcap_dead_handle));
+                if (!pl->pcap_open_err) {
+                    SCLogError("Error opening dump file %s", pcap_geterr(pl->pcap_dead_handle));
+                    pl->pcap_open_err = true;
+                }
                 fclose(comp->file);
                 comp->file = NULL;
                 return TM_ECODE_FAILED;
+            } else {
+                pl->pcap_open_err = false;
             }
 
             uint64_t bytes_written = LZ4F_compressBegin(comp->lz4f_context,
-- 
2.47.2