unix runmode: add 'pcap-current' command

This command outputs the currently processed file name or 'None'
if no file is currently processed.

diff --git a/scripts/suricatasc/suricatasc.in b/scripts/suricatasc/suricatasc.in
index 4aae2efe8edf7a542aec0f924152e4e9d06a2a24..f4cd6ff963e9414d3ef3dd86a601288298a99784 100755 (executable)
--- a/scripts/suricatasc/suricatasc.in
+++ b/scripts/suricatasc/suricatasc.in
@@ -27,7 +27,7 @@ if len(sys.argv) == 2:
 else:
     SOCKET_PATH = "@e_localstatedir@/suricata-command.socket"
 SIZE = 4096
-COMMANDS_REGEX = re.compile("^(?:shutdown|quit|command-list|reload-rules|pcap-file .+|pcap-file-number|pcap-file-list|iface-list|iface-stat .+)$")
+COMMANDS_REGEX = re.compile("^(?:shutdown|quit|command-list|reload-rules|pcap-file .+|pcap-file-number|pcap-file-list|pcap-current|iface-list|iface-stat .+)$")
 
 socket = socket(AF_UNIX)
 socket.connect(SOCKET_PATH)

diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c
index 5b2c80b4346e532504172e01e5d0fa1e416f68e3..8fb15d53c0d4b04a54db3cb70fba118107db766c 100644 (file)
--- a/src/runmode-unix-socket.c
+++ b/src/runmode-unix-socket.c
@@ -58,6 +58,7 @@ typedef struct PcapCommand_ {
     DetectEngineCtx *de_ctx;
     TAILQ_HEAD(, PcapFiles_) files;
     int running;
+    char *currentfile;
 } PcapCommand;
 
 const char *RunModeUnixSocketGetDefaultMode(void)
@@ -119,6 +120,20 @@ static TmEcode UnixSocketPcapFilesNumber(json_t *cmd, json_t* answer, void *data
     return TM_ECODE_OK;
 }
 
+static TmEcode UnixSocketPcapCurrent(json_t *cmd, json_t* answer, void *data)
+{
+    PcapCommand *this = (PcapCommand *) data;
+
+    if (this->currentfile) {
+        json_object_set_new(answer, "message", json_string(this->currentfile));
+    } else {
+        json_object_set_new(answer, "message", json_string("None"));
+    }
+    return TM_ECODE_OK;
+}
+
+
+
 static void PcapFilesFree(PcapFiles *cfile)
 {
     if (cfile == NULL)
@@ -268,6 +283,10 @@ TmEcode UnixSocketPcapFilesCheck(void *data)
         }
         unix_manager_file_task_failed = 0;
         this->running = 0;
+        if (this->currentfile) {
+            SCFree(this->currentfile);
+        }
+        this->currentfile = NULL;
         TmThreadKillThreadsFamily(TVT_MGMT);
         TmThreadClearThreadsFamily(TVT_MGMT);
         TmThreadDisableThreadsWithTMS(TM_FLAG_RECEIVE_TM | TM_FLAG_DECODE_TM);
@@ -301,6 +320,7 @@ TmEcode UnixSocketPcapFilesCheck(void *data)
                 return TM_ECODE_FAILED;
             }
         }
+        this->currentfile = SCStrdup(cfile->filename);
         PcapFilesFree(cfile);
         SCPerfInitCounterApi();
         DefragInit();
@@ -359,6 +379,7 @@ int RunModeUnixSocketSingle(DetectEngineCtx *de_ctx)
     }
     pcapcmd->de_ctx = de_ctx;
     TAILQ_INIT(&pcapcmd->files);
+    pcapcmd->currentfile = NULL;
 
     UnixManagerThreadSpawn(de_ctx, 1);
 
@@ -367,6 +388,7 @@ int RunModeUnixSocketSingle(DetectEngineCtx *de_ctx)
     UnixManagerRegisterCommand("pcap-file", UnixSocketAddPcapFile, pcapcmd, UNIX_CMD_TAKE_ARGS);
     UnixManagerRegisterCommand("pcap-file-number", UnixSocketPcapFilesNumber, pcapcmd, 0);
     UnixManagerRegisterCommand("pcap-file-list", UnixSocketPcapFilesList, pcapcmd, 0);
+    UnixManagerRegisterCommand("pcap-current", UnixSocketPcapCurrent, pcapcmd, 0);
 
     UnixManagerRegisterBackgroundTask(UnixSocketPcapFilesCheck, pcapcmd);
 #endif