From 1bdc39fe9b632bb6b86ea1d83b3dabe4e66d68d2 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Wed, 27 Nov 2013 13:22:42 +0100 Subject: [PATCH] cmdline: add -k to specify checksum validation This patch adds a '-k' option to suricata to be able to specify the checksum validation to use. If '-k all' is used, checksum validation is forced. If '-k none' is used, no checksum validation is made. Message output in case of detection of a pcap file with a probable cheksum issue has been updated to indicate that '-k' is a solution. --- src/source-pcap-file.c | 3 ++- src/suricata.c | 28 +++++++++++++++++++++++++++- src/suricata.h | 1 + 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c index f88cb4517d..004efac06e 100644 --- a/src/source-pcap-file.c +++ b/src/source-pcap-file.c @@ -358,7 +358,8 @@ void ReceivePcapFileThreadExitStats(ThreadVars *tv, void *data) { if (chrate < CHECKSUM_INVALID_RATIO) SCLogWarning(SC_ERR_INVALID_CHECKSUM, "1/%" PRIu64 "th of packets have an invalid checksum," - " consider setting pcap-file.checksum-checks variable to no", + " consider setting pcap-file.checksum-checks variable to no" + " or use '-k none' option on command line.", chrate); else SCLogInfo("1/%" PRIu64 "th of packets have an invalid checksum", diff --git a/src/suricata.c b/src/suricata.c index b4c4a31e74..a569bafa94 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -497,6 +497,7 @@ void usage(const char *progname) printf("\t--service-remove : remove service\n"); printf("\t--service-change-params : change service startup parameters\n"); #endif /* OS_WIN32 */ + printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n"); printf("\t-V : display Suricata version\n"); printf("\t-v[v] : increase default Suricata verbosity\n"); #ifdef UNITTESTS @@ -939,6 +940,8 @@ static void SCInstanceInit(SCInstance *suri) suri->daemon = 0; suri->offline = 0; suri->verbose = 0; + /* use -1 as unknown */ + suri->checksum_validation = -1; } static TmEcode PrintVersion() @@ -1046,7 +1049,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) /* getopt_long stores the option index here. */ int option_index = 0; - char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:v"; + char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:"; while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) { switch (opt) { @@ -1509,6 +1512,20 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) case 'v': suri->verbose++; break; + case 'k': + if (optarg == NULL) { + SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k"); + return TM_ECODE_FAILED; + } + if (!strcmp("all", optarg)) + suri->checksum_validation = 1; + else if (!strcmp("none", optarg)) + suri->checksum_validation = 0; + else { + SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg); + return TM_ECODE_FAILED; + } + break; default: usage(argv[0]); return TM_ECODE_FAILED; @@ -1833,6 +1850,15 @@ static int PostConfLoadedSetup(SCInstance *suri) suri->rule_reload = IsRuleReloadSet(FALSE); + switch (suri->checksum_validation) { + case 0: + ConfSet("stream.checksum-validation", "0", 0); + break; + case 1: + ConfSet("stream.checksum-validation", "1", 1); + break; + } + AppLayerDetectProtoThreadInit(); AppLayerParsersInitPostProcess(); diff --git a/src/suricata.h b/src/suricata.h index 551013c7eb..fa131acdce 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -155,6 +155,7 @@ typedef struct SCInstance_ { int daemon; int offline; int verbose; + int checksum_validation; struct timeval start_time;