From 93642a0d1dd29c96e98824935ef963f6b1ef40eb Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Mon, 14 Dec 2015 15:18:07 +0100 Subject: [PATCH] suricata: can't use -l and unix socket runmode It is not possible to use simultaneously -l and unix socket runmode because setting the log directory make it final so not modifable by other call. It is a implementation limitation but it does not make sense to set logging directory to have it overwritten by the first directory specified 'by pcap-file'. So it seems correct to only trigger an error if this both options are used at the same time. --- src/suricata.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/suricata.c b/src/suricata.c index b368f21d07..a6ed5736a5 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1108,6 +1108,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) int build_info = 0; int conf_test = 0; int engine_analysis = 0; + int set_log_directory = 0; int ret = TM_ECODE_OK; #ifdef UNITTESTS @@ -1580,6 +1581,8 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) "exist. Shutting down the engine.", optarg, optarg); return TM_ECODE_FAILED; } + set_log_directory = 1; + break; case 'q': #ifdef NFQ @@ -1714,6 +1717,11 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) return TM_ECODE_FAILED; } + if ((suri->run_mode == RUNMODE_UNIX_SOCKET) && set_log_directory) { + SCLogError(SC_ERR_INITIALIZATION, "can't use -l and unix socket runmode at the same time"); + return TM_ECODE_FAILED; + } + if (list_app_layer_protocols) suri->run_mode = RUNMODE_LIST_APP_LAYERS; if (list_cuda_cards)