From e0aacac4c640de444222f2863622fe6975a2a400 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 4 Feb 2010 13:31:26 +0100 Subject: [PATCH] Move bpf string retrieval to it's own function. Clean up pcap sourcres a bit. --- src/runmodes.c | 2 +- src/source-pcap-file.c | 22 ++++++++------ src/source-pcap.c | 28 +++++++++--------- src/suricata.c | 67 +++++++++++++++++++++++++----------------- 4 files changed, 68 insertions(+), 51 deletions(-) diff --git a/src/runmodes.c b/src/runmodes.c index 48e7790d81..d3b1f3de9c 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -740,7 +740,7 @@ int RunModeIpsNFQ(DetectEngineCtx *de_ctx, char *nfq_id) { } int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file) { - printf("RunModeFilePcap: file %s\n", file); + SCLogDebug("file %s", file); TimeModeSetOffline(); /* create the threads */ diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c index e3d065e781..345a3e4dea 100644 --- a/src/source-pcap-file.c +++ b/src/source-pcap-file.c @@ -45,7 +45,7 @@ typedef struct PcapFileThreadVars_ Packet *in_p; } PcapFileThreadVars; -static PcapFileGlobalVars pcap_g = { NULL, NULL, 0, }; +static PcapFileGlobalVars pcap_g; TmEcode ReceivePcapFile(ThreadVars *, Packet *, void *, PacketQueue *); TmEcode ReceivePcapFileThreadInit(ThreadVars *, void *, void **); @@ -56,6 +56,8 @@ TmEcode DecodePcapFile(ThreadVars *, Packet *, void *, PacketQueue *); TmEcode DecodePcapFileThreadInit(ThreadVars *, void *, void **); void TmModuleReceivePcapFileRegister (void) { + memset(&pcap_g, 0x00, sizeof(pcap_g)); + tmm_modules[TMM_RECEIVEPCAPFILE].name = "ReceivePcapFile"; tmm_modules[TMM_RECEIVEPCAPFILE].ThreadInit = ReceivePcapFileThreadInit; tmm_modules[TMM_RECEIVEPCAPFILE].Func = ReceivePcapFile; @@ -117,14 +119,15 @@ TmEcode ReceivePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) } TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) { - - char *tmpbpfstring; + char *tmpbpfstring = NULL; if (initdata == NULL) { printf("ReceivePcapFileThreadInit error: initdata == NULL\n"); return TM_ECODE_FAILED; } + SCLogInfo("reading pcap file %s", (char *)initdata); + PcapFileThreadVars *ptv = malloc(sizeof(PcapFileThreadVars)); if (ptv == NULL) { return TM_ECODE_FAILED; @@ -135,27 +138,28 @@ TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) { pcap_g.pcap_handle = pcap_open_offline((char *)initdata, errbuf); if (pcap_g.pcap_handle == NULL) { printf("error %s\n", errbuf); - exit(1); + return TM_ECODE_FAILED; } if (ConfGet("bpf-filter", &tmpbpfstring) != 1) { - SCLogInfo("could not get bpf or none specified"); + SCLogDebug("could not get bpf or none specified"); } else { - SCLogInfo("using bpf-filter %s", tmpbpfstring); + SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring); if(pcap_compile(pcap_g.pcap_handle,&pcap_g.filter,tmpbpfstring,1,0) < 0) { SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(pcap_g.pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } if(pcap_setfilter(pcap_g.pcap_handle,&pcap_g.filter) < 0) { SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(pcap_g.pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } } pcap_g.datalink = pcap_datalink(pcap_g.pcap_handle); - printf("TmModuleReceivePcapFileRegister: datalink %" PRId32 "\n", pcap_g.datalink); + SCLogDebug("datalink %" PRId32 "", pcap_g.datalink); + switch(pcap_g.datalink) { case LINKTYPE_LINUX_SLL: pcap_g.Decoder = DecodeSll; diff --git a/src/source-pcap.c b/src/source-pcap.c index f125d2554d..69e4fd8714 100644 --- a/src/source-pcap.c +++ b/src/source-pcap.c @@ -186,7 +186,7 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) { ptv->pcap_handle = pcap_create((char *)initdata, errbuf); if (ptv->pcap_handle == NULL) { printf("error %s\n", pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } /* set Snaplen, Promisc, and Timeout. Must be called before pcap_activate */ @@ -194,21 +194,21 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) { //printf("ReceivePcapThreadInit: pcap_set_snaplen(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_snaplen_r); if (pcap_set_snaplen_r != 0) { printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle,LIBPCAP_PROMISC); //printf("ReceivePcapThreadInit: pcap_set_promisc(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_promisc_r); if (pcap_set_promisc_r != 0) { printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } int pcap_set_timeout_r = pcap_set_timeout(ptv->pcap_handle,LIBPCAP_COPYWAIT); //printf("ReceivePcapThreadInit: pcap_set_timeout(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_timeout_r); if (pcap_set_timeout_r != 0) { printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } /* activate the handle */ @@ -216,23 +216,23 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) { //printf("ReceivePcapThreadInit: pcap_activate(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_activate_r); if (pcap_activate_r != 0) { printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } /* set bpf filter if we have one */ if (ConfGet("bpf-filter", &tmpbpfstring) != 1) { - SCLogInfo("could not get bpf or none specified"); + SCLogDebug("could not get bpf or none specified"); } else { - SCLogInfo("using bpf-filter %s", tmpbpfstring); + SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring); if(pcap_compile(ptv->pcap_handle,&ptv->filter,tmpbpfstring,1,0) < 0) { SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } if(pcap_setfilter(ptv->pcap_handle,&ptv->filter) < 0) { SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } } @@ -266,23 +266,23 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) { LIBPCAP_PROMISC, LIBPCAP_COPYWAIT, errbuf); if (ptv->pcap_handle == NULL) { printf("error %s\n", errbuf); - exit(1); + return TM_ECODE_FAILED; } /* set bpf filter if we have one */ if (ConfGet("bpf-filter", &tmpbpfstring) != 1) { - SCLogInfo("could not get bpf or none specified"); + SCLogDebug("could not get bpf or none specified"); } else { - SCLogInfo("using bpf-filter %s", tmpbpfstring); + SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring); if(pcap_compile(ptv->pcap_handle,&ptv->filter,tmpbpfstring,1,0) < 0) { SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } if(pcap_setfilter(ptv->pcap_handle,&ptv->filter) < 0) { SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(ptv->pcap_handle)); - exit(1); + return TM_ECODE_FAILED; } } diff --git a/src/suricata.c b/src/suricata.c index 892b2835e2..a8ef037d55 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -285,6 +285,45 @@ void EngineKill(void) { sigflags |= SURICATA_KILL; } +static void SetBpfString(int optind, char *argv[]) { + char *bpf_filter = NULL; + uint32_t bpf_len = 0; + int tmpindex = 0; + + /* attempt to parse remaining args as bpf filter */ + tmpindex = optind; + while(argv[tmpindex] != NULL) { + bpf_len+=strlen(argv[tmpindex]) + 1; + tmpindex++; + } + + if (bpf_len == 0) + return; + + bpf_filter = malloc(bpf_len); + if (bpf_filter == NULL) { + SCLogError(SC_ERR_MEM_ALLOC, "%s", strerror(errno)); + exit(EXIT_FAILURE); + } + memset(bpf_filter, 0x00, bpf_len); + + tmpindex = optind; + while(argv[tmpindex] != NULL) { + strlcat(bpf_filter, argv[tmpindex],bpf_len); + if(argv[tmpindex + 1] != NULL) { + strlcat(bpf_filter," ", bpf_len); + } + tmpindex++; + } + + if(strlen(bpf_filter) > 0) { + if (ConfSet("bpf-filter", bpf_filter, 0) != 1) { + fprintf(stderr, "ERROR: Failed to set bpf filter.\n"); + exit(EXIT_FAILURE); + } + } +} + void usage(const char *progname) { printf("%s %s\n", PROG_NAME, PROG_VER); @@ -323,9 +362,6 @@ int main(int argc, char **argv) char *sig_file = NULL; char *nfq_id = NULL; char *conf_filename = NULL; - char *bpf_filter = NULL; - uint32_t bpf_len = 0; - int tmpindex = 0; #ifdef UNITTESTS char *regex_arg = NULL; #endif @@ -505,30 +541,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } - - /* attempt to parse remaining args as bpf filter */ - tmpindex = optind; - while(argv[tmpindex] != NULL) { - bpf_len+=strlen(argv[tmpindex]) + 1; - tmpindex++; - } - bpf_filter= malloc(bpf_len); - - tmpindex = optind; - while(argv[tmpindex] != NULL) { - strlcat(bpf_filter, argv[tmpindex],bpf_len); - if(argv[tmpindex + 1] != NULL) { - strlcat(bpf_filter," ", bpf_len); - } - tmpindex++; - } - - if(strlen(bpf_filter) > 0) { - if (ConfSet("bpf-filter", bpf_filter, 0) != 1) { - fprintf(stderr, "ERROR: Failed to set bpf filter.\n"); - exit(EXIT_FAILURE); - } - } + SetBpfString(optind, argv); SCLogInfo("This is %s version %s", PROG_NAME, PROG_VER); UtilCpuPrintSummary();