From e526525f83c1845996551358ef6abbf3fb826651 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 13 Jan 2012 13:06:31 +0100
Subject: [PATCH] Fix pcap -i <ip>.

---
 src/suricata.c   | 25 ++++++++++++++-----------
 src/util-error.c |  1 +
 src/util-error.h |  1 +
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/suricata.c b/src/suricata.c
index 9669e29af2..252068cb5b 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -939,9 +939,20 @@ int main(int argc, char **argv)
             exit(EXIT_SUCCESS);
             break;
         case 'i':
+            memset(pcap_dev, 0, sizeof(pcap_dev));
+            strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev))));
+            PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev));
+
+            if (strcmp(pcap_dev, optarg) != 0) {
+                SCLogInfo("translated %s to pcap device %s", optarg, pcap_dev);
+            } else {
+                SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", optarg);
+                exit(EXIT_FAILURE);
+            }
+
             if (run_mode == RUNMODE_UNKNOWN) {
                 run_mode = RUNMODE_PCAP_DEV;
-                LiveRegisterDevice(optarg);
+                LiveRegisterDevice(pcap_dev);
             } else if (run_mode == RUNMODE_PCAP_DEV) {
 #ifdef OS_WIN32
                 SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
@@ -950,7 +961,7 @@ int main(int argc, char **argv)
 #else
                 SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
                         "multiple pcap devices to get packets is experimental.");
-                LiveRegisterDevice(optarg);
+                LiveRegisterDevice(pcap_dev);
 #endif
             } else {
                 SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
@@ -958,8 +969,6 @@ int main(int argc, char **argv)
                 usage(argv[0]);
                 exit(EXIT_FAILURE);
             }
-            memset(pcap_dev, 0, sizeof(pcap_dev));
-            strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev))));
             break;
         case 'l':
             if (ConfSet("default-log-dir", optarg, 0) != 1) {
@@ -1546,13 +1555,7 @@ int main(int argc, char **argv)
 
     /* run the selected runmode */
     if (run_mode == RUNMODE_PCAP_DEV) {
-        if (strlen(pcap_dev)) {
-            PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev));
-            if (ConfSet("pcap.single_pcap_dev", pcap_dev, 0) != 1) {
-                fprintf(stderr, "ERROR: Failed to set pcap.single_pcap_dev\n");
-                exit(EXIT_FAILURE);
-            }
-        } else {
+        if (strlen(pcap_dev) == 0) {
             int ret = LiveBuildDeviceList("pcap");
             if (ret == 0) {
                 fprintf(stderr, "ERROR: No interface found in config for pcap\n");
diff --git a/src/util-error.c b/src/util-error.c
index a09c245966..b04334771e 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -213,6 +213,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_SIZE_PARSE);
         CASE_CODE (SC_ERR_RAWBYTES_FILE_DATA);
         CASE_CODE (SC_ERR_SOCKET);
+        CASE_CODE (SC_ERR_PCAP_TRANSLATE);
 
         default:
             return "UNKNOWN_ERROR";
diff --git a/src/util-error.h b/src/util-error.h
index 2a6c9d96d3..a26147c0bb 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -228,6 +228,7 @@ typedef enum {
     SC_ERR_SIZE_PARSE,
     SC_ERR_RAWBYTES_FILE_DATA,
     SC_ERR_SOCKET,
+    SC_ERR_PCAP_TRANSLATE,          /* failed to translate ip to dev */
 } SCError;
 
 const char *SCErrorToString(SCError);