mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
e1f9d8a067
Refactor pcap file deletion to use a single delete-when-done option with three values instead of separate boolean options: - false (default): No deletion - true: Always delete files - "non-alerts": Delete only files with no alerts Also account for alerts produced by pseudo packets (flow timeout / shutdown flush): - Introduce small capture hooks and invoke on pseudo-packet creation so the capture layer can retain references and observe alerts emitted after the last live packet - Call the hook from both TmThreadDisableReceiveThreads and TmThreadDrainPacketThreads Key changes: - Replace should_delete/delete_non_alerts_only bools with enum - Move alert counter from global to per-file PcapFileFileVars - Relocate alert counting from PacketAlertFinalize to pcap module - Ensure thread safety for both single and continuous pcap modes - Add unit tests for configuration parsing and pseudo-packet alert path The --pcap-file-delete command line option overrides YAML config and forces "always delete" mode for backward compatibility. Documentation updated to reflect the new three-value configuration. Fixes OISF#7786 |
3 weeks ago | |
|---|---|---|
| .. | ||
| af-packet.rst | 3 months ago | |
| af-xdp.rst | ||
| dpdk.rst | ||
| ebpf-xdp.rst | 2 months ago | |
| endace-dag.rst | ||
| index.rst | 3 months ago | |
| myricom.rst | ||
| napatech.rst | ||
| netmap.rst | ||
| pcap-file.rst | 3 weeks ago | |