mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Merge remote-tracking branch 'origin/topic/timw/693-pcap-append'
* origin/topic/timw/693-pcap-append: GH-693: use pcap_dump_open_append where supported
This commit is contained in:
Tim Wojtulewicz
commit
a23a4c7d66
6 changed files with 18 additions and 3 deletions
4
CHANGES
4
CHANGES
|
|
@ -1,3 +1,7 @@
|
|||
4.2.0-dev.286 | 2021-11-03 09:36:41 -0700
|
||||
|
||||
* GH-693: use pcap_dump_open_append where supported (Tim Wojtulewicz, Corelight)
|
||||
|
||||
4.2.0-dev.284 | 2021-11-03 09:35:10 -0700
|
||||
|
||||
* GH-1781: Add .git-blame-ignore-revs file (Tim Wojtulewicz, Corelight)
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
4.2.0-dev.284
|
||||
4.2.0-dev.286
|
||||
|
|
|
|||
2
cmake
2
cmake
|
|
@ -1 +1 @@
|
|||
Subproject commit 4d1990f0e4c273cf51ec52278add6ff256f9c889
|
||||
Subproject commit f5f931637eeabd92e672fa63fae4016a9cd547d7
|
||||
|
|
@ -68,11 +68,15 @@ void PcapDumper::Open()
|
|||
|
||||
else
|
||||
{
|
||||
#ifdef HAVE_PCAP_DUMP_OPEN_APPEND
|
||||
dumper = pcap_dump_open_append(pd, props.path.c_str());
|
||||
#else
|
||||
// Old file and we need to append, which, unfortunately,
|
||||
// is not supported by libpcap. So, we have to hack a
|
||||
// little bit, knowing that pcap_dumpter_t is, in fact,
|
||||
// little bit, knowing that pcap_dumper_t is, in fact,
|
||||
// a FILE ... :-(
|
||||
dumper = (pcap_dumper_t*)fopen(props.path.c_str(), "a");
|
||||
#endif
|
||||
if ( ! dumper )
|
||||
{
|
||||
Error(util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno)));
|
||||
|
|
|
|||
|
|
@ -5,6 +5,10 @@
|
|||
# @TEST-EXEC: btest-diff 1.hex
|
||||
# @TEST-EXEC: btest-diff 2.hex
|
||||
|
||||
# Run the same test a second time, which will try to write to an
|
||||
# existing file and shouldn't crash a sanitizer build.
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
|
||||
|
||||
# Note that the hex output will contain global pcap header information,
|
||||
# including Zeek's snaplen setting (so maybe check that out in the case
|
||||
# you are reading this message due to this test failing in the future).
|
||||
|
|
|
|||
|
|
@ -49,6 +49,9 @@
|
|||
/* Define if you have the <pcap-int.h> header file. */
|
||||
#cmakedefine HAVE_PCAP_INT_H
|
||||
|
||||
/* Define if libpcap supports pcap_dump_open_append(). */
|
||||
#cmakedefine HAVE_PCAP_DUMP_OPEN_APPEND
|
||||
|
||||
/* line editing & history powers */
|
||||
#cmakedefine HAVE_READLINE
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue