From ceaec0902468c4dcf253c1e84c7237c09ad74aae Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Tue, 2 Nov 2021 12:59:54 -0700 Subject: [PATCH] GH-693: use pcap_dump_open_append where supported --- cmake | 2 +- src/iosource/pcap/Dumper.cc | 6 +++++- testing/btest/bifs/dump_current_packet.zeek | 4 ++++ zeek-config.h.in | 3 +++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/cmake b/cmake index 4d1990f0e4..ed6c3e3414 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 4d1990f0e4c273cf51ec52278add6ff256f9c889 +Subproject commit ed6c3e341408c2469093c40969354c4fb1ebce99 diff --git a/src/iosource/pcap/Dumper.cc b/src/iosource/pcap/Dumper.cc index 25aff8269e..3b46c5c15f 100644 --- a/src/iosource/pcap/Dumper.cc +++ b/src/iosource/pcap/Dumper.cc @@ -68,11 +68,15 @@ void PcapDumper::Open() else { +#ifdef HAVE_PCAP_DUMP_OPEN_APPEND + dumper = pcap_dump_open_append(pd, props.path.c_str()); +#else // Old file and we need to append, which, unfortunately, // is not supported by libpcap. So, we have to hack a - // little bit, knowing that pcap_dumpter_t is, in fact, + // little bit, knowing that pcap_dumper_t is, in fact, // a FILE ... :-( dumper = (pcap_dumper_t*)fopen(props.path.c_str(), "a"); +#endif if ( ! dumper ) { Error(util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno))); diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek index ce177a1daf..712ffb0e4f 100644 --- a/testing/btest/bifs/dump_current_packet.zeek +++ b/testing/btest/bifs/dump_current_packet.zeek @@ -5,6 +5,10 @@ # @TEST-EXEC: btest-diff 1.hex # @TEST-EXEC: btest-diff 2.hex +# Run the same test a second time, which will try to write to an +# existing file and shouldn't crash a sanitizer build. +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT + # Note that the hex output will contain global pcap header information, # including Zeek's snaplen setting (so maybe check that out in the case # you are reading this message due to this test failing in the future). diff --git a/zeek-config.h.in b/zeek-config.h.in index 3c90bd5ceb..ff5edc8c8b 100644 --- a/zeek-config.h.in +++ b/zeek-config.h.in @@ -49,6 +49,9 @@ /* Define if you have the header file. */ #cmakedefine HAVE_PCAP_INT_H +/* Define if libpcap supports pcap_dump_open_append(). */ +#cmakedefine HAVE_PCAP_DUMP_OPEN_APPEND + /* line editing & history powers */ #cmakedefine HAVE_READLINE